Procedure Review and Approval – Management Review SOP

This procedure case study describes an error-proof method for procedure review and approval of quality system procedures.

Procedure review of Management Review SOP 1024x661 Procedure Review and Approval   Management Review SOP

My first training in procedure review

The first time I was formally trained on how to conduct a procedure review was during a lead auditor course. I thought the topic of procedure review seemed out of place, but as I audited more companies, I realized that missing regulatory requirements in a procedure are quite common. Regardless of who reviews a procedure, or how many times it is reviewed, something is always missed. Unfortunately, a desktop audit of procedures is not an effective corrective action or verification method. Auditing procedures is an ineffective method for reviewing procedures because audits are limited by sampling.

A better approach to procedure review than auditing

Instead of random sampling, a systematic review of 100% of regulatory requirements is needed to ensure that none of the regulatory requirements are accidentally omitted. Systematically reviewing regulatory requirements for each country your company is selling in is tedious at best. You need a tool to make the reviewing process error-proof and straightforward. You also need each procedure reviewer to have a defined function to eliminate the duplication of work.

Procedure reviewer and approver roles

There are 3-5 reviewers of procedures in most companies. Some companies make the mistake of having as many as 8-10 reviewers of procedures, but more is not better. There are four primary roles for procedure review, but you could have as few as two people approving most procedures:

  1. process owner (must review and approve)
  2. quality management (must review and approve)
  3. regulatory (must review, but optional approver)
  4. independent (optional review, but not an approver)

You are not required to have all four of these reviewer roles, but including these four roles in your document control process is a best practice. Differentiating between reviewers and approvers should also be considered in your document control procedure. The only documents we recommend top management be a reviewer and approver of are:

  • Quality Policy
  • Risk Management Policy
  • Quality Manual
  • Management Review Procedure

Procedure approval for Management Review SOP 1024x171 Procedure Review and Approval   Management Review SOP

The reason for top management reviewing these four documents is because top management has a regulatory responsibility related to each of these documents.

Process owner role

The process owner is the owner of the procedure for that process. Therefore, the process owner needs to approve that procedure. It would make no sense to own a process without the ability to approve changes. The process owner may also be the procedure author, but we don’t recommend it. Editing someone else’s work is more effective than editing your own work. Instead, we recommend that the process owner delegate the responsibility for writing and updating procedures to a subordinate who performs the procedure. Then, the process owner is responsible for reviewing and approving the procedure.

Quality management role

The quality management person needs responsibility for reviewing and approving all procedures because this person is responsible for the entire quality system. They need to make sure the procedure is accurate in the context of the entire quality system. The quality management person is the best person to review interactions with other processes. For example, the management review process has twelve required inputs (i.e., ISO 13485, Clause 5.6.2A-L). Each of those inputs comes from another process and procedure. It is essential to ensure that if you are reviewing the complaint handling procedure, somewhere in that procedure, it should state that the monitoring and measuring of complaint trends should be input into the management review process.

Regulatory role

Usually, the regulatory person is responsible for verifying that a procedure meets 100% of the regulatory requirements. This person should verify that the scope of the procedure identifies the relevant markets. If there are references to documents of external origin, the regulatory person should verify that these references are accurate. The best way to do this is by performing a gap analysis. Sometimes the quality management role and the regulatory role are combined in a small company, but larger companies will keep these roles separate. Just because the regulatory person performs a gap analysis as a reviewer, that doesn’t automatically translate to the need for approval of the procedure. We recommend making the decision on whether a regulatory person should approve a procedure based on whether the procedure has specific regulatory requirements (e.g., annual registration or regulatory reporting).

Independent reviewer role

Finally, the independent reviewer is looking for two things:

  1. Does the procedure make sense–to someone who performs the procedure (if that person was not the author); and to an external auditor, such as a certification body (internal auditors can fill this role)?
  2. Are there typos, spelling, or grammar mistakes?

The independent reviewer does not need to be a manager. It needs to be someone who writes well. Editing is tedious, but apparent mistakes in spelling or grammar prompt auditors to review procedures more carefully. If available, we recommend asking an internal auditor to be the independent reviewer. Depending upon the experience of the independent reviewer with regard to performing a gap analysis, the person with regulatory responsibility may delegate the task of gap analysis to independent reviewers. This role can also be satisfied by a consultant with technical writing ability. Medical Device Academy’s resident expert at this is Matthew Walker.

Procedure case study – The most common auditor findings

The two most common reasons for audit findings are:

  1. the procedure is not being followed, and
  2. a regulatory requirement is missing from your procedure.

Not following the procedure

The first problem is the most common reason for audit nonconformity, as companies include requirements in the procedure that are not regulatory requirements. Auditors look for objective requirements to audit. Therefore, if you include objective requirements in your procedure an auditor is more likely to select those requirements to sample than subjective requirements–even if the requirement is not a regulatory requirement. This is one of the reasons we recommend having processing owners review and edit procedures. If you purchase a procedure, it’s important for the person who will be performing the procedure to carefully review the procedure to ensure it matches how they intend to perform that process. If it’s a manufacturing procedure, we recommend training personnel with a draft procedure and handing out red pens. That also dramatically reduces complaints from the people who do the work.

Regulatory requirements missing

For regulatory requirements, your regulatory reviewer needs to create a checklist that includes 100% of the requirements for that procedure. This approach is called a gap analysis. The model for gap analysis documentation we like to follow is the General Safety and Performance Requirement (GSPR) Checklist used for technical documentation (i.e., for CE Marking). There are 23 GSPRs in the MDR and 20 GSPRs in the IVDR. Most of the GSPR requirements have multiple subparts. The regulatory person who completes the GSPR Checklist must indicate the following information next to the applicable requirement in the checklist table:

  • yes, the requirement applicable or justification if it’s not applicable
  • a reference to any applicable standards
  • a cross-reference to the record where evidence of meeting the requirement can be found (e.g., the risk management file)

Regulatory personnel can revise this approach slightly by doing the following for the review of procedures:

  • yes, the requirement applicable or justification if it’s not applicable
  • a reference to the applicable specific sub-clause in a Standard or a regulation
  • a cross-reference to the subsection of the procedure where evidence of meeting the requirement can be found (e.g., section 5.1 of the SYS-003)

Procedure Case Study of the Management Review Procedure (SYS-003)

In Medical Device Academy’s Management Review Procedure, Section 8 is the “procedure section.” Sub-section 8.3 of the procedure lists all the required inputs for a Management Review meeting. Next to each input, we included a cross-reference to the sub-clause in ISO 13485:2016 for the Management Review input.

Screenshot 2024 09 08 4.16.29 PM Procedure Review and Approval   Management Review SOP

There is also a requirement in ISO 13485:2016 for conducting Management Reviews at scheduled intervals. This requirement is met by sub-section 8.1 of the Management Review procedure. We used the same approach to identify and cross-reference to this requirement.

Screenshot 2024 09 08 4.26.10 PM 1024x87 Procedure Review and Approval   Management Review SOP

Teaching auditors by performing your own procedure case study

Now, when we teach our Lead Auditor Course, we ask attendees to split into small groups to review a procedure–one procedure for each group. In one of the companies where we did this, each of the four teams found a regulatory requirement that was missing from the procedures they were reviewing. All four procedures the teams selected were already reviewed, approved, and currently in use at the time of the auditor training. The four teams created their own procedure case study to demonstrate the importance of reviewing procedures for regulatory requirements.

