510k Submission to the FDA (Case Study – Part 1)

This article is the first part of a two-part case study providing an overview of the premarket notification process (i.e., 510k submission) to obtain clearance from the US FDA for marketing a new medical device. This first part of the series focuses on the initial steps of a 510k submission project: 1) identifying product classification, 2) identifying any applicable international standards and special controls guidance documents, and 3) selecting a primary predicate device.

case study 510K 510k Submission to the FDA (Case Study   Part 1)

For this case study, I chose the maker of Krazy Glue® as a hypothetical new client. The company wants to start selling cyanoacrylate as a topical adhesive in the U.S. market. As with the Canadian and European markets, the US FDA considers cyanoacrylate a medical device when it is used as a topical adhesive. The first step toward obtaining FDA clearance for marketing the new product is to determine the device’s classification.

Device Classification

My client was considering asking the FDA to identify the classification of topical adhesives using the 513(g) submission process. Still, I provided the following reasons why the client should not use the 513(g) process:

  1. the 513(g) process takes 60 days to get a response from the FDA, while a qualified consultant can make the same determination in less than a day
  2. hiring a consultant typically costs less than the 513(g) fee (i.e., $3,387 for large companies and $1,694 for small businesses)
  3. the FDA’s classification determination is non-binding, and the accuracy of the FDA’s response is highly dependent upon the quality of the information provided by the company

In this case, I was able to answer the client’s question about device classification over the phone without any charge. The client indicated that they wanted to launch a product similar to Surgiseal. I was able to use the US FDA Registration and Listing Database to identify the product classification by merely typing “Surgiseal” in the field for “Proprietary Name.” Adhezion Biomedical LLC is registered as the manufacturer of Surgiseal. The three-letter product code “MPN,” and the device is a Class II device requiring premarket notification via a 510k submission.

This product classification also gives my client additional options that are not available to all companies that are trying to achieve 510(k) clearance for the first time. Most new products can only achieve initial 510(k) clearance from the US FDA by submitting a “traditional” 510(k). This process is supposed to take 90 days—assuming there are no significant questions about the submission, and the reviewer has a manageable workload to review. The average time for determination of 510k clearance is currently between 120 and 180 calendar days.

Applicable International Standards & Special Controls Guidance

For some products, there are recognized consensus standards (i.e., ISO Standards) that define the performance requirements for a medical device or a Special Controls document published by the FDA that identifies which performance Standards the FDA requires for specific product classification. In the case of topical adhesives, the FDA has issued a Special Controls document. When there is a Special Controls guidance document available (http://bit.ly/FDA-topical-adhesive), the company may submit an Abbreviated 510k instead of a Traditional 510k submission.

An Abbreviated 510k submission contains summaries of all the testing results required in the Special Controls document or an ISO Standard recognized by the US FDA. Since all the testing of performance needed to be presented in an Abbreviated 510k submission is in accordance with a previously accepted standard, the FDA reviewer only has to verify that the performance testing identified in the Special Controls document or the ISO Standard has been completed and acceptance criteria have been met. Therefore, the reviewer needs less time, and the FDA’s performance target for making a clearance decision is 60 days—instead of 90 days.

In addition to Special Controls documents, the FDA also has guidance documents related to 510k submissions, such as: “Format for Traditional and Abbreviated 510(k)s.” By following this document verbatim, my client can avoid a lot of time-consuming questions from a reviewer that is having trouble finding the information they are looking for. If a section of the suggested format is not applicable, I still include this section. However, I indicate the reason why this section is not applicable in a brief paragraph (i.e., a one-page section).

As I read through the Special Controls Guidance document, I realized that a specific format for an Abbreviated 510k is described for topical adhesives. Therefore, I need to modify my normal template to match the FDA format for a topical adhesive Abbreviated 510k submission. As I read further, I realized that there would be some additional testing required that my client may not have anticipated.

In the Special Controls document, there are several risks and recommended mitigation measures identified:

fig.1 510k 510k Submission to the FDA (Case Study   Part 1)

The risks of adverse tissue reaction, chemical burns, and infection have all been addressed by biocompatibility testing and sterility testing. My client also performed animal testing to identify any problems in a simulated use environment. However, the client did not perform any testing to address unintentional bonding specifically, wound dehiscence, applicator malfunction or delayed polymerization. The client needs verification protocols and test reports to address these specific risks.

Selection of a Primary Predicate

Another unique requirement from the US FDA for a 510k submission is the concept of a predicate device. A predicate device is a similar product that currently has a valid 510k. In July 2014, the US FDA released a guidance document that clarifies that companies submitting a 510k should identify only one primary predicate–rather than identifying multiple predicates. Ideally, a recent 510k submission should be selected because “old” technology may no longer be considered acceptable from a safety standpoint. In the case of topical adhesives, the applicator is one of the primary differences between legacy products and more recent 510k submissions. The most recent version of Surgiseal™ is an example of a new applicator for a monomeric, 2-octyl cyanoacrylate.

