QMS GAP ANALYSIS CHECKLIST - FDA 21 CFR PART 820 and

ISO 13485:2016 & PLANNED PUBLICATION OF THE QMSR

Company name: Address:

Product description and FDA classification:

General status of your manufacturing facility / equipment / product processes:

Target date for completing changes to Current quality management system meets which requirements?
current quality management system:
(dd/mm/yyyy)

1 of 28

TM024 Activated Date: September 09, 2023

General Information for Company and Quality Management System:

Introduction
The purpose of this gap analysis is to help identify potential gaps in the current quality management system that meets FDA 21 CFR Part 820,
and the requirements of ISO 13485:2016. There are many similarities between the two, however there are some differences in requirements. As
the FDA moves to harmonization with the ISO standard it is important any current gaps be identified and resolved.

This gap analysis checklist will be updated with specific details once the released FDA QMRS is finalized. You will receive this update once its
available.

The format of this checklist is as follows:

 First column; shows the current FDA 21 CFR Part 820 element number and title. The specific requirements are not included and refer to
your copy of the regulation for details. The exception is where an abbreviated requirement is shown for clarity in the difference with
ISO 13485:2016. Exact requirements will be clarified with the release of the new QMRS and as I mentioned will be forwarded to you.

 Second/Third column’s is where you can indicate if there are gaps (Yes or No) in your current QMS that need to be filled to meet ISO
13485:2016 and the FDA QMRS.

 Fourth column is the equivalent or closest equivalent ISO 13485:2016 element. Notes are added here to indicate if the elements are
significantly the same as FDA 21 CFR Part 820 and if there are differences. You should refer to your copy of the ISO 13485:2016 Standard
for details. Where risk is mentioned in this gap analysis, it is highlighted in blue font as this is a significant change from the current QSR.
Overall in ISO 13485:2016 risk is mentioned 100 times compared to one time in the QSR.

 Fifth column is where you add notes as appropriate. These notes can show a brief description of any gaps and actions that need to be
taken. For reference you can add any appropriate documented procedure number that is applicable to that element. Also for reference is
the number of the Fast-Track QMS Consultants procedure number if you did purchase this from us.

2 of 28

TM024 Activated Date: September 09, 2023

 Any questions you may have, or assistance required please feel free to contact me by email at: mailto:fasttrackiso13485@gmail.com

Yes No ISO 13485:2016 Notes

820.5 Quality system

Each manufacturer shall establish Your current SOP:

and maintain a quality system that
is appropriate for the specific
medical device(s) designed or
manufactured, and that meets the
requirements of this part.
Yes
820.20 Management
responsibility
4.1 General requirements.
No significant difference in (ref. procedure template; SOP-410-01, SOP-412-01, and
requirements except 4.1 requires Quality Manual template, QM-01)
the documentation of the role(s)
undertaken by the organization
under the applicable regulatory
requirements.
4.1.2 The organization shall:
Includes requirement to: apply a
risk based approach to the control
of the appropriate processes
needed for the quality management
system. Note: Risk requirements
are included in ISO 13485:2016
elements 4, 6, 7 & 8
4.1.3 through 4.1.5
No ISO 13485:2016
Notes

3 of 28

TM024 Activated Date: September 09, 2023

a) Quality Policy. 5.3 Quality Policy.
No significant difference in
Note; refer to 820.20(a) for details.
requirements except additional
requirements for Quality Policy to
be applicable to the purpose of the
organization, provide a framework
for establishing and reviewing
quality objectives, and is reviewed
for continuing suitability.
b) Organization 5.2 Customer focus
ISO 13485:2016 5.2 states: Top
Note; refer to 820.20(b) for detailed
requirements. management shall ensure that
customer requirements are
determined and met.
5.5.1 Responsibility and
authority
No significant difference in
requirements

5.5.2 Management representative

Additional requirement for ensuring
the promotion of awareness of
applicable regulatory requirements
and quality management system
requirements throughout the
organization.

c) Management review 5.6 Management review / 5.6.1 Your current SOP:

Note; refer to 820.20(c) for detailed
requirements.
General / 5.6.2 Review input /
(ref. procedure template; SOP-561-01)
5.6.3 Review output.
ISO 13485:2016 more specific
requirements including inputs and
outputs. Also includes assessing
opportunities for improvement and
need for changes to the QMS.
21 CFR Part 820 more general
requirements i.e.; the dates and

4 of 28

TM024 Activated Date: September 09, 2023

 results of quality system reviews
shall be documented.
d) Quality planning 5.4.2 Quality management Your current SOP:
system planning.
(ref. template QM-03)
Note; refer to 820.20(d) for detailed Similar requirements with ISO
requirements. 13485:2016 including requirements:

- the integrity of the QMS is

maintained when changes to the
QMS are planned and
implemented.
- Top management shall ensure
that: the planning of the quality
management system is carried out
in order to meet the requirements
given in 4.2, as well as the quality
objectives.

