An eBook

Sponsored by:

Quality Device HistoryRecords

Patient Safety Transport &Storage

materials Verification& Validation

Inspections

Medtech Quality and Compliance: What You Need to Know

To see the animated version of this eBook, Click here

CONTENTS

2 Medtech Quality and Compliance: What You Need to Know Sponsored by

28 The Six 2015 FDA Guidance Documents You Need to Know

33 Business Strategy for Unique Device Identifier Adoption

39 FDA Opens GUDID to the Public

41 Medtech Manufacturers Rev Up ISO 13485 Certifications and Design Solutions

3 How the ISO 9001:2015 Revision Affects Medical Device Companies

7 Up to Code: Implementing a Quality System

11 This Advice Will Help You Improve Your Device History Records

14 The Medtech OEM’s Guide to Contracting for Services

20 Q&A - Navigating the Medical Regulatory Landscape: Our Experts Answer Key Questions

Page 44

3 Medtech Quality and Compliance: What You Need to Know Sponsored by

The 2015 revision of the

ISO 9001 quality standard

contains fundamental

changes to the structure and

contents of the standard and

offers a preview of some revisions to

ISO 13485 expected in the coming year.

ISO recently published quality

management system (QMS) standard

ISO 9001:2015. As a result, regulated

companies with or that are seeking ISO

9001 certification now have three years

to meet the QMS requirements in the

2015 edition of the standard.

The 2015 version follows a new,

higher-level structure developed

by ISO to ensure that management

system standards are aligned with a

set of common requirements. All ISO

management system standards are

now required to adopt the structure,

with the purpose of making it easier

for organizations to address the

requirements of more than one ISO

management system standard within a

single, integrated system.

Additional key changes in ISO

9001:2015 include the following:

• Greater emphasis on risk-

based thinking as a basis for the

management system.

• Fewer prescriptive requirements.

Walt Murray, Director of Quality and Compliance Consulting Services, MasterControl

How the ISO 9001:2015 Revision Affects Medical Device Companies

4 Medtech Quality and Compliance: What You Need to Know Sponsored by

• Increased emphasis on

organizational context.

• Major focus on achieving value for

the organization and its customers.

• More flexibility regarding

documentation.

• Enhanced leadership involvement

in the management system.

One of the key changes in the 2015

revision is an explicit requirement

for risk-based thinking to support

and improve the understanding and

application of the process approach.

In fact, risk is covered in nearly every

section of ISO 9001:2015, and there

are considerable changes to the

application of risk.

Risk-based thinking makes

preventive action part of strategic and

operational planning, so reference to

preventive action has been replaced

with “actions to address risks and

opportunities” in ISO 9001:2015.

The standard now requires that

organizations and top management

identify—from a risk-management

perspective—and address any internal

5 Medtech Quality and Compliance: What You Need to Know Sponsored by

and external factors that may affect

their QMS’s ability to deliver intended

results to customer requirements.

ISO 9001: 2015 Helps Forecast Forthcoming ISO 13485 ChangesThe updated standard directly

affects all kinds of manufacturing

organizations, including medical

device manufacturers. The changes

also have implications for other

standards, including ISO 13485,

which outlines QMS requirements for

medical devices.

For medical device manufacturers,

the publication of ISO 9001:2015 offers

something of a preview of forthcoming

revisions to ISO 13485, as corresponding

changes are expected to follow.

ISO 13485 is often harmonized

with ISO 9001. Whereas ISO 9001

can be used by any company within

any industry sector, ISO 13845

is tailored specifically to medical

device companies. Currently, ISO

is in the process of finalizing draft

international standard (DIS) ISO

13485:201X, which is expected

to shift to a similar orientation

as 9001:2015. Medical device

companies will then have three years

to transition to the new ISO 13485.

As such, ISO 9001:2015 can help

medical device manufacturers anticipate

some changes that will eventually be

reflected in the ISO 13485 standard.

For instance, the final ISO 9001:2015

standard and the DIS of 13485 have

increased representation of risk.

Like the final ISO 9001:2015, the DIS of

ISO 13845 places significant emphasis

on risk management and stating that

a risk-based approach is needed when

developing processes. Preventative

maintenance is not enough. Anything

6 Medtech Quality and Compliance: What You Need to Know Sponsored by

the medical device company does that

affects the QMS must be viewed from

a risk perspective. It requires device

manufacturers, as well as their sub-tier

suppliers and contractors, to apply risk

management and risk analysis from

product development through product

realization.

Like ISO 9001:2015, when processes

are outsourced, the DIS of ISO 13485

wants organizations to look at controls

from a risk perspective. If a supplier fails

to meet specifications, how will that

affect the organization’s quality system?

Risk is further emphasized in a

number of other areas of the DIS of

ISO 13485, including human resources.

If an employee is incompetent, what

are the risks to quality?

For medical device manufacturers

providing life-enhancing products,

there are risks in all systems,

processes, and functions. That is why

in the medical device industry, where

safety to the patient and consumer

is paramount, risk management is a

critical part of all processes.

With both ISO 9001:2015 and DIS ISO

13845 emphasizing a more risk-based

view of the entire quality system,

medical device manufacturers should

be working now on incorporating the

concepts of risk management and

risk-based thinking to ensure that risk

is considered from the beginning and

throughout the quality system.

7 Medtech Quality and Compliance: What You Need to Know Sponsored by

A quality system can

be a big help or a big

headache. Here are tips

on how to put the right

quality system in place.

For startup executives, quality

systems can be a financial drain.

When poorly implemented, they can

even be an impediment to product

and business development. But a

well-implemented quality system, on

the other hand, can be an important

tool for business risk mitigation. An

ineffective “one-size-fits all” quality

system that is poorly implemented

can result in a litany of rigid rules,

procedures, and mountains of

paperwork, but a strategically

developed quality system—carefully

customized to fit a budding company—

can ensure that the product or service

meets the needs of the customer,

the market, and the regulatory

environment in a safe, effective, and

cost-efficient manner.

A comprehensive quality system

that works in tandem with a good

business plan provides a documented

policy for ensuring that the final

product meets both internal and

external requirements. Such a system

essentially detects and prevents

defects throughout the development

Katherine Cox, Senior Director of Quality Assurance, Procyrion, Inc.

Up to Code: Implementing a Quality System

8 Medtech Quality and Compliance: What You Need to Know Sponsored by

lifecycle. A good quality system

identifies the regulatory environment;

the clinical need and business case of

the product or service; the customer

and product requirements and risks;

the development of prototypes; and,

finally, the execution of product

commercialization. It pushes for

continuous development improvement

and requires frequent feedback for

process review.

