Medical device regulatory compliance – Top 12 FAQs

Product developers often ask: Is my product considered a medical device? Will I need to comply with medical device regulations, and if so, which ones?


FAQ #1: When is a product considered to be a medical device? Definitions

How do you know if your product classifies as a medical device?

According to medical device definitions published by Regulatory Authorities and related stakeholders (FDA, TGA, World Health Organisation, etc.), the definition of a medical device hinges on ‘intended use’ (device purpose).

Definition of a medical device:

A medical device is any product intended to be used for a medical purpose; including products intended to:

  • Diagnose, prevent, monitor, investigate, treat or alleviate a disease or injury
  • Replace, modify, and/or support the anatomy of a physiological process or bodily function (for example, a product designed to compensate for an injury or other medical condition)

Stand-alone software, for example, being used for medical purposes, is considered a medical device (subcategory: SaMD = Software as a Medical Device).


FAQ #2: What are some examples of medical devices?

A medical device can be “any instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material or other similar or related article, which is intended by the manufacturer to be used (alone or in combination) for a medical purpose.”
Source: Australia Therapeutics Good Administration (TGA).

Medical devices thereby represent a diverse industry. There are thousands of medical device products and product types, from bandages and splints to implanted devices, 3D-printed medical devices, pacemakers, and other life-saving equipment.

Medical devices include medical equipment, prostheses, diagnostic software, monitoring tools, and other products that may achieve their purpose by:

  • Physical means (physical action)
  • Mechanical means/action, and/or
  • Chemical means/action

FAQ #3: Will I need to comply with medical device regulations, and if so, which ones?

The answer to the first question is typically a ‘YES’.

If you have a device that is intended to be used for a medical/therapeutic purpose, you will need to comply with the relevant medical device regulations.

For examples of regulations that apply to medical devices, click here.

  • To determine which medical device regulations and standards apply to your company and specific type of device (risk class), you will need to consult with the relevant Competent Authority (Regulatory Authority) in your manufacturing and distribution regions.
  • Examples of Regulatory Authorities include the FDA for the distribution of a medical device USA, the TGA for the distribution of your products in Australia, the EMA for distribution in Europe, the MHRA for distribution in the UK, and other relevant Government Authorities.

FAQ #4: What regulations do medical device companies need to comply with?

Medical device manufacturers are expected to comply with industry standards and regulations.

In general, Regulatory Authorities expect medical device companies to comply with Good Recordkeeping Practice (GRK) and data integrity expectations, as well as:

Depending on your product type, other standards (such as ISO 22422 – Medical Devices Utilising Animal Tissues or Derivatives) may also apply.

For products being distributed in the EU, the EU MDR (EU Medical Device Regulations) will apply.

Regulations and standards aim to ensure products are safe to use and perform as intended. Compliance with medical device regulations and industry standards helps reduce potential risks to patients and other users of the device, e.g. medical practitioners, caregivers, and others involved in patient care or product maintenance and repair.

Good Warehouse Practice (GWP) and Good Distribution Practice (GDP) regulations also apply to therapeutic goods. Prevention of counterfeit products is also expected.


FAQ #5: Will my medical device company be audited by the Regulatory Authority?

Companies are also generally inspected/audited by Regulatory Authorities in the jurisdictions of their operation and/or distribution. This includes Regulatory Authorities/Government Agencies such as the FDA for products made or distributed in the USA, the TGA for products made or distributed in Australia, the MHRA for products in the UK, and the EMA for products in the European Union (EU), etc..

Most Regulatory Inspections will evaluate (audit) a medical device company’s compliance with ISO 13485 QMS standards, ISO 14975 Risk Management Standards, and other relevant medical device regulations specific to their jurisdiction (or specific to the medical device type).

Click here for a list of Regulatory Authorities for therapeutic goods (medical devices and pharmaceuticals).

Be sure your personnel comply with product-specific regulations and legal requirements in your jurisdiction of manufacture, product distribution and servicing.

Medical device approval processes must be considered for each jurisdiction where your company intends to manufacture, distribute and/or service your medical device product(s).

You must generally have approval from the Competent Authority before you can supply a medical device to the market.

FDA Medical device approval process – click here.

TGA Medical device approval process – click here.

World Health Organisation medical device pre-qualification process – click here.

FAQ #6: What is meant by medical device classification (product class or risk classification)?

  • The medical device “product class” is essentially a ‘product risk classification’.
  • It indicates the inherent risks of various types of medical devices; and hence, the level of risk management activities/quality management resources expected to be put into place by the medical device company.

FAQ #7: Is there a single global product classification system that applies in every country?

No. Each jurisdiction may have its own risk classification system for medical device products. There may be similarities between ‘product class’ systems, but there are also differences.

Regulatory Authorities generally publish their own ‘medical device classification systems’ to cover the wide range of medical device product types being distributed in their regions. Generally, it is the responsibility of the manufacturer or distributor to determine which ‘product class’ is relevant for their medical device.

  • The product class — relating to the product’s risk classification — will have an impact on regulatory expectations for:
    • Quality management system procedures
    • Risk management activities and controls
    • Provision of resources (e.g., personnel qualifications, personnel training, role responsibilities, manufacturing facilities, equipment, etc.)
    • Other quality assurance measures
  • A Class III medical device in the USA falls into the highest risk category for a medical device, according to the FDA’s classification system for medical devices.
  • Products in the FDA’s Class III category include items such as pacemakers and other life-sustaining devices.

