MedTech & QMS Glossary

A reference guide to key terms used in medical device quality management, regulatory compliance, and eQMS implementation. Each definition includes context on why the term matters for medical device manufacturers operating under FDA, ISO 13485, and EU MDR requirements.

1. eQMS (Electronic Quality Management System)

DEFINITION
An eQMS (Electronic Quality Management System) is a cloud-based or web-based software platform that digitizes and automates the quality management processes required for regulatory compliance in medical device, life sciences, and pharmaceutical companies. It replaces paper-based and manual quality systems with integrated digital workflows for document control, CAPA, audits, training, supplier management, and other quality functions.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Regulatory bodies including the FDA and ISO require medical device manufacturers to maintain a documented, controlled quality management system. An eQMS ensures those requirements are met consistently, with built-in audit trails, electronic signatures, and automated workflows that reduce compliance risk and administrative burden.

Related terms: QMS | 21 CFR Part 11 | ISO 13485 | Document Control | CAPA

2. QMS (Quality Management System)

DEFINITION
A Quality Management System (QMS) is a formalized framework of policies, processes, procedures, and records that an organization uses to achieve quality objectives and meet regulatory requirements. For medical device companies, a QMS defines how products are designed, manufactured, tested, and distributed in a way that meets applicable standards such as ISO 13485 and FDA 21 CFR Part 820.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
A compliant QMS is a regulatory requirement for medical device manufacturers in most markets worldwide. It provides the documented evidence needed during FDA inspections, ISO audits, and CE marking assessments that the company is producing safe, effective devices consistently.

3. CAPA (Corrective and Preventive Action)

DEFINITION
CAPA stands for Corrective and Preventive Action. A Corrective Action addresses a known quality problem or nonconformance by identifying the root cause and eliminating it. A Preventive Action identifies and eliminates the cause of a potential problem before it occurs. Together, CAPA is one of the most critical quality system processes for medical device companies under FDA 21 CFR Part 820 and ISO 13485.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
CAPA is one of the most frequently cited areas in FDA warning letters and 483 observations. A well-managed CAPA process demonstrates that a company can identify, investigate, and resolve quality issues systematically — which is essential for maintaining regulatory standing and protecting patient safety.

4. 21 CFR Part 11

DEFINITION
21 CFR Part 11 is the section of the US Code of Federal Regulations that establishes the requirements for electronic records and electronic signatures used in FDA-regulated industries. It defines the technical and procedural controls that must be in place for electronic records to be considered trustworthy, reliable, and equivalent to paper records. Requirements include audit trails, access controls, user authentication, and the ability to generate accurate copies of records.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Any medical device company using an electronic quality management system must ensure that system complies with 21 CFR Part 11. Non-compliance can invalidate electronic records during FDA inspections and result in warning letters or consent decrees.

Related terms: Electronic Signatures | eQMS | Audit Trail | FDA 21 CFR Part 820

5. FDA 21 CFR Part 820 (Quality System Regulation / QMSR)

DEFINITION
FDA 21 CFR Part 820, also known as the Quality System Regulation (QSR) and recently updated as the Quality Management System Regulation (QMSR), is the FDA’s regulation governing the methods, facilities, and controls used in the design, manufacture, packaging, labeling, storage, installation, and servicing of medical devices sold in the United States. The QMSR update, effective February 2026, aligns the regulation more closely with ISO 13485:2016.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Compliance with 21 CFR Part 820 / QMSR is mandatory for medical device manufacturers selling products in the US market. FDA inspections verify compliance with these requirements, and violations can result in product recalls, warning letters, import alerts, or injunctions.

Related terms: ISO 13485 | CAPA | Design Controls | Document Control | 21 CFR Part 11

6. ISO 13485

DEFINITION
ISO 13485 is the internationally recognized standard specifying requirements for a quality management system specific to organizations involved in the design, production, installation, and servicing of medical devices. The current version, ISO 13485:2016, covers the full lifecycle of medical device development and is required for regulatory submissions in Canada, the European Union, Australia, Japan, and many other markets.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
ISO 13485 certification demonstrates to regulators, customers, and partners that a medical device company has a robust, audited quality system. It is a prerequisite for CE marking under EU MDR and is widely recognized as the foundation for a compliant global QMS.

