Complaint Handling Under the QMSR: What Has Changed
The transition from the legacy Quality System Regulation (QSR) to the Quality Management System Regulation (QMSR) has brought significant changes to how medical device manufacturers must manage customer complaints and feedback. Under the QMSR, complaint handling is governed by a combination of ISO 13485:2016 requirements and FDA-specific additions that together create a comprehensive framework for receiving, investigating, and responding to product complaints.
For decades, 21 CFR Part 820.198 governed complaint handling under the legacy QSR. Manufacturers built their complaint handling systems around these specific requirements, developing procedures, forms, and workflows designed to meet the prescriptive language of Part 820. With the QMSR, the regulatory foundation shifts to ISO 13485:2016 Clause 8.2.2 (Complaint Handling) and Clause 8.2.3 (Reporting to Regulatory Authorities), supplemented by FDA-specific requirements that address areas unique to U.S. regulatory expectations.
ISO 13485 Clause 8.2.2: The New Baseline
ISO 13485:2016 Clause 8.2.2 establishes the baseline requirements for complaint handling under the QMSR. This clause requires organizations to document procedures for receiving, reviewing, evaluating, investigating, and managing complaints in a timely manner. The standard defines a complaint as any written, electronic, or oral communication that alleges deficiencies related to the identity, quality, durability, reliability, usability, safety, or performance of a medical device that has been released from the organization’s control.
Key requirements under Clause 8.2.2 include documenting procedures for complaint handling, timely communication of complaint information to responsible parties, evaluating whether feedback constitutes a complaint, investigating complaints unless justification for non-investigation is documented, determining if complaints must be reported to regulatory authorities, managing complaint corrections or corrective actions, and maintaining records of all complaint handling activities.
The standard also requires that organizations handle complaints from any source, not just end users. This means that feedback from distributors, healthcare providers, service technicians, and even regulatory agencies must be captured and evaluated through the complaint handling process.
FDA-Specific Additions to Complaint Handling
The QMSR retains several FDA-specific requirements that go beyond what ISO 13485 mandates. These additions reflect the FDA’s focus on ensuring that complaint data drives both immediate corrective actions and systemic quality improvements.
One important FDA-specific requirement relates to the investigation of complaints. While ISO 13485 allows organizations to justify not investigating a complaint, the FDA-specific provisions under the QMSR establish stricter criteria for when investigation is required. In particular, complaints involving possible device failures, labeling errors, or use errors that could pose a safety risk generally require investigation under FDA expectations.
The QMSR also maintains the FDA’s expectation that complaint investigations include a determination of whether the complaint represents an event that must be reported under the Medical Device Reporting (MDR) regulation (21 CFR Part 803). This connection between complaint handling and MDR reporting is critical and must be clearly documented in the organization’s complaint handling procedures.
Building an Effective Complaint Handling System
An effective complaint handling system under the QMSR must address several key elements. The first is intake and documentation. Every complaint must be captured with sufficient detail to enable evaluation and, if necessary, investigation. This includes information about the complainant, the device involved, the nature of the complaint, any patient or user impact, and the date the complaint was received.
The second element is evaluation and triage. Not every piece of feedback requires the same level of response. Organizations need clear criteria for determining the severity and urgency of complaints, the need for investigation, the need for regulatory reporting, and the need for field actions or corrections. This triage process must be documented, consistent, and based on defined criteria rather than subjective judgment.
The third element is investigation. When investigation is required, it must be thorough, timely, and documented. Investigation activities should include gathering and preserving evidence, identifying the root cause or most probable cause, assessing the scope of the issue, determining appropriate corrective or preventive actions, and verifying the effectiveness of any actions taken.
The fourth element is trending and analysis. The QMSR, through ISO 13485, requires organizations to use complaint data as an input to their quality management system monitoring processes. This means trending complaint data to identify patterns, emerging issues, and opportunities for improvement. Trending should consider the types of complaints, the frequency of complaints, the severity of events reported, product lines or models involved, and geographic or demographic patterns.
Integrating Complaint Handling with CAPA
One of the most important aspects of complaint handling under the QMSR is the integration with the Corrective and Preventive Action (CAPA) system. Complaint data should be one of the primary inputs to CAPA, and the complaint handling procedure should include clear criteria for when a complaint or complaint trend triggers a CAPA investigation.
Under the QMSR, the CAPA system is expected to be robust and data-driven. Complaint trending data, combined with data from internal audits, process monitoring, nonconformance reports, and post-market surveillance, should form the basis for identifying systemic issues that require corrective or preventive action. Organizations that treat complaints in isolation, without connecting them to broader quality system data, will find their CAPA systems lacking in effectiveness and their compliance posture weakened.
Common Pitfalls in Complaint Handling
Several common pitfalls can undermine complaint handling compliance under the QMSR. Failure to capture all complaints is perhaps the most basic but also the most damaging. Organizations that allow complaints to be handled informally, outside the quality system, or that fail to recognize certain types of feedback as complaints, create significant compliance risk.
Inadequate investigation depth is another frequent finding. Investigations that stop at the immediate cause without exploring root causes, or that reach conclusions not supported by the evidence, weaken the organization’s ability to prevent recurrence and expose it to regulatory criticism.
Poor timeliness is also problematic. While neither ISO 13485 nor the QMSR specifies exact timelines for complaint handling, both expect that complaints are addressed in a timely manner. Organizations should define their own timeliness targets and monitor performance against them.
Finally, failure to connect complaint handling to MDR reporting remains a significant risk area. The FDA expects that complaint handling procedures include a specific evaluation step to determine whether each complaint represents a reportable event under Part 803. Organizations that do not systematically make this determination for every complaint create both compliance and patient safety risks.
Audit Considerations for Complaint Handling
During audits, experienced auditors look beyond procedure documentation to examine the actual execution of complaint handling processes. They review complaint records for completeness and timeliness, examine investigation reports for depth and objectivity, verify that trending is being performed and that trends are being acted upon, confirm that MDR reporting determinations are consistently documented, and assess whether complaint data is effectively feeding into the CAPA system.
An independent audit of your complaint handling system can reveal gaps that internal reviews may miss and provide valuable insights into how your system compares with industry best practices and regulatory expectations.
Partner with Qualyx Group
At Qualyx Group, we specialize in independent, audit-only services for regulated industries. Our experienced auditors bring deep domain expertise, bilingual capabilities, and an unwavering commitment to objectivity. Whether you need a gap analysis, a supplier audit, or preparation for an upcoming regulatory inspection, we are here to help.
Contact Qualyx Group today to discuss how our independent audit services can strengthen your quality system and support your compliance goals.