ISO 9001:2000 and the FDA's 21 CFR Part 820 draw many parallels. Both of these two regulations deal with the quality of product's and how they are produced. The FDA's regulation is part of CGMP (Current Good Manufacturing Process), this ensures that a set standard is set during manufacturing as well as the level of quality control which is required. This regulation is required to be followed for any company which plans on manufacturing medical devices.

ISO 9001:2000 deals with quality management systems and essentially focuses more on ho well regulations are being followed through a set system put in place. The other component of ISO 9001:2000 is incorporating a customer feedback loop into your system for continuous improvement of that said system. Therefore, having ISO 9001:2000 is a good way to prove that you are a company which actively complies with set regulations such as those set by the FDA.

The FDA’s QSR part 820 outlines the requirements for maintaining the quality, safety, and effectiveness of medical devices. It also ensures that the medical device manufacturing process is compliant with FDA regulations. ISO 9001:2000 is an international standard for quality management systems that is applicable to various organizations and not just medical devices. Although there may be some similarities between the two, such as ensuring quality, there are differences between the two as well. For instance, the FDA QSR is mandatory for medical device manufacturers to comply with if they want their product to be released and used in the USA. Failing to comply can result in regulatory actions such as product recalls. ISO 9001:2000 is a voluntary standard that medical device manufacturers can follow. Meaning, compliance with ISO 9001:2000 is a standard that manufacturers can attain; however, it is not necessary for them to do so. Lastly, the FDA QSR has very specific guidelines that the manufacturers need to follow in order for their products to be used. ISO 9001:2000 on the other hand, has a more generic guide that manufacturers can follow.

The Food and Drug Administration (FDA) requires that medical device manufacturers establish and follow quality systems to help ensure products consistently meet applicable requirements and specifications.  The quality system regulations (QSR) for FDA regulated products are known as current good manufacturing practices (CGMP).  These requirements were first implemented in 1978 under the Federal Food, Drug and Cosmetic Act and defined in section 21 part 820 of the Code of Federal Regulations (21 CFR part 820).  For over a decade, these regulations primarily focused on manufacturing of medical devices.  This changed with the Safe Medical Devices Act of 1990, which included product design controls.  At the same time, the FDA sought to harmonize the CGMP regulations with applicable international standards.  The primary standards included International Organization for Standards (ISO) 9001:1994* and 13485:1996.  The ISO 9001 standard was entitled ‘Quality Systems – Model for Quality Assurance in Design, Development, Production, Installation, and Servicing’.  The ISO 13485 standard was entitled ‘Quality Systems – Medical Devices – Supplementary Requirements to ISO 9001’.  Whereas ISO 9001 emphasizes continual improvement and customer satisfaction, 13485 encompasses the requirements that medical device manufacturers must incorporate into their management systems.  These include maintaining effective processes while meeting regulatory requirements, customer requirements and managing risks.  A manufacturer that is certified to ISO 13485 does not inherently fulfill the FDA regulatory requirements.  However, this certification aligns the company management systems with requirements of the FDA’s QSR and international regulatory requirements.  As such, 13485 provides a management system that serves as a framework for compliance to various regulatory and customer requirements.  ISO 13485 certification also does not fulfill the requirements of ISO 9001, nor is it equivalent to or have the ability to take the place of any country-specific requirement for medical device manufacturers. Benefits can be reaped from being both 9001 and 13485 certified, because 9001 focuses on business aspects not found in 13485 that are good for all businesses.  Also, ISO 13485 is no longer thought of as pertaining solely to finished medical device manufacturers. Many manufacturers are requiring their sub-tier suppliers to attain ISO 13485 certification as well.  FDA's Quality System Regulation Part 820, is harmonized with ISO 13485:1996, which is based on ISO 9001:1994. ISO 13485:1996 contains requirements for medical device manufacturers in addition to the general quality system requirements found in ISO 9001:1994.  ISO 9001:2000 has replaced ISO 9001:1994.   Therefore ISO 13485:1996 must also be revised.  FDA's Part 820 is not harmonized with ISO 9001:2000.  FDA is working closely with the revisions to ISO 13485. We expect these revisions be complete by late 2002 or early 2003.  Many other countries rely on ISO standards in regulating medical devices.  It is easier and less confusing for industry to develop a quality system if the quality system requirements of various countries are similar.  FDA and device regulatory agencies from other countries can more readily rely on one another's inspections and exchange inspection reports if the quality system requirements are similar.  This becomes important when countries negotiate agreements to exchange information with one another.  FDA found that ISO 9001 did not totally serve its purposes.  Also, ISO 9001 is revised periodically and might serve FDA's purposes even less well after future revisions.  ISO 9001 is copyrighted and cannot be published as a Federal Regulation in the Federal Register.  FDA and medical device regulators from other countries see problems with enforcing some ISO 9001:2000 requirements relating to:  Assuring customer satisfaction: This goes beyond the safety and efficacy of medical devices.  Therefore, to a large extent the requirement to assure customer satisfaction is outside the purview of medical device regulators.   Engaging in continuous improvement (in regard to increasing efficiency): Improvement is within the medical device regulator's purview when it is done to correct violations.  However, improvement for the sake of operating more efficiently is outside the purview of medical device regulatory agencies.  Documentation: ISO 9001: 2000 requires less documentation.  Auditors and investigators, whether they be from FDA or from some other organization, need documentation to know what a company intends to do and what they actually did.  The committee revising ISO 13485 intends to address these issues in their revisions.  Also, ISO 9001:2000 is written using a process model approach instead of the twenty (20) element format used in ISO 9001:1987 and 1994.  In a voluntary standards arena there is no requirement for a manufacturer to change the structure of its documentation to meet the format of the standard.  In a regulatory environment, however, manufacturers often feel the need to align their documentation structure with that of the regulations.  FDA sees no safety or quality benefit in having the manufacturers completely change their documentation structure and systems to the process model.  Manufacturers may choose whatever documentation structure and system works best for their organization and regulatory obligations.  The reasons the authors of the new ISO 9001:2000 changed to a process model are not necessarily transferable to the medical device industry.  Many customers (hospitals, clinics, doctors, etc.) want their medical device suppliers to be ISO 9001 certified. Customers perceive some level of security in knowing they are buying from a manufacturer that has an ISO 9001 certified quality system.  The European Union does not require device manufacturers to comply with ISO 9001 in order to obtain a CE mark.  Manufacturers have several options including having their devices tested OR having a quality system.  If they have a quality system they can design it to comply with the quality system standard of their choice.  In theory, they could use FDA's Part 820.  However, since many of their customers want them to have ISO 9001 certification, most medical device manufacturers choose to use ISO 13485 or EN 46001 to obtain a CE mark.  These standards, which are currently being revised, reference the quality system requirements in ISO 9001:1994 and contain additional requirements for medical device manufacturers who are establishing or maintaining a quality system.