Blog

Plague Doctor’s Scary Guide – Available for Pre-Order

The “Plague Doctor’s Scary Guide to Remarkable Remote Quality Audits” by Matthew C. Walker and Robert V. Packard is now available for pre-order from Amazon ($5 pre-order discount until August 28, 2020).

%name Plague Doctors Scary Guide   Available for Pre Order

Book Description for “Plague Doctor’s Scary Guide to Remarkable Remote Quality Audits”

Remote quality audits can be remarkable. Remote audits don’t have to be an 8-hour Zoom meeting marathon that causes deep vein thrombosis. You don’t need a box of adult diapers either. We can teach you a better way.

Unfortunately, today on-site quality audits have become scary adventures into a plague-infested world. Most people describe auditing as more boring than Ferris Bueller’s homeroom teacher. Your top management deeply disdains participating in quality audits, and most CEOs cannot be bothered to show up for an opening meeting unless an FDA inspector is present. Today we are faced with a global viral pandemic that has transformed on-site auditing from a necessary evil to a potentially dangerous job that is positively scary.

Ok, maybe I’m just being dramatic. Maybe it is not so “scary” to hop on a plane to conduct an on-site audit. After all, how many people really die in conference rooms, excluding death from boredom? 

Maybe you always wanted to conduct quality audits remotely to eliminate the cost of travel expenses. Remote audits are especially attractive for supplier audits on the other side of the world. After all, who looks forward to a 14-hour direct flight from JFK to Seoul.

The biggest challenge in changing your audit process from an on-site audit to a remote audit, is that you need to convince top management, your certification body, and the next FDA inspector that remote quality audits are just as effective as an on-site audit.

Quality audits can be a remarkable value-added activity, but I don’t think you will learn how by reading the almighty 645-page tome on value-added auditing that was written by another indie author published on Amazon. You need to stop using the element approach, and learn to conduct audits using the process approach instead. You also need to make better use of the subject-matter experts in your company. They can help you audit a specific process if you teach them how, but they are not joining you on that 14-hour flight. You need to start using remote auditing techniques to get engineers involved in the auditing of areas they know better than you do.

It might not be possible to convince a design engineer to learn to be an effective lead auditor, but you can teach them to an effective audit team member for 90-minutes. Your design engineer can be an audit team member from the safety of their home at 8pm on a Tuesday night when it’s 9am in Seoul on Wednesday morning. Let us teach you and the other engineers in your company how to conduct effective remote quality audits, and we will keep you safe.

I know, you say there is just one problem. How will you convince your boss? Well, you could mention the thousands of dollars you will save in travel costs. You could suggest using those 28 hours of flight time to do something more important than trying to sleep on the “Redeye” Korean Air flight. You could also say that it will be infinitely easier to coordinate five 90-minute Zoom meetings with your supplier than scheduling one full-day audit in Korea.

COVID19 has changed the world as we know it. Your approach to auditing must change with it, or people will literally die. Buy the book now, because I guarantee change will save you money, change will improve the quality of your audits, and change might save the life of someone on your audit team.

20190531 005146 150x150 Plague Doctors Scary Guide   Available for Pre OrderMatthew Walker is the creative genius behind this book. Matthew and Rob Packard just finished creating a new lead auditor course for a major US non-profit training organization. Matthew’s job is to help clients implement new quality systems for ISO 13485 certification. He is the gap analysis guru for the consulting firm, and he is continuously updating quality system procedures. Matthew is a gifted writer. His delightful sarcasm and satire will entertain you while you read about the most boring topic on planet earth.

Rob Packard 150x150 Plague Doctors Scary Guide   Available for Pre OrderRob Packard was the instructor in 12 different lead auditor courses for more than 100+ lead auditors in total. He was a certified lead auditor for CE Marking, CMDCAS, ISO 13485, and ISO 14971. He was director of quality, and the audit program manager, for four different medical device companies. Rob now owns and operates a successful regulatory and quality system consulting firm with six full-time employees, and 100% of the employees work remotely.

Other Information

Our first book was “How to Prepare Your 510(k) in 100 Days.” The book was only made available to attendees of our 510(k) courses in Amsterdam and Las Vegas. We also made an PDF version available to people that purchased our 510(k) templates and 510(k) webinar series.

This new book was the idea Matthew Walker and is being co-authored by Matthew Walker and Rob Packard. The target length is 25,000 words, but we are likely to exceed that. The content will be organized in the order of the ISO 19011:2018 standard.

Sean Gardner is the artist that is creating our book cover design. The above picture is a draft for the cover art (tell us what you think). He is a talented caricaturist and tattoo artist that works at Helheim Gallery in Salem, MA.

We are also kicking off the project with a blog series specific to remote auditing techniques:

  1. Changes triggered by COVID19 in your quality system – May 2
  2. Remote audit opening meeting – 4 changes – May 12
  3. Audit team communications – May 19
  4. Remote audit resources – software and hardware tools – May 26
  5. Risk based auditing applied to remote audits – June 2
  6. Remote supplier audit questionnaire – June 23
  7. Remote audit duration less than 90 minutes – June 30
  8. Remote auditing work instruction – July 14
  9. Planning partial remote audits – July 21
  10. Remote audit invitations – 4 things to remember – August 4
  11. Training new audit team members and lead auditors – August 11

Five (5) new webinars planned on related topics:

  1. Opening Meetings Webinar (free) – May 14, 2020
  2. Audit team communication during a remote audit (free) – June 4, 2020
  3. How to qualify your suppliers webinar (pre-order by June 1) – June 25, 2020
  4. Remote auditing techniques webinar (pre-order by July 1) – July 16, 2020
  5. MDSAP Certification Body Interviews (free) – August 6, 2020

Posted in: Uncategorized

Leave a Comment (0) →

Remote audit resources – software and hardware tools

If you are planning a remote audit, you will need more remote audit resources than a webcam and web conferencing software. Matthew Walker is a significant contributor as co-author of this article.

20200525 095104 scaled Remote audit resources   software and hardware tools

Clause 5 of ISO 19011:2018 is titled “Managing an audit program,” and subclause 5.4.4 is specific to determining audit program resources. For conducting audits remotely, you will need remote audit resources. Almost every laptop has a built-in webcam and microphone, and that is the minimum functionality you will need to conduct a remote audit. However, adding other software and hardware technology can improve the efficiency and effectiveness of your audit team.

What remote audit resources do you need?

Remote audits are not the same as a desktop audit, because a remote audit requires remote access to more than emails containing procedures and records. Auditors need access to people and access to physical areas of your facility. This creates one of the greatest challenges for this type of audit method. Call me a Negative Nancy, but my suspicion is that most audit plans do not specifically include logistical preparations to support this audit method. On the surface it seems like a simple concept. Internet access and a scanner should cover most of the needs for the auditee to survive this digital encounter. In practice, conducting a remote audit that truly adds value and does more than check boxes, requires serious planning.

Let’s start with the obvious, a remote audit needs a way for the auditor and the auditee to communicate with each other. Ideally, you need more than your phone. We recommend Zoom for video conferencing, but we list several other video conferencing software applications below. Here are the features of Zoom that we typically use during a remote audit:

  • Video Chat – Using Zoom, two or more parties can communicate using video input from webcams. This is nice because it allows for a more visual conversation and you can see more of the facial expressions and body language of the person you are speaking with than you can with a traditional phone call. It also allows for sign language to be used if necessary.
  • Screen Sharing – Screen sharing is the most important tool you will use during a remote audit, because it allows you to share documents and records on your screen even if you are not the host. The more records you have electronically, the more valuable screen sharing will be during the audit. An auditor can say, “Can you show me that quality system certificate again?” or “Can you show me where Isomedix is on your approved suppliers list?” Being able to facilitate those verification activities saves the auditee the hassle of emailing documents or uploading content to a shared folder. This ability to share your screen is also essential for an auditee to demonstrate training effectiveness and competency.
  • Recording – Meetings can be recorded in their entirety or in sections. This allows the auditee to record the opening or closing meetings of the audit to share with others that were unable to attend. If there are questions regarding nonconformities, or opportunities for improvement, a recording of the conversation ensures that the auditor has an accurate record of complex objective evidence that would slow down the audit and gives managers a perfect record to demonstrate the issue when corrective actions are initiated.
  • Chat Record – Zoom, and most other video conferencing software, provides a chat box that can be used to take notes. If someone runs to the bathroom, and you don’t want to forget your question, you can enter it in the chat box. Chat boxes are especially helpful when there is a language barrier or someone’s accent is hard to understand. Text typed in the chat box also serves as a place to record information that may be difficult to remember if you cannot access your audit report. If a production area has too much background noise, the chat feature might be the best way to communicate important details, such as: “That information is found in section 7.5.6 of the Quality Manual; POL-001 rev A.” The chat box can also be used to communicate a list of documents, or records in a specific date range, that you want an auditee to make available for you to review off-line. Other participants observing the audit may also be responsible for collecting those documents in real-time to ensure the audit is able to continue without any delay. Finally, content in the chat box can be recorded as a text file automatically.
  • Tour Guide – Video chat allows auditees to bring auditors into physical places of their facility as if the auditor were there in person. Production employees can be interviewed, in person and in real time, while the employee demonstrates processes. You can show how nonconforming materials are labeled and segregated to keep them from accidentally being used for production. When requesting this audit method in an audit agenda, the lead auditor should recommend a dedicated “camera person” with a mobile phone and selfie stick, because it is difficult to answer auditor questions and operate a video camera simultaneously. Remember, remote audit resources consist of hardware, software, and people