4.2.1 Documentation requirements, Your current SOP:

e) Quality system procedures
Each manufacturer shall establish
quality system procedures and
instructions……
general
Includes: documented procedures and
records required by this International
Standard;

4.2.2 Quality Manual

No specific requirement for a Quality (ref. Quality Manual template; QMS-01 & support forms and
Manual in 21 CFR Part 820. procedure template SOP-424-01)
ISO 13485:2016 4.2.2 requires.
The organization shall document a
quality manual that includes:
- the scope of the quality
management system, including
details and justification for any
exclusions or non-application;
- the documented procedures for
the QMS, or reference to them;

5 of 28

TM024 Activated Date: September 09, 2023


Yes
820.22 Quality audit
…A report of the results of each
…
quality audit, and reaudit(s) where
taken, shall be made and such
reports shall be reviewed by
management having responsibility
for the matters audited. The dates
and results of quality audits and
results shall be documented.
Yes
820.25 Personnel
a) General
Each manufacturer shall have
sufficient personnel with the
necessary education, background,
training, and experience to assure
that all activities required by this
6 of 28
TM024
- a description of the interaction
between the processes of the QMS;
The quality manual shall outline the
structure of the documentation
used in the QMS.
No ISO 13485:2016
Notes
Your current SOP:
8.2.4 Internal audits
(ref. procedure template; SOP-824-01 & SOP-824-02)
ISO 13485:2016 requires an audit
program to be planned, taking into
consideration the status and
importance of the process to be
audited. Also includes corrective
actions to be taken by area
management without undue delay.
Follow up actions to include
verification and reporting of the
actions taken.
No ISO 13485:2016 Notes
Your current SOP:
6.1 Provision of resources
No significant differences in (ref. procedure template; SOP-622-01 and SOP-622-02)
requirements.
6.2 Human resources
ISO 13485:2016 has more specific
detail on personnel performing work
Activated Date: September 09, 2023
 that can affect product quality and
part are correctly performed. specifies competent on the basis of
appropriate education, training,
skills and experience. Also states
that: ensure that its personnel are
aware of the relevance and
b) Training importance of their activities and
how they contribute to the
Note; refer to 820.25(b) for detailed achievement of the quality
requirements. objectives;

Also requires that the methodology

used to check effectiveness to be
proportionate to the risk associated
with the work for which the training
or other action is being provided..
Yes No ISO 13485:2016 Notes
820.30 Design controls
7.3.1 General. Your current SOP:
a) General.
Note; refer to 820.30(a) for detailed (ref. procedure template; SOP-731-01and SOP-731-02)
No significant difference in
requirements.
requirements except 21 CFR 820
has exclusions for design controls
based on risk of the device , i.e.
class 1 devices, excluding those
listed. ISO 13485:2016 there are no
exclusions.
b) Design and development 7.3.2 Design and development
planning. planning.
Note; refer to 820.30(b) for detailed No significant difference in
requirements. requirements

c) Design input. 7.3.3 Design and development

7 of 28

TM024 Activated Date: September 09, 2023

 inputs.
Note; refer to 820.30(c) for detailed ISO 13485:2016 has more specific
requirements.
requirements including applicable
output(s) of risk management;
820.30(c) includes requirement for
documented approvals including
the date and signature of the
individual(s) approving the input
requirements.
d) Design output. 7.3.4 Design and development
outputs.
Note; refer to 820.30(d) for detailed Similar requirements and ISO
requirements.
13485:2016 having additional
requirement to provide information
for purchasing, production and
service provision.

e) Design review. 7.3.5 Design and development

Note; refer to 820.30(e) for detailed
requirements.
review.
820.30(e) has additional
requirement for design reviews to
include an individual(s) who does
not have direct responsibility for the
design stage being reviewed.
ISO 13485 specifies reviews
“identify and propose necessary
actions.”

