Risk Management Requirements – 510k vs DHF

1 Comment / 510(k), Design Control, ISO 14971:2019 (Risk Management) / By Mary Vater

What are the differences between 510k risk management requirements and risk management requirements for your Design History File (DHF)?

Design Controls and Risk Management Risk Management Requirements 510k vs DHF

Risk management requirements integration with design

Last week I presented a free webinar on how to combine risk management with design controls when planning to submit a 510k. Many questions were asking what the design control and risk management requirements are for a 510k.

What are the 510k design control requirements?

There is no specific part of the regulations stating what the 510k design control requirements are. However, some aspects of the DHF are required as 510k design control documentation, but not necessarily in the exact form as maintained in the DHF. For example, Design Inputs and Design Outputs are presented as applicable recognized standards and design specifications, while others will remain precisely the same (i.e., verification and validation test reports).

What are the Risk Management Requirements in a 510k?

For 510k submissions, the only risk management requirements are the inclusion of risk documentation for devices containing software of at least moderate level risk. There are some exceptions to this as well, though, based on a few special control guidance documents—especially when the submission type is an abbreviated 510k. This is article identifies which of the DHF and RMF elements are 510k design control requirements and 510k risk management requirements.

Quality system requirements for design controls

Design Controls are identified in 21 CFR 820.30. Every manufacturer of any Class II or Class III devices and certain Class I devices (Class I devices with software, tracheobronchial suction catheters, surgeon gloves, protective restraints, radionuclide applicators, radionuclide teletherapy devices) need to control design per this regulation. The requirement for a Design History File is item j) and states:

“Each manufacturer shall establish and maintain a DHF for each type of device. The DHF shall contain or reference the records necessary to demonstrate that the design was developed following the approved design plan and the requirements of this part.”

The “requirements of this part” refer to the other bullets in 21 CFR 820.30 which can be summarized as:

a) Establish and maintain procedures to control the design of a device.

b) Design and Development Planning – Each manufacturer shall establish a plan that describes the design and development activities and defines responsibilities for implementation.

c) Design Inputs – Manufacturers need to ensure design requirements relating to a device are appropriate and address the intended use of the device.

d) Design Outputs – Design outputs need to be documented in terms that allow an adequate evaluation of conformance to design input requirements. Design outputs that are essential for the proper functioning of the device should be identified.

e) Design Review – Formal documented reviews of design results should be planned and conducted at appropriate stages of device development.

f) Design Verification – Design verification confirms that the design output meets the design input requirements.

g) Design Validation – Design validation shall be performed under defined operating conditions on initial production units or their equivalents. It shall ensure that devices conform to defined user needs and meet the intended use of the device.

h) Design Transfer – Design transfer documentation shall ensure that the device design is correctly translated into production specifications.

i) Design Changes – changes should be identified, documented, validated/verified, reviewed, and approved before their implementation.

The Design History File is intended to be a repository of the records required to demonstrate compliance with your design plan and design control procedures. While companies are required to create and maintain this documentation according to the FDA regulation, not all of the documentation will be reviewed as part of the 510k. The following table compares the elements that comprise a DHF with the 510k design control requirements.

DHF Element	510k Design Control Requirements
Design Plan	Not Required

User Needs & Design Inputs	Declaration of Conformity User needs are design requirements that require design validation (e.g., adequacy of user training, and safety/performance of the device for the indications for use). Some design inputs will appear in the form of standards in the FDA eSTAR template. If you are declaring conformity with these standards, a Declaration of Conformity is automatically created in the FDA eSTAR template.
Design Outputs	Device Description (Section 11) The Device Description lists the specifications of the device, and your Design Outputs document will help populate the Device Description. This can include drawings, pictures, or written specifications that describe your device.
Labeling	Proposed Labeling (Section 13) The labeling is usually considered part of the Design Outputs within the DHF and is included specifically in the labeling section of the 510(k) submission. This includes both the Instructions for Use and any Package Labeling.
Verification and Validation Protocols	Not Required You do not have to include the protocols, but the reviewer may ask to see them if they have any questions when reviewing the reports.
Verification and Validation Reports	Sterilization (Section 14) Biocompatibility (Section 15) Software (Section 16) Electrical Safety and EMC (Section 17) Bench Performance Testing (Section 18) Animal Performance Testing (Section 19) Clinical Performance Testing (Section 20) Of course, not all of these sections will be applicable to every device. Still, you should include all relevant validation test reports within your submission in the appropriate part of the 510k. Typically, each of these sections will have a cover sheet that outlines the reports that are included within the section, and then you can just include the report from the DHF in its entirety behind the cover sheet in that section.
Process Validation	Only required for sterilization validation typically, but there are exceptions for novel materials and coatings
Work Instructions	Not Required for 510k
Design Review Meeting Minutes	Not Required for 510k
Design Trace Matrix	Only required for software
Risk Management File	Sometimes – See Risk Management File Table Below
Post-Market Surveillance Plan	Not Required, but a few exceptions for high-risk devices
Clinical Data Summary	Required only if used to demonstrate safety and efficacy
Regulatory Approval	It Will result from 510k Clearance, so nothing is to be included in the 510k submission.

510k Risk Management Requirements

Regarding the FDA regulations for risk management, there is a requirement under the Design Validation section of 21 CFR 820.30 that states:

“Design validation shall include software validation and risk analysis, where appropriate.”

For FDA compliance and CE Marking, both recognize ISO 14971 as the standard for risk management. FDA recognizes ISO 14971:2007 whereas EN ISO 14971:2012 is the European National version for CE Marking. Rob Packard wrote an article describing the contents of the risk management file as well as the specific differences in the requirements between the FDA and CE Marking with regard to ISO 14971.