My client has a similar applicator design, and therefore Surgiseal is selected as the primary predicate device for this 510k submission. For all the testing protocols that need to be created for this 510k submission, comparative testing is performed with a sample of Surgiseal and a sample of products made by my client. In each of these protocols, the acceptance criteria are performance “not worse than Surgiseal.” 

Additional 510k Training

The new 510k book, “How to Prepare Your 510k in 100 Days,” ships on Monday, February 6th, 2017. There is also an on-line 510k course series consisting of 24 webinars. Please visit my webinar page to purchase individual webinars. We also have live 510k workshops.

510k Submission to the FDA (Case Study – Part 1) Read More »

Updates on Electrical Safety Standards for Medical Devices-IEC 60601

This blog summarizes updates on electrical safety standards for medical devices-IEC 60601.

electrical saftey 1 Updates on Electrical Safety Standards for Medical Devices IEC 60601

OSHA finally approved some Nationally Recognized Test Laboratories (NRTL) to AAMI ES 60601-1 (equivalent to IEC 60601-1 edition 3.1 or 3rd ed + A1). Leo Eisner posted a blog summarizing this change (http://bit.ly/OHSA-NRTL-Approval-Update) on January 7, 2015. The blog identifies which labs can issue NRTL Marks and which test labs have OSHA approval in progress. UL 60601-1 is still an approved standard that an approved NRTL can issue an NRTL test mark to, but a few of the NRTLs are now authorized to issue an NRTL Mark to AAMI ES 60601-1 3rd edition + Amendment 1.

The best place to confirm if a Safety Test Lab is an approved NRTL for your medical device is by confirming the notifications published in the U.S. Federal Register. You can also visit the OSHA NRTL website (http://bit.ly/OSHA-NRTL), but the OSHA website is updated less frequently. Eventually, UL will formally announce the withdrawal of UL 60601-1, and OSHA will take steps to withdraw that Standard from their list of Approved Standards.

On January 14, 2015, Leo Eisner posted a second blog (http://bit.ly/IEC-60601-2-52-amd1-ed1) on the topic of IEC 60601-2-52 Medical beds as a pre-release. He discusses the actual changes between the 1st edition and 1st edition + A1. This version is the pre-release before the updated Standard is issued as an International Standard (IS), and it is currently available as a Final Draft International Standard (FDIS). IEC website (http://bit.ly/buy-IEC60601-2-52-amd1-ed1) states: “By purchasing this FDIS now, you will automatically receive, also, the final publication.” The voting period ended on February 13, 2015, and the FDIS should be published shortly after (forecasted to be published on March 27, 2015).

Leo’s blog summarizes each of the changes to the Standard. Among the changes, there is a specific requirement to include hazards related to patients taller than 185 cm (like me). These hazards should be included in the risk management file. The new symbols required to identify the requirements for an “adult” are below: 

electrical Saftey 2 Updates on Electrical Safety Standards for Medical Devices IEC 60601

I find this new symbology particularly interesting because there are many medical devices where users frequently select the incorrect size for the patient. Consistent internationally recognized symbology for weight and height would be helpful for these devices, and bariatric specialty devices could benefit from the use of the last symbol.

If you need additional support for any of the IEC 60601 series of standards, please contact Rob Packard by email or phone (+1.802.281.4381) to discuss your specific needs.

Updates on Electrical Safety Standards for Medical Devices-IEC 60601 Read More »

Good Documentation Practices (GDP 101) Webinar

good documetnation practice GDP101 300x261 Good Documentation Practices (GDP 101) Webinar
No White Out!

Medical Device Academy released a new webinar this week for training companies on good documentation practices.

Have you ever wondered where the FDA regulation is that says, “…shall not use white-out to correct quality system records.”

Don’t bother looking, because you won’t find it. You also won’t find any regulations against the use of red pens, highlighters, pencils, or markers. You can’t even find a guidance document that tells you not to put a single line through mistakes, initial and date it.

The applicable regulation is 21 CFR 820.180, but the regulation doesn’t specifically say these things. Instead, the regulation states: “Records shall be legible and shall be stored to minimize deterioration and to prevent loss.” The ISO 13485 Standard is not much different. It states that you must establish a procedure that will “Define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.”

Over time medical device companies have developed some standard approaches to meet the requirements for Document Control, Control of Records, and Training. These are the three core processes that I call “good documentation practices.” If you need training or you need tools for training employees, click on the link below to purchase our new webinar on good documentation practices.


The webpage also includes an exam for training people on good documentation practices. The exam serves as a useful check for the training, but we recommend that process owners monitor these processes–especially if the process is manual. For example, QC inspectors will complete inspection records and file the record as a quality system record. The QC supervisor, or process owner, should periodically review these records for completeness and accuracy. If the supervisor notices an error, the supervisor should notify the inspector and have them correct the mistake. The supervisor should also track how many times each error is made and specifically where errors are occurring. The collection of this data gives the supervisor trend data to help them identify which forms need to be updated to prevent mistakes and which employees require retraining. This data also provides evidence of competency for each employee concerning good documentation practices.