f) Design verification. 7.3.6 Design and development

verification
Note; refer to 820.30(f) for detailed ISO 13485:2016 includes

8 of 28

TM024 Activated Date: September 09, 2023


requirements.
g) Design validation.
Note; refer to 820.30(g) for detailed
requirements.
Includes: The results of the design
validation, including identification of
the design, method(s), the date,
and the individual(s) performing the
validation, shall be documented in
the DHF.
h) Design transfer
Each manufacturer shall establish
and maintain procedures to ensure
that the device design is correctly
translated into production
specifications.
9 of 28
TM024
verification requirements if the
medical device is to be connected
to or have interface with other
medical devices.
21 CFR Part 820.30(f) includes:
identification of the design,
method(s), the date, and the
individuals performing the
verification, shall be documented in the
DHF.
7.3.7 Design and development
validation
ISO 13485:2016 includes: If the
intended use requires that the
medical device be connected to, or
have interface with, other medical
device(s), validation shall include
confirmation…...
ISO 13485:2106 specifies: As part
of the design and development
validation, the organization shall
perform clinical evaluations or
performance evaluations of the
medical device in accordance with
applicable regulatory requirements.
7.3.8 Design and development
transfer
ISO 13485:2016 specifies: These
procedures shall ensure that design
and development outputs are
verified as suitable for
manufacturing before becoming
final production specifications and
that production capability can meet
Activated Date: September 09, 2023

i) Design changes.
Each manufacturer shall establish
and maintain procedures for the
identification, documentation,
validation or where appropriate
verification, review, and approval of
design changes before their
implementation.
j) Design history file.
Note; refer to 820.30(j) for detailed
requirements.
820.40 Document controls
10 of 28
TM024
product requirements.
Your current SOP:
7.3.9 Control of design and
development changes (ref. procedure template; SOP-739-01)
ISO 13485:2016 specifies more
detailed requirements including;
determining significance of change
….and the review of design and
development changes shall include
evaluation of the effect of the
changes on constituent parts and
product in process or already
delivered, inputs or outputs of risk
management and product
realization processes. Records of
changes, their review and any
necessary actions shall be
maintained.
7.3.10 Design and development
files
No significant difference in
requirements
Yes No ISO 13485:2016 Notes
Activated Date: September 09, 2023
 4.2.4 Control of documents
Each manufacturer shall establish
and maintain procedures to control 4.2.5 Control of records
all documents that are required by
this part. The procedures shall
No significant difference in
provide for the following:
requirements

4.2.4 Control of documents Your current SOP:

a) Document approval and
4.2.5 Control of records
distribution Or (ref. procedure template; SOP-424-01 & SOP-424-03)
No significant difference in
Note; refer to 820.40(a) for detailed requirements except ISO 13485
requirements. includes: The organization shall
define & implement methods for
protecting confidential health
information in records in
accordance with the applicable
regulatory requirements.
4.2.4 Control of documents
b) Document changes
Note; refer to 820.40(b) for detailed
21 CFR 820 specifies that
requirements.
approved changes be
communicated to appropriate
personnel in a timely manner.

Also changes records shall

include a description of the
change, identification of the
affected documents, the approval
date, and when the change
becomes effective.

Yes No ISO 13485:2016 Notes

820.50 Purchasing controls.

11 of 28

TM024 Activated Date: September 09, 2023

Each manufacturer shall establish
and maintain procedures to ensure
that all purchased or otherwise
received product and service
conforms to specified requirements.
a) Evaluation of suppliers,
contractors, and consultants
Note; refer to 820.50(a) for detailed
requirements.
12 of 28
TM024
4.1.5 General requirements
ISO 13484:2016 states: When
outsources any process that
affects product conformity to
requirements …the controls shall
include written quality agreements
7.4.1 Purchasing process
ISO 13485:2016 only applies to
purchased product.
Your current SOP:
7.4.1 Purchasing process
ISO 13485:2016 criteria for the (ref. procedure template; SOP-741-01 & SOP-741-02)
evaluation and selection of
suppliers includes being
proportionate to the risk
associated with the medical
device.
ISO 13485:2016 specifies the
organization shall plan the
monitoring and re-evaluation of
suppliers.
Activated Date: September 09, 2023
b) Purchasing data
Note; refer to 820.50(b) for detailed
requirements.
820.60 Identification
Each manufacturer shall establish
and maintain procedures identifying
product during all stages of receipt,
production, distribution, and
installation to prevent mix-ups.
820.65 Traceability
Note; refer to 820.65 for detailed
requirements.
13 of 28
TM024
7.4.2 Purchasing data
ISO 13485:2016 includes: The
organization shall ensure the
adequacy of specified purchasing
requirements prior to their
communication to the supplier.
ISO 13485:2016 requires:
Purchasing information shall
include, as applicable a written
agreement that the supplier notify
the organization of changes in the
purchased product prior to
implementation …
Also includes requirement; To the
extent required for traceability
given in 7.5.9 the organization
shall maintain relevant purchasing
information in the form of
documents and records.
Yes No ISO 13485:2016 Notes
Your current SOP:
7.5.8 Identification
ISO 13485:2016 has more (ref. procedure template; SOP-758-01)
detailed requirements, including
having procedures to ensure that
medical devices returned to the
organization are identified and
distinguished from conforming
product.
Yes No ISO 13485:2016 Notes
Your current SOP:
7.5.9 Traceability
ISO 13485:2016 specifies (ref. procedure template; SOP-758-01)
requirement for procedures
Activated Date: September 09, 2023
 defining the extent of traceability
in accordance with applicable
regulatory requirements and the
records to be maintained.
CFR Part 820 specifies the type of
devices that require traceability.
Yes No ISO 13485:2016 Notes
820.70 Production and
process controls
Your current SOP:
a) General 7.1 Planning of product
realization. (ref. procedure template; SOP-641-01, SOP-751-01 &
Note; refer to 820.70(a) for detailed
requirements. No significant difference in SOP-752-01)
requirements except ISO
13485:2016 states: The
organization shall document one
or more processes for risk
management in product
realization. Records of risk
activities to be maintained.
7.5.1 Control of production and
service provision.
No significant differences but
requirements are shown in
different clauses of 21 CFR 820
6.4.1 Work environment Your current SOP:
b) Production and process
changes (ref. procedure template; SOP-641-01, SOP-641-02, and
Note; refer to 820.70(b) for detailed No significant differences SOP-642-03)
requirements.
c) Environmental control