Startup CEOs face two main

questions: timing and level of quality.

Not surprisingly, the most cost-

effective point for startups to

implement a quality system is at the

beginning of the product development

process. Defining the company’s

product development roadmap up

front ensures that regulatory agency

requirements are established,

understood, and executed by the

entire development team and then

successfully met. The consequences

for not adopting a quality system early

in the development process could

mean incomplete identification of the

product’s clinical, customer (user and

patient), and regulatory path needs.

Moreover, failure to establish accurate

product requirements, and/or failure

9 Medtech Quality and Compliance: What You Need to Know Sponsored by

to access product use and design

risks in order to establish verifiable

risk mitigation strategies, can result in

significant financial costs if the product

does not meet customer and market

needs, if the product fails verification

and validation, or if the product does

not perform as intended in the field.

Many emerging companies are

often sold on a “one-size-fits-all”

quality system. While compliant with

international and U.S. medical device

regulations, such systems typically

involve a suite of binders, documents,

and forms that don’t take into account

a company’s stage of development and

that may even call out departments

that don’t yet exist. These complicated

systems often end up on the shelf

after overwhelming a small startup

team with confusing documents

that don’t apply to the company.

On the other hand, a quality

system tailored to fit the scope of

a company’s business operations

can be strategically developed and

appropriately sized to grow with the

company, not the other way around.

QS development typically takes

into consideration the following:

• At the concept development

phase and the engineering

evaluation and development

planning phases of the product

development process, the quality

system planning elements should

include, at a minimum, processes

to fulfill the ISO 13485 and the

FDA Quality System Regulations,

including management review,

documentation controls,

personnel, and design controls.

• As the product evolves into

detail engineering design and

process development planning,

10 Medtech Quality and Compliance: What You Need to Know Sponsored by

the quality system elements for

purchasing controls, supplier

controls, production and process

controls, equipment calibration

and maintenance processes,

nonconforming product, and

corrective and preventive action

are added.

• Upon transition into pilot

production for design qualification

and product commercialization,

customer-related processes for

distribution, installation, servicing,

and complaint handling are

implemented into the quality

system.

Depending on the company’s

business strategy and regulatory

path, the most effective route is to

engage an experienced professional,

either as a consultant or as a full-time

resource, who will take into account

product development needs and

provide training in quality use and

implementation.

A company whose product approval

path is a 510(k) for a relatively

simple product design, and which

utilizes contract design firms and

manufacturing sources, is most likely

to engage a quality system consultant

throughout the entire product

development process. On the other

hand, a startup whose product is quite

complex, requiring clinical evaluation

for CE Mark or FDA PMA approval

and being developed internally and

externally, might initially work with a

quality system consultant, but would

eventually hire a permanent resource

as development progresses into

product realization and clinical use.

The best time to develop a quality

system is before it’s needed. Delay in

implementation can lead to financial

and personnel resource investments in

the development of a product that fails

to meet market approval or adoption.

11 Medtech Quality and Compliance: What You Need to Know Sponsored by

How easily can you trace

every lot, batch, or unit

of product? The answer is

important. In fact, it will be

a factor that defines your

medical device company’s ability to

prosper.

Between the FDA’s requirement for

unique device identifier (UDI) and the

regulatory scrutiny of device history

records (DHRs), traceability is always

a hot topic in the medical device

industry. But the challenge is that no

single department or system has the

entire answer. Traceability requires

information from across all aspects of

the operation.

Fortunately, modern information

systems can reach across the

organization to collect, collate and

assemble the DHR automatically,

without paper— creating the

electronic DHR (eDHR). But this is

not a straightforward IT issue and

is one that standard enterprise IT

applications such as enterprise

resource planning (ERP), business

intelligence (BI) and quality

management systems (QMS) are

not likely to be able to handle.

These applications aren’t designed

to handle the huge volume and

numerous variants of DHRs across

Julie Fraser, Principal and Founder, IYNO Advisors

This Advice Will Help You Improve Your Device History Records

12 Medtech Quality and Compliance: What You Need to Know Sponsored by

an organization, and are typically

structured around documents, which

doesn’t deliver any benefits beyond

quality control and compliance.

The best way to generate eDHRs is by

means of manufacturing execution or

manufacturing operations management

(MES/MOM). Much of the core DHR

information comes from the production

plant (e.g. dates and quantity

manufactured and released, acceptance

records, labels). You need systems that

focus on data, versus merely engaging

in document management. MES/MOM

systems are first and foremost designed

to provide visibility, enforcement and

control to the production process. They

generate these compliance records as a

by-product.

Granted, having full control

inside the production floor does

not necessarily guarantee complete

traceability will be available. So the

best modern MES/MOM systems have

a broad footprint to include quality

and maintenance. They also can pull in

data from other systems. In fact, all of

the elements required in an eDHR can

be recorded by this type of MES/MOM

system, and that will delight auditors.

Beyond that, the MES/MOM will

enforce standard operating procedures

to improve compliance, while also

making data about the product and

process available instantly.

What other uses might you find for

this type of system and the data it

produces? Here are a few:

• For planning to update actuals,

materials usage and scrap rates,

enable personnel scheduling

and planning, financial planning

and forecasting for both costs

and revenues timing, and

customer order promising based

13 Medtech Quality and Compliance: What You Need to Know Sponsored by

on a far more accurate view of

what is likely to be available to

ship when.

• As production proceeds to

guide operators, technicians,

quality and engineering activities

and prevent production and

documentation errors; also to see

production status, materials or

parts problems, actual-to-plan as

it changes, and performance per

plant, operator, product, or piece

of equipment.

• After the fact to analyze for

best practices, and in other

departments to make critical

decisions about new product

design, introduction into various

regional markets, outsourcing

readiness, supplier and parts

performance, and all sorts of

weekly, monthly and quarterly

reporting by operations and

finance.

• In predictive mode during

technology transfer, joint

venture planning, capital

planning, new plant

expansions, financial warranty

reserve planning, and new

product development.

So traceability can be seamless

across many disciplines in the

enterprise, and it can deliver them

all benefits. Taken in aggregate,

this becomes a company-wide

effectiveness and profitability

opportunity. Will you seize it?

14 Medtech Quality and Compliance: What You Need to Know Sponsored by

It’s important to ensure you have the

correct terms in contracts for services

before you sign on the dotted line.

Companies across the globe

in all sectors are reducing fixed

costs as a means to increase

corporate profitability. To reduce

fixed costs, companies often shift

work previously done by internal

resources to outsourced service

providers. Additionally, small and

midsized companies face the issue

of needing particular skill sets or

technical resources to complete

critical projects but not having the

financial resources or critical mass

to acquire those resources internally.