After you have completed the training, you might also be interested in downloading our procedures for Document Control, Control of Records and Training:


Good Documentation Practices (GDP 101) Webinar Read More »

Auditing the Nonconforming Material Process-21 CFR 820.90-Part III

This blog, “Auditing the Nonconforming Material Process-21 CFR 820.90,” identifies process interactions with the nonconforming material process. 

auditing for compliance 21CFR 829.90 Auditing the Nonconforming Material Process 21 CFR 820.90 Part III

Nonconforming material is not a “bad” thing in and of itself. Having no nonconformities is conspicuous. There are three critical aspects to verify when you are auditing nonconforming materials:

  1. nonconforming materials are identified and segregated
  2. disposition of nonconforming materials is appropriate
  3. feedback from the nonconforming material process interacts with other processes

This article focuses on the third aspect–process interactions. The most efficient method for auditing process interactions is to use turtle diagrams because turtle diagrams provide a systematic framework for identifying process linkages (http://bit.ly/Process-Approach).

Turtle Diagram Step 1

The first step of completing a turtle diagram involves identifying the process owner and obtaining a brief description of the process. This typically will not lead directly to the identification of process interactions–unless the person being interviewed describes the process using a process flow diagram.

Turtle Diagram Step 2

The second step of completing a turtle diagram is where the auditor identifies inputs of raw materials and information to the process. For nonconforming materials, the key is to review the incoming inspection record and the trend of nonconformities from the supplier. In a thorough investigation of the root cause for nonconforming raw materials, an investigator may recalculate the process capability for each dimension to determine if the process capability has shifted since the original process validation by the supplier.

Turtle Diagram Step 3

In the third step of completing a turtle diagram, the auditor documents the flow of product and information when the process is done. The transfer from one process to another will often involve an in-process inspection and updating of the product status. The best practice is to identify these in-process inspection steps in a risk control plan as part of the overall process risk controls for product realization. Although risk control plans are not required in most companies, they will become more prevalent as companies update their quality systems to a risk-based process for compliance with the 2015 version of ISO 9001.

Turtle Diagram Step 4

The fourth step of the turtle diagram identifies calibration, maintenance, and validation that applies to the process of being audited. It is common for nonconformities to occur when measurement devices are out-of-calibration, or equipment is not adequately maintained. Therefore, auditors should always ask what device was used to measure a nonconformity, and what equipment was used to manufacture the product. Auditors should also review calibration and maintenance records for evidence that corrections are being made frequently.

Whenever frequent corrections are needed, the probability of devices being out-of-calibration and/or equipment malfunctioning increases. Auditors should also verify that the process parameters in use match the validated process parameters. Ideally, validation of process parameters is also directly linked to process risk analysis, and in-process inspections are performed whenever process capability is inadequate to ensure conforming parts. If an auditor observes a high frequency of nonconformities, then an in-process inspection should be implemented for containment, and the validation report should be compared to current process performance.

Turtle Diagram Step 5

The fifth step of completing a turtle diagram involves the identification of personnel and sampling training records. The procedure for control of nonconforming material should be required training for anyone responsible for initiating, investigating, or completing a nonconforming product record (i.e., NCR). Critical interactions to verify for effectiveness are related to process changes. If a procedure changes, training may need to be updated. An auditor should verify that there is a mechanism for tracking which revision of the procedure each person is trained to. In addition, training records should verify that training requirements are documented, training is effective, and that the person can demonstrate competency by correctly completing the sections of an NCR form. The auditor can review completed records to verify competency, but the auditor can also interview personnel and ask hypothetical questions.

Turtle Diagram Step 6

The sixth step of completing a turtle diagram involves the identification of all applicable controlled documents, such as procedures, work instructions, and forms. The auditor should also verify that the process for control of external standards is effective. In the case of controlling nonconforming product, there are seldom any applicable external standards. However, it is critical to verify that the current forms and NCR identification methods are being used for control of nonconforming product.

Turtle Diagram Step 7

The seventh and final step of the turtle diagram is data analysis of metrics and quality objectives for a process. For control of nonconforming product, there should be evidence of statistical analysis of the nonconforming product to identify the need for corrective actions. This is a requirement of 21 CFR 820.250. This data analysis should then be used to quantify process risks that may be used for decision-making and to explain those decisions during regulatory audits.

The above process interactions are just examples, and auditors may identify other essential process interactions during an audit. Each process interaction that touches a record of nonconforming product is a potential audit trail that could lead to value-added findings to prevent future nonconformities.

If you need help improving your process for controlling nonconforming product, or with auditing in general, please email Rob Packard.

Auditing the Nonconforming Material Process-21 CFR 820.90-Part III Read More »

Management Review Procedure Case Study Example

This article, “Management Review Procedure Case Study” describes an error-proof method for review and approval of procedures.

Redlined Management Review Procedure Management Review Procedure Case Study Example

The first time I was ever formally trained on how to conduct a document review was during a lead auditor course. I thought the topic seemed out of place, but as I audited more companies, I realized that missing a regulatory requirement in a procedure was quite common. Regardless of who reviews a procedure, or how many times it is reviewed, something is always missed. Unfortunately, a desktop audit of procedures is not an effective corrective action or verification method. Auditing procedures is an ineffective method for reviewing procedures because audits are limited by sampling.