Management Review Procedure & Webinar – Free Download

Procedure Review and Approval – Management Review SOP Read More »

Instructor engagement is the secret to training effectiveness

The author discusses his personal experience with quality and regulatory training and shares his secrets for better instructor engagement.

What is instructor engagement?

Instructor engagement is a term that describes actions taken by the instructor to involve their class, whether the training is on-line or in person. Instructor engagement includes six basic elements:

  1. Training content and format
  2. Verbal communication
  3. Non-verbal communication
  4. Training environment
  5. Audience
  6. Audience involvement

Any one of the above six elements can ruin a training class, but a great instructor can compensate for weaknesses in any one area by taking advantage of the other elements.

To be successful, you need to hook your audience in the first ten seconds

It is crucial to engage your audience in the first ten seconds. When the audience is live, if you don’t engage them immediately they will find something on their phone to distract them. If the audience is on-line, they will swipe to the next video in their feed. Toastmasters suggests beginning your presentation by using one of five methods for hooking your audience:

  1. Tell a story
  2. Make a bold statement
  3. Ask a question
  4. Get the audience to laugh
  5. Ask the audience to visualize something

toastmasters speech Instructor engagement is the secret to training effectiveness

Consequences of poor engagement

If an instructor does not engage students, the best case scenario is that the training will not be effective. In other words, the class will not learn the material being taught or they will retain the information for less than 24 hours. For the student, their time and money was wasted. For the instructor, they will feel exhausted at the end of the training and they will have trouble finding future training jobs.

Results of good instructor engagement

If a class is engaged in training they will learn the material, retain the information in their long-term memory, and the will recommend the instructor to other people that are interested in learning about the topic. For the student, their time and money was well spent. For the instructor, they will feel energized at the end of the training and students will come up to them at the end of the training asking for a business card and to discuss future training opportunities.

Where can you find an examples of good and bad instructor engagement?

When I first wrote a blog on this topic it was 2012 and there were very few blogs and almost no videos dedicated to quality systems or regulatory affairs. Twelve years later, almost nobody reads blogs and there are multiple competitors that publish new videos weekly. The primary channel for watching videos is YouTube, but YouTubers are simultaneously live-streaming on YouTube, LinkedIn, and Facebook.  These channels are the best place to find examples of good and bad instructor engagement. You will probably have a strong opinion about the quality of the speaker in the first ten seconds, but the algorithms that guide your surfing of these platforms will automatically steer your viewing to the best videos. These videos are not considered to be the best solely on content and format. The amount of audience engagement is the biggest driver. The algorithm recommends videos based upon the percentage of audience retention, the number of comments by viewers, and the number of people that share the link to your video.

Why doesn’t Dr. Shulman’s video rank higher in the algorithm?

The video I embedded in this post has only 554 views currently, but it has been posted on YouTube almost six years. Why doesn’t this video rank higher and get recommended by YouTube to more people? Because there is no involvement of the original audience or the current YouTube audience. Despite the talented speaker and the use of video with clear PPT slides, there are no comments on YouTube. The content and format is good, and the verbal communication is good. However, RAPS has Dr. Shulman standing behind a podium at the event so the non-verbal communication is not as strong as it could be. In addition, large conferences are typically one of the weakest environments for encouraging instructor engagement with the audience. The video could receive much higher rankings if the original audience was involved in the video as well. If the question and answer session were included, that might have helped. RAPS could also improve the video’s performance by adding more details to the description of the video. Finally, the performance of the video is impacted by the number of subscribers to the RAPS YouTube channel and the engagement of those subscribers. To demonstrate this, I will add a comment to the video. That should cause a small increase in engagement and viewers.

How can you improve your internal quality system training?

Anyone can read and understand a procedure, but this is the least effective method of training people. You could also have employees watch a training video, but quality assurance and regulatory affairs are among the most boring topics on planet earth. Most of the training out there is “Blah, blah, blah…” and “Death by PowerPoint.” Instructor engagement for that type of training is poor, and it could get you fired. Don’t read your slides, don’t turn your back on the audience (or they’ll attack), and PLEASE don’t ever ask someone to read the definition of nonconformity out loud to the rest of the group. Inspire and engage the class. You need to get your audience to pay attention, ask questions, and share their own thoughts out loud. For example, instead of using a PowerPoint, try displaying the actual procedure and ask an audience member to find each of the points you are teaching in the procedure. You could even teach them a cool search tool (i.e., CTRL + F) to find the content. You might even adding a symbol to the procedure to help them find those requirements.

Nine ways to improve your own instructor engagement

If you are hiring a consultant to help you with quality and regulatory training, then you certainly want to hire an expert. However, it is more important that the speaker is engaging. Knowing this fact, you could try improving your own presentation skills to achieve higher instructor engagement for a lot less money. I’m six-foot, six inches tall, and I have a loud booming voice. My mother has red hair, and she was an opera singer. I’ve got the voice to fill any auditorium and stage presence to match. But you don’t have to be big, tall, or loud to capture the attention of your audience. Here are my top nine ways to improve instructor engagement:

  1. Practice vocal variety
  2. Move, don’t stay stationary
  3. Ask the audience questions
  4. Use anecdotes, case studies, and stories
  5. Try using props
  6. Take breaks
  7. Plan a surprise
  8. Force feed the audience legal stimulants
  9. Give students homework

What is vocal variety, how does it impact instructor engagement?

Vocal variety is more than just the volume of the speaker. Vocal variety consists of pitch, tone, volume, and pace. Generally I speak too fast and my voice is very loud. Therefore, if I want to emphasize a point I can exercise two changes in my voice to immediately capture the attention of students: 1) speak softly, and 2) speak slowly. Another approach I have used, is to speak slowly and repeat myself, but the most dynamic way to get your audience’s attention is to stop speaking for a few seconds. Silence is powerful.

Many people struggle to understand how to vary their pitch, but they’re overthinking it. When we ask a question, we raise the pitch of our voice slightly at the end. This upward inflexion of our voice signals to listeners that we are asking a question. For example, if you repeat the last one to three words in the other person’s sentence, and you say this with an upward inflection, the listener will perceive that you are asking a question to better understand what they mean. This is much more effective than asking “what do you mean?” For example, if a student in the class says “Is it enough if we perform annual reviews?” As the instructor you can employ the technique of mirroring by asking, “Annual reviews?” This will encourage the other person to elaborate on what they meant by “annual reviews.” This technique ensures that you know what the student meant, and it gives you time to consider what they said before you respond. This is also a strategy recommended by expert negotiators.

Movement is attractive

Most of our brain power is dedicated to processing what we see–not what we hear. Therefore, listeners are more likely to notice when you move. You can jolt your audience awake simply by stepping out from behind a podium or changing your movement pattern (e.g., occasionally moving forward instead of pacing side to side). Movement also includes body language. You can modify your posture, stance, and position in front of the audience to communicate information non-verbally. You can use gestures to communicate non-verbally or you can use facial expressions. For example, if you frown and shrug your shoulders, what does that mean?

Questions are essential for instructor engagement

No matter how smooth and eloquent your voice is, nobody wants to hear only you speak. This is one of the reasons conferences have multiple speakers. However, during a single presentation you can get students to participate and present some of the information by asking them questions. There are a few techniques that help get the audience to speak more. Instead of asking a question to the group as a whole, try pointing to a specific person, ask them their name, and then ask them a question. Second, in order to “break the ice” at the end of your presentation, have some “seed questions” prepared. If you are conducting a webinar, seed questions can be read by you. In a live presentation, you can give a list of seed questions to your host or friends in the audience. Finally, you can also begin your training with a question (i.e., Toastmaster hook #3 above).