For your 510k submission, the FDA only requires risk management documentation to be included if the product contains software, and the risk is at least a level of “moderate concern”. There are some other cases when risk management is required by special controls guidance documents, but even when it is required, you only have to submit your risk analysis. The table below describes the risk management requirements in greater detail.

RMF Element	510k Risk Management Requirement
Risk Management Plan	Not Required
Hazard Identification	510ks with Software Only (Section 16) Hazard Identification is only required for devices that have a software component. It is not required for most other devices.
Risk Assessment	510(k)s with Software (Section 16) Certain Special Controls Guidance The Risk Assessment is only required to be included in your device contains software, or if a special controls guidance document specifically requires a risk assessment. It is not required for other 510ks.
Risk Control Option Analysis	Software and Certain Special Controls Guidance
Risk Control Verification and Validation	Sterilization (Section 14) Biocompatibility (Section 15) Software (Section 16) Electrical Safety and EMC (Section 17) Bench Performance Testing (Section 18) Animal Performance Testing (Section 19) Clinical Performance Testing (Section 20) This will not be any additional or special documentation specific to Risk Management and was already included in the DHF breakdown above. Still, the verification and validation also relate to risk management in ensuring that the risks have been adequately mitigated.
Risk-Benefit Analysis	Not Required for 510(k) Risk-Benefit analyses are only required for De Novo applications, Humanitarian Device Exemptions, and PMAs.
Informing Users and Patients of the Risks	Labeling (Section 13) Part of the risk management will appear in the Labeling section of the 510k as warnings, contraindications, and precautions within the Instructions for Use and Package Labeling.
Risk Management Report	Not Required

Special Controls Guidance Documents with Risk Management Requirements

Your first step in preparing your 510k submission is to search the FDA Guidance Document Database to determine if there is an applicable guidance document for your device. You can read another blog we wrote to explain Special Controls Guidance documents, and how to determine if one applies to your device. The following list provides examples of Class II Special Controls Guidance documents that require risk analysis to be included within the 510k:

When there are 510k risk management requirements, the special controls guidance document will typically state, “We recommend that the summary report contain:

An identification of the Risk Analysis method(s) used to assess the risk profile in general as well as the specific device’s design and the results of this analysis. (Refer to Section 6 for the risks to health generally associated with the use of this device that the FDA has identified.)

Discussion of the device characteristics that address the risks identified in this class II special controls guidance document, as well as any additional risks identified in your risk analysis.”

The special controls guidance will also identify risks to health that have been identified for products of that type, which you should be sure to include in your risk analysis as appropriate.

More Information on Design Control and Risk Management Requirements

Hopefully, you are now able to determine which elements of your DHF are 510k design control requirements and which elements of your RMF are 510k risk management requirements. If you would like more information about how to implement design controls and risk management within your product development process, please consider registering for one of our training webinars:

If you need any further information or specific assistance with your 510k submission, please feel free to send me an email at mary@fdaecopy.com or schedule a call with our principal consultant, Rob Packard. He can answer any of your medical device regulatory questions.

Risk Management Requirements – 510k vs DHF Read More »

Jun 26 2017

Cybersecurity FDA Guidance for Devices with Software and Firmware

Leave a Comment / Software Verification and Validation / By Mary Vater

This article reviews the 2014 FDA guidance for premarket and post-market cybersecurity of medical devices with software and firmware—including requirements for reporting field corrections and removals.

Hospitals, home health systems, and medical devices are more connected now than ever. The automatic communication between medical devices and network systems is improving efficiency and accuracy in the world of healthcare. Medical devices are capable of more computing, analysis, reporting, and automation to improve the speed and quality of patient care. There are even devices that consist only of software (i.e. software as a medical device or SaMD). Along with technological advances, new risks and concerns are also introduced. The risk of hackers exploiting vulnerabilities in networks and software is inevitable. The FDA introduced guidance for both pre-market and post-market cybersecurity to assist manufacturers in developing effective controls to protect patients and users. Cybersecurity protection requires Identification, Protection, Detection, Response, and Recovery.

The first step is incorporating processes and procedures to improve device cybersecurity into your quality management system. You should have a specific cybersecurity plan (i.e. security risk management plan) to outline the steps necessary to ensure a safe and secure medical device. In addition, your software development team will need cybersecurity training. The only medical device guidance document specific to cybersecurity is currently AAMI TIR57:2016.

Identify Cybersecurity Risks

The key to understanding and assessing the cybersecurity risks involved with your device begin in the early stages of design development. At the start of the risk management process, you need to identify the essential safety and performance requirements of the device. You need to identify any potential cybersecurity vulnerabilities that could impact safety or performance, as well as the specific harms that could result if the vulnerability was exploited. In assessing the specific vulnerabilities, the FDA recommends using the Common Vulnerability Scoring System (CVSS). There is a CVSS calculator available online through NIST. The overall score is calculated based on different factors such as attack vector (local, adjacent network, network), access complexity (high, medium, low), authentication (multiple, single, none), the impact of confidentiality (none, partial, complete), exploitability (unproven that exploit exists, proof of concept code, functional exploit exists), remediation level (official fix, temporary fix, workaround, unavailable), collateral damage potential (low, medium, high), etc. This score is used in the hazard analysis in determining the level of risk.

