ISO 13485 Clause 7.3: Design and Development (Design Controls)

Clause 7.3 gaps turn into audit findings fast

ISO 13485 Clause 7.3 is not about collecting design documents. It is about proving that design and development were controlled from planning through transfer and change control.

Most teams do not fail because they have no DHF. They fail because inputs, outputs, reviews, verification, validation, and transfer do not trace cleanly under audit.

Use this page to identify your design-control gaps, choose the right implementation path, or request direct support.

Check My Design Controls Gaps Request Design Controls Support
1 1

Use this if you need one aligned design-control system covering planning, inputs, outputs, review, verification, validation, transfer, and change control.

Design Controls Execution System (ISO 13485 Clause 7.3)

$499.00 USD
$499.00 USD
Sale Sold out
View full details
ISO 13485 Clause 7.3 Design and Development Controls

ISO 13485 Clause 7.3: Design Controls, DHF Requirements, Verification, Validation, Transfer, and Design Change Control

ISO 13485 Clause 7.3 is the medical device design and development clause that auditors use to test whether your design control system is actually working. It is reviewed as a trace: design and development planning, approved design inputs, controlled design outputs, formal design review, design verification, design validation, design transfer, and controlled design changes. A strong Design History File (DHF) is not just a document set. It is objective evidence that your development process is controlled, traceable, and audit-ready.

Understand Clause 7.3 Requirements Shop Clause 7.3 Solutions Request Design Controls Support
Clause 7.3 Subclauses What Auditors Check Common Audit Gaps Solutions by Need FAQ

What this page answers

This page is designed to answer the questions buyers, QA/RA teams, startup founders, and auditors usually have around ISO 13485 Clause 7.3: what design controls require, what a DHF should contain, what the difference is between design verification and design validation, how design transfer should be evidenced, and how design changes should be assessed and controlled.

What ISO 13485 Clause 7.3 actually covers

ISO 13485 Clause 7.3 covers design and development controls for medical devices. In practical terms, it requires a company to prove how product requirements were defined, how those requirements were translated into outputs, how review decisions were made, how design verification and design validation were executed, how the released design was transferred into production, and how later design changes were assessed and controlled.

For most medical device businesses, Clause 7.3 is one of the highest-risk audit areas because it connects product realization, risk management, document control, traceability, technical evidence, and change control. If the trace between those elements is weak, auditors usually find the weakness quickly.

7.3.1 Planning 7.3.2 Inputs 7.3.3 Outputs 7.3.4 Review 7.3.5 Verification 7.3.6 Validation 7.3.7 Transfer 7.3.8 Changes
7.3.1

Design and development planning

Define stages, responsibilities, interfaces, review gates, design and development deliverables, verification and validation strategy, and decision criteria before development accelerates.

7.3.2

Design inputs

Capture intended use, user needs, performance requirements, safety requirements, regulatory requirements, applicable standards, and risk control requirements as controlled design inputs.

7.3.3

Design outputs

Create controlled specifications, drawings, bills of material, software requirements, labeling, test methods, and other outputs that are sufficient for manufacture, inspection, release, and service where relevant.

7.3.4

Design review

Run formal design reviews with the right functions involved, clear gate decisions, assigned actions, due dates, closure logic, and objective evidence that issues were resolved properly.

7.3.5

Design verification

Show that design outputs meet design inputs using defined methods, acceptance criteria, traceable evidence, controlled protocols, and defensible records generated before or during testing.

7.3.6

Design validation

Show that the final device meets intended use under defined use conditions using representative product, relevant users or use environments where needed, and a clear technical rationale.

7.3.7

Design transfer

Prove that the approved design became controlled production reality through DMR alignment, production-facing specifications, inspection criteria, training, release readiness, and first-build or implementation evidence.

7.3.8

Design changes

Control design changes through formal impact assessment across design outputs, design verification, design validation, risk, labeling, suppliers, production documents, and released configurations.

What auditors usually ask for first in ISO 13485 Clause 7.3

DHF structure and completeness

Auditors often start by checking whether the Design History File is a real design control system or just a folder of disconnected documents. They look for structure, logic, completeness, and traceability.

Design planning, inputs, and outputs

They sample whether planning was defined and followed, whether design inputs were approved and controlled, and whether design outputs are sufficiently detailed to support manufacturing, inspection, and release.

Design verification, design validation, and claims support

They frequently select one or more claims, intended-use assumptions, or risk controls and ask for the exact design verification or design validation evidence that supports them.

Design transfer and design change control

A common audit route is to take a recent design change and follow it into updated outputs, risk review, re-verification or re-validation decisions, and production-facing updates.

What makes Clause 7.3 fail in real audits

Traceability that looks good but cannot execute

A traceability matrix exists, but the team cannot clearly connect approved design inputs to outputs and then to objective design verification or design validation evidence.