Tell a story and make a point

For each teaching point you should consider using an anecdote, case study, or a related story. The audience will want to know how the story ends, and they are more likely to remember the story. If you haven’t conducted more than 1,000 audits, traveled all over the world, or have more than 25 years of experience–don’t despair. You can always interview other people on any topic to get their stories. If you are looking for tips on how to construct a story, Toastmasters comes to my rescue again. Here’s their recommended six-part structure for the Hero’s Journey:

  1. Setup
  2. Inciting incident
  3. Progressive complications
  4. Insight
  5. Climax and resolution
  6. Lesson

What kind of prop can you use for quality and regulatory?

In one of the paragraphs below, I mention a simple prop that you can use for training–product samples. I did this in one of our live-streaming YouTube videos where I explained how to review medical device labeling. But you can use other things in your environment. For example, the first public speaking course I ever had was taught by a man with Polio that used crutches. He used one of his crutches as a prop to demonstrate how he looked over a fence.

How often should you take breaks?

Students cannot maintain a state of alertness and attention indefinitely. Your body naturally cycles between higher and lower alertness every 90 minutes. After 90 minutes it becomes harder to focus and you need to take a break. If you can, splitting 90 minutes into two 45-minute sessions is even better. You can also experiment with two strategies for better instructor engagement: 1) conduct a “pop quiz” after a break to make sure the audience understood the information they were just taught, and 2) don’t be afraid to adjust the breaks slightly to coincide with a change in topic. Changing topics at a break allows you to repeat the most important points three times. The first time when you introduced a topic, the second time when you have concluding remarks at the end of a topic, and a third time after the break when you make sure the audience understood the material you presented before the break.

What kind of surprise will engage your audience?

There are two strategies for using a surprise: 1) promise to surprise them in the future, or 2) don’t tell anyone until you surprise them. The first strategy works best when you are trying to get people to watch until the end of the training. This is commonly used by YouTubers to get people to watch the video until the end. Unfortunately, this backfires because we can fast-forward to the end. I’m not suggesting that you shouldn’t surprise your audience, but the surprise needs to delight your audience. You might also need to surprise and delight your audience more than once. Even then, some of your audience will still nod off and completely ignore you. When this happens, throw a Snickers bar at the offending student.

snickers Instructor engagement is the secret to training effectiveness
This is an essential tool for any instructor. It functions as a tool to prod sleeping students awake, is small enough to cause minimal injury when thrown, serves as an emergency food supply, and is gluten-free.

How to force-feed students legal stimulants

If legal counsel recommends against using projectiles to encourage class participation, you might also consider one of my all-time genius ideas–consuming dangerously large quantities of caffeine. I was scheduled for a two-day course in Ottawa, but the day before I needed to perform an audit in Pennsylvania. My flight was the last flight into Ottawa, which arrived at approximately 1 o’clock in the morning. My arrival was delayed an additional hour in customs by the person in front of me who was trying to smuggle an extra carton of smokes into the country. Just before 4 a.m., my taxi arrived at the Albert at Bay Suite Hotel. The class started at eight in the morning. I made it to class on time, and the excessive consumption of several pots of black coffee helped get me to lunch. Then my legs started getting a little shaky. Fortunately, there was a convenience store next door that sold my favorite chocolate–the Dark Aero bar! After four of these monstrous doses of cacao, and another pot of coffee, I could have listened to the lecture on the Canadian Medical Devices Regulations all night. The only problem is that my hands are still shaking 15 years later.

aero bar Instructor engagement is the secret to training effectiveness
Hershey’s copied them, but the result was a mere shadow of Nestle’s greatness. Canadians know how to make junk food, tell a joke, and play hockey!

Why was the instructor engagement high in Ottawa?

Despite the physical handicap of sleep deprivation, I still learned a ton from my course in Canada. Here’s why:

  1. The instructors were both regulatory experts that were able to share anecdotes, case studies, and stories about real-world application of the Canadian Medical Devices Regulations. One of the instructors even worked for Health Canada.
  2. The audience was hyper-motivated to pass the course, because everyone in the class worked for a Notified Body that had sponsored them to take the course. In order to stay employed and get a raise, I needed to pass that course. If I failed the exam, I had to absorb the cost to travel back to Ottawa and retake the course in February (BRRRR!).
  3. The instructors brought more than a dozen medical devices to the class. These props gave us something to read, touch, and ask questions about. The instructors broke us up into small teams to study the labeling and instructions for use of each device. Even students from Japan, Europe, and Australia were familiar with some of the products. This was critical because we all needed to be able to identify incorrect Canadian labeling.
  4. The best instructor engagement tool used was humor. The instructor from Health Canada was hilarious. He had everyone laughing at his jokes for the entire course. Most of the jokes were not funny enough for a stand-up routine, but this was a mandatory regulatory course on Canadian regulations. Who would even expect a chuckle? Despite the strengths of these instructors, there is only one reason why I know the Canadian Medical Devices Regulations (CMDR), as well as I do. I use them every single week.

When students are forced to do homework, they will pay attention

After completing my CMDR training, I had to audit 162 days for BSI in 2011. Ninety percent of those 162 days were for companies that required a Canadian Medical Device License. This forced me to use the information I learned in the course. I was also consulting for companies at the same time I was auditing for BSI. Consulting clients hired me to prepare and submit the Canadian Medical Device License Applications for them. I also had to create procedures for Canadian Licensing, Incident Reporting, and Recalls. I spent another 60+ days in 2011 doing consulting, which helped me hone my knowledge of Canadian device regulations.

Teaching others will make you a guru

Most people are terrified to speak on any topic–even to a small group of coworkers. However, I believe that teaching others is the secret to becoming a guru on any topic. I was one of BSI’s instructors that taught the regulatory comparison course from 2010 to 2012, which compared the regulations of the USA, Canada, Europe, Australia, and Japan. Therefore, at least once a month, I had a classroom of 6-20 people asking me challenging questions about how to interpret and apply regulations from each of these countries to their products. I used every bit of knowledge I learned in that course in Ottawa, and I started using that knowledge immediately after the course. Peers, clients, and students challenge my knowledge of these topics every day. This is what makes you a subject matter expert. If you need to learn something about quality assurance or regulatory affairs watching a one-hour webinar, reading a blog, taking a five-day course, or shadowing another more experienced person is not enough. In the end, all of the above will get you to the level of barely competent!  If you want to master any topic, you need to practice instructor engagement and use everything you learn for several years.

Instructor engagement is the secret to training effectiveness Read More »

Data Hazards for SaMD and SiMD

What are data hazards?

Data hazards occur when there is missing data, incorrect data, or a delay in data delivery to a database or user interface. This can occur with both software as a medical device (SaMD) and software in a medical device (SiMD). Missing data, incorrect data, and delays in data delivery cannot cause physical harm to a patient or user. Therefore, many medical device and IVD manufacturers state in their risk management file that their device or IVD has low risk or no risk. This is an incorrect software risk analysis because failure to meet software data or database requirements results in a hazardous situation, such as 1) an incorrect diagnosis or treatment, or 2) a delay in diagnosis or treatment. These hazardous situations can compromise the standard of care at best, or at worst, hazardous situations can result in physical harm–including death.

Where do you document these hazards?