Instead of random sampling, a systematic review of 100% of regulatory requirements is needed to ensure that none of the regulatory requirements are accidentally omitted. Systematically reviewing the requirements for each country your company is selling in is tedious at best. You need a tool to make the reviewing process error-proof and straightforward. You also need each reviewer of the procedure to have a defined function to eliminate the duplication of work.

Procedure Reviewer Roles

Typically, there are 3-5 reviewers of procedures in most companies. Some companies make the mistake of having as many as 8-10 reviewers of procedures, but more is not better in this case. There are four primary roles for review and approval of procedures:

  1. process owner
  2. quality management
  3. regulatory
  4. independent

The process owner may be the author of a procedure, but I don’t recommend it. Editing someone else’s work is much more useful than editing your own work. Therefore, I recommend that department managers delegate the responsibility for writing a draft of a procedure to a subordinate that needs to perform the procedure. Then the department manager, who should also be the process owner, is responsible for reviewing and approving the initial draft.

The quality management person should be responsible for reviewing the procedure for accuracy and interactions with other processes. For example, the management review process has eight required inputs (i.e., ISO 13485, Clause 5.6.2a-h). Each of those inputs comes from another process and procedure. It is essential to ensure that if you are reviewing the complaint handling procedure, somewhere in that procedure, it should state that the monitoring and measuring of complaint trends should be input into the management review process.

The regulatory person is responsible for verifying that the procedure meets 100% of the regulatory requirements. This person should verify that the scope of the procedure identifies the relevant markets. If there are references to documents of external origin, the regulatory person should verify that these references are accurate. It is recommended to eliminate references to revisions of documents of external origin and internal procedure revisions because the inclusion of revisions will increase the frequency of minor revisions to procedures that add no value.

Finally, the independent reviewer is looking for two things:

  1. Does the procedure make sense–to someone that performs the procedure (if that person was not the author); and to an external auditor, such as a certification body (internal auditors can fill this role)?
  2. Are there typos, spelling, or grammar mistakes?

The independent reviewer does not need to be a manager. It needs to be someone that writes well. Copy editing is tedious, but apparent mistakes in spelling or grammar prompt auditors to review procedures more carefully. I recommend asking an internal auditor to be the independent reviewer.

Reviewing Regulatory Requirements

The two most common reasons for audit findings are:

  1. the procedure is not being followed, and
  2. a regulatory requirement is not being met.

The first problem should be addressed by having processing owners review and write procedures instead of asking quality assurance to provide a procedure. If you are purchasing a procedure, it’s important for the person that will be performing the procedure to carefully review the procedure to ensure it matches how they intend to perform that process. If it’s a manufacturing procedure, I like to conduct the training of personnel with a draft procedure and hand out red pens. That also dramatically reduces complaints from the people that do the work.

For regulatory requirements, your regulatory reviewer needs to create a checklist that includes 100% of the requirements for that procedure. The model I like to follow is the Essential Requirements or Essential Principles Checklist used for technical documentation (i.e., for CE Marking). There are 13 Essential Requirements, and most of the requirements have multiple subparts. The regulatory person that completes an Essential Requirements Checklist must indicate the following information next to the applicable requirement in the checklist table:

  • yes, the requirement applicable or justification if it’s not applicable
  • a reference to any applicable standards
  • a cross-reference to the record where evidence of meeting the requirement can be found (e.g., the risk management file)

Regulatory personnel can revise this approach slightly by doing the following for a review of procedures:

  • yes, the requirement applicable or justification if it’s not applicable
  • a reference to the applicable specific sub-clause in a Standard or a regulation
  • a cross-reference to the subsection of the procedure where evidence of meeting the requirement can be found (e.g., section 5.1 of the SYS-003)

Case Study of SYS-003, Management Review Procedure

In the Medical Device Academy Management Review Procedure, Section 8 is the “procedure section.” Sub-section 8.3 of the procedure lists all the required inputs to a Management Review meeting. Next to each input, I have included a cross-reference to the sub-clause in ISO 13485:2003 for the Management Review input. There is also a requirement in 21 CFR 820.20 for conducting Management Reviews at scheduled intervals. This requirement is met by sub-section 8.1 of the Management Review procedure.

Teaching Auditors to Review Regulatory Requirements

Now, when I teach my version of the Lead Auditor Course, I ask attendees to split into small groups and review one of their procedures. In the last company I did this, each of the four teams found a regulatory requirement missing in the procedure they were reviewing. All four procedures the teams selected were reviewed, approved, and currently in use.

Management Review Webinar & Procedure – Free Download

Management Review Procedure Case Study Example Read More »

Complaint Investigation Case Study (21 CFR 820.198): Part 2

This article is part 2 of a two-part series specific to complaint investigation requirements as specified in 21 CFR 820.198 (http://bit.ly/21CFR820198) of FDA QSR. This second part explains how to perform a complaint investigation and provides a complaint investigation case study.

complaint part 2 Complaint Investigation Case Study (21 CFR 820.198): Part 2


Last week’s blog  reviewed the requirements for a complaint investigation, while this blog includes the following information on how to conduct an investigation:h

  1. How thorough should your investigation be?
  2. Investigation Methods
  3. Verification of the Cause
  4. Documenting Your Investigation
  5. Complaint Investigation Case Study

How thorough should your investigation be?