My favorite remote auditing tools (hardware)

My favorite hardware resource is the Pixelbook that I am using to write this article. We write audit reports with Google Docs instead of Microsoft Word, because multiple team members can simultaneously edit the same document without creating conflicted versions. We operate Zoom video web conferencing software to speak with auditees and clients, but we use the Pixelbook to type our notes and audit reports. The Pixelbook is lightning fast, and it is a little smaller so there is just enough room on your desk next to a laptop. The biggest advantage of using Google Docs is realized when you are the lead auditor of an audit team. As lead auditor, you can type notes in the section of the audit report that other team members are working on, to make sure that they include audit trails from other members of the audit team. This is also an extremely effective technique when you are training a new auditor and you want to give them guidance without disrupting the flow of an interview with a subject matter expert.

My second favorite hardware resource is an HD webcam mounted on a flexible arm with a clamp (see picture above). The video quality is 1080p instead of the 720p that is typical of a laptop camera. The flexible arm is equally important, because you can look directly at the camera while I’m simultaneously looking at the monitor. The only thing I dislike about the webcam I am using is the audio quality. Therefore, I use a gaming headset with a microphone to record the audio so I can hear the people I am interviewing better. Another alternative is high quality microphone and headphones as typically seen in use by podcasters. Even though the sound quality is ideal with a separate microphone and headphones, the cost is higher than most gaming headsets and you will be tethered to microphone–either physically or at least virtually by the need to maintain a consistent distance between your mouth and the microphone. The more hours you spend at the computer, the more you will appreciate the ability to stand up, adjust the camera and move your legs a little.

Finally, the last piece of essential remote auditing hardware is your mobile phone. Even with a desktop running Zoom, and a Pixelbook running Google Docs, I still need to ask audit team members questions and conduct quick internet searches. Therefore, your mobile phone is essential to keep with you, in silent mode, during your audit. If you don’t have your phone, then you need to stop sharing your screen and send a message during your audit. Your phone is much less disruptive. I use the phone to keep track of time, to set reminder alarms, and to send Slack messages with other people. You can also join a separate Zoom session on your phone where an audit team member may need you (the lead auditor) to provide input on objective evidence or evaluation of conformity regarding specific quality system requirements. You might also want to take a quick picture of something you observe on video during the audit. If you record the Zoom session, you can always extract a still image, but taking a picture with your mobile phone is more convenient and takes less time. You can then share the image with a Google Drive folder for your remote audit and copy the image into your audit report. As they say, a picture is worth 1,000 words.

One last note on hardware: a 48″ flat screen is great for virtual bike rides on your trainer (as seen in the picture above), but it’s just a little too big for a desktop monitor. It’s really nice for side-by-side viewing, but dual monitors is a better approach.

Remote Auditing Resources for Web Conferencing

Currently we are using Zoom as our video web conferencing software, but we used to use GoToMeeting and there is very little difference in the functionality of the two software platforms. One of the consequences of the COVID19 pandemic, is that everyone is more familiar with web conferencing software. Here are a few other options you could consider, including Slack, which we use as a messaging tool and we have integrated with Zoom within our team’s channel.

  1. Google Meeting
  2. Skype
  3. Microsoft Teams
  4. Monday
  5. Slack

Remote Audit Resources for Scheduling Your Audit

Currently we are using Calendly as the automated appointment scheduling software application for our consulting business. However, the functionality of software applications have changed dramatically in the past few years with better integration tools, such as Zappier.  Therefore, don’t be surprised if we change to one of the applications listed below. These applications allow you to manage people, equipment, and conference rooms, but you can also integrate these applications with accounting business processes.

  1. Simplybook.me 
  2. Acuity Scheduling 
  3. Jobber 
  4. Gigabook
  5. vcita

Remote Auditing Accessories

We hosted three international training workshops and we record training videos for medical device companies every week. Therefore, we gradually accumulated all of the accessories listed below. Technology gadgets for recording videos are constantly changing, and our best advice is to save your money. Instead, rely upon a mobile phone and an extra person with “the original selfie sticks” (i.e., arms). Once you complete your first remote audit, then you can think about which of the latest gadgets might make your life easier.

  • Selfie Sticks
  • Tripod
  • External microphones
  • Portable Batteries
  • Additional lighting

If you have any suggestions for additional hardware and software for remote auditing, please add a comment to this article so we can keep this up to date with the latest technology. 

Future Articles & Webinars

Thank you for reading. This article is our third in a ten-part blog series specific to remote auditing techniques:

  1. Remote audit opening meeting – 4 changes – May 12
  2. Audit team communications – May 19
  3. Remote audit resources – software and hardware tools – May 26
  4. Risk based auditing applied to remote audits – June 2
  5. Remote supplier audit questionnaire – June 23
  6. Remote audit duration less than 90 minutes – June 30
  7. Remote auditing work instruction – July 14
  8. Planning partial remote audits – July 21
  9. Remote audit invitations – 4 things to remember – August 4
  10. Training new audit team members and lead auditors – August 11

Five (5) new webinars planned on related topics:

  1. Opening Meetings Webinar (free) – May 14, 2020
  2. Audit team communication during a remote audit (free) – June 4, 2020
  3. How to qualify your suppliers webinar (pre-order by June 1) – June 25, 2020
  4. Remote auditing techniques webinar (pre-order by July 1) – July 16, 2020
  5. MDSAP Certification Body Interviews (free) – August 6, 2020

Posted in: Remote Auditing

Leave a Comment (0) →

Audit team communication

Communication between the auditor and the auditee may be hindered by the lack of visual cues, but software tools can enhance audit team communication.

Audit Team Communication Cup Phone Audit team communication

Audit Team Communication Requirements

During the opening meeting, the lead auditor is responsible for confirming the “formal communication channels between the audit team and the auditee…[and] the auditee being kept informed of audit progress during the audit” (ISO 19011:2018, Clause 6.4.3). Typically, the audit program manager will follow the lead auditor during the audit. In that situation, audit team communication with the auditee is direct and verbal. However, if the audit team consists of multiple auditors, the lead auditor also needs to establish a method of communication between the team members and the lead auditor. Team members need to make the lead auditor aware of any potential nonconformities, but more important information includes:

  1. audit trails that require follow-up by auditors in other process areas
  2. any delay experienced by team members
  3. if an audit team member is ahead of schedule

Communication Limitations During On-Site Audits

During an on-site audit it is not uncommon to have limited communication with the rest of the team, because the team is interviewing auditees and walking through the facility–not sitting at their computer. Sometimes your cellular signal is inadequate for texting or other messenger services such as Slack. It may also be more difficult to have private discussions between team members during an on-site audit. Usually the audit schedule is very tight, and team discussions must wait until lunch breaks or scheduled team discussions. Unfortunately, these limitations frequently result in follow-up of audit trails waiting until the very end of the audit, instead of addressing audit trails at more convenient times in the middle of the audit.

Communication Between Auditors During Remote Audits

During a remote audit, all of the audit team members will readily be able to exchange information by email, text, or Slack. In addition, applications like Google Docs allow multiple auditors to type in the same audit report simultaneously. Therefore, auditors can type a specific follow-up item in the section of the audit report where another auditor will be typing their notes for the applicable audit area. For example, if one auditor is interviewing incoming inspection activities, they can type a note for the auditor that will be auditing calibration to review the calibration certificates for inspection devices used in the incoming inspection process. If an audit team leader needs more time, they can type a quick note for the lead auditor about the need for more time. The lead auditor can also quickly send a Slack message to the rest of the audit team asking if anyone can aid the audit team member that is behind schedule. This communication is efficient, documented directly within the report, and occurs real-time. The result is that communication between team members is more effective and the audit is completed earlier.