Regardless of whether your company

is using or providing outsourced

services, it is critical that the parties

enter into a complete and well-defined

contract for the services that are to be

provided. Having the correct terms in

contracts for services is of even greater

importance to companies regulated by

FDA, such as those in medtech, than

for those in unregulated industries.

Therefore, it is paramount for

medical device companies to ensure

that contracts for services address

key requirements, legal terms, and

specifications.

Contracts for services are governed

Henry Kopf, Attorney; Amish Patel, Attorney, Revolution Law

The Medtech OEM’s Guide to Contracting for Services

15 Medtech Quality and Compliance: What You Need to Know Sponsored by

by common law principles, as opposed

to the purchase and supply of goods

which are governed by Article 2 of

the Uniform Commercial Code. More

information on the purchase and supply

of goods can be found in a companion

article. Common law contracts generally

have a higher legal standard to establish

the formation of a contract because

of the mirror image rule. Unlike UCC

Article 2, the common law mirror image

rule requires an offer and acceptance

of the offer to be mirror images of

each other. In a contract for services,

there generally is one document that is

signed by both parties, which defines

the specific terms under which the

parties agree governs the terms of their

service relationship.

Contracts for services can be easily

misconstrued, vague, or unclear

because of the intangible nature of

services. Therefore, it is especially

critical to have contracts for services

carefully drafted. In the event of a

contract dispute, a well-drafted and

comprehensive contract will include

16 Medtech Quality and Compliance: What You Need to Know Sponsored by

provisions to facilitate resolution

without the judicial process. Delay

of deliverables, inferior service

quality, payment disputes, and other

anticipated issues should also be

addressed within a well-drafted

services contract. The exercise of

formally memorializing the terms of a

contract in writing will also assist the

company in reviewing and verifying

the specific details of the project.

Consequently, the process of drafting

a well-defined and granular contract

will help to not only avoid potential

future legal disputes, but also improve

the chance of successful business

execution of the overall project.

Service contracts should always

include, at minimum, basic contract

provisions that address confidential

information and intellectual

property (IP). Depending on

the nature and type of service

provided, these provisions can

range from short clauses stating

the basic requirements of each

party to extensive contract sections

addressing confidential information

and IP in great detail. Properly

drafted IP clauses will address

the ownership of newly created

IP, confirm ownership of existing IP,

and ensure the proper transfer of

any IP created during the service to

the intended party in the event the

IP vested in the unintended party by

accident or matter of law. For example,

absent specific contract provisions, the

transfer of all the IP rights associated

with outsourced custom software to

the purchaser is not guaranteed by

just paying for the development of the

custom software.

Engineering and product design

services are a common area that

17 Medtech Quality and Compliance: What You Need to Know Sponsored by

medical device companies enter into

service contracts. Contracts for these

types of engineering services need

to clearly define the specification

and requirements the product will be

designed to meet. Additionally, any

and all applicable third-party standards

the designed product is to meet

should be specifically addressed. The

parties should identify the countries

the ultimate product is planned to

be marketed in as the standards for

regulatory approval vary by country.

In the United States, FDA maintains

a database of consensus standards.

These types of standards undergo

revisions regularly and will differ

for Canada and the EU. Once the

engineering firm completes the design

process, contractual provisions

should be in place to require

the engineering firm to provide

the contract manufacturer with

the documentation, assembly

instructions, design files,

drawings, part numbers, and

specifications needed to properly

manufacture the medical device.

These provisions often get

overlooked but are critical to

avoid future business disruptions

that may occur once the product

is transferred to manufacturing.

In contracts for testing

services, whether sterility testing,

analytical testing, or mechanical

testing, the parties need to include

the specific testing methods and

protocols that will be used during

the process. In the case of a first-to-

market revolutionary medical device,

new test methods and protocols

may also need to be developed. As

18 Medtech Quality and Compliance: What You Need to Know Sponsored by

a result, the analytical methods used

to validate the new test methods and

protocols need to be soundly defined

in the testing services contract as

well. Furthermore, the data output

and reporting requirements from the

testing facility should be well defined

such that the results of the testing can

be easily used by the sponsor going

forward.

Many sponsors will contract with

a contract research organization

(CRO) to assist with validation or

help navigate the FDA submission

process as it can be lengthy and filled

with regulatory hurdles. Whether

submitting a 510(k) application or a

PMA, supporting documentation and

certifications are required by FDA.

The coordination and oversight of

these requirements necessitate careful

forethought and the responsibility

should be contractually delegated

to the appropriate parties. Sponsors

should ensure the contract defines

the parties responsible for providing

the supporting documentation for

submission in the device application.

If the sponsor plans to rely on certain

documentation or certificates provided

by the engineering firm or contract

manufacturer, contractual provisions

requiring timely compliance should be

included.

In addition to the points discussed

above specifically for the medical

device industry, a well-drafted

contract for services will also answer

fundamental questions such as the

following:

• What specific services are

provided?

• What is the acceptable level of

service quality?

• How are defects and service

interruptions corrected?

• What are the milestones,

deliverables, and timelines of the

service?

• Are there progress payments

due under the contract? Ideally,

any progress payments should

be linked to a tangible contract

milestone.

• What are the payment terms

and how are payment disputes

addressed?

19 Medtech Quality and Compliance: What You Need to Know Sponsored by

• Are the overall services provided

on a regular basis? Is there a

need for separate project-based

scope of work agreements?

Which contractual provisions

control between the master and

scope of work agreement?

Contracting for medical device

services can bring unique

challenges simply due to the nature

of the services and the highly

regulated environment. Contracting

for services in the medical device

industry often requires thorough

review, careful drafting, and

strategic negotiations by your

expert legal counsel. Engineering

firms, contract manufacturers,

and sponsors should spend time

upfront to ensure that the scope of

services is clearly defined and that

adequate safeguards are in place

to provide a resolution should a

dispute arise.

The information contained in this article, and in material referenced within, is intended for informational and educational purposes only, and does not constitute legal, financial, accounting, medical or other professional advice.

20 Medtech Quality and Compliance: What You Need to Know Sponsored by

Q&A-Navigating the Medical Regulatory Landscape: Our Experts Answer Key Questions

Mike Gaul, Group Vice President, Medical Manufacturing and Design, overseeing all Sparton medical manufacturing facilities

Grant Palmer, Vice President, Quality and Regulatory, Irvine, CA Sparton Design Center

Dennis Hoffman, Quality and Regulatory Practice Manager, Pittsford, NY Sparton Design Center

S P O N S O R E D C O N T E N T

Performing due diligence around regulation, quality and standards, and

reducing financial and legal risk, is especially critical for the medical device

industry. Sparton gathered together three of its experts to provide their

thoughts on current regulatory challenges and how to manage them.