The depth of investigation should be appropriate to the importance of the complaint. If a previous complaint of similar nature has already been investigated, the investigation may only gather enough information to verify that complaint has the same root cause. However, if a complaint involves an adverse event (i.e., is reportable under 21 CFR 803), then additional information needs to be recorded in the complaint record as per 21 CFR 820.198d:

  1. Does the device fail to meet specifications?
  2. Was the device used for treatment or diagnosis?
  3. What was the relationship, if any, between the device and the reported event?

If the person gathering information from the complainant cannot immediately identify a cause code, or the incident involves a severe injury or death, then it is essential to collect as much information as possible. Typically, the complainant will be asked to return the device to determine if the device malfunctioned.

Investigation Methods

A complaint investigation is not any different from any investigation you perform for a CAPA. The most critical first step is to determine the cause of the complaint. To determine the cause, you need to sample additional records and inspect the device if it is available. If the device is not available, you might also look at other product from the same lot that remains in inventory. The following article I wrote suggests seven ways to investigate a complaint when a device is not returned: http://bit.ly/DeviceNotReturned.

One of the methods described in the article above is an Ishikawa Diagram or “Fishbone Diagram.” This is one of the five root cause analysis tools that I teach in my CAPA webinar (http://bit.ly/enKapCAPAwebinar). Ishikawa Diagrams are an ideal tool for root cause analysis if you have no idea what the cause of the complaint is because this tool provides a systematic process for narrowing down the potential causes, to the narrow few that are most likely. You are not required to use this tool, but you should describe in your complaint record what type of root cause analysis was performed.

Verification of Cause

Once you have identified the root cause, or at least narrowed your list to the most likely causes, you should then verify that the cause will result in the observed malfunction by recreating the scenario if possible. Ideally, you should be able to simulate the event that resulted in the complaint and demonstrate that you can reproduce the problem. This is important because if you cannot verify the cause of a device malfunction, then you will have difficulty verifying the effectiveness of corrective actions for an infrequent complaint.

Documenting Your Investigation

There is no specific format for the way a complaint investigation is documented. Still, most complaint records have a small section on the complaint form that allows them to write a short paragraph summarizing the investigation and the results. Unfortunately, most of the spaces provided on forms are completely inadequate for the amount of information that should be recorded. Therefore, the best approach is often to write, “See attached complaint investigation.” This is especially true if the complaint is reportable (i.e., requires MDR under 21 CFR 803). Good documentation is quantitative and specific. You need to identify which records were sampled as part of the investigation. You should demonstrate that you have expanded your initial search to determine if the problem exists in multiple production lots of the same product code, multiple product codes within the same product family and any other product families that may use similar raw materials, design features, equipment, testing methods or procedures.

Complaint Investigation Case Study

If your company manufactures cast orthopedic implants for the knee and you receive a complaint about an implant that has a small imperfection in the bearing surface of the femoral implant, you may need to perform an investigation–especially if this has not occurred previously. You should request a return of the implant for inspection to verify that the imperfection is nonconforming and not just a cosmetic defect.

Your investigation should include a review of the lot history record for an entire lot of implants–as well as any other parts that they may have been cast at the same time. All the process conditions identified throughout the manufacturing process should be compared to the validated process parameters. Special attention should be given to the inspection results that were recorded for the castings (i.e., radiographic inspection, fluorescent penetrant inspection, and metallurgical inspection). Ideally, these inspection methods should be repeated for 100% of the production lot to ensure that the inspection results meet the acceptance criteria. Documentation of the investigation should include copies of all records that were reviewed and photos if visual inspections were repeated.

If you are interested in learning more about complaint handling, you might be interested in downloading the webinar that Medical Device Academy recorded last year for complaint handling and vigilance reporting (http://bit.ly/Complaint-Webinar-Landing). We can also help you one-on-one with a current complaint investigation you are conducting. Please don’t hesitate to contact me. Mobile: 802.281.4381 or rob@13485cert.com.

Complaint Investigation Case Study (21 CFR 820.198): Part 2 Read More »

FDA Inspections-Complaint Investigation Requirements-Part I

“FDA Inspections-Complaint Investigation Requirements-Part I” is a two-part series that provides an overview of 21 CFR 820.198 requirements. 

complaint part 1 FDA Inspections Complaint Investigation Requirements Part I

Last week, I received a message from someone asking for advice on how to perform a complaint investigation. She has a complaint handling procedure that explains how to determine if complaints are reportable (http://bit.ly/Medical-Device-Reporting), and she is the complaint coordinator. Her procedure includes a list of pre-determined cause codes for the most common complaints the company has received in previous years. Her system does not require a complaint investigation if an existing cause code is identified. She would like to know how to perform an investigation if she receives a complaint that does not fit one of the existing cause codes.

Is It a Complaint?

