Understanding the difference between ISO 13485 and 21 CFR 820

Hi All,

I'm just learning about quality systems and regulations and I'm hoping you can help me understand the difference between ISO 13485 and 21 CFR 820. Is this an accurate way to state the similarities/differences?

"Based on ISO 9001, ISO 13485 is an international standard that places emphasis on management reviews, process and design control in manufacturing, documentation, and the review of corrective actions and preventative actions (CAPA). Applicable only for products made in or imported to the United States, 21 CFR 820 is a more stringent requirement that is similar to ISO 13485 with more of a focus on monitoring and measuring the performance of products, labeling, and traceability."

Thanks in advance!!

 

Hi Mike

You are correct in saying that 21CFR820 only applies to products made in or imported into US. However I would not say the regulation iitself is more stringent than ISO13485. It is the inspection process by FDA that is more stringent. (There is a very good comparison by of ISO and 21CFR820 by Ed Kimmelman, which shows that in most cases, the differences are minimal.)

There is an expectation by FDA inspectors that there is a strict, 100%, compliance at all times with the letter of the regulation; whereas under ISO13485, there is an element of interpretation of the standard to suit your companies processess. This adherance to the regulation is reinforced when an FDA inspector can be on-site for "as long as it takes" (often 5-15+ days) whereas an ISO auditor may be present for just one or two days. This allows the FDA inspection to review many more records in much greater detail than would be the case under ISO.

Hope this helps
Chris

 

Hi everyone
I might leave a late reply, but there are some differences between 21 CFR 820 and ISO 13485.

ISO 1385 is designed for the medical devices market inside the UE, it contains what the EU law (directives) request. 21 CFR 820 is designed for medical devices inside the US market. I agree that basically, the content is very similar. But there are some formal differences, including the content of the technical documentation. There is a wide overlapping betwen the US DHF/DMR/DHR and the ISO 13485 files (MD file and MD R&D file), but they still are a little different. Surprisingly, those 2 files do not even match exactly the content of the technical documentation requested by the EU directives...

I made an overview of the ISO 13485 content - if you can read french.

Regarding the inspection process, the fact that the FDA inspectors are federal agents makes a very big difference. More that the length of time of teh audit, ISO auditors do not have the same power of investigation, and they are limited by the content of the ISO 13485 standard - and one can remind the PIP scandal several years ago : the manufacturer was cheating, and the certification body was unable to detect it (nowhere in the ISO standard there is a clause about the fact that the quantity of raw material purchased must match the quantity of finished goods sold)

Hope this helps as well
Hubert

 

Thanks Hubert, I wouldnt say that 13485 is designed for the EU market, or what the directive requests. As you say, it doesnt even match the requirements for a MDD/MDR Technical File. Its possible to CE Mark a device without ISO13485, and to have be certified to ISO13485 and not sell into EU.

Thank you for the overview, it will test my translation abilities

Chris

 

A quick history here to address the OP:
- EN 46000 (and European standard) was created in 1993 based on the ISO 9001 version at the time to include more specific requirements related to medical devices (this was necessary because, due to the Global Approach to conformity assessment of the European Directives, an study concluded that the requirements of iso 9001 were not enough.
- ISO 13485 (an international standard) was created in 1996 based on the idea of EN 46000, and the understanding that an international medical device quality management standard was important. It was based on the ISO 9001 of time.
- The 1996 version of 21 CFR 820 was created based on the ISO 9001 and ISO 13485 of the time.

Until the 2000 edition of ISO 9001, one of the focus of the standard was really more on "internal compliance", with a great focus on documentation. The 2000 edition introduced the process approach, which changed the view to a higher level view (where the standard focused more on high level requirements and the implementations had to define more specific requirements and how to comply with). One way of thinking is that older versions were more "prescriptive", because they detailed more requirements.

So, if you get ISO 13485 now, the thing is the requirements are basically the same as 21 CFR 820, however, 21 CFR 820 has more detailed requirements in some sections. In fact, the 2016 versions ISO 13485 has gone the other way around, because we ended up including more detailed requirements in some sections.

 

Both are important today because companies usually choose the American and European markets. Study the standard well before starting the implementation. One site has published an excellent series of articles that explain the standard in a simple way. There are many ways to come up with simple explanations, one of them is Google