medtech quality and compliance: what you need to know · 2019-11-21 · 6 medtech quality and...
TRANSCRIPT
An eBook
Sponsored by:
Quality Device HistoryRecords
Patient Safety Transport &Storage
materials Verification& Validation
Inspections
Medtech Quality and Compliance: What You Need to Know
To see the animated version of this eBook, Click here
CONTENTS
2 Medtech Quality and Compliance: What You Need to Know Sponsored by
28 The Six 2015 FDA Guidance Documents You Need to Know
33 Business Strategy for Unique Device Identifier Adoption
39 FDA Opens GUDID to the Public
41 Medtech Manufacturers Rev Up ISO 13485 Certifications and Design Solutions
3 How the ISO 9001:2015 Revision Affects Medical Device Companies
7 Up to Code: Implementing a Quality System
11 This Advice Will Help You Improve Your Device History Records
14 The Medtech OEM’s Guide to Contracting for Services
20 Q&A - Navigating the Medical Regulatory Landscape: Our Experts Answer Key Questions
Page 44
3 Medtech Quality and Compliance: What You Need to Know Sponsored by
The 2015 revision of the
ISO 9001 quality standard
contains fundamental
changes to the structure and
contents of the standard and
offers a preview of some revisions to
ISO 13485 expected in the coming year.
ISO recently published quality
management system (QMS) standard
ISO 9001:2015. As a result, regulated
companies with or that are seeking ISO
9001 certification now have three years
to meet the QMS requirements in the
2015 edition of the standard.
The 2015 version follows a new,
higher-level structure developed
by ISO to ensure that management
system standards are aligned with a
set of common requirements. All ISO
management system standards are
now required to adopt the structure,
with the purpose of making it easier
for organizations to address the
requirements of more than one ISO
management system standard within a
single, integrated system.
Additional key changes in ISO
9001:2015 include the following:
• Greater emphasis on risk-
based thinking as a basis for the
management system.
• Fewer prescriptive requirements.
Walt Murray, Director of Quality and Compliance Consulting Services, MasterControl
How the ISO 9001:2015 Revision Affects Medical Device Companies
4 Medtech Quality and Compliance: What You Need to Know Sponsored by
• Increased emphasis on
organizational context.
• Major focus on achieving value for
the organization and its customers.
• More flexibility regarding
documentation.
• Enhanced leadership involvement
in the management system.
One of the key changes in the 2015
revision is an explicit requirement
for risk-based thinking to support
and improve the understanding and
application of the process approach.
In fact, risk is covered in nearly every
section of ISO 9001:2015, and there
are considerable changes to the
application of risk.
Risk-based thinking makes
preventive action part of strategic and
operational planning, so reference to
preventive action has been replaced
with “actions to address risks and
opportunities” in ISO 9001:2015.
The standard now requires that
organizations and top management
identify—from a risk-management
perspective—and address any internal
5 Medtech Quality and Compliance: What You Need to Know Sponsored by
and external factors that may affect
their QMS’s ability to deliver intended
results to customer requirements.
ISO 9001: 2015 Helps Forecast Forthcoming ISO 13485 ChangesThe updated standard directly
affects all kinds of manufacturing
organizations, including medical
device manufacturers. The changes
also have implications for other
standards, including ISO 13485,
which outlines QMS requirements for
medical devices.
For medical device manufacturers,
the publication of ISO 9001:2015 offers
something of a preview of forthcoming
revisions to ISO 13485, as corresponding
changes are expected to follow.
ISO 13485 is often harmonized
with ISO 9001. Whereas ISO 9001
can be used by any company within
any industry sector, ISO 13845
is tailored specifically to medical
device companies. Currently, ISO
is in the process of finalizing draft
international standard (DIS) ISO
13485:201X, which is expected
to shift to a similar orientation
as 9001:2015. Medical device
companies will then have three years
to transition to the new ISO 13485.
As such, ISO 9001:2015 can help
medical device manufacturers anticipate
some changes that will eventually be
reflected in the ISO 13485 standard.
For instance, the final ISO 9001:2015
standard and the DIS of 13485 have
increased representation of risk.
Like the final ISO 9001:2015, the DIS of
ISO 13845 places significant emphasis
on risk management and stating that
a risk-based approach is needed when
developing processes. Preventative
maintenance is not enough. Anything
6 Medtech Quality and Compliance: What You Need to Know Sponsored by
the medical device company does that
affects the QMS must be viewed from
a risk perspective. It requires device
manufacturers, as well as their sub-tier
suppliers and contractors, to apply risk
management and risk analysis from
product development through product
realization.
Like ISO 9001:2015, when processes
are outsourced, the DIS of ISO 13485
wants organizations to look at controls
from a risk perspective. If a supplier fails
to meet specifications, how will that
affect the organization’s quality system?
Risk is further emphasized in a
number of other areas of the DIS of
ISO 13485, including human resources.
If an employee is incompetent, what
are the risks to quality?
For medical device manufacturers
providing life-enhancing products,
there are risks in all systems,
processes, and functions. That is why
in the medical device industry, where
safety to the patient and consumer
is paramount, risk management is a
critical part of all processes.
With both ISO 9001:2015 and DIS ISO
13845 emphasizing a more risk-based
view of the entire quality system,
medical device manufacturers should
be working now on incorporating the
concepts of risk management and
risk-based thinking to ensure that risk
is considered from the beginning and
throughout the quality system.
7 Medtech Quality and Compliance: What You Need to Know Sponsored by
A quality system can
be a big help or a big
headache. Here are tips
on how to put the right
quality system in place.
For startup executives, quality
systems can be a financial drain.
When poorly implemented, they can
even be an impediment to product
and business development. But a
well-implemented quality system, on
the other hand, can be an important
tool for business risk mitigation. An
ineffective “one-size-fits all” quality
system that is poorly implemented
can result in a litany of rigid rules,
procedures, and mountains of
paperwork, but a strategically
developed quality system—carefully
customized to fit a budding company—
can ensure that the product or service
meets the needs of the customer,
the market, and the regulatory
environment in a safe, effective, and
cost-efficient manner.
A comprehensive quality system
that works in tandem with a good
business plan provides a documented
policy for ensuring that the final
product meets both internal and
external requirements. Such a system
essentially detects and prevents
defects throughout the development
Katherine Cox, Senior Director of Quality Assurance, Procyrion, Inc.
Up to Code: Implementing a Quality System
8 Medtech Quality and Compliance: What You Need to Know Sponsored by
lifecycle. A good quality system
identifies the regulatory environment;
the clinical need and business case of
the product or service; the customer
and product requirements and risks;
the development of prototypes; and,
finally, the execution of product
commercialization. It pushes for
continuous development improvement
and requires frequent feedback for
process review.