Improvement of Auditor Training with Remote Auditing

When audit team members are being trained, the lead auditor must observe their auditing and provide constructive feedback. Ideally, the lead auditor will wait for a “teachable moment.” This is the moment immediately after the lead auditor-in-training makes a mistake. Telling an auditor-in-training what to do during an audit teaches the auditor little. However, if the auditor is allowed to make a mistake, such as forgetting to ask for an audit record, then the lead auditor can point out the mistake immediately afterward. Correcting the auditor can be as simple as adding a note in red font within the audit report in the same section where the auditor is currently typing. The auditor will see the comment and make the correction, but the auditee will not be aware of the error. This approach avoids any embarrassment to the auditor, and the auditor is more likely to remember the instruction as constructive feedback that will make them better.

Remote Auditing Can Be Easily Recorded

Auditors can learn from the constructive feedback provided by a lead auditor, but they can also learn by watching and listening to themselves if the remote audit is recorded. This is especially easy to accomplish for internal audits, but suppliers may also allow recording of certain process audits. Opening meetings, closing meetings, and common procedures such as incoming inspection usually do not include confidential information. Therefore, you should be able to obtain permission to record these portions of the audit. These recordings can be reviewed by the auditor to identify when poorly worded questions were used. Auditors-in-training can identify when they miss an opportunity to follow an audit trail, or an auditor may realize that they ask auditees certain closed-ended (i.e., yes/no) questions instead of open-ended questions that will help them gather more information from the auditee.

Audit Team Communication with Guides

In addition to the communication between the lead auditor and the audit team members, audit team members also need to communicate with their audit guides. Guides should be used to communicate messages throughout the company. For example, if the audit is behind or ahead of schedule, the guide can communicate adjustments in the timing of the agenda. If an audit team member requests records to be provided, the guide can communicate this request and make sure the records are waiting for the auditor when they return to the audit conference room. Guides also are responsible for helping the audit team navigate from one process area to another during the audit, and to make sure that the audit team observes all safety and gowning requirements during the audit. Finally, guides may also be asked to act as an observer and verify objective evidence collected by the auditor.

Shifting Role of a Guide During Remote Audits

During a remote audit, requests for records to be provided and communication of deviations from the agenda can easily be communicated by the auditor chat features in the video conference, instant messengers, or email. Therefore, you might think that a guide is unneeded. However, when audit team members request viewing another area of a facility during a remote audit, it may be necessary to provide live video images of the process areas. It is very difficult to speak with the auditor and provide live video images. In fact, it may be dangerous to walk backwards through your facility carrying a selfie stick and concentrating on your discussion with the auditor instead of where you are walking. Instead, the guide should focus on providing live video, and the process owner should be concentrating on providing a guided tour and answering the auditor’s questions. The guide may also be asked to record certain information in video or picture format as objective evidence.

Conclusion

Audit teams should practice using shared documents in Google Docs and Slack during the audit to facilitate real-time audit team communication. Google Docs enables everyone to write their audit notes directly into an audit report template to eliminate delays in completion of the audit report. Using Google Docs also makes it possible for the lead auditor to observe the progress of the audit real-time. Audit team communications of audit trails for team members to follow-up can be accomplished real-time by just adding a note about the trail in the applicable section of the audit report. Finally, remote auditing can facilitate better training of auditors.

Posted in: Remote Auditing

Leave a Comment (0) →

Remote audit opening meeting – 5 changes

This article describes five minor adjustments that lead auditors should make when they plan a remote audit opening meeting.

Remote Audit Opening Meeting Remote audit opening meeting   5 changes

Regardless of whether you are conducting an on-site audit, or a remote audit, the first activity conducted during the audit is an opening meeting. The process for conducting opening meetings is defined in ISO 19011:2018, Clause 6.4.3; and it is the responsibility of the lead auditor to lead this meeting. There are three purposes to the opening meeting:

  1. confirm agreement to the audit plan,
  2. introduce the roles of the audit team, and
  3. ensure the audit can be conducted as planned.

Opening meeting checklists

There is a long list of items that are typically confirmed during the opening meeting. New auditors are trained to rely upon an opening meeting checklist to ensure that none of the items on the list are accidentally forgotten. Some auditors will rely on a formal presentation during an opening meeting, but usually this requires more time to set-up. Therefore, most auditors work from a pre-written checklist on their computer or on paper.

Change #1: Presentations replace checklists in a remote audit opening meeting

If you are conducting a remote opening meeting, most of the attendees will be looking at a computer screen. The lead auditor can share their screen as they go through a formal presentation, without wasting any set-up time during the opening meeting. In addition, attendees can be emailed the presentation prior to the opening meeting along with the audit plan. If you are the lead auditor planning a remote audit, you should use an opening meeting presentation template to make sure that none of the items in clause 6.4.3 are skipped. If your company is developing a work instruction for conducting audits remotely, you should create a controlled template to ensure consistency among auditors. This should also be done for closing meetings. You can learn more about conducting opening and closing meetings in our webinar on May 14, 2020.

Change #2: Every audit team member should create a personal slide

One of the challenges of being remote is that you have trouble establishing rapport with the auditees. In order to overcome this challenge, you should use live video to show your face, smile, and say hello to auditees. You should also create a slide for the opening meeting presentation that includes a personal picture which conveys your congenial character and less formality. You should also include your preferred method(s) of contact during the audit, such as: email address, mobile phone number, or Slack @username. If you are part of a team, you should also present the slide(s) that explain which process areas you will be responsible for auditing. If you have any special needs, such as vision or hearing impairment, you should also  indicate how you prefer auditees to communicate with you.

Change #3: Edit the agenda during the remote audit opening meeting

Auditors confirm the planned agenda with the auditees during the opening meeting, but adjustments to the schedule are typical of remote and on-site audits. At most on-site opening meetings, everyone will have a hardcopy of the agenda and make notes on their agenda to reflect schedule changes. It is the responsibility of the lead auditor to distribute an updated version of the revised agenda, and to include the updated agenda with the audit report. However, in a remote audit opening meeting, the lead auditor should share a copy of the agenda with everyone in a software tool like Google Docs(see below). When changes are made, switch screen sharing from your presentation to the agenda. You can make the changes in view of all attendees. In addition, if you share the document with auditees, they can correct errors in the audit agenda for you (e.g., spelling of names), and often with greater efficiency than giving you verbal explanation of the changes.

Google Docs Audit Report Template Remote audit opening meeting   5 changes

Change #4: Verify meeting invitations are updated at the end of the opening meeting

When there is an audit team conducting a remote audit, each auditor should send out a separate meeting invitation and include the lead auditor. This is important, because each of the auditors needs to be able to audit simultaneously, but they may need the lead auditor to join their segment of the audit briefly. When changes are made to the audit agenda, such as changing the sequence of process areas being sampled, the time of the invitations needs to be updated for everyone involved. The lead auditor should verify that all of the invitations on their calendar match the updated agenda.

Change #5: Record your remote audit opening meetings (and closing meetings)

Recordings document critical information that might not be captured in the notes of the lead auditor while they are presenting. Therefore, requesting permission to record an opening and closing meeting of an audit is recommended. More importantly, if anyone is absent, the recording can be shared with that person. Finally, recordings allow you to “replay” mistakes and successes. The ability to replay the meeting, and observe yourself, is an invaluable tool for lead auditors in training and anyone that wants to improve.  

How long should your opening meeting be?

Audits are difficult to complete on-time, and therefore shorter opening meetings are desirable. However, the opening meeting is also dependent upon the scope of activities being audited and the number of audit team members. A duration of 30 minutes is typical for an on-site audit, but the opening meetings are often preceded by casual discussion and informal greetings. Teleconference calls and video chat meetings are less conducive to informal greetings, because it is difficult for two people to speak at the same time. The remote meetings also seem more likely to start on-time. Therefore, you should expect a remote audit opening meeting to be more efficient (i.e., shorter).

Posted in: Remote Auditing

Leave a Comment (0) →

What’s the difference between PMS, PSUR, and PSR?

This blog is intended to help clear your justified confusion if you are wondering what the difference is between PMS, PSUR, and PSR.

“The nine most terrifying words in the English language are, I’m from the Government and I’m here to help.” That quote is from a speech by President Reagan on August 12, 1986.  One of the goals of the European Parliament and Council was “to ensure effective coordination of [competent authority] market surveillance activities and to clarify the applicable procedures.” After studying the new European MDR, I can confidently say that the European Parliament and Council have done their job well. My boss is a regulatory consultant with 30 years of experience, and he asked me to explain the difference between PMS, PSUR, and PSR.