Related terms: EU MDR | FDA 21 CFR Part 820 | MDSAP | eQMS | Design Controls

7. EU MDR (EU Medical Device Regulation 2017/745)

DEFINITION
The EU Medical Device Regulation (MDR) 2017/745 is the European Union’s regulatory framework governing the safety, performance, and quality of medical devices sold in the European market. It replaced the previous Medical Device Directive (MDD) and introduced significantly stricter requirements for clinical evidence, post-market surveillance, unique device identification (UDI), and quality system compliance. Full application of EU MDR began in May 2021 for most device classifications.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Medical device companies selling in the EU must demonstrate compliance with EU MDR to obtain or maintain CE marking. The regulation requires an ISO 13485-aligned QMS, robust clinical data, and ongoing post-market surveillance — all of which an eQMS helps manage and document.

Related terms: ISO 13485 | CE Marking | Post-Market Surveillance | CAPA | Document Control

8. MDSAP (Medical Device Single Audit Program)

DEFINITION
MDSAP is an international program that allows a single regulatory audit of a medical device manufacturer’s quality management system to satisfy the requirements of multiple participating regulatory authorities simultaneously. Current MDSAP members include the FDA (USA), Health Canada, TGA (Australia), ANVISA (Brazil), and PMDA (Japan). An MDSAP audit assesses compliance with the QMS requirements of all participating markets in a single audit cycle.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
For medical device companies selling in multiple MDSAP member markets, a single MDSAP audit can replace separate regulatory inspections from each country’s authority, significantly reducing audit burden and cost.

Related terms: ISO 13485 | FDA 21 CFR Part 820 | Audit Management | eQMS

9. Design History File (DHF)

DEFINITION
A Design History File (DHF) is a compilation of records that describes the design history of a finished medical device. Required under FDA 21 CFR Part 820 and ISO 13485, the DHF documents the full design and development process, including design inputs, design outputs, design reviews, verification and validation activities, design changes, and the final device master record. The DHF must demonstrate that the device was developed in accordance with the approved design plan.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
The DHF is one of the primary documents reviewed during FDA inspections for Class II and Class III medical devices. Incomplete or disorganized DHFs are a common source of 483 observations. Maintaining an electronic DHF within a Design Control module ensures records are always current, linked, and audit-ready.

Related terms: Design Controls | Device Master Record | Design Inputs | Design Outputs | FDA 21 CFR Part 820

10. Design Controls

DEFINITION
Design Controls are a set of practices and documentation requirements defined in FDA 21 CFR Part 820 Subpart C and ISO 13485 Section 7.3 that govern how medical devices are designed and developed. Design controls cover the full development lifecycle including design planning, design inputs and outputs, design reviews, design verification and validation, design transfer, and design changes. They are intended to ensure that the device meets user needs and regulatory requirements before it reaches the market.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Design controls are required for Class II and Class III medical devices in the US and for most device classifications under ISO 13485 globally. They provide the documented evidence that device performance and safety requirements were systematically defined, verified, and validated — which is essential for FDA 510(k) submissions and PMA applications.

Related terms: Design History File | Design Inputs | Design Outputs | Verification and Validation | Requirements Management

11. Document Control

DEFINITION
Document Control is the quality management process for creating, reviewing, approving, distributing, updating, and retiring controlled documents within a quality management system. Controlled documents include standard operating procedures (SOPs), work instructions, forms, specifications, and policies. Document control ensures that only current, approved versions of documents are in use and that changes are tracked, reviewed, and approved before implementation.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Inadequate document control is one of the most common citations in FDA 483 observations. A robust document control system ensures that employees are working from current, approved procedures — reducing the risk of nonconformances and providing a clear audit trail for regulators.

12. Change Control

DEFINITION
Change Control is the formal process for managing, reviewing, approving, and documenting changes to products, processes, equipment, software, or documentation within a quality management system. In the medical device industry, change control ensures that any change — whether to a product design, manufacturing process, or controlled document — is evaluated for its impact on safety, performance, and regulatory compliance before being implemented.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Uncontrolled changes are a major source of quality failures and regulatory citations in the medical device industry. A formal change control process ensures that changes are evaluated, approved, and implemented consistently — and that the full impact on the quality system and regulatory submissions is documented.

Related terms: Document Control | Design Controls | CAPA | Device Master Record

13. Audit Trail

DEFINITION
An audit trail is a secure, computer-generated, time-stamped electronic record that captures the sequence of activities relating to the creation, modification, or deletion of an electronic record. Under FDA 21 CFR Part 11, audit trails are required for electronic records in regulated environments and must be computer-generated, date and time stamped, and capable of identifying the operator performing each action. Audit trails cannot be modified or deleted by end users.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Audit trails provide regulators with irrefutable evidence of who did what, when, and in what system. They are essential for demonstrating 21 CFR Part 11 compliance and for investigating quality events where the sequence of record-keeping activities is relevant to the root cause.

