Skip to content
CROSSWALK

QMSR / ISO 13485 §820.198

Maps to

QMSR / ISO 13485: §820.198

ISO 13485: §8.2.1

Requirement text

The organization shall gather and monitor information on whether customer requirements have been met, including post-market surveillance.

What changed

This represents one of the most conceptually significant shifts in the QMSR transition. Part 820 addressed customer feedback primarily through the lens of complaint handling under 820.198. There was no standalone requirement for systematic feedback collection or post-market surveillance in Part 820; these expectations were addressed through separate regulatory provisions (post-market surveillance orders under Section 522, MDR under Part 803) rather than the quality system regulation itself.

ISO 13485 clause 8.2.1 establishes an explicit requirement for a documented feedback collection and monitoring process as part of the QMS. This is broader than complaint handling: it encompasses proactive collection and analysis of information on whether the organization has met customer requirements, including monitoring of product performance in the field, user feedback, service data, and any other relevant post-market information. The feedback process must be documented, must include provisions for collecting data from both production and post-production activities, and must feed information into risk management, CAPA, and management review.

The FDA preamble acknowledged that ISO 13485's feedback requirement goes beyond what Part 820 explicitly required, representing a genuine expansion of QMS scope. However, the agency noted that proactive feedback collection aligns with existing FDA expectations for post-market surveillance and that manufacturers marketing devices in the EU or under MDSAP already have these systems in place.

For organizations with Part 820-only QMS heritage, this often means building an entirely new procedure. The feedback system must encompass not just complaints but also proactive data collection: clinical data, literature monitoring, field service reports, customer satisfaction surveys, and regulatory authority communications. This data must be analyzed at defined intervals and the results fed into CAPA determination, risk management file updates, and management review inputs.

Atomic constraints

  • Feedback collection process must be documented
  • Post-market surveillance plan must exist
  • Customer feedback must be analyzed for trends
  • Feedback must feed into CAPA and risk management
  • A documented procedure must define the feedback collection process, specifying the data sources to be monitored, collection methods, analysis frequency, and responsible parties.
  • The feedback process must collect information proactively, not only when formal complaints are received — including field service data, clinical literature, equivalent device performance data, and regulatory authority communications.
  • Feedback data must be analyzed at defined intervals to identify trends indicating potential nonconformities, emerging hazards, or changes in device performance.
  • The results of feedback analysis must be used as input to risk management file updates when new hazards or changed risk estimates are identified.
  • The results of feedback analysis must be reported as input to management review.
  • The feedback process is distinct from complaint handling (8.2.2) and must cover broader post-market monitoring beyond formal complaint intake.

Common gaps

No Documented Post-Market Surveillance Plan

major

ISO 13485 requires a documented procedure for feedback collection including post-market surveillance. Many Part 820-era organizations have no formal PMS plan, relying solely on complaint handling and MDR reporting as their post-market data sources. A standalone PMS plan defining data sources, collection methods, analysis frequency, and reporting is now required.

No Proactive Feedback Collection Process

moderate

ISO 13485 requires monitoring of information on whether customer requirements have been met, which includes proactive data collection beyond formal complaints. Many organizations only capture feedback when customers file formal complaints, missing service data, user experience information, and field performance data.

Feedback Not Linked to Risk Management

moderate

ISO 13485 requires that feedback data feed into risk management processes. Many organizations analyze complaints in isolation without systematically updating risk management files (hazard analyses, risk-benefit assessments) based on post-market feedback data.

Evidence signals

  • FILE_EXISTS

    (Post.*Market|PMS.*Plan|PMCF|Customer.*Feedback|Surveillance|PMS)

  • CONTENT_MATCH

    Does this document describe post-market surveillance, customer feedback collection, or PMCF activities?

Audit defense

Post-market surveillance for [your product] is managed through [your document ID]. Our PMS plan defines data sources, collection methods, and analysis requirements. Feedback trends are systematically analyzed and feed into CAPA and risk management per ISO 13485 8.2.1.

Related clauses

Corrective and Preventive Action (CAPA)Complaint HandlingInternal AuditNonconforming Product

Review your documents against this clause →

Further reading

Free compliance review. Pay only for the detailed report.

No credit card. No sales call. No consultants required.

Start My Free Review →

Read-only access. Your documents stay in your Drive.