Note; refer to 820.70(c) for detailed

requirements.
d) Personnel
Note; refer to 820.70(d) for details

14 of 28

TM024 Activated Date: September 09, 2023


e) Contamination control
Each manufacturer shall establish
and maintain procedures to prevent
contamination of equipment or
product by substances that could
reasonably expected to have an
adverse effect on product quality.
f) Buildings
Buildings shall be of suitable design
and contain sufficient space to
perform necessary operations,
prevent mix-ups, and assure orderly
handling
g) Equipment
Note; refer to 820.70(g) for detailed
requirements.
15 of 28
TM024
Your current SOP:
6.4.2 Contamination control
(ref. procedure template; SOP-642-04)
ISO 13485:2016 states
contamination control as
appropriate unless applied to
sterile medical devices. (“as
appropriate” understood to mean
appropriate unless the company
can justify otherwise).
ISO 13485:2016 also states: For
sterile medical devices, the
organization shall document
requirements for control of
contamination with
microorganisms or particulate
matter and maintain the required
cleanliness during assembly or
packaging processes.
Your current SOP:
6.3 Infrastructure
(ref. procedure template; SOP-631-01 and SOP-631-02)
No significant differences
6.3 Infrastructure
7.5.1 Control of production and
service provision.
21 CFR 820 has some additional
requirements for maintenance
schedules, i.e. periodic
inspections to ensure adherence
to those schedules and other
Activated Date: September 09, 2023

h) Manufacturing material
Note; refer to 820.70(h) for detailed
requirements.
i) Automated processes
When computers or automated data
processing systems are used as part
of production or the quality system,
the manufacturer shall validate
computer software for its intended
use according to an established
protocol. All software changes shall
be validated before approval and
issuance. These validation activities
and results shall be documented.
16 of 28
TM024
reequipments not specified in ISO
13485;2016
7.5.2 Cleanliness of product.
Similar requirements but ISO
13485:2016 has more specific
requirements for the
documentation of cleanliness of
product or contamination control
of product.
4.1.6 (validation of software)
ISO 13485:2016 includes: The
specific approach and activities
associated with software
validation and revalidation shall
be proportionate to the risk
associated with the use of the
software.
7.5.6 Validation of processes
for production and service
provision
7.6 Control of monitoring and
measuring equipment
Activated Date: September 09, 2023
820.72 Inspection,
measuring & test equipment.
a) Control of inspection.
Measuring and test equipment
b) Calibration
Note; refer to 820.72(a & (c)) for detailed
requirements.
Yes No ISO 13485:2016 Notes
Your current SOP:÷
7.6 Control of monitoring and
measuring equipment (ref. procedure template; SOP-761-01)
The requirements for 21 CFR Part
820.72 and ISO 13485:2016 7.6
are substantially similar with the
following differences:
ISO 13485:2016 requires
validation of software used for
monitoring and measurement and
the approach to be proportionate
to the risk associated with the
use of the software.
21 CFR Part 820 species specific
requirements including the
equipment identification,
calibration dates, the individual
performing each calibration, and
the next calibration date.