Most discussions about complaint handling begin with the definition of a complaint [i.e., 21 CFR 820.3(b); http://bit.ly/21CFR820-3]. However, if a complaint is received during an investigation of a device rather than the use of the device, the FDA will still consider this as being “after releasing for distribution.” The reason is that release for distribution occurs at final inspection. If the device breaks during installation, the device was still distributed.

One last question. Is it correct to consider a complaint only when the device is live and not during the settings and installation process of the device? (The definition states “after it is released for distribution,” what do they mean by this?).

What is Required?

The FDA QSR section specific to complaint handling is 21 CFR 820.198 (http://bit.ly/820-198). There are seven subsections (i.e., “A” through “H”) that comprise the regulation.

  1. Manufacturers shall maintain complaint files and establish procedures for complaint handling.
  2. Manufacturers must review and evaluate if an investigation is needed.
  3. Manufacturers must perform an investigation automatically for any complaint involving a device malfunction–unless an investigation has already been performed for a similar complaint.
  4. Separate files shall be maintained for complaints that involve adverse events that are reportable under 21 CFR 803 (http://bit.ly/21-CFR-803).
  5. The content of a complaint investigation record is specified in this subsection.
  6. When the complaint handling unit is located at another facility, the records of investigations shall be reasonably accessible to the manufacturing establishment.
  7. When the complaint handling unit is located outside the USA, then the records must be reasonably accessible at a U.S. manufacturer or the location of an initial distributor.

What Does the FDA Expect to See?

FDA inspectors are guaranteed to sample complaint records and CAPA records during every routine inspection. The complaint records sampled will typically be limited to a specific product family that has been selected as the focus of the investigation. Most companies have an electronic log of the complaints, and the investigator may request a sorted list that only includes complaints specific to that one product family. The investigator will already be aware of all of your reported adverse events associated with the product family, and there may be one or two records they specifically want to investigate. The investigator will also review the complaint log to see if there are any complaints with a description that sounds like it might be reportable–even though the complaint was not reported.

The investigator will verify that each complaint record includes the content specified in subsection “E”:

  1. name of the device;
  2. the date the complaint was received;
  3. any device identification(s) and control number(s) used;
  4. the name, address and phone number of the complainant;
  5. the nature and details of the complaint;
  6. the dates and results of the investigation;
  7. any corrective action is taken; and
  8. any reply to the complainant.

In my response to the question that I received, I also included advice on how to conduct an investigation. In general, the investigation is no different than an investigation for any CAPA. The first step is to perform a root cause analysis. The second part of this article will explain the investigation process in more detail.

Register to receive email notification of new blog postings (http://bit.ly/MDA-Blog), so you can read the second part of this article next week. If you are interested in learning more about complaint handling, you might be interested in downloading the webinar that Medical Device Academy recorded last year for complaint handling and vigilance reporting (http://bit.ly/Complaint-Webinar-Landing). We can also help you one-on-one with a current complaint investigation you are conducting. Please don’t hesitate to contact me and ask for help: Mobile: 802.281.4381 or rob@13485cert.com.

FDA Inspections-Complaint Investigation Requirements-Part I Read More »

Obtaining a Health Canada Medical Device License (Case Study)

This article explains the process for obtaining a Health Canada Medical Device License through a hypothetical case study. Canadian Medical Device Licensing is generally a more straightforward process than the 510(k) submission process for the US FDA and the European CE Marking Process. Therefore, launching a new product in Canada is one of the fastest ways for start-up medical device companies to achieve initial cash flow.

case study canada Obtaining a Health Canada Medical Device License (Case Study)

For this case study, I chose the maker of Krazy Glue® as a hypothetical new client. The company wants to start selling their products as medical devices. Fortunately for them, companies have been selling cyanoacrylate (e.g., – Krazy Glue®) as a medical device for years. Therefore, my client needs to decide if they want to sell the product as 1) a liquid bandage, 2) a topical adhesive to replace sutures, or 3) a vascular repair device for use inside the body during surgery. The client indicates that they want to sell cyanoacrylate as a medical device all over the world. Therefore, after a little homework, the client decided that a “topical adhesive” application will give the company higher margins of a medical device for prescription use. Still, it will also avoid the costly Pre-Market Approval (PMA) process at the FDA. I recommend that the client try a pilot launch in Canada first to evaluate their new packaging ideas on a smaller market than the USA or Europe.

Even though I have submitted multiple-device license applications to Canada, my first job in Regulatory Affairs taught me the most valuable lesson of all: “Always check the source.” Therefore, I went to the “helpful links” (http://bit.ly/RA-Resources) page of my website to find the Canadian Medical Device Regulations (CMDR), but for those of you that just don’t want to work that hard, here’s the direct link: http://bit.ly/SOR-98-282. The CMDR was most recently updated on December 8, 2014, but there have been no amendments to the regulations since December 16, 2011. If you want to know what the difference is between the current version and the previous version, I wrote an entire blog posting on just that topic (http://bit.ly/CMDRChange). The posting is 701 words long, but the two-word answer is: “Not much.”