Startup CEOs face two main
questions: timing and level of quality.
Not surprisingly, the most cost-
effective point for startups to
implement a quality system is at the
beginning of the product development
process. Defining the company’s
product development roadmap up
front ensures that regulatory agency
requirements are established,
understood, and executed by the
entire development team and then
successfully met. The consequences
for not adopting a quality system early
in the development process could
mean incomplete identification of the
product’s clinical, customer (user and
patient), and regulatory path needs.
Moreover, failure to establish accurate
product requirements, and/or failure
9 Medtech Quality and Compliance: What You Need to Know Sponsored by
to access product use and design
risks in order to establish verifiable
risk mitigation strategies, can result in
significant financial costs if the product
does not meet customer and market
needs, if the product fails verification
and validation, or if the product does
not perform as intended in the field.
Many emerging companies are
often sold on a “one-size-fits-all”
quality system. While compliant with
international and U.S. medical device
regulations, such systems typically
involve a suite of binders, documents,
and forms that don’t take into account
a company’s stage of development and
that may even call out departments
that don’t yet exist. These complicated
systems often end up on the shelf
after overwhelming a small startup
team with confusing documents
that don’t apply to the company.
On the other hand, a quality
system tailored to fit the scope of
a company’s business operations
can be strategically developed and
appropriately sized to grow with the
company, not the other way around.
QS development typically takes
into consideration the following:
• At the concept development
phase and the engineering
evaluation and development
planning phases of the product
development process, the quality
system planning elements should
include, at a minimum, processes
to fulfill the ISO 13485 and the
FDA Quality System Regulations,
including management review,
documentation controls,
personnel, and design controls.
• As the product evolves into
detail engineering design and
process development planning,
10 Medtech Quality and Compliance: What You Need to Know Sponsored by
the quality system elements for
purchasing controls, supplier
controls, production and process
controls, equipment calibration
and maintenance processes,
nonconforming product, and
corrective and preventive action
are added.
• Upon transition into pilot
production for design qualification
and product commercialization,
customer-related processes for
distribution, installation, servicing,
and complaint handling are
implemented into the quality
system.
Depending on the company’s
business strategy and regulatory
path, the most effective route is to
engage an experienced professional,
either as a consultant or as a full-time
resource, who will take into account
product development needs and
provide training in quality use and
implementation.
A company whose product approval
path is a 510(k) for a relatively
simple product design, and which
utilizes contract design firms and
manufacturing sources, is most likely
to engage a quality system consultant
throughout the entire product
development process. On the other
hand, a startup whose product is quite
complex, requiring clinical evaluation
for CE Mark or FDA PMA approval
and being developed internally and
externally, might initially work with a
quality system consultant, but would
eventually hire a permanent resource
as development progresses into
product realization and clinical use.
The best time to develop a quality
system is before it’s needed. Delay in
implementation can lead to financial
and personnel resource investments in
the development of a product that fails
to meet market approval or adoption.
11 Medtech Quality and Compliance: What You Need to Know Sponsored by
How easily can you trace
every lot, batch, or unit
of product? The answer is
important. In fact, it will be
a factor that defines your
medical device company’s ability to
prosper.
Between the FDA’s requirement for
unique device identifier (UDI) and the
regulatory scrutiny of device history
records (DHRs), traceability is always
a hot topic in the medical device
industry. But the challenge is that no
single department or system has the
entire answer. Traceability requires
information from across all aspects of
the operation.
Fortunately, modern information
systems can reach across the
organization to collect, collate and
assemble the DHR automatically,
without paper— creating the
electronic DHR (eDHR). But this is
not a straightforward IT issue and
is one that standard enterprise IT
applications such as enterprise
resource planning (ERP), business
intelligence (BI) and quality
management systems (QMS) are
not likely to be able to handle.
These applications aren’t designed
to handle the huge volume and
numerous variants of DHRs across
Julie Fraser, Principal and Founder, IYNO Advisors
This Advice Will Help You Improve Your Device History Records
12 Medtech Quality and Compliance: What You Need to Know Sponsored by
an organization, and are typically
structured around documents, which
doesn’t deliver any benefits beyond
quality control and compliance.
The best way to generate eDHRs is by
means of manufacturing execution or
manufacturing operations management
(MES/MOM). Much of the core DHR
information comes from the production
plant (e.g. dates and quantity
manufactured and released, acceptance
records, labels). You need systems that
focus on data, versus merely engaging
in document management. MES/MOM
systems are first and foremost designed
to provide visibility, enforcement and
control to the production process. They
generate these compliance records as a
by-product.
Granted, having full control
inside the production floor does
not necessarily guarantee complete
traceability will be available. So the
best modern MES/MOM systems have
a broad footprint to include quality
and maintenance. They also can pull in
data from other systems. In fact, all of
the elements required in an eDHR can
be recorded by this type of MES/MOM
system, and that will delight auditors.
Beyond that, the MES/MOM will
enforce standard operating procedures
to improve compliance, while also
making data about the product and
process available instantly.
What other uses might you find for
this type of system and the data it
produces? Here are a few:
• For planning to update actuals,
materials usage and scrap rates,
enable personnel scheduling
and planning, financial planning
and forecasting for both costs
and revenues timing, and
customer order promising based
13 Medtech Quality and Compliance: What You Need to Know Sponsored by
on a far more accurate view of
what is likely to be available to
ship when.
• As production proceeds to
guide operators, technicians,
quality and engineering activities
and prevent production and
documentation errors; also to see
production status, materials or
parts problems, actual-to-plan as
it changes, and performance per
plant, operator, product, or piece
of equipment.
• After the fact to analyze for
best practices, and in other
departments to make critical
decisions about new product
design, introduction into various
regional markets, outsourcing
readiness, supplier and parts
performance, and all sorts of
weekly, monthly and quarterly
reporting by operations and
finance.
• In predictive mode during
technology transfer, joint
venture planning, capital
planning, new plant
expansions, financial warranty
reserve planning, and new
product development.
So traceability can be seamless
across many disciplines in the
enterprise, and it can deliver them
all benefits. Taken in aggregate,
this becomes a company-wide
effectiveness and profitability
opportunity. Will you seize it?
14 Medtech Quality and Compliance: What You Need to Know Sponsored by
It’s important to ensure you have the
correct terms in contracts for services
before you sign on the dotted line.
