April 24, 2023

“Declaration of Conformity” vs. “Certification of Conformity”

There are different kinds of declarations and certifications germane to the medical devices sector.  And there is a proper distinction to be made between “declaration” and “certification”.  I give my further interpretations about that herein.

Ultimately, the precise context of each given scenario bears significantly on which vernacular is appropriate.  But also one’s real-world tolerance (or lack thereof) for longstanding entrenched tradition, vs. the strictest proper interpretation of these matters.  Indeed, this discussion reveals yet another example where there is tension between formally-established terminology vs. longstanding practice.  It can certainly be argued that the terminology like Certification of Conformity (CoC), Certification of Analysis (CoA), etc., isn’t the most correct language. On the other hand, it can also be argued that the CoC/CoA terminology isn’t wrong either.  Complicating the issue is that many organizations and agencies alike have organically woven the CoC/CoA terms into their paradigms.

For example, my experience is that the creation of such CoA/CoC by medical device manufacturers/suppliers is similar to analogous precedents from the pharmaceutical GMP sector like those modeled in the EMA Guideline on batch certification and in the EU GMP Guide Parts I & II.  This would not be the first time that I’ve seen pharma GMP concepts adapted into the medical device GMP sector.  Some more organic medical device precedents include those from the IMDRF (formerly the GHTF) and ISO/TC 210, who both acknowledge the use of the CoA/CoC vernacular.  For example ISO/TC 210’s guidance about the benefit of CoA/CoC for component (whether in-house or outsourced) traceability.

I think an insightful reference echoing (maybe even giving rise to) this terminology dilemma is ISO / EN ISO 17000 (as amended, and as applicable, covering vocabulary and principles, hereinafter “ISO 17000”).  Specifically, it fundamentally establishes the terms

• “attestation” (i.e., a statement, based on a decision following review, that fulfilment of specified requirements has been demonstrated [emphasis added]),

• “statement of conformity” (a generic expression used to include all means of communicating that fulfilment of specified requirements has been demonstrated, and conveying assurance that the specified requirements have been fulfilled [emphasis added]), and

• “first-party attestation” (e.g., by a device manufacturer).

All of these, in my opinion, correlate with the CoA/CoC concepts.  For example, ISO 17000 says that, “…Instead of “assurance of conformity”, the term “attestation” is used…” [emphasis added].  Then the standard goes on to clarify that “declaration” is first-party attestation, while “certification” (e.g., notified body type test certification; other agency electrical safety testing certification, etc.) is a third-party attestation (thus bridging us over to the aforesaid ISO 17050-1 “declaration”).

So, the longstanding “CoA” / “CoC” terms don’t exactly fit nicely with these ISO 17000 terms.  Yet they aren’t exactly wrong either (in my opinion).  Because of this, and of the entrenched precedents for the “CoA” / “CoC” terminology (indeed, time and time again, I’ve seen organizations into whose operating infrastructure these terms are deeply woven, such that we’d be clanging gongs to try and strike down that language), I’m not ready to abandon/retire those terms just yet.   But when it becomes time to do that, I agree that the most standardized proper term is “declaration”.