QMS GAP ANALYSIS CHECKLIST - FDA 21 CFR PART 820 and

ISO 13485:2016 & PLANNED PUBLICATION OF THE QMSR

Company name: Address:

Product description and FDA classification:

General status of your manufacturing facility / equipment / product processes:

Target date for completing changes to Current quality management system meets which requirements?
current quality management system:
(dd/mm/yyyy)

1 of 28

TM024 Activated Date: September 09, 2023

General Information for Company and Quality Management System:

Introduction
The purpose of this gap analysis is to help identify potential gaps in the current quality management system that meets FDA 21 CFR Part 820,
and the requirements of ISO 13485:2016. There are many similarities between the two, however there are some differences in requirements. As
the FDA moves to harmonization with the ISO standard it is important any current gaps be identified and resolved.

This gap analysis checklist will be updated with specific details once the released FDA QMRS is finalized. You will receive this update once its
available.

The format of this checklist is as follows:

 First column; shows the current FDA 21 CFR Part 820 element number and title. The specific requirements are not included and refer to
your copy of the regulation for details. The exception is where an abbreviated requirement is shown for clarity in the difference with
ISO 13485:2016. Exact requirements will be clarified with the release of the new QMRS and as I mentioned will be forwarded to you.

 Second/Third column’s is where you can indicate if there are gaps (Yes or No) in your current QMS that need to be filled to meet ISO
13485:2016 and the FDA QMRS.

 Fourth column is the equivalent or closest equivalent ISO 13485:2016 element. Notes are added here to indicate if the elements are
significantly the same as FDA 21 CFR Part 820 and if there are differences. You should refer to your copy of the ISO 13485:2016 Standard
for details. Where risk is mentioned in this gap analysis, it is highlighted in blue font as this is a significant change from the current QSR.
Overall in ISO 13485:2016 risk is mentioned 100 times compared to one time in the QSR.

 Fifth column is where you add notes as appropriate. These notes can show a brief description of any gaps and actions that need to be
taken. For reference you can add any appropriate documented procedure number that is applicable to that element. Also for reference is
the number of the Fast-Track QMS Consultants procedure number if you did purchase this from us.

2 of 28

TM024 Activated Date: September 09, 2023

 Any questions you may have, or assistance required please feel free to contact me by email at: mailto:[email protected]

Yes No ISO 13485:2016 Notes

820.5 Quality system

Each manufacturer shall establish Your current SOP:

4.1 General requirements.
and maintain a quality system that No significant difference in (ref. procedure template; SOP-410-01, SOP-412-01, and
is appropriate for the specific requirements except 4.1 requires Quality Manual template, QM-01)
medical device(s) designed or the documentation of the role(s)
manufactured, and that meets the undertaken by the organization
requirements of this part. under the applicable regulatory
requirements.
4.1.2 The organization shall:
Includes requirement to: apply a
risk based approach to the control
of the appropriate processes
needed for the quality management
system. Note: Risk requirements
are included in ISO 13485:2016
elements 4, 6, 7 & 8
4.1.3 through 4.1.5
Yes No ISO 13485:2016
820.20 Management Notes
responsibility

3 of 28

TM024 Activated Date: September 09, 2023

a) Quality Policy. 5.3 Quality Policy.
No significant difference in
Note; refer to 820.20(a) for details.
requirements except additional
requirements for Quality Policy to
be applicable to the purpose of the
organization, provide a framework
for establishing and reviewing
quality objectives, and is reviewed
for continuing suitability.
b) Organization 5.2 Customer focus
ISO 13485:2016 5.2 states: Top
Note; refer to 820.20(b) for detailed
requirements. management shall ensure that
customer requirements are
determined and met.
5.5.1 Responsibility and
authority
No significant difference in
requirements

5.5.2 Management representative

Additional requirement for ensuring
the promotion of awareness of
applicable regulatory requirements
and quality management system
requirements throughout the
organization.

c) Management review 5.6 Management review / 5.6.1 Your current SOP:

General / 5.6.2 Review input /
(ref. procedure template; SOP-561-01)
Note; refer to 820.20(c) for detailed 5.6.3 Review output.
requirements. ISO 13485:2016 more specific
requirements including inputs and
outputs. Also includes assessing
opportunities for improvement and
need for changes to the QMS.
21 CFR Part 820 more general
requirements i.e.; the dates and

4 of 28

TM024 Activated Date: September 09, 2023

 results of quality system reviews
shall be documented.
d) Quality planning 5.4.2 Quality management Your current SOP:
system planning.
(ref. template QM-03)
Note; refer to 820.20(d) for detailed Similar requirements with ISO
requirements. 13485:2016 including requirements:

- the integrity of the QMS is

maintained when changes to the
QMS are planned and
implemented.
- Top management shall ensure
that: the planning of the quality
management system is carried out
in order to meet the requirements
given in 4.2, as well as the quality
objectives.

