MDR compliance, and how ISO 13485 can help with it

Updated: October 26, 2023.

MDR compliance refers to adherence to the European Union Medical Device Regulation 2017/745 (EU MDR 2017/745) by medical device manufacturers. It involves meeting the necessary regulations and requirements to ensure the safety and efficacy of medical devices in the European Union market.

ISO 13485 is an internationally recognized standard for creating a Quality Management System (QMS) for medical device companies worldwide. By implementing ISO 13485, manufacturers can ensure that they have a QMS process that consistently meets customer and regulatory requirements.

By implementing ISO 13485, medical device manufacturers can establish a world-class QMS that covers various aspects required for MDR compliance, such as safety and performance, management responsibility, resource management, risk management, and clinical evaluation.

What is MDR compliance?

The EU MDR sets out the rules and standards for medical devices sold within the EU. To achieve MDR compliance, medical device manufacturers must ensure that their devices meet the General Safety and Performance Requirements (GSPRs) outlined in Annex I of the regulation. These requirements cover various aspects such as design, manufacturing, labeling, clinical evaluation, risk management, post-market surveillance, and more.

Achieving MDR compliance requires a comprehensive understanding of the regulatory requirements, diligent planning, and implementation of appropriate processes and systems. Medical device manufacturers must stay updated with the latest developments and guidance provided by regulatory authorities to maintain ongoing compliance with the EU MDR.

EU MDR vs. ISO 13485

ISO 13485 provides a solid foundation for meeting the Quality Management System requirements of the European Union Medical Device Regulation. While ISO 13485 is not directly referenced in the EU MDR, it is the only QMS standard listed in the EU’s harmonized standards for medical devices. This recognition makes ISO 13485 an essential framework for implementing a QMS that aligns with the requirements of the EU MDR.

By adopting ISO 13485, medical device manufacturers can establish a robust QMS that covers various aspects required for MDR compliance. The standard encompasses key elements such as safety and performance, management responsibility, resource management, risk management, and clinical evaluation. Implementing ISO 13485 demonstrates a commitment to quality and regulatory compliance, providing a strong foundation for MDR compliance.

However, it is important to note that ISO 13485 does not replace the EU MDR as a QMS requirements document. The EU MDR includes additional requirements that go beyond ISO 13485 to ensure the safety, performance, and quality of medical devices in the European market. Medical device manufacturers must carefully review the MDR requirements and ensure that their QMS addresses these additional requirements beyond ISO 13485.

By leveraging ISO 13485 as the base for QMS requirements in MDR compliance, medical device manufacturers can establish a comprehensive system that meets both international and EU regulatory standards. This approach helps ensure the safety and efficacy of medical devices while demonstrating compliance with the EU MDR.

The EU MDR includes specific processes for medical devices, while ISO 13485 provides a comprehensive set of interrelated requirements for creating a QMS. ISO 13485 can be used by any organization worldwide that needs to demonstrate consistent compliance with customer and regulatory requirements.

What are the components of MDR compliance?

Complying with the EU MDR involves several steps, including:

  1. Classification: Determine the risk class of your medical device according to the EU MDR classification rules.
  2. Conformity assessment: Conduct a conformity assessment procedure based on the risk class of your device. This may mean involving a notified body to assess your device’s compliance with the EU MDR requirements.
  3. Technical documentation: Prepare and maintain detailed technical documentation for your medical device. This documentation should demonstrate compliance with the GSPRs and include information such as device specifications, design information, clinical evaluation data, labeling, and instructions for use.
  4. Quality Management System: Implement a Quality Management System that ensures compliance with the EU MDR requirements. While ISO 13485 is not mandatory for MDR compliance, it is an internationally recognized standard that provides a solid framework for establishing a QMS that meets regulatory and customer requirements.
  5. Clinical evaluation: Conduct a thorough clinical evaluation of your medical device to assess its safety and performance. This evaluation should consider clinical data, scientific literature, and post-market surveillance data.

EU MDR Quality Management System

Throughout the EU MDR, it is stated that manufacturers need to have a Quality Management System in place. This QMS needs to ensure that all medical devices are covered by the QMS rules, that the devices are used under the appropriate QMS processes, and that a post-market surveillance system is set up and used.

This management system needs to be audited by a notified body, an organization that is designated by an EU member state to conduct assessments of higher-class medical devices, in order to certify those medical devices that are created using the QMS processes. In order for a medical device to be certified and have an indicating CE mark, the company must have a QMS in place.