Design reviews that are only meetings

Meeting notes record discussion but do not show formal decisions, accountable actions, closure dates, or evidence that open items were properly addressed.

Verification without solid acceptance criteria

Testing exists, but criteria were vague, retrospective, copied from elsewhere, or not linked back to controlled design inputs.

Validation that is not representative

Evidence exists, but the units, users, environments, or use conditions do not support the intended use or claims being made.

Weak design transfer evidence

The DHF appears complete, but manufacturing, inspection, labeling, or training records are still outdated, uncontrolled, or inconsistent with the released design.

Informal design changes

Changes were implemented through email, chat, or team discussion without formal impact assessment, risk review, or clear re-verification and re-validation logic.

Design verification vs design validation in ISO 13485

Design verification

Design verification answers the question: did we design the device correctly against defined requirements? It compares design outputs to design inputs and should use pre-defined methods, acceptance criteria, and objective evidence.

Design validation

Design validation answers the question: did we design the right device for its intended use? It focuses on whether the final device performs appropriately under actual or simulated use conditions with representative product.

What a good Design History File should demonstrate

A strong Design History File should show more than document existence. It should demonstrate development logic, controlled decision-making, traceability, objective technical evidence, and a clear link between planning, requirements, outputs, design review, verification, validation, transfer, and post-release changes.

  • Approved design and development plan
  • Controlled design inputs and design outputs
  • Formal design review evidence and closure records
  • Design verification and design validation records
  • Design transfer evidence into production or release controls
  • Controlled design change history with impact assessment

Shop by design-control gap

Best if your DHF is messy

DHF structure, index logic, and audit readiness

Choose this if your main problem is scattered records, weak file structure, poor traceability, or a Design History File that will not hold up well under auditor sampling.

DHF Essentials Toolkit Free DHF Audit Checklist Clause 7.3 Collection
Best if you need the full system

End-to-end design controls execution

Choose this if you need design planning, inputs, outputs, review, verification, validation, transfer, and design changes aligned into one working ISO 13485 Clause 7.3 operating system.

Design Controls Execution System Filled Examples Library QMS Core Systems
Best if risk and design are disconnected

Risk controls, design controls, and validation linkage

Choose this if risk controls are not clearly flowing into design inputs, outputs, verification, validation, design transfer, and design change decisions.

ISO 14971 Risk Management System Risk Management Collection ISO 14971 Blog
Best for design-led startups

Design-only or R&D-focused system buildout

Choose this if your business is design-led and you need a broader ISO 13485 operating structure around R&D instead of isolated templates.

QMS-in-a-Box: Design-Only / R&D Design Control Training Kit Startup Manufacturer Solutions

Related pages for deeper implementation

Use these related pages if you want to connect Clause 7.3 to the wider ISO 13485 system, including product realization, documentation requirements, management responsibility, resources, services, and pricing.

Clause 7 Product Realization Clause Hub Clause 4 Clause 4.2 Clause 5 Clause 6 Medical Device QMS Blog Proof & Capabilities Services Pricing Contact Us

FAQ: ISO 13485 Clause 7.3, DHF, verification, validation, and design transfer

What is ISO 13485 Clause 7.3?

ISO 13485 Clause 7.3 is the design and development section of the medical device quality management system. It covers design planning, design inputs, design outputs, design review, design verification, design validation, design transfer, and design change control.

What is a DHF in ISO 13485?

A Design History File, or DHF, is the design and development evidence set showing that the device was developed in accordance with the approved design plan and applicable design control requirements.

What is the difference between design verification and design validation?

Design verification shows that design outputs meet design inputs. Design validation shows that the final device meets intended use under defined use conditions using representative product and appropriate evidence.

What do auditors ask for first in Clause 7.3?

Auditors usually ask for the DHF structure, design and development plan, approved design inputs, controlled design outputs, design verification and design validation evidence, and at least one design change with impact assessment and downstream updates.

Why does design transfer fail so often?

Design transfer often fails because the DHF appears complete while production, inspection, labeling, training, or release records do not reflect the approved final design.

How do design changes create major nonconformities?

Design changes create major findings when impact assessment is weak, risk review is incomplete, re-verification or re-validation decisions are missing, or updated outputs do not flow into production-facing records and released configurations.

How do I prepare for an ISO 13485 design controls audit?

Prepare by making sure your design and development plan, design inputs, design outputs, design review records, design verification, design validation, design transfer evidence, and design change controls are complete, approved, controlled, and traceable.

ISO 13485 Clause 7.3 Diagnostic

Design Controls Gap Checker: Assess Whether Your Design and Development System Is Complete, Traceable, and Audit-Ready

This design controls gap checker is built for medical device teams that need a serious view of whether their ISO 13485 Clause 7.3 design and development system will hold up in audit. Assess the maturity of your design planning, inputs, outputs, traceability, design review, verification, validation, design transfer, DHF structure, and design change control, then move into the right solution path for remediation, implementation, or audit readiness.

