Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

QMS question in regards to multiple medical devices/products and N/A activities


Starting to get Involved
We are Medical Device Software company in US with ISO 13485 certification and currently in process of getting our CE Mark for our Class IIa PACS Device.
We just went through a MDD /Technical File gap audit and are awaiting our MDD expansion audit with TUV-SUD.

Our other 2 devices are Class 1 low risk devices (MDDS & Intra-Oral Camera) which are only sold in US.
I am updating all our QMS docs for our other 2 products and have a couple questions on how to state or what is required for non-applicable activities, processes, and procedures.
1. Do we need to create any Technical Documentation for these other devices?
2. How do we state in our Procedures and/or Plans IE: Post Market Surveillance Procedure and Plan, Clinical Evaluation Plan… that certain activities are N/A?

I am new to Regulatory so any feedback is greatly appreciated.


Staff member
Super Moderator
For now, 13485 certification in the US is mostly meaningless (from a regulatory perspective).

Your QMS docs should effectively say that you comply with whatever regulations are applicable for the jurisdictions where you distribute. The FDA does require a Quality Management System and, by and large, if you build it around 13485 you'll be at least pretty close to meeting the Quality System Regulation (QSR). You still need to understand that and how it applies to your products.

You'll need to find out what product codes are applicable to your products to know for sure what technical documentation is required. There are several FDA guidance docs that may be helpful: premarket submission, software validation, and premarket cybersecurity (draft).

IEC 62304 (SW Lifecycle) is an FDA recognized consensus standard (and harmonized in the EU... although different versions) so you'd be well advised to look at that for how you document your software. (You'll still want to classify your software according to major / moderate / low per the FDA guidance.)

Cybersecurity is definitely becoming a focus and if you're handling any protected health info, you'd be wise to take a hard look at your security.

I would approach your second question by documenting it in the product development plan. Do note that 62304 does drive a "maintenance" activity whereby you are expected to get and assess feedback from users - so postmarket surveillance wouldn't be completely excluded.


Staff member
Super Moderator
Compliance in the US is still to the QSR. An MDSAP audit would cover all the QSR requirements. Of course, if you're getting an MDSAP audit, you'd be marketing outside the US - where 13485 is the standard.


Starting to get Involved
These two Class I devices are classified as very low risk devices and distributed only in US.
We also just went through a complete FDA audit in 2019 so I believe we should be good on QMS side.

I just wasn't sure how to best state that certain Post market Activities defined in our new Post Market Procedure are non-applicable for a device/product.
Top Bottom