Posts Tagged Design controls

10 Steps to Implementing Design Controls

waterfall fda 10 Steps to Implementing Design Controls

The author describes 10 steps to implementing design controls, including design plans, design inputs, design review, verification protocols and risk management.

The diagram above is called the “Application of Design Controls to Waterfall Design Process.” This diagram was introduced by the FDA in 1997 in a design controls guidance document ( However, the original source of the diagram was Health Canada.

This diagram is one of the first slides I use for every design controls course that I teach, because the diagram visually displays the design controls process ( The design controls process, defined by Health Canada and the US FDA, is equivalent to the design and development section found in ISO 13485 and ISO 9001 (i.e., – Clause 7.3). There are seven sub-clauses that comprise the requirements of these ISO Standards:

  • 7.3.1 – Design Planning
  • 7.3.2 – Design Inputs
  • 7.3.3 – Design Outputs
  • 7.3.4 – Design Reviews
  • 7.3.5 – Design Verification
  •  7.3.6 – Design Validation
  • 7.3.7 – Design Changes

In addition to the seven sub-clauses found in these ISO Standards, the FDA Quality System Regulation (QSR) also includes additional requirements in the following sub-sections of 21 CFR 820.30: a) general, h) design transfer, and J) Design History File (DHF).

Design Controls: A Complex Process

Even though the requirement for Design Controls has been in place for 16 years, there are still far too many design teams that struggle with understanding these requirements. Medical device regulations are complex, but design controls are the most complex process in any quality system. The reason for this is that each of the seven sub-clauses represents a mini-process that is equivalent in complexity to CAPA root cause analysis. In fact, many companies choose to create a separate work instruction for each sub-clause.

Medical Device Academy’s training philosophy is to distill processes down to discrete steps that can be absorbed and implemented quickly. We use independent forms to support each step, and develop training courses with practical examples, instead of writing a detailed procedure(s). The approach we teach ( removes complexity from your procedure. Instead, we rely upon the structure of step-by-step forms completed at each stage of the design process.

10 Ways to Implement Design Controls

Design plans are just a plan. You can and should change that plan. In fact, this is stated in both Clause 7.3.1 of the ISO Standards, and in Section 21 CFR 820.30b of the FDA QSR. You can make your plan as detailed as you need to, but I recommend starting simple and adding detail. Your first version of a design plan should include the following 16 tasks: 

Identification of the regulatory pathway-based upon the device risk classification and applicable harmonized standards. 

Development of a risk management plan

Approval of your design plan (1st design review) 

Initial hazard identification

Documentation and approval of design inputs (2nd design review) 

Risk control option analysis

Reiterative development of the product design

Risk analysis 

Documentation and approval of design outputs (3rd design review) 

Design verification and validation, and risk control verification 

Clinical evaluation and risk/benefit analysis

Development of post-market surveillance plan with post-market risk management plan

Development of a draft Device Master Record(DMR) /TF Index

Commercial release (4th and final design review)

Regulatory approval and closure of the Design History File (DHF

Review lessons learned and initiate actions to improve the design process 

2. Design inputs need to be requirements verified through the use of a verification protocol. If you identify external standards for each design input, you will have an easier time completing the verification activities, because verification tests will be easier to identify. Medical Device Academy has written more on this topic in a previous blog posting ( 

3. Design outputs are drawings and specifications. Ensure you keep them updated and control the changes. When you finally approve the design, this is the “design freeze.” 

4. Design reviews should have defined deliverables. I recommend designing a form for documenting the design review which clearly identifies the deliverables for each design review. The form should also define the minimum required attendees by function. Other design review attendees should be identified as optional—rather than required reviewers and approvers. If your design review process requires too many people, this will have a long-term impact upon review and approval of design changes. 

5. Design verification protocols should be standardized, instead of being project-specific. Information regarding traceability to lots, calibrated equipment ID and test methods should be included as a variable that is entered manually into a blank space when the protocol is executed. The philosophy behind this approach is to create a protocol once and repeat it forever. This results in a verification process that is consistent and predicable, but it also eliminates the need for review and approval of the protocol for each new project. 

6. Design validation should be more than bench testing. Ensure that animal models, simulated anatomical models, finite element analysis and human clinical studies are considered. 

7. Design transfer is not a single event in time. Transfer begins with release of your first drawing, or specification to purchasing, and ends with commercial release of the product. 

8. Do not keep the DHF open after commercial release. All changes after that point should be under production controls, and changes should be documented in the (DMR)/Technical File (TF). 

9. Your DMR Index should perform a dual function of also meeting technical documentation requirements for other counties, such as Canada and Europe. 