Cybersecurity Protection

The process of assessing the exploitability and harms can also assist in determining mitigations that can be implemented to reduce the cybersecurity risk. During the design process, the FDA expects you to implement as many protections as practicable. Protections include:

Limit Access to Trusted Users
- Password protection strengthened password requirements
- User authentication
- Layered privileges based on user role
Limit Access to Tampering
- Physical locks on devices and/or communication ports
- Automatic timed methods to terminate sessions
Ensure Trusted Content
- Restrict software or firmware updates to authenticated code
- Systematic procedures for authorized users to download software and firmware only from the manufacturer
- Ensure capability of secure data transfer, use of encryption

Cybersecurity Detection

The FDA also requires you to implement features that allow for security compromises to be detected, recognized, logged, timed, and acted upon during regular use. You should develop and provide information to the end-user concerning appropriate actions to take upon the detection of a cybersecurity event. Methods for retention and recovery should be provided to allow recovery of device configuration by an authenticated privileged user.

If you include off-the-shelf (OTS) software in your device, you are responsible for the performance of the software as part of the device. All software changes to address cybersecurity vulnerabilities of the OTS software need to be validated. You need to maintain a formal business relationship with the OTS vendor to ensure timely notification of any information concerning quality problems or corrective actions. Sometimes you will need to involve the OTS vendor to correct cybersecurity vulnerabilities.

Post-Market Surveillance

Once you complete the hazard analysis, mitigation implementation, validations, and has deployed their device for use – your activities shift to post-market management. Several QMS tools can assist in the cybersecurity processes post-market, including complaint handling, quality audits, corrective and preventive action, ongoing risk analysis, and servicing. A critical component of every cybersecurity program is the monitoring of cybersecurity information sources to assist in the identification and detection of risk. You should maintain contact with third-party software suppliers for the identification of new vulnerabilities, updates, and patches that come available.

There are many sources that companies should follow for information relating to cybersecurity, including independent security researchers, in-house testing, software or hardware suppliers, healthcare facilities, and Information Sharing and Analysis Organizations (ISAO). Involvement in ISAOs is strongly recommended by the FDA and reduces your reporting burden if an upgrade or patch is required post-market. ISAOs share vulnerabilities and threats that impact medical devices with their members. They share and disseminate cybersecurity information and intelligence pertaining to vulnerabilities and threats spanning many technology sectors, and are seen as an integral part of your post-market cybersecurity surveillance program.

Response and Recovery

If you identify a cybersecurity vulnerability, there are remediation and reporting steps that need to occur. Remediation may involve a software update, bug fixes, patches, “defense-in-depth” strategies to remove malware, or covering an access port to reduce the vulnerability. Uncontrolled risks should be remediated as soon as possible and must be reported to the FDA according to 21 CFR 806. Certain circumstances remove the reporting requirement. The decision flowchart below can be used to determine the reporting requirements.

In addition to reporting corrections and removals, the FDA identifies specific content to be included in PMA periodic reports regarding vulnerabilities and risks. If you have a Class III device, you should review that section thoroughly to ensure annual report compliance.

If a device contains software or firmware, cybersecurity will be an important component of the risk management processes, and continual cybersecurity management will be necessary to ensure the ongoing safety and effectiveness of your device. If you need more help with cybersecurity risk management of your medical device, please schedule a free 30-minute call with Medical Device Academy by clicking on the link below.

Cybersecurity FDA Guidance for Devices with Software and Firmware Read More »

Jun 15 2017

Performance Qualification (PQ) for EO Sterilization Validation

Leave a Comment / Process Validation, Validation / By Robert Packard / EO sterilization, ethylene oxide, ethylene oxide sterilization validation

The article explains requirements for a performance qualification (PQ) of EO sterilization validation and how it is different from other PQ process validations.

Your cart is empty

Mind your ps and qs 1024x291 Performance Qualification (PQ) for EO Sterilization Validation

Performance Qualification (PQ) – What is the difference between an IQ, OQ, and PQ?

When you are performing a process validation, the acronyms IQ, OQ, and PQ sometimes confuse. IQ is the installation qualification of the equipment used in your validated process. The purpose of the installation qualification is to make sure that your equipment was installed correctly–this includes calibration and connection to utilities. OQ is the operational qualification. The purpose of the operational qualification is to make sure that the equipment you are using is capable of operating over the range of parameters that you specify to make your product. The PQ is a performance qualification. The purpose of the performance qualification is to ensure that you can consistently make a product within specifications (i.e., repeatable).

Different Definitions for Operational Qualification (OQ)

The GHTF guidance document for process validation provides the following definition for an OQ: “Establishing by objective evidence process control limits and action levels which result in a product that meets all predetermined requirements.” ISO 11135-1:2014, the international standard for ethylene oxide (EO) sterilization validation, provides a slightly different definition for an OQ: “process of obtaining and documenting evidence that installed equipment operates within predetermined limits when used in accordance with its operational procedures.” The difference in these two definitions is essential because the OQ is typically performed by contract sterilizers and does not need to be repeated unless there is a significant change or maintenance to the sterilizer that requires repeating the OQ. In contrast, when you perform an OQ for packaging, the OQ is specific to the packaging materials you are going to be sealing. Therefore a new OQ is required whenever new packaging materials are developed. For EO sterilization, the analogous step of the validation process is called a microbial performance qualification (MPQ).

Performance Qualification (PQ) = MPQ + PPQ

A performance qualification (PQ) for ethylene oxide sterilization validation consists of two parts: 1) microbial performance qualification (MPQ), and 2) physical performance qualification (PPQ). The microbial performance qualification is intended to determine the minimum process parameters for the EO sterilizer sufficient to ensure product bioburden is killed. These parameters are referred to as the half-cycle because the full production cycle will be twice as long in duration. For example, a half-cycle consisting of 3 injections will correspond to an entire cycle of 6 injections.

