MDR-compliant quality system documentation checklist for medical device software
Use our Quality Management documentation checklist for manufacturers of medical device software (MDSW) to check how well your Quality Management System aligns with MDR.
Your Quality Management System documents are very important when it comes to getting the CE marking for your medical device software. They constitute the backbone of the process that ensures that your MDSW follows the European rules.
Below is the MDR-compliant quality system documentation checklist for medical device software
Note: MDR-compliance and ISO 13485
ISO 13485 is an important standard for managing quality in the medical device industry including MDSW. By following it, you make big progress in meeting the rules of the MDR. However, ISO 13485 doesn't cover everything in the MDR. There are specific MDR requirements that ISO 13485 doesn't include.
Note: every company should have its unique approach
Companies organise their Quality Management Systems based on what works best for them. The checklist below offers guidance for aligning with the general principles of the MDR to ensure compliance. Feel free to customise the checklist according to your company's specific requirements.
As different companies might have their unique processes and procedures our checklist offers a customisable section at the bottom for companies to manually input specific documentation related to their distinct processes.
Fill out the Company/Subsidiary/Department field, check the checkboxes for available documents and N/A boxes for documents that do not apply, and print out or create a PDF-document.
OR
Download the Excel file template of the checklist and make edits offline.
MDR-compliant quality system documentation checklist
Date:
MDR requirements (Ann. IX, Ch. 1 (2.2))
Mandatory documents / requirements, ISO 13485
ISO 13485 ref., docs
Mandatory records, ISO 13485
ISO 13485 ref., records
N/A
Available
QMS Mandatory Requirements
Manufacturer's quality objectives
Quality objectives
4.2.1
N/A
N/A
Quality manual
4.2.1, 4.2.2
N/A
N/A
Quality policy
4.2.1
N/A
N/A
Organisational structures with the assignment of staff responsibilities in relation to critical procedures, the responsibilities of the managerial staff and their organisational authority
The role(s) undertaken by the organisation
4.1.1
N/A
N/A
Responsibilities and authorities
5.5.1
N/A
N/A
Procedure for competence, training and awareness
6.2
Records of education, training, skills and experience
6.2
Methods of monitoring whether the operation of the quality management system is efficient and in particular the ability of that system to achieve the desired design and device quality, including control of devices which fail to conform
Procedure for the validation of the application of computer software
4.1.6, 7.5.6, 7.6
Records of software validation activities
4.1.6, 7.6
Procedure for document and record control
4.2.4, 4.2.5
Records of product requirements changes
4.1.6, 7.6
Procedure for competence, training and awareness
6.2
Records of product requirements changes
7.2.2
Procedure for management review
5.6.1
Records of management review
5.6.1
Procedure for internal audit
8.2.4
Internal audit plan, Internal audit report
8.2.4
Requirements for the infrastructure
6.3
N/A
N/A
Requirements for the maintenance activities
6.3
Records of the maintenance activities
6.3
Procedures for validation of processes
7.5.6
Records of the results and conclusion of validation
7.5.6
Procedure for analysis of data
8.4
Records of the results of data analyses
8.4
Procedure for monitoring and measuring equipment
7.6
Records of the results of calibration and verification of monitoring and measuring equipment
7.6
Where the design, development and/or final verification and testing of MDSW, or parts of any of those processes, is carried out by another party, the methods of monitoring the efficient operation of the quality management system and in particular the type and extent of control applied to the other party
Written quality agreements with outsource partners
4.1.5
Records of the results of evaluation, selection, monitoring and reevaluation of supplier, supplier audit records
7.4.1
Strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, choice of and compliance with conformity assessment procedures
-
-
Records on identification of regulatory and customer requirements
-
Procedures for identification of applicable general safety and performance requirements and solutions to fulfil those requirements, taking applicable CS and, where opted for, harmonised standards or other adequate solutions into account
-
-
Records on identification of regulatory and customer requirements
-
Procedures for risk management as referred to in Section 3 of Annex I
Processes for risk management in product realisation
7.1
Records of risk management activities. Outputs of product realisation planning
7.1
Procedures for fulfilling the applicable specific requirements regarding design and construction
-
Records of design
-
Procedures for clinical evaluation, pursuant to Article 61 and Annex XIV, including post-market clinical follow-up
-
-
Clinical evaluation report, PMCF report
-
Procedures to keep up to date the clinical evaluation plan, taking into account the state of the art.
-
-
Clinical evaluation report, PMCF report
-
The documentation on the manufacturer’s post-market surveillance system and, where applicable, on the PMCF plan, and the procedures put in place to ensure compliance with the obligations resulting from the provisions on vigilance set out in Articles 87 to 92.
