The Impact of the EU IVDR on QMS Requirements - Celegence

Impact of the EU IVDR on QMS Requirements

The European medical device regulations underwent a significant change with the introduction of the EU IVDR 2017/746 in 2017. The regulation covers multiple new requirements affecting many different areas, beginning with the classification of IVD devices to the performance evaluation, post market surveillance and related plans, and vigilance activities.

Throughout the regulation, there is an emphasis on manufacturers having an effective QMS in place and these QMS requirements are clearly defined. The regulation has not specified what standard should be used as a QMS. However, the most accepted and commonly followed QMS by the medical device industry is either ISO 13485:2016, or its harmonized version EN ISO 13485:2016. Although this standard is currently harmonized to the IVD Directive, its harmonization to the IVDR is anticipated in the future.

Companies have adopted ISO 13485 for many years, and therefore their QMS can be said to have matured. However, it is important to note that conformity to ISO 13485 does not mean that manufacturers are fully compliant to the EU IVDR QMS requirements. Given the changes brought in by the regulation, the manufacturers will have to now integrate these new requirements into their QMS. Subsequently, their staff will also have to be trained according to the changes in QMS. Once integrated, the new requirements will have to be a part of the internal audit system and thus, coming under QMS control.

This article details out some of these new requirements.

In Vitro Diagnostic Regulation ISO QMS for EU - Celegence

EU IVDR QMS Requirements for Manufacturers

The obligations of the manufacturer detailed in Article 10(8), states that –

“Manufacturers of devices, other than devices for performance study, shall establish, document, implement, maintain, keep up to date and continually improve a quality management system that shall ensure compliance with this Regulation in the most effective manner and in a manner that is proportionate to the risk class and the type of device.”

Furthermore, Article 10 clearly helps us understand what changes need to be incorporated in the QMS.

The IVDR expects manufacturers’ QMS to cover and govern the structure, responsibilities, all of its processes, procedures, and resources, thereby achieving compliance with the regulation.

Make Sure You’re EU IVDR Compliant

The checklist highlights all of the documentation that you will need in place for certification of your IVD device and will serve as a guide to help you achieve ongoing compliance. In conjunction with this checklist, we are also able to provide you with bespoke strategies to bring your business up to speed. We are currently working with businesses from the United States, India, and throughout Europe to ensure that they are ready for the deadline in May of 2022.

Key Changes to QMS under the IVDR

Below are the key changes to QMS under the IVDR:

  • The regulation expects that there is a strategy for regulatory compliance in the QMS which includes the choice and compliance with the conformity assessment procedures for the EU IVDR. This means that the manufacturer will now require additional procedures for identifying the risk class of the device, defining the intended purpose, choosing the conformity assessment routes, and fulfilling documentation requirements newly introduced by the regulation.


  • Under the Article 28 of the IVDR, the manufacturer and other economic operators must be registered in EUDAMED, the European regulatory database, to obtain a single registration number. Therefore, the QMS must have a process for registration to EUDAMED. Similarly there has to be a process for written mandates for both the Authorized Representative and the appointment of the PRRC – Person responsible for regulatory compliance. This is a new role under the IVDR, not covered by ISO 13485, and therefore needs to be addressed by the QMS. In short, the roles and responsibilities of all the economic operators need to be documented in the QMS along with the manufacturer’s oversight of these different functions.


  • There should be adequate procedures in place for change management processes like reviewing, assessing, and approving changes to devices that are CE marked. Apart from these design changes, there could be several other changes such as those to systems, harmonized standards, or common specifications used during development of the products. These should be addressed in a timely manner by the Change Management system.


  • Compliance to the IVDR requires compliance to the Annex I general safety and performance requirements (GSPR) for devices. The first eight GSPRs are compulsory, but the rest have to be applied depending on the device and its intended purpose. Therefore the QMS should have a system in place for identifying the applicable GSPRs during product development and exploring the options to address those requirements.


  • A medical device file and its contents are specified by ISO 13485 in clause 4.2.3. However the IVDR needs Technical documentation as per Annex II and Annex III.


  • This documentation needs some additional plans and records as outlined below:


  • The performance evaluation was required under the IVDD as well, though the requirements were not as detailed. The regulation specifies the requirements in Article 56 and Annex XIII. The performance evaluation requires a well defined Performance evaluation plan (Annex XIII), which when implemented, results in a PER, or performance evaluation report.