What are fractional cycles?

Fractional cycles are typically shorter in duration than the duration of a half-cycle. The purpose of a fractional cycle is to demonstrate that external biological indicators (BIs) located outside of your product, but inside the sterilization load, are more challenging to kill than internal BIs. Fractional cycles are also be used to demonstrate that the product bioburden is less resistant than the internal BIs. To achieve both of these objectives, it is typical to perform two fractional cycles at different conditions to make 100% kill of internal BIs and partial external BI kill in one fractional cycle, and 100% kill of product bioburden but only partial kill of internal BIs in the other fractional cycle. When your goal is partial kill, you should also target more than one positive BI, because this reduces the likelihood that poor technique resulted in a BI positive from growth.

Microbial Performance Qualification (MPQ)

The microbial performance qualification (MPQ) typically consists of three half-cycles and one or more fractional cycles. 100% kill of external BIs is not required for the MPQ during a half-cycle–only the internal BIs must be 100% killed, but the external BIs are only useful if 100% kill of the external BIs is achieved in the full cycles. If you are re-validating the sterilization process, you are only required to complete one-half cycle and one fractional cycle. For re-validation, the fractional cycle is intended to achieve a 100% kill of product bioburden. Still, only partial kill of internal BIs to verify that the product bioburden remains less resistant to sterilization than the internal BIs. You are also required to perform bioburden measurements of non-sterile products for the initial MPQ and re-validation to demonstrate that bioburden can be adequately recovered from the product and measured.

Physical Performance Qualification (PPQ)

The physical performance qualification (PPQ) typically consists of three full cycles and measurement of EO residuals in accordance with ISO 10993-7:2008. If PPQ is performed during the MPQ, then it is only necessary to complete one full cycle–assuming the MPQ consists of at least three half-cycles. If you are performing a re-validation of the sterilization process, then you are required to complete three full cycles and measurement of EO residuals.

Repeatability, Reproducibility, Product Variability and Environmental Factors

Typically a performance qualification (PQ) is intended to verify that the same person can repeat the process multiple times, other people can reproduce the first person’s results and any variation product from lot to lot will not prevent the process from producing an acceptable product. Besides, any variation in environmental factors should be assessed during a PQ. In sterilization processes, however, the equipment is typically automated. Therefore, variation between operators is usually a non-issue. Also, sterilization lots typically consist of a large volume of products where multiple samples are tested for sterility. Therefore, performing three runs sufficiently challenges the repeatability and reproducibility of the sterilization process–including any product variability. The issue of environmental variations in heat and humidity is addressed by designing preconditioning cycles into the sterilization process. Sensors are included in each validation load to verify that the process specifications were achieved and maintained for temperature and humidity. Still, the sensors also help to identify the worst-case locations in a load to use for sampling and placement of BIs.

If you are interested in learning more about sterilization validation, please read our blog from last year on an evaluation of the need to re-validate your sterilization process, or you can watch our webinar on sterilization and shelf-life testing. You can also purchase our procedure for EO sterilization validation by clicking on the link below.

Purchase the EO Sterilization Validation Procedure (SYS-031) – $299

EO Sterilization Cycle 1 150x150 Performance Qualification (PQ) for EO Sterilization Validation

SYS-031 EO Sterilization Validation Procedure

This new procedure defines the requirements for ethylene oxide (EO) sterilization validation and revalidation which has been outsourced to a contract sterilizer.

Price: $299.00

Performance Qualification (PQ) for EO Sterilization Validation Read More »

May 25 2017

Safety Agency Mark – Is it required for medical electrical equipment?

3 Comments / IEC 60601 / By Robert Packard

This article explains when a safety agency mark is required for electrical medical equipment for products sold in the USA.

What is a safety agency mark?

Examples of a safety agency mark include UL, CSA, Intertek, SGS Q-mark, and other marks indicating that a recognized testing lab completed the electrical safety testing, and the device passed the testing. Health Canada requires a safety agency mark to certify approval by a lab that is accredited by the Standards Council of Canada (SCC). However, device manufacturers are frequently unclear what the requirements are in the USA for electrical medical equipment regarding a safety agency mark.

Leo Eisner’s explanation of the requirements for a safety agency mark in the USA

Leo Eisner of Eisner Safety was kind enough to answer this question. The simple answer is yes. In the US, there is a requirement for equipment in the workplace to have an NRTL Safety Agency Approval Mark for the applicable category on the device to meet OSHA requirements. The requirements for NRTL approval of electric equipment (or medical electrical equipment) are in 29 CFR 1910.303(a) and 29 CFR 1910.307(c). Because of these requirements, most electric equipment used in the workplace must be NRTL approved. Biomeds maintain and track all the medical equipment in hospitals and clinical environments, and the biomeds usually insist upon an Agency Approval Mark. However, the biomeds may not be aware of the NRTL requirements.

What is an NRTL?

An NRTL is a Nationally Recognized Test Lab that is approved or authorized by Occupational Safety & Hazard Administration (OSHA) for specific device test standards (i.e., UL 60601-1 [National deviation version of IEC 60601-1, 2^nd ed. medical electrical equipment standard] and / or AAMI ES 60601-1 [National deviation version of IEC 60601-1, ed 3.1], among many other standards) to allow a US Mark to be placed on approved devices that meet the applicable standard. Not all NRTL labs can test to the listed medical electrical standards for medical electrical equipment to allow a US mark to be placed on devices. You need to go to the OSHA NRTL site to verify that the test lab can issue a US mark. Within the lab’s link, you can find which standards each test lab is allowed to issue US Marks for.