To answer that question as objectively as possible, and cite my sources, I have included a copy and paste directly from Regulation (EU) 2017/745. Red text is my commentary, while italicized text is a quotation from the most applicable article within the new EU regulations.

Under the New MDR, the only Class IIa, Class IIb, and Class III products are definitively required to have a Periodic Safety Update Report (PSUR). The PSUR needs to be updated annually for Class III and Class IIb implants, and the PSUR needs to be updated at least every two years for Class IIb (non-implants) and Class IIa devices. The PSUR must be available to your notified body, and upon request, the competent authorities. In contrast with the PSUR, Post-Market Surveillance (PMS) reports are required for Class I devices. Finally, a manufacturer’s Periodic Summary Report (PSR), relates to specific cases of Serious Incidents and Field Safety Corrective Actions (FSCA’s) based upon an agreement between the manufacturer and the competent authority or authorities in lieu of submitting individual FSCA reports.  This is confusing, because the PSUR also meets the requirements of a PMS Report as defined in Article 85, but we don’t call it a PMS Report.

“Article 83 – Post-market surveillance system of the manufacturer

1. For each device, manufacturers shall plan, establish, document, implement, maintain and update a post-market surveillance system in a manner that is proportionate to the risk class and appropriate for the type of device. That system shall be an integral part of the manufacturer’s quality management system referred to in Article 10(9).”

In Matthew’s words, “Manufacturer’s are required to establish a PMS system for every device or device family.”

“Article 84 – Post-market surveillance plan

The post-market surveillance system referred to in Article 83 shall be based on a post-market surveillance plan, the requirements for which are set out in Section 1.1 of Annex III. For devices other than custom-made devices, the post-market surveillance plan shall be part of the technical documentation specified in Annex II.”

In Matthew’s words, “Article 84 requires your you to have a PMS plan in your quality system.”

“Article 85 – Post-market surveillance report

Manufacturers of class I devices shall prepare a post-market surveillance report summarizing the results and conclusions of the analyses of the post-market surveillance data gathered as a result of the post-market surveillance plan referred to in Article 84 together with a rationale and description of any preventive and corrective actions taken. The report shall be updated when necessary and made available to the competent authority upon request.”

In Matthew’s words, “A Class I device requires a PMS report, while the other product classifications require a PSUR.”

“Article 86 – Periodic safety update report

1.1 – Manufacturers of class IIa, class IIb and class III devices shall prepare a periodic safety update report (‘PSUR’) for each device and where relevant for each category or group of devices summarizing the results and conclusions of the analyses of the post-market surveillance data gathered as a result of the post-market surveillance plan referred to in Article 84 together with a rationale and description of any preventive and corrective actions taken. Throughout the lifetime of the device concerned, that PSUR shall set out:

(a)

the conclusions of the benefit-risk determination;

(b)

the main findings of the PMCF; and

(c)

the volume of sales of the device and an estimate evaluation of the size and other characteristics of the population using the device and, where practicable, the usage frequency of the device.

Manufacturers of class IIb and class III devices shall update the PSUR at least annually. That PSUR shall, except in the case of custom-made devices, be part of the technical documentation as specified in Annexes II and III.

Manufacturers of class IIa devices shall update the PSUR when necessary and at least every two years. That PSUR shall, except in the case of custom-made devices, be part of the technical documentation as specified in Annexes II and III.

For custom-made devices, the PSUR shall be part of the documentation referred to in Section 2 of Annex XIII.

  1. For class III devices or implantable devices, manufacturers shall submit PSURs by means of the electronic system referred to in Article 92 to the notified body involved in the conformity assessment in accordance with Article 52. The notified body shall review the report and add its evaluation to that electronic system with details of any action taken. Such PSURs and the evaluation by the notified body shall be made available to competent authorities through that electronic system.
  2. For devices other than those referred to in paragraph 2, manufacturers shall make PSURs available to the notified body involved in the conformity assessment and, upon request, to competent authorities.”

In Matthew’s words, “Barring specified exemptions, manufacturers of a Class IIa device would need to submit a PSUR and update it at least every two years.”

“Article 87 – Reporting of serious incidents and field safety corrective actions

9. For similar serious incidents that occur with the same device or device type and for which the root cause has been identified or a field safety corrective action implemented or where the incidents are common and well documented, the manufacturer may provide periodic summary reports instead of individual serious incident reports, on condition that the coordinating competent authority referred to in Article 89(9), in consultation with the competent authorities referred to in point (a) of Article 92(8), has agreed with the manufacturer on the format, content and frequency of the periodic summary reporting. Where a single competent authority is referred to in points (a) and (b) of Article 92(8), the manufacturer may provide periodic summary reports following agreement with that competent authority.”

In Matthew’s words, “Periodic summary reports (PSRs) refer to significant incidents (SIs) and field safety corrective actions (FSCAs). PSRs require an agreement between the manufacturer and the competent authority(s) for cases where there is a group of common, well-known, and documented SIs or FSCA’s with a known root-cause. PSRs are an alternative to submitting individual SI and FSCA reports.”

Additional Quality System Resources

My boss also asked me to update the procedures for post-market surveillance (SYS-019) and vigilance (SYS-036). The PMS procedure includes requirements for Articles 83-86. The vigilance procedure includes the requirements for Articles 87-92.

About the author

20190531 005146 150x150 Whats the difference between PMS, PSUR, and PSR?

Matthew is a talented writer that missed his calling as a political satirist. Medical Device Academy is lucky to have him as a quality system expert and gap analysis guru. Matthew was asked to answer this question for a client in response to an email. He wrote the entire blog in less than one hour, but he didn’t think it was worthy of publishing. The boss disagreed. Please show Matthew some love with your comments below or by ordering the book from Amazon ($5 pre-order discount until August 28, 2020).

Posted in: Post-Market Surveillance

Leave a Comment (0) →

Changes triggered by COVID19 in your quality system

The 2020 global pandemic has changed life as we know it, but this article focuses on three important quality system changes triggered by COVID19.

3 things COVID19 changed 2 Changes triggered by COVID19 in your quality system

Last night my daughter Gracie mentioned that her teacher assigned an essay to write about three changes triggered by COVID19 in her life. The three things that she felt had changed the most were: 1) she goes to bed much later, and sleeps in every day; 2) her school is closed, and she only talks to her teacher twice per week via Zoom; and 3) she misses her friends. I know that her story is similar to my son Bailey who is in his Freshman year of college, and I know that my own personal story is quite similar. Coincidentally, I started writing this article earlier this week about three significant quality system changes triggered by COVID19:

  1. If you are going to conduct on-site audits, you need to ask about using personal protective equipment (PPE).
  2. There needs to be greater focus on business continuity plans and robust supply chain monitoring.
  3. Remote audits are suddenly encouraged for 1st, 2nd, and 3rd-party audits.

Changes triggered by COVID19: #1 Use Face Masks

US FDA Issues EUAs

At the beginning of the COVID19 pandemic, the US FDA created several emergency use authorizations (EUA). The three EUA areas were IVD testing, ventilators, and face masks. The EUA for IVD testing is not surprising, because the FDA issues and EUA every time a new lethal and contagious virus emerges (e.g., Zika and Ebola). The EUA for ventilators was issued, because the number of people with respiratory issues was expected to explode with the spread of the virus, and the supply chain for components of ventilators had already been disrupted by the initial spread of the virus in China. The EUA for face masks was issued, because it is the second best way to protect people from the virus and existing infrastructure for face mask production could not possibly supply the entire world with face masks overnight.

Everyone in the World Gets a Face Mask

As soon as the EUA for face masks was issued, every regulatory consultant in the USA was inundated with urgent requests for help to complete EUA requests for masks. I also received similar requests for assistance with Canadian filings. The FDA did a great job of providing detailed information about the different types of face masks (i.e., face masks, surgical face masks, and N95 respirators). Testing companies created new website pages specifically for each of the different face mask tests, and every company with a sewing machine suddenly wanted to manufacture masks. I even read an article about a elderly woman making face masks for her entire family while she listened to The Beatles “HELP!” in the background.

Why aren’t you wearing your face mask?

Even after the world makes the first 7 billion face masks, not everyone will wear their face masks. Masks will protect us from touching our hands to our face–which spreads many germs in addition to the SARS-CoV-2 virus. Masks will also keep us from coughing on other objects and people if we have the virus. Finally, face masks protect us from the small droplets that carry the virus from one person to the next. Even though there are obvious safety reasons for everyone in the world to wear a face mask, most people don’t want to wear a face mask. This is no different from the argument to wear a seat belt, and unless our government creates a law or temporary order requiring us to wear face masks most people won’t bother to wear one.