Data hazards are documented in your software risk management file, but the data hazards are referenced in multiple documents. Usually data hazards will be referenced in a software hazard identification, the software risk analysis, software verification and validation test cases, and the software risk management report. Security risk assessments will also identify potential data hazards resulting from cybersecurity vulnerabilities that could be exploited.

How do you identify data hazards?

IEC 62304 is completely useless for the purpose of identifying data hazards. In Clause 5.2.2 of the standard for the software life-cycle process, the only examples of data definition and database requirements provided are form, fit, and function. IEC/TIR 80002-1, Guidance on the  application of ISO 14971 to medical device software, is extremely useful. Specifically, in Table B1 the following potential data hazards are identified:

  • Mix-up of Data such as:
    • Associating data with the wrong patient
    • Associating the wrong device/instrument with a patient
    • Associating measurements with the wrong analyte
  • Loss of data resulting from events such as:
    • Connectivity failure or Quality of Service (QoS) issues
    • Incorrect data acquisition timing or sampling rates (i.e., measurement)
    • Capacity limitations during peak loads
    • Missing data fields (i.e., incorrect database configuration or database mapping)
  • Modification of data caused by:
    • Data entry errors during manual entry
    • Automated preventive maintenance
    • Reset of data
    • Rounding of data
    • Averaging of data 

Patient data also presents a security risk. Access to data must be controlled for data entry, viewing, and editing. Other potential causes of data integrity issues include power loss, division by zero, overflow/underflow, floating point rounding, improper range/bounds checking, off-by-one, hardware failure, timing, and watch-dog time outs. In Table B2 the guidance provides additional examples of causes and risk control measures are recommended for each cause.

Data hazards associated with artificial intelligence (AI) and machine learning (ML)

There are also data hazards associated with AI/ML software. When an algorithm is developed there is a potential for improving the algorithm or making the algorithm worse. There is always a data bias resulting from the patient population selected for data collection and the clinical users that assign a ground truth for that data. Sometimes the data entered is subjective or qualitative data rather than objective, quantitative data. The sequence or timing of data collection can also impact the validity of data used for training an AI algorithm. AAMI CR 34971:2023 is a Guide on the Application of ISO 14971 to Machine Learning and Artificial Intelligence. That guidance identifies additional hazards associated with data and databases.

How are these hazards addressed in software requirements?

In IEC 62304, Clause 5.2.2, lists the content for twelve different software requirements (i.e., items A-L):

  • a) functional and capability requirements;
  • b) SOFTWARE SYSTEM inputs and outputs;
  • c) interfaces between the SOFTWARE SYSTEM and other SYSTEMS;
  • d) software-driven alarms, warnings, and operator messages;
  • e) SECURITY requirements;
  • f) user interface requirements implemented by software;
  • g) data definition and database requirements;
  • h) installation and acceptance requirements of the delivered MEDICAL DEVICE SOFTWARE at the operation and maintenance site or sites;
  • i) requirements related to methods of operation and maintenance;
  • j) requirements related to IT-network aspects;
  • k) user maintenance requirements; and
  • l) regulatory requirements.

These software requirements may overlap, because any specific cause of failure can result in multiple types of software hazards. For example, a loss of connectivity can result in mix-up of data, incomplete data, or modification of the data. Therefore, to ensure your software design is safe, you must carefully analyze software risks and evaluate as many test cases as you can to verify effectiveness of the software risk controls.

What is the best way to analyze data risks?

There are multiple risk analysis tools available to device and IVD manufacturers (e.g., preliminary hazard analysis, failure modes and effects analysis, and fault-tree analysis). Using a design failure modes and effects analysis (i.e., dFMEA) is the most common risk analysis tool, but a dFMEA is not the best tool for software risk analysis. There are two reasons for this. First, the dFMEA is a bottom-up approach that assumes you know all of the software functions that are needed–but you won’t. Second, the dFMEA will have multiple rows of effects for each failure mode because each cause of software failure can overlap with multiple software functions. Therefore, the best way to analyze data risks is a fault-tree analysis (i.e., FTA). The FTA is the best tool for analysis of software data hazards because you only need three fault trees: 1) Mix-up of data, 2) Loss of data, and 3) Modification of data. In each of these FTAs, all of the potential causes of software failure will be identified in the branches of the fault tree. Analyzing the fault tree structure, specifically the position of OR gates, can assist in software design. OR logic gates that can result in critical failures need additional software risk controls to prevent a single cause of software failure from creating a serious hazardous situation.

Fault Tree Example from AAMI TIR 80002 1 2009 300x239 Data Hazards for SaMD and SiMD
Copied from Section 6.2.1.5 from AAMI TIR 80002-1:2009

How to build a fault tree

The first step of your software risk analysis should be to identify data hazards. Once you identify the data hazards, you can build a fault tree for each of the three possible software failures: mix-up of data, 2) incomplete data, and 3) modification of data. Each data hazards can cause multiple software failure modes, but the type of logic gate will determine the outcome of that data hazard. An OR gate will result in software failures if there is just one hazardous event, while an AND gate requires at least two hazardous events to occur before the software failure will occur. The position of the OR/AND gate also impacts the potential for software failures.

Data Hazards for SaMD and SiMD Read More »

Use error and abnormal use training webinar

In this use error training webinar, you will learn how to use our decision tree form to determine if you have identified a use error or an abnormal use.

Your cart is empty

Use error training screen capture 1024x576 Use error and abnormal use training webinar

Use error and abnormal use training webinar ($79)

In this webinar, you will learn what a use error is and what abnormal use is. You will learn how to use our decision tree form to determine if you have identified a use error or an abnormal use. The webinar is a 21-minute recorded video (i.e., mp4) and includes the decision tree form with a work instruction.

Use error thumbnail Use error and abnormal use training webinar
Use error and abnormal use training webinar
In this webinar, you will learn what a use error is and what abnormal use is. You will learn how to use our decision tree form to determine if you have identified a use error or an abnormal use. The webinar is a 21-minute recorded video (i.e., mp4) and includes the decision tree form with a work instruction.
Price: $79.00

Please note: These products will be delivered to the email address provided in the shopping cart transaction. After the transaction is verified, please check your email for the download.

When is the use error and abnormal use training webinar?

This webinar is a 21-minute recording you can purchase on-demand and watch the training as often as you wish. If you need help preparing a usability engineering file (UEF) for your device, we can help you on an hourly basis. Please contact Lindsey Walker for a quote.

What you will receive in the Use error and abnormal use training webinar:

Contents of the Use Error Training 1024x221 Use error and abnormal use training webinar

Other Usability Engineering / Human Factors Training

About the Author

20190531 005146 150x150 Use error and abnormal use training webinarMatthew Walker – QMS, Risk Management, Usability Testing, Cybersecurity

Matthew came to us with a regulatory background that focused on OSHA and NFPA regulations when he was a Firefighter/EMT. Since we kidnapped him from his other career, he now works in Medical Device Quality Systems and Regulatory Pathways. He is a Junior in George Washington University’s BSHS- Clinical Research Management Program, and we are proud to say that he is also a member of both the Golden Keys and Phi Theta Kappa Honor Societies! Matthew participates as a member of our audit team and has a passion for risk management and human factors engineering. Always the mad scientist, Matthew pairs his professional life in regulatory affairs with hobbies in the culinary arts as he also holds a Butchers/Meat Cutters certificate from Vermont Technical College.

