michelle@leanraqa.

com Copyright © 2024 Lean RAQA – All Rights Reserved 1

Speaker Introductions

- Àngel Buendía, Knowledge Manager at Scilife

- Michelle Lott, RAC, Principal & Founder, Lean RAQA
- Sean Smith, Publisher, MedTech Leading Voice
¿What is Scilife?

Àngel Buendía, Knowledge Manager at Scilife

angel.buendia@scilife.io
Smart Quality
vs Traditional Quality

v traditional
v quality

Scilife
v
Smart QMS (sQMS)
All-in-one, centralized system

● Traceability Design & Audits Document

Development Control
● Inspection readiness
● Seamless integrated QA
Trainings Change
Control
processes Quality Process
Designer
Events
● Global vision/monitoring: Equipment Print &
Reconciliation
○ Corrective
Supplier
& Preventive KPIs (AI) Management KPIs

○ Task management
○ Automated notifications Competences

Record
Management Risk
CAPAs
Management
Scilife
Scilife - Compliance

● Audit Trails
● Version Control
● Electronic Signatures
● FDA 21 CFR part 11 / Annex 11

6
Standards & Regulations

• FDA 21 CFR Part 11

• FDA 21 CFR 820

• GAMP 5
• GMP, GDP, GLP, GCP

• EU Annex 11
• ISO 13485
• ISO 14971

• ISO 15189
• ISO 17025

Scilife
Thanks!
Àngel Buendía, Knowledge Manager at Scilife
angel.buendia@scilife.io

www.scilife.io
 QMSR
Masterclass

Michelle Lott, RAC

Principal & Founder, leanRAQA
 About leanRAQA

Expert in RAQA for ~ 20 years

Advisor on FDA GMP Advisory Committee
Master Grief Counselor

Michelle Lott
Principal and Founder

Morty Chopper Lucy Lilly King

Chief Entertainment Officer Chief Fun Officer Chief Therapy Officer Chief Mischief Officer
 Agenda
QMSR: the Facts

What’s in a Name?

All Your Burning Questions

Secrets to Success

michelle@leanraqa.com 11
QMSR: the Facts
 Historical Timelines
(1978)
Published
1996
FDA QSR

Feb 2, 2024

Today
Published
2003 Update 2016 Update
1996
ISO 13485

2016 Prac>cal Guide Released

Published
1998 2007 Update
ISO 14971

2000 Update 2019 Update

michelle@leanraqa.com 13
 Why Now?
„Eliminate the redundancy and
inefficiency

„FDA also estimates that

harmonization will save medical
device companies at least $439
million over the next decade

michelle@leanraqa.com 14
 Harmonization of FDA QSR and ISO 13485
„Published Feb 2, 2024

„Challenge of training staff with a

different inspection approach
– Think outside of the 21 CFR 820 "box"
• External training for various ASQ
certifications including lead auditor, six
sigma, and CQIA.
Teaching an old dog
new tricks

!
Feb 2024
Published

michelle@leanraqa.com 15
 But is it really teaching an old dog new tricks? Everyone will
likely be new!

„FDA turnover
due to COVID-19

„Constantly
Evolving

„QSIT Inspectors may retire, making room Many are new

for new inspectors who may have expertise

in other systems

michelle@leanraqa.com 16
 It was All About the Preamble
Ø The preamble is ~70 pages of
"recommendations" at the start
of the existing QSR

Ø The preamble is longer than the QSR

itself, but is NOT regulation

Ø HOWEVER, the FDA makes reference to

the preamble when responding to
questions about harmonization
with the QSR with both ISO13485 and
ISO 14971

michelle@leanraqa.com 17
 How elaborate does a compliant QMS need to be?
„Commensurate with:
– Risk presented by the device

– Complexity of device and manufacturing processes

• What if manufacturing processes are outsourced?

– Size and complexity of organization

michelle@leanraqa.com 18
 How elaborate does a compliant QMS need to be?
„Let’s look to FDA’s comments for insight …

QMSR Comment 9

QMSR Comment 10

michelle@leanraqa.com 19
 Quality Management System Regulation
QMSR Comment 9

If ISO If ISO
9000*, 13485,
then ISO then ISO
13485 9000

*NOTE: FDA is NOT codifying ISO 9000 outside of clause 3.

michelle@leanraqa.com 20
 Regulation v Expectation*
QMSR Comment 9

If ISO If ISO 9000,

13485, then then ISO
Notes* 13485

QMSR Comment 10

If ISO 13485, then

ISO 14971*

*NOTE: FDA is NOT codifying ISO 14971 or Notes to 13485

michelle@leanraqa.com 21
Risk and 21 CFR 820 vs Preamble
„Risk is mentioned 36 times in the preamble alone