4.2.1 Documentation requirements, Your current SOP:

e) Quality system procedures
Each manufacturer shall establish general
quality system procedures and Includes: documented procedures and
instructions…… records required by this International
Standard;

4.2.2 Quality Manual

No specific requirement for a Quality (ref. Quality Manual template; QMS-01 & support forms and
Manual in 21 CFR Part 820. procedure template SOP-424-01)
ISO 13485:2016 4.2.2 requires.
The organization shall document a
quality manual that includes:
- the scope of the quality
management system, including
details and justification for any
exclusions or non-application;
- the documented procedures for
the QMS, or reference to them;

5 of 28

TM024 Activated Date: September 09, 2023

 - a description of the interaction
between the processes of the QMS;
The quality manual shall outline the
structure of the documentation
used in the QMS.

Yes No ISO 13485:2016

820.22 Quality audit Notes

…A report of the results of each Your current SOP:

8.2.4 Internal audits
…

quality audit, and reaudit(s) where

(ref. procedure template; SOP-824-01 & SOP-824-02)
taken, shall be made and such ISO 13485:2016 requires an audit
reports shall be reviewed by program to be planned, taking into
management having responsibility consideration the status and
for the matters audited. The dates importance of the process to be
and results of quality audits and audited. Also includes corrective
results shall be documented. actions to be taken by area
management without undue delay.
Follow up actions to include
verification and reporting of the
actions taken.

Yes No ISO 13485:2016 Notes

820.25 Personnel

a) General Your current SOP:

6.1 Provision of resources
No significant differences in (ref. procedure template; SOP-622-01 and SOP-622-02)
Each manufacturer shall have
sufficient personnel with the requirements.
necessary education, background, 6.2 Human resources
training, and experience to assure ISO 13485:2016 has more specific
that all activities required by this detail on personnel performing work

6 of 28

TM024 Activated Date: September 09, 2023

 that can affect product quality and
part are correctly performed. specifies competent on the basis of
appropriate education, training,
skills and experience. Also states
that: ensure that its personnel are
aware of the relevance and
b) Training importance of their activities and
how they contribute to the
Note; refer to 820.25(b) for detailed achievement of the quality
requirements. objectives;

Also requires that the methodology

used to check effectiveness to be
proportionate to the risk associated
with the work for which the training
or other action is being provided..
Yes No ISO 13485:2016 Notes
820.30 Design controls
7.3.1 General. Your current SOP:
a) General.
Note; refer to 820.30(a) for detailed (ref. procedure template; SOP-731-01and SOP-731-02)
No significant difference in
requirements.
requirements except 21 CFR 820
has exclusions for design controls
based on risk of the device , i.e.
class 1 devices, excluding those
listed. ISO 13485:2016 there are no
exclusions.
b) Design and development 7.3.2 Design and development
planning. planning.
Note; refer to 820.30(b) for detailed No significant difference in
requirements. requirements

c) Design input. 7.3.3 Design and development

7 of 28

TM024 Activated Date: September 09, 2023

 inputs.
Note; refer to 820.30(c) for detailed ISO 13485:2016 has more specific
requirements.
requirements including applicable
output(s) of risk management;
820.30(c) includes requirement for
documented approvals including
the date and signature of the
individual(s) approving the input
requirements.
d) Design output. 7.3.4 Design and development
outputs.
Note; refer to 820.30(d) for detailed Similar requirements and ISO
requirements.
13485:2016 having additional
requirement to provide information
for purchasing, production and
service provision.

e) Design review. 7.3.5 Design and development

review.
Note; refer to 820.30(e) for detailed 820.30(e) has additional
requirements.
requirement for design reviews to
include an individual(s) who does
not have direct responsibility for the
design stage being reviewed.
ISO 13485 specifies reviews
“identify and propose necessary
actions.”

f) Design verification. 7.3.6 Design and development

verification
Note; refer to 820.30(f) for detailed ISO 13485:2016 includes

8 of 28

TM024 Activated Date: September 09, 2023

 verification requirements if the
requirements. medical device is to be connected
to or have interface with other
medical devices.
21 CFR Part 820.30(f) includes:
identification of the design,
method(s), the date, and the
individuals performing the
verification, shall be documented in the
DHF.

