ComplianceAcuity

Blog

ISO 13485: Design & Development Obligations of Contract Manufacturers

Posted by Kevin Randall In Contract Manufacturing, Design & Development, ISO 13485 0 comment

March 29, 2023

ISO 13485: Design & Development Obligations of Contract Manufacturers

 

As a general rule, a contract manufacturer who doesn’t perform any design and development for the subject device is thereby not required to have design and development in the scope of that contract manufacturer’s ISO 13485 certificate.  So its certificate scope statement would be something like, “The contract manufacturing of ABC widget devices“, whereas the original manufacturer’s certificate scope would be something like, “The design and manufacture of…”.  As a general rule, the OEM, rather than the contract manufacturer, is ultimately accountable and responsible for design and development in this kind of scenario.

 

But if the contractor performs / leads any design and development operations, then that could trigger the need for design to be included in its QMS and certificate depending on the nature of those operations.  In such cases, different ISO registrars might have varying interpretations about how they want the certificate scope statement to read; accordingly, consulting the particular ISO registrar(s) involved is a good idea in my opinion regarding borderline scenarios.

Continue Reading

EU MDR Transitional Extension Regulation (EU) 2023/607 and Expired MDD/AIMDD Certificates

Posted by Kevin Randall In CE Mark, EU MDR, EU Regulation 2023/607 0 comment

March 27, 2023

EU MDR Transitional Extension Regulation (EU) 2023/607 and Previously-Expired MDD/AIMDD Certificates

 

Even if an MDD/AIMDD certificate from 25 May 2017 expired before Regulation (EU) 2023/607’s March 15 (20?), 2023 entry into force, and as long as it wasn’t “withdrawn” for cause (e.g., see EU MDR Annex IX.3.7), then placing on the market may continue provided that either a) the manufacturer and an EU MDR notified body had, prior to MDD/AIMDD certificate expiry, executed a written agreement (contract) formalizing (among other things) the parties’ mutual intentions for EU MDR conformity assessment later in due course, or b) the manufacturer has received an exception from the CA under either EU MDR Article 59(1) or Article 97(1). (On that note, I don’t believe Article 97 offers a way for the manufacturer to apply for the Article 97 exception; instead, Article 97 is a market surveillance-driven mechanism initiated/driven by notified bodies and competent authorities.  Accordingly, I’d say that Article 59(1) is the proper route if a manufacturer wishes to actually apply/lobby for an exception apart from an Article 97 for-cause scenario.)

 

Additional immediate conditions for continuing to place such expired-MDD/AIMDD certificate devices on the Union market are:

 

  • those devices continue to comply with Directive 90/385/EEC or Directive 93/42/EEC, as applicable,

 

  • there are no significant changes in the design and intended purpose,

 

  • the devices do not present an unacceptable risk to the health or safety of patients, users or other persons, or to other aspects of the protection of public health,

 

  • EU MDR requirements for post-market surveillance, market surveillance, vigilance, registration of economic operators and of devices shall apply in place of the corresponding requirements in Directives 90/385/EEC and 93/42/EEC, and

 

  • the notified body that issued the expired MDD/AIMDD certificate must continue to be responsible for the appropriate surveillance audits unless the manufacturer has agreed with an EU MDR notified body who will instead carry out such surveillance.

 

Finally, as of 26 May 2024, an additional condition will apply, namely that the manufacturer has put in place a quality management system in accordance with Article 10(9).

 

Additional requirements or exceptions to these provisions may apply regarding class III custom-made implantable devices and regarding deadlines for transition of surveillance auditing from the MDD/AIMDD notified body to an EU MDR notified body.

Continue Reading

EU MDR: Who Must Hold the Annex XI Part A Certificate?

Posted by Kevin Randall In CE Mark, EU MDR 0 comment

March 24, 2023

EU MDR: Who Must Hold the Annex XI Part A Certificate?