Companies across the globe
in all sectors are reducing fixed
costs as a means to increase
corporate profitability. To reduce
fixed costs, companies often shift
work previously done by internal
resources to outsourced service
providers. Additionally, small and
midsized companies face the issue
of needing particular skill sets or
technical resources to complete
critical projects but not having the
financial resources or critical mass
to acquire those resources internally.
Regardless of whether your company
is using or providing outsourced
services, it is critical that the parties
enter into a complete and well-defined
contract for the services that are to be
provided. Having the correct terms in
contracts for services is of even greater
importance to companies regulated by
FDA, such as those in medtech, than
for those in unregulated industries.
Therefore, it is paramount for
medical device companies to ensure
that contracts for services address
key requirements, legal terms, and
specifications.
Contracts for services are governed
Henry Kopf, Attorney; Amish Patel, Attorney, Revolution Law
The Medtech OEM’s Guide to Contracting for Services
15 Medtech Quality and Compliance: What You Need to Know Sponsored by
by common law principles, as opposed
to the purchase and supply of goods
which are governed by Article 2 of
the Uniform Commercial Code. More
information on the purchase and supply
of goods can be found in a companion
article. Common law contracts generally
have a higher legal standard to establish
the formation of a contract because
of the mirror image rule. Unlike UCC
Article 2, the common law mirror image
rule requires an offer and acceptance
of the offer to be mirror images of
each other. In a contract for services,
there generally is one document that is
signed by both parties, which defines
the specific terms under which the
parties agree governs the terms of their
service relationship.
Contracts for services can be easily
misconstrued, vague, or unclear
because of the intangible nature of
services. Therefore, it is especially
critical to have contracts for services
carefully drafted. In the event of a
contract dispute, a well-drafted and
comprehensive contract will include
16 Medtech Quality and Compliance: What You Need to Know Sponsored by
provisions to facilitate resolution
without the judicial process. Delay
of deliverables, inferior service
quality, payment disputes, and other
anticipated issues should also be
addressed within a well-drafted
services contract. The exercise of
formally memorializing the terms of a
contract in writing will also assist the
company in reviewing and verifying
the specific details of the project.
Consequently, the process of drafting
a well-defined and granular contract
will help to not only avoid potential
future legal disputes, but also improve
the chance of successful business
execution of the overall project.
Service contracts should always
include, at minimum, basic contract
provisions that address confidential
information and intellectual
property (IP). Depending on
the nature and type of service
provided, these provisions can
range from short clauses stating
the basic requirements of each
party to extensive contract sections
addressing confidential information
and IP in great detail. Properly
drafted IP clauses will address
the ownership of newly created
IP, confirm ownership of existing IP,
and ensure the proper transfer of
any IP created during the service to
the intended party in the event the
IP vested in the unintended party by
accident or matter of law. For example,
absent specific contract provisions, the
transfer of all the IP rights associated
with outsourced custom software to
the purchaser is not guaranteed by
just paying for the development of the
custom software.
Engineering and product design
services are a common area that
17 Medtech Quality and Compliance: What You Need to Know Sponsored by
medical device companies enter into
service contracts. Contracts for these
types of engineering services need
to clearly define the specification
and requirements the product will be
designed to meet. Additionally, any
and all applicable third-party standards
the designed product is to meet
should be specifically addressed. The
parties should identify the countries
the ultimate product is planned to
be marketed in as the standards for
regulatory approval vary by country.
In the United States, FDA maintains
a database of consensus standards.
These types of standards undergo
revisions regularly and will differ
for Canada and the EU. Once the
engineering firm completes the design
process, contractual provisions
should be in place to require
the engineering firm to provide
the contract manufacturer with
the documentation, assembly
instructions, design files,
drawings, part numbers, and
specifications needed to properly
manufacture the medical device.
These provisions often get
overlooked but are critical to
avoid future business disruptions
that may occur once the product
is transferred to manufacturing.
In contracts for testing
services, whether sterility testing,
analytical testing, or mechanical
testing, the parties need to include
the specific testing methods and
protocols that will be used during
the process. In the case of a first-to-
market revolutionary medical device,
new test methods and protocols
may also need to be developed. As
18 Medtech Quality and Compliance: What You Need to Know Sponsored by
a result, the analytical methods used
to validate the new test methods and
protocols need to be soundly defined
in the testing services contract as
well. Furthermore, the data output
and reporting requirements from the
testing facility should be well defined
such that the results of the testing can
be easily used by the sponsor going
forward.
Many sponsors will contract with
a contract research organization
(CRO) to assist with validation or
help navigate the FDA submission
process as it can be lengthy and filled
with regulatory hurdles. Whether
submitting a 510(k) application or a
PMA, supporting documentation and
certifications are required by FDA.
The coordination and oversight of
these requirements necessitate careful
forethought and the responsibility
should be contractually delegated
to the appropriate parties. Sponsors
should ensure the contract defines
the parties responsible for providing
the supporting documentation for
submission in the device application.
If the sponsor plans to rely on certain
documentation or certificates provided
by the engineering firm or contract
manufacturer, contractual provisions
requiring timely compliance should be
included.
In addition to the points discussed
above specifically for the medical
device industry, a well-drafted
contract for services will also answer
fundamental questions such as the
following:
• What specific services are
provided?
• What is the acceptable level of
service quality?
• How are defects and service
interruptions corrected?
• What are the milestones,
deliverables, and timelines of the
service?
• Are there progress payments
due under the contract? Ideally,
any progress payments should
be linked to a tangible contract
milestone.
• What are the payment terms
and how are payment disputes
addressed?
19 Medtech Quality and Compliance: What You Need to Know Sponsored by
• Are the overall services provided
on a regular basis? Is there a
need for separate project-based
scope of work agreements?
Which contractual provisions
control between the master and
scope of work agreement?
Contracting for medical device
services can bring unique
challenges simply due to the nature
of the services and the highly
regulated environment. Contracting
for services in the medical device
industry often requires thorough
review, careful drafting, and
strategic negotiations by your
expert legal counsel. Engineering
firms, contract manufacturers,
and sponsors should spend time
upfront to ensure that the scope of
services is clearly defined and that
adequate safeguards are in place
to provide a resolution should a
dispute arise.
The information contained in this article, and in material referenced within, is intended for informational and educational purposes only, and does not constitute legal, financial, accounting, medical or other professional advice.
20 Medtech Quality and Compliance: What You Need to Know Sponsored by
Q&A-Navigating the Medical Regulatory Landscape: Our Experts Answer Key Questions
Mike Gaul, Group Vice President, Medical Manufacturing and Design, overseeing all Sparton medical manufacturing facilities
Grant Palmer, Vice President, Quality and Regulatory, Irvine, CA Sparton Design Center
Dennis Hoffman, Quality and Regulatory Practice Manager, Pittsford, NY Sparton Design Center
S P O N S O R E D C O N T E N T
Performing due diligence around regulation, quality and standards, and
reducing financial and legal risk, is especially critical for the medical device
industry. Sparton gathered together three of its experts to provide their
thoughts on current regulatory challenges and how to manage them.