Email: Matthew@FDAeSTAR.com

Connect on Linkedin: http://www.linkedin.com/in/matthew-walker-214718101/

Use error and abnormal use training webinar Read More »

GSPRs – General Safety and Performance Requirements

GSPRs are the General Safety and Performance Requirements for CE Marking of medical devices and IVDs in Annex I of the EU MDR and IVDR.

Screenshot 2024 08 13 7.49.03 AM 1024x742 GSPRs   General Safety and Performance Requirements

What are the GSPRs?

General Safety and Performance Requirements (GSPRs) are the requirements for safety and performance specified in Annex I of the EU MDR and EU IVDR. GSPRs are divided into Chapter I (i.e., – Sections 1-9 of the MDR and Sections 1-8 of the IVDR are the General requirements), Chapter II (i.e., – Sections 10-22 of the MDR and Sections 9-19 of the IVD are the Requirements regarding design and manufacture), and Chapter III (i.e., Section 23 of the MDR and Section 20 of the IVDR are the requirements regarding the information supplied with the device or IVD). All devices must meet the requirement of Chapter I and Chapter III, but the applicability of Chapter II depends upon the technological characteristics of the device or IVD.

Where do the GSPRs go in your technical documentation?

When a Notified Body reviews your technical documentation, they expect you to provide either a complete technical file or technical file index that is organized in accordance with Annex II of the MDR or IVDR. Section 4 of Annex II is labeled “General Safety and Performance Requirements.” This section is where your GSPR checklist should be located in the technical file or technical file index. Generally a GSPR checklist is considered the best way to document these requirements. The checklist should should provided traceability to each specific requirement and the following elements:

  1. the applicability or non-applicability of each requirement; justifications shall be documented for non-applicability
  2. the method or methods used to demonstrate conformity with each requirement
  3. the harmonized standards (i.e., EN standard) and/or Common Specifications (CS) applied
  4. identification of controlled documents that provide evidence of conformity with the harmonized standards or CS

What are the subparts of each chapter in the GSPRs?

Chapter I

The general requirements for safety and performance (i.e., Chapter I in Section 1-9 of the MDR and Section 1-8 of the IVDR) are primarily focused on risk management requirements. These first few sections state that the manufacturer must ensure that the device or IVD is safe, effective, and does not compromise the clinical condition or safety of patients or users. The manufacturer must take into account the generally acknowledged state of the art. Risks must be reduced as far as possible without adversely affecting the benefit-risk ratio. The manufacturer must implement a risk management system. Risks associated with use errors shall be eliminated or reduced as far as possible. The characteristics of performance shall not be adversely affected the conditions of use, transport and storage during the lifetime of the device or IVD. Finally, all residual risks shall be minimized and be acceptable when weighted against the benefits to the patients and/or user arising from the intended use during normal conditions of use.

Chapter II of the MDR

This Chapter of the GSPRs is organized into the following subsections of the MDR:

  • 10 – Performance characteristics
  • 11 – Chemical, physical and biological properties
  • 12 – Infection and microbial contamination
  • 13 – Devices incorporating materials of biological origin
  • 14 – Construction of devices and interaction with their environment
  • 15 – Devices with a diagnostic or measuring function
  • 16 – Protection against radiation
  • 17 – Electronic programmable systems
  • 18 – Active devices and devices connected to them
  • 19 – Particular requirements for active implantable devices
  • 20 – Protection against mechanical and thermal risks
  • 21 – Protection against the risks posed to the patient or user by devices supplying energy or substances
  • 22 – Protection against the risks posed by medical devices intended by the manufacturer for use by lay persons

Chapter II of the IVDR

This Chapter of the GSPRs is organized into the following subsections of the IVDR:

  • 9 – Performance characteristics
  • 10 – Chemical, physical and biological properties
  • 11 – Infection and microbial contamination
  • 12 – Devices incorporating materials of biological origin
  • 13 – Construction of devices and interaction with their environment
  • 14 – Devices with a measuring function
  • 15 – Protection against radiation
  • 16 – Electronic programmable systems
  • 17 – Devices connected to or equipped with an energy source
  • 18 – Protection against mechanical and thermal risks
  • 19 – Protection against the risks posed by devices intended for self-testing or near-patient testing 

Chapter III

Chapter III is divided into four subparts. Section 23.1 of the MDR and section 20.1 of the IVDR are the general requirements for information provided by the manufacturer (i.e., labeling). The recommended harmonized standard is EN ISO 20417:2021. Section 23.2 of the MDR and section 20.2 of the IVDR include the labeling requirements. Section 23.3 of the MDR and section 20.3 of the IVDR include requirements for information on the packaging which maintains the sterile condition of a device or IVD (i.e., label on the sterile barrier packaging). Finally, Section 23.4 of the MDR and section 20.4 of the IVDR include requirements for the Instructions for Use (i.e., IFU, Directions for Use, or User Manual).

Completing your checklist

Completing the GSPR Checklist would be easy if there were only 20-23 requirements, but most of the requirements have multiple requirements. For example, GSPR 14 of the MDR has 7 subparts, 18 of the MDR has 8 subparts, and labeling requirements are six pages long. Each subpart must be addressed when you complete the columns of the checklist. If any of the parts or subparts do not apply to your device, you need to provide a justification. When you write your justification for the non-applicability of a GSPR, you need to be careful to provide a justification for each subpart of the requirement–even if the subpart is not separately identified by a letter or number.

Download our Checklist

If you need a template for creating your own GSPR checklist, you can download our template by filling in the form below:

How do you address differences from the Essential Principles of Safety and Performance?

Health Canada also identifies Essential Principles for Safety and Effectiveness in Sections 10-20 of the Canadian Medical Device Regulations (i.e., SOR 98/282) that is similar to the European GSPRs, and Australia has a similar Essential Principles Checklist document with only a few minor differences. The Global Harmonized Task Force (GHTF) created an earlier version in 2005, but the International Medical Device Regulators Forum (IMDRF) released a newer version in 2024. Health Canada will typically accept your GSPR checklist developed for CE Marking, but a gap analysis should be performed against the Australian Regulations.

GSPRs – General Safety and Performance Requirements Read More »

EN standard – What is it?

CE Marking auditors may ask if you assessed the difference between the ISO version of a standard and the EN standard. Is there a difference?

Discussion about a risk management standard 1024x664 EN standard   What is it?

What is an EN standard?

European Standards are technical standards ratified by one of the three European standards organizations: CEN, CENELEC, or ETSI. European Standards are referred to as an “EN standard.” The “EN” is derived from the German name Europäische Norm (i.e., translated as “European Norm”). Each of the member states have their own standards organizations that is responsible for adopting ISO standards that have been ratified, translation of the standard into the language of the member state, and and issue of translated EN standard. For example: German standards are preceded by “DIN,” Irish standards are preceded by “I.S. EN,” and Swedish standards are preceded by “SS-EN.”

How is an EN version different from the ISO version of a standard?

Historically, EN medical device standards include three Annexes related to harmonization with the standard with the three EU Directives (i.e., MDD, AIMD, and IVDD). Now that the EU Device Regulations have been released (i.e., MDR = 2017/745) and (IVDR = 2017/746), the EN standards now have harmonization Annexes for the two regulations (i.e., ZA and ZB). The content of the ISO Standard is usually not changed in an EN standard unless there is a correction, amendment, or deviation.

Where can you purchase EN versions?

EN standards are translated from the adopted ISO standard by the standards organization for each member state. Below are a few examples:

If you already own the ISO version, do you need to buy the EN standard too?

