FDA Announcement: 21 CFR 820 and ISO 13485 Guidance

On February 2nd, 2024 the U.S. Food and Drug Administration (FDA) made its formal announcement and ruling providing guidance on 21 CFR Part 820 which up to that point was the standard overseeing medical device quality system regulation and current good manufacturing practices (cGMP) in the United States of America.?

The big news – 21 CFR 820 will be heavily amended to incorporate ISO 13485 as the leading guidance for Quality Management System Regulation (QMSR) and cGMP. ?While the news wasn’t a surprise, it does put a final note on the direction the agency intends to take for medical device practices moving forward, especially as it relates to risk management. ?While many device OEMs already utilize ISO as their leading regulation standard, those who don’t will have two years to adjust to these changes to be in compliance effective February 2nd, 2026.

Here’s what you need to know as it relates to the differences between 21 CFR 820 and ISO 13485, as well as considerations OEMs should take into account in order to meet the 2026 deadline.

?

Big Picture:

·?????? 21 CFR 820 (Code of Federal Regulations Title 21, Part 820), also known as the Quality System Regulation (QSR), is a set of regulations established by the U.S. Food and Drug Administration (FDA) for medical device manufacturers selling products in the United States.

·?????? ISO 13485:2016 is an international standard that specifies requirements for a quality management system (QMS) for medical devices.

?

Key Differences (highlights):

Transitioning to ISO 13485

Transitioning from CFR 820 to ISO 13485 involves several steps to ensure compliance with the ISO standard. A general outline of the steps an OEM should take to transition may include:

1.????? Understand the Requirements of ISO 13485: Familiarize yourself with the requirements of ISO 13485. This includes understanding the structure of the standard, its key clauses, and any specific requirements which may differ from CFR 820. (see above table for highlights)

2.????? Gap Analysis: Conduct a thorough gap analysis to identify the differences between your current quality management system under CFR 820 and the requirements of ISO 13485. This will help you determine what changes, if any, need to be made to your existing processes, procedures, and documentation.? This is also a great time to do a review of your QMS tool to determine if it is an appropriate tool for future use.

3.????? Document Review and Update: Review your existing documentation, including quality manuals, procedures, work instructions, and forms, to ensure they align with the requirements of ISO 13485. Update or create new documents as necessary to meet the standard's requirements.

4.????? Training and Awareness: Provide training to relevant personnel to ensure they understand the requirements of ISO 13485 and their roles in implementing and maintaining the QMS. This may include training on new procedures, processes, and documentation.

5.????? Implementation of New Processes: Implement any new processes or procedures required by ISO 13485. This may include processes related to risk management, design and development, purchasing, production, and service provisions.

6.????? Internal Audits: Conduct internal audits of your QMS to verify compliance with ISO 13485 requirements. Identify any non-conformities and take corrective actions to address them.

7.????? Management Review: Hold management reviews to evaluate the effectiveness of the QMS and identify opportunities for improvement. Ensure top management is actively involved in the transition process and committed to maintaining the QMS.

8.????? Certification Audit: BEFORE you consider this step be sure to speak with a regulatory affairs subject matter expert to ensure it is necessary.? Once you believe your QMS is fully compliant with ISO 13485, engage a certification body to conduct a certification audit. The audit will assess your organization's compliance with the standard and determine if you are eligible for certification.?

9.????? Address Non-conformities: If any non-conformities are identified during the certification audit, take corrective actions to address them. The certification body will typically require verification that corrective actions have been implemented before issuing the ISO 13485 certificate.

10.? Continual Improvement: Continuously monitor and improve your QMS to ensure ongoing compliance with ISO 13485 and to enhance the efficiency and effectiveness of your processes.

Although the 21 CFR 820 and ISO 13485 vary in their structure, and at times use different terminology to describe similar concepts, 21 CFR 820 and ISO 13485 are substantially similar in that both prioritize principles such as risk management, design controls, and continual process improvement.? It’s possible as organizations begin to look at their current standards and systems, they will find the transition process is not as cumbersome as initially thought.? While this is an obvious assumption, it’s important to note regulatory affairs professionals should be counseled throughout this entire process to ensure appropriateness of adoption and change management.