Changes triggered by COVID19: Auditors need to wear face masks 

As a medical device auditor, I feel it is critical that I always follow safety rules in every facility I visit. Lead auditors are supposed to contact the company ahead of time, and ask about the safety policies as part of audit preparation and initiating the audit. I’m 6’6” (2.00m) in height and my shoe size is 14. There is almost never gowning for me to wear that fits properly–especially in Southeast Asia. I squeeze into the garments and they are uncomfortable and hot, but I wear the garments anyway. My job includes auditing clean rooms, and I can’t do my job without gowning up. By following the rules, I also eliminate the excuses for anyone in the facility I visit. Now that we have a global pandemic, you should be wearing a face mask in every medical device facility to protect yourself, people you work with, and users of medical devices. You should also consider carrying spare face masks with you to protect yourself on airplanes, in hotels, etc.

Changes triggered by COVID19: #2 Business Continuity Plans

Will business continuity plans be required now?

In addition to the cultural shift to wearing face masks, we will also need to make significant changes in our overall preparations for natural disasters, fires, and biological threats. Although there is no specific requirement for a business continuity plan in ISO 13485:2016, there are many places where an auditor can identify a requirement to maintain effectiveness of a quality system (no exceptions):

  1. Clause 1, Scope
  2. Clause 4.1.1 & 4.1.3, General Quality System Requirements
  3. Clause 5.3, Quality Policy
  4. Clause 5.4.2, Quality management system planning
  5. Clause 5.6.3, Management Review Output
  6. Clause 6.1, Provision of resources
  7. Clause 8.1, General requirements for Measurement, analysis and improvement
  8. Clause 8.2.4, Internal audit
  9. Clause 8.5.1, General Improvement

Although any of these clauses could potentially be referenced as a requirement for a business continuity plan, the last clause would generally be the most appropriate. This clause states, “The organization shall identify and implement any changes necessary to ensure and maintain the continued suitability, adequacy and effectiveness of the quality management system…”. In this time of radical change, adding provisions to your business continuity plan for coping with a global biological threat seems obvious and urgently needed.

Suggested content for your business continuity plan

Sadly, the USA was probably better prepared for disaster in the 1960s after the Cuban Missile Crisis than we are today. If you do not yet have a business continuity plan, or if you need suggestions for improving your plan, the following is a list of suggested items to include in your plan:

  1. Develop a plan for power outages, fires, floods, earthquakes, severe wind/tornadoes, hurricanes, workplace violence, and biological threats 
  2. Develop an emergency alert system to notify employees of any emergency
  3. Build emergency kits and store the kits for when they are needed
  4. Document your plan in multiple formats (virtual and physical) and distribute to all employees–including a social media plan
  5. Translate your plan into multiple languages for non-English speaking employees
  6. Develop a training program that address the various aspect of emergency preparation
  7. Practice your plan just like fire drills, so everyone is prepared and nobody panics

The Ready.gov website has many resources for the above items, including a series of “Ready Business Videos” and “Ready Business Toolkits.”

How to practice your business continuity plans

My sister is a teacher, and she is in the process of opening a new charter school in Maine. We were discussing her planning for the school, and the disruption of schools by the COVID19 pandemic has challenged all teachers to learn to use distance learning. My sister’s school focuses on teaching children about the environment, and she doesn’t really like to spend lots of time on the computer. I was sharing some of the environmental studies my daughters are receiving via Zoom from their teachers. I suggested that she might want to pick one topic each week to teach via distance learning. The purpose of this would be to give her and her students practice using distance learning for a variety of subjects. Therefore, when we experience another biological disaster her students will already know exactly how to use distance learning to continue their education. My argument was that this routine use of distance learning will be more effective preparation for emergencies than a once-per-month “fire drill.” The same approach should be used by companies. Your company should create a schedule for practicing remote management meetings and working from home. This will ensure that systems are in place to keep your business running smoothly when disaster strikes again.

Changes triggered by COVID19: Expect regulators to require business continuity plans

The widespread shortage of face masks, ventilators, and other critical supplies needed during the COVID19 pandemic is going to result in new regulations requiring business continuity plans. This is a certainty born from the observation that every single medical device regulation we have resulted from serious public health threats. The COVID19 pandemic is the biggest global health crisis the world has experienced in 100 years. Therefore, we can expect corrective actions in the form of new regulations requiring companies to have a business continuity plan. Some regulators will act independently, but I would expect this to also be an action taken by the International Medical Device Regulators Forum (IMDRF). We can also expect there to be new laws requiring amendments to business continuity plans for public companies. The Sarbanes-Oxley Act of 2002 requires public companies in the USA to have business continuity plans. Despite this requirement, many public companies have been ruined by the COVID19 pandemic. Therefore, we should expect amendments to these requirements and revisions to the international standard for business continuity planning (i.e., ISO 22301:2019). We should also expect to see new interest in becoming certified to this standard.

Changes triggered by COVID19: #3 Remote Auditing

What are certification bodies doing about surveillance audits and re-certification audits?

Most of the companies that had initial certification audits scheduled for the first quarter of 2020 were forced to reschedule their audits, because the employees must work from home and the certification bodies must conduct at least some of their audit on-site. The FDA was also forced to cancel all foreign inspections temporarily. However, companies that already have certification need surveillance audits and recertification audits to maintain validity of their quality system certificates. Therefore, certification bodies now have plans for conducting audits remotely. For companies that virtual medical device manufacturers, certification bodies are able to conduct full quality system audits remotely. However, manufacturers with production activities on-site are only able to conduct partial audits. The certification bodies must still conduct on-site audits, but they are being permitted 6 months to conduct an on-site audit to cover the gaps remaining from the partial remote audits. Prior to conducting the partial remote audits, certification bodies are sending out questionnaires to all of their clients to gather information about whether the manufacturers can support a remote audit and to what degree.

Second party audits conducted remotely

Second party audits, also known as supplier audits, have always been of interest for manufacturers to conduct remotely–especially if the supplier is located overseas. The US FDA regulations do not require companies to conduct supplier audits. However, if there are quality problems with suppliers, you are expected to conduct a thorough investigation to identify the root cause of the quality problems. In most cases that requires an on-site audit. However, if your suppliers are providing good quality and they are ISO 13485:2016 certified, then you probably are using this as a justification for not conducting on-site audits or at least reducing the frequency of those audits. Now that most people are not able to travel, or because the people you need to speak with are working from home, manufacturers are being forced to conduct remote audits. This has always been permitted, but the effectiveness of remote audits is often questioned. Supply chain disruptions are now a global issue that is impacting the safety and effectiveness of our hospitals, and regulators will expect you to improve the rigor of your supplier evaluations–including conducting more supplier audits. Therefore, establishing more effective procedures for remote supplier auditing is urgently needed.

Changes triggered by COVID19: We need to develop procedures for remote auditing

Although most first party audits are conducted on-site, especially if conducted by employees of your company, we will still need to establish procedures for remote auditing for internal audits. Some of our clients scheduled internal audits for the months of April and May that they had to cancel because they were unable to access the records needed for the audit while they were working from home. In addition, most of the US States have implemented stay-at-home audits that prevent our team from traveling to our clients. This is forcing our team to develop more robust procedures for remote auditing. We needed to change our audit agendas to accommodate eight 90-minute audit sessions in four days, instead of conducting two full days of on-site auditing. We are also doing more preparation prior to the audit in order to allow the auditees time to scan paper records so that we can review those records remotely. Finally, we are experimenting with techniques for collaboration as an audit team so that multiple auditors can simultaneously audit a client and complete a full quality system audit more quickly without forcing any one person to work for longer than 90 minutes in front of a computer. We are still perfecting these new methods, but we are writing a series of articles on this topic. You can order the book from Amazon ($5 pre-order discount until August 28, 2020).

Thank you & Future Articles

Thank you for reading. This is the longest article we have published on our site since 2012. This article also kicks off a ten-part blog series specific to remote auditing techniques:

  1. Remote audit opening meeting – 4 changes – May 12
  2. Audit team communications – May 19
  3. Remote audit resources – software and hardware tools – May 26
  4. Risk based auditing applied to remote audits – June 2
  5. Remote supplier audit questionnaire – June 23
  6. Remote audit duration less than 90 minutes – June 30
  7. Remote auditing work instruction – July 14
  8. Planning partial remote audits – July 21
  9. Remote audit invitations – 4 things to remember – August 4
  10. Training new audit team members and lead auditors – August 11

There are also five new live webinars planned on related topics:

  1. Opening Meetings Webinar (free) – May 14, 2020
  2. Audit team communication during a remote audit (free) – June 4, 2020
  3. How to qualify your suppliers webinar (pre-order by June 1) – June 25, 2020
  4. Remote auditing techniques webinar (pre-order by July 1) – July 16, 2020
  5. MDSAP Certification Body Interviews (free) – August 6, 2020

Posted in: Business Continuity Plan, Quality Management System, Remote Auditing

Leave a Comment (1) →

NSE letter: A CAPA plan for your 510k process

Cry, complain, call the reviewer…you might feel a little better, but you received an NSE letter and tomorrow you still can’t sell your device.

