Home
Services
Clinical evaluation EU Authorized representative Notified bodies Post-market surveillance PRRC Quality management system Risk management Technical documentation
Devices
General devices and equipment In vitro diagnostics Medical software
Articles About Contact us

Send us an email:
info@mdrc-services.com

Or use the contact form below

 
Technical documentation EU Authorized representative Clinical evaluation PRRC services Risk management Notified bodies Quality management system Post-market surveillance
General medical devices and equipment In vitro diagnostics (IVD) Medical Device Software (MDSW)
CE-marking process for medical devices CE-marking process for in vitro diagnostics PRRC under MDR or IVDR Checklists >>
CE-Certificate vs. EC-Certificate Basic UDI-DI (bUDI) EUDAMED registration - a brief guide Read more >>

Structuring a quality management system for medical device manufacturers in the EU

Medical device manufacturers in the European Union must operate within a robust quality management system (QMS) that ensures compliance with both ISO 13485:2016 and the Medical Device Regulation (MDR) (EU) 2017/745. A well-structured QMS is critical not only for regulatory approval but also for maintaining product quality, patient safety, and business efficiency.

A practical way to understand the structure of a medical device QMS is to consider it as comprising three interconnected components. The first is shaped by ISO 13485, which establishes the foundation for quality management processes. The second component is MDR-specific, incorporating regulatory requirements that extend beyond ISO 13485. The third component consists of manufacturer-specific processes, which go beyond compliance to optimize business operations, innovation, and product lifecycle management.

ISO 13485 as the foundation of the QMS

At its core, a medical device QMS is structured around ISO 13485:2016, the internationally recognized standard that sets out requirements for a quality management system in the medical device industry. This standard ensures that manufacturers establish systematic controls over design, production, risk management, and supplier relationships. It defines essential processes such as document control, internal audits, corrective and preventive actions (CAPA), management reviews, and training.

Compliance with ISO 13485 is often a pre-requisite for regulatory approval in many jurisdictions, including the EU. However, while this standard provides a strong quality framework, it does not fully address all the regulatory requirements imposed by MDR. This is where the second component of the QMS comes in—the MDR-specific elements.

MDR-specific requirements within the QMS

The MDR introduces several regulatory requirements that go beyond those outlined in ISO 13485. These additional obligations include clinical evaluation, post-market surveillance (PMS), post-market clinical follow-up (PMCF), and stricter vigilance reporting. While ISO 13485 emphasizes quality processes, MDR places a greater focus on evidence-based safety and performance, particularly in the post-market phase.

For example, while risk management is covered in both ISO 13485 and MDR, the MDR’s General Safety and Performance Requirements (GSPRs) demand a broader risk-benefit analysis that continues throughout the product lifecycle. Similarly, clinical evaluation, which was only briefly addressed in ISO 13485, becomes a central requirement under MDR. This means that manufacturers must integrate clinical data collection, biological evaluations, and post-market follow-ups into their QMS.

Furthermore, MDR introduces additional economic operator requirements, including obligations for importers, distributors, and the Person Responsible for Regulatory Compliance (PRRC). These responsibilities must be reflected in the manufacturer’s QMS, ensuring that regulatory compliance extends beyond production and reaches into market surveillance, distribution, and corrective actions.

Manufacturer-specific QMS components

While ISO 13485 and MDR define essential regulatory requirements, a well-designed QMS must also reflect the unique operational needs of the manufacturer. This third component consists of processes that enhance efficiency, innovation, and business success.

For manufacturers engaged in research and development (R&D), production optimization, and technology transfer, the QMS should integrate workflows that go beyond compliance. Internal risk management may extend to supply chain resilience, cybersecurity, and innovation risks, even if these are not explicitly covered in ISO 13485 or MDR.

Additionally, while the regulatory framework mandates processes like complaint handling and post-market surveillance, manufacturers may choose to go beyond the legal minimum by implementing proactive customer feedback systems to enhance user experience and product refinement. Similarly, manufacturing and production workflows should align not only with ISO 13485’s quality controls but also with lean manufacturing principles, process automation, and supplier optimization strategies.

A unified approach to QMS implementation

While it is helpful to conceptualize the QMS in three distinct layers—ISO 13485 compliance, MDR-specific requirements, and manufacturer-driven processes—in practice, these elements must be interwoven rather than siloed. A manufacturer should aim for a harmonized system where MDR requirements are seamlessly integrated into existing quality processes rather than treated as an additional layer of bureaucracy.

For example, instead of maintaining separate risk management processes for ISO 13485 and MDR, a manufacturer should create a single, continuously updated risk management file that satisfies both ISO and MDR expectations. Likewise, the post-market surveillance system should be structured so that regulatory reporting obligations align with real-world user feedback and internal performance tracking.

Ultimately, a medical device QMS should be a living system, capable of evolving alongside regulatory changes, technological advancements, and business growth. Having a system integrating ISO 13485, MDR compliance, and internal business processes into a cohesive structure, manufacturers can achieve both regulatory success and operational excellence.