21 Medtech Quality and Compliance: What You Need to Know Sponsored by

What are some of the top regulatory issues being discussed in the industry?

MG: One of the hot topics we see today

is point-of-care devices. That basically

refers to where the patient is. So, it

could be the home, the doctor’s office.

There are many applications that run off

an iPhone®, for example. So for HIPAA

requirements, the question is: is the data

safe? This is a huge, growing market,

and there’s a lot of uncharted territory.

Everything related to software is very

relevant now, too.

DH: In terms of software development,

I would say that the FDA is increasingly

focused on measuring your process.

Organizations should be following IEC

62304, the international standard for

the lifecycle requirements of medical

software that can give you a yardstick to

measure your process.

GP: Related to software and devices,

both the FDA and the Europeans are

very interested in cyber security. How do

you maintain security across networks?

How do you stop somebody from

breaking in by way of an insulin pump or

pacemaker? Everyone’s very excited by

the Internet and the interconnectedness,

but sometimes we have to keep the

cyber security threat in mind and prevent

violation of European and U.S. privacy

laws.

MG: There’s also UDI [Unique Device

Identification]. The FDA released its final

rule in 2013 and it is being phased in over

the next few years. On each device you’ll

have to submit documentation, have a

unique identifier on all the instruments

and file with the FDA. So if there’s a

problem, they can quickly find out who

made it and when it was made. It’s not

a new act, but it is new in a sense that

it’s now becoming effective and there

are still a lot of companies out there that

don’t fully understand it.

GP: Organizations should also know that

regulations and standards are moving

towards a risk-based approach. They tell

you less of what you specifically have to

do and instead give broader guidelines.

S P O N S O R E D C O N T E N T

22 Medtech Quality and Compliance: What You Need to Know Sponsored by

For example, instead of indicating that

you must test a device at four volts, you

need to first do a risk assessment of what

voltage you should test it at. It pushes

that process forward into the design

and how you’re building your test plans.

Consider pacemaker leads—the standard

was specified at 10 years, but many were

left in longer and they caused problems

and resulted in recalls. The FDA is shifting

the responsibility for appropriate timing

and other criteria onto the manufacturer.

What tends to be surprising or confusing for manufacturers about the medical regulatory process?

MG: Many of our customers are

very savvy and knowledgeable about

regulations. But smaller companies, and

especially start ups, don’t fully understand

the regulations—especially the time

that’s required, or how ambiguous the

language can be. With the FDA and even

ISO, there are established milestones and

requirements to be met, and rules are

communicated in very broad statements.

For example, “The instrument shall

be safe and effective for use.” If it’s

ineffective and there’s an audit, they’ll be

looking for literally hundreds of pages

of documentation. It’s just one simple

sentence, but they’re expecting you

to have all the processes in place and

everything done.

GP: I would agree that there is less

understanding about published vs.

realistic timelines, both in Europe and

the US. Particularly in the U.S., there are

fairly firm guidelines by which the FDA

has to respond to a particular application.

We try to help customers understand

the subtleties of the timelines—that 90

days doesn’t necessarily mean 90 days—

and help them understand that the FDA

can ask questions and that might stop,

restart, or even reset the clock.

MG: Also, not all customers realize

that other countries, such as China

and Korea, are developing their own

standards and governing bodies

separate from ISO 13485 and the FDA

regulations in the U.S. While these are

very similar, there are some nuances.

So you have to know which country

S P O N S O R E D C O N T E N T

23 Medtech Quality and Compliance: What You Need to Know Sponsored by

you’re going to market in and consider

that early. Even if you’re making a

small change, you may want to move

the product from the U.S. and do some

additional testing in that country.

Otherwise, you may have to spend

another three to six months doing

additional testing and validation so that

you can ship it to that country.

GP: I would add that there’s also a whole

area of regulation that manufacturers

don’t necessarily think about on the front

end, and that’s Medicare reimbursement.

Particularly in the U.S., but in other parts

of the world as well, reimbursement is

key. It’s great to get a device approved

and on the market—but what if Medicare

won’t cover it?

There’s a perception that medical regulatory change is “constant”—is this true?

MG: No, I don’t think so. Whether it’s

ISO or FDA, they don’t change that

often—most have been around for

many, many years. The changes never

happen immediately, there’s almost

always a long period where drafts are

published, commented on, revised and

then finally enacted. Then there’s another

longer period of two to four years for

implementation. The issue is more that

customers don’t keep up with these

notifications and changes, especially

when they begin so far in advance—it’s

just not their area of expertise.

DH: There isn’t constant change, but

someone does need to keep an eye on

the changes—each of the baby steps and

gradual changes—for both regulations

and standards. If there’s no one in the

shop charged with regulation, they might

miss the bus slowly coming up over

the hill. Then you have potential non-

compliance, loss of revenue and several

months of work to get up to speed.

What are the risks of non-compliance with medical regulations?

MG: First let’s clarify that ISO is a

standard that’s there to help you ensure

you’re making a good product. The FDA

regulations are actual laws, and so

S P O N S O R E D C O N T E N T

24 Medtech Quality and Compliance: What You Need to Know Sponsored by

noncompliance can range from warnings,

seizures and fines, to criminal convictions

and the closing of your facility. Many

companies are surprised to hear that the

FDA can very quickly come in and shut

you down if your product isn’t safe and

effective. The non-compliance events can

follow leadership and managers around

in their careers, because they were in

charge when it occurred.

DH: You absolutely do not want to get a list

of non-conformances and a warning letter.

It’s like handing a gift to your competitors.

It’s very public and worded in a way that

repeats the regulation explicitly without

specifics about you or your company.

So the context, or any mitigating factors,

won’t be evident in the letter.

GP: Even without the serious outcomes,

noncompliance can run your business

ragged—you’ll need to resubmit all

the documentation. And the next time

you submit, the regulators—with good

reason—are going to look twice as hard.

They can visit your operations. I know of

one company with serious quality issues

where the FDA was onsite for over two

years. Instead of a team of three to four

people, you’ve got a team of eight trying

to manage it, which takes resources

away from engineering, marketing and

customer service.

How important is it for a company to have or to seek out regulatory expertise?

MG: If you don’t have that person

available, somebody else is going to

make the decisions about regulation,

design and manufacturing—and they

may or may not make the right decision.

