Regulatory Auditor: “How do you know your product is safe?”

Medical Device Manufacturer: “Our product must be safe for patients because it has been on the market for over 20 years.”

Auditor: “Can you show me your clinical data?”

Manufacturer: “We don’t have clinical data because our device is just like other devices on the market.  If theirs are safe, ours is safe.”

Auditor: “What product characteristics did you compare and what similar devices did you base your assessment on?”

Manufacturer: “It was a really long time ago.  I don’t think there is anybody still working here who would remember what was checked or which other devices were looked at.”

Auditor: “How about complaint data?”

Manufacturer: “We don’t get complaints.”

Auditor: “Can you show me your procedure for managing complaints?”

Manufacturer: “Why would we need a procedure for managing complaints we don’t receive?”

Auditor: “How would your employees recognize a complaint if they got one, or how to handle it?”

Manufacturer: “Trust me, that won’t happen.”

In a regulated industry, the prevailing posture of regulatory representatives, in my experience, has been “Show me proof.”  In fact, the philosophy I’ve heard repeated by regulators is “If it wasn’t documented, it didn’t happen.” 

ISO 13485:20161 requires control of records to provide evidence of conformity to requirements, that records remain legible and retrievable, and that records be retained for at least the lifetime of a medical device or as specified by applicable regulatory requirements, whichever is longest.

Similarly, the U.S. Quality System Regulation (QSR) for Medical Devices (21 CFR 820)2 requires that records providing evidence of regulatory compliance be made readily available for review, be legible and be retained for the expected life of the device, but in no case less than 2 years from the date of release.  

The European Medical Device Regulation (EU MDR)3, which became law in 2017, requires that, upon request, manufacturers provide regulators with “all the information and documentation necessary to demonstrate the conformity of the device.”

Alas, if only the device manufacturer’s representative responding to the regulatory auditor in the hypothetical conversation above had known…

Want more information about managing records required for regulatory compliance, or help with record control for your organization? EMMA International can help! Contact us via our website, by phone at 248-987-4497, or by sending an email to:

1ISO 13485:2016(en) Medical devices — Quality management systems — Requirements for regulatory purposes; Section 2.4.5 Control of records, ©2016, ISO, accessed 09/15/2022 via the ISO Online Browsing Platform (OBP) at

2U.S. Code of Federal Regulations, 21 CFR 820, Subchapter H – Medical Devices, Quality System Regulation, Subpart M – Records; last updated March 29, 2022, by the U.S. Food and Drug Administration, Department of Health and Human Services, accessed on 09/15/2022 via

3Regulation (EU) 2017/745 – 5 April 2017 on medical devices, Chapter II, Article 10, Item 14, last updated 04/24/2020 and accessed 09/15/2022 via the Portal of the Publications office of the EU at

Diane Kulisek

Diane Kulisek

Ms. Kulisek serves as a Senior Quality Engineer and Senior Regulatory Affairs Specialist for EMMA International’s Technical Operations team. She has experience in technical writing, quality management systems, regulatory enforcement remediation, corrective and preventive action management, electronic data management systems, cybersecurity, and design controls for the medical device industry. Ms. Kulisek also has significant past experience in quality engineering and management for mass-produced consumer products, electronics, aerospace and commercial filtration industries. Ms. Kulisek holds a Master of Science in Engineering with a concentration in Civil, Industrial and Applied Mechanical Engineering Management from California State University, Northridge (CSUN) and a Bachelor of Arts in Biology with a concentration in Environmental Biology, also from CSUN. She also holds a Graduate Certificate in Program Management from West Coast University, a Lean Six Sigma Green Belt from Six Sigma Systems, Inc., and Certifications for multiple EU MDR and EU IVDR topics from Greenlight Guru. Ms. Kulisek maintained American Society for Quality Certifications for more than twenty consecutive years as a Quality Engineer (ASQ CQE) and as a Manager of Quality / Organizational Excellence (ASQ CMQ/OE).

More Resources

The End of the COVID-19 Public Health Emergency

The End of the COVID-19 Public Health Emergency

After over 3 years, the COVID-19 Public Health Emergency (PHE) will end on May 11, 2023, the Biden Administration announced last week.1After 3.5 years of the modified policy to allow for amore efficient path for COVID-19-related medical products to get to market, this begs the question of how it will impact the MedTech world.
Process Validation

Process Validation

All right, you have just gotten all of your paperwork together, submitted the right forms to the right people, set up your factory, hired and trained your staff; now it’s time to make the medical devices. The regulatory nonsense is over and done, right?
The Role of Management in Product Quality

The Role of Management in Product Quality

Depending on the factory, some production employees may find it surprising that management has an important role to play in a quality system.  21 CFR 820.20 mandates that “Management with executive responsibility shall establish objectives for, and commitment to, quality”.[1]  The Federal Government expects that management takes an active interest in improving the output of their company, at least in the case of medical device manufacturers.

Ready to learn more about working with us?

Pin It on Pinterest

Share This