In-Depth Interpretation Series Of The Revised Draft 《Medical Device Production Quality Management Guīfàn》 (Part 2) ------ What Signals Does The Independently Chaptered Quality Assurance And Risk Management Release?

New chapter highlights systematic thinking, transforming quality risk management from conceptual requirement to institutional arrangement

A significant change in the "Medical Device Production Quality Management Guīfàn (Revised Draft for Comments)" is the addition of an independent chapter on "Quality Assurance and Risk Management." This marks the transformation of quality risk management from scattered requirements to systematic, institutional arrangements, highly consistent with international medical device regulatory trends.

Overall Positioning of the New Chapter

In the 2014 version of the Guīfàn, requirements for quality assurance and risk management were scattered across various chapters. The new version elevates them to an independent chapter, placed after the General Provisions and before Organization and Personnel, highlighting their core position in the quality management system.

This structural adjustment reflects a profound shift in regulatory thinking: quality risk control is no longer just a part of quality management but a foundation and main thread running through the entire system. This aligns with the concepts emphasized in ISO 13485:2016 and the EU MDR regulations, which stress risk management throughout the product's entire lifecycle.

In-Depth Analysis of Core Clauses

1. Quality Objectives Throughout the Entire Cycle

Article 6 [Quality Objectives]

Enterprises shall fulfill the main responsibility for medical device quality and safety, establish quality objectives that meet medical device quality management requirements, and systematically implement all requirements for medical device product safety, effectiveness, and quality controllability throughout the entire process of product design and development, production, quality control, product release, storage, transportation, and use, ensuring that quality objectives are understood and achieved.

This clarifies that the enterprise is the main entity responsible for quality and safety. It emphasizes "systematic implementation," requires the establishment of systematic rather than fragmented quality objective management, and reiterates that quality objectives must run through all lifecycle activities of the product.

2. Specification of Resource Guarantee Requirements

Article 7 [Resource Guarantee]

Enterprises shall allocate sufficient and qualified personnel, factory facilities, equipment, and other resources to achieve quality objectives. Personnel at all levels of the enterprise shall jointly participate in various activities to achieve quality objectives and assume corresponding responsibilities.

This clause transforms the abstract principle of "resource guarantee" into specific, measurable requirements, providing clear guidance for enterprise resource allocation.

3. Systematic Quality Assurance

Article 8 [Quality Assurance]

Quality assurance is part of the quality management system. A quality assurance system shall be established with complete quality management system documentation to ensure the effective operation of the quality management system. The quality assurance system shall ensure:

1. Medical device design and development, production management, and quality control activities comply with the requirements of this Guīfàn;

2. Management responsibilities are clear;

3. Raw materials purchased and used are correct;

4. Intermediate products are effectively controlled;

5. Implementation of confirmation and validation;

6. Strict adherence to procedures for production and inspection;

7. Each batch (unit) of product is reviewed and approved before release;

8. Appropriate measures to ensure quality during storage, transportation, and subsequent various operations;

9. Monitoring and evaluation of entrusted production, external processing, procurement services, and other such activities.

Regarding the quality assurance system, the new regulation clearly lists nine aspects that must be ensured, forming a complete quality assurance closed loop, covering all links from input to output.

4. Procedural Change Control

Article 9 [Change Control]

Enterprises shall establish change control procedures, determine the type of change management based on the risk level of the change's potential impact on the safety, effectiveness, and quality controllability of the medical device, conduct corresponding reviews of the change, and obtain approval before implementation. If necessary, the change shall be verified and validated to ensure it does not adversely affect the product's safety, effectiveness, and quality controllability.

This article requires the establishment of change control procedures and determining the change management category based on the degree of risk. It emphasizes risk-based classified change management, requires prior control rather than post-event remediation, and ensures that changes do not adversely affect product safety, effectiveness, and quality controllability.

5. Diversified Continuous Improvement

Article 10 [Continuous Improvement]

Enterprises shall ensure the continuous improvement of the quality management system, product process performance, and product quality through methods such as quality data monitoring, corrective and preventive actions, change management, adverse event monitoring, quality risk management review, and management review.

This article clarifies various methods for continuous improvement, proposes "quality risk management review" as an improvement method, and requires enterprises to regularly review the effectiveness of risk control.

6. Institutionalized Quality Risk Management

Article 11 [Quality Risk Management]

Enterprises shall establish a quality risk management system, assess quality risks throughout the entire product realization process based on laws, regulations, standards, scientific knowledge, and experience, etc., and verify and implement quality risk control measures to ensure effective control of product quality risks.

Article 12 [Quality Risk Review]

Enterprises shall collect quality risk information throughout the product lifecycle and regularly conduct quality risk management reviews to ensure the continued effectiveness of quality risk management measures.

These two provisions together form a two-way closed loop for risk management, requiring enterprises to ensure the continued effectiveness of risk management measures through prospective risk assessment and retrospective effectiveness evaluation.

Impact on Enterprises and Response Suggestions

Immediate Action Items: Building a Risk-Based Quality Management System

1. Re-examine the Quality Objective System

Full Lifecycle Objective Mapping: Establish a target matrix corresponding to each stage of the product lifecycle, ensuring goals are measurable, monitorable, and traceable.

Target Decomposition and Assessment: Use methods like the Balanced Scorecard to decompose top-level quality objectives into departmental and individual key performance indicators, achieving linkage between quality performance and organizational performance.

2. Establish Systematic Quality Assurance Procedures

Gap Analysis and Rectification: Conduct a gap analysis between the current system and regulatory requirements based on the nine aspects required by Article 9 of the new regulation, and develop a prioritized rectification plan.

Upgrade Control of Outsourcing Links: Establish supplier quality files, clarify key terms of quality agreements for entrusted production (such as audit rights, data transparency, change notification, etc.).

3. Improve the Change Control System

Risk-Based Change Classification: Establish a change classification matrix, categorize changes into major, general, and minor levels based on the degree of impact on product safety and effectiveness, and set corresponding review, verification, and approval processes.

Digital Change Control: Introduce a change management system to achieve full-process electronic tracking of change applications, evaluation, approval, implementation, and effectiveness confirmation.

4. Build a Quality Risk Management System

System and Process Construction: Develop a "Quality Risk Management Control Procedure," clarifying methods and tools for risk identification, analysis, evaluation, control, and review.

Regular Risk Review: Establish a quarterly or semi-annual risk review mechanism, focusing on reviewing post-market data and the impact of supply chain changes on the effectiveness of risk control measures.

Medium to Long-Term Construction Points

Medium to Long-Term Construction Focus: From System Capability to Quality Culture

1. Data-Driven Quality Monitoring

Full Lifecycle Data Platform: Integrate data from systems such as ERP, PLM, QMS, and CRM to build a unified quality data lake supporting real-time monitoring and trend analysis.

Predictive Risk Warning: Use statistical analysis, machine learning, and other technologies to model quality data, achieving early warning and proactive intervention for quality risks.

2. Company-Wide Quality Culture Building

Implementation of Quality Responsibilities: Implement the requirement for "personnel at all levels to jointly participate" through methods such as decomposition of quality objectives, signing of quality responsibility statements, and linking quality performance to compensation incentives.

Quality Capacity Building: Develop a quality training curriculum system for personnel at different levels to enhance company-wide quality awareness and risk management skills.

3. Supply Chain Quality Collaboration

Extension of Supplier Quality System: Incorporate suppliers and outsourcing parties into the enterprise's quality assurance system through supplier quality agreements, joint audits, data sharing, etc.

Risk-Based Graded Management: Classify suppliers based on factors such as the type of products provided, historical performance, and audit results, and implement differentiated management strategies.

In January 2024, the US FDA incorporated ISO 13485 into the QSR, marking the trend towards harmonization of global medical device regulatory requirements. This Chinese revision draft reflects a similar mindset, emphasizing risk management throughout the entire lifecycle. The addition of the "Quality Assurance and Risk Management" chapter represents a fundamental shift in China's medical device regulatory paradigm: from static compliance-focused supervision to dynamic effectiveness-focused supervision; from segmented control to systematic management; from risk response to risk prevention. Enterprises should ensure the completion of system upgrades and capacity building during the transition period to gain a first-mover advantage in the new regulatory environment.