g) Design validation. 7.3.7 Design and development

Note; refer to 820.30(g) for detailed validation
requirements. ISO 13485:2016 includes: If the
intended use requires that the
Includes: The results of the design medical device be connected to, or
validation, including identification of have interface with, other medical
the design, method(s), the date, device(s), validation shall include
and the individual(s) performing the confirmation…...
validation, shall be documented in
the DHF. ISO 13485:2106 specifies: As part
of the design and development
validation, the organization shall
perform clinical evaluations or
performance evaluations of the
medical device in accordance with
applicable regulatory requirements.

h) Design transfer 7.3.8 Design and development

transfer
Each manufacturer shall establish
and maintain procedures to ensure ISO 13485:2016 specifies: These
that the device design is correctly procedures shall ensure that design
translated into production and development outputs are
specifications. verified as suitable for
manufacturing before becoming
final production specifications and
that production capability can meet

9 of 28

TM024 Activated Date: September 09, 2023

 product requirements.

Your current SOP:

i) Design changes. 7.3.9 Control of design and
development changes (ref. procedure template; SOP-739-01)
Each manufacturer shall establish
and maintain procedures for the ISO 13485:2016 specifies more
identification, documentation, detailed requirements including;
validation or where appropriate determining significance of change
verification, review, and approval of ….and the review of design and
design changes before their development changes shall include
implementation. evaluation of the effect of the
changes on constituent parts and
product in process or already
delivered, inputs or outputs of risk
management and product
realization processes. Records of
changes, their review and any
necessary actions shall be
maintained.

j) Design history file. 7.3.10 Design and development

Note; refer to 820.30(j) for detailed files
requirements. No significant difference in
requirements

820.40 Document controls Yes No ISO 13485:2016 Notes

10 of 28

TM024 Activated Date: September 09, 2023

 4.2.4 Control of documents
Each manufacturer shall establish
and maintain procedures to control 4.2.5 Control of records
all documents that are required by
this part. The procedures shall
No significant difference in
provide for the following:
requirements

4.2.4 Control of documents Your current SOP:

a) Document approval and
4.2.5 Control of records
distribution Or (ref. procedure template; SOP-424-01 & SOP-424-03)
No significant difference in
Note; refer to 820.40(a) for detailed requirements except ISO 13485
requirements. includes: The organization shall
define & implement methods for
protecting confidential health
information in records in
accordance with the applicable
regulatory requirements.
4.2.4 Control of documents
b) Document changes
Note; refer to 820.40(b) for detailed
21 CFR 820 specifies that
requirements.
approved changes be
communicated to appropriate
personnel in a timely manner.

Also changes records shall

include a description of the
change, identification of the
affected documents, the approval
date, and when the change
becomes effective.

Yes No ISO 13485:2016 Notes

820.50 Purchasing controls.

11 of 28

TM024 Activated Date: September 09, 2023

Each manufacturer shall establish 4.1.5 General requirements
and maintain procedures to ensure ISO 13484:2016 states: When
that all purchased or otherwise outsources any process that
received product and service affects product conformity to
conforms to specified requirements. requirements …the controls shall
include written quality agreements
7.4.1 Purchasing process
ISO 13485:2016 only applies to
purchased product.
a) Evaluation of suppliers, Your current SOP:
7.4.1 Purchasing process
contractors, and consultants ISO 13485:2016 criteria for the (ref. procedure template; SOP-741-01 & SOP-741-02)
evaluation and selection of
Note; refer to 820.50(a) for detailed suppliers includes being
requirements.
proportionate to the risk
associated with the medical
device.
ISO 13485:2016 specifies the
organization shall plan the
monitoring and re-evaluation of
suppliers.

12 of 28

TM024 Activated Date: September 09, 2023

b) Purchasing data 7.4.2 Purchasing data
ISO 13485:2016 includes: The
Note; refer to 820.50(b) for detailed organization shall ensure the
requirements.
adequacy of specified purchasing
requirements prior to their
communication to the supplier.
ISO 13485:2016 requires:
Purchasing information shall
include, as applicable a written
agreement that the supplier notify
the organization of changes in the
purchased product prior to
implementation …
Also includes requirement; To the
extent required for traceability
given in 7.5.9 the organization
shall maintain relevant purchasing
information in the form of
documents and records.
820.60 Identification Yes No ISO 13485:2016 Notes
Each manufacturer shall establish Your current SOP:
7.5.8 Identification
and maintain procedures identifying ISO 13485:2016 has more (ref. procedure template; SOP-758-01)
product during all stages of receipt, detailed requirements, including
production, distribution, and having procedures to ensure that
installation to prevent mix-ups. medical devices returned to the
organization are identified and
distinguished from conforming
product.
Yes No ISO 13485:2016 Notes
820.65 Traceability
Your current SOP:
7.5.9 Traceability
Note; refer to 820.65 for detailed ISO 13485:2016 specifies (ref. procedure template; SOP-758-01)
requirements. requirement for procedures

13 of 28

TM024 Activated Date: September 09, 2023

 defining the extent of traceability
in accordance with applicable
regulatory requirements and the
records to be maintained.
CFR Part 820 specifies the type of
devices that require traceability.
Yes No ISO 13485:2016 Notes
820.70 Production and
process controls
Your current SOP:
a) General 7.1 Planning of product
realization. (ref. procedure template; SOP-641-01, SOP-751-01 &
Note; refer to 820.70(a) for detailed
requirements. No significant difference in SOP-752-01)
requirements except ISO
13485:2016 states: The
organization shall document one
or more processes for risk
management in product
realization. Records of risk
activities to be maintained.
7.5.1 Control of production and
service provision.
No significant differences but
requirements are shown in
different clauses of 21 CFR 820
6.4.1 Work environment Your current SOP:
b) Production and process
changes (ref. procedure template; SOP-641-01, SOP-641-02, and
Note; refer to 820.70(b) for detailed No significant differences SOP-642-03)
requirements.
c) Environmental control

Note; refer to 820.70(c) for detailed

requirements.
d) Personnel
Note; refer to 820.70(d) for details

14 of 28

TM024 Activated Date: September 09, 2023

 Your current SOP:
e) Contamination control 6.4.2 Contamination control
Each manufacturer shall establish (ref. procedure template; SOP-642-04)
and maintain procedures to prevent ISO 13485:2016 states
contamination of equipment or contamination control as
product by substances that could appropriate unless applied to
reasonably expected to have an sterile medical devices. (“as
adverse effect on product quality. appropriate” understood to mean
appropriate unless the company
can justify otherwise).
ISO 13485:2016 also states: For
sterile medical devices, the
organization shall document
requirements for control of
contamination with
microorganisms or particulate
matter and maintain the required
cleanliness during assembly or
packaging processes.
Your current SOP:
f) Buildings 6.3 Infrastructure
(ref. procedure template; SOP-631-01 and SOP-631-02)
Buildings shall be of suitable design No significant differences
and contain sufficient space to
perform necessary operations,
prevent mix-ups, and assure orderly
handling

g) Equipment 6.3 Infrastructure

Note; refer to 820.70(g) for detailed 7.5.1 Control of production and
requirements. service provision.
21 CFR 820 has some additional
requirements for maintenance
schedules, i.e. periodic
inspections to ensure adherence
to those schedules and other

15 of 28

TM024 Activated Date: September 09, 2023

 reequipments not specified in ISO
13485;2016
h) Manufacturing material 7.5.2 Cleanliness of product.
Similar requirements but ISO
Note; refer to 820.70(h) for detailed 13485:2016 has more specific
requirements.
requirements for the
documentation of cleanliness of
product or contamination control
of product.

i) Automated processes 4.1.6 (validation of software)

When computers or automated data ISO 13485:2016 includes: The

processing systems are used as part specific approach and activities
of production or the quality system, associated with software
the manufacturer shall validate validation and revalidation shall
computer software for its intended be proportionate to the risk
use according to an established associated with the use of the
protocol. All software changes shall software.
be validated before approval and 7.5.6 Validation of processes
issuance. These validation activities for production and service
and results shall be documented. provision
7.6 Control of monitoring and
measuring equipment

16 of 28

TM024 Activated Date: September 09, 2023

820.72 Inspection, Yes No ISO 13485:2016 Notes
measuring & test equipment.
a) Control of inspection. Your current SOP:÷
7.6 Control of monitoring and
Measuring and test equipment measuring equipment (ref. procedure template; SOP-761-01)
The requirements for 21 CFR Part
b) Calibration 820.72 and ISO 13485:2016 7.6
are substantially similar with the
Note; refer to 820.72(a & (c)) for detailed following differences:
requirements.
ISO 13485:2016 requires
validation of software used for
monitoring and measurement and
the approach to be proportionate
to the risk associated with the
use of the software.
21 CFR Part 820 species specific
requirements including the
equipment identification,
calibration dates, the individual
performing each calibration, and
the next calibration date.