21 CFR 820

Preamble

michelle@leanraqa.com 22
What does ISO say?
Control of
„Risk is mentioned 32 times in Suppliers

ISO 13485: 2016 Software

Validation

„Notably: Training

– 4.1.2 The organization shall: Design

- Apply a risk-based approach to the control of the Controls

appropriate processes needed for the quality Management

management system Review

Purchasing
Process

Validation

Monitoring +
Measurement

michelle@leanraqa.com 23
Risk and 21 CFR 820 + Preamble vs ISO 13485
„Risk is mentioned 32 times in ISO 13485

32

37 ISO 13485

21 CFR 820 +
Preamble

michelle@leanraqa.com 24
 Regulation v Expectation*

If ISO 13485,
If ISO 9000,
then Prac>cal
then 13485
Guide*

If ISO 13485,
If ISO 13485,
then ISO
then Notes*
14971*

*NOTE: FDA is NOT codifying ISO 14971, Practical Guide or the Notes.

michelle@leanraqa.com 25
Risk and ISO Practical Guide vs ISO 13485
„Risk is mentioned 246 times in the Practical Guide to ISO 13485

ISO 13485

Prac.cal Guide
to ISO 13485

michelle@leanraqa.com 26
Risk and 21 CFR 820 + Preamble v ISO 13485 +
Practical Guide
„Risk is mentioned 278 times in the Practical Guide to ISO 13485 + ISO
13485

37

21 CFR 820 + 278

Preamble
Prac.cal Guide
„278 to ISO 13485 +
ISO 13485

michelle@leanraqa.com 27
 The Big Picture

If QMSR, then
If ISO 9000,
QMSR
then 13485
Comments*

IF ISO 13485, If ISO 13485,

then PracLcal then ISO
Guide* 14971*

If ISO 13485,
then Notes*

*NOTE: FDA is NOT codifying ISO 14971, Notes to 13485, Practical Guide, or comments to QMSR.

michelle@leanraqa.com 28
 The Similarities
FDA Subparts ISO 13485 Clause
• Subpart A – General Provisions • Clause 1 Scope, Clause 4. Quality
• Subpart B QS Requirements Management System
• Subpart C– Design Controls • Clause 4 QMS, Clause 5 Management
• Subpart E – Purchasing Controls Responsibility, Clause 6 Resource
• Subpart F – Identification and Management, Clause 8 Measurement
Traceability Analysis and Improvement
• Subpart G – Production and Process • Clause 7 Product Realization
Controls
• Subpart H – Acceptance Activities
• Subpart I - Nonconformities
• Subpart J – Corrective and Preventive
Action
• Subpart L - Handling, Storage,
Distribution and Installation
• Subpart O – Statistical Techniques

michelle@leanraqa.com 29
 For More Details…

AAMI Quality Systems White Paper: Comparison of 21 CFR 820 to ISO 13485:2016

Source: AAMI Quality Systems White Paper – Comparison of 21 CFR Part 820 to ISO 13485: 2016

michelle@leanraqa.com 30
Search for the Holy Grail
„Your search continues…

…Compliance with ISO

13485 does NOT mean you
will fulfill QMSR

michelle@leanraqa.com 31
 How elaborate does a compliant QMS need to be?
„Commensurate with:
– Risk presented by the device

– Complexity of device and manufacturing processes

• What if manufacturing processes are outsourced?

– Size and complexity of organization

michelle@leanraqa.com 32
 The Bigger Picture

Except If ISO 9000,

For... then 13485

If QMSR, If ISO 13485,

then QMSR then ISO
Comments* 14971*

IF ISO
13485, then If ISO 13485,
Practical then Notes*
Guide*

*NOTE: FDA is NOT codifying ISO 14971, Notes to 13485, Practical Guide, or comments to QMSR.

michelle@leanraqa.com 33
 The Differences
FDA Subparts
• Subpart D – Document Control
• Subpart M – Records
• Subpart N – Servicing
• Subpart K – Labeling and
Packaging Control
michelle@leanraqa.com
ISO 13485 Clause
• Clause 4 Quality Management
System
• Clause 4 Quality Management
System
• Clause 7 Product Realization
• Clause 7 Product Realization
Proposed Modification
• Add signature and date requirements
to ISO
• Add requirements in 21 CFR 803
Reporting to complaint and servicing
activities
• UDI is still required
• Retain clarification from part
820.180 regarding confidentiality of
records FDA receives
• Retain existing requirements in 820
that strengthen control for labeling and
packaging
34
What’s In A Name?
 Differences in Interpretation

Device Master Record Safety and Performance

VS VS
Medical Device File Safety and Efficacy

michelle@leanraqa.com 36
 Differences in Interpretation
„Design & Development Procedure may need to be Updated
– Medical Device File rather than Device Master Record

QMSR Comment 31

Main Difference: Addition of Intended Use

On the surface, transitioning to MDF does not appear overly burdensome

if only reading ISO 13485, but….

michelle@leanraqa.com 37
 Differences in Interpretation
Design outputs used to Material and component data
fulfill appropriate RA used in the construction of
requirements the device
Practical Guide also suggests:

Practical Guide also suggests:

Records of risk Changes during the lifetime
management including RBA with any associated V&V data

Procedures related to Description of accessories

maintenance of product

Standards applied or methods

Record of language variants to demonstrate conformance
with applicable GSPRs

Clinical data …and then some!

NOTE: The Practical Guide is not a regulation but likely expectation.

michelle@leanraqa.com 38
 Differences in Interpretation
„Safety & Performance v Safety & Efficacy
Safety & Efficacy
Required by section 520(f) of the FD&C
Act
Safety & Performance
Used by ISO 13485
QMSR clarifies: Means “assessment of the
performance of the device to assure the device
is safe and effective”

Webster Definition “effectiveness” (n): Webster Definition “performance” (n): the

producing a decided, decisive, or desired execution of an action the fulfillment of a claim,
effect promise, or request

QMSR Comment 51
michelle@leanraqa.com 39
 Difference in Definitions
„21 CFR 820:
Establish means define, document (in
writing or electronically), and implement

„ISO 13485:
Establish: When a requirement is required to Define
be “documented”, it is also required to be
implemented and maintained

Do
Document
(Implement)

michelle@leanraqa.com 40
 Definitions: Customer
„ISO 9000 “customer”
3.2.4 customer
person or organization (3.2.1) that could or does receive a product (3.7.6) or
a service (3.7.7) that is intended for or required by this person or organization
EXAMPLE:
Consumer, client, end-user, retailer, receiver of product or service from an
internal process (3.4.1), beneficiary and purchaser.
Note 1 to entry: A customer can be internal or external to the organization.

„ISO 13485/QMSR “customer”

FDA has adopted for the final QMSR the definitions set forth in ISO 9000, including the term
“customer”. With respect to the definition of “customer”, when considering the
requirements related to customer property, manufacturers must comply with this
provision….to assure the safety and effectiveness of the devices being manufactured

michelle@leanraqa.com QMSR Comment 36 41

 Customer Property
QMSR Comment 26

„What does this mean for supplier controls?

michelle@leanraqa.com 42
 Definitions: Top Management

Management with Executive

Responsibility…..

…is now Top Management

Because of…a Culture of Quality?

QMSR Comment 27

michelle@leanraqa.com 43
 Source: Dilbert by Scott Adams, Tuesday, June 8, 2021

michelle@leanraqa.com 44
 Definitions: Correction
„“Correction”
– “Correction” should be specified as internal or impacts product in the field
– Products corrected in the field must be done so per 21 CFR part 806

ISO 13485 21 CFR Part 806

QMSR Comment 29
michelle@leanraqa.com 45
 Definitions: Labeling and Marketing
„“Labeling” – use definition from FD&C

ISO 13485 FD&C

„“Marketing”

QMSR Comment 37

michelle@leanraqa.com 46
 Definitions: What about the Rest?
„Missing in Action…

QMSR Comment 29

„Must understand concepts and intents

„Recommend to use other available resources, such as the

Practical Guide

michelle@leanraqa.com 47
It’s not all bad news!
Ø No more independent design reviewer! QMSR comment 46

Ø For manufacturers who distribute to more than only the US, QMSR
claims to align more closely with global harmonization initiatives

Ø View-only free versions of ISO 13485 and ISO 9000 are provided here:
https://ibr.ansi.org/Standards/iso1.aspx
 Any changes to standards?

QMSR Comment 42 - FDA recognizes, however, that organizations

are seeking guidance and clarification on FDA’s expectations
regarding an organization’s implementation of, and compliance
with, the QMSR. To help facilitate understanding, FDA is in the
process of evaluating its existing policies, procedures, and
guidance for industry to be consistent with the QMSR.

michelle@leanraqa.com 49
Answers to Your Burning Questions
 The Burning Questions

Will FDA accept ISO What about QSIT? What

13485 Certifications in will be the new
lieu of audits? technique?

What happens if
ISO 13485 is Are records like supplier
revised? audits, internal audits,
etc. still protected?

Are Quality
Manuals a
Intended
timeline? Requirement?

michelle@leanraqa.com 51
 Q&A: Accepted Certifications

„No, FDA will conduct independent

Will FDA accept ISO audits separate from ISO 13485
13485 Certifications in certification audit
lieu of audits?
„Note: FDA will accept MDSAP audit
reports

However, you will still need to modify

your QMS to meet ISO 13485:2016,
but not required to seek certification if
you only sell in the US Market

michelle@leanraqa.com 52
 Q&A: Intended Timeline
„ The rule is effective two years after publication in
the Federal Register. Until then manufacturers are
required to comply with the QS regulation.