Once I find the most recent version of the CMDR, I skip ahead to the bottom of page 54. Rule 4 states that “all non-invasive devices that are intended to come into contact with injured skin are classified as Class 2.”  This is the applicable rule for a topical adhesive, but with device classifications, I always verify the Classification by looking up the license for a competitor product. The competitor product I selected was “Surgiseal.” I wasn’t sure who the manufacturer was for Surgiseal, so I used Health Canada’s Medical Device Active License Database and searched by “Device Name.” In this case, I quickly found the license information I needed. Still, sometimes I use the US FDA website’s Registration and Listing Database (http://bit.ly/CDRH-Registration-Listing-Database) to identify device names and the name of manufacturers. The Canadian Device License information for Surgiseal is shown below:

fig. 1 canada Obtaining a Health Canada Medical Device License (Case Study)

After verifying, this is a Class 2 device in Canada, I reviewed the Canadian Licensing Process for Class 2 devices. Starting on page 16 of the CMDR, Section 32, I reviewed the process of applying for a Medical Device License. I also reviewed the Guidance Document for “How to complete a new medical device license application.” The location of that Health Canada Guidance Document is http://bit.ly/Canadian-Device-License. Fortunately, this is a Class 2 device, and the requirements are primarily to complete the application form for a new Class 2 device license (http://bit.ly/Canadian-Device-License-Form), sign attestations regarding compliance with the safety and effectiveness requirements (Section 10-20 of the CMDR) and compliance with the labeling requirements (Section 21-23 of the CMDR). The application form has a new section requiring information about the phthalate content of the device in the application. However, this tissue adhesive would only have phthalates if it was contained in the packaging.

Obtaining a Health Canada Medical Device License: The Process

After reviewing all the requirements for a device license application, I meet with the client to explain the next steps of the process:

  1. The client needs to upgrade its existing ISO 9001:2008 Quality Management Certificate to an ISO 13485:2003 Certificate with CMDCAS. “CMDCAS” is the Canadian Medical Device Conformity Assessment System (http://bit.ly/CMDCAS-Certification-Part2). The Quality System Auditor from the registrar will look for additional requirements specific to the CMDR, but all of these requirements are identified in GD210—another guidance document from Health Canada. This will only require a one-day external audit to upgrade the scope of the current certification.
  2. The labeling needs to be revised to meet the requirements for Sections 21-23 of the CMDR. Since this product will be used by Medical Professionals, rather than an over-the-counter product, the labeling requirements are similar to Europe and the U.S. The most important thing to do will be to implement the use of appropriate symbols found in ISO 15223:2012—an Internal Standard for Labeling and Symbols.
  3. The client will need to conduct an internal audit to the CMDR requirements before the certification upgrade audit. If I make revisions to the client’s quality system, then another auditor on my team will conduct the internal audit remotely. If the client makes the changes to the quality system themselves, then I can conduct the internal audit myself.
  4. Finally, once the new CMDCAS Quality System Certificate is received, we can complete the medical device license application and submit the application with a copy of the new certificate.

In my proposal to the client, I estimate that the entire process will require less than 60 days. When the client gets an upgrade quotation from their registrar, the earliest date available is in 10 weeks, but their annual surveillance audit is already scheduled for 13 weeks. Therefore, the client decided to combine the upgrade audit and the annual surveillance audit to save money on the travel costs and to give themselves more time to prepare for the upgrade to CMDCAS certification.

Not all applications are this easy. For higher-risk devices (i.e., Class 3 and 4), Summary Technical Documentation (STED) must be submitted in both paper and electronically. Health Canada provides guidance documents for this, and there is a Global Harmonization Task Force (GHTF) document that explains how to prepare these documents. Depending upon the Classification and complexity of the device being submitted, this documentation can take weeks or months to prepare. 

The STED documents described above meet the European CE Marking requirements for the content of a Technical File, and most of the STED documents can be modified to meet 510(k) submission requirements of the US FDA. Preparation of STED documents, including STEDs for biocompatibility testing and sterilization validation, can be prepared in parallel with obtaining ISO 13485:2003 certification. The only item that should require additional time is the clinical summary–if clinical studies are required.

If your company needs help with Canadian Medical Device Licensing, please contact Rob Packard.

Obtaining a Health Canada Medical Device License (Case Study) Read More »

11 Steps to Obtaining CMDCAS Certification-Part 2

11 steps CMDCAS part2 11 Steps to Obtaining CMDCAS Certification Part 2

11 Steps to Obtaining CMDCAS Certification-Part 2” focuses on the process of updating the quality system and preparing for your certification audit. The first three steps focus on classification and selecting a registrar. 

Steps 4: Writing a Licensing Procedure

Nowhere in the Canadian Medical Devices Regulations (CMDR), or ISO 13485, does it require that you have a procedure for licensing or writing your technical documentation. However, most of the registrar auditors I have observed expect to see a procedure for this. You can reference Health Canada’s guidance documents (http://bit.ly/CanadianGuidance) and the CMDR (http://bit.ly/CanadianMDR), but that’s not enough. Typical audit questions I see on regulatory checklists include:

  • Is the company required to notify Health Canada of changes to the certificate within 30 days?
  • Is the classification rationale documented?
  • What is the procedure for maintaining technical documentation for Health Canada?
  • Is there a procedure for identifying significant changes that require notification of Health Canada (http://bit.ly/Canada-Significant-Change)?

