28
May
2025

Design Approval Requirements and Signatures

,
,
0

Design Approval Requirements and Signatures: Navigating 21 CFR 820 and ISO 13485

Medical device manufacturers often struggle with a fundamental question: What signature requirements apply to design input and design output approvals? Understanding how 21 CFR 820 Design Controls and ISO 13485 address design approvals is essential for achieving both compliance and operational efficiency. This post is a short explanation of design approval requirements and signatures.

21 CFR 820: Design Controls

Per 21 CFR 820.30, FDA regulations explicitly require documented approvals with signatures:

“The design input requirements shall be documented and shall be reviewed and approved by a designated individual(s). The approval, including the date and signature of the individual(s) approving the requirements, shall be documented.”

Design inputs for medical devices include requirements, specifications and user needs. Similarly, design outputs – which become part of the Device Master Record (DMR) – must be approved with the date and signature of approval captured.  Therefore, the requirement for documented signatures applies to both design inputs and design outputs.

ISO 13485: Quality Management System

While the ISO 13485 standard does not clearly mention signatures for approval, Section 7 – Product Realization requires that design inputs be “reviewed for adequacy and approved”.  Design outputs must also be “approved prior to release”.

In contrast to FDA’s more prescriptive approach, ISO 13485 focuses on the process and outcome of approvals but does not dictate the method of approval.  Although signatures and dates are not required by ISO 13485, they serve as objective evidence of approval. Therefore, to align with both 21 CFR 820 and ISO 13485, approvals for design inputs and design outputs should include a signature and date.

Use of Electronic Signatures

Neither 21 CFR 820 regulations nor ISO 13485 specify whether signatures must be wet ink (paper) or electronic. However, 21 CFR Part 11 permits the use of electronic signatures and considers them equivalent to handwritten signatures, provided they meet specific criteria, such as authentication, timestamping and reason for approval.  ISO 13485 allows organizations to define their own document control and approval processes under Section 4.2.4 – Control of Documents, which includes specifying the use of electronic signatures. Therefore, both frameworks accept electronic signatures when they are properly defined and implemented within the organization’s quality management system.

SoftwareCPR Training Courses:

IEC 62304 and other Emerging Standards Impacting Medical Device Software

Being Agile & Yet Compliant

ISO 14971 SaMD Risk Management

Software Risk Management

Medical Device Cybersecurity

Software Verification

IEC 62366 Usability Process and Documentation

Or just email training@softwarecpr.com for more info.

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.