820.75 Process validation Yes No ISO 13485:2016 Notes

17 of 28

TM024 Activated Date: September 09, 2023

a) Your current SOP:
7.5.6 Validation of processes
for production and service (ref. procedure template; SOP-756-01& SOP-756-02)
Note; refer to 820.75(a) for detailed provision.
requirements.
The requirements for 21 CFR Part
820.75 and ISO 13485:2016 are
21 CFR Part 820.75 specifies the substantially similar with the
documentation of the date and following differences:
signature of the individual(s)
approving the validation. 7.5.7 Particular requirements
for validation of processes for
sterilization and sterile barrier
systems.
b) 8.2.5 Monitoring and
measurement of processes
Note; refer to 820.75(b) for detailed Requires suitable methods for
requirements.
monitoring of processes. These
methods shall demonstrate the
ability of the processes to achieve
planned results….

18 of 28

TM024 Activated Date: September 09, 2023

c) 4.1.4 QMS General
requirements
When changes or process deviations
occur, the manufacturer shall review 7.5.6 Validation of processes
and evaluate the process and for production and service
perform revalidation where provision
appropriate. These activities shall be Includes: Software validation and
documented. revalidation shall be proportionate
to the risk associated with the
use of the software, including the
effect on the ability of the product
to conform to specification.

8.2.5 Monitoring and

measurement of processes.
No significant difference in
requirements.

Yes No ISO 13485:2016 Notes

820.80 Receiving, in-
process, and finished device
acceptance.
7.1 Planning of product Your current SOP:
a) General
realization
(ref. procedure template; SOP-743-01 & SOP-825-01)
Each manufacturer shall establish 8.2.6 Monitoring and
and maintain procedures for measurement of product.
acceptance activities. Acceptance No significant difference in
activities include inspections, tests, requirements
or other verification activities.
b) Receiving acceptance activities 7.4.3 Verification of purchased
product. No significant difference
Note; refer to 820.80(b) for detailed in requirements but does add
requirements.
verification of purchased product
that includes extent of verification

19 of 28

TM024 Activated Date: September 09, 2023

 actives shall be based on the
supplier evaluation results and
proportionate to the risk
associated with the purchased
product. Also, actions taken with
suppliers not meeting
requirements, to be proportionate
to the risk associated with the
purchased product.
c) In-process acceptance activities 7.5.10 Customer property
Includes reporting to the customer
Note; refer to 820.80(c) for detailed on any property lost, damaged or
requirements. found to be unsuitable,
8.2.6 Monitoring and
measurement of product.
No significant difference in
requirements.
7.5.10 Customer property
d) Final acceptance activities
8.2.6 Monitoring and
Note; refer to 820.80(d) for detailed measurement of product.
requirements. No significant difference in
requirements except 21 CFR 820
requires; Finished devices shall
be held in quarantine or otherwise
adequately controlled until
released.

e) Acceptance records 7.1 Planning of product

Note; refer to 820.80(e) for detailed realization.
requirements. Similar requirement with
820.80(e) also requiring the
signature of the individual(s)
completing the acceptance
activities.
Yes No ISO 13485:2016 Notes
820.86 Acceptance status

20 of 28

TM024 Activated Date: September 09, 2023

 Your current SOP:
7.5.8 Identification
Note; refer to 820.86 for detailed Includes similar requirements to (ref. procedure template; SOP-758-01 & SOP-821-01)
requirements. those included in 820.86
8.2.1 Feedback
ISO 13485:2016 8.2.1 requires as
one of the measurements of the
effectiveness of the quality
management system, the
organization shall gather and
monitor information relating to
whether the organization has met
customer requirements.
Includes requirement for the
information gathered in the
feedback process to be potential
input into risk management for
monitoring the product
requirements as well as the
product realization process.
Yes No
820.90 Nonconforming ISO 13485:2016 Notes
product
Your current SOP:
a) Control of nonconforming 8.3 Control of nonconforming
product product. (ref. procedure template; SOP-831-01, SOP-833-01, &
Note; refer to 820.90(a) for detailed SOP-834-01)
requirements. No significant difference in
requirements other than:
b) Nonconformity review and ISO 13485:2016 clause 8.3.3
disposition specifies requirements for
nonconforming product detected
Note; refer to 820.198(b) for detailed after delivery.
requirements.
8.3.1 General
8.3.2 Actions in response to
nonconforming product