Especially with new, smaller companies

and start-ups, we hear people saying,

“I think I can get this approved” or “It’s

fine. Let’s ship it.” Where a regulatory

person would look at that and say,

“Let’s validate it, let’s redo testing, let’s

get engineering involved. Let’s go back

and look at the original specs of the

S P O N S O R E D C O N T E N T

25 Medtech Quality and Compliance: What You Need to Know Sponsored by

equipment.” With customers who come

to us just for manufacturing, we’ll find

things that need to be redone because

their people, either internal staff or

outsourcing vendors or partners, weren’t

versed in compliant medical device

design.

GP: The deeper expertise comes into

play when you’re comparing what’s

written in the law and what actually

gets done. The regulations should be

understood as a broad framework with

interpretations that vary. You have to

understand what the regulations mean,

but you also have to understand where

the particular regulators are at that

particular time and whether an issue

or recall is suddenly generating more

scrutiny. The FDA reviewers have their

own timelines, their own pressures,

and their own budget issues—seasoned

regulatory experts understand that

and know how to work and negotiate

with them. There’s some sensitivity and

creativity in this process.

DH: I agree— the regulatory field

is mostly gray scale, and a strong

interpretation skill set is key. You can’t

just get a college degree in regulatory

affairs; it requires lots of hands-on

experience working with the regulations

and diverse manufacturers and really

understanding the customer’s needs,

goals and products.

In terms of medical regulations, what should companies look for when they’re hiring a design or manufacturing partner?

MG: You want a partner that’s

accountable for the quality and

compliance from the outset. Some

outsource companies will manufacture

the products, but make the customer

responsible for the final quality and

testing. Then, if there’s a problem, it’s up

to you to solve it. Your partner should

also have highly experienced people

who have worked with medical devices

for 15-20 years or more. They should

be involved up front at the research,

development and design stages—this

S P O N S O R E D C O N T E N T

26 Medtech Quality and Compliance: What You Need to Know Sponsored by

is the utmost importance. They should

understand regulations, both domestic

and international. I think there are a lot

of firms out there that know one or the

other but not both. Staff should have

gone through multiple products and FDA

audits. They should keep up with the

regulations and attend seminars.

GP: When you have something that’s

not like anything out there, you want a

partner that can educate and guide you

through the process. They should not be

afraid to critique your plans, be honest

with you about timeframes and costs

and clinical studies. Quite frequently we

have these conversations with clients

when what they want to do might not

work within the regulatory framework.

But we get creative, recommend

compromises and try to make the best

of their particular situation.

MG: Aside from assessing the value

your partner will provide, in terms

of expertise and guidance, consider

their record. Do a deep dive and ask

the questions: What is their approach

to quality? To regulatory compliance?

Have they or their customers had any

regulatory issues, fines, or problems

with the FDA? When was their last audit?

How big is the regulatory staff? Do they

have a clear, rigorous and documented

business process?

DH: Be thoughtful about using an outside

consultant versus a full outsourcing part-

ner. The main problem is that consultants

come and go, and they don’t see every-

thing that you’re doing. They can give

you great advice, give you a list of things

to do and come back in three months to

make sure you’re in compliance. But it’s

all the other day-to-day work where, if

you miss something, it can end up really

hurting you. The key is to find somebody

that lives and breathes it 24/7. You can

hire consultant resources, which is very

expensive—about $95,000- 120,000 a

year—or you can outsource to somebody

that already has those resources and pulls

from multiple programs and areas of

expertise. It’s a question of value.

S P O N S O R E D C O N T E N T

27 Medtech Quality and Compliance: What You Need to Know Sponsored by

S P O N S O R E D C O N T E N T

Conquer Complex Challenges

Complexity Challenge: Quality

Gordon Madlock, Senior Vice-President of Operations at Sparton, speaks to one of the top Complexity Challenges in medical manufacturing: Quality.

Conquering Complexity in Medical Device Contract Manufacturing

See first-hand how the Sparton Production System enables us to excel across all business capacities and drive performance excellence with medical applications that become more technologically advanced every year.

Complexity Challenge: Innovation

Steve Korwin, Senior Vice-President of Quality & Engineering at Sparton, speaks to one of the top Complexity Challenges in medical manufacturing: Innovation.

28 Medtech Quality and Compliance: What You Need to Know Sponsored by

Your guide to the must-read FDA

guidance documents of 2015.

This year has been highly productive for

FDA. Among the agency’s many achieve-

ments are several guidance documents

that have substantial, positive implications

on portfolio productivity and strategy. The

following six guidance documents issued

in 2015 merit careful consideration by

every device manufacturer.

Gordon MacFarlane, PhD, RAC; Sandra D. White, MS, RAC; Cynthia Nolte, PhD, RAC, ICON plc.

The Six 2015 FDA Guidance Documents You Need to Know

Adaptive Designs for Medical Device Clinical Studies (Draft Guidance)What FDA Says: FDA has identified when and when not to utilize an

adaptive design, useful types of designs, challenges, and regulatory

considerations. This document provides an excellent basis for manufacturers

to clearly understand FDA’s view on adaptive designs.

Implications: Device manufacturers should take note of FDA’s recognition

and endorsement of the use of adaptive designs where appropriate. In our

experience, adaptive designs have strengthened decision making, increased

the quality of collected clinical evidence, and improved time-to-market and

product valuations (particularly when applied across a portfolio).

29 Medtech Quality and Compliance: What You Need to Know Sponsored by

The Path Forward: Device makers

cannot simply borrow protocols

from adaptive designs utilized in

pharmaceutical trials. Also, teams

inexperienced in adaptive designs

may introduce bias to a trial that can

complicate characterization of the true

effect of the investigational device;

poor designs can also confound the

interpretation of study results when a

pre-planned adaptation causes data

collected before the adaptation to be

insufficiently similar to those after the

adaptation.

Manufacturers should determine

whether adaptive designs are

appropriate for trials in their portfolios.

Manufacturers will need expertise

and technology infrastructure,

either through hiring internal staff

or an experienced contract research

organization, to simulate, design, and

execute these studies with medical

device-specific standard operating

procedures.

Acceptance of Medical Device Clinical Data from Studies Conducted Outside the United States (Draft Guidance)What FDA Says: Clinical trials are con-

ducted across a widening range of

geographies. FDA has confirmed its

acceptance of data from clinical inves-

tigations conducted outside of the

United States, including the European

Union, provided the applicant dem-

onstrates that the conducted trial met

United States standards and require-

ments (21 CFR 50, 56, 812, 814).

Implications: Compliance with good

clinical practice, informed consent,

and local clinical trial regulations

should produce data that is procedur-

ally acceptable for U.S. marketing

30 Medtech Quality and Compliance: What You Need to Know Sponsored by

submissions. The guidance provides

concrete examples.