FAQ #8: What is ISO 13485?

In general, most medical device companies will be audited to ISO 13485: Quality Management System requirements for Medical Device companies (including maintenance companies/service providers) — or similar standards — as well as any other product-specific and region-specific guidance.

This ISO standard describes the essential components of establishing and maintaining an effective Quality Management System, based on Risk Management principles (which are described in ISO 14971: Risk Management for Medical Device Companies).

To understand Quality Management System regulations for your medical device organisation, refer to this online Certificate Training course: ISO 13485: QMS for Medical Devices.

Refer also to the ISO 14971 Risk Management for Medical Devices training course.


FAQ #9: What does a company need to do when they receive a medical device complaint?

  • Quality management responsibilities continue after release to market.
  • Post-marketing (post-distribution) product quality monitoring is expected by any company that produces and/or distributes or services a medical device.
  • Quality monitoring includes recording all complaints, and any other identified product issues, during and after manufacture and distribution; conducting appropriate root cause investigations; planning and implementing effective CAPAs; and monitoring the impact of such actions.
  • Management reviews of the QMS and all related systems and procedures, including non-conformance events and complaints management, are required.
  • An effective recall procedure must be put into place (and ready to implement by personnel).
Quality controls during manufacturing, as well as post-release quality monitoring activities, must meet regulatory requirements.

Courses are available relating to the management of deviations and non-conformance events, QMS documentation, complaints handling, and recalls.

Managing non-conformances in the medical device sector

As with all therapeutic goods manufacturing, deviations and non-conformances must be managed according to regulations. Adhere to ISO 13485 requirements and ISO 14971 requirements; and be sure your team is trained in management of non-conformances or deviations/defective products as well as recalls.

FAQ #10: What if my product doesn’t meet specifications, or something doesn’t go to plan during manufacturing?

Not all manufacturing goes to plan. Click here for management of non-conformances and other types of product deviations involving therapeutic goods.

Note: Complaint handling procedures must be included in your Quality Management System (QMS) for Medical Devices. This system and its procedures must be thorough, fully documented, validated where applicable, and kept up to date. Personnel must also be qualified and trained to fulfil their responsibilities.

Adequate resourcing by Management is required (from adequate personnel staffing levels through to workplace conditions/environmental controls, computerised system validation, data integrity measures, and equipment).

  • The QMS must generally meet the standards listed in ISO 13485: Quality Management Systems for Medical Device organisations (or similar standards).
  • Any exemptions from ISO 13485 requirements (Clause 7) must be documented/justified.
  • All product quality complaints must be recorded and investigated. If an organisation deems it unnecessary to investigate a quality complaint, justification for this decision must be documented as part of the Quality Management System (QMS).

FAQ #11: What is expected in terms of being able to implement a medical device recall, when necessary?

  • Recall procedures for medical devices and other therapeutic products must be in place.
  • These recall procedures and product complaints management procedures must be reviewed by management (at least annually) to ensure they are appropriate and effective.

Appropriate implementation of investigations (root cause analysis), as well as CAPAs and continuous improvement initiatives, are expected by the Regulatory Authorities.

  • Employees must be trained in recall procedures.
  • Distribution records must be kept.
  • Click here to learn common reasons for medical device recalls.

Complete the Therapeutic Goods Recalls Training Course (online).

Excerpt from article on Medical Device Recalls: When is a product recall necessary?

A product recall may become necessary after identifying a quality incident, such as a deviation/non-conformance (e.g. OOT/OOS), product defect, software malfunction, and/or tampering incident, presents an unacceptable risk to users (patients/consumers). Recalls may also be necessary when a product is not in compliance with national laws (e.g. the product does not have a Marketing Authority and/or is being misrepresented via packaging materials and advertisements/other marketing materials). Recalls may be voluntary in nature or they may be mandated by a Competent Authority/Regulatory Authority.

Recalls must be managed carefully, in accordance with your internal PQS/QMS procedures and in compliance with medical device regulations and national laws.


Read the rest of the article on Recalls of Medical Devices – common reasons for medical device recalls.

FAQ #12: What other quality control guidance is available for medical software product manufacturers & service providers?

Medical software issues:

Risk examples relating to medical device software include potential software failures (coding ‘bugs’), input errors/user errors, miscalculations, memory failure/data loss, power disruptions during a scan, for example, and other issues.

Does your device include medical-purpose software?

Complete the SaMD (Software as a Medical Device) regulatory compliance training module.

If you need help with your recall procedures and other medical device industry training, browse all available industry education topics and course listings.

Complete the Therapeutic Product Recalls (certificate training course) online.

Further Resources: Medical Device Regulations

FDA medical device classification system

Spike in Medical Device Recalls in 2022

Spike in Medical Device Recalls in 2018

IMDFR definition of Software as a Medical Device:

Quality systems for Software as a Medical Device – IMDFR guidance can be found by clicking here.

Click here for online courses relating to Deviations, Complaints, Medicinal Product Recalls, and other regulatory compliance requirements for medical devices and pharmaceutical products.

Last updated on December 5th, 2023 at 08:59 am

Similar Posts