We will help you obtain all the necessary certificates.

Learn more >>

What you need to have to succeed in certification and sell your products in the EU:

PRRC

Learn more >>

Clinical
evaluation
Learn more >>

Post-marketing
surveillance
Learn more >>

What you need to know to succeed in certification and sell your products in the EU:

CE-marking process under MDR

Learn more >>

CE-marking process under IVDR

Learn more >>

MDR checklist
Learn more >>

Structuring a quality management system for medical device manufacturers in the EU

Medical device manufacturers in the European Union must operate within a robust quality management system (QMS) that ensures compliance with both ISO 13485:2016 and the Medical Device Regulation (MDR) (EU) 2017/745. A well-structured QMS is critical not only for regulatory approval but also for maintaining product quality, patient safety, and business efficiency.

A practical way to understand the structure of a medical device QMS is to consider it as comprising three interconnected components. The first is shaped by ISO 13485, which establishes the foundation for quality management processes. The second component is MDR-specific, incorporating regulatory requirements that extend beyond ISO 13485. The third component consists of manufacturer-specific processes, which go beyond compliance to optimize business operations, innovation, and product lifecycle management.

ISO 13485 as the foundation of the QMS

At its core, a medical device QMS is structured around ISO 13485:2016, the internationally recognized standard that sets out requirements for a quality management system in the medical device industry. This standard ensures that manufacturers establish systematic controls over design, production, risk management, and supplier relationships. It defines essential processes such as document control, internal audits, corrective and preventive actions (CAPA), management reviews, and training.

Compliance with ISO 13485 is often a pre-requisite for regulatory approval in many jurisdictions, including the EU. However, while this standard provides a strong quality framework, it does not fully address all the regulatory requirements imposed by MDR. This is where the second component of the QMS comes in—the MDR-specific elements.

MDR-specific requirements within the QMS

The MDR introduces several regulatory requirements that go beyond those outlined in ISO 13485. These additional obligations include clinical evaluation, post-market surveillance (PMS), post-market clinical follow-up (PMCF), and stricter vigilance reporting. While ISO 13485 emphasizes quality processes, MDR places a greater focus on evidence-based safety and performance, particularly in the post-market phase.

For example, while risk management is covered in both ISO 13485 and MDR, the MDR’s General Safety and Performance Requirements (GSPRs) demand a broader risk-benefit analysis that continues throughout the product lifecycle. Similarly, clinical evaluation, which was only briefly addressed in ISO 13485, becomes a central requirement under MDR. This means that manufacturers must integrate clinical data collection, biological evaluations, and post-market follow-ups into their QMS.

Furthermore, MDR introduces additional economic operator requirements, including obligations for importers, distributors, and the Person Responsible for Regulatory Compliance (PRRC). These responsibilities must be reflected in the manufacturer’s QMS, ensuring that regulatory compliance extends beyond production and reaches into market surveillance, distribution, and corrective actions.

Manufacturer-specific QMS components

While ISO 13485 and MDR define essential regulatory requirements, a well-designed QMS must also reflect the unique operational needs of the manufacturer. This third component consists of processes that enhance efficiency, innovation, and business success.

For manufacturers engaged in research and development (R&D), production optimization, and technology transfer, the QMS should integrate workflows that go beyond compliance. Internal risk management may extend to supply chain resilience, cybersecurity, and innovation risks, even if these are not explicitly covered in ISO 13485 or MDR.

Additionally, while the regulatory framework mandates processes like complaint handling and post-market surveillance, manufacturers may choose to go beyond the legal minimum by implementing proactive customer feedback systems to enhance user experience and product refinement. Similarly, manufacturing and production workflows should align not only with ISO 13485’s quality controls but also with lean manufacturing principles, process automation, and supplier optimization strategies.

A unified approach to QMS implementation

While it is helpful to conceptualize the QMS in three distinct layers—ISO 13485 compliance, MDR-specific requirements, and manufacturer-driven processes—in practice, these elements must be interwoven rather than siloed. A manufacturer should aim for a harmonized system where MDR requirements are seamlessly integrated into existing quality processes rather than treated as an additional layer of bureaucracy.

For example, instead of maintaining separate risk management processes for ISO 13485 and MDR, a manufacturer should create a single, continuously updated risk management file that satisfies both ISO and MDR expectations. Likewise, the post-market surveillance system should be structured so that regulatory reporting obligations align with real-world user feedback and internal performance tracking.

Ultimately, a medical device QMS should be a living system, capable of evolving alongside regulatory changes, technological advancements, and business growth. Having a system integrating ISO 13485, MDR compliance, and internal business processes into a cohesive structure, manufacturers can achieve both regulatory success and operational excellence.

Similar Articles

Conformity assessment procedures under the MDR: Annex IX, Annex X, and Annex XI

Contract with the Authorised Representative in the European Union (Authorised Representative Mandate)

EUDAMED registration – a brief guide

Legacy Device Timelines and Deadlines Under IVDR Amendments

Risk management plan – guide for medical device companies

Basic UDI-DI (bUDI) – what is it, where to obtain it, and what to do with it

GSPR – General Safety and Performance Requirements for medical devices in the European Union

UDI-DI, Basic UDI-DI, GTIN, and GMN: What’s the Difference?

