Skip to content
CROSSWALK

QMSR / ISO 13485 §820.30(i)

Maps to

QMSR / ISO 13485: §820.30(i)

ISO 13485: §7.3.8 / 7.3.9

Requirement text

Design changes shall be identified, reviewed, verified, validated as appropriate, and approved before implementation.

What changed

Part 820.30(i) required that each manufacturer establish and maintain procedures for the identification, documentation, validation or where appropriate verification, review, and approval of design changes before their implementation. This was a concise but broadly scoped requirement.

ISO 13485:2016 clause 7.3.9 (note: ISO 13485 uses 7.3.9 for design changes, while the QMSR atoms file references 7.3.8 — this reflects an alternate numbering interpretation; the authoritative mapping per FDA's crosswalk table places design change control at the clause addressing change identification, review, and approval before implementation) maintains the same core requirements but adds important specificity.

ISO 13485 requires that design changes be identified and that records be maintained. Before implementation, changes must be reviewed, verified, validated as appropriate, and approved. The review must include evaluation of the effect of the changes on constituent parts and products already delivered. This 'already delivered' assessment is an explicit requirement not found in Part 820, which focused on prospective change control without requiring retrospective impact analysis.

The integration with ISO 13485's broader change management framework means design changes must also be considered in the context of risk management. A design change that alters a risk control measure requires re-evaluation of the risk analysis, potentially triggering re-verification and re-validation per the impact assessment. This creates a tighter linkage between change control, risk management, and V&V than Part 820's standalone change control requirement.

The FDA preamble also clarified that design change records must be incorporated into the design history file / design development file, maintaining a complete audit trail of the design evolution.

Atomic constraints

  • Design changes must be identified and documented
  • Impact of changes must be assessed
  • Changes must be reviewed and approved before implementation
  • Change records must be maintained
  • Design changes must be reviewed, verified, and validated as appropriate before implementation, not just approved.
  • The impact assessment must evaluate the effect of the change on constituent parts and on devices already delivered to customers.
  • The impact assessment must evaluate whether the change affects any risk control measures, triggering re-evaluation of the risk analysis and risk management file.
  • The scope of re-verification and re-validation required by the change must be formally determined and documented as part of the impact assessment.
  • Design change records must be incorporated into the Design History File.
  • Changes that may constitute a significant change affecting safety or performance must be assessed for regulatory implications (e.g., whether a new premarket submission is required).

Common gaps

No impact assessment for already-delivered products

major

ISO 13485 requires that design change review include evaluation of the effect on 'constituent parts and product already delivered.' Many Part 820-era change control procedures assess the impact on the current design but do not require a formal assessment of whether the change affects devices already in the field.

Change impact on risk management not assessed

moderate

Under the QMSR framework, design changes that affect risk control measures must trigger re-evaluation of the risk analysis. Many legacy change control procedures do not include a step for assessing whether the proposed change affects any risk controls or requires updates to the risk management file.

Scope of re-verification and re-validation not determined

moderate

ISO 13485 requires that changes be 'verified and validated, as appropriate, before implementation.' Many legacy procedures approve changes without a formal determination of what re-verification and re-validation activities are needed based on the nature and scope of the change.

Missing 'Significance' assessment

moderate

The design change procedure lacks a formal requirement to assess the significance of the change to safety and usability. ISO 13485 §7.3.9 requires this determination.

No evaluation of 'delivered product' impact

moderate

Change records don't document whether the change affects devices already in use. ISO 13485 §7.3.9 requires this evaluation.

Evidence signals

  • FILE_EXISTS

    (Design.*Change|Change.*Control|Change.*Order|ECO|ECN)

  • CONTENT_MATCH

    Does this document describe a process for managing design changes, impact assessment, or change approval?

Audit defense

Design change control for [your product] is governed by [your document ID]. All design changes are documented via an engineering change order, assessed for impact, and reviewed and approved before implementation per QMSR 820.30(i).

Related clauses

Design and Development PlanningDesign and Development InputsDesign and Development ReviewDesign Outputs

Review your documents against this clause →

Further reading

Free compliance review. Pay only for the detailed report.

No credit card. No sales call. No consultants required.

Start My Free Review →

Read-only access. Your documents stay in your Drive.