Related terms: 21 CFR Part 11 | Electronic Signatures | eQMS | Document Control

14. Electronic Signatures

DEFINITION
An electronic signature, as defined under FDA 21 CFR Part 11, is a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. Electronic signatures in regulated environments must be linked to the specific individual, include the date and time of signing, and capture the meaning of the signature (e.g., approved, reviewed, authored). They must also be non-repudiable and protected against unauthorized use.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Electronic signatures replace handwritten signatures in electronic quality systems, enabling paperless approval workflows. Compliance with 21 CFR Part 11 requirements for electronic signatures is essential for FDA-regulated companies using eQMS platforms.

Related terms: 21 CFR Part 11 | Audit Trail | Document Control | eQMS

15. Nonconforming Materials (NCM / NCMR)

DEFINITION
A Nonconforming Material (NCM) refers to any product, component, material, or service that does not meet specified requirements. A Nonconforming Material Report (NCMR) is the formal record used to document, evaluate, and disposition nonconformances within a quality management system. Disposition options typically include rework, repair, acceptance under concession, rejection, or scrap. NCMRs may trigger CAPA processes if the nonconformance represents a systemic issue.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Tracking and dispositioning nonconforming materials is a requirement under ISO 13485 and FDA 21 CFR Part 820. Failure to properly control nonconforming product can result in defective devices reaching patients, leading to adverse events, recalls, and regulatory action.

Related terms: CAPA | Complaint Handling | Supplier Management | Quality Management System

16. Risk Management (ISO 14971)

DEFINITION
Risk Management in the medical device context refers to the systematic application of policies, procedures, and practices to analyze, evaluate, control, and monitor risks associated with a medical device throughout its lifecycle. ISO 14971:2019 is the internationally recognized standard for the application of risk management to medical devices. It defines a risk management process covering hazard identification, risk estimation, risk evaluation, risk control, and residual risk assessment.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
ISO 14971 compliance is required for CE marking under EU MDR and is aligned with FDA design control expectations. A documented risk management file demonstrating that risks have been identified, evaluated, and reduced to acceptable levels is a core component of regulatory submissions and clinical evaluations.

Related terms: FMEA | Design Controls | ISO 13485 | EU MDR | Design History File

17. FMEA (Failure Mode and Effects Analysis)

DEFINITION
Failure Mode and Effects Analysis (FMEA) is a systematic, proactive risk analysis method used to identify potential failure modes in a product, process, or system, assess their effects on performance and safety, and prioritize actions to mitigate the highest risks. In medical device development, FMEA is commonly applied at three levels: Design FMEA (dFMEA) for product design risks, Process FMEA (pFMEA) for manufacturing process risks, and Use FMEA (uFMEA) for use-related hazards and user errors.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
FMEA is a core tool for demonstrating ISO 14971 compliance and is widely used in FDA submissions to document risk analysis activities. A structured FMEA process ensures that design and process risks are identified early — before they can affect patients or trigger costly post-market corrective actions.

Related terms: Risk Management | ISO 14971 | Design Controls | CAPA

18. Supplier Management & SCAR (Supplier Corrective Action Request)

DEFINITION
Supplier Management in the medical device context encompasses the processes for qualifying, monitoring, evaluating, and managing suppliers of components, materials, and services that affect product quality. A Supplier Corrective Action Request (SCAR) is a formal request issued to a supplier when a quality issue related to their product or service is identified, requiring the supplier to investigate the root cause and implement corrective actions. Under ISO 13485, medical device companies must maintain an Approved Supplier List (ASL) and conduct periodic supplier re-evaluations.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Supplier quality directly affects device quality and patient safety. FDA 21 CFR Part 820 and ISO 13485 both require that suppliers of critical components be qualified and monitored. Poor supplier oversight is a common source of device nonconformances, field complaints, and recalls.

Related terms: Approved Supplier List | CAPA | Nonconforming Materials | Audit Management

19. Audit Management

DEFINITION
Audit Management in a quality management system refers to the planning, execution, documentation, and follow-up of internal, external, and supplier audits. Internal audits assess conformance with the organization’s own quality system requirements. External audits include audits conducted by regulatory bodies, notified bodies, and customers. Supplier audits evaluate the quality systems of critical suppliers. All audit findings, observations, and corrective actions must be formally documented and tracked.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
ISO 13485 requires medical device companies to conduct regular internal audits and maintain records of audit findings and follow-up actions. Effective audit management ensures that quality system gaps are identified and resolved proactively — before they are discovered by external regulators.

