Statistical techniques and sampling plan requirements from 820.250 remain valid; process capability evaluation expectation persists.
Scope expands from statistical methodology to systematic QMS data analysis — feedback, product conformity, process trends, and supplier data are all enumerated inputs.
Documented data analysis procedure and evidence that results drive preventive action — organizations with SPC-only programs miss the ISO 13485 8.4 broader mandate.
Maps to
QMSR / ISO 13485: §820.250 Statistical techniques.
ISO 13485: §8.4 Analysis of data
Requirement text
The organization shall determine, collect, and analyze appropriate data to demonstrate QMS suitability and effectiveness.
Why this clause exists
Data analysis as a defined QMS requirement exists because quality improvement requires quantitative signal — not impression, not anecdote, not inspection intuition. A quality system that collects data but does not analyze it systematically cannot distinguish between a stable process with acceptable variation and a deteriorating process with a trend that warrants intervention. The requirement to determine, collect, and analyze appropriate data reflects the planning burden on the manufacturer: which data sources, at what frequency, using what statistical or analytical technique, compared against what benchmark. Without that determination, data collection is arbitrary and analysis is ad hoc. The statistical techniques reference in Part 820 § 820.250 has been preserved and expanded under ISO 13485 § 8.4: statistical techniques must be identified where applicable, with the breadth and complexity of techniques proportionate to the complexity and risk of the processes they support. The management review input requirement creates the governance escalation path: data analysis is not a technical exercise that stays within the quality department. Trends that indicate QMS deterioration, emerging product performance concerns, or failure to achieve quality objectives require leadership attention and organizational response — management review is the mechanism through which data analysis findings reach the level of the organization with authority to allocate resources and mandate corrective action.
What changed
§820.250 — Part 820 (legacy)
"Where appropriate, each manufacturer shall establish and maintain procedures for identifying valid statistical techniques required for establishing, controlling, and verifying the acceptability of process capability and product characteristics. Sampling plans, when used, shall be written and based on a valid statistical rationale. Each manufacturer shall establish and maintain procedures to ensure that sampling methods are adequate for their intended use and to ensure that when changes occur the sampling plans are reviewed. These activities shall be documented."
§8.4 — ISO 13485:2016 (current)
"The organization shall document procedures to determine, collect and analyse appropriate data to demonstrate the suitability, adequacy and effectiveness of the quality management system. The procedures shall include determination of appropriate methods, including statistical techniques and the extent of their use. The analysis of data shall include data generated as a result of monitoring and measurement and from other relevant sources and include, at a minimum, input from: a) feedback; b) conformity to product requirements; c) characteristics and trends of processes and product, including opportunities for improvement; d) suppliers; e) audits; f) service reports, as appropriate. If the analysis of data shows that the quality management system is not suitable, adequate or effective, the organization shall use this analysis as input for improvement as required in 8.5. Records of the results of analyses shall be maintained (see 4.2.5)."
Δ Data analysis expands from process/product statistics to a mandatory QMS-wide analysis including feedback, audits, and supplier data, with explicit linkage to the improvement process.
Common gaps (what we see in audits)
- Ignoring 'negative' trends — The QMS doesn't define 'triggers' for when a trend of minor issues becomes a 'systemic' issue requiring a CAPA. ISO 13485 §8.4 requires identifying opportunities for corrective action.
- Data Analysis Limited to Statistical Process Control — ISO 13485 clause 8.4 requires analysis of data from feedback, product conformity, process trends, and supplier performance. Many Part 820-era organizations have strong SPC programs but do not systematically analyze complaint trends, audit finding patterns, or supplier quality data as required inputs to their data analysis process.
- No Documented Data Analysis Procedure — ISO 13485 requires documented procedures for data analysis. Some organizations perform ad hoc analyses for management review but lack a formal procedure defining what data is collected, how often it is analyzed, what methods are used, and how results are reported and acted upon.
- Data Analysis Results Not Driving Preventive Action — ISO 13485 explicitly requires that data analysis identify opportunities for preventive action (linking to 8.5.3). Many organizations perform trend analysis for management review reporting but do not have a formal mechanism for data analysis findings to trigger preventive actions before nonconformities occur.
- No formal trend analysis records — Data is collected (e.g., in a spreadsheet) but no 'Trend Report' is produced and reviewed by management. ISO 13485 §8.4 requires records of the results of analysis.