21 Medtech Quality and Compliance: What You Need to Know Sponsored by
What are some of the top regulatory issues being discussed in the industry?
MG: One of the hot topics we see today
is point-of-care devices. That basically
refers to where the patient is. So, it
could be the home, the doctor’s office.
There are many applications that run off
an iPhone®, for example. So for HIPAA
requirements, the question is: is the data
safe? This is a huge, growing market,
and there’s a lot of uncharted territory.
Everything related to software is very
relevant now, too.
DH: In terms of software development,
I would say that the FDA is increasingly
focused on measuring your process.
Organizations should be following IEC
62304, the international standard for
the lifecycle requirements of medical
software that can give you a yardstick to
measure your process.
GP: Related to software and devices,
both the FDA and the Europeans are
very interested in cyber security. How do
you maintain security across networks?
How do you stop somebody from
breaking in by way of an insulin pump or
pacemaker? Everyone’s very excited by
the Internet and the interconnectedness,
but sometimes we have to keep the
cyber security threat in mind and prevent
violation of European and U.S. privacy
laws.
MG: There’s also UDI [Unique Device
Identification]. The FDA released its final
rule in 2013 and it is being phased in over
the next few years. On each device you’ll
have to submit documentation, have a
unique identifier on all the instruments
and file with the FDA. So if there’s a
problem, they can quickly find out who
made it and when it was made. It’s not
a new act, but it is new in a sense that
it’s now becoming effective and there
are still a lot of companies out there that
don’t fully understand it.
GP: Organizations should also know that
regulations and standards are moving
towards a risk-based approach. They tell
you less of what you specifically have to
do and instead give broader guidelines.
S P O N S O R E D C O N T E N T
22 Medtech Quality and Compliance: What You Need to Know Sponsored by
For example, instead of indicating that
you must test a device at four volts, you
need to first do a risk assessment of what
voltage you should test it at. It pushes
that process forward into the design
and how you’re building your test plans.
Consider pacemaker leads—the standard
was specified at 10 years, but many were
left in longer and they caused problems
and resulted in recalls. The FDA is shifting
the responsibility for appropriate timing
and other criteria onto the manufacturer.
What tends to be surprising or confusing for manufacturers about the medical regulatory process?
MG: Many of our customers are
very savvy and knowledgeable about
regulations. But smaller companies, and
especially start ups, don’t fully understand
the regulations—especially the time
that’s required, or how ambiguous the
language can be. With the FDA and even
ISO, there are established milestones and
requirements to be met, and rules are
communicated in very broad statements.
For example, “The instrument shall
be safe and effective for use.” If it’s
ineffective and there’s an audit, they’ll be
looking for literally hundreds of pages
of documentation. It’s just one simple
sentence, but they’re expecting you
to have all the processes in place and
everything done.
GP: I would agree that there is less
understanding about published vs.
realistic timelines, both in Europe and
the US. Particularly in the U.S., there are
fairly firm guidelines by which the FDA
has to respond to a particular application.
We try to help customers understand
the subtleties of the timelines—that 90
days doesn’t necessarily mean 90 days—
and help them understand that the FDA
can ask questions and that might stop,
restart, or even reset the clock.
MG: Also, not all customers realize
that other countries, such as China
and Korea, are developing their own
standards and governing bodies
separate from ISO 13485 and the FDA
regulations in the U.S. While these are
very similar, there are some nuances.
So you have to know which country
S P O N S O R E D C O N T E N T
23 Medtech Quality and Compliance: What You Need to Know Sponsored by
you’re going to market in and consider
that early. Even if you’re making a
small change, you may want to move
the product from the U.S. and do some
additional testing in that country.
Otherwise, you may have to spend
another three to six months doing
additional testing and validation so that
you can ship it to that country.
GP: I would add that there’s also a whole
area of regulation that manufacturers
don’t necessarily think about on the front
end, and that’s Medicare reimbursement.
Particularly in the U.S., but in other parts
of the world as well, reimbursement is
key. It’s great to get a device approved
and on the market—but what if Medicare
won’t cover it?
There’s a perception that medical regulatory change is “constant”—is this true?
MG: No, I don’t think so. Whether it’s
ISO or FDA, they don’t change that
often—most have been around for
many, many years. The changes never
happen immediately, there’s almost
always a long period where drafts are
published, commented on, revised and
then finally enacted. Then there’s another
longer period of two to four years for
implementation. The issue is more that
customers don’t keep up with these
notifications and changes, especially
when they begin so far in advance—it’s
just not their area of expertise.
DH: There isn’t constant change, but
someone does need to keep an eye on
the changes—each of the baby steps and
gradual changes—for both regulations
and standards. If there’s no one in the
shop charged with regulation, they might
miss the bus slowly coming up over
the hill. Then you have potential non-
compliance, loss of revenue and several
months of work to get up to speed.
What are the risks of non-compliance with medical regulations?
MG: First let’s clarify that ISO is a
standard that’s there to help you ensure
you’re making a good product. The FDA
regulations are actual laws, and so
S P O N S O R E D C O N T E N T
24 Medtech Quality and Compliance: What You Need to Know Sponsored by
noncompliance can range from warnings,
seizures and fines, to criminal convictions
and the closing of your facility. Many
companies are surprised to hear that the
FDA can very quickly come in and shut
you down if your product isn’t safe and
effective. The non-compliance events can
follow leadership and managers around
in their careers, because they were in
charge when it occurred.
DH: You absolutely do not want to get a list
of non-conformances and a warning letter.
It’s like handing a gift to your competitors.
It’s very public and worded in a way that
repeats the regulation explicitly without
specifics about you or your company.
So the context, or any mitigating factors,
won’t be evident in the letter.
GP: Even without the serious outcomes,
noncompliance can run your business
ragged—you’ll need to resubmit all
the documentation. And the next time
you submit, the regulators—with good
reason—are going to look twice as hard.
They can visit your operations. I know of
one company with serious quality issues
where the FDA was onsite for over two
years. Instead of a team of three to four
people, you’ve got a team of eight trying
to manage it, which takes resources
away from engineering, marketing and
customer service.
How important is it for a company to have or to seek out regulatory expertise?
MG: If you don’t have that person
available, somebody else is going to
make the decisions about regulation,
design and manufacturing—and they
may or may not make the right decision.