Safety Agency Mark – Is it required for medical electrical equipment? Read More »

Apr 12 2017

IFU validation is not a risk reduction – Deviation 7

1 Comment / Clinical Studies & Post-Market Surveillance, Validation / By Robert Packard

This article describes how to perform IFU validation before commercialization and how to conduct post-market surveillance to ensure that your IFU continues to be suitable as your user population and patient population expand.

Most companies create an IFU for a new product by plagiarism. They merely copy a competitor’s IFU and change the name. If a regulatory expert creates the IFU, the IFU will be nearly identical to the competitor IFU. However, if a marketing person creates the IFU, the IFU will explain how your product is different from the competitor’s product. Neither approach is practical.

Creating a risk-based IFU

EN ISO 14971:2012 identifies deviations between the ISO 14971:2007 international standard and the three EU Directives. However, deviation #7 is specific to labeling and instructions for use. Even if your product is not CE marked, you should be developing a risk-based approach to IFUs. The priority of risk controls is to eliminate and reduce risks by design, manufacture, and selection of materials. The second priority is to implement protective measures such as alarms to warn users of risks. The last priority for risk controls is to inform users of residual risks. The best practice is to utilize a risk traceability matrix to document each of the risk controls you implemented to eliminate and reduce the risks of hazards identified.

The EN version of ISO 14971 will not allow you to reduce risks quantitatively in your risk assessment for information provided to users about risks, because this type of risk control is not entirely effective. However, you are required to verify that each residual risk is disclosed to users in your IFU, and you must validate that your warnings, precautions, and contraindications are adequately identified such that users understand the residual risks. You are also required to determine any user training needed to ensure specified performance and safe use of your medical device in accordance with ISO 13485:2016, Clause 7.2.1d. Clause 7.2.2d) requires that your company ensure that user training is made available. Any user training you provide should also be validated for effectiveness.

When to perform IFU validation

Some companies ask physicians that helped them with product development review draft IFUs. However, these physicians are already familiar with your product, and your company, and they are highly skilled in the specific procedures your device will be used for. After your experts have made their final edits to your draft IFU, you now need a “fresh set of eyes.” The best approach is to validate the effectiveness of your IFU with potential users that don’t know you or your company. If your product requires animal performance testing or human clinical studies, you could use these studies to validate your IFU. However, I recommend conducting a simulated use study before conducting animal or human studies. Conducting a simulated use study before animal and human studies can prevent deviations from your documented protocols that were caused by the inadequate review of the IFUs.

Methods of IFU validation

The best method for validating your IFU is to perform a simulated use study or human factors study. The FDA published a human factors guidance document that can help you assess the risk of human factors and ergonomics. The FDA guidance requires that you identify your intended user population(s). For each individual population of users, you are required to have a minimum of 15 users for your study. If your product is not for specific indications, you may be able to select 15 users at a few sites randomly. However, if your device is intended for two different specialties, then you need 30 users–15 for each specialization. I recommend recording a video of simulated use studies too. Videos identify small details that you might miss, and clips from the videos are useful in creating training videos for future users.

Gathering Post-Market Surveillance

Post-market surveillance is not just asking customers if they are satisfied. You need to continue to monitor adverse event databases, your complaint database, and any service records to determine if there are any new risks and to verify that the risks you identified were accurately estimated concerning severity and probability of occurrence of harm. Clinical studies and PMS are the only way you can gather data regarding the likelihood of occurrence of harm. When you design your post-market surveillance questions, make sure you include questions explicitly targeting the residual risks you identify in your IFU. You should also ask, “What indications do you use this device for. Specifically, please identify the intended diagnosis, treatment, and patient populations.” This wording is more effective than asking if a physician is using your product “off label.”

Revalidation of IFU after labeling changes

Changes to labeling and IFUs should always be considered design changes and may require revalidation. If the switch is in response to a complaint or CAPA, then you must revalidate the IFU and labeling to verify the effectiveness of your corrective action. Any validation should be documented, reviewed, and approved before implementation, and acceptance criteria should be determined ahead of time. Your acceptance criteria should be quantitative, so you can objectively determine if the change is valid or not. You might be able to copy your previous IFU validation protocol or simulated use protocol and simply repeat the validation precisely as you did before with new users. However, sometimes the reason why the IFU was not 100% effective in the past is that the risk you are addressing in the revised IFU was not evaluated adequately in the original simulated use protocol.

New webinar for risk-based IFU validation and PMS

If you want to learn more about using a risk-based approach to developing IFUs, validating IFUs, and performing post-market surveillance to monitor the effectiveness of your IFU, then please click on the webinar link below.

If you are interested in ISO 14971 training, we were conducting a risk management training webinar on October 19, 2018.

IFU validation is not a risk reduction – Deviation 7 Read More »

Mar 22 2017

DHF Required for a Class I Device? At least 67%…

5 Comments / Design Control / By Robert Packard

Is a DHF required appears to be a simple yes/no question? If you reword the question, however, you get a very different answer.

If you ask, “how much less documentation is required for the design of a Class 1 device compared with a Class 2 device?” you get a very different answer. Instead of 0% (Yes, a DHF is required) of 100% (No DHF required), the answer is that you need 33% less documentation for the design of a Class 1 device.

The FDA shared a presentation on design controls in 2015.

In that presentation, the agency identified six Class 1 product classifications that require design controls, while thousands of Class 1 product classifications do not need design controls. Despite the lack of design controls, manufacturers must still maintain a procedure for design transfer, maintain an approved device master file with all the approved design specifications (i.e., design outputs), and design changes may still require revalidation before implementation.

