QMSR Tip #4: Review and fix these disconnects between risk management and design controls

Recent FDA inspection data and warning letters highlight a significant disconnect between risk management and design controls. Review and fix these disconnects as you get ready for the QMSR.

FDA requires manufacturers to establish and maintain procedures to control the design of their medical devices in order to ensure that specified design requirements are met. These design controls requirements are specified in 21 CFR 820.30 (a) through (j)¹.

Design Controls also happens to be one of the top categories of inspectional observations, according to recent FDA data², accounting for an average 13% of the total observations cited in the last 5 years. As shown in Figure 1 below, FDA issued a total of 1117 observations to medical device manufacturers during inspections ending between January 2019 through September 2024³. On a percentage basis, deficiencies in design validation, design changes, general controls, design history file and design verification contributed to nearly 80% of these inspectional observations.

Figure 1: FDA inspectional observations for Design Controls on a percentage basis by subclauses of 21 CFR 820.30. Data source: FDA.

A closer look at the top issues in design validation, 21 CFR 820.30(g), reveals that deficiencies in risk analysis account for 45% of the 338 observations in this category.

Figure 2: Distribution of top issues related to design validation requirements per 21 CFR 820.30(g). Data source: FDA.

As you prepare your transition to the Quality Management System Regulation (QMSR), it is important to appreciate that FDA scrutiny on risk management will only increase over time. In the current Quality System (QS) regulation, risk is covered only in one sub-clause, that is in 21 CFR 820.30 (g) for design validation. The QMSR however, is based on ISO 13485:2016, which has many more specific requirements for risk management across the entire quality system.

This article highlights 5 potential disconnects between risk management and design controls. Although not a comprehensive list, we think these are the most important areas of opportunity based on our analysis of recent FDA warning letters. We recommend that you review your current Quality Management System (QMS) for these disconnects and identify actions to remedy them as part of your transition plan to the QMSR.