Especially with new, smaller companies
and start-ups, we hear people saying,
“I think I can get this approved” or “It’s
fine. Let’s ship it.” Where a regulatory
person would look at that and say,
“Let’s validate it, let’s redo testing, let’s
get engineering involved. Let’s go back
and look at the original specs of the
S P O N S O R E D C O N T E N T
25 Medtech Quality and Compliance: What You Need to Know Sponsored by
equipment.” With customers who come
to us just for manufacturing, we’ll find
things that need to be redone because
their people, either internal staff or
outsourcing vendors or partners, weren’t
versed in compliant medical device
design.
GP: The deeper expertise comes into
play when you’re comparing what’s
written in the law and what actually
gets done. The regulations should be
understood as a broad framework with
interpretations that vary. You have to
understand what the regulations mean,
but you also have to understand where
the particular regulators are at that
particular time and whether an issue
or recall is suddenly generating more
scrutiny. The FDA reviewers have their
own timelines, their own pressures,
and their own budget issues—seasoned
regulatory experts understand that
and know how to work and negotiate
with them. There’s some sensitivity and
creativity in this process.
DH: I agree— the regulatory field
is mostly gray scale, and a strong
interpretation skill set is key. You can’t
just get a college degree in regulatory
affairs; it requires lots of hands-on
experience working with the regulations
and diverse manufacturers and really
understanding the customer’s needs,
goals and products.
In terms of medical regulations, what should companies look for when they’re hiring a design or manufacturing partner?
MG: You want a partner that’s
accountable for the quality and
compliance from the outset. Some
outsource companies will manufacture
the products, but make the customer
responsible for the final quality and
testing. Then, if there’s a problem, it’s up
to you to solve it. Your partner should
also have highly experienced people
who have worked with medical devices
for 15-20 years or more. They should
be involved up front at the research,
development and design stages—this
S P O N S O R E D C O N T E N T
26 Medtech Quality and Compliance: What You Need to Know Sponsored by
is the utmost importance. They should
understand regulations, both domestic
and international. I think there are a lot
of firms out there that know one or the
other but not both. Staff should have
gone through multiple products and FDA
audits. They should keep up with the
regulations and attend seminars.
GP: When you have something that’s
not like anything out there, you want a
partner that can educate and guide you
through the process. They should not be
afraid to critique your plans, be honest
with you about timeframes and costs
and clinical studies. Quite frequently we
have these conversations with clients
when what they want to do might not
work within the regulatory framework.
But we get creative, recommend
compromises and try to make the best
of their particular situation.
MG: Aside from assessing the value
your partner will provide, in terms
of expertise and guidance, consider
their record. Do a deep dive and ask
the questions: What is their approach
to quality? To regulatory compliance?
Have they or their customers had any
regulatory issues, fines, or problems
with the FDA? When was their last audit?
How big is the regulatory staff? Do they
have a clear, rigorous and documented
business process?
DH: Be thoughtful about using an outside
consultant versus a full outsourcing part-
ner. The main problem is that consultants
come and go, and they don’t see every-
thing that you’re doing. They can give
you great advice, give you a list of things
to do and come back in three months to
make sure you’re in compliance. But it’s
all the other day-to-day work where, if
you miss something, it can end up really
hurting you. The key is to find somebody
that lives and breathes it 24/7. You can
hire consultant resources, which is very
expensive—about $95,000- 120,000 a
year—or you can outsource to somebody
that already has those resources and pulls
from multiple programs and areas of
expertise. It’s a question of value.
S P O N S O R E D C O N T E N T
27 Medtech Quality and Compliance: What You Need to Know Sponsored by
S P O N S O R E D C O N T E N T
Conquer Complex Challenges
Complexity Challenge: Quality
Gordon Madlock, Senior Vice-President of Operations at Sparton, speaks to one of the top Complexity Challenges in medical manufacturing: Quality.
Conquering Complexity in Medical Device Contract Manufacturing
See first-hand how the Sparton Production System enables us to excel across all business capacities and drive performance excellence with medical applications that become more technologically advanced every year.
Complexity Challenge: Innovation
Steve Korwin, Senior Vice-President of Quality & Engineering at Sparton, speaks to one of the top Complexity Challenges in medical manufacturing: Innovation.
28 Medtech Quality and Compliance: What You Need to Know Sponsored by
Your guide to the must-read FDA
guidance documents of 2015.
This year has been highly productive for
FDA. Among the agency’s many achieve-
ments are several guidance documents
that have substantial, positive implications
on portfolio productivity and strategy. The
following six guidance documents issued
in 2015 merit careful consideration by
every device manufacturer.
Gordon MacFarlane, PhD, RAC; Sandra D. White, MS, RAC; Cynthia Nolte, PhD, RAC, ICON plc.
The Six 2015 FDA Guidance Documents You Need to Know
Adaptive Designs for Medical Device Clinical Studies (Draft Guidance)What FDA Says: FDA has identified when and when not to utilize an
adaptive design, useful types of designs, challenges, and regulatory
considerations. This document provides an excellent basis for manufacturers
to clearly understand FDA’s view on adaptive designs.
Implications: Device manufacturers should take note of FDA’s recognition
and endorsement of the use of adaptive designs where appropriate. In our
experience, adaptive designs have strengthened decision making, increased
the quality of collected clinical evidence, and improved time-to-market and
product valuations (particularly when applied across a portfolio).
29 Medtech Quality and Compliance: What You Need to Know Sponsored by
The Path Forward: Device makers
cannot simply borrow protocols
from adaptive designs utilized in
pharmaceutical trials. Also, teams
inexperienced in adaptive designs
may introduce bias to a trial that can
complicate characterization of the true
effect of the investigational device;
poor designs can also confound the
interpretation of study results when a
pre-planned adaptation causes data
collected before the adaptation to be
insufficiently similar to those after the
adaptation.
Manufacturers should determine
whether adaptive designs are
appropriate for trials in their portfolios.
Manufacturers will need expertise
and technology infrastructure,
either through hiring internal staff
or an experienced contract research
organization, to simulate, design, and
execute these studies with medical
device-specific standard operating
procedures.
Acceptance of Medical Device Clinical Data from Studies Conducted Outside the United States (Draft Guidance)What FDA Says: Clinical trials are con-
ducted across a widening range of
geographies. FDA has confirmed its
acceptance of data from clinical inves-
tigations conducted outside of the
United States, including the European
Union, provided the applicant dem-
onstrates that the conducted trial met
United States standards and require-
ments (21 CFR 50, 56, 812, 814).