820.75 Process validation Yes No ISO 13485:2016 Notes

17 of 28

TM024 Activated Date: September 09, 2023

a)
Note; refer to 820.75(a) for detailed
requirements.
21 CFR Part 820.75 specifies the
documentation of the date and
signature of the individual(s)
approving the validation.
b)
Note; refer to 820.75(b) for detailed
requirements.
Your current SOP:
7.5.6 Validation of processes
for production and service (ref. procedure template; SOP-756-01& SOP-756-02)
provision.
The requirements for 21 CFR Part
820.75 and ISO 13485:2016 are
substantially similar with the
following differences:
7.5.7 Particular requirements
for validation of processes for
sterilization and sterile barrier
systems.
8.2.5 Monitoring and
measurement of processes
Requires suitable methods for
monitoring of processes. These
methods shall demonstrate the
ability of the processes to achieve
planned results….

18 of 28

TM024 Activated Date: September 09, 2023

c)
When changes or process deviations
occur, the manufacturer shall review
and evaluate the process and
perform revalidation where
appropriate. These activities shall be
documented.
Yes
820.80 Receiving, in-
process, and finished device
acceptance.
a) General
Each manufacturer shall establish
and maintain procedures for
acceptance activities. Acceptance
activities include inspections, tests,
or other verification activities.
b) Receiving acceptance activities
Note; refer to 820.80(b) for detailed
requirements.
19 of 28
TM024
4.1.4 QMS General
requirements
7.5.6 Validation of processes
for production and service
provision
Includes: Software validation and
revalidation shall be proportionate
to the risk associated with the
use of the software, including the
effect on the ability of the product
to conform to specification.
8.2.5 Monitoring and
measurement of processes.
No significant difference in
requirements.
No ISO 13485:2016 Notes
7.1 Planning of product Your current SOP:
realization
(ref. procedure template; SOP-743-01 & SOP-825-01)
8.2.6 Monitoring and
measurement of product.
No significant difference in
requirements
7.4.3 Verification of purchased
product. No significant difference
in requirements but does add
verification of purchased product
that includes extent of verification
Activated Date: September 09, 2023

c) In-process acceptance activities
Note; refer to 820.80(c) for detailed
requirements.
d) Final acceptance activities
Note; refer to 820.80(d) for detailed
requirements.
actives shall be based on the
supplier evaluation results and
proportionate to the risk
associated with the purchased
product. Also, actions taken with
suppliers not meeting
requirements, to be proportionate
to the risk associated with the
purchased product.
7.5.10 Customer property
Includes reporting to the customer
on any property lost, damaged or
found to be unsuitable,
8.2.6 Monitoring and
measurement of product.
No significant difference in
requirements.
7.5.10 Customer property
8.2.6 Monitoring and
measurement of product.
No significant difference in
requirements except 21 CFR 820
requires; Finished devices shall
be held in quarantine or otherwise
adequately controlled until
released.

e) Acceptance records 7.1 Planning of product

Note; refer to 820.80(e) for detailed realization.
requirements. Similar requirement with
820.80(e) also requiring the
signature of the individual(s)
completing the acceptance
activities.
Yes No ISO 13485:2016 Notes
820.86 Acceptance status

20 of 28

TM024 Activated Date: September 09, 2023

 Your current SOP:
7.5.8 Identification
Note; refer to 820.86 for detailed Includes similar requirements to (ref. procedure template; SOP-758-01 & SOP-821-01)
requirements. those included in 820.86
8.2.1 Feedback
ISO 13485:2016 8.2.1 requires as
one of the measurements of the
effectiveness of the quality
management system, the
organization shall gather and
monitor information relating to
whether the organization has met
customer requirements.
Includes requirement for the
information gathered in the
feedback process to be potential
input into risk management for
monitoring the product
requirements as well as the
product realization process.
Yes No
820.90 Nonconforming ISO 13485:2016 Notes
product
Your current SOP:
a) Control of nonconforming 8.3 Control of nonconforming
product product. (ref. procedure template; SOP-831-01, SOP-833-01, &
Note; refer to 820.90(a) for detailed SOP-834-01)
requirements. No significant difference in
requirements other than:
b) Nonconformity review and ISO 13485:2016 clause 8.3.3
disposition specifies requirements for
nonconforming product detected
Note; refer to 820.198(b) for detailed after delivery.
requirements.
8.3.1 General
8.3.2 Actions in response to
nonconforming product