In a Technical File for CE Marking, you are required to demonstrate how you comply with Annex I of the MDR or IVDR. The recommended method of demonstrating compliance is creating a General Safety and Performance Requirements (GSPRs) checklist. In that checklist, you need to identify which applicable standards were used. If an EN standard is available, the GSPR checklist should reference that standard instead of the ISO version. Unfortunately, in order to claim compliance with the EN version, someone needs access to that standard. This could be within your organization or a consultant that assisted in preparing the GSPR checklist to ensure that you are compliant with the EN standard. Generally, we purchase English versions of EN standards from the Estonian Center for Standards and Accreditation, because it is usually the least expensive source. However, if you ask a consultant to do this comparison for you, the best way to perform that comparison is using the comparison function of Adobe Acrobat Pro.

Can you identify EN requirements without the EN version?

Most of the quality system requirements for the MDR and IVDR regulations are found in Article 10 of the regulation. However, there are quality system requirements found in other articles and in the annexes. Therefore, you may be able to find EU requirements in the regulations by doing a keyword search. For example, searching for the word “risk” may help you find risk management requirements throughout the regulations. You may also find European-specific requirements in Common Specifications and MDCG guidance documents.

How to respond to a certification body auditor?

Final Answer: I’m not sure, because every auditor is a little different in their approach. However, as an instructor, I would teach an auditor to ask open-ended questions, such as: “How did you determine if there is an impact upon your procedures and design documentation with regard to the EN standard?” (i.e., – impact analysis). If the company provides an impact analysis and explains why the existing documentation and procedure should not change, I believe this meets the EU requirements. If the certification body auditor is still not satisfied, then you might try asking them, “What differences are you aware of between the EN and ISO versions of the standard?”

 

EN standard – What is it? Read More »

Combining 510k with CE Marking Submissions

Learn how to create a regulatory plan for combining 510k with CE marking submissions in parallel instead of doubling your workload.

510k submission and CE Marking Combining 510k with CE Marking Submissions

My first medical device regulatory submission was for CE Marking, while my second regulatory submission was for a 510k submission of the same product. Preparing submissions for different countries in parallel is a common path for medical device regulatory submissions, but it is also an inefficient path. If you know that you will be submitting both types of documents, then you should plan for this from the start and reduce your workload by at least 35%.

The reason why you can quickly reduce your workload by more than 65% is that both submission have very similar sections. Therefore, you can write the content for those sections in such a way that the material can be used for your 510k submission and CE Marking.

Identify duplicate sections in when combining 510k with CE marking projects

Most of your testing requirements should be identical when you are combining 510k with CE Marking submissions. However, the way the testing is presented is different. For your 510k submission you will attach the full testing report and write a brief statement about how the testing supports substantial equivalence. In contrast, CE marking technical files require a summary technical document or STED. The STED is a summary of each test that was performed. If you aren’t sure what testing is required, we created a test plan webinar to address this question specifically. Most of the work will be duplicated between your two test plans, but any outliers should be identified. For example, biocompatibility will need to include a biological evaluation plan (BEP) and biological evaluation report (BER), but this is optional for a 510k submission. There are also FDA requirements that are not required for CE marking, such as material mediated pyrogenicity testing and bacterial endotoxin testing for each production lot. In general, the possible testing categories are:

  1. biocompatibility
  2. sterilization
  3. shelf-life
  4. distribution
  5. reprocessing
  6. software
  7. cybersecurity
  8. wireless coexistence
  9. interoperability
  10. EMC
  11. electrical safety
  12. non-clinical performance
  13. human factors
  14. animal studies
  15. human clinical studies

There are a few other sections of your 510k and CE marking submissions that are nearly identical:

How to organize your medical device files when combining 510k with CE marking

The new FDA eSTAR has a unique PDF template that must be used for organizing your submission but Patrick Axtell, the person that helped create the FDA eSTAR templates, is also the Coordinator for the IMDRF Regulated Product Submission Working Group. He has inserted links in the eSTAR sections that cross-reference to the Regulated Product Submission Table of Content (i.e., RPS ToC). Therefore, best practice is to organize your medical device file in accordance with the RPS ToC:

  1. Non-In Vitro Diagnostic Device Regulatory Submission Table of Contents (nIVD ToC)

  2. In Vitro Diagnostic Medical Device Regulatory Submission Table of Contents (IVD ToC)

Identify sections unique to an FDA eSTAR 510k

There are only a few sections of the FDA eSTAR 510k that are unique. The following is a list of those sections:

Technical Files for CE Marking also have a few unique sections, such as:

Combining 510k with CE marking – how to construct your regulatory plan

In one of my previous blogs, I explained how the new FDA eSTAR template as a project management tool to verify that all of the section of a 510k submission are complete. Unfortunately, there is no CE Marking equivalent, but you can use your TF/MDR Index as a project management tool when you are constructing a combined plan for a 510k submission and CE Marking. The first step is to create a Index based on a recognized standard (EN standard or ISO standards). Historically we used the GHTF guidance document released by study group 1: N011:2008. When the EU MDR came into force, we added cross-references to the EU MDR in our TF/MDR Index. The GHTF guidance mirrors the format required in Annex III of the new EU MDR. I do not recommend using the NB-MED 2.5.1/rec 5 guidance document. Even though the content is similar to the GHTF guidance, the format is quite different. There is also a new IMDRF guidance document for Essential Principles of Safety and Performance that you should consider referencing.

Screenshot 2024 08 13 9.16.27 AM Combining 510k with CE Marking Submissions

Project and task management for your combined regulatory plan

If you are going to outsource sections of either submission, the sections should be written and reviewed by someone familiar with both types of submissions. The headers and footers will be unique to the type of submission, but I write the text in Google Docs without formatting for ease of sharing and so I can use my Chromebook.

If you have an in-house team that prepares your 510k submissions and Technical Files, you might consider training the people responsible for each section on the requirements for each type of submission. This eliminates rewriting and reformatting later. I like to assign who is writing each section in a separate column of my project management software. Then I will sort the sections by the expected date of completion. All the safety and performance testing, and any sections requiring validation, will typically be finished at the end of the project. Therefore, it is important to dedicate unique resources to those sections rather than asking one person to write several of those sections. You also will want to make sure any supporting documentation they need is completed early so that the project’s critical path doesn’t change.

Additional training for combining 510k with CE marking

We provide an on-demand  510k course series consisting of 33 FDA eSTAR webinars that you can purchase as a bundle or individually. We also have various training webinars about CE marking on our webinars page.

Combining 510k with CE Marking Submissions Read More »

What is a DHF?

In this article you will learn tips and best practices for creating and maintaining your DHF (i.e., Design History File).

What is a DHF?

DHF is an acronym for design history file. The US FDA is the only country that specifically includes this in medical device regulations (i.e., 21 CFR 820.30j). Other countries simply require that you maintain records of design and development. The DHF is a file, virtual or physical, that includes all the records of your efforts to design and develop a medical device. You could create an index for a DHF that includes all of the most recent versions of the documents pertaining to the design of your device, but that is called a Device Master Record or DMR (i.e., 21 CFR 820.181). Another term for the DMR is “technical file” or “medical device file.” The FDA will be adopting the term “medical device file” as part of the Quality Management System Regulation (QMSR), and the definition for a DHF will become obsolete February 2, 2026.

Recommended DHF Contents 1024x577 What is a DHF?

What’s the difference between a DHF, DMR, and DHR?