Further reading

CE-Certificate vs. EC-Certificate

Basic UDI-DI (bUDI) - what is it, where to obtain it, and what to do with it

EUDAMED registration - a brief guide

Contract with the Authorised Representative in the European Union (Authorised Representative Mandate)

GSPR – General Safety and Performance Requirements for medical devices in the European Union

How to obtain CE marking for medical software under the EU MDR or IVDR?

Technical documentation for Medical Device Software in the EU

IEC 62304 - the pivotal standard for software medical devices

Medical Device Regulation (MDR) - basics

ISO and IEC standards for medical device software

Clinical Evaluation, PMCF, and PMS in Medical Device Lifecycle

Notified Bodies and their role in certification of medical devices

What is NANDO and why medical device companies should know about it?

Labeling and UDI requirements for medical devices in the EU

Understanding the roles of Authorised Representatives and Importers under MDR/IVDR

MDR implementation - challenges and solutions

Post-market surveillance under MDR and IVDR - requirements and best practices

Notified Body audit - a manufacturer's guide

Risk management plan - guide for medical device companies

Should my medical device comply with GDPR?

EC-certificate for a medical device - Q&A

How long does it take to CE-mark a medical device?

What is a PRRC?

Essential requirements for importers and distributors under MDR and IVDR

Language requirements for IFUs and labels under the MDR and IVDR

Legal Manufacturer and Original Equipment Manufacturer in medical devices

How to structure a PRRC contract for effective compliance

How to Create a Declaration of Conformity According to MDR or IVDR

All articles >>

Get in touch

We're ready to help you. Contact us whether you have a question about our solutions or need help with regulatory issues

Our EU office

MedDev Compliance Ltd
Souliou 1, Strovolos, 2018 Nicosia, Cyprus
Phone: +357 22253765
Email: info@mdrc-services.com
 

©2025 MDRC - Medical Devices Regulatory Compliance

Solutions

EU Authorised Representative (EC REP)

PRRC

Technical documentation

Risk management

Clinical evaluation

Notified bodies

Quality management system

Post-market surveillance system

Your products

Medical devices and medical equipment

In vitro diagnostic medical devices

Medical software

Resources

Medical Device Regulation (MDR) - basics

CE-marking process for medical devices

CE-marking process for in vitro diagnostic medical devices

UDI infographic

EUDAMED registration step by step instruction

ISO 14155:2020 structure and content

Checklists

MDR technical documentation checklist

IVDR technical documentation checklist

Technical documentation checklist for medical device software (MDSW)

MDR-compliant quality system documentation checklist

Clinical Evaluation Plan checklist

Clinical Evaluation Report checklist

All checklists >>


Useful information

CE-Certificate vs. EC-Certificate

Basic UDI-DI (bUDI)

EUDAMED registration - a brief guide

Authorised Representative Mandate

GSPR – General Safety and Performance Requirements

How to obtain CE marking for medical software under the EU MDR or IVDR?

Technical documentation for Medical Device Software in the EU

Read more >>


Cookie Policy

We only use essential cookies that enable core functionality and proper operation of the website. These cookies do not store any personally identifiable data. By continuing to use this website, you consent to the use of the essential cookies. You may disable these cookies by changing your browser settings, but this may affect how the website functions.
We do not use our own or third-party analytical, preferences, statistics, marketing, functional, advertisement, performance or any other non-essential cookies.

Send us an email:
info@mdrc-services.com

Or use the contact form below

 

Solutions

EU Authorised Representative (EC REP)

EU PRRC

Technical documentation

Risk management

Clinical evaluation

Notified Bodies

Quality management system

Post-market surveillance

Resources

Medical Device Regulation (MDR) - basics

CE-marking process for medical devices

CE-marking process for in vitro diagnostic medical devices

PRRC under MDR or IVDR

UDI infographic

EUDAMED registration step by step instruction

ISO 14155:2020 structure and content

Checklists

MDR technical documentation checklist

IVDR technical documentation checklist

Technical documentation checklist for medical device software (MDSW)

MDR-compliant quality system documentation checklist

Clinical Evaluation Plan checklist

Clinical Evaluation Report checklist

All checklists >>

Articles

CE-Certificate vs. EC-Certificate

Basic UDI-DI (bUDI)

EUDAMED registration - a brief guide

Authorised Representative Mandate

GSPR – General Safety and Performance Requirements

More articles >>

Devices

General medical devices and equipment

In vitro diagnostics (IVD)

Medical software

Cookie Policy

We only use essential cookies that enable core functionality and proper operation of the website. These cookies do not store any personally identifiable data. By continuing to use this website, you consent to the use of the essential cookies. You may disable these cookies by changing your browser settings, but this may affect how the website functions.
We do not use our own or third-party analytical, preferences, statistics, marketing, functional, advertisement, performance or any other non-essential cookies.