# The Ultimate Comparison: ISO 13485 vs. FDA 21 CFR

Author: Sebastian Skorka
Published: 2025-05-21
Updated: 2025-05-21
Source: https://openregulatory.com/articles/the-ultimate-comparison-iso-13485-vs-fda-21-cfr

---


  Manufacturers of medical devices need to set up a quality management system (QMS). However, the details of this set of SOPs and templates vary between the USA, Europe and the rest of the world. In this article I compare the ISO 13485 with the FDA's requirements on QMS.
The End of Quality System Regulation?

The FDA has begun to harmonize its QSR (21 CFR 820) with ISO 13485. This means the requirements are becoming increasingly similar. On February 2, 2024, the FDA published the final rule to align 21 CFR Part 820 with ISO 13485. 21 CFR 820 was renamed to 21 CFR 820 QMSR (Quality Management System Regulation). The FDA is thereby attempting to align its regulatory framework with other regulatory authorities.
Federal Regulation vs. International Standard

While most of the content is the same (spoiler alert) there is a tiny difference. Let's have a look:

FDA 21 CFR Part 820 (QSR): The Quality System Regulation (QSR) is a regulation mandated by the U.S. Food and Drug Administration (FDA) for medical devices manufactured, imported, or offered for sale in the United States. It outlines Current Good Manufacturing Practice (cGMP) requirements. Compliance is mandatory for US market access and is enforced through FDA inspections.

ISO 13485:2016: This is an international standard specifying requirements for a quality management system, where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. While often voluntary, it's a de facto requirement for market access in many regions (e.g., Europe - harmonized under MDR/IVDR, Canada, Australia). Certification is typically done by accredited third-party registrars.
The devil is in the details

While both aim to ensure the safety and efficacy of medical devices through a structured Quality Management System (QMS), they differ in their origin, structure, scope, and some specific requirements. The FDA QSR is a legal requirement for marketing medical devices in the United States, whereas ISO 13485 is an international standard often used as a basis for regulatory requirements in various countries (including Canada, Europe, Australia, Japan) and is sometimes used voluntarily or contractually.
Overall Similarities:

• Goal: Both aim to ensure consistent design, development, production, installation, and servicing of medical devices that are safe and effective for their intended use.
• Core Elements: Both cover fundamental QMS elements like management responsibility, resource management, document control, design controls, purchasing controls, production controls, corrective and preventive actions (CAPA), and record keeping.
• Risk Management: Both implicitly or explicitly require risk management principles to be applied, although ISO 13485 integrates it more pervasively throughout the standard. 
• Focus on Process: Both emphasize the importance of defined, controlled, and documented processes.
• Customer Focus: Both require processes to handle customer feedback and complaints.


Overall Differences:

• Nature: FDA QSR (21 CFR Part 820) is a regulation (law) specific to the US market. ISO 13485 is an international standard.
• Structure: They follow different structures. QSR is organized into Subparts A through O. ISO 13485 follows a structure common to management system standards (Clauses 1-8), though notably not the high-level structure (Annex SL) used by ISO 9001:2015.
• Emphasis:
  • QSR places a strong emphasis on specific records required for compliance and inspection readiness (Device Master Record - DMR, Design History File - DHF, Device History Record - DHR).
  • ISO 13485 places a stronger, more explicit emphasis on risk management throughout the product lifecycle and the QMS itself. It also explicitly requires a Quality Manual.
• Terminology: While concepts often align, specific terms may differ (e.g., Complaint Handling in QSR vs. Feedback/Complaint Handling in ISO 13485; DMR/DHF/DHR in QSR vs. Medical Device File in ISO 13485).
• Scope: QSR applies to finished device manufacturers marketing in the US. ISO 13485 is applicable to organizations involved in one or more stages of the medical device lifecycle and can be used by suppliers or external parties.


Chapter/Section Comparison and Gap Assessment

Here's a comparison mapping the sections and highlighting key similarities, differences, and potential gaps of the quality management systems.
{{ table|the-ultimate-comparison-iso-13485-vs-fda-21-cfr-table-1 }}
Necessary Steps to Close Gaps - Coming from the ISO 13485

If your company is compliant with ISO 13485 and you aim for FDA QSR Compliance you can follow these steps:
1. Documentation Structure: Re-organize or map existing documentation to meet the specific definitions and requirements of DHF, DMR, and DHR. Ensure all required elements for each are present.
2. Complaint Handling: Enhance the feedback/complaint process to explicitly meet all requirements of §820.198, including timeliness, investigation procedures, documentation, and linkage to MDR (21 CFR 803) reporting.
3. Medical Device Reporting (MDR): Implement robust procedures for identifying and reporting events required under 21 CFR Part 803.
4. UDI: Implement systems and procedures to comply with FDA's Unique Device Identification requirements (21 CFR Part 830 and §801.20).
5. Process Validation: Review process validation activities, especially for software used in production and the quality management system (§820.70(i)), ensuring they meet FDA's expectations.
6. Labeling and Packaging: Ensure controls meet the specific requirements of §820.120 and §820.130.
7. Review FDA Guidance: Familiarize yourself with FDA guidance documents related to specific QSR sections, as these provide interpretation and expectations. 


If your company is compliant with FDA QSR and you aim for ISO 13485 compliance you can follow these steps:
1. Quality Manual: Develop a Quality Manual meeting the requirements of ISO 13485 4.2.1.
2. Risk Management Integration: Enhance the QMS to explicitly integrate risk management principles not just in design (§820.30(g)), but throughout the QMS processes (planning, purchasing, production, software validation, supplier control, etc.) as required by ISO 13485 (4.1.2, 7.1, etc.). Document the risk management process applied to QMS processes.
3. Medical Device File: Establish the concept of the Medical Device File (4.2.3) and ensure it contains or references the required documentation for each device type.
4. Feedback: Broaden the scope of the complaint handling system to explicitly include collection and analysis of other customer/market feedback (8.2.1).
5. Regulatory Reporting Procedures: Document procedures for determining when reporting to regulatory authorities is necessary, according to applicable regulatory requirements recognized by ISO 13485 (8.2.3).


Need support? We got you covered.

Find all necessary ISO 13485 templates on our website and for more convenience create a free Formwork account to set up your own SOPs. You can read more articles about MDR compliance here or explore FDA's classification system here. Interested in purchasing the ISO 13485? Buy the standard via this Estonian webiste.