10. Audit your design control process ( to identify opportunities for improvement and preventive actions. Audits should include a review of the design process metrics, and you may consider establishing quality objectives for improvement of the design process. This last step, and the standardization of design verification protocols in step five (5), are discuss in further detail in another blog by Medical Device Academy ( 

If you are interested in design control training, Rob Packard will be teaching an audio seminar hosted by FX Conferences on October 15, 2013 (

  1. Please Join us on Social Medialinkedin 1 10 Steps to Implementing Design Controlsgoogleplus 10 Steps to Implementing Design Controlstwitter 10 Steps to Implementing Design Controls

Posted in: Design Control

Leave a Comment (5) →

7 Steps to Auditing Design Controls Using the ISO 13485 Standard

This blog reviews seven steps to effectively auditing design controls utilizing the ISO 13485 standard.

Third- party auditors (i.e., – a Notified Body Auditor) don’t always practice what we preach. I know this may come as a huge shock to everyone, but sometimes we don’t use the process approach. Auditing design controls is a good example of my own failure to follow was it true and pure. Instead, I use NB-MED 2.5.1/rec 5 as a checklist, and I sample Technical Files to identify any weaknesses. The reason I do this is that I want to provide as much value to the auditing client as possible without falling behind in my audit schedule.

Often, I would sample a new Technical File for a new product family that had not been sampled by the Technical Reviewer yet. My reason for doing this is that I could often find elements that are missing from the Technical File before the Technical Reviewer saw the file. This gives the client an opportunity to fix the deficiency before submission and potentially shortens the approval process. Since NB-MED documents are guidance documents, I could not write the client up for a nonconformity, unless they were missing a required element of the M5 version of the MDD (93/42/EEC as modified by 2007/47/EC). This is skirting the edge of consulting for a third- party reviewer, but I found it was a 100% objective way to review Technical Files. I also found I could review an entire Technical File in about an hour.

So what’s wrong with this approach?

This approach only tells you if the elements of a Technical File are present, but it doesn’t really evaluate the design process. Therefore, I supplemented my element approach with a process audit of the design change process by picking a few recent design changes that I felt were high risk issues. During the process audit of the design change process, I sampled the review of  risk management documentation, any associated process validation documentation and the actual design change approval records. If I had time, I looked for the following types of changes: 1) vendor change, 2) specification change, and 3) process change. By doing this, I covered the following clauses: 7.4 (purchasing), 7.3.7 (design changes), 7.5.2 (process validation), 7.1 (risk management) and 4.2.4 (control of records).

So what is my bastardized process approach to auditing design controls missing? Clauses 7.3.1 through 7.3.6 of ISO 13485 are missing. These clauses are the core of the design and development process. To address this, I would like to suggest the following process approach:

Step 1: Identify the process owner and interview them. Do this in their office–not in the conference room. Get your answers for steps 2-7 directly from them. Ask lots of open-ended questions to prevent “yes/no” responses.

Step 2: Identify how design projects are initiated. Look for a record of a meeting where various design projects were vetted and approved for internal funding. These are inputs into the design process. There should be evidence of customer focus, and some examples of corrective actions taken based upon complaints or service trend analysis. Step 3: Identify where Design History Files (DHF) are stored physically or electronically, and determine how the DHF is updated as the design projects progress.

Step 4: This is typically the step of a process audit where there auditor needs to identify “what resources” are used in the process. However, only companies that have software systems for design controls have resources dedicated to Design and Development. I have indicated this in the following “Turtle Diagram.”

%name 7 Steps to Auditing Design Controls Using the ISO 13485 Standard

“With What Resources” is typically not applicable, because most companies do not have electronic design history files.

Step 5: Identify which people are assigned to the design team for a design project. Sometimes companies assign very large teams. In this case, the auditor should focus on the team members that must review and approve design inputs (see Clause 7.3.2) and design outputs (see Clause 7.3.3). All of these team members should have training records for Design Control procedures and Risk Management procedures.

Step 6: Identify procedures and forms that define the Design and Development process. Do not read and review these procedures. Auditors never have the time to do this. Instead, ask the process owner to identify specific procedures or clauses within procedures where clauses in the ISO Standard are addressed. If the process owner knows exactly where to find what you are looking for, they’re training was effective, or they may have written the procedure(s). If the process owner has trouble locating the clauses you are requesting, spend more time sampling training records.

Step 7: Ask the process owner to identify some metrics or quality objectives they are using to monitor and improve the design and development process. This is a struggle for many process owners–not just design. If there are any metrics that are not performing up to expectations, there should be evidence of actions being taken to address this. If there are no metrics being tracked by the process owner, you might review schedule compliance.

Many design projects are behind schedule and therefore this is an important metric for most companies. Now that you have completed your “Turtle Diagram”, if you have more time to audit the design process, you can interview team members to review their role in the design process. You could also sample specific Technical Files as I indicated above. If you are performing a thorough internal audit, I recommend doing both.

Posted in: Design Control

Leave a Comment (0) →

Get every new post on this blog delivered to your Inbox.

Join other followers:

Simple Share Buttons
Simple Share Buttons