Why is a DHF Required for Class 2, but Not for Class 1?

Class 1 devices are simple devices that are already on the market and have a history of clinical safety. Class 2 devices are generally more complex and present a moderate risk. Therefore, changes in the technological characteristics often present a higher risk for Class 2 devices. When you design a Class 1 device, you still have to determine what your design specifications will be. Again, you don’t need: 1) to review and approve design inputs, 2) a procedure to document your design process, 3) to document formal design reviews, and 4) to create a design plan.

In the 1997 guidance document for design controls, the FDA states that a design transfer procedure should include at least three basic elements:

design and development procedures should consist of a qualitative assessment of the completeness and adequacy of the production specifications;
procedures should ensure that all documents and articles which constitute the production specifications are reviewed and approved; and
procedures should ensure that only approved specifications are used to manufacture production devices.

The first of these basic elements is not required for Class 1 devices because product specifications for most Class 1 devices are simple. The other two requirements are fundamental principles of document control and configuration management. Therefore, you still need a design transfer procedure for Class 1 devices, but you don’t need to include the first element that relies upon design and development procedures.

If you have a Class 1 device, you must still comply with labeling requirements (i.e., 21 CFR 820.120). If your device is sterile, you must still validate and re-validate the process in accordance with 21 CFR 820.75. Class 1 products also require a device master record (DMR) in accordance with 21 CFR 820.181.

What is Not DHF required?

Needed for Class I (67%)

Approved Design Outputs
Labeling Procedure
Approved Labeling
Sterilization Validation Procedure
Sterilization Validation Protocol and Report
Design Transfer Procedure
Approved DMR
Design Change Procedure

Needed for Class II and Class I requiring Design Controls (100%)

Design Control Procedure
Design Plan
Approved Design Inputs
Approved Design Outputs
Labeling Procedure
Approved Labeling
Sterilization Validation Procedure
Sterilization Validation Protocol and Report
Design Transfer Procedure
Evidence of at least 1 Design Review
Approved DMR
Design Change Procedure

Therefore, although you do not technically have to have a DHF for a Class 1 products, the difference between the two categories is the following elements:

Design Control Procedure
Design Plan
Approved Design Inputs
Evidence of at least 1 Design Review

When an FDA inspection occurs, the investigator will review your design control procedure and then audit your DHF in accordance with your design plan.

When you have a Class 1 device, you are not typically inspected unless there is a problem. When ORA inspectors perform an inspection for Class 1 devices, the inspector looks for evidence of items in the first list.

If you are interested in learning more about design history files (DHF), please check out our DHF webinar.

DHF Required for a Class I Device? At least 67%… Read More »

Feb 1 2017

Checking adverse event history for your device and competitors

1 Comment / ISO 14971:2019 (Risk Management) / By Robert Packard

The article explains checking adverse event data for medical devices as part of design and development, risk management, and post-market surveillance.

When should you be checking adverse event history?

There are three times when you should be checking adverse event history:

when you are planning a new or improved medical device, and you want to know how current devices on the market malfunction (design and development planning),
when you are identifying hazards associated with a medical device as part of your risk management process, and
when you are gathering post-market surveillance data about your device and competitor devices.

Where should you be checking adverse event history?

Most countries have some kind of database for gathering adverse event data for medical devices, but most of these databases are not open to the public. The most common question I am asked is, “How do you access the Eudamed database?” for reporting of adverse events in Europe. Unfortunately, you can’t access Eudamed. The Eudamed database is only available to competent authorities at this time. The primary publicly accessible database for adverse event reporting is the US FDA MAUDE database. The MAUDE database is also integrated with other FDA databases for 510k submissions and recalls. This combined database is called the Total Product Life Cycle database.

Are there other public databases for checking adverse event history?

Yes. The Therapeutic Good Administration (TGA) in Australia makes adverse event data publicly available. The TGA also has a national registry for implanted orthopedic devices that publishes an annual report. Other countries also have public registries.

When will checking adverse event data for Europe be possible?

The Eudamed database for Europe was created in 1999 by the German organization DIMDI. In 2000 the responsibility for the database was taken over by the European Commission. The latest update is that manufacturers will be responsible for updating the Eudamed database in the future as part of the new European Regulations. This requirement will be implemented during the next years. The database will also become accessible to the public.

When you collect post-market surveillance data, which data should you collect?

Searching for post-market surveillance data should be performed on a risk-based frequency. If you have a brand new device, a high-risk device, or a device that is implanted, post-market surveillance data should be reviewed frequently–either monthly or quarterly. The new European guidance document for clinical evaluation reports (MEDDEV 2.7/1 rev 4) requires that clinical evaluation reports be updated at least annually for these devices. It is also important that you collect post-market surveillance data for both your device and competitor products. Therefore, you should be reviewing all the publicly available adverse event databases. You should also be reviewing your complaint data, and you should be searching for journal articles that may include adverse event data–possibly associated with a clinical study.

Available Resources

If you want to learn more about post-market surveillance data collection, please visit our webinar page. There is also a procedure for Post-Market Surveillance (SYS-019).

Checking adverse event history for your device and competitors Read More »

Jan 18 2017

MEDDEV 2.7/1 rev 4: How will your clinical evaluation change?

1 Comment / CE Marking, Clinical Studies & Post-Market Surveillance / By Robert Packard

Article overviews of the new MEDDEV 2.7/1 rev 4 for clinical evaluation of medical devices, including a quality plan to comply with the latest revision.

What’s new in MEDDEV 2.7/1 rev 4 for clinical evaluations?