„ The FDA will begin to enforce the QMSR

Intended requirements upon the effective date, February 2,
timeline? 2026.

RY
ATO
AND
M
michelle@leanraqa.com 53
 Q&A: Records
„QMSR Update: FDA can now
inspect Management Review,
Are records like supplier
audits, internal audits, Internal Audit and Supplier
etc. still protected? Audit records

No more exemptions!

Verify the completeness of your

management review agenda – including
risk management!

michelle@leanraqa.com 54
 Under QSR, FDA typically had visibility to
Internal audit Supplier audit Management Review
• Audit agenda (date, • Audit agenda (date, • Meeting agenda (date,
attendance, etc.) attendance, etc.) attendance, etc.)

• Report • Report • Presentation content

and minutes
• CAPA • SCAR
• Raw data

michelle@leanraqa.com 55
 Under QMSR, FDA has visibility to
Internal audit Supplier audit Management Review
• Audit agenda (date, • Audit agenda (date, • Meeting agenda (date,
attendance, etc.) attendance, etc.) attendance, etc.)

• Report • Report • Presentation content

and minutes
• CAPA • SCAR
• Raw data

michelle@leanraqa.com 56
 Available Records: Why change now?
„QMSR published rule states FDA intends to align with global
harmonization and alignment

QMSR Comment 51

FDA Global Harmonization

michelle@leanraqa.com 57
 Q&A: ISO 13485 Revisions
„Now that FDA has incorporated
What happens if
ISO 13485:2016, any future
ISO 13485 is revisions to this standard would
revised? need to be evaluated to determine
the impact of the changes and
whether the QMSR should be
amended.

michelle@leanraqa.com 58
 Future Timelines
(1978)
Published Feb 2, 2024
1996
FDA QSR

Published
2003 Update 2016 Update
1996
ISO 13485

13485:
XXXX
2016 Practical Guide Released

Published
1998 2007 Update
ISO 14971

2000 Update 2019 Update

michelle@leanraqa.com 59
 Q&A: Quality Manuals
„QMSR Update: Yes, and they
should follow ISO 13485
Are Quality requirements
Manuals a
Requirement? Level 1:
Quality Defines approach and
Manual &
Policy responsibilities

Procedures
(SOPs)

Work Instructions,
forms, templates

Records
(logs, notebooks, travelers)

michelle@leanraqa.com 60
 Q&A: Inspection Technique
„QMSR Update: Audits may look
more similar to MDSAP moving
What about QSIT? What
will be the new
forward
technique?
„QSIT inspections are technically
being eliminated under the QMSR
and will be replaced by a new
inspection approach yet to be
determined.

„Note: FDA will not be issuing

QMSR compliance certificates

michelle@leanraqa.com 61
 Questions: Answered

Will FDA accept ISO What about QSIT? What

13485 Certifications in will be the new
lieu of audits? technique?

What happens if
ISO 13485 is Are records like supplier
revised? audits, internal audits,
etc. still protected?

Are Quality
Manuals a
Intended Requirement?
timeline?

michelle@leanraqa.com 62
Conclusions: Secrets to Success
 Secrets to Success
„QMSR comments and Practical Guide are essential for understanding
real applications of ISO 13485

„Be Proactive! Don’t wait

– 2 years is right around the corner
– Need a runway for transition of procedures and compliant records before
implementation date

„Set up Mock Audit once procedures and records are transitioned

„Tentatively become familiar with MDSAP Audit Model (similar option

highly likely to be adopted by FDA)

michelle@leanraqa.com 64
 Update at least these:
„Quality Manual

„Management Review

„Monitoring and Measurement of Processes

„Design, Development

„CAPA and Non-Conforming Product

„Definitions, definitions, definitions

michelle@leanraqa.com 65
 Get a New Cheat Sheet!
There's a LOT to remember with QMSR.

Which is why we're working on a new cheat sheet:

US - Only v ISO 13485 - Compliant Systems – Manufacturer Checklist

Want a copy? We'll send you one as soon as it's completed.

Just drop your email in the chat or send us an email at team@leanRAQA.com

michelle@leanraqa.com 66
Free download
• Regulatory Pathway Assessment (RPA)
• Business Market Assessment (BMA)
• … And More

leanraqa.com/free-guides

Questions?
Your regulatory strategy

Your regulatory submissions

Your quality systems

and compliance

Your audit management Michelle Lott, RAC

https://leanraqa.com/time
www.leanraqa.com

Your due diligence

companies industries
large medical device
mid-sized cosmetics
Your technical support small food
startup dietary supplements

Your grief counseling