NSE Letter NSE letter: A CAPA plan for your 510k process

Instead, try approaching an NSE letter like a CAPA investigation. What is the issue? The FDA determined that your device is not substantially equivalent to the predicate you selected. What is the root cause? There are four (4) possible root causes.

NSE Letter Cause #1: You failed to verify that the predicate is a legally marketed device.

If your the predicate device is not a legally marketed device, you need to select a new predicate and re-submit. However, it is extremely unlikely that your device would pass the refusal to accept (RTA) screening process if the predicate was not legally marketed. If your predicate was not registered and listed with the FDA (check using this link), then you should have submitted a pre-sub request to determine if the agency has any problem with using the device you chose as a predicate. This is an important question if the manufacturer is no longer in business and the product is no longer for sale.

NSE Letter Cause #2: You failed to evaluate the substantial equivalence of your device’s intended use with the predicate.

The intended use of your predicate device is documented for every potential predicate since February 1992 on FDA Form 3881–which you can download along with the 510(k) clearance letter for the predicate. There is also an intended use documented for every device category in the applicable regulation for that device. This intended use is more generic than FDA Form 3881, but both are applicable. The FDA Form 3881 you submit for your device must be equivalent. I recommend a point-by-point comparison with regard to the following elements: 1) OTC vs. prescription use, 2) user, 3) patient population, 4) illness or medical condition, 5) duration of use, 6) environment of use, and 7) target part of the body. Any difference can raise new issues of risk, and may result in an NSE decision. However, the FDA typically will work with the company to modify the wording of FDA Form 3881 to ensure the intended use is equivalent or to make sure you provide clinical evidence to address the differences. In my pre-submission requests, I include a comparison document for the intended use to ensure that the FDA is aware of any differences in the intended use.

Cause #3: You failed to convince the FDA that technological differences do not raise different questions of safety and effectiveness.

Unless your device is identical in every way to the predicate device, you will have to persuade the FDA that differences do not raise questions of safety and effectiveness. At the beginning of the 510(k) process it is helpful to systematically document technological differences. Specifically, this should include: 1) materials, 2) design, 3) energy source, and 4) other features. For each difference you must provide a justification for why the difference does not raise different issues or you must provide data to prove it. It is also possible that you were not aware of questions of safety and performance raised by technological differences. To avoid this problem you can submit a detailed device description and draft labeling to the FDA in a pre-sub meeting request. If you ask questions about differences in a pre-sub meeting, you can avoid an NSE letter.

Cause #4: You failed to provide data demonstrating equivalence.

For each difference you should determine an objective method for demonstrating that the difference is equivalent in safety and performance to the predicate. Your test method can be proposed to the FDA in a pre-sub request prior to testing. The FDA sees more than 3,000 companies propose testing methods to demonstrate equivalence each year. They have more experience than you do. Ask them in a pre-sub before you test anything. There may be a better test method, or you might need to adjust your test method. Sometimes results are unclear, but there might be another test you can perform to demonstrate equivalence and then you can resubmit your 510(k). Possibly you were unaware of the need to perform a test and you were unable to complete a test within the 180 days the FDA allowed for submitting additional information. The good news is you now have all the time you need.

What is similar between all four causes of NSE letter?

In all four root causes identified above, you could benefit greatly from pre-sub meeting. Now you have an NSE letter and you know which of the four reasons why your submission did not result in 510(k) clearance. However, the correction to your NSE letter may not be clear. Therefore, you should consider requesting a pre-sub meeting as quickly as you can. Most companies choose not to submit a pre-sub meeting request, because they don’t want to wait 60-75 days. However, sometimes pre-sub meetings are scheduled sooner. In addition, 60-75 days is not as costly as receiving a second NSE letter.

Prevent a future NSE letter by requesting a pre-sub meeting

Regardless of your corrections for the current NSE letter, you should prevent future occurrences by planning to submit a pre-sub meeting request for every submission. I try to help clients gather all the information they need without a pre-sub meeting, but each new 510(k) reminds me why a pre-sub meeting is so valuable. You always learn something that helps you with preparation of your 510(k).

Help with Pre-sub meeting requests

The FDA published a guidance document for pre-sub meeting requests. If you need additional help, there is a webinar on this topic.

Posted in: 510(k), CAPA, Design Control

Leave a Comment (0) →

EU MDR delay – a huge miss

Industry is cheering for the EU MDR delay, but the historic amendment represents a huge missed opportunity to amend the EU IVDR.EU Regulation 1 year delay 1 EU MDR delay   a huge missOn Friday, April 17, 2020 the European Parliament voted 693 votes in favor, 1 against, and 2 abstentions for the EU MDR delay. Parliament voted in favor of a one year delay for the date of entry into force of the EU MDR from May 26, 2020 to May 26, 2021. Although device companies were certain that European regulators would delay the implementation of the EU MDR, regulators repeatedly insisted that it was critical to renew the public confidence in the European device regulations and implementation of the EU MDR would not be delayed. Then the COVID19 pandemic happened, and the EU Council and Parliament cooperated in the creation of a historic amendment to delay the implementation date.

What else was changed in this amendment?

The Commission originally proposed the delay of implementation due to the public health emergency caused by the COVID19 virus. The Council moved forward with the proposal as a first reading, and Parliament adopted the first reading with only two minor corrections. The amendment also includes an important amendment to Article 59, “Derogation from the conformity assessment procedures.” The amendment allows the Commission to issue Implementing Acts that extend emergency measures from a single member state to the whole EU. This effectively creates an additional emergency market access mechanism under the three current directives before the EU MDR comes in to force. This could prove to be important in the current health crisis created by the coronavirus.

Manufacturers are still not out of trouble

Notified Bodies (NBs) were not anticipating a delay in the EU MDR implementation date. Therefore, NBs that had not applied for designation were expecting to no longer need to support the MDD and the AIMD after May 26, 2020. Personnel have left those NBs in many cases, and the resources to support the MDD and AIMD for another year may not be available.

NBs were refusing to quote new CE Certifications under the MDD and AIMD, because there was not enough time to complete new certifications prior to May 26, 2020. However, with the EU MDR delay, there is an additional year in which to process additional applications for CE Certification. The question is whether NBs will have the resources to process additional applications under the current directives.

The transition deadlines for use of inventory has not be delayed, and therefore manufacturers now have one year less of a transition from the directives to the EU MDR. Any certificates issued under the MDD and AIMD will still become invalid on May 26, 2024, because this amendment did not extend the latest date of validity for certificates issued under current directives. The NB bottleneck has also not disappeared. Any NBs that have not successfully been designated under the EU MDR by the end of this year will not be position to significantly help alleviate the bottleneck before the delayed date of enforcement.

Why wasn’t the EU IVDR delayed along with the EU MDR delay?

Implementation of the EU IVDR is arguably in a more difficult position that the EU MDR, because there are not enough NBs that applied for designation under the EU IVDR, and the IVD industry must shift from approximately 20% requiring NB involvement to 80% requiring NB involvement by May 26, 2022. This is expected to result in a shortage of CE Marked IVD products in the EU, and the bottleneck industry has experienced for medical devices will be more severe for the IVD manufacturers. The Commission could still initiate a proposal to delay the implementation of the EU IVDR, but it would seem logical to take this opportunity to delay the date of both regulations coming into force at one time when there was almost unanimous support for the amendment.

The Commission’s original proposal stated “As the coronavirus crisis increases demands for certain vital medical devices, it is crucial to avoid any further difficulties or risks of potential shortages or delays in the availability of such devices caused by capacity limitations of authorities or conformity assessment bodies related to the implementation of the Medical Devices Regulation.” This argument for delaying the EU MDR would seem to be equally valid for the EU IVDR. In addition, the amendment made to Article 59 could also be made to the equivalent section of the EU IVDR (i.e., Article 54). In the current crisis, the power of Commission to expand the availability of in vitro diagnositic tests is critical. Therefore, limiting the amendment to the EU MDR seems like a huge missed opportunity.