Implications: Compliance with good
clinical practice, informed consent,
and local clinical trial regulations
should produce data that is procedur-
ally acceptable for U.S. marketing
30 Medtech Quality and Compliance: What You Need to Know Sponsored by
submissions. The guidance provides
concrete examples.
The Path Forward: Sponsors must
be aware of differences in clinical
conditions, standards of care, study
populations, and local regulatory
requirements, as these factors also
influence acceptability of data.
The Pre-Submission process is
highly recommended to assess the
acceptability of the outside of U.S.
data, as is early engagement with
FDA to define requirements prior to
enrollment.
Expedited Access for Premarket Approval and De Novo Medical Devices Intended for Unmet Medical Need for Life Threatening or Irreversibly Debilitating Diseases or Conditions (Final Guidance)What FDA Says: FDA has established
processes for the Expedited Access
PMA (EAP) program, which can accel-
erate the evaluation of devices that
fulfill unmet medical needs for life-
threatening or irreversibly debilitating
conditions.
Implications: Sponsors can negotiate
what data will be collected before and
after clearance/approval.
The Path Forward: The EAP program
does not change the total amount of
data or information to be collected,
just the timing of data collection. Early
engagement with FDA is critical to
define expectations.
Manufacturing Site Change Supplements: Content and Submission (Draft Guidance)What FDA Says: The draft guidance
defines a manufacturing site change,
when to submit a PMA supplement for a
site change, what documents to submit,
and the factors FDA intends to consider
when determining whether to conduct
an establishment inspection prior to
approval of a site change supplement.
Implications: This guidance provides
excellent detail on the documentation
needed to support approval and the
31 Medtech Quality and Compliance: What You Need to Know Sponsored by
inspection process, including exam-
ples for a site change supplement
versus 30-day notice. The submis-
sion content is helpful and provides
insights as to when inspections will
likely be conducted.
The Path Forward: As this is a draft
guidance, uncertainty remains. To
mitigate surprises, ensure your qual-
ity assurance department is aligned
with the guidance, is involved in the
site change from the beginning of the
project, and signs off on the contents
in the application to FDA.
Refuse to Accept Policy for 510(k)s (Final Guidance)What FDA Says: FDA added elements
to the Refuse to Accept checklist,
including useful exam-
ples and page numbers
where relevant infor-
mation is to be found.
Implications: The
expectations are more
clearly defined and
should lead to a greater
percentage of accepted
submissions.
The Path Forward:
Sponsors must be
more explicit and complete in appli-
cations than before. Testing must be
completed prior to submission of an
application; it is no longer a viable
strategy to submit and then complete
testing during the review cycle.
Follow the checklist closely, providing
all information requested. Use the
comments sections to expand or
explain aspects that may vary from
expectations.
32 Medtech Quality and Compliance: What You Need to Know Sponsored by
Information to Support a Claim of Electromagnetic Compatibility (EMC) of Electrically-Powered Medical Devices (Draft Guidance)What FDA Says: FDA recognizes that
multiple national and international
standards may apply to medical
devices; this guidance consolidates
requirements in one place.
Implications: The guidance has
clear and consistent information for
demonstrating electromagnetic
compatibility.
The Path Forward: Sponsors will
still need to refer to individual
recognized standards for specific
details of the requirements. This
guidance is intended to be used
in conjunction with other guid-
ance documents to define specific
requirements.
33 Medtech Quality and Compliance: What You Need to Know Sponsored by
Here are some tips for medi-
cal device manufacturers
to effectively implement
the UDI rule and facilitate
improved patient care and
supply chain management.
FDA is requiring all medical device
manufacturers to use a Unique Device
Identifier (UDI) in labeling and also
asking that this information be plugged
into the global UDI database (GUDID).
Over time, this system will allow
industry to follow a medical device
from its origin through to implantation
and documentation for insurance
purposes. To meet the FDA UDI rule,
organizations should adopt a strategy
that includes all of the following:
I. Process & Technology
II. Master Data Management
III. Organization Change
Management
Strategy in detailI. Process & Technology: Changes to
manufacturing systems and associ-
ated processes should include:
i. Labeling of products as per the UDI
format prescribed by FDA
ii. Bar-code scanning of products to
auto-capture label information
iii. Quality control checks to verify
accuracy of captured data
Kunal Verma, Principal - Life Sciences Business Consulting stream; Dinesh Peter, Consultant - Life Sciences Business Consulting stream, Infosys
Business Strategy for Unique Device Identifier Adoption
34 Medtech Quality and Compliance: What You Need to Know Sponsored by
Regulatory division must be trained
to collate and submit data to GUDID.
Smaller companies may collate and
submit the aggregate data by a manual
labor-intensive process. However, for
large device companies, the following
master data management strategy will
simplify the process of aggregating
data from multiple data sources and
also improve operational efficiency. The
aggregate data may be submitted to
GUDID in an XML format through FDA’s
Electronic Submissions Gateway (ESG)
or by employing the services of third-
party agencies.
II. Master Data Management (MDM): In a
typical manufacturing setup, there is inter-
action of multiple data elements as well
as constant generation of new data. For
35 Medtech Quality and Compliance: What You Need to Know Sponsored by
efficient operation, device manufactur-
ers must employ a robust MDM strategy
that involves the following steps:
1) Extract master data to policy
hub: MDM should include all
data entities that pertain to
various business functions
associated with UDI and those
which can be used in tracing
and identifying the product, its
associated components, suppliers,
as well as distributors and end-
customers. Extract such key data
elements outside of the lines of
business, to a policy hub, where
unique identifier creation can be
standardized and management
of attributes necessary for UDI
compliance is more streamlined.
2) Data quality standards:
Establish data quality criteria
and processes to be in line
with systems setup for UDI
compliance.
3) Reconcile and rationalize: Setup
monitors to identify and track
issues associated with data.
Ensure that data is rationalized
for structure, uniformity, and
completeness. Compliance of
data, with established business
rules, at all times should also be
ensured.
4) Synchronize participating systems:
Automate regular synchronization
of master data with all
participating systems to facilitate
audit-readiness of data, and to
ensure that the data submitted to
FDA is never incomplete.
5) Monitor changes and updates:
Establish a QA process to
maintain cleansed master data.
Assign ownership to ensure
effective MDM. In addition,
36 Medtech Quality and Compliance: What You Need to Know Sponsored by
clearly communicate that the
accountability for quality and
integrity of data lies with all
individuals who interact with data
directly or indirectly.
Coordinate all above activities
through a governance strategy that cuts
across programs, lines of business and
geographic regions. The objective of
MDM strategy, from a UDI compliance
and scaled-up operational efficiency
perspective, should be to establish a
centralized data source that provides
“one version of truth” at any given
time. This can be achieved by defining
policies, processes, roles, and
responsibilities under an umbrella of a
centralized governance model. High
quality aggregate master data can be
attained and sustained by adhering to
the defined governance model.