The US FDA loves acronyms, but overuse of acronyms leads to confusion. The acronyms DHF, DMR, and DHR are the three most commonly confused acronyms in the medical device industry. One of the simplest solutions is to stop using acronyms and to rename each of these documents so that they are no so confusing. Instead of design history file, or DHF, start referring to this file as a record of new product development. That record consists of thousands of pages covering a year or more of design and development activity by your new product development team. Instead of device master record, or DMR, start referring to this as your medical device file or technical file. Clause 4.2.3 of ISO 13485:2016 is specific to this record. It is intended to be a living document that you will update each time you make a design change. Instead of device history record, or DHR, start referring to this as your batch record or lot record. This is a file containing all of the records, or cross-references to records associated with the manufacturing and inspection of a batch or lot of devices. The batch record or lot record will be reviewed for completeness, accuracy, and to ensure all inspection and testing passed. Often a release checklist is used to ensure consistency of this review, and the checklist will be signed and dated by the person that releases the batch or lot for distribution. For sterile products, this is done after sterilization and sterile product is quarantined until release.

Flow of Inspecting Design Controls 1024x181 What is a DHF?

Regulatory Requirements for a Design History File (DHF)

The requirements for a design history file (DHF) are found in 21 CFR 820.30(j):

Each manufacturer shall establish and maintain a DHF for each type of device. The DHF shall contain or reference the records necessary to demonstrate that the design was developed in accordance with the approved design plan and the requirements of this part.”

 There is also a definition for a DHF found in 21 CFR 820.3(e):

Design history file (DHF ) means a compilation of records which describes the design history of a finished device.

The FDA provided an official interpretation of this requirement in the preamble when the QSR was published in 1996. That discussion of the requirement indicated that the DHF is intended to be a repository of the records required to demonstrate compliance with your design plan and your design control procedures. The discussion also indicates that the same DHF may be used for minor variations of a device such as size differences. Most manufacturers will organize the DHF in a binder and organize the binder chronologically to match a design project plan, however, most do not create a DHF template. Meeting minutes from each design meeting are typically included as an appendix to the DHF, while reviewed and approved documents such as the design plan, design inputs, design outputs and records of design reviews typically comprise the bulk of the DHF. Manufacturers also typically will conduct an internal auditor of active DHF binders in order to ensure that design projects are following the approved design plans.

Why you should never use a DHF template

The DHF is is intended to provide evidence of following an approved design plan, but the DHF consists of many records–not just one record. A DHF template could be created to follow a standardized design control process, but most manufacturers write a generic design procedure that allows and encourages the design team to customize the design plan to match the needs of each development project. Therefore, design plans may have different numbers of design reviews and very different testing activities prior to the start of the design transfer process and during design verification and validation.

For a device master record (DMR), I recommend creating a DMR Index using a template that is organized in accordance with an international standard to meet the needs of a DMR and a Technical File. The DMR is a living document that only shows the most current design outputs for a device while a DHF may require repeating various verification and validation testing if the initial design fails to meet acceptance criteria and a design change is required prior to the final design review and approval of commercial release. The need for including this variability eliminates the advantages of a template.

What is the purpose of the DHF?

The purpose of the DHF is to provide objective evidence that the design and development team followed design controls in order to develop a medical device. FDA inspectors review the DHF to make sure that the design process is effective by verifying that known hazards were identified, and appropriate design inputs (i.e., test requirements) were approved. The design specifications should demonstrate that risks were reduced as far as possible by implementing design solutions, protective measures, and by providing warnings and precautions of residual risks to users and patients. Verification of design inputs and validation of user needs comprise the bulk of your DHF in the form of testing protocols and reports. Inspectors will review your design transfer activities to ensure that the output of manufacturing consistently meets your design specifications. Design reviews meeting minutes will be sampled to verify that you included an independent reviewer and the design team completed all activities planned in your design plan. FDA inspectors will verify that your design team has adequate training on design controls and the relates processes. Finally, the FDA will look for justifications and updating of design documentation for the design changes your team made during the design process.

Where should you document design changes?

Product design changes that occur prior to the final design review and approval of commercial release are required for inclusion in the DHF. However, once a product is released the control over design changes should be tighter and regulatory submission of changes may be required. Therefore, I recommend documenting post-market design changes in the DMR Index for a device as part of the revision history. I treat the DMR Index as a controlled document and any post-market design changes are reflected in the revision history with a reference to the design change approval (e.g., ECN 123 – addition of UDI label to product labeling). The other advantage of this approach is that all post-market design changes that must be documented for a design dossier are summarized in the revision history of the DMR Index and the DMR Index will serve as a Technical File/Design Dossier.

Training Webinar

If you are interested in learning more about design history files, we recorded a DHF training webinar. The webinar explains how and when to create a design history file (DHF). After you create a design control procedure, you can show the recording of this webinar to your design and development team to ensure that design and development documentation is compliant and updates are efficiently maintained. We are in the process of updating this webinar and it will be hosted live in September.

What is a DHF? Read More »

FDA User Fees for FY 2025 released on July 31, 2024

The FDA User Fees for FY 2025, October 1, 2024 – September 30, 2025, were released on Wednesday, July 31, 2024.

What are FDA User Fees?

At the very core of it, the FDA user fees fund the FDA Office of Device Evaluation (ODE) budget. Without these user fees, the FDA cannot begin reviewing a medical device submission. This includes 510k, PMA, and De Novo submissions. Before the FDA assigns a reviewer to your submission, you must pay the appropriate device user fee in full unless eligible for a waiver or exemption. If you pay the user fee by credit card, you must allow a few extra days for the user fee to clear. Otherwise, your submission will be placed on “User Fee Hold.” Small businesses may qualify for a reduced fee. The FDA announced the FY 2025 FDA User Fees on July 31, 2024. The FDA will announce the user fees for FY 2026 in a Federal Register notice next August 2025.

What are the FDA User Fees for FY 2025?

FY2025 User Fees 1024x544 FDA User Fees for FY 2025 released on July 31, 2024

How much did user fees increase for FY 2025?

The increase in FDA user fees from FY 2024 to FY 2025 was 11.8%, except the annual FDA Registration fee, which increased by 21.3% to $9,280. There are three components to the increase:

  1. Base Fee = a statutory base fee for each FDA user fee
  2. Standard Fee = an inflation-adjusted statutory base fee
  3. Adjusted Fee = adjusted fee to meet revenue target

The reason for each component for the user fees is described in the Federal Register.

When does the FY 2025 increase take effect?

Each year the new FDA user fees take effect on the 1st day of the FDA’s new fiscal year (i.e., October 1). You cannot pay the annual registration fee for FY 2025 until October 1, 2025, and the last day you can submit under the FY 2024 user fee pricing is Monday, September 30, 2023. For the submission to be accepted under the current fiscal year, the submission must be uploaded to the Customer Collaboration Portal (CCP) no later than 4:00 pm EDT on the 30th.

What do you do if you have already paid the FY 2024 price?

If you already paid the FY 2024, and your submission is received after 4:00 pm EDT on September 30, 2024, you must complete FDA Form 3914 for an FDA user fee payment transfer request. You will also need to pay the difference in user fees (i.e., 11.8%). If your submission is received before the FY 2024 user fee is transferred and you have paid the difference in user fees, your submission will be placed on a user fee hold. If you paid the FY 2024 user fee and are not ready to transfer your previously paid user fee to FY 2024 (and pay the difference), you can request an FDA user fee refund by filling in an online form.

What is the annual registration fee for FY 2025 due?