What the EU IVDR needs that was not possible for the EU MDR delay

The EU MDR was less than 60 days from the date of enforcement when the Commission presented its proposal for the amendment to delay the EU MDR. Therefore, it was necessary to forgo formal procedures for review and approval of amendments. We have more than 750 days until the date of enforcement for the EU IVDR. Therefore, there is more time for the Commission to think carefully about any additional changes that might be desired in the fight against a global pandemic. The need for rapid market access for in vitro diagnostic tests, both molecular and serological tests, will be crucial in the coming months for identifying people with active infections and resistance to the virus. Hopefully, the Commission will watch, learn, and take preventive action in the form of an amendment to the EU IVDR.

Posted in: CE Marking

Leave a Comment (0) →

Reprocessed Single-Use Devices – Optimizing 510(k) preparation

This article explains the challenges reprocessors face in obtaining 510(k) clearance for reprocessed single-use devices when they are not the OEM.

Guidance for Reprocessed Single Use Devices Reprocessed Single Use Devices   Optimizing 510(k) preparation

With increasing pressures on the medical device industry to make healthcare more affordable, there has been a push to reprocess and reuse single-use devices. Reprocessors obtain used devices from healthcare facilities. The reprocessors clean, process, resterilize, repackage, and relabel devices. Reprocessors must obtain FDA 510(k) clearance by demonstrating that the safety and effectiveness of the reprocessed device is substantially equivalent to the single-use device produced by the original equipment manufacturer (OEM). The FDA also released a guidance document regarding reprocessed single-use devices.

Obtaining 510(k) clearance for a device your company did not design can be challenging, because information requirements that are trivial for the OEM can be extremely difficult to provide for a reprocessor of the device. The following sections of a 510(k) submission pose unique challenges for reprocessed single-use devices:

Section 13, Labeling of reprocessed devices

Labeling of reprocessed devices consists of the instructions for use and the packaging label(s). Device package labeling may also direct the user to both the reprocessor’s IFU and the OEM’s IFU. If you are referencing the OEM’s IFU, it is important to also include the OEM’s model number. Instructions for use should include:

  1. Indications for Use, which must be equivalent to the OEM indications.
  2. All of the necessary warnings and cautions and basic operating instructions needed to safely operate the device.
  3. The instructions for use may also instruct the user to reference the OEM instructions for use for additional information.
  4. Instructions on handling of the device after use, with the likelihood that the device will be returned to the reprocessor to repeat the cycle.

Section 15, Biocompatibility

Biocompatibility data is more challenging to provide if you replace or modify original components. If reprocessing does not modify the OEM device whatsoever, you can claim that the materials are identical to the OEM device. Therefore, the reprocessed device does not require biocompatibility testing. However, the reprocessor still needs to evaluate the biological risks associated with reprocessing of the device by testing for cleaning and sterilization residuals. This involves testing for cleaning agent residuals and EO residual testing (ISO 10993-7), if applicable.

If you replace any of the components during reprocessing, with a new component that is identical in dimension and material to the OEM component, minimal biocompatibility testing will be required. If the exact material used by the OEM is unknown, reprocessors can perform material identification testing to determine the material used, and then create the replacement part out of the same material.

If you modify or replace any patient-contacting components on the device such as lubricants, insulation, etc., with components that are different from the OEM, then you will need to perform additional biocompatibility testing to prove that the new or modified material is biocompatible. This testing will depend on the duration of contact and where will the material contact the patient. The new material will also need to be listed in your device description and in Section 15 of your 510(k) submission.  

Section 18, Performance Testing

There are three main sources for identifying performance testing requirements of reprocessed devices:

  1. OEM Testing listed in the OEM 510(k) submission
  2. Predicate Testing listed by another reprocessor of an equivalent device
  3. Product Standards listed under the product classification code for the reprocessed device or the OEM device

You should reference a predicate device that has been reprocessed and the OEM device to identify performance testing. Some testing is specific to the functional performance of the device. For these tests, you need to compare performance side-by-side against the OEM. Other testing is specific to the reprocessing and you will reference the predicate device. Sources of information regarding the required tests for each of these devices can be found in the 510(k) summaries of the respective devices. If possible, it’s helpful to select a predicate that has a redacted 510(k) available on the FDA’s website. If a redacted 510(K) is not readily available, you may request a redacted copy through the freedom of information act on-line. A redacted copy of the OEM 510(k) is also helpful.

If testing information is not as readily available in the 510(k) summary, you will determine the essential performance functions of the device, and design tests to evaluate and compare the OEM device and the reprocessed device for those functionalities. Some devices have specific standards for the design and/or testing of the device. To determine if the reprocessed device has any applicable standards, you should search the product code of the reprocessed device, as well as the product code of the OEM device if they are different, in the FDA product classification database. Recognized standards applicable to the reprocessed device will be listed in the search results.

Additional tests that may be needed to validate reprocessing include: residual protein, residual carbohydrates, and the presence of hemoglobin. These tests ensure that all biological material from previous use is removed. If you are not performing biocompatibility testing on the reprocessed device, you also need to do a chemical test to ensure there is no residual detergent or cleaning residues remaining on the device. You also need to determine how many reprocessing cycles the device can survive before performance degradation. This can be done by repeating simulated use, reprocessing, and performance testing until a statistically relevant decrease in the performance of the device is observed.

If you have additional questions regarding preparation of your 510(k) submission, you might be interested in a course Mary Vater and Rob Packard created for AAMI. Rob Packard will be the lead instructor for the course pilot in May: 510(k) training course. You can also schedule a call with us by clicking the button below.

Click here to schedule a 15 minute call 300x62 Reprocessed Single Use Devices   Optimizing 510(k) preparation

Posted in: 510(k)

Leave a Comment (0) →

Implant Card Requirement – A New Requirement of EU 2017/745

This article breaks down and reviews the  new implant card requirement as well as Article 18 of EU 2017/745.

We also have available for sale, SYS-037 Implant Card Procedure written to be Article 18 compliant of Regulation (EU) 2017/745, and includes;

  • SYS-037 A, Implant Card Procedure
  • FRM-044 Checklist for Information to be supplied to the patient with an implant
  • FRM-045 Implant Card Checklist for Article 18 Reg 2017-745
  • Native Slide Deck for Implant Card Webinar
  • Recording of the Implant Card Webinar

Implant Card Procedure Implant Card Requirement   A New Requirement of EU 2017/745

Implant Card Requirement, a new requirement from Regulation (EU) 2017/745.

One of the new changes to the regulation is an introduction of a new requirement for implantable devices. These devices must now come with an “implant card” that contains information about the implanted medical device for the patient. The responsibility of the implementation of the new implant card rules lays with the manufacturer of the implantable device and the health institution as required by the EU member states.

What is an implantable device?

Before discussing the specifics of the implant card we must first define what an implantable device is in order to determine if the implant card requirements apply to your device or devices. Article 2 Definitions, number 5 of Regulation (EU) 2017/745 defines and outlines what is considered an implantable device.

(5) ‘implantable device’ means any device, including those that are partially of wholly absorbed, which is intended:

– to be totally introduced in the human body, or

– to replace an epithelial surface or the surface of the eye,

By clinical intervention and which is intended to remain in place after the procedure.

Any device intended to be partially introduced into the human body by clinical intervention and intended to remain in place after the procedure for at least 30 days shall also be deemed to be an implantable device;

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Is my device considered implantable?

Working with the above definition of an implantable device you can now compare those requirements against your own devices to determine if they are considered to be an implantable device or not. This can be done by performing a gap analysis of the definition against your device.

Consider what your device is and ask yourself the following questions:

Is my device intended to be partially or wholly absorbed?

If the answer is no, then your device may not be an implantable one. If it is then you must keep asking yourself questions until you can fully determine your devices status as implantable or not.

Is my device intended to be totally introduced in the human body?

No. Ok, that is fine, but is it intended to replace an epithelial surface, or the surface of the eye?

To make an awful analogy of the process it is almost like playing a game of Guess Who with your own device. Instead of asking your device if they have red hair or a mustache you have to ask your device questions like, “Are you intended to remain in place after the procedure?”.

The gap analysis is fine, but you also have to consider some other factors within the wording of the definition. Be careful navigating the specifics because the devil is in the details. In the definition which is only eighty nine words long by the way, uses the word “intended” three different times.

That is important because the definition applies not only to some of the characteristics and uses of the device but also to the intent behind the device. Just because the device can be wholly introduced into the body does not mean that the device is ‘intended’ to be. A better example would be, by clinical intervention can your device remain in place after the procedure? Could it, perhaps, but is it intended to be? Also, is it the intent of the device to be done so by clinical intervention?

Where to find the implant card requirement?

Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices is where the introduction of implant cards can be found. The definition of an implantable device is found in Article 2 Definitions, definition number 5.

Article 18- ‘Implant card and information to be supplied to the patient with an implanted device’ is where the implant card requirements can be found. This article contains three sections and 4 sub sections pertaining to implant cards.