III. Organizational Change
Management: UDI adoption is much
more than a simple IT transformation
exercise. Organizational alignment
and stakeholder buy-in at all levels are
needed for effective UDI adoption. Here
are five steps to help achieve the same:
1) Leaders need cooperation:
Impacts of changes to systems
and business due to UDI adoption
should be well understood and
all stakeholders should be made
aware of the same. Leadership
should devise strategies to
facilitate quicker buy-in of changes
by employees who are directly
impacted by UDI adoption.
2) Alter strategy & vision: Articulate
strategic objectives and business
benefits for UDI adoption to all busi-
ness units involved. Leadership
vision should highlight the out-
comes of a standardized business
process, while at the same time,
acknowledging inherent differences
across and within business units.
3) Culture shift: UDI adoption requires
a clear understanding and respect
for business needs. Change in
culture will garner the requisite
support from all employees
involved. To instigate culture
change and to achieve effective
collaboration, align people key-
performance indicators (KPI) to
UDI adoption program metrics.
37 Medtech Quality and Compliance: What You Need to Know Sponsored by
4) Different ways to work: Monitor
work output of the teams that
are directly impacted by the
changes, for the first few weeks
of implementation. Accordingly,
develop new ways of working to
mitigate the effects of impact.
5) Job and organization design:
Provide adequate technical
support and training till
operations stabilize. Support
any organizational realignment
requirement stemming from
changes due to UDI adoption.
Future potential of UDI systemImplementing the prescribed
strategy for UDI adoption will enable
regulatory compliance and facilitate
efficient scaled-up operations. The
UDI mandate has the potential to
improve patient safety, make supply
chain more efficient, and give the
healthcare industry a standardized
identification system. Full potential
can be realized only if the following
ideas materialize:
1. Distributors, Group Purchasing
Organizations (GPO), healthcare
providers (HCP), and payers adopt
UDI.
2. UDI is captured in EHRs and
all hospitals are able to access
these EHRs. During emergency
clinical situations, having
the functionality to tap into a
patient’s EHRs will facilitate swift
identification of any implants
in the patient’s body and help
doctors make an informed
surgical decision.
3. Hospitals’ inventory management
systems are able to track incom-
ing product recall alerts by the
UDI information and prevent phy-
sicians from using the blacklisted
devices. This will prevent acciden-
tal medical mistakes.
4. A national medical device iden-
tification system with tracking
functionalities is developed, and is
accessible by hospitals’ inventory
management systems to confirm
device authenticity. This will pre-
vent fake devices from being used.
38 Medtech Quality and Compliance: What You Need to Know Sponsored by
Future business processIn the future, when all stakeholders
adopt the UDI system, this is the
business process we envision:
The device manufacturer’s Inventory
Management System would be
mapped to include details of device
movement transaction history
throughout the healthcare ecosystem,
including the patient in whom the
device is implanted. The healthcare
provider’s supply chain system, patient
billing system, and EHRs would also
link the device to the patient, with UDI
as the key. This device-patient linkage
would not be restricted to class III
devices alone, but would include all
devices that have clinical usage.
Thus, in time-critical situations
such as a product recall, identifying
patients and sending recall-
related communication would be
expedited.
ConclusionIn this article, we have presented
the ideal business strategy
for UDI adoption. Once device
manufacturers and all other
stakeholders adhere to the UDI
system, the hoped-for benefits
in patient care and supply chain
management may be seen.
39 Medtech Quality and Compliance: What You Need to Know Sponsored by
FDA is building a medical device
reference catalog through its
Global Unique Device Identi-
fication Database, which it is
opening to the public.
FDA has opened the Global Unique
Device Identification Database
(GUDID) to the public. The database
will serve as a reference catalog for
every medical device with a unique
device identifier, or UDI.
The public can download the entire
database or certain parts through
AccessGUDID, a portal created by FDA
and the National Library of Medicine.
They will not need a GUDID account. In
this beta release of AccessGUDID, basic
search and download functions are
available, but there’s not much to search
on yet. This first phase of a five-year
rollout applies only to Class III devices.
Under the UDI final rule, the labeler of
each medical device (in most instances,
the device manufacturer) must submit
information about that device to the
GUDID, unless subject to an exception
or alternative, the agency said. Single-
use device reprocessors, convenience
kit assemblers, repackagers, and rela-
belers are also considered labelers.
Labelers need a GUDID account to
submit UDIs through the GUDID Web
Interface or the HL7 SPL submission.
Most devices will be required to have
a UDI on their label and packaging,
and for certain devices, on the
product itself.
A UDI has two components:
1. A Device Identifier (DI) - A unique
numeric or alphanumeric code
specific to a device version or
model.
Nancy Crotti, Freelance Writer
FDA Opens GUDID to the Public
40 Medtech Quality and Compliance: What You Need to Know Sponsored by
2. Production Identifier(s) (PI) -
Numeric or alphanumeric
codes that identify production
information. That can include the
lot or batch number, serial number,
expiration date, and manufacture
date. For cell or tissue-based
products regulated as devices,
the distinct identification code
also allows the manufacturer to
associate the HCT/P to the donor.
The public will only have access to
the DI, the agency said.
Labelers had until Sept. 24, 2014 to
submit UDIs for Class III devices. The
labels of implantable, life-supporting
and life-sustaining devices must bear a
UDI by the same date of this year.
Making UDIs available on a database
is one thing. Having them on payments
from hospitals to Medicare and Medicaid
is apparently another. Officials at the
U.S. Centers for Medicare & Medicaid
Services (CMS) apparently complained
earlier this year that including such
information would present too many
technical hurdles and costs, according to
The Wall Street Journal.
A study published in Heart Rhythm
in 2011 supports the notion that the
system would be costly for Medicare.
Organized by University of Chicago
and Northwestern University, the study
scrutinized how a faulty Sprint Fidelis
defibrillator lead from Medtronic
was implanted in 268,000 patients
before FDA pushed to remove it from
the market. While UDIs would have
helped manage the recall, the costs
to Medtronic could fall between $287
million and $1.19 billion over five years,
WSJ reported.
Officials at FDA and elsewhere have
been touting a UDI system as a way
to pinpoint problems with medical
devices more quickly, and save lives.
Advocacy groups in recent years
claimed that recalled cars carry more
identifying information than recalled
pacemakers do.
41 Medtech Quality and Compliance: What You Need to Know Sponsored by
With billions
of dollars in
contracts at stake,
medical device
manufacturers
are pushing to conform to ISO 13485
regulatory requirements.