21 of 28

TM024 Activated Date: September 09, 2023

 detected before delivery.
8.3.3 Actions in response to
nonconforming product
detected after delivery.
21 CFR Part 820 has no specific
requirements for response to
nonconforming product detected after
delivery.
8.3.4 Rework
Yes No ISO 13485:2016 Notes
820.100 Corrective and
preventive action
8.4 Analysis of data Your current SOP:
8.5.2 Corrective actions
(ref. procedure template; SOP-851-01)
8.5.3 Preventive actions
Note; refer to 820.100 for detailed
requirements. The requirements for corrective
and preventive actions are
substantially similar with the
following differences:
21 CFR Part 820 includes:
Ensuring that information related
to quality problems or
nonconforming product is
disseminated to those directly
responsible for assuring the
quality of such product or the
prevention of such problems, and
Submitting relevant information on
identified quality problem as well
as corrective and preventive
actions, for management review.
ISO 13485:2016 has separate
clauses for corrective action and
preventive action.

22 of 28

TM024 Activated Date: September 09, 2023

 ISO 13485:2016 requires; Any
necessary corrective actions shall
be taken without undue delay;
and Corrective actions shall be
proportionate to the effects of the
nonconformities encountered.
Yes No ISO 13485:2016 Notes
820.120 Device labeling
Each manufacturer shall establish . Your current SOP:
7.5.1 Control of production and
and maintain procedures to control service provision. (ref. procedure template; SOP-751-01 & SOP-751-02)
labeling activities.
No significant difference in
requirements
7.5.1 Control of production and
a) Label integrity service provision.
ISO 13485:2016 does not include
Labels shall be printed and applied specific requirements for labeling
so as to remain legible and affixed other than stating that product
during the customary conditions of controls shall include
processing, storage, handling, implementation of defined
distribution and where appropriate operations for labeling and
use. packaging.
7.5.11 Preservation of product
More general requirement: The
organization shall document
procedures for preserving the
conformity of product to
requirements during processing,
storage, handling, and
distribution. Preservation shall
apply to the constituent parts of a
medical device.
b) Labeling inspection 7.4.3 Verification of purchased
product.
Note; refer to 820.120(b) for detailed 7.5.1 Control of production and
requirements. service provision.

23 of 28

TM024 Activated Date: September 09, 2023

 8.2.6 Monitoring and
measurement of product.
ISO 13485:2016 does not have
specific requirements for labeling
other than under 7.5.1 including:
implementation of defined
operations for labeling and
packaging. Under 8.2.6 labeling
would also be included.
c) Labeling storage 6.4.1 Work environment
7.5.1 Control of production and
Each manufacturer shall store service provision.
labeling in a manner that provides ISO 13485:2016 has no specific
proper identification and is designed requirements for labeling other
to prevent mix-ups. than under 7.5.1 including:
implementation of defined
operations for labeling and
packaging.

d) Labeling operations 7.5.1 Control of production and

service provision.
Each manufacturer shall control
ISO 13485:2016 does not include
labeling and packaging to prevent
specific requirements for labeling
labeling mix-ups. The label and
operations and is covered under
labeling used for each production
general requirements of 7.5.1
unit, lot, or batch shall be
documented in the DHR.
e) Control number 7.5.8 Identification
7.5.9.2 Particular requirements
When a control number is required for implantable medical
by 820.65, that control number shall devices.
be on or shall accompany the device ISO 13485:2016 has no specific
through distribution. requirement for control numbers
except for UDI requirements, as
required, and traceability for
implantable medical devices.

24 of 28

TM024 Activated Date: September 09, 2023

 Yes No ISO 13485:2016 Notes
820.130 Device packaging

Note; refer to 820.130 for detailed 7.3 Design and development Your current SOP:
requirements. 7.5.1 Control of production and
(ref. procedure template; SOP-731-01 & SOP-731-02)
service provision
7.5.11 Preservation of product

No significant difference in
requirements and included as part
of product in elements shown
above.

820.140 Handling Yes No ISO 13485:2016 Notes

Each manufacturer shall establish Your current SOP:

7.5.11 Preservation of product
and maintain procedures to ensure
(ref. procedure template; SOP-751-01 & SOP-751-02)
that mix-ups, damage, deterioration, ISO 13485:2016 7.5.11 includes
contamination, or other adverse requirements for designing and
effects to product do not occur during constructing packaging and for
handling. special conditions if needed.
21 CFR 820 specifies procedures
to prevent mix-ups
820.150 Storage Yes No
ISO 13485:2016 Notes

a) ….When the quality of product 7.5.11 Preservation of product Your current SOP:
deteriorates over time, it shall be
(ref. procedure template; SOP-751-03)
stored in a manner to facilitate proper ISO 13485:2016 does not include
stock rotation, and its condition shall a specific requirement for stock
be assessed as appropriate. rotation.