Article 18 Implant card requirement and information to be supplied to the patient with an implanted device

Below is article 18 in its entirety so that we can discuss it further in detail.

“1. The manufacturer of an implantable device shall provide together with the device the following:

(a) information allowing the identification of the device, including the device name, serial number, lot number, the UDI, the device model, as well as the name, address and the website of the manufacturer;

 

(b) any warnings, precautions or measures to be taken by the patient or a healthcare professional with regard to reciprocal interference with reasonably foreseeable external influences, medical examinations or environmental conditions;

 

(c) any information about the expected lifetime of the device and any necessary follow-up;

 

(d) any other information to ensure safe use of the device by the patient, including the information in point (u) of Section 23.4 of Annex I.

The information referred to in the first subparagraph shall be provided, for the purpose of making it available to the particular patient who has been implanted with the device, by any means that allow rapid access to that information and shall be stated in the language(s) determined by the concerned Member State. The information shall be written in a way that is readily understood by a lay person and shall be updated where appropriate. Updates of the information shall be made available to the patient via the website mentioned in point (a) of the first subparagraph.

In addition, the manufacturer shall provide the information referred to in point (a) of the first subparagraph on an implant card delivered with the device.

  1. Member States shall require health institutions to make the information referred to in paragraph 1 available, by any means that allow rapid access to that information, to any patients who have been implanted with the device, together with the implant card, which shall bear their identity.
  2. The following implants shall be exempted from the obligations laid down in this Article: sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips and connectors. The Commission is empowered to adopt delegated acts in accordance with Article 115 to amend this list by adding other types of implants to it or by removing implants therefrom.”

(taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745)

Who does the implant card requirement apply to?

Section 1. of Article 18 specifically states that it is the manufacturer who shall supply the information. Fortunately, it is also outlined what information needs to be included and some guidance on how to provide the information.

Take note though that the article states it “shall” be provided, “together with the device”. This means that simply having the information available or accessible such as a downloaded PDF on your website is not sufficient to comply with section 1. Because that is not being supplied together with the device as outlined.

Section 2. of Article 18 applies to member states requirements of health care institutions.

Section 1 of Article 18

Section 1 is by far the longest section of the article and outlines specifically what information must be provided with the implantable device. Not only is this information that must be provided, it specifically must be provided by the manufacturer. The subsections are broken down by topic and can be summarized as the information, warning, maintenance and misc. sections.

Section 1. Sub-Section A

This sub-section outlines the specific identifying information that must be provided. In fact, it is even specifically “information allowing the identification of the device”. For devices that are produced and manufactured compliant with other standards such as ISO 13485, or the QSR portion of the United States Code of Federal Regulations a lot of this information is the same information that is required for traceability.

Besides the generic “information allowing the identification of the device” the other specific information that ‘shall’ be provided is:

  • The name of the device,
  • The device serial number,
  • The lot number of the device,
  • The UDI,
  • The model of the device,
  • The name of the manufacturer,
  • The manufacturers address,
  • The manufacturers website.

They don’t just want your device’s drivers license, they want the driver’s license, library card, passport, blood type and favorite color. This is done for a purpose but also carries some implications on the maintenance actions of the manufacturer.

First such strict ID requirements mean that the device is traceable, and identifiable. There should be absolutely no doubt in who made the device, and in the event of an incident that device should be traceable all the way back to when and where the individual components were created and assembled into the final device. For traceability of an incident, tracking for a corrective or preventive action, or just general inventory tracking this is the type of strict diligence that is expected when the end user or patient is receiving medical care with an implantable device. There is no demonizing this requirement. Yes, it is strict, but it is also just part of good house keeping for a manufacturer in general. Only now it must be provided to the patient receiving care with the device as well.

What is implied is that the information provided along with the device is somewhat of a living document, and the information could vary a bit from patient to patient. Because things like lot numbers, or the any number of trackable metrics used with the UDI are included the implant card information cannot be generically the same for each device but that it will have sections that are specific to individual devices. Sure this may initially create some logistical headaches for keeping track that the implant cards don’t get mixed up in situations where the devices are being manufactured but this creates a level of accountability that is designed for the ultimate safety of the end patient.

Section 1. Sub-section B

Sub-section B contains the warning information of the device. The first part is pretty self-explanatory as meaning literally what is stated “any warnings” and “precautions”. It is the next part that I do not interperate literally. Where it says “measures to be taken by the patient or a healthcare professional with regard to reciprocal interference with reasonably foreseeable external influences, medical examinations or environmental conditions”.

If I were the manufacture of an implantable medical device, I would most definitely include measures to be taken by the patient as well as measures to be taken by a healthcare professional. There are a couple of spots that use the word ‘or’, and if it were me I would read it ‘as well as’.

I say that for a few reasons. One is that without explicit clarification of a governing body as exactly what a silly little word like that is intended to me this creates an area that is open for debate. Does that ‘or’ mean that at least one of those needs to be included and the rest can be excluded?

As one who likes to err on the side of caution, if you have the information available why would you not provide it? By going above and beyond not only demonstrates your good will but also avoids hang ups where an auditor might not agree with how you viewed the requirement and you end up with a nonconformity, or in the same situation with an incident investigator. Ink is cheap, liabilities are expensive.

Section 1. Sub-section C, and Sub-section D.

These two sub sections are relatively short and straight forward.

“(c)         any information about the expected lifetime of the device and any necessary follow-up;

How long can the user expect your device to last once it has been implanted?  I there any maintenance the should be performed? Perhaps once a year a physician needs to double check the device placement?

(d)         any other information to ensure safe use of the device by the patient, including the information in point (u) of Section 23.4 of Annex I.”

The rest of Section 1. Of Article 18.

“The information referred to in the first subparagraph shall be provided, for the purpose of making it available to the particular patient who has been implanted with the device, by any means that allow rapid access to that information and shall be stated in the language(s) determined by the concerned Member State. The information shall be written in a way that is readily understood by a lay person and shall be updated where appropriate. Updates of the information shall be made available to the patient via the website mentioned in point (a) of the first subparagraph.

In addition, the manufacturer shall provide the information referred to in point (a) of the first subparagraph on an implant card delivered with the device.”

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

At the end of this section it provides a little bit more information about the purpose of the article but also lays out some guidelines for how to make the required information available.

I specifically mentioned earlier that having the information slapped on a website is not enough by itself. The text states “any means that allow rapid access to that information”. Certainly, available on the internet is a means that allows rapid access, and it is, if you have internet. Using a web-based approach like that is assuming that all the possible patients all have the technology and budget to reach the information. This means that every single possible patient needs a means to access the internet, and the money to pay for internet access. Also, being able to simply access the information rapidly isn’t necessarily providing the information “together with the device” as required.

You also need to have a conversation with your notified body and determine what languages are required by the member state in which your device is sold. It does not do the patient much good if they do not understand the language in which the information is being presented. It also needs to be presented in easy to understand terms, not in technical jargon.

Updates, unlike the initial presentation of information needs to be included on your website. Specifically, the website that was included in the implant card given to the patient.

Section 2. of Article 18

Unlike what we saw in Section 1. Section 2. Outlines requirements for the health institutions and not the manufacturer. More specifically Section 2. Requires member states to require health institutions to perform actions.

This section makes health institutions provide the same information that manufacturers had to provide to patients who have been implanted with a device, with the same stipulations as to how the information is provided. However it also includes the health institution to include their identity on the implant card as well.

  1. Member States shall require health institutions to make the information referred to in paragraph 1 available, by any means that allow rapid access to that information, to any patients who have been implanted with the device, together with the implant card, which shall bear their identity.

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Exemptions allowed in Article 18.

Section 3 of Article 18 is the list of exempted implants, exempted devices are:

  • Sutures
  • Staples
  • Dental Fillings
  • Dental Braces
  • Tooth Crowns
  • Screws
  • Wedges
  • Plates
  • Wires
  • Pins
  • Clips

This is not an exhaustive list and has the ability to change with time at the discretion of the commission. What it has done is taken implanted devices and exempted some of the most common and widely used ones. Thankfully so too, imagine if every staple needed an implant card to be presented to the receiving patient with individual batch and identifying numbers. Then coordinate the effort with a health institution so that the card also bears their identification as well. This would quickly become exhaustive.

  1. The following implants shall be exempted from the obligations laid down in this Article: sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips and connectors. The Commission is empowered to adopt delegated acts in accordance with Article 115 to amend this list by adding other types of implants to it or by removing implants therefrom.”

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Posted in: CE Marking

Leave a Comment (0) →
Page 1 of 26 12345...»