A contract manufacturer would have to report to regulatory as they would know what the product they produced was used for or in. We do not. We have no idea even if our customers are using it in a medical device and if they are which countries they are selling that device to. So how can we report to regulatory authorities when we don't even know who that authority would be????
Why did you in the first place go for the ISO 13485 ?
- Your business requirement
- Your management requirement
- Any other requirement ??
If your business requirement, your customer is not clear what is the 13485 standards expectation and you have taken on just by the customer face value
If your management requirement, your management is even more not clear what is the 13485 standards expectation.
You would have been better off with the ISO 9001:2015
If your CB has not guided you on this, then they are an even greater culprit...