The Path Forward: Sponsors must

be aware of differences in clinical

conditions, standards of care, study

populations, and local regulatory

requirements, as these factors also

influence acceptability of data.

The Pre-Submission process is

highly recommended to assess the

acceptability of the outside of U.S.

data, as is early engagement with

FDA to define requirements prior to

enrollment.

Expedited Access for Premarket Approval and De Novo Medical Devices Intended for Unmet Medical Need for Life Threatening or Irreversibly Debilitating Diseases or Conditions (Final Guidance)What FDA Says: FDA has established

processes for the Expedited Access

PMA (EAP) program, which can accel-

erate the evaluation of devices that

fulfill unmet medical needs for life-

threatening or irreversibly debilitating

conditions.

Implications: Sponsors can negotiate

what data will be collected before and

after clearance/approval.

The Path Forward: The EAP program

does not change the total amount of

data or information to be collected,

just the timing of data collection. Early

engagement with FDA is critical to

define expectations.

Manufacturing Site Change Supplements: Content and Submission (Draft Guidance)What FDA Says: The draft guidance

defines a manufacturing site change,

when to submit a PMA supplement for a

site change, what documents to submit,

and the factors FDA intends to consider

when determining whether to conduct

an establishment inspection prior to

approval of a site change supplement.

Implications: This guidance provides

excellent detail on the documentation

needed to support approval and the

31 Medtech Quality and Compliance: What You Need to Know Sponsored by

inspection process, including exam-

ples for a site change supplement

versus 30-day notice. The submis-

sion content is helpful and provides

insights as to when inspections will

likely be conducted.

The Path Forward: As this is a draft

guidance, uncertainty remains. To

mitigate surprises, ensure your qual-

ity assurance department is aligned

with the guidance, is involved in the

site change from the beginning of the

project, and signs off on the contents

in the application to FDA.

Refuse to Accept Policy for 510(k)s (Final Guidance)What FDA Says: FDA added elements

to the Refuse to Accept checklist,

including useful exam-

ples and page numbers

where relevant infor-

mation is to be found.

Implications: The

expectations are more

clearly defined and

should lead to a greater

percentage of accepted

submissions.

The Path Forward:

Sponsors must be

more explicit and complete in appli-

cations than before. Testing must be

completed prior to submission of an

application; it is no longer a viable

strategy to submit and then complete

testing during the review cycle.

Follow the checklist closely, providing

all information requested. Use the

comments sections to expand or

explain aspects that may vary from

expectations.

32 Medtech Quality and Compliance: What You Need to Know Sponsored by

Information to Support a Claim of Electromagnetic Compatibility (EMC) of Electrically-Powered Medical Devices (Draft Guidance)What FDA Says: FDA recognizes that

multiple national and international

standards may apply to medical

devices; this guidance consolidates

requirements in one place.

Implications: The guidance has

clear and consistent information for

demonstrating electromagnetic

compatibility.

The Path Forward: Sponsors will

still need to refer to individual

recognized standards for specific

details of the requirements. This

guidance is intended to be used

in conjunction with other guid-

ance documents to define specific

requirements.

33 Medtech Quality and Compliance: What You Need to Know Sponsored by

Here are some tips for medi-

cal device manufacturers

to effectively implement

the UDI rule and facilitate

improved patient care and

supply chain management.

FDA is requiring all medical device

manufacturers to use a Unique Device

Identifier (UDI) in labeling and also

asking that this information be plugged

into the global UDI database (GUDID).

Over time, this system will allow

industry to follow a medical device

from its origin through to implantation

and documentation for insurance

purposes. To meet the FDA UDI rule,

organizations should adopt a strategy

that includes all of the following:

I. Process & Technology

II. Master Data Management

III. Organization Change

Management

Strategy in detailI. Process & Technology: Changes to

manufacturing systems and associ-

ated processes should include:

i. Labeling of products as per the UDI

format prescribed by FDA

ii. Bar-code scanning of products to

auto-capture label information

iii. Quality control checks to verify

accuracy of captured data

Kunal Verma, Principal - Life Sciences Business Consulting stream; Dinesh Peter, Consultant - Life Sciences Business Consulting stream, Infosys

Business Strategy for Unique Device Identifier Adoption

34 Medtech Quality and Compliance: What You Need to Know Sponsored by

Regulatory division must be trained

to collate and submit data to GUDID.

Smaller companies may collate and

submit the aggregate data by a manual

labor-intensive process. However, for

large device companies, the following

master data management strategy will

simplify the process of aggregating

data from multiple data sources and

also improve operational efficiency. The

aggregate data may be submitted to

GUDID in an XML format through FDA’s

Electronic Submissions Gateway (ESG)

or by employing the services of third-

party agencies.

II. Master Data Management (MDM): In a

typical manufacturing setup, there is inter-

action of multiple data elements as well

as constant generation of new data. For

35 Medtech Quality and Compliance: What You Need to Know Sponsored by

efficient operation, device manufactur-

ers must employ a robust MDM strategy

that involves the following steps:

1) Extract master data to policy

hub: MDM should include all

data entities that pertain to

various business functions

associated with UDI and those

which can be used in tracing

and identifying the product, its

associated components, suppliers,

as well as distributors and end-

customers. Extract such key data

elements outside of the lines of

business, to a policy hub, where

unique identifier creation can be

standardized and management

of attributes necessary for UDI

compliance is more streamlined.

2) Data quality standards:

Establish data quality criteria

and processes to be in line

with systems setup for UDI

compliance.

3) Reconcile and rationalize: Setup

monitors to identify and track

issues associated with data.

Ensure that data is rationalized

for structure, uniformity, and

completeness. Compliance of

data, with established business

rules, at all times should also be

ensured.

4) Synchronize participating systems:

Automate regular synchronization

of master data with all

participating systems to facilitate

audit-readiness of data, and to

ensure that the data submitted to

FDA is never incomplete.

5) Monitor changes and updates:

Establish a QA process to

maintain cleansed master data.

Assign ownership to ensure

effective MDM. In addition,

36 Medtech Quality and Compliance: What You Need to Know Sponsored by

clearly communicate that the

accountability for quality and

integrity of data lies with all

individuals who interact with data

directly or indirectly.

Coordinate all above activities

through a governance strategy that cuts

across programs, lines of business and

geographic regions. The objective of

MDM strategy, from a UDI compliance

and scaled-up operational efficiency

perspective, should be to establish a

centralized data source that provides

“one version of truth” at any given

time. This can be achieved by defining

policies, processes, roles, and

responsibilities under an umbrella of a

centralized governance model. High

quality aggregate master data can be

attained and sustained by adhering to

the defined governance model.