21 of 28

TM024 Activated Date: September 09, 2023

 detected before delivery.
8.3.3 Actions in response to
nonconforming product
detected after delivery.
21 CFR Part 820 has no specific
requirements for response to
nonconforming product detected after
delivery.
8.3.4 Rework
Yes No ISO 13485:2016 Notes
820.100 Corrective and
preventive action
8.4 Analysis of data Your current SOP:
8.5.2 Corrective actions
(ref. procedure template; SOP-851-01)
8.5.3 Preventive actions
Note; refer to 820.100 for detailed
requirements. The requirements for corrective
and preventive actions are
substantially similar with the
following differences:
21 CFR Part 820 includes:
Ensuring that information related
to quality problems or
nonconforming product is
disseminated to those directly
responsible for assuring the
quality of such product or the
prevention of such problems, and
Submitting relevant information on
identified quality problem as well
as corrective and preventive
actions, for management review.
ISO 13485:2016 has separate
clauses for corrective action and
preventive action.

22 of 28

TM024 Activated Date: September 09, 2023


Yes
820.120 Device labeling
Each manufacturer shall establish
and maintain procedures to control
labeling activities.
a) Label integrity
Labels shall be printed and applied
so as to remain legible and affixed
during the customary conditions of
processing, storage, handling,
distribution and where appropriate
use.
b) Labeling inspection
Note; refer to 820.120(b) for detailed
requirements.
23 of 28
TM024
ISO 13485:2016 requires; Any
necessary corrective actions shall
be taken without undue delay;
and Corrective actions shall be
proportionate to the effects of the
nonconformities encountered.
No ISO 13485:2016 Notes
. Your current SOP:
7.5.1 Control of production and
service provision. (ref. procedure template; SOP-751-01 & SOP-751-02)
No significant difference in
requirements
7.5.1 Control of production and
service provision.
ISO 13485:2016 does not include
specific requirements for labeling
other than stating that product
controls shall include
implementation of defined
operations for labeling and
packaging.
7.5.11 Preservation of product
More general requirement: The
organization shall document
procedures for preserving the
conformity of product to
requirements during processing,
storage, handling, and
distribution. Preservation shall
apply to the constituent parts of a
medical device.
7.4.3 Verification of purchased
product.
7.5.1 Control of production and
service provision.
Activated Date: September 09, 2023

c) Labeling storage
Each manufacturer shall store
labeling in a manner that provides
proper identification and is designed
to prevent mix-ups.
d) Labeling operations
Each manufacturer shall control
labeling and packaging to prevent
labeling mix-ups. The label and
labeling used for each production
unit, lot, or batch shall be
documented in the DHR.
e) Control number
When a control number is required
by 820.65, that control number shall
be on or shall accompany the device
through distribution.
24 of 28
TM024
8.2.6 Monitoring and
measurement of product.
ISO 13485:2016 does not have
specific requirements for labeling
other than under 7.5.1 including:
implementation of defined
operations for labeling and
packaging. Under 8.2.6 labeling
would also be included.
6.4.1 Work environment
7.5.1 Control of production and
service provision.
ISO 13485:2016 has no specific
requirements for labeling other
than under 7.5.1 including:
implementation of defined
operations for labeling and
packaging.
7.5.1 Control of production and
service provision.
ISO 13485:2016 does not include
specific requirements for labeling
operations and is covered under
general requirements of 7.5.1
7.5.8 Identification
7.5.9.2 Particular requirements
for implantable medical
devices.
ISO 13485:2016 has no specific
requirement for control numbers
except for UDI requirements, as
required, and traceability for
implantable medical devices.
Activated Date: September 09, 2023

