ISO 13485 relationship to 21 CFR 820

[5johnson]

We just had our 13485 certification audit. The Auditor pulled out 21 CFR 820 and audited us directly from it. I was not prepared for that. As I re-read ISO 13485, I cannot find where it states that we must be 21 CFR 820 compliant. What is the deal? What is the relationship between the ISO and the CFR?

 

[SuperGirl]

They are related, but different. If you were having your ISO 13485 cert. audit, the auditor should be auditing to that standard, not 21 CFR 820.

No where in ISO 13485 or 21 CFR 820 that states ou have to be compliant with the other.

 

[somashekar]

We just had our 13485 certification audit. The Auditor pulled out 21 CFR 820 and audited us directly from it. I was not prepared for that. As I re-read ISO 13485, I cannot find where it states that we must be 21 CFR 820 compliant. What is the deal? What is the relationship between the ISO and the CFR?

Are you in the US of A and going through your ISO 13485 certification ?
You are then required to have addressed the 21CFR820 requirements being a regulatory requirement touching you.
Aligning to ISO13485 is the big picture, where several regulatory requirements to which you subscribe are subsets.
Am I wrong ??

 

[MIREGMGR]

Are you in the US of A and going through your ISO 13485 certification ?
You are then required to have addressed the 21CFR820 requirements being a regulatory requirement touching you.

Agreed.

7.2.1 (c) requires you to conform to those aspects of 21CFR 820 (and 801, 807, etc.) that bear on product requirements, in regard to those aspects of ISO 13485 conformance that pertain to product requirements.

The auditor might take a broad view that everything your QMS is used for, pertains to your products; and similarly, everything in 21CFR 820 pertains to products.

 

[Ronen E]

I can see where the auditor is coming from, but I must say that auditing you directly against part 820, in full, is a bit extreme IMO. If you're in the USA, or distribute your devices in the USA market, you are definitely required to identify the applicable FDA requirements, and comply. If I was auditing you, I'd first look to see how you identified all such requirements (under the various 13485 clauses that mention regulatory requirements), and then how you addressed them.

 

[Marc]

I agree with this with the condition that most of the "quality" standards require compliance with applicable regulatory standards. However, in my opinion that does not give the auditor a door to audit compliance to specific regulations. All it requires is that the company has identified and addressed them. The original poster says that the audit was to ISO 13485, yet the auditor pulled out 21 CFR part 820 and audited to it.

We just had our 13485 certification audit. The Auditor pulled out 21 CFR 820 and audited us directly from it. <snip>

I would have stopped the audit right there. 21 CFR 820 specific requirements are outside the scope of an ISO 13485 registration audit.

 

[5johnson]

thank you all for your help. I was thinking of stopping the audit but felt like I was the one who missed something. Our facility is pretty tight. already ISO 9000 and ISO/TS 16949. We did alright. We passed, but I have way more findings that I want. Now that I know the facts I can address some of these findings with the auditor. thanks again for your help.

 

[Ajit Basrur]

thank you all for your help. I was thinking of stopping the audit but felt like I was the one who missed something. Our facility is pretty tight. already ISO 9000 and ISO/TS 16949. We did alright. We passed, but I have way more findings that I want. Now that I know the facts I can address some of these findings with the auditor. thanks again for your help.

Ronen has addressed right to the point ... are you based in US and do you manufactured "finished medical devices" ?

If the answer is YES, the ISO 13485 auditor has to check if you are fulfiling the regulatory requirements.

Remember the title of ISO 13485 is "Medical devices — Quality management
systems — Requirements for regulatory purposes" and if you are in US, 21 CFR Part 820 is the QMS for medical devices !

.

 

[5johnson]

We are in the US and make medical device components. We do not make a finished medical device. We are listed with the FDA as a contract manufacturer.

 

[sagai]

If you look into ISO13485 itself, at several places it mentions "national or regional" (check these two keywords if you think) regulations to be considered or to be applied, especially for document management.
I have just double checked and actually I tend to say yes, for a limited scope the ISO13485 audit itself could look into the level of compliance as regard to some of the aspects of 21CFR820 in case you have a binding to it.
Cheers!