-
-
PMS report
-
Procedures in place to keep up to date the post-market surveillance system, and, where applicable, the PMCF plan, and the procedures ensuring compliance with the obligations resulting from the provisions on vigilance set out in Articles 87 to 92, as well as the undertaking by the manufacturer to apply those procedures.
-
-
PMS report, PMCF report
-
Solutions for fulfilling the applicable specific requirements regarding design and construction
Procedure for design and development
7.3.1
Design and development planning documents
Design and development inputs
Design and development outputs
Records of design and development review
Records of the results and conclusions of the design and development verification
Design and development validation plans
Records of the results and conclusion of design and development validation
Results and conclusions of the design and development transfer
Records of the results and actions arising from review of requirements related to product
Design and development file
Device identification procedures drawn up and kept up to date from drawings, specifications or other relevant documents at every stage of manufacture
-
-
Design and development file
7.3.10
Management of design or quality management system changes
-
-
Records of product requirements changes, Records of design and development changes
7.2.2, 7.3.9
Verification and quality assurance techniques at the release stage
Procedure and methods for the control of release
4.5.1
Record for each release
Evidence of conformity of products with the acceptance criteria
Identity of the person authorising release of product
7.5.1
8.2.6
8.2.6
8.2.6
Requirements for medical device installation and acceptance criteria for verification of installation
7.5.3
Records of medical device installation and verification of installation
7.5.3
Procedure for servicing activities of medical devices
7.5.4
Records of servicing activities
7.5.4
Tests and trials which are to be carried out before, during and after release, the frequency with which they are to take place, and the test equipment to be used; it shall be possible to trace back adequately the calibration of that test equipment (if applicable).
Procedure for design and development
7.3.1
Design and development file
7.3.10
Verification of the UDI assignments made in accordance with Article 27(3) to all relevant devices and ensuring consistency and validity of information provided in accordance with Article 29 (art. 10)
Procedure for product identification
7.5.8
Product identification records
-
Procedures for fulfilling the applicable specific requirements regarding the information to be supplied with the device, in particular the requirements of Chapter III of Annex I
-
-
N/A
8.2.3
Handling communication with competent authorities, notified bodies, other economic operators, customers and/or other stakeholders (art. 10)
Procedure for customer feedback gathering
8.2.1
Customer feedback report
8.2.1
Procedure for complaint handling
8.2.2
Complaint handling records
8.2.2
Procedure for issuing advisory notices
8.3.3
Records of actions relating to the issuance of advisory notices
8.3.3
Arrangements for communicating with customers
7.2.3
Report to the customer about changes on his property
7.5.10
Processes for reporting of serious incidents and field safety corrective actions in the context of vigilance
-
-
Records of reporting to regulatory authorities
8.2.3
Management of corrective and preventive actions and verification of their effectiveness
Procedure for corrective actions
8.5.2
Records of corrective actions
8.5.2
Procedure for preventive actions
8.5.3
Records of preventive actions
8.5.3
Software Development Life Cycle (SDLC) Processes (IEC 62304) and Usability design processes (IEC 62366)
Requirement/procedure(s)
Record/document
N/A
Available
SDLC planning (IEC 62304)
Development plan, MDSW lifecycle plan
Usability planning (IEC 62366)
Requirements analysis and management (IEC 62304)
Records on requirements data collection incl. Competitors
User requirements elicitation procedure (IEC 62366)
Design and architecture (IEC 62304)
Design specifications based on the requirements
Usability specifications procedure (IEC 62366)
User interface design procedure (IEC 62366)
Design specifications, architectural design
Coding and implementation procedure (IEC 62304)
Code review records, Engineering records
Prototyping and mockup (IEC 62366)
Testing/verification procedure (IEC 62304)
Verification plan, test report
Validation procedure (IEC 62304)
Validation plan, validation report
Heuristic and task analysis evaluation (IEC 62366)
Usability validation (IEC 62366)
Release management procedure (IEC 62304)
Version release records
Quality assurance and review procedure (IEC 62304)
Review, inspection, audit reports
Usability testing (IEC 62366)
Change control (IEC 62304)
Change request submission, review, evaluation, impact assessment and approval
Change request, change approval
Change Implementation, verification and validation
Change verification plan and report
Change communication and notification
Change communication plan and log
Rollback procedure
Rollback report
Company-specific requirements
Procedures for company-specific processes
Product development, verification, validation and release company specific processes
