Quality Management Systems for Drugs and Devices
29
(installation qualification (IQ), operational qualifica-
tion (OQ), process qualification (PQ) or software).
A validation master plan often will include details of
the organization’s approach to validation, setting out
the types of facilities and equipment and the approach
to process and test method validation. The validation
master plan will define how a process is to be validated
or verified, and spreadsheets can be used to prioritize
the processes and/or equipment requiring revalidation
or requalification.
Acceptance activities include incoming, in-process,
and final activities and acceptance status. A system is
required to accept purchased materials and services
and define the type of inspection, testing or checking
used to ensure they meet the organization’s needs.
Labeling must be inspected by designated individuals
before release to storage. The component manufac-
turing process must ensure the requirements are met.
Usually, there also are defined requirements for final
acceptance activities. Throughout all these stages, the
materials’ or device’s status must be clear to ensure only
devices meeting requirements are supplied to customers.
During handling, storage, distribution, and installation,
traceability and identification processes must be main-
tained, and the product must be stored and handled so
its quality, e.g., temperature and sterility, is not affected.
All processes, from research to dispatch and label stor-
age, must be designed to prevent mix-ups.
The QSR includes specific requirements for label-
ing and packaging control. Processes must be in place
to ensure labeling integrity (labels and package inserts)
is maintained and all labeling can be accounted for
fully. Examples of the labels used for each batch
must be kept in the DHR. Device packaging must be
appropriate to maintain the device’s quality during
processing and distribution.
QSR vs. ISO 13485
QSR and ISO 13485 requirements are fundamentally
the same, so a QMS can fulfill the requirements of both
FDA and ISO 13485. ISO 13485 supports implement-
ing QMS systems fulfilling regulatory requirements in
many countries, and the QSR establishes US regulatory
requirements. The differences include areas where FDA
includes prescriptive requirements for records, docu-
ments and labeling. The QSR is a mandatory regulatory
framework in the US ensuring a medical device is safe
and effective. This differs from ISO 13485, which is a
voluntary standard supporting regulatory requirements
in a number of regions, including the EU and Canada.
Differences between the QSR and ISO 13485 include:
• definitions of corrective and preventive action
• defined complaint file requirements
• requirements for specific types of records, including
device master record, device history record, quality
system record
• requirement for an approved supplier list
• training to handle potential product defects
• enhanced requirements for controlling noncon-
forming product to prevent inadvertent use
• design transfer requirements
• risk management is mentioned only in the QSR
preamble risk management is expected to be used
as it is in an ISO 13485 QMS
• purchasing controls specify consultants as well as
other suppliers
FDA does not have access to internal audit reports and
management review records, although it can access any
CAPA actions resulting from internal audits and man-
agement reviews. Manufacturers must show evidence
internal audits and management reviews have taken
place by providing the internal audit schedule and a
statement saying the audits have been completed for
management review, evidence can be in the form of a
management review schedule, a list of attendees and the
agendas showing the items discussed. Notified bod-
ies for CE marking have access to internal audits and
management review minutes, which differs from FDA
practice. With the proposed changes to ISO 13485
published in 2015, the two QMS system requirements
are expected to be more aligned than those in the cur-
rent published standard.
29
(installation qualification (IQ), operational qualifica-
tion (OQ), process qualification (PQ) or software).
A validation master plan often will include details of
the organization’s approach to validation, setting out
the types of facilities and equipment and the approach
to process and test method validation. The validation
master plan will define how a process is to be validated
or verified, and spreadsheets can be used to prioritize
the processes and/or equipment requiring revalidation
or requalification.
Acceptance activities include incoming, in-process,
and final activities and acceptance status. A system is
required to accept purchased materials and services
and define the type of inspection, testing or checking
used to ensure they meet the organization’s needs.
Labeling must be inspected by designated individuals
before release to storage. The component manufac-
turing process must ensure the requirements are met.
Usually, there also are defined requirements for final
acceptance activities. Throughout all these stages, the
materials’ or device’s status must be clear to ensure only
devices meeting requirements are supplied to customers.
During handling, storage, distribution, and installation,
traceability and identification processes must be main-
tained, and the product must be stored and handled so
its quality, e.g., temperature and sterility, is not affected.
All processes, from research to dispatch and label stor-
age, must be designed to prevent mix-ups.
The QSR includes specific requirements for label-
ing and packaging control. Processes must be in place
to ensure labeling integrity (labels and package inserts)
is maintained and all labeling can be accounted for
fully. Examples of the labels used for each batch
must be kept in the DHR. Device packaging must be
appropriate to maintain the device’s quality during
processing and distribution.
QSR vs. ISO 13485
QSR and ISO 13485 requirements are fundamentally
the same, so a QMS can fulfill the requirements of both
FDA and ISO 13485. ISO 13485 supports implement-
ing QMS systems fulfilling regulatory requirements in
many countries, and the QSR establishes US regulatory
requirements. The differences include areas where FDA
includes prescriptive requirements for records, docu-
ments and labeling. The QSR is a mandatory regulatory
framework in the US ensuring a medical device is safe
and effective. This differs from ISO 13485, which is a
voluntary standard supporting regulatory requirements
in a number of regions, including the EU and Canada.
Differences between the QSR and ISO 13485 include:
• definitions of corrective and preventive action
• defined complaint file requirements
• requirements for specific types of records, including
device master record, device history record, quality
system record
• requirement for an approved supplier list
• training to handle potential product defects
• enhanced requirements for controlling noncon-
forming product to prevent inadvertent use
• design transfer requirements
• risk management is mentioned only in the QSR
preamble risk management is expected to be used
as it is in an ISO 13485 QMS
• purchasing controls specify consultants as well as
other suppliers
FDA does not have access to internal audit reports and
management review records, although it can access any
CAPA actions resulting from internal audits and man-
agement reviews. Manufacturers must show evidence
internal audits and management reviews have taken
place by providing the internal audit schedule and a
statement saying the audits have been completed for
management review, evidence can be in the form of a
management review schedule, a list of attendees and the
agendas showing the items discussed. Notified bod-
ies for CE marking have access to internal audits and
management review minutes, which differs from FDA
practice. With the proposed changes to ISO 13485
published in 2015, the two QMS system requirements
are expected to be more aligned than those in the cur-
rent published standard.