The third and fourth revisions both give manufacturers three choices: 1) a clinical literature review, 2) performing a clinical study, and 3) a combination of literature review and performing a clinical study. However, the fourth revision is completely re-written. The fourth edition is 19 pages longer, and it is now much harder to use the “literature only” route. The fourth revision includes stringent requirements for demonstrating equivalence between another device and your device. Therefore, many companies are now struggling to update their clinical evaluation reports to satisfy this new guidance document.

Overview of the content in MEDDEV 2.7/1 rev 4

The third and fourth revisions of the guidance both have a 5-stage process for clinical evaluations, but in the third revision, only articulated stages 1 through 3 as stages leading up to writing a clinical evaluation report. The figure in section 6.3 of revision four now identifies a planning Stage 0, and the writing of the clinical evaluation report is referred to as Stage 4. Therefore, there is a lot more detail describing the planning and report writing stages than there was in revision 3. In addition, Stage 2 (Appraisal of clinical data) has been expanded from a single page to eight pages.

Based upon the above changes, you can infer that Competent Authorities have been unsatisfied with the quality of clinical data being provided to support the essential requirements for safety and performance. In turn, Notified Bodies are expected to be much more critical of the data presented, and more guidance is provided to manufacturers. There is also much more guidance and more examples provided in the appendices, while the 12-page clinical evaluation checklist that was provided in revision three has been replaced by one page of bulleted items for Notified Bodies to consider.

Demonstration of equivalence

It is no longer sufficient to list several devices that are similar to your device and include those devices in your search of clinical literature. Now you may only select one device for equivalence. You must also provide a thorough analysis of equivalence with that device based on clinical, technical, and biological characteristics. This comparison includes providing drawings or pictures to compare the size, shape, and elements of contact with the body.

Updating clinical evaluations

The new European Medical Device Regulations (EMDR) is expected to specify minimum requirements regarding the frequency of updating clinical evaluations, but MEDDEV 2.7/1 rev 4 discusses this in section 6.2.3. The frequency of updating your clinical evaluations must be justified and documented. Many considerations for this justification are discussed, but the end of that section indicates that devices with significant risks (e.g., implants) require at least annual updates to the clinical evaluation report. For devices with non-significant risks, and where the device is well established (e.g., a long clinical history), 2-5 years is the range of possible frequency. Longer than five years are not allowed.

Who should perform clinical evaluations?

Many device manufacturers are receiving nonconformities because the evaluators are not sufficiently qualified, or the qualifications are not documented. The qualifications must follow 6.4 of the new guidance, and the qualifications set by your company should be documented in your procedure for clinical evaluations. You will need to document these qualifications with more than an abstract, but you will also need to present a declaration of interest for each evaluator. Evaluators need knowledge in clinical study design, biostatistics, information management, regulatory requirements, and medical writing. Evaluators also need knowledge specific to the device, its technology, and its application. Evaluators must also have a higher education degree in the field and five years of experience or ten years of experience if they do not have a higher education degree. Due to the breadth and depth required of qualifications required, it may be necessary to assemble a team to perform evaluations.

Creating a quality plan for compliance with MEDDEV 2.7/1 rev 4

Seven steps need to be included in your quality plan for compliance with MEDDEV 2.7/1 rev 4:

update your external standards to replace MEDDEV 2.7/1 rev 3 with MEDDEV 2.7/1 rev 4
revise your procedure and associated templates for a literature review and clinical evaluation report to meet the requirements of MEDDEV 2.7/1 rev 4
document the qualifications of evaluators for clinical evaluations
document a plan/schedule for updating your clinical evaluation reports for each product family
train evaluators, regulatory personnel and any applicable internal auditors on the requirements of MEDDEV 2.7/1 rev four and updated procedures and forms
begin updating clinical evaluations according to your plan
perform an internal audit of your clinical evaluation process

Learning more about MEDDEV 2.7/1 rev 4

If you are interested in learning more about this revised guidance document, please register for our live webinar on Friday, January 27 @ Noon EST by clicking on the button below.

MEDDEV 2.7/1 rev 4: How will your clinical evaluation change? Read More »

Nov 28 2016

Color change is only device modification. Is a new 510k required?

2 Comments / Design Control / By Robert Packard

This article explains the process for determining if a color change and other material changes require a new 510k before implementing the change.

I recently taught a frequently asked questions (FAQs) webinar, where I asked attendees to provide questions in advance of the webinar, and I answered the questions during the webinar. One of the attendees asked how to know if a new 510k is required if the only modification to a device is a color change.

New FDA guidance for device modifications

On August 8, 2016, the FDA released a new draft guidance document for device manufacturers regarding device modifications and when a new 510k is required. The current final guidance is titled “Deciding when to submit a 510(k) for a change to an existing device,” and that guidance is dated January 10, 1997. A draft guidance document on this topic was released several years ago, but that draft guidance was withdrawn in response to feedback from the industry. The new draft guidance document includes modified decision trees to help manufacturers decide which types of changes will require a new submission, but there are also examples provided in Appendix A. The most helpful part of the guidance, however, is Appendix B. Appendix B explains how to document changes properly—regardless of whether a change requires submission or not.

