Skip to content
CROSSWALK

QMSR / ISO 13485 §820.30(c)

Maps to

QMSR / ISO 13485: §820.30(c)

ISO 13485: §7.3.3

Requirement text

Inputs relating to product requirements shall be determined and records maintained. These inputs shall include functional, performance, usability and safety requirements.

What changed

Part 820.30(c) required that design input requirements relating to a device be identified, documented, and reviewed. It specified that inputs include intended use, performance requirements, safety and reliability requirements, applicable regulatory requirements, and other relevant requirements. Incomplete, ambiguous, or conflicting requirements had to be addressed and resolved.

ISO 13485:2016 clause 7.3.3 preserves all of these expectations but adds a critical new category: the applicable output of risk management must be included as a design input. This is perhaps the single most significant change in the design controls crosswalk. Under Part 820, risk analysis was referenced in 820.30(g) for validation, but there was no explicit requirement to feed risk management outputs into design inputs. ISO 13485 makes this linkage mandatory.

Specifically, ISO 13485 7.3.3 requires inputs to include: (a) functional, performance, and safety requirements, (b) applicable regulatory and statutory requirements, (c) applicable output(s) of risk management, (d) as appropriate, information derived from previous similar designs, and (e) other requirements essential for design and development. The addition of items (c) and (d) represent new explicit requirements that most Part 820-era QMS libraries do not address.

The FDA preamble commentary reinforced that risk management per ISO 14971 must be integrated with design controls, not treated as a parallel activity. This means hazard analysis outputs, risk control measures, and residual risk evaluations must demonstrably flow into design input specifications. Companies that maintained risk management and design controls as separate documentation streams will need to create explicit traceability between them.

Atomic constraints

  • Inputs must include functional and performance requirements.
  • Inputs must include usability and safety requirements.
  • Records of inputs must be maintained.
  • Conflicts in requirements must be resolved.
  • Design inputs must include applicable statutory and regulatory requirements.
  • Design inputs must include the applicable output(s) of risk management activities per ISO 13485:2016 clause 7.3.3(c).
  • Design inputs must include information derived from previous similar designs where applicable per ISO 13485:2016 clause 7.3.3(d).
  • Design inputs must address usability engineering requirements, including requirements derived from human factors analysis per IEC 62366 where applicable.
  • Design inputs must be complete, unambiguous, and verifiable, and must not be in conflict with each other.
  • The adequacy of design inputs must be reviewed and approved by designated individuals before design work begins, and the review record must be maintained.

Common gaps

Risk management outputs not included as design inputs

major

ISO 13485 7.3.3(c) explicitly requires 'applicable output(s) of risk management' as a design input. Most Part 820-era design input documents list functional, performance, and safety requirements but do not trace these to or derive them from a formal risk management process per ISO 14971.

Missing risk-based decision linkage

major

Design inputs don't reference risk analysis outputs (e.g., FMEA hazards) as a source for technical requirements. ISO 13485 §7.3.3 requires design inputs to include applicable output of risk management.

No reference to prior similar designs

moderate

ISO 13485 7.3.3(d) requires that information derived from previous similar designs be considered as a design input where appropriate. Many companies develop new design input documents from scratch without systematically reviewing lessons learned or design outputs from predicate or similar devices.

Usability requirements absent or informal

moderate

While Part 820 mentioned 'needs of the user' as an input consideration, ISO 13485 7.3.3 explicitly requires functional, performance, usability, and safety requirements. Many legacy design input documents address performance and safety but lack formal usability requirements derived from human factors analysis or IEC 62366.

Design input review and approval not adequately documented

minor

ISO 13485 7.3.3 requires that design inputs be reviewed for adequacy and approved. While Part 820 also required this, many legacy QMS libraries show design input documents with engineering signatures but no evidence of cross-functional review for adequacy, completeness, or conflict resolution.

Evidence signals

  • FILE_EXISTS

    (SRS|User Needs|Requirement)

  • CONTENT_MATCH

    Identify list of safety and usability requirements in the document.

Audit defense

Design inputs for [your product] are captured in [your document ID]. We ensure that functional and safety requirements are derived directly from our initial risk assessment (ISO 14971), preventing 'orphan requirements' that have no safety justification.

Related clauses

Design and Development PlanningDesign and Development ReviewDesign OutputsDesign Verification

Review your documents against this clause →

Further reading

Free compliance review. Pay only for the detailed report.

No credit card. No sales call. No consultants required.

Start My Free Review →

Read-only access. Your documents stay in your Drive.