All terms
Quality & RiskQuality System
Change Control
Formal QMS process for evaluating, approving, and implementing changes that could affect product quality or compliance.
Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026
Definition
Change control evaluates proposed changes to design, processes, suppliers, software, or labeling for impact on safety, performance, regulatory status, and validation status before approval and implementation. What the regulation says
Change control is a fundamental element of a quality management system, as outlined in FDA 21 CFR Part 820.30(i) for design changes and throughout ISO 13485:2016, specifically clause 4.2.4 for control of documents and clause 7.3.9 for design and development changes. It ensures that modifications to a medical device or its associated processes do not adversely affect safety, effectiveness, or compliance with applicable regulations, such as those detailed in EU MDR 2017/745 Annex I.What this means in practice
Tightly linked to Letter-to-File decisions, supplier change notifications, and PCCP boundaries for AI devices. Inadequate change-impact assessments are a frequent FDA inspection finding.Examples
- A MedTech company initiates a change control to update the software algorithm of an infusion pump to improve dose accuracy, requiring re-validation and regulatory submission.
- A manufacturer of surgical instruments implements a change control to approve a new supplier for a critical component, necessitating supplier qualification and impact assessment on existing device validations.
- A diagnostic device firm uses change control to revise its labeling to include updated warnings based on post-market surveillance data, ensuring compliance with EU MDR Annex I, Section 23.4. (Warnings and precautions).
Common pitfalls
- •Failing to document the rationale for not performing a full re-validation after a minor design change is a common pitfall.
- •Implementing a software update without assessing its impact on cybersecurity and existing clinical claims can lead to significant issues.
- •Not involving all relevant functional areas, such as regulatory affairs or cybersecurity, in the change assessment process is a frequent mistake.
- •Overlooking the cumulative effect of multiple small changes on device performance or regulatory compliance can result in non-conformities.
- •Skipping a formal risk assessment for proposed changes, as required by ISO 14971:2019, clause 6.2, is a critical error.
Frequently asked questions
The primary goal is to ensure that any modification to a medical device, its manufacturing process, or quality system documentation maintains or improves the safety, performance, and regulatory compliance of the device.
Cross-references
Related terms
Shared paths + categoryManufacturing
Supplier Controls
Procedures to ensure purchased products and services conform to requirements.
Manufacturing & Supply Chain · adjacent
Quality & Risk
Design Controls
Structured process governing the design of medical devices.
Same category
Regulatory
Letter to File(LTF)
Internal documentation justifying that a device change does not require a new 510(k) submission.
Software & AI
Predetermined Change Control Plan(PCCP)
FDA mechanism to pre-authorize specific modifications to AI/ML-enabled devices.
Quality & Risk
Biocompatibility
Ability of a material to perform with an appropriate host response in a specific application.
Manufacturing & Supply Chain
Manufacturing
Design Transfer
Translating design into production specifications.
Manufacturing & Supply Chain · adjacent
Latest in MedTech
Primary references
3 sourcesLink health: 3 verified· last checked 2026-06-20
eCFR·1FDA·1ISO·1
- 121 CFR 820.30(i)VerifiedeCFRecfr.gov
- 2FDA - Quality SystemsVerifiedFDAfda.gov
- 3ISO 13485 Standard PageVerifiedISOiso.org
Inline markers like [1] jump to the matching reference above.