III. Organizational Change

Management: UDI adoption is much

more than a simple IT transformation

exercise. Organizational alignment

and stakeholder buy-in at all levels are

needed for effective UDI adoption. Here

are five steps to help achieve the same:

1) Leaders need cooperation:

Impacts of changes to systems

and business due to UDI adoption

should be well understood and

all stakeholders should be made

aware of the same. Leadership

should devise strategies to

facilitate quicker buy-in of changes

by employees who are directly

impacted by UDI adoption.

2) Alter strategy & vision: Articulate

strategic objectives and business

benefits for UDI adoption to all busi-

ness units involved. Leadership

vision should highlight the out-

comes of a standardized business

process, while at the same time,

acknowledging inherent differences

across and within business units.

3) Culture shift: UDI adoption requires

a clear understanding and respect

for business needs. Change in

culture will garner the requisite

support from all employees

involved. To instigate culture

change and to achieve effective

collaboration, align people key-

performance indicators (KPI) to

UDI adoption program metrics.

37 Medtech Quality and Compliance: What You Need to Know Sponsored by

4) Different ways to work: Monitor

work output of the teams that

are directly impacted by the

changes, for the first few weeks

of implementation. Accordingly,

develop new ways of working to

mitigate the effects of impact.

5) Job and organization design:

Provide adequate technical

support and training till

operations stabilize. Support

any organizational realignment

requirement stemming from

changes due to UDI adoption.

Future potential of UDI systemImplementing the prescribed

strategy for UDI adoption will enable

regulatory compliance and facilitate

efficient scaled-up operations. The

UDI mandate has the potential to

improve patient safety, make supply

chain more efficient, and give the

healthcare industry a standardized

identification system. Full potential

can be realized only if the following

ideas materialize:

1. Distributors, Group Purchasing

Organizations (GPO), healthcare

providers (HCP), and payers adopt

UDI.

2. UDI is captured in EHRs and

all hospitals are able to access

these EHRs. During emergency

clinical situations, having

the functionality to tap into a

patient’s EHRs will facilitate swift

identification of any implants

in the patient’s body and help

doctors make an informed

surgical decision.

3. Hospitals’ inventory management

systems are able to track incom-

ing product recall alerts by the

UDI information and prevent phy-

sicians from using the blacklisted

devices. This will prevent acciden-

tal medical mistakes.

4. A national medical device iden-

tification system with tracking

functionalities is developed, and is

accessible by hospitals’ inventory

management systems to confirm

device authenticity. This will pre-

vent fake devices from being used.

38 Medtech Quality and Compliance: What You Need to Know Sponsored by

Future business processIn the future, when all stakeholders

adopt the UDI system, this is the

business process we envision:

The device manufacturer’s Inventory

Management System would be

mapped to include details of device

movement transaction history

throughout the healthcare ecosystem,

including the patient in whom the

device is implanted. The healthcare

provider’s supply chain system, patient

billing system, and EHRs would also

link the device to the patient, with UDI

as the key. This device-patient linkage

would not be restricted to class III

devices alone, but would include all

devices that have clinical usage.

Thus, in time-critical situations

such as a product recall, identifying

patients and sending recall-

related communication would be

expedited.

ConclusionIn this article, we have presented

the ideal business strategy

for UDI adoption. Once device

manufacturers and all other

stakeholders adhere to the UDI

system, the hoped-for benefits

in patient care and supply chain

management may be seen.

39 Medtech Quality and Compliance: What You Need to Know Sponsored by

FDA is building a medical device

reference catalog through its

Global Unique Device Identi-

fication Database, which it is

opening to the public.

FDA has opened the Global Unique

Device Identification Database

(GUDID) to the public. The database

will serve as a reference catalog for

every medical device with a unique

device identifier, or UDI.

The public can download the entire

database or certain parts through

AccessGUDID, a portal created by FDA

and the National Library of Medicine.

They will not need a GUDID account. In

this beta release of AccessGUDID, basic

search and download functions are

available, but there’s not much to search

on yet. This first phase of a five-year

rollout applies only to Class III devices.

Under the UDI final rule, the labeler of

each medical device (in most instances,

the device manufacturer) must submit

information about that device to the

GUDID, unless subject to an exception

or alternative, the agency said. Single-

use device reprocessors, convenience

kit assemblers, repackagers, and rela-

belers are also considered labelers.

Labelers need a GUDID account to

submit UDIs through the GUDID Web

Interface or the HL7 SPL submission.

Most devices will be required to have

a UDI on their label and packaging,

and for certain devices, on the

product itself.

A UDI has two components:

1. A Device Identifier (DI) - A unique

numeric or alphanumeric code

specific to a device version or

model.

Nancy Crotti, Freelance Writer

FDA Opens GUDID to the Public

40 Medtech Quality and Compliance: What You Need to Know Sponsored by

2. Production Identifier(s) (PI) -

Numeric or alphanumeric

codes that identify production

information. That can include the

lot or batch number, serial number,

expiration date, and manufacture

date. For cell or tissue-based

products regulated as devices,

the distinct identification code

also allows the manufacturer to

associate the HCT/P to the donor.

The public will only have access to

the DI, the agency said.

Labelers had until Sept. 24, 2014 to

submit UDIs for Class III devices. The

labels of implantable, life-supporting

and life-sustaining devices must bear a

UDI by the same date of this year.

Making UDIs available on a database

is one thing. Having them on payments

from hospitals to Medicare and Medicaid

is apparently another. Officials at the

U.S. Centers for Medicare & Medicaid

Services (CMS) apparently complained

earlier this year that including such

information would present too many

technical hurdles and costs, according to

The Wall Street Journal.

A study published in Heart Rhythm

in 2011 supports the notion that the

system would be costly for Medicare.

Organized by University of Chicago

and Northwestern University, the study

scrutinized how a faulty Sprint Fidelis

defibrillator lead from Medtronic

was implanted in 268,000 patients

before FDA pushed to remove it from

the market. While UDIs would have

helped manage the recall, the costs

to Medtronic could fall between $287

million and $1.19 billion over five years,

WSJ reported.

Officials at FDA and elsewhere have

been touting a UDI system as a way

to pinpoint problems with medical

devices more quickly, and save lives.

Advocacy groups in recent years

claimed that recalled cars carry more

identifying information than recalled

pacemakers do.

41 Medtech Quality and Compliance: What You Need to Know Sponsored by

With billions

of dollars in

contracts at stake,

medical device

manufacturers

are pushing to conform to ISO 13485

regulatory requirements.