  • The PMS requirements of ISO 13485 do not cover the process in as much detail. The IVDR highlights the preparation, implementation, and maintenance of a post-market surveillance system, in accordance with Article 78-81. The system should be proactive and not just reactive. This will result into different reports such as the PMSR, PSUR, and PMPF reports. The new regulation has added a post market performance follow up process (PMPF) and its corresponding plan for each device. This plan could be common across several devices or specific for the device depending on types of devices made by the manufacturer. The PMPF plan is a part of the PMS Plan.


All of these new elements now must be integrated with the QMS so that the processes can run seamlessly. Moreover, for performance evaluation and PMS, there are specific timelines for updating reports and this is something that should be under the control of the QMS.


  • Management responsibility, resource management, and supplier and sub-contractor management is already a part of ISO The Regulation does not have any added requirements. Economic suppliers are suppliers, and therefore the necessary contracts and controls should be put in place. The processes for product realization, including planning, design, development, production, and service provisions remain the same. Risk management should be embedded in these processes.


  • Risk management, as set out in Section 3 of Annex I, is highlighted throughout the regulation. Therefore, the QMS is to be structured on risk management, which is then evident in all of its processes. Risk management described by the IVDR is similar to ISO 14971 and includes identification of risks, including foreseeable misuse, assessment, evaluation, and mitigation of those risks throughout the life cycle of the product. It also talks about the risk-benefit ratio. Reducing risks as far as possible at the design stage by safe design and construction is a given preference. If that does not eliminate risk, protective measures such as alarms may be used. Lastly, the manufacturer must communicate information for safety in the form of warnings, precautions or contraindications. They could also provide training to users.


  • The unique device identification, or UDI system, has been implemented in Europeand the QMS must include procedures and policies for assigning codes and verification of the UDI assigned to all relevant devices. This ensures the consistency and validity of the information provided for UDI registration in various databases like EUDAMED.


  • QMS procedures need to take care of the information that accompanies the devices in the form of labels, instructions for use (IFU), and the marketing materials in concordance with Section 3 of Annex I. These have to be translated into the European languages where the device is sold.


  • The IVDR requires the QMS to handle communications with the competent authorities, notified bodies, other economic operators, customers, and/or other stakeholders with the appropriate procedures. The manufacturer must identify a responsible person to manage these important regulatory communications in a timely manner. Clear, precise and timely communication is also crucial for the reporting of serious incidents and field safety corrective actions in the context of vigilance. The IVDR has put forth stricter requirements for vigilance reporting, and the timelines have changed and should come under QMS control. Trend reporting has been added and must be a part of the QMS.


  • Most manufacturers have good systems in place for management of corrective and preventive actions, investigations, root cause analysis and verification of their effectiveness. CAPA closure systems and timelines along with linkage to complaint handling, vigilance, non conforming products and other systems can be revisited while upgrading the QMS to make it IVDR compliant.


  • Lastly, the IVDR also talks about the processes for monitoring and measurement of output, data analysis, and product improvement as part of the QMS. Data analysis is of prime importance since it considers data from the performance evaluation, PMS, and the PMPF that will also identify new risks. These emerging risks will need to be fed back into the risk management system and used to update the performance evaluation files. Similarly, trend reporting for serious and non-serious incidents and FSCA is expected. The interlinking of such processes is important for continual improvement.
Quality Management System for IVDR ISO 13485 - EU MDR - Celegence

EU MDR QMS Requirements Conclusions

The new requirements of the regulation must be integrated in the Quality Management System, thereby making it more effective, robust, and tightly controlled. The starting point here could be a thorough gap analysis of the ISO 13485 systems.

If your team needs guidance, experienced resources, or complete end-to-end support with your EU IVDR activities, please email or contact us online to connect with a Celegence expert.

Dr. Anita Joshi is a Biotechnologist with 10 years of research and academic experience, including a Ph.D. (Biotechnology) from the National Institute of Virology (NIV), Pune, and Pune University. She also has 20+ years of BioPharma-Healthcare Industry experience in assignments with reputable commercial organizations. Anita has worked with more than 85 organizations since 2001 including: Span Diagnostics Ltd., Thermo Fisher Scientific, Merck Millipore, HCL technologies and more. She has been an auditor with BSI for ISO 13485, MDSAP, GMP etc. for the past 13 years. To date, Anita has 30 publications.

Make Sure You’re EU IVDR Compliant

The checklist highlights all of the documentation that you will need in place for certification of your IVD device and will serve as a guide to help you achieve ongoing compliance. In conjunction with this checklist, we are also able to provide you with bespoke strategies to bring your business up to speed. We are currently working with businesses from the United States, India, and throughout Europe to ensure that they are ready for the deadline in May of 2022.