Mandatory QMS for all Classes of Medical Devices per EU MDR

Quality management system (QMS) is a structured framework that ensures an organization consistently delivers products meeting customer and regulatory requirements. Notably, EU Medical Device Regulation (MDR) has specified mandatory QMS for all classes of medical devices, even class I. Although Class I devices may follow a self-certification route, they are still legally required to maintain a QMS. Hence, manufacturers of all medical device classes must maintain a QMS that ensures regulatory compliance and product safety throughout the device lifecycle. The QMS must cover processes for risk management, clinical evaluation, post-market surveillance, vigilance, UDI traceability, and CAPA.

What is the EU MDR classification system?

EU MDR has specified mandatory QMS for all classes of devices. Hence, it is important to understand what are the EU MDR medical device classes. The EU MDR classification system categorizes medical devices into four risk-based classes, namely Class I, IIa, IIb, and III. The classification system is based on their intended use, duration of contact with the body, and invasiveness. The level of risk is determined based on duration of use, invasiveness, part of the body affected, and device function.

• Class I: Class I medical devices are low risk. They do not require notified bodies, except for sterile/measuring/reusable surgical devices. Examples: Bandages, stethoscopes, hospital beds.
• Class IIa: Class IIa medical devices are medium risk devices. They require notified bodies. Examples: Hearing aids, dental fillings, infusion pumps    
• Class IIb: Class IIb are medium-high risk devices. They require notified bodies. Examples: Ventilators, anesthesia machines, surgical lasers
• Class III: Class III medical devices are high risk. They require notified bodies. Examples:  Pacemakers, heart valves, implantable defibrillators    

Notably, misclassification can lead to non-compliance, market delays, or product withdrawal. Hence, it is important to correctly classify your medical device.

What is a quality management system?

Quality management system (QMS) is a formalized system that documents and governs how an organization manages quality across its operations. It is not just about product inspection; it is about embedding quality into every stage of the lifecycle, from design to delivery. QMS ensures consistent delivery of products or services that meet customer and regulatory requirements. Most regulatory bodies have mandatory QMS requirements. We have highlighted the core components of a quality management system (QMS).

• Quality policy and objectives: The organization’s commitment to quality and measurable goals.
• Process control: Standardized procedures for design, production, and service delivery.
• Document control: Managing SOPs, work instructions, and records to ensure consistency and traceability.
• Risk management: Identifying, assessing, and mitigating risks to product quality and safety.
• Training and competence: Ensuring personnel are qualified and continuously trained.
• Internal audits: Regular checks to verify compliance and identify improvement areas.
• Corrective and Preventive Actions (CAPA): Systematic response to non-conformities and potential risks.
• Customer feedback and satisfaction: Mechanisms to capture and act on customer input.
• Continuous improvement: Using data and analysis to drive ongoing enhancements.

In regulated industries, such as medical device, mandatory QMS must cover design controls, supplier management, clinical evaluation and post-market surveillance, vigilance and complaint handling, and device traceability and labelling.

Mandatory QMS for all classes of devices per EU MDR

Per EU MDR requirements, QMS is mandatory for all classes of medical devices, Class I, IIa, IIb, and III, regardless of risk level. Manufacturers must establish, implement, and maintain a QMS that ensures regulatory compliance, product safety, and performance throughout the device lifecycle. Moreover, the QMS has to closely align with ISO 13485:2016 guidelines.

For Class IIa, IIb, and III devices, notified bodies will audit the QMS as part of conformity assessment. For Class I, competent authorities may inspect QMS documentation during surveillance or investigation.

Scope of EU MDR QMS requirements

The QMS must cover:

• Regulatory compliance
• Risk management
• Clinical evaluation
• Post-market surveillance
• Vigilance
• Change control
• Supplier management
• Device traceability and documentation

No exemption even for Class I devices

• Even Class I devices, which are subject to self-certification, have a mandatory QMS requirement in place.
• While they may not require Notified Body involvement for conformity assessment (except for sterile/measuring/reusable surgical Class I devices), the QMS must still meet MDR standards.

Core mandatory QMS requirements under EU MDR

As per EU MDR requirements, the QMS must be comprehensive and tailored to ensure device safety, performance, and regulatory compliance. The following key components should be covered:

1. Regulatory compliance strategy: The regulatory compliance strategy should cover procedures for conformity assessment, change management protocols, and documentation control and versioning.
2. Risk management: The risk management section should cover risk analysis, evaluation, control, and residual risk assessment. It should be integrated with design and development processes.
3. Clinical evaluation:  This section should cover planning, execution, and documentation of clinical evaluations. Additionally, post-market clinical follow-up (PMCF) plans and reports should be included.
4. Product realization: The product realization section should cover planning, design, development, and production. Furthermore, it should include design transfer and validation processes.
5. UDI and device traceability: Verification of UDI assignments. Ensures consistency and validity of device registration data.
6. Post-market surveillance (PMS): The system must contain data on the setup, implementation, and maintenance of a post-market surveillance system. It should also include PMS plans, reports, and data analysis.
7. Communication protocols: The system must include communication protocols with competent authorities, notified bodies, economic operators, and stakeholders. Additionally, it should also include incident reporting and field safety corrective actions.
8. Corrective and preventive actions (CAPA): This component should cover methodologies for identifying, implementing, and verifying CAPAs. It should include root cause analysis and effectiveness checks.
9. Monitoring, measurement, and improvement: Output data analysis, product and process improvement strategies, and internal audits and management reviews should be covered.
10. Management responsibility: Mandatory QMS implementation requires defined roles and responsibilities of the management. They should demonstrate commitment to quality and regulatory compliance. Additionally, proper resource allocation and training should be done.
11. Supplier and subcontractor control: Selection, evaluation, and monitoring of external parties should be done. Additionally, quality agreements and performance reviews should be done from time to time.

Is ISO 13485:2016 compliance mandatory under EU MDR?

ISO 13485:2016 is not mandatory under EU MDR. However, it is highly recommended because:

• It aligns with MDR QMS expectations
• Facilitates global market access
• Serves as a foundation for notified body audits

Assessment pathways for different classes of medical devices

• Class I: Self-declaration with mandatory QMS in place
• Class IIa, IIb, III: Notified body assessment of QMS as part of conformity evaluation

Can ISO 13485:2016 QMS certificate holders bypass or claim EU MDR compliant QMS by themselves?

No, they cannot claim EU MDR compliant QMS by themselves. To be compliant with EU MDR the manufacturer is required to obtain a QMS assessment from a notified body in case of Class II and III devices. However, for a class I medical device, the manufacturer must establish a corresponding QMS. Additionally, they should include the same declaration in the self-declared DoC.

Benefits of a robust and effective quality management system (QMS)

• Regulatory compliance: Having a robust QMS is mandatory for regulatory compliance. It is necessary to meet legal and industry-specific requirements.
• Operational efficiency: A robust QMS reduces waste, errors, and rework.
• Customer satisfaction: QMS ensures consistent product quality and reliability, thereby it is key to customer satisfaction.
• Market access: A QMS is necessary for market access. It facilitates global approvals and certifications.
• Audit readiness: QMS demonstrates control and accountability.

Therefore, EU MDR has specified mandatory QMS for all classes of medical devices, Class I, II, IIa, and III. EU MDR is a comprehensive legal framework for ensuring the safety, performance, and regulatory oversight of medical devices placed in the EU market. To launch your medical device in the EU, you have to mandatorily comply with the EU MDR guidelines. With the support of the Pharmadocx Consultants team, you can have a hassle-free EU MDR regulatory journey. Email at [email protected] or call/Whatsapp on 9996859227 to easily comply with EU MDR QMS along with other requirements.