b) Each manufacturer shall establish

and maintain procedures that
describe the methods for authorizing

25 of 28

TM024 Activated Date: September 09, 2023

receipt from and dispatch to storage
areas and stock rooms.
Yes No ISO 13485:2016 Notes
820.160 Distribution
a) ….Where a devices fitness for use 7.2.1 Determination of Your current SOP:
or quality deteriorates over time, the requirements related to
(ref. procedure template; SOP-720-01 & SOP-751-03)
procedures shall ensure that expired product. Includes applicable
devices or devices deteriorated regulatory requirements and any
beyond acceptable fitness for use are user training needs.
not distributed. 7.2.2 Review of requirements
related to product.
7.2.3 Communication.
7.5.1 Control of production and
service provision
Similar requirements with 820.160
including requirements for control
of expired or deteriorated devices.
b) Each manufacturer shall maintain 7.5.9.2 Particular requirements
distribution records which include or for implantable devices.
refer to the location of:
ISO 13485:2016 has specific
(1) The name and address of the
requirements for maintaining
initial consignee;
distribution records for
(2) The identification and quantity of implantable medical devices.
devices shipped;
21 CFR 820 requires distribution
(3) The date shipped; and records for all devices and with
some specific requirements.
(4) Any control number(s) used.

820.170 Installation Yes No ISO 13485;2016 Notes

26 of 28

TM024 Activated Date: September 09, 2023

 Your current SOP
a) & b) 7.5.3 Installation activities
No significant difference
Note; refer to 820.170) for detailed
requirements.

Yes No ISO 13485;2016 Notes

820.180 Records, general
requirements
General 4.2.5 Control of records Your current SOP:
21 CFR 820 includes requirement (ref. procedure template; SOP-425-01)
Note; refer to 820.180 for detailed for records to be readily available
requirements.
for review and copying by FDA
employees designated to perform
inspections. Also a requirement
for records stored in automated
data processing systems must be
backed up.
a) Confidentiality 4.2.5 Control of records.
ISO 13485:2016 includes
Note; refer to 820.180(a) for detailed additional requirements including
requirements.
protecting confidential health
information contained in records
in accordance with the applicable
regulatory requirements.
b) Record retention period 4.2.4 Control of documents
4.2.5 Control of records
Note; refer to 820.180(b) for detailed No significant difference in
requirements.
requirements.
c) Exceptions ISO 13485:2016 does not have an
equivalent requirement.
Note; refer to 820.180(c) for detailed
requirements.

820.181 Device master Yes No ISO 13485:2016 Notes

27 of 28

TM024 Activated Date: September 09, 2023

record

a) b) c) d) e) Note; refer to 820.181for Your current SOP:

4.2.3 Medical device file
detailed requirements.
(ref. procedure template; SOP-423-01)
No significant differences in
requirements

820.184 Device history Yes No ISO 13485:2016 Notes

record

….The DHR shall include, or refer to Your current SOP:

7.5.1 Control of production and
the location of, the following service provision (ref. procedure template; SOP-710-01)
information:
Additional requirements over ISO
a) The dates of manufacturer 13485:2016 shown in a) d) e) & f)
ISO 13485:2016 states: The
b) The quantity manufactured organization shall establish and
maintain a record (see 4.2.5) for
each medical device or batch of
c) The quantity released for medical devices that provides
distribution traceability to the extend specified
in 7.5.9 and identifies the amount
d) The acceptance records which manufactured and amount
demonstrate the device is approved for distribution. The
manufactured in accordance with the record shall be verified and
DMR. approved.
e) The primary identification label 7.5.5 Particular requirements
and labeling used for each for sterile medical devices.
production unit; Includes clause for sterile medical
devices and records of the
f) Any unique device identifier (UDI) sterilization process parameters
or universal product code (UPC), and by batch.
any other device identification(s) and

28 of 28

TM024 Activated Date: September 09, 2023

control number(s) used.
Yes No ISO 13485:2016 Notes
820.186 Quality system
record
Note; refer to 820.186 for detailed (ref. procedure template; SOP-425-01)
requirements. 4.2.5 Control of records
No specific requirement for a
Quality System Record (QSR) but
similar controls for QMS records
are under 4.2.5

820.198 Complaint files Yes No ISO 13485:2016 Notes

a) Note; refer to 820.198(a) for detailed Your current SOP:

8.2.2 Complaint handling
requirements.
Similar requirements except (ref. procedure template; SOP-822-01)
definition of complaints under ISO
The FDA under Supplemental Provisions in the QMSR
13485:2016 3.4 includes
under 820.35 Control of Records, Information required by
“usability..”
21 CFR Part 803, complaint and service activities.
Also the definition of “complaint”
in 3.4 of ISO 13485:2016 also
includes concerns “related to a
service that affects the
performance of such medical
devices” as a potential source of
complaints.
ISO 13485:2016 also includes
more detailed definition of a
complaint.
b) Note; refer to 820.198(b) for detailed 8.2.2 Complaint handling
requirements. When no investigation is carried
out CFR 820 requires the name of
the individual making the decision
also be documented.
c) Any complaint involving the 8.2.2 Complaint handling
possible failure of a device, labeling, ISO 13485:2016 states: If any

29 of 28

TM024 Activated Date: September 09, 2023

or packaging to meet any of its complaint is not investigated,
specifications shall be reviewed, justification shall be documented.
evaluated, and investigated, unless Any correction or corrective action
such investigation has already been resulting from the complaint
performed for a similar complaint and handling process shall be
another investigation is not documented.
necessary.

d) …In addition to the information 8.2.3 Reporting to regulatory Your current SOP:
required by 820.198(e), records of authorities
(ref. procedure template; SOP-823-01)
investigation under this paragraph
shall include a determination of: ISO 13485:2016 does not include
specific details that are detailed in
(1) Whether the device failed to meet CFR 820 and just states that: If
specifications. applicable regulatory
requirements require notification
(2) Whether the device was being of complaints that meet specified
used for treatment or diagnosis; and reporting criteria of adverse
events or issuance of advisory
(3) The relationship, if any, of the notices, the organization shall
device to the reported incident or document procedures for
adverse event. providing notification to the
appropriate regulatory authorities.
e) Note; refer to 820.198(e) for detailed 8.2.2 Complaint handling
requirements. 7.2.3 Communication
ISO 13485 requires complaint
handling records to be maintained
but does not include the detailed
requirements same as 21 CFR
820
f) When the manufacturers formally 8.2.2 Complaint handling
designated complaint unit is located
at a site separate from the ISO 13485:2016 does not have a
manufacturing establishment, the comparable requirement. see
investigated complaint(s) and the 4.2.5 for details on all quality
record(s) of investigation shall be records!
reasonably accessible to the

30 of 28

TM024 Activated Date: September 09, 2023

manufacturing establishment.

8.2.2 Complaint handling

g) If a manufacturers formally
designated unit is located outside of
the United States, records required ISO 13485:2016 does not have a
by this section shall be reasonably comparable requirement.
accessible in the United States at
either: It does require: Complaint
(1) A location in the United States handling records shall be
where the manufacture’s records are maintained (see 4.2.5) for details
regularly kept; or on all quality records
(2) The location of the initial
distributor

Yes No ISO 13485:2016 Notes

820.200 Servicing

a) Note; refer to 820.200 (a) for detailed 7.5.4 Servicing activities Your current SOP:
requirements. No significant difference in
general requirements. Does
require analysis of records of
servicing activities to determine if
the information is to be handled
as a complaint.
b) Each manufacturer shall analyze 7.5.4 Servicing activities
service reports with appropriate
statistical methodology in accordance 8.1 Measurement, analysis, and
with 820.100 improvement. General
Similar requirement for use of
appropriate statistical techniques.

c) Note; refer to 820.198(c) for detailed 7.5.4 Servicing activities

requirements. ISO 13485:2016 7.5.4 states
analyses of records of servicing to
be carried out to determine if the

31 of 28

TM024 Activated Date: September 09, 2023

 information is to be handled as a
complaint.
d) Note; refer to 820.198(d) for detailed 7.5.4 Servicing activities
requirements. 21 CFR 820 includes specific
requirements for documented
service reports.
Yes No ISO 13485:2016 Notes
820.250 Statistical
techniques
a) b) Your current SOP:
7.5.6 Validation of processes
for production and service
Note; refer to 820.250(a) & (b) for provision.
detailed requirements.
Includes documented procedure
that includes, as appropriate,
statistical techniques with
rationale for sample size.

8.1 Measurement, analysis and

improvement, General
Includes determination of
appropriate methods, including
statistical techniques, and the
extent of their use.

Additional notes or areas that should be looked at in more detail?

32 of 28

TM024 Activated Date: September 09, 2023

Completed by: Name & signature Date: dd/mm/yyyy

33 of 28

TM024 Activated Date: September 09, 2023