Decision Trees from the Guidance

There are five decision trees or flow charts provided in the new draft guidance. The purpose of each decision tree is identified below:

Main flow chart
Decision Tree A = labeling changes
Decision Tree B = technology, engineering and performance changes
Decision Tree C = material changes
Decision Tree D = IVD product changes

How to apply Decision Tree C to a color change

Typically adding a colorant, or changing a colorant, does not negatively impact the strength of a device, but this is the first cautionary statement made at the beginning of the section for material changes. Therefore, if your device has a performance testing requirements that involve a component that is involved in a proposed color change, then you need to repeat the performance testing to verify that the color change has not negatively impacted the strength. Sometimes large concentrations of colorant result in weakening of plastics. Therefore, repeating some of the performance testing or providing data that supports the need for no further testing is expected. In the decision tree, this is addressed by question C5, “Could the change affect performance specifications?” If no, then you document the change, but a new 510k is not required. If yes, then you refer to decision tree question B5.

The next concern addressed by Decision Tree C is the biocompatibility of your modified device. If the material change of the device or device component comes into direct contact with the body, blood, or tissues, then biocompatibility risks must be assessed. If the change does create new or increased issues related to biocompatibility, then question C4.1 asks, “Has the manufacturer used the same material in a similar legally marketed device?” If the changed material has not been used previously for a similar application, then a new 510k is required—typically a Special 510k if only the material is changed and only biocompatibility needs to be assessed by the FDA.

Reference to FDA biocompatibility guidance

Within the guidance document, the FDA explains that you may want to refer to “Use of International Standard ISO 10993-1, ‘Biological Evaluation of Medical Devices Part 1: Evaluation and Testing,’” when you are answering question C4. This new final guidance was released on June 16, 2016, and the Office of Device Evaluation (ODE) appears to be focusing much more closely on biocompatibility since this new guidance released.

Examples of material changes from FDA guidance

There are six examples of material changes presented in the new draft guidance:

A slight change in polymer composition for a catheter = letter to file
Change in polymer for a catheter
1. Change in a polymer for a catheter to a polymer already used by another manufacturer for a 510k cleared device with the same indications = new 510k submission
2. Change in a polymer for a catheter to a polymer already used by your company for another 510k cleared catheter of the same type and duration of contact = letter to file
3. Change in a polymer for a catheter to a polymer already used by your company for another 510k cleared catheter of the same type but shorter duration of contact = new 510k submission
4. Change in a polymer for a catheter to a polymer already used by your company for another 510k cleared catheter of the same type but longer duration of contact = letter to file
Change in the manufacturing method of catheter tubing (i.e., molding to extrusion) = new 510k submission
Change in material for a catheter
1. The new polymer is already used by your company for another 510k cleared catheter of the same type and same duration, but the sterilization method changes (i.e., gamma to EO) = new 510k submission
2. The new polymer is already used by your company for another 510k cleared catheter of the same type, duration, method of manufacturing (i.e., molding) and method of sterilization (i.e., EO) = letter to file
3. The new polymer is already used by your company for another 510k cleared catheter of the same type, duration, method of manufacturing and sterilization, but the performance specifications are slightly different = letter to file (depends upon the impact of difference)
Change in the dental implant from the untreated surface to acid-etched = new 510k submission (may also be considered a design change)
The implantable device is marked temporarily with tape proven not to leave a residue = letter to file

Do you have other questions about biocompatibility?

On Thursday, December 1, @ 11:00 am EST, I will be hosting a new live webinar on the topic of biocompatibility. The webinar will address both requirements for 510k submissions and for CE Marking technical files. If you are interested in registering for that webinar, please click on the following link:

Do you have a question about your 510k submission?

If you have a question related to your 510k submission, you can submit your question to me and download the webinar recording for free by clicking on the following link:

I will respond to your question by email, but most questions make great future blog topics—like this one.

You might also be interested in our 510k course series:

You gain unlimited access to 24 webinars related to 510k submission.

Color change is only device modification. Is a new 510k required? Read More »

Nov 9 2016

Redacted 510k Database – Have you used the newest FDA tool?

Leave a Comment / 510(k) / By Robert Packard

This article describes the new database of redacted 510k submissions that was recently made available online for immediate download by the US FDA.

Recently the FDA made redacted 510k submissions that were previously released through Freedom of Information Act (FOIA) requests available on-line for immediate download. There are 496 redacted 510k submissions available since November 2000–as indicated by the graph above. This is only a small fraction of the total number of 510k submissions, but the number that is available on-line will increase over time.

Types of redacted 510k Submissions

Of the 496 submissions, there is a mixture of submission types.

382 are traditional 510k submissions
97 are special 510k submissions
17 are abbreviated 510k submissions
14 were 3rd Party reviewed

What remains in a redacted 510k submission

The redacted versions do not include testing data, but you will find other goodies such as:

3rd Party SE memorandums (where applicable)
Table of Contents
Pre-market Notification Cover Sheet (i.e., FDA Form 3514)
510k Cover Letter
Indications for Use (i.e., FDA Form 3881)
510(k) Summary
Truthful & Accuracy Statement
Device Description
Executive Summary
Substantial Equivalence Discussion (Partially Redacted)
Summary of Biocompatibility Testing (Partially Redacted)
Summary of Sterilization & Shelf-Life (Partially Redacted)
Proposed Labeling
Predicate Device Labeling
Declarations of Conformity (i.e., FDA Form 3654)
Deficiency Letter

This is valuable information that can be used to help select a potential predicate and to develop a verification and validation testing plan. If you are less experienced in the preparation of a 510k submission, it will help to see how other regulatory experts have organized their 510k submissions.

Learning more about redacted 510k submissions

To access this database, click on this link: Redacted FOIA 510k Database. To limit your search to only 510k submissions that are available as a redacted full 510k, just click on the box for “Redacted FOIA 510k.” If you are interested in learning more about how to make the most of this new resource, please sign up for my latest webinar on Monday, November 21 @ 9 am EST.

Redacted 510k Database – Have you used the newest FDA tool? Read More »