Related terms: CAPA | Supplier Management | Training Management | ISO 13485

20. Training Management

DEFINITION
Training Management in a quality management system refers to the processes for defining, assigning, delivering, tracking, and documenting employee training on quality system procedures, regulations, and job-specific competencies. Under ISO 13485 and FDA 21 CFR Part 820, medical device companies must ensure that all personnel performing quality-related activities are competent, with competence established through appropriate education, training, or experience — and that training records are maintained.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Inadequate training records are a frequent finding in FDA 483 observations. An automated training management system ensures that employees are trained on the latest document revisions, that training completions are tracked and documented, and that training records are available for regulatory inspections without manual compilation.

Related terms: Document Control | Audit Management | eQMS | ISO 13485

21. IQ / OQ / PQ (Installation, Operational, and Performance Qualification)

DEFINITION
IQ (Installation Qualification), OQ (Operational Qualification), and PQ (Performance Qualification) are the three stages of validation used to verify that equipment, systems, or software performs as intended in a regulated environment. IQ verifies that the system is installed correctly. OQ verifies that it operates within defined parameters. PQ verifies that it consistently performs as intended in the actual production environment. Together, IQ/OQ/PQ provide documented evidence that a validated system meets its intended use.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
FDA 21 CFR Part 820 and ISO 13485 require that equipment and software used in medical device manufacturing and quality management be validated. For eQMS platforms, IQ/OQ/PQ documentation provides the evidence needed to demonstrate that the system is suitable for its intended use in a regulated environment.

Related terms: 21 CFR Part 11 | eQMS | Computer Software Assurance | Design Validation

22. 510(k) Clearance

DEFINITION
A 510(k) is a premarket submission made to the FDA to demonstrate that a medical device is substantially equivalent in intended use and technological characteristics to a legally marketed predicate device. 510(k) clearance is the most common pathway to market for Class II medical devices in the United States. The submission must include device description, intended use, comparison to the predicate device, performance testing data, and — for devices with software — a software description.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
510(k) clearance is required before most Class II medical devices can be commercially distributed in the US. A well-maintained QMS with complete Design History File, risk management file, and verification and validation documentation significantly simplifies the 510(k) submission process and reduces the likelihood of FDA additional information requests.

Related terms: Design Controls | Design History File | FDA 21 CFR Part 820 | Verification and Validation

23. Post-Market Surveillance (PMS)

DEFINITION
Post-Market Surveillance (PMS) is the systematic process of collecting, recording, and analyzing data related to the safety, quality, and performance of a medical device after it has been placed on the market. PMS includes monitoring complaint handling, medical device reports (MDRs), field safety corrective actions, published literature, and registry data. EU MDR 2017/745 has significantly strengthened PMS requirements, requiring proactive surveillance activities and regular Post-Market Surveillance Reports (PMSR) or Periodic Safety Update Reports (PSUR) depending on device classification.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Post-market surveillance is a regulatory requirement in the EU and US. Under EU MDR, inadequate PMS documentation is one of the most common reasons for delayed CE marking renewals. A connected eQMS links complaint data, CAPA records, and field reports — making PMS reporting significantly more efficient.

Related terms: Complaint Handling | CAPA | EU MDR | Medical Device Report

24. Complaint Handling

DEFINITION
Complaint Handling in the medical device context refers to the formal process for receiving, recording, investigating, and responding to feedback from customers, patients, or users that alleges a deficiency in a device’s identity, quality, durability, reliability, safety, effectiveness, or performance. Under FDA 21 CFR Part 820.198 and ISO 13485, medical device companies must maintain a documented complaint handling procedure and investigate all complaints that could represent a reportable event.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
Complaint handling is a critical signal system for post-market quality issues. Complaints that indicate device malfunction, injury, or death must be reported to the FDA as Medical Device Reports (MDRs). A structured complaint handling process connected to CAPA ensures that systemic issues are identified and addressed before they affect more patients.

Related terms: CAPA | Post-Market Surveillance | Medical Device Report | Nonconforming Materials

25. Root Cause Analysis (RCA)

DEFINITION
Root Cause Analysis (RCA) is a structured problem-solving methodology used to identify the fundamental cause of a quality problem, nonconformance, or adverse event — rather than addressing only its symptoms. Common RCA tools in the medical device industry include the 5 Whys, Fishbone (Ishikawa) diagrams, Fault Tree Analysis (FTA), and Failure Mode and Effects Analysis (FMEA). Under FDA and ISO requirements, CAPA investigations must include a root cause analysis to demonstrate that the corrective action addresses the actual cause of the problem.

WHY IT MATTERS FOR MEDICAL DEVICE COMPANIES
A CAPA process without adequate root cause analysis is one of the most common FDA 483 observations. Regulators expect documented evidence that the root cause was identified through a structured methodology, not assumed, and that the corrective action directly addresses that root cause rather than just the symptom.