What this tool checks

Design controls usually fail for one of five reasons: planning is weak, design inputs and outputs do not trace cleanly, design review decisions are poorly evidenced, verification and validation are not tightly linked to requirements and claims, or design transfer and change control do not hold together operationally. This tool is designed to catch those high-risk patterns early.

Planning Design Inputs Design Outputs Traceability Design Review Verification Validation DHF Transfer Changes

Who this is for

  • Medical device startups building a first design control system
  • QA/RA teams preparing for ISO 13485 or surveillance audits
  • Businesses with fragmented or inherited DHF structures
  • Teams with weak verification, validation, or traceability logic
  • Companies needing design transfer or design change remediation

Complete the design controls diagnostic

Answer every question to generate a full design controls maturity score, domain breakdown, priority remediation view, and best-fit next step.

1. Do you have a documented design and development plan with defined stages, responsibilities, interfaces, and review gates?

Without a structured design plan, the rest of Clause 7.3 usually becomes reactive, inconsistent, or difficult to defend.

2. Are design inputs complete, approved, and clearly linked to intended use, user needs, regulatory requirements, and risk controls?

Weak or incomplete design inputs create downstream failure across outputs, verification, validation, and change impact assessment.

3. Are design outputs controlled and detailed enough to support manufacturing, inspection, release, labeling, and downstream use?

Outputs should be operationally usable, not just technically descriptive.

4. Can you clearly trace design inputs to design outputs and then to verification and validation evidence?

This is one of the most common places where Clause 7.3 collapses under auditor sampling.

5. Is your Design History File structured in a way that forces completeness, traceability, and controlled retrieval?

A DHF should be more than a storage folder. It should make design control logic visible and defensible.

6. Are design reviews formal, with gate decisions, action owners, deadlines, and evidence of closure?

Meeting notes alone do not show real design review control.

7. Is design verification planned with defined methods, objective acceptance criteria, and controlled execution records?

Verification should prove outputs meet inputs with criteria set before testing, not rewritten after results are known.

8. Is design validation based on intended use, representative product, relevant users or use conditions, and a defensible rationale?

Validation is often present in name but weak in representativeness or intended-use linkage.

9. Are claims, risk controls, and intended-use assumptions clearly supported by linked verification or validation evidence?

This is where auditors often pull one claim or one risk control and ask for the exact supporting evidence.

10. Is design transfer clearly evidenced into production, inspection, release, training, and controlled production-facing documentation?

Design transfer fails when the design file looks complete but production reality has not caught up.

11. Are design changes formally reviewed for impact across outputs, verification, validation, risk, labeling, suppliers, and released configurations?

Change control is one of the fastest ways for a Clause 7.3 weakness to become a major finding.

12. Are design changes consistently documented, approved, traceable, and reflected in downstream records?

Informal change practices create control gaps even when teams think they are moving quickly.

Answer every question to receive a full design controls diagnostic.
Overall Score
0%
Band

Your design controls result

Planning & Inputs

0%

Design planning, interfaces, intended use, user needs, and controlled inputs.

Outputs & Traceability

0%

Design outputs, DHF structure, and input-to-output-to-evidence traceability.

Review, Verification & Validation

0%

Formal design review, verification logic, validation strength, and evidence linkage.

Transfer & Change Control

0%

Design transfer into operations and formal design change control.

Highest-priority gaps to address

    What a focused remediation review should cover

      Best if you want the full system

      Design Controls Execution System for teams needing an end-to-end Clause 7.3 operating structure.

      View Solution

      Best if your DHF is messy

      DHF Essentials Toolkit for teams needing structure, indexing logic, and stronger audit readiness.

      View Toolkit

      Best if you need direct help

      Design Controls Support for remediation, implementation, audit preparation, or rapid gap closure.

      Contact Us

      Request a focused design controls review

      Submit your details and receive a practical next-step view based on your design controls score profile. This is best suited to medical device businesses preparing for Clause 7.3 remediation, DHF cleanup, verification and validation strengthening, design transfer improvement, change-control correction, or audit readiness work.

      Prefer Klaviyo? Replace this contact form with your embed and map the hidden fields into your form capture.

      Get Audit-Ready in 4 Weeks

      Browse our Design & Development Product Collection

      View all

      Need Clause 7.3 fixed end-to-end, not just explained?

      If your team is preparing for ISO 13485 certification, repairing design-control gaps, cleaning up design changes, or tightening DHF and transfer logic before scale, Clause 7.3 usually needs more than scattered templates. It needs a working structure that connects requirements, risk, design records, V&V, production handoff, and change control into one defendable system.

      Use the products above if you already know the gap. Use our services if you need design controls built, repaired, or integrated properly into the rest of your QMS.

      View PricingContact Us