The annual establishment registration user fee can be paid any time between October 1 and December 31. If you pay late, there is no penalty, but your registration status will be inactive, and you cannot submit new device submissions or import products to the USA. If you are not yet distributing any devices in the USA, you are not required to have your establishment registered, and establishment registration is not required before submitting a new device submission. If you are not required to register yet, when you are paying the user fee for a new device submission on the Device Facility User Fee (DFUF) website, you will click the “Yes” button because there is no “N/A” option for the question below.

Click Yes 1024x200 FDA User Fees for FY 2025 released on July 31, 2024

Is the annual FDA registration fee prorated?

Annual registration payments are not prorated when you are paying in the middle or even near the end of the year for your initial registration. Therefore, you will need to consider if the revenues you expect to gain before the end of the current fiscal year are worth the registration cost. If you need any help with annual registration or you need a US Agent, we offer these consulting services.

FDA User Fees for FY 2025 released on July 31, 2024 Read More »

Classification recommendation written for a De Novo

This article explains how to write your classification recommendation for a De Novo Classification Request using a risk-based approach.

Classification Recommendation 1024x678 Classification recommendation written for a De Novo

“Automatic Class III Designation” does not mean that your device is a Class III device. That phrase means that the device is new, and therefore it will be automatically classified as Class III until a company submits a De Novo Classification Request. You and your company, not the FDA, should make the classification recommendation and propose the regulatory pathway for a new device. Submitting a 513g request is an option, but a 513g request involves paying the FDA money to write a classification recommendation. The FDA will always be more conservative in their assessment than the manufacturer.

Although no FDA guidance explains how to write a classification recommendation, companies have been writing these documents for years–for Technical Files. Most countries have risk-based classification rules, while the FDA’s product classification database is centered upon precedents and adjusted over time by historical trends of adverse events and recalls. Therefore, you should write a classification recommendation for the FDA that is focused on a documented risk assessment. Your approach will also need to be modified to include classification information for similar indications for use and technological characteristics that are already established in the US market.

Most Common Mistakes in Writing a Classification Rationale 

Many people mistakenly write a short classification rationale for a technical file, which simply states which classification rule applies and why. Although this approach is acceptable for a Declaration of Conformity, you must provide a comprehensive classification rationale in your technical file. First, you need to make sure that there is only one classification rule that applies. For example, classification rules fall into four general categories:

  1. Non-invasive Devices
  2. Invasive Devices
  3. Active Devices
  4. Special Rules

The software was haphazardly added to the active devices category until recently, and special rules were created to address emerging areas of interest and concern. Therefore, most active devices have a second rule that applies regarding the invasive nature of the device–or lack thereof. In order to write a comprehensive classification rationale, you need to review each classification rule and document your explanation for why it applies or does not apply to your device.

A Classification Recommendation Compares Indications for Use

The FDA does have classification rules, but the rules are not 13 numbered items in the Code of Federal Regulations (CFR). The FDA expects a risk assessment of comparing your device with existing devices on the US market. The basis of comparison should be: 1) the indications for use and 2) the technological characteristics. First, you should identify other devices that have similar indications for use. For example, a device intended for home use or over-the-counter (OTC) use represents a higher risk to patients and users than a device intended for prescription use only. Patients may fail to identify contraindications for a device properly, or the lack of formal medical training may result in use errors that would not occur when a physician uses the same device.

Other aspects of indications for use that impact the risk assessment are the part of the body where your device will be used and the duration of use. For example, implants are at higher risk than non-implants, because implants are in contact with the body for a much longer period of time. Implants can also expose the body to systemic risks, while a surface contacting device is likely only to have a localized effect. Degradation of implants also exposes the body to small particles, with more surface area, that can travel from one part of the body to another.

If your device is used for life support, the device will also be considered at higher risk than devices that are not required for life support. If your device is the only device used for diagnosis, this also represents a higher risk than a device that acts as an adjunct to other devices. Finally, if your device is an accessory to other devices that are high risk, your device may be considered a higher risk as well–especially if it controls the higher risk device.

In your analysis, you need to identify devices that are already on the US market that have similar indications for use. Usually, those devices will be Class II devices. However, if some of those devices are Class I or Class III, you will need to be more careful with how you differentiate your indications for use from those other devices.

A Classification Recommendation Compares Technological Characteristics

When comparing technological characteristics, the following aspects should be considered: 1) materials, 2) design, 3) energy source, and 4) other design features. For example, absorbable materials are generally considered at higher risk than devices that are not absorbable. Sterile devices are generally at higher risk than non-sterile devices because the failure of the sterilization process or the package integrity can result in serious infections and death. Devices that are electrically powered are usually considered at higher risk than devices that are not powered. Finally, software-controlled devices that provide feedback control are considered at higher risk than a device that does not have feedback control. Each technological characteristic also represents a different category of hazard. Hazard categories are listed in Table C1 of Annex C in ISO 14971:2019. These include chemical, biological, electrical, radiation, etc.

Once you have identified the Classification of other devices with similar indications for use and technological characteristics, you need to estimate the risks for each hazard identified. This involves more than just listing hazards and assigning scores for severity and probability for the occurrence of harm. Severity should consider the type of injuries, the number of injuries, and the duration of harm. Probability should consider the frequency of events (P1), and the probability of events resulting in injury (P2). These risk estimates also require clinical data.

Benefit-Risk Analysis

In the end, you prepare a benefit-risk analysis for your device. This is much more than a statement that the benefits outweigh the risks. You need to identify the clinical benefits of your device when compared to alternative treatments. You also need to analyze risks relative to alternative treatments. You will need to prepare this as a summary of risks–not a list of hazards. Ultimately, your benefits should be equivalent to the benefits of existing devices on the market or better, and the risks should be equivalent to existing devices on the market or less.

Examples of Classification Recommendation

Eight different medical devices are legally marketed in the USA for weight loss or weight management:

  1. Lap-Band Adjustable Gastric Banding System – Class III, PMA
  2. Maestro Rechargeable System – Class III, PMA
  3. ORBERA Intragastric Balloon System – Class III, PMA
  4. Obalon Balloon System – Class III, PMA
  5. TransPyloric Shuttle/TransPyloric Shuttle Delivery Device – Class III, PMA
  6. AspireAssist – Class III, PMA
  7. Sensor Monitored Alimentary Restriction Therapy (SMART) Device – Class II, De Novo
  8. Plenity – Class II, De Novo

The indications for use for these products are similar, but not identical. Plenity is indicated for patients with a BMI of 25 – 40 kg/m2. In comparison, ORBERA is indicated for patients with a BMI of 30-40 kg/m2, and AspireAssist is indicated for patients with a BMI of 35-55 kg/m2. All three of these indications have overlapping BMI ranges. However, the clinical benefits to a person with a BMI of 25 kg/m2 are not the same as the clinical benefits to a person with a BMI of 40 or 50 kg/m2. Therefore, these minor differences in BMI can have a significant impact on the benefit/risk analysis used for a De Novo approval decision and the Classification (i.e., Class II or Class III) determined by the FDA.

The only two weight management devices that received the approval of the De Novo Classification Request had very different technological characteristics from the other six devices. All six Class III, PMA devices, are implants, while the Class II devices are not implants. The risks associated with implants are much greater than with non-implants. The risk of implants breaking or leaking, and the difficulty in removing an implant, are just two of the considerations that must be evaluated in deciding whether an implantable device should be a Class II or Class III device.

Classification recommendation written for a De Novo Read More »

Scroll to Top