March 21, 2023

Problem Containment Actions for Controlling Regulatory Impact

Today I received a question wrestling with the fact that problem containment actions tend to primarily focus on product containment and patient impact/risk, while not so much on containment actions aimed at controlling regulatory risk.  This reminds me of ISO 13485’s deliberate distinction between risks involving device safety/performance as differentiated from risks related to meeting applicable regulatory requirements.

Indeed, there’s not much available in terms of a standardized approach to managing regulatory risk.  For example, ISO 13485 and its creator ISO/TC 210 don’t (as far as I know) elaborate further on the distinction.  Likewise, ISO 14971 (as amended) and ISO/TR 24971 (as amended) are also short on this notion except regarding where the regulatory requirements are tethered to product safety, which only drives us back to the first aforementioned ISO 13485 arm of risk.

To help fill in the gaps, here are some examples of correction/containment steps to consider that involve regulatory risk:

• Marketed device recall notices and agency notifications associated with device corrections/containment/removal.

• Stock recovery (a regulatory concept patterned from the U.S. FDA).

• Invalidation of pending or existing marketing authorizations.

• Invalidation of existing clinical investigations, clinical data/results, or other design/developmental data that were collected for what is now an outdated / unrepresentative version of the developmental device.

• Adverse event reporting if somehow not already done for the instance.

There could be others too. If one were to try and formalize consideration of such regulatory impacts, then that should be done via supplementing the organization’s procedures for correction/containment, for premarket regulatory authorizations, for recalls, for design/development, etc., with appropriate handshakes back and forth between them.