To achieve a comprehensive

quality management system for

designing and manufacturing

medical devices, manufacturers are

increasingly achieving ISO 13485

certifications. Officially designated

as ISO 13485:2003, this series of

international standards has widespread

commercial implications but is also

squarely focused on improving patient

safety. It requires that manufacturers

demonstrate the ability to provide

medical devices and related services

that consistently meet customer and

regulatory requirements. The newest

version of ISO 13485 supersedes such

earlier documents as ISO 13485:1996

and ISO 13488 (both published in

1996), as well as EN 46001 and EN

46002 (both published in 1997).

ISO 13485 was authored by

the Geneva–based International

Organization for Standardization

(ISO), the world’s largest developer

of international standards. In

order to avoid compromising their

Jodi Raus, Director of Regulatory, Clinical, and Quality Affairs, Nordson Medical

Medtech Manufacturers Rev Up ISO 13485 Certifications

42 Medtech Quality and Compliance: What You Need to Know Sponsored by

competitiveness, medical device

manufacturers are being pressured

to comply with this standard. Indeed,

for companies seeking access to

international markets, conformity with

ISO 13485’s regulatory requirements is

fast becoming a universal prerequisite.

Achieving ISO 13485 ComplianceFrom 2004 through 2012, a total of

22,237 ISO 13485 certificates were

issued worldwide in 93 countries,

according to the ISO. From 2010 to

2012, company certifications rose a

cumulative 18%—an average of 6%

per year. In 2012 alone, the percentage

of certifications doubled, increasing by

12% percent. Overall, the number of

certifications in 2012 was 240% higher

than that in 2011. In 2012, ISO certifica-

tions were highest in Italy, the United

States, and the UK. Today, the largest

number of certified companies is in

the United States, followed by Ger-

many and Italy.

A 2011 Covidien-commissioned

survey of 900 medical device

manufacturers showed that 37%

of responding companies had

become ISO 13485 certified to meet

regulatory requirements. At the same

43 Medtech Quality and Compliance: What You Need to Know Sponsored by

time, 31% had become certified

to support regulatory approval of

products or services, while 28% had

become compliant to meet customer

requirements.

ISO 13485 defines a medical device as

any instrument, apparatus, implement,

machine, appliance, implant, in vitro

reagent or calibrator, software, material,

or other similar or related article that

is intended by the manufacturer to

be used alone or in combination.

Receiving ISO 13485 certification

requires an evaluation of all aspects

of a company’s business processes

and procedures to confirm conformity

with the requirements outlined in the

standard. Registration signifies that

a manufacturer has implemented an

integrative management system

that complies with the applicable

regulatory requirements for quality

management.

To achieve ISO 13485 certification,

companies must develop written

policies for executing the following

tasks:

• Document and record controls.

• Internal auditing procedures.

• Controls for nonconformance.

• Corrective and preventative

actions.

• Process and design controls.

• Record retention.

• Accountability and traceability.

By achieving ISO 13485 certification,

medical device manufacturers can

hope to gain

• Access to markets that recognize

or require certification, including

Canada and Europe.

• Reduced operational costs by

highlighting process deficiencies

and improving efficiency.

44 Medtech Quality and Compliance: What You Need to Know Sponsored by

• Increased customer satisfaction

by consistently delivering quality

products and systematically

addressing complaints.

• Proven commitment to quality

by adhering to an internationally

recognized standard.

• Added transparency in handling

complaints, surveillance, or product

recalls.

ISO 13485 versus Other StandardsAlong with ISO 9001, ISO 13485

requirements are among the most

comprehensive of the approximately

19,000 standards developed by ISO,

serving as the model for quality man-

agement systems. The fundamental

difference between ISO 9001 and

ISO 13485 is that the former requires

companies to demonstrate continu-

ous improvement, whereas the latter

requires them only to demonstrate

that the quality system has been

implemented and maintained.

Although generally harmonized with

ISO 9001, ISO 13485 includes particular

45 Medtech Quality and Compliance: What You Need to Know Sponsored by

requirements for medical devices and

excludes some of the requirements of

ISO 9001 that are not appropriate to

quality standards in the medical device

manufacturing industry. Because of

these exclusions, companies whose

quality management systems conform

to ISO 13485 do not necessarily

conform to ISO 9001 unless they have

already acquired ISO 9001 certification.

Consequently, many companies are

certified to both standards. Specifically,

ISO 13485

• Views the promotion and awareness

of regulatory requirements as a

management responsibility.

• Expects companies to control

the work environment to ensure

product safety.

• Expects companies to focus on

risk management and design

transfer activities during product

development.

• Contains specific requirements

mandating how companies must

inspect and trace implantable

devices.

• Contains specific requirements

for documenting and validating

processes for sterile medical

devices.

• States that companies must

maintain effective processes for

designing, manufacturing, and

distributing medical devices safely.

While FDA does not formally

recognize ISO 13485 certification, the

quality system requirements covered

by Current Good Manufacturing

Practices overlap with many ISO 13485

requirements.

ISO 13485 addresses most, or all, of

the quality system requirements in the

U.S., European, Australian, Japanese,

and Canadian markets. Within the

46 Medtech Quality and Compliance: What You Need to Know Sponsored by

European Union, it is now considered

to be the standard for medical devices,

although such devices were previously

covered by the Global Harmonization

Task Force (GHTF) guidelines, which

are gradually becoming universal

standards for the design, manufacture,

and export of medical devices. Adopted

by the European Committee for

Standardization, ISO 13485 has been

harmonized as EN ISO 13485:2012.

Compliance with ISO 13485

is a necessary step in achieving

compliance with European regulatory

requirements. According to European

Economic Committee decrees,

medical device companies must

undergo a conformity assessment

to acquire the CE mark and receive

permission to sell a medical device

in the European Union. The preferred

method for proving conformity is to

certify the implementation of a quality

management system according to ISO

13485, ISO 9001, and ISO 14971. The

latter standard details the requirements

for applying a risk management system

to medical device manufacturing.

Patient SafetyPatient safety and risk management

remain critical focuses of increasingly

strict government and private sector

regulatory agencies. In turn, tighter

standards and regulations, such

as ISO 13485, are pushing medical

device manufacturers and suppliers to

change their operating procedures and

comply with the new guidelines. Fail-

ure to do so can cause them to lose

market share or even the ability to sell

their products in some markets.

Tens of thousands of medical device

manufacturers and their suppliers

internationally have adopted ISO

13485, and thousands more are

moving through the approval process

at escalating rates. Ultimately, this

development will benefit patients.