820.130 Device packaging
Note; refer to 820.130 for detailed
requirements.
820.140 Handling
Each manufacturer shall establish
and maintain procedures to ensure
that mix-ups, damage, deterioration,
contamination, or other adverse
effects to product do not occur during
handling.
820.150 Storage
a) ….When the quality of product
deteriorates over time, it shall be
stored in a manner to facilitate proper
stock rotation, and its condition shall
be assessed as appropriate.
b) Each manufacturer shall establish
and maintain procedures that
describe the methods for authorizing
25 of 28
TM024
Yes No ISO 13485:2016 Notes
7.3 Design and development Your current SOP:
7.5.1 Control of production and
(ref. procedure template; SOP-731-01 & SOP-731-02)
service provision
7.5.11 Preservation of product
No significant difference in
requirements and included as part
of product in elements shown
above.
Yes No ISO 13485:2016 Notes
Your current SOP:
7.5.11 Preservation of product
(ref. procedure template; SOP-751-01 & SOP-751-02)
ISO 13485:2016 7.5.11 includes
requirements for designing and
constructing packaging and for
special conditions if needed.
21 CFR 820 specifies procedures
to prevent mix-ups
Yes No
ISO 13485:2016 Notes
7.5.11 Preservation of product Your current SOP:
(ref. procedure template; SOP-751-03)
ISO 13485:2016 does not include
a specific requirement for stock
rotation.
Activated Date: September 09, 2023
receipt from and dispatch to storage
areas and stock rooms.
820.160 Distribution
a) ….Where a devices fitness for use
or quality deteriorates over time, the
procedures shall ensure that expired
devices or devices deteriorated
beyond acceptable fitness for use are
not distributed.
b) Each manufacturer shall maintain
distribution records which include or
refer to the location of:
(1) The name and address of the
initial consignee;
(2) The identification and quantity of
devices shipped;
(3) The date shipped; and
(4) Any control number(s) used.
820.170 Installation
26 of 28
TM024
Yes No ISO 13485:2016 Notes
7.2.1 Determination of Your current SOP:
requirements related to
(ref. procedure template; SOP-720-01 & SOP-751-03)
product. Includes applicable
regulatory requirements and any
user training needs.
7.2.2 Review of requirements
related to product.
7.2.3 Communication.
7.5.1 Control of production and
service provision
Similar requirements with 820.160
including requirements for control
of expired or deteriorated devices.
7.5.9.2 Particular requirements
for implantable devices.
ISO 13485:2016 has specific
requirements for maintaining
distribution records for
implantable medical devices.
21 CFR 820 requires distribution
records for all devices and with
some specific requirements.
Yes No ISO 13485;2016 Notes
Activated Date: September 09, 2023
 Your current SOP
a) & b) 7.5.3 Installation activities
No significant difference
Note; refer to 820.170) for detailed
requirements.

Yes No ISO 13485;2016 Notes

820.180 Records, general
requirements
General 4.2.5 Control of records Your current SOP:
21 CFR 820 includes requirement (ref. procedure template; SOP-425-01)
Note; refer to 820.180 for detailed for records to be readily available
requirements.
for review and copying by FDA
employees designated to perform
inspections. Also a requirement
for records stored in automated
data processing systems must be
backed up.
a) Confidentiality 4.2.5 Control of records.
ISO 13485:2016 includes
Note; refer to 820.180(a) for detailed additional requirements including
requirements.
protecting confidential health
information contained in records
in accordance with the applicable
regulatory requirements.
b) Record retention period 4.2.4 Control of documents
4.2.5 Control of records
Note; refer to 820.180(b) for detailed No significant difference in
requirements.
requirements.
c) Exceptions ISO 13485:2016 does not have an
equivalent requirement.
Note; refer to 820.180(c) for detailed
requirements.

820.181 Device master Yes No ISO 13485:2016 Notes

27 of 28

TM024 Activated Date: September 09, 2023

record

a) b) c) d) e) Note; refer to 820.181for Your current SOP:

4.2.3 Medical device file
detailed requirements.
(ref. procedure template; SOP-423-01)
No significant differences in
requirements

820.184 Device history Yes No ISO 13485:2016 Notes

record

….The DHR shall include, or refer to Your current SOP:

7.5.1 Control of production and
the location of, the following service provision (ref. procedure template; SOP-710-01)
information:
Additional requirements over ISO
a) The dates of manufacturer 13485:2016 shown in a) d) e) & f)
ISO 13485:2016 states: The
b) The quantity manufactured organization shall establish and
maintain a record (see 4.2.5) for
each medical device or batch of
c) The quantity released for medical devices that provides
distribution traceability to the extend specified
in 7.5.9 and identifies the amount
d) The acceptance records which manufactured and amount
demonstrate the device is approved for distribution. The
manufactured in accordance with the record shall be verified and
DMR. approved.
e) The primary identification label 7.5.5 Particular requirements
and labeling used for each for sterile medical devices.
production unit; Includes clause for sterile medical
devices and records of the
f) Any unique device identifier (UDI) sterilization process parameters
or universal product code (UPC), and by batch.
any other device identification(s) and