MDR QMS requirements

In article 10 of the EU MDR, the regulation specifies what needs to be included in a QMS. At the very least, the QMS needs to address the aspects in the table below, which are all covered in the ISO 13485 standard. The table shows the EU MDR requirements, along with the ISO 13485 clauses that meet each requirement:

How ISO 13485 helps with EU MDR compliance
EU MDR QMS requirements ISO 13485 clause(s) that covers this requirement
A strategy for regulatory compliance 4.1
Safety and performance 7.5
Management responsibility 5.1, 5.5
Resource management 7.4
Risk management 7.3
Clinical evaluation 7.3
Product realization (planning, design, development, production, and service) 7
Verification of Unique Device Identity assignment 7.5.8, 7.5.9
Post-market surveillance system 8.2.1, 8.2.2
Communication with authorities 8.2.3
Incident reporting 8.2.3
Corrective and preventive actions (with verification of effectiveness) 8.5.2, 8.5.3
Monitoring and measurement, data analysis, and product improvement 8.2

Is ISO 13485 mandatory for the MDR?

The short answer is no, ISO 13485 is not mandatory for EU MDR compliance. However, the EU MDR requires that you have a QMS in place, even though it does not identify ISO 13485 directly. To assist companies with understanding all of the standards that are applicable for medical devices in the EU, the EU has created a list of harmonized standards, and the ISO 13485:2016 standard is the only QMS standard referenced on this list – therefore, most companies use ISO 13485 to implement their QMS. (Click here to see the EU harmonized list.)

What is important to note is that the EU MDR is not trying to replace ISO 13485 as a QMS requirements document. The EU MDR includes certain processes for medical devices that need to be in place, but the ISO 13485 standard is intended to be an all-encompassing set of interrelated requirements that form the internationally recognized best practices for a company that creates medical devices. By using the ISO 13485 requirements to create your QMS, you can ensure that you not only have a world-class system for your medical devices, but also a system designed according to the QMS standard approved by the EU.

For a graphical representation of what steps are required to implement the ISO 13485:2016 standard, see the Diagram of ISO 13485:2016 Implementation Process.

How can you achieve MDR compliance

To achieve MDR compliance, it is necessary to have a deep understanding of what the MDR is, and what its requirements are. MDR compliance also requires an extremely detailed understanding of all necessary regulatory requirements, because the MDR is not the only regulation that medical device manufacturers need to be compliant with. Achieving MDR compliance requires diligent planning and the implementation of appropriate processes and systems. It is essential for manufacturers to stay up to date with the latest developments and guidance provided by regulatory authorities to maintain ongoing compliance with the EU MDR.

The following elements will prove MDR compliance:

  • Manufacturers need to ensure they meet the General Safety and Performance Requirements outlined in Annex I of the EU MDR. These requirements cover various aspects, including design, manufacturing, labeling, clinical evaluation, risk management, and post-market surveillance.
  • Implementing a Quality Management System. While ISO 13485 is not mandatory for MDR compliance, it provides a robust framework that indirectly ensures compliance. ISO 13485 is an internationally recognized standard for creating a QMS for medical device companies worldwide. By implementing ISO 13485, companies can demonstrate their commitment to quality and regulatory compliance, which in turn supports MDR compliance. ISO 13485 provides a comprehensive set of interrelated requirements for creating a QMS that consistently meets customer and regulatory requirements.

The impact of the MDR on a QMS

So, how does the EU MDR impact a QMS implemented according to the ISO 13485 requirements? For the most part, additional records will need to be maintained to meet the EU MDR requirements. For instance, ISO 13485 requires you to maintain a medical device file (clause 4.2.3), which has a minimum list of information to include. However, for the EU MDR, this documentation will need to include all of the information that is stipulated in Annex II and Annex III of the EU MDR for the medical device technical file. The EU MDR also requires additional records of post-market surveillance and clinical evaluation. However, the processes you have in place for creating, updating, and maintaining this documentation will largely remain unchanged.

So, to conclude, you need a QMS in order to be compliant with the EU MDR, and, although ISO 13485 is not directly referenced in the EU MDR, this is the only QMS standard listed in the EU list of harmonized standards; therefore, it is indirectly the only reasonable way to implement a QMS according to the MDR. Because ISO 13485 provides a whole system that is devoted to helping you make your quality processes better, this is an additional benefit on top of becoming MDR compliant.

For a better understanding of the ISO 13485 requirements in easy-to-understand terms, see this white paper: Clause-by-clause explanation of ISO 13485:2016.

Advisera Kristina Zvonar Brkic
Author
Kristina Zvonar Brkic
Kristina Zvonar Brkic is an experienced consultant, auditor, assessor, and trainer for ISO 13485 and the EU MDR. She runs a thriving ISO 13485 consulting practice and helps companies and consultants to build their businesses. In her career, she also worked as an ISO 9001 and ISO 22716 consultant and lead auditor, and as an auditor and assessor for the MDD.


The portfolio of medical devices for which she has approval is plastic products with measuring function, various creams and gels, different systems for wound care, disinfectants, different catheters, panels for operating rooms and clean rooms, accessories and kits for performing surgical procedures of non-woven materials, medical gases, and various dental materials.
Tags: #ISO 13485, #MDR