To achieve a comprehensive
quality management system for
designing and manufacturing
medical devices, manufacturers are
increasingly achieving ISO 13485
certifications. Officially designated
as ISO 13485:2003, this series of
international standards has widespread
commercial implications but is also
squarely focused on improving patient
safety. It requires that manufacturers
demonstrate the ability to provide
medical devices and related services
that consistently meet customer and
regulatory requirements. The newest
version of ISO 13485 supersedes such
earlier documents as ISO 13485:1996
and ISO 13488 (both published in
1996), as well as EN 46001 and EN
46002 (both published in 1997).
ISO 13485 was authored by
the Geneva–based International
Organization for Standardization
(ISO), the world’s largest developer
of international standards. In
order to avoid compromising their
Jodi Raus, Director of Regulatory, Clinical, and Quality Affairs, Nordson Medical
Medtech Manufacturers Rev Up ISO 13485 Certifications
42 Medtech Quality and Compliance: What You Need to Know Sponsored by
competitiveness, medical device
manufacturers are being pressured
to comply with this standard. Indeed,
for companies seeking access to
international markets, conformity with
ISO 13485’s regulatory requirements is
fast becoming a universal prerequisite.
Achieving ISO 13485 ComplianceFrom 2004 through 2012, a total of
22,237 ISO 13485 certificates were
issued worldwide in 93 countries,
according to the ISO. From 2010 to
2012, company certifications rose a
cumulative 18%—an average of 6%
per year. In 2012 alone, the percentage
of certifications doubled, increasing by
12% percent. Overall, the number of
certifications in 2012 was 240% higher
than that in 2011. In 2012, ISO certifica-
tions were highest in Italy, the United
States, and the UK. Today, the largest
number of certified companies is in
the United States, followed by Ger-
many and Italy.
A 2011 Covidien-commissioned
survey of 900 medical device
manufacturers showed that 37%
of responding companies had
become ISO 13485 certified to meet
regulatory requirements. At the same
43 Medtech Quality and Compliance: What You Need to Know Sponsored by
time, 31% had become certified
to support regulatory approval of
products or services, while 28% had
become compliant to meet customer
requirements.
ISO 13485 defines a medical device as
any instrument, apparatus, implement,
machine, appliance, implant, in vitro
reagent or calibrator, software, material,
or other similar or related article that
is intended by the manufacturer to
be used alone or in combination.
Receiving ISO 13485 certification
requires an evaluation of all aspects
of a company’s business processes
and procedures to confirm conformity
with the requirements outlined in the
standard. Registration signifies that
a manufacturer has implemented an
integrative management system
that complies with the applicable
regulatory requirements for quality
management.
To achieve ISO 13485 certification,
companies must develop written
policies for executing the following
tasks:
• Document and record controls.
• Internal auditing procedures.
• Controls for nonconformance.
• Corrective and preventative
actions.
• Process and design controls.
• Record retention.
• Accountability and traceability.
By achieving ISO 13485 certification,
medical device manufacturers can
hope to gain
• Access to markets that recognize
or require certification, including
Canada and Europe.
• Reduced operational costs by
highlighting process deficiencies
and improving efficiency.
44 Medtech Quality and Compliance: What You Need to Know Sponsored by
• Increased customer satisfaction
by consistently delivering quality
products and systematically
addressing complaints.
• Proven commitment to quality
by adhering to an internationally
recognized standard.
• Added transparency in handling
complaints, surveillance, or product
recalls.
ISO 13485 versus Other StandardsAlong with ISO 9001, ISO 13485
requirements are among the most
comprehensive of the approximately
19,000 standards developed by ISO,
serving as the model for quality man-
agement systems. The fundamental
difference between ISO 9001 and
ISO 13485 is that the former requires
companies to demonstrate continu-
ous improvement, whereas the latter
requires them only to demonstrate
that the quality system has been
implemented and maintained.
Although generally harmonized with
ISO 9001, ISO 13485 includes particular
45 Medtech Quality and Compliance: What You Need to Know Sponsored by
requirements for medical devices and
excludes some of the requirements of
ISO 9001 that are not appropriate to
quality standards in the medical device
manufacturing industry. Because of
these exclusions, companies whose
quality management systems conform
to ISO 13485 do not necessarily
conform to ISO 9001 unless they have
already acquired ISO 9001 certification.
Consequently, many companies are
certified to both standards. Specifically,
ISO 13485
• Views the promotion and awareness
of regulatory requirements as a
management responsibility.
• Expects companies to control
the work environment to ensure
product safety.
• Expects companies to focus on
risk management and design
transfer activities during product
development.
• Contains specific requirements
mandating how companies must
inspect and trace implantable
devices.
• Contains specific requirements
for documenting and validating
processes for sterile medical
devices.
• States that companies must
maintain effective processes for
designing, manufacturing, and
distributing medical devices safely.
While FDA does not formally
recognize ISO 13485 certification, the
quality system requirements covered
by Current Good Manufacturing
Practices overlap with many ISO 13485
requirements.
ISO 13485 addresses most, or all, of
the quality system requirements in the
U.S., European, Australian, Japanese,
and Canadian markets. Within the
46 Medtech Quality and Compliance: What You Need to Know Sponsored by
European Union, it is now considered
to be the standard for medical devices,
although such devices were previously
covered by the Global Harmonization
Task Force (GHTF) guidelines, which
are gradually becoming universal
standards for the design, manufacture,
and export of medical devices. Adopted
by the European Committee for
Standardization, ISO 13485 has been
harmonized as EN ISO 13485:2012.
Compliance with ISO 13485
is a necessary step in achieving
compliance with European regulatory
requirements. According to European
Economic Committee decrees,
medical device companies must
undergo a conformity assessment
to acquire the CE mark and receive
permission to sell a medical device
in the European Union. The preferred
method for proving conformity is to
certify the implementation of a quality
management system according to ISO
13485, ISO 9001, and ISO 14971. The
latter standard details the requirements
for applying a risk management system
to medical device manufacturing.
Patient SafetyPatient safety and risk management
remain critical focuses of increasingly
strict government and private sector
regulatory agencies. In turn, tighter
standards and regulations, such
as ISO 13485, are pushing medical
device manufacturers and suppliers to
change their operating procedures and
comply with the new guidelines. Fail-
ure to do so can cause them to lose
market share or even the ability to sell
their products in some markets.
Tens of thousands of medical device
manufacturers and their suppliers
internationally have adopted ISO
13485, and thousands more are
moving through the approval process
at escalating rates. Ultimately, this
development will benefit patients.