28 of 28

TM024 Activated Date: September 09, 2023

control number(s) used.
820.186 Quality system
record
Note; refer to 820.186 for detailed
requirements.
820.198 Complaint files
a) Note; refer to 820.198(a) for detailed
requirements.
b) Note; refer to 820.198(b) for detailed
requirements.
c) Any complaint involving the
possible failure of a device, labeling,
29 of 28
TM024
Yes No ISO 13485:2016 Notes
(ref. procedure template; SOP-425-01)
4.2.5 Control of records
No specific requirement for a
Quality System Record (QSR) but
similar controls for QMS records
are under 4.2.5
Yes No ISO 13485:2016 Notes
Your current SOP:
8.2.2 Complaint handling
Similar requirements except (ref. procedure template; SOP-822-01)
definition of complaints under ISO
The FDA under Supplemental Provisions in the QMSR
13485:2016 3.4 includes
under 820.35 Control of Records, Information required by
“usability..”
21 CFR Part 803, complaint and service activities.
Also the definition of “complaint”
in 3.4 of ISO 13485:2016 also
includes concerns “related to a
service that affects the
performance of such medical
devices” as a potential source of
complaints.
ISO 13485:2016 also includes
more detailed definition of a
complaint.
8.2.2 Complaint handling
When no investigation is carried
out CFR 820 requires the name of
the individual making the decision
also be documented.
8.2.2 Complaint handling
ISO 13485:2016 states: If any
Activated Date: September 09, 2023
or packaging to meet any of its
specifications shall be reviewed,
evaluated, and investigated, unless
such investigation has already been
performed for a similar complaint and
another investigation is not
necessary.
d) …In addition to the information
required by 820.198(e), records of
investigation under this paragraph
shall include a determination of:
(1) Whether the device failed to meet
specifications.
(2) Whether the device was being
used for treatment or diagnosis; and
(3) The relationship, if any, of the
device to the reported incident or
adverse event.
e) Note; refer to 820.198(e) for detailed
requirements.
f) When the manufacturers formally
designated complaint unit is located
at a site separate from the
manufacturing establishment, the
investigated complaint(s) and the
record(s) of investigation shall be
reasonably accessible to the
30 of 28
TM024
complaint is not investigated,
justification shall be documented.
Any correction or corrective action
resulting from the complaint
handling process shall be
documented.
8.2.3 Reporting to regulatory Your current SOP:
authorities
(ref. procedure template; SOP-823-01)
ISO 13485:2016 does not include
specific details that are detailed in
CFR 820 and just states that: If
applicable regulatory
requirements require notification
of complaints that meet specified
reporting criteria of adverse
events or issuance of advisory
notices, the organization shall
document procedures for
providing notification to the
appropriate regulatory authorities.
8.2.2 Complaint handling
7.2.3 Communication
ISO 13485 requires complaint
handling records to be maintained
but does not include the detailed
requirements same as 21 CFR
820
8.2.2 Complaint handling
ISO 13485:2016 does not have a
comparable requirement. see
4.2.5 for details on all quality
records!
Activated Date: September 09, 2023
manufacturing establishment.

8.2.2 Complaint handling

g) If a manufacturers formally
designated unit is located outside of
the United States, records required ISO 13485:2016 does not have a
by this section shall be reasonably comparable requirement.
accessible in the United States at
either: It does require: Complaint
(1) A location in the United States handling records shall be
where the manufacture’s records are maintained (see 4.2.5) for details
regularly kept; or on all quality records
(2) The location of the initial
distributor

Yes No ISO 13485:2016 Notes

820.200 Servicing

a) Note; refer to 820.200 (a) for detailed 7.5.4 Servicing activities Your current SOP:
requirements. No significant difference in
general requirements. Does
require analysis of records of
servicing activities to determine if
the information is to be handled
as a complaint.
b) Each manufacturer shall analyze 7.5.4 Servicing activities
service reports with appropriate
statistical methodology in accordance 8.1 Measurement, analysis, and
with 820.100 improvement. General
Similar requirement for use of
appropriate statistical techniques.

c) Note; refer to 820.198(c) for detailed 7.5.4 Servicing activities

requirements. ISO 13485:2016 7.5.4 states
analyses of records of servicing to
be carried out to determine if the

31 of 28

TM024 Activated Date: September 09, 2023

 information is to be handled as a
complaint.
d) Note; refer to 820.198(d) for detailed 7.5.4 Servicing activities
requirements. 21 CFR 820 includes specific
requirements for documented
service reports.
Yes No ISO 13485:2016 Notes
820.250 Statistical
techniques
a) b) Your current SOP:
7.5.6 Validation of processes
for production and service
Note; refer to 820.250(a) & (b) for provision.
detailed requirements.
Includes documented procedure
that includes, as appropriate,
statistical techniques with
rationale for sample size.

8.1 Measurement, analysis and

improvement, General
Includes determination of
appropriate methods, including
statistical techniques, and the
extent of their use.

Additional notes or areas that should be looked at in more detail?

32 of 28

TM024 Activated Date: September 09, 2023

Completed by: Name & signature Date: dd/mm/yyyy

33 of 28

TM024 Activated Date: September 09, 2023