Step 5: Mandatory Problem Reporting (MPR)

Some companies choose to have one procedure for adverse event reporting that covers all the countries that they distribute the product(s) in. However, I recommend having a separate procedure for each country that is shorter and will require updates less often. It’s a personal preference, but I find people are intimidated by a longer, combined procedure. The following are the key elements for the MPR procedure:

  • decision tree for when to report
  • timescale for reporting deadlines
  • form references
  • address for reporting
  • reminder to report the event to the US FDA if the product is also sold in the USA

Step 6: Recall Procedure

Unlike the MPR procedure, I recommend having only one recall/advisory notice procedure to comply with Health Canada’s requirements and the rest of the worlds’ regulatory requirements. I typically choose this approach, because the recall/advisory notice procedure is less complex than the adverse event reporting procedures. The key element I look for in this procedure is the address for notifying Health Canada of a recall because there is a different address in each region of Canada.

Step 7: Finding a Distributor

A Canadian Medical Device License is a license to distribute medical devices. Only Class I devices require an establishment license. Therefore, your company will be able to sell directly to physicians prescribing your device if you have a Class II, III, or IV Medical Device License. If you choose to use a distributor in Canada, the distributor must meet the requirements for record-keeping, and demonstrate the ability to conduct a recall, if necessary. Often, this is done by having a quality agreement in place, which stipulates the retention of distribution records. Also, your company should conduct a mock recall once distribution has begun. This will ensure that the distributor is compliant with the requirements for maintaining distribution records. The instructions for conducting a mock recall will be included in the revisions to the recall/advisory notice procedure described in Step 6.

Step 8: Training

The most common root cause of audit findings related to the CMDR is a lack of understanding with regard to the regulatory requirements. A better procedure can help, but there is no substitution for training on the CMDR. The CMDR is relatively easy to understand when compared to European Regulations, and the CMDR is shorter in length than US FDA regulations. However, most people have a lot of difficultly understanding the jargon of medical device regulations unless they are a regulatory expert. Therefore, it is essential to develop training that summarizes the CMDR for anyone in your company that will be involved with complaint handling, adverse event reporting, recalls and regulatory submissions–including design changes.

Medical Device Academy has a recorded webinar designed explicitly for company-wide training when companies are preparing for CMDCAS certification: http://bit.ly/CMDCAS-webinar. The cost of the webinar is $129, and there is a 10-question exam to verify the effectiveness of training. The exam costs $49 to grade, correct answers are explained for each question, and a certificate is issued for a passing grade of 70% or more.

Step 9: Internal Auditing

Your registrar will verify that you conducted an internal audit of the quality system for compliance with applicable sections of the CMDR. This can be performed by one of your internal auditors or a consultant. The audit can be completed on-site, but sometimes a remote desktop audit will suffice. Since there will be no records of distribution, licensing, complaints, or recalls before the CMDCAS certification–there is little value in conducting an on-site audit before certification. The duration of the internal audit should not exceed a day. It typically can be completed in four hours by an experienced auditor–plus a couple of hours of audit report writing.

Step 10: Conducting the CMDCAS Certification Audit

Your registrar conducts this step. Any audit findings will require a corrective action plan that is accepted by the auditor before the new certificate can be issued. The new CMDCAS certificate will look very similar to the existing certificate, but there is typically an additional logo indicating compliance with CMDCAS. This is not the same as the SCC logo indicating accreditation by the Standards Council of Canada. Once the initial extension to the scope is completed, the continued certification is evaluated as part of the normal surveillance audits and re-certification audits.

Step 11: License Application Submission

For a Class 2 device license application, you need to complete a form, send a check, and include a copy of your new ISO 13485 Certificate with CMDCAS. The response from Health Canada is typically within 15 days or less–depending upon the current workload. Class III and IV device license applications are more complex and require technical documentation–including a clinical evaluation.

The timelines for approval of a Class III or IV device license is closer to the timeline for a 510(k) clearance letter from the US FDA. Health Canada’s Device Licensing Division is quite responsive to email inquiries, and they will respond to voicemail messages. Once a license is issued, it is typically faxed to the company, and a hardcopy is mailed. I recommend a dedicated fax number for your regulatory affairs department.

Medical Device Academy, Inc. has a complete set of generic quality system procedures–including Canadian Medical Device Licensing and Mandatory Problem Reporting. Since the requirements for reporting adverse events is quite different in each country, it is not recommended to combine these procedures with other procedures. The cost of purchasing generic procedures from Medical Device Academy in a native MS Word Format is $300/procedure. Purchase grants your company a non-exclusive license to the content of the procedure for internal use. Please email Rob Packard if you are interested.

11 Steps to Obtaining CMDCAS Certification-Part 2 Read More »

11 Steps to Obtaining CMDCAS Certification: Part I

  • 11 steps CMDCAS partI 11 Steps to Obtaining CMDCAS Certification: Part I11 Steps to Obtaining CMDCAS Certification-Part I” focuses on the process of verifying the classification, