top of page

Medical Device Quality System Compliance

Medical device compliant design

Regulatory Insight Can Help You Design a Compliant Medical Device Quality System For Your Company

FDA Quality System Regulation

All medical devices distributed in the United States must meet at least some subsections of FDA’s Quality System Regulation (21 CFR Part 820). Most medical devices must comply with most or all of Part 820, including Design Controls. 

Regulatory Insight has a full electronic library containing Part 820- and ISO 13485-compliant Quality Manuals, Quality Plans, Quality System Procedures, Quality System Forms, etc. that Regulatory Insight customize to each client’s unique organizational and operational needs. 

Regulatory Insight prides itself on cost-effectively designing a complete Quality System for your company that is in full compliance with FDA’s Quality System Regulation, as well as the ISO 13485 Standard so that you have only one quality system that meets worldwide requirements. 

The Quality System Regulatory Insight designs for your company will specifically fit your company’s exclusive needs based on its size and its applicability to the FDA Regulations and ISO 13485 Standard – nothing more. 

If you already have a Quality System in place but are not sure whether it is fully compliant with FDA’s Quality System Regulation, Regulatory Insight can review it and identify any gaps. Regulatory Insight can then help you to proactively fill any gaps identified.

FDA Regulation
ISO 13485

ISO 13485 / MDSAP

ISO 13485 is the Quality System Standard most commonly implemented by medical device manufacturers for meeting worldwide regulatory requirements.

The Medical Device Single Audit Program (MDSAP) is currently adopted by five international regulatory bodies – the United States Food and Drug Administration, Health Canada, Brazil’s Agência Nacional de Vigilância Sanitária, Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency and Australia’s Therapeutic Goods Administration.  MDSAP adopts the requirements defined in ISO 13485:2016, along with country-specific medical device regulations from the five participating international regulatory bodies listed above.

In Fact, Health Canada has required companies to obtain an MDSAP Certification in place of the previously required CAN/CSA ISO 13485 Certificate since January 1, 2019.  Although the European Union (EU) is currently just an official observer of the MDSAP Program, having an ISO 13485-compliant quality system developed by Regulatory Insight, Inc. will satisfy the EU quality system requirements for CE marking.


Regulatory Insight has a full electronic library containing ISO 13485- and Part 820-compliant Quality Manuals, Quality Plans, Quality System Procedures, Quality System Forms, etc. that Regulatory Insight customizes to each client’s unique organization and operations. Fortunately, as ISO 13485:2016 and FDA’s Quality System Regulation overlap in many areas, Regulatory Insight can cost-effectively design a compete Quality System for your company that is in full compliance with the ISO 13485 Standard and FDA’s Quality System Regulation, so that you have only one quality system that meets worldwide requirements. 

If you already have a Quality System in place but are not sure whether it is fully compliant with ISO 13485 and country-specific regulatory requirements of the five countries participating in the MDSAP Program, Regulatory Insight can review it and identify any gaps before your MDSAP recognized Auditing Organization identifies them during an MDSAP assessment. Regulatory Insight can then help you to proactively fill any gaps identified.

Quality System Audits

Both the FDA’s Quality System Regulation (Part 820) and the ISO 13485 Standard require manufacturers to establish a method for performing internal audits of their Quality Systems. It is also a requirement for manufacturers to have control over their suppliers of both products and services. Audits are one of the more effective ways of controlling suppliers. 

It is not; however, required that the audits be performed by an employee of the manufacturer; therefore, in the case of smaller companies who may not have the resources, or even larger companies who have strained resources, this requirement can cost-effectively be handled by someone from Regulatory Insight. Note – the FDA Quality System Regulations and ISO 13485 Standard do not allow for auditors to audit themselves or their own work. 


The Principal of Regulatory Insight, Kevin Walls, is a Certified MDSAP Lead Auditor and Certified EU MDR Lead Auditor, which meets the requirements of many Auditing Organizations and Notified Bodies for Kevin to perform internal MDSAP or EU MDR audits for Regulatory Insight’s clients.

Additionally, many companies have their own internal auditors and supplier auditors, but desire that an independent audit be done to gain assurance that their own internal and/or supplier audit program is effective. 

Regulatory Insight also performs independent audits for companies in anticipation of an impending FDA inspection or an impending ISO 13485 or MDSAP assessment. This enables the company to be optimally prepared for the FDA inspection or the ISO 13485 or MDSAP assessment

Lastly, some FDA inspections result in a mandate by the FDA that the company hire an independent auditor to verify that the company has taken the necessary corrective action as a result of the non-compliances identified in the FDA inspection. Regulatory Insight can handle those audits for your company. Even when such mandates are not made by the FDA, and following an ISO 13485 assessment that does not typically result in the same mandate, companies often hire the services of Regulatory Insight to audit and confirm that their corrective actions are adequate


Quality Systems Inspections

If your company has a pending FDA inspection an MDSAP audit or ISO 13485 assessment and you would like some support throughout the process, Regulatory Insight can provide that support. Regulatory Insight has participated in scores of FDA inspections and ISO 13485 assessments, facilitating the process before, during and after the inspection, audit, or assessment. 

Regulatory Insight's participation in FDA inspections, MDSAP audits and ISO 13485 assessments has frequently resulted in avoiding written non-conformances due to misunderstandings or misinterpretations by the respective agency of a company’s implementation of the requirement of the Regulation or Standard. This can save your company unnecessary time and resources to address non-conformances cited in your FDA inspection. MDSAP audit or your ISO 13485 assessment that can be avoided through timely clarification. 

Regulatory Insight’s on-site real-time clarification of such issues has directly resulted in reducing the number and severity of potential non-conformances cited for numerous clients. This can be critical to the outcome of your assessment or inspection, even so far as preventing more serious regulatory action such as issuance of a Warning Letter by the FDA or the non-issuance of your MDSAP or ISO 13485 Certificate. 

If you have already had your FDA inspection, MDSAP audit or ISO 13485 assessment, Regulatory Insight can assist your company to write the response, to develop and implement the corrective actions and to subsequently audit your corrective actions to assure that they are appropriate and effective.

Quality Inspections

FDA-483, FDA Warning Letter, MDSAP Audit Report and ISO 13485 Assessment Report

FDA is enforcing compliance with the Regulations more so than ever before. If your company has just received a Form FDA-483 containing inspectional observations, there is no need to panic; however, you should act quickly and appropriately to head off potential further regulatory action. FDA’s policy is that companies must provide a written response within 15 days of receiving a Form FDA-483 or further risk receiving a Warning Letter. 

Regulatory Insight can help to quickly assess the situation and assist your company to write a balanced response that demonstrates your company’s commitment to substantial compliance yet is not overly burdensome and beyond the requirements stipulated by the Regulations. 

If you have received a Warning Letter, Regulatory Insight can quickly, yet thoroughly, assess the situation and assist you to write the response. Regulatory Insight can also accompany your Senior Management to a face-to-face meeting with your FDA District Office, which is essential any time a company receives a Warning Letter from the FDA in order to show Management’s commitment to getting the company quickly back into compliance. 

If you have received your ISO 13485 or MDSAP Assessment Report and it contains non-conformances, you must provide your Notified Body / Auditing Organization with a corrective action plan for addressing the non-conformities. Regulatory Insight can assist your company to devise corrective action plans that meet the spirit of the ISO 13485 Standard without committing your company to unnecessarily onerous tasks that may have little relevance to the quality of your products or the ISO 13485 Standard. 

Once your corrective action plan has been accepted by the issuing regulatory body, Regulatory Insight can assist your company with implementing the corrective actions and auditing them afterwards to assure that they have been properly implemented, are effective, and have not caused other new unforeseen problems.



FDA has established a unique device identification labeling requirement to adequately identify medical devices through their distribution and use. The primary label of most devices must include a unique device identifier (UDI) in human- and machine-readable form. Device labelers must also submit UDI information about each device to FDA’s Global Unique Device Identification Database (GUDID).

Regulatory Insight, Inc. assists medical device manufacturers with meeting the UDI labeling and GUDID records requirements by setting up accounts with a UDI Issuing Agency and FDA’s GUDID.  Regulatory Insight helps medical device manufacturers generate the device identifiers (DIs) through the Issuing Agency.  Regulatory Insight also helps medical device manufactures by entering the UDI information into the GUDID.

Please let us know whether Regulatory Insight can assist your company with implementing your UDI labeling and generating your GUDID records.


Reportable Events and Recalls

Unfortunately, reportable events (incidents) happen. When they do, your company must recognize them quickly and file the appropriate report(s) to the applicable regulatory agency(ies) within the timeframe required by each regulation. These reports include Medical Device Reports to the FDA, Medical Device Vigilance Incident Reports to the National Competent Authority in Europe, Mandatory Problem Reports to Health Canada, Incident Report Investigation Scheme to the Therapeutic Goods Administration in Australia, etc. 

Regulatory Insight can assist your company to determine if a reportable event occurred, and if so, how to meet all applicable reportable requirements. 

Unfortunately, recalls also happen. Certain regulations dictated by global regulatory bodies define the steps a company must take if the company determines that a recall is necessary or if a particular regulatory body requires a company to perform a recall. 


Regulatory Insight has handled many recalls for various clients in markets throughout the world. Regulatory Insight knows what is required by each regulatory body and can assist your company not only with meeting the reporting and other regulatory requirements in every regulated market, but Regulatory Insight can also assure that the recall is performed efficiently, cost-effectively and in the least disruptive manner to your company, and most importantly, to your customers.

bottom of page