 

In addition to a production-focused quality management system certificate(s) (e.g., EU Quality Assurance Certificate or EU Product Verification Certificate), the EU MDR Annex XI Part A conformity assessment route requires the “manufacturer“, depending on device class, to also hold an:

 

  • EU Technical Documentation Assessment Certificate (Class IIa devices), or

  • EU Type-Examination Certificate (Class IIb and Class III devices).

 

Even if the “manufacturer” (the one named and identified as such on the device label) has outsourced the fabrication process to a contract manufacturing site, it still remains the obligation of the “manufacturer” to obtain and maintain the EU Technical Documentation Assessment Certificate (Class IIa devices) or EU Type-Examination Certificate (Class IIb and Class III devices).  Such a contract manufacturer is not required to hold its own EU Technical Documentation Assessment Certificate (Class IIa devices) or EU Type-Examination Certificate.

Continue Reading

Regulatory Misconduct Allegations

Posted by Kevin Randall In EU MDR, FDA, Regulatory 0 comment

March 23, 2023

Regulatory Misconduct Allegations

 

Making unsubstantiated claims about one’s device, promoting off-label uses, and selling medical devices with uncleared/unapproved features are examples of what the U.S. FDA calls “regulatory misconduct”.  Specifically, regulatory misconduct is when a medical device manufacturer or other individuals marketing medical devices are doing so in a manner that violates the law.  The U.S. FDA has a mechanism for receiving complaints (allegations) of such misconduct.  I’ve lodged such complaints on behalf of clients, or helped them do so themselves.  Here’s an FDA webpage about how to formally lodge an allegation of regulatory misconduct.

 

In the end, FDA’s intervention (if any comes at all) will be driven commensurate with risk amidst FDA’s strained resources.  It seems that only in the riskiest of situations will FDA react swiftly; otherwise my experience is that FDA might just move the alleged violative firm higher in FDA’s routine inspection queue, or it may even seem that nothing has been done at all… Transparency from the FDA to know exactly what FDA has been done is still governed by the FOIA, so the process is one that takes time.  Further details on these dynamics are included in the foregoing link.

 

Regarding reporting to European Competent Authorities (CA), I suggest contacting the affected medical device CA(s) for direction on how each would have you report allegations of regulatory misconduct.

Continue Reading

EU IVDR Accessory Definition Triggered for an Optional Item?

Posted by Kevin Randall In Accessories, EU IVDR 0 comment

March 22, 2023

EU IVDR Accessory Definition Triggered for an Optional Item?

 

Per Europe’s IVDR, the definition of accessory for an in vitro diagnostic device’ [Article 2(4)] is definitely not invoked when the potential accessory (e.g., a barcode scanner) is an optional add-on module or peripheral.  Nor is the ‘accessory’ category triggered if the potential accessory isn’t essential to the basic functionality of a class A IVD instrument.  And conversely, nor is the accessory categorization nullified if the accessory is necessary for the IVD’s basic operation.    Instead, it is the opposite.

 

Specifically, Article 2(4) establishes that ‘accessory for an in vitro diagnostic medical device’ means an article which, whilst not being itself an in vitro diagnostic medical device, is intended by its manufacturer to be used together with one or several particular in vitro diagnostic medical device(s) to specifically enable the in vitro diagnostic medical device(s) to be used in accordance with its/their intended purpose(s) or to specifically and directly assist the medical functionality of the in vitro diagnostic medical device(s) in terms of its/their intended purpose(s).

 

Accordingly, if your intended purpose [i.e., Article 2(12), i.e., your labeled purpose] is that the potential accessory is to function in accordance with the Article 2(4) parameters, then it’s an accessory to the IVD.  You should stick closely to the Article 2(4) definition rather than alternative definitions.

 

Continue Reading

Biological Evaluation for Reusable Devices: Shelf Life vs. Expected Life

Posted by Kevin Randall In Biocompatibility, Biological Evaluation, Design & Development, Design Control 0 comment

March 22, 2023

Biological Evaluation for Reusable Devices: Shelf Life vs. Expected Life

 

Biological evaluation for reusable devices may reasonably not be focused on “shelf life”. The heart of this question hinges first on general medical device principles regarding shelf life (or lack thereof) vs. stability over the device’s lifetime.  Much can be said about that, so I won’t go too far down the rabbit hole about that here unless otherwise requested.  But in summary, it has been established that not all medical devices have, or need, a shelf life. Yet all devices have a life-cycle within which there is an “expected life” (U.S. FDA), lifetime (ISO 13485, ISO/TN 24971), expected lifetime (EU MDR), etc.

 

Accordingly, I don’t believe that ISO 10993-1:2018 clause 4.7 (“The biological safety of a medical device shall be evaluated by the manufacturer over the whole life-cycle of a medical device.“) means that shelf life is an important point of biological evaluation for any medical device.  Instead, the device’s shelf life is germane only if the device has a shelf life.

 

For example, reusable devices oftentimes don’t have or need a shelf life, but instead will always have an expected useful life.  Accordingly, clause 4.7 certainly requires understanding of the biological safety throughout a labeled shelf life if any such shelf life there may be.  But ultimately, for a reusable device, the main focus is generally on biological evaluation representative of the reusable device’s expected useful life, which factors in stability considerations such as material aging, response to reprocessing, etc.  For example, ISO 10993-1:2018 states that if a medical device is intended to change during its lifetime, then the evaluation shall consider all the different device states.  I would expand that to whenever the medical device does/can change during its lifetime.

Continue Reading

Nonconforming Expiration Date

Posted by Kevin Randall In Uncategorized 0 comment

March 22, 2023

Nonconforming Expiration Date

 

In short, if erroneous / outdated / violative / incorrect expiry date (or other related data on the label) are within reasonable risk acceptance criteria (safety, performance, regulatory), then such product can be accepted as-is and left alone.  But if the risk acceptance criteria are exceeded, then corrective measures are needed to eliminate the nonconformity.  Such corrective measures would typically include relabeling and/or removal/recall.

Continue Reading

EU MDR Classification of Accessories – “In Their Own Right”

Posted by Kevin Randall In Accessories, EU MDR 0 comment

March 22, 2023

 

EU MDR Classification of Accessories – “In Their Own Right”

 

As noted previously, pursuant to EU MDR Article 1 paragraphs 1 and 4, and particularly EU MDR Annex VIII.3.2, accessories for a medical device shall be classified in their own right separately from the device with which they are used.  But I received a question wondering whether an accessory’s tangential appearance in the Annex VIII classification rules alongside a parent device means that such accessory isn’t actually classified in its own right.

 

I interpret “classified in their own right” and “classified separately from the device with which they are used” to mean classified based on their own intrinsic characteristics rather than the parent device’s.  In practice, this means that the classification rules are to be applied to, and stand on their own regarding, accessories. For example, consistent with that, Rule 8 prescribes that, if an accessory is for an active implantable device, then the accessory is class III.  The fact that Class III is also the class given by this rule to the active implantable parent device doesn’t in my humble opinion undermine, or undo, or conflict with, or create an exception to, the Commission’s aforesaid implementing rule requiring that accessories be classified separately from the device with which they are used. The classification rules still stand on their own regarding accessories even if a rule happens to simultaneously address the classification of a parent device and its related accessories.

Continue Reading

Problem Containment Actions for Controlling Regulatory Impact

Posted by Kevin Randall In FDA QMS, ISO 13485, Regulatory, Risk Management 0 comment

March 21, 2023

Problem Containment Actions for Controlling Regulatory Impact

 

Today I received a question wrestling with the fact that problem containment actions tend to primarily focus on product containment and patient impact/risk, while not so much on containment actions aimed at controlling regulatory risk.  This reminds me of ISO 13485’s deliberate distinction between risks involving device safety/performance as differentiated from risks related to meeting applicable regulatory requirements.

 

Indeed, there’s not much available in terms of a standardized approach to managing regulatory risk.  For example, ISO 13485 and its creator ISO/TC 210 don’t (as far as I know) elaborate further on the distinction.  Likewise, ISO 14971 (as amended) and ISO/TR 24971 (as amended) are also short on this notion except regarding where the regulatory requirements are tethered to product safety, which only drives us back to the first aforementioned ISO 13485 arm of risk.

 

To help fill in the gaps, here are some examples of correction/containment steps to consider that involve regulatory risk:

 

  • Marketed device recall notices and agency notifications associated with device corrections/containment/removal.

 

  • Stock recovery (a regulatory concept patterned from the U.S. FDA).

 

  • Invalidation of pending or existing marketing authorizations.

 

  • Invalidation of existing clinical investigations, clinical data/results, or other design/developmental data that were collected for what is now an outdated / unrepresentative version of the developmental device.

 

  • Adverse event reporting if somehow not already done for the instance.

 

There could be others too. If one were to try and formalize consideration of such regulatory impacts, then that should be done via supplementing the organization’s procedures for correction/containment, for premarket regulatory authorizations, for recalls, for design/development, etc., with appropriate handshakes back and forth between them.

Continue Reading

EU MDR Notified Body Demanding Use of Harmonized Standards

Posted by Kevin Randall In EU MDR, Harmonized Standards, Standards 0 comment

March 21, 2023

 

EU MDR Notified Body Demanding Use of Harmonized Standards

 

Your notified body seems to be employing a classic infamous misuse of harmonized standards for the MDD and/or EU MDR.  I generally advise our clients to respectfully, carefully, and legislatively, push back on such misuse.  But without seeing the full details of the nonconformity and of your particular case, it is not possible to say for sure whether such push back is for certain appropriate for your scenario.

 

In general, much has been said, for example here, regarding use of harmonized vs. non-harmonized standards. So I won’t say much more about that in this current post unless further questions are raised.  See also MDCG 2021-5 for the latest-and-greatest interpretations about this, such as the MDCG’s ultimate summation that, “...in general the use of harmonized standards is voluntary.”

 

The real legislative requirement (see for example in my prior post and in MDCG 2021-5) is for us to take into account the generally acknowledged state of the art.  That obligation is generally the same regardless of whether we are talking about the MDD or the EU MDR. Accordingly, any conformity solution should be anchored by that endeavor, especially in times like these where, so often, an updated harmonized standard isn’t yet available for a given EU MDR GSPR.  Our ultimate legislative requirement is to show conformity with the applicable GSPR, not with a harmonized standard(s).  Yet notified bodies still try to assert that harmonized standards are required.  They do that either because the notified body doesn’t understand the legislation or because it makes their job easier.

 

On that note, while it might be helpful to provide a notified body a gap analysis between your conformity solution and a harmonized standard, it remains true that lack of such a gap assessment is not a valid reason for a nonconformity.  In general, the most that is appropriate for a notified body to do is request such a gap analysis as a matter of convenience for the notified body (notwithstanding the possibility of an overreaching clause in your business contract with the notified body).  Such a gap assessment is not legislatively required and thus shouldn’t be lodged as a technical documentation nonconformity; instead, the legislation leaves us wide latitude in how we show conformity.

 

Another scenario I’ve heard about is a notified body’s request for a comparison between the GSPR conformity solution applied compared to an MDD harmonized standard.  Specifically, EU MDR conformity isn’t based on evolutionary comparison, or any other comparison, to the MDD, its Essential Requirements (ER), or standards that were harmonized for use with the MDD.  Instead, EU MDR conformity is based on showing conformity to the EU MDR and its GSPR.  Indeed, the MDD ER or harmonized standards aren’t required to be raised at all in an EU MDR technical documentation review unless the manufacturer has formally mandated itself to such an approach, like via a corresponding QMS document or regulatory strategy.

 

These are some dynamic variables that might play into your particular scenario.  You might want to consider seeking some expert assistance to be sure your next steps are the right ones.  In any event, hopefully the legislative bottom lines noted in this post will be helpful for you if you are formulating a response to such notified body gestures.

Continue Reading
© Compliance Acuity. Website by Modernize My Site
This website uses GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Search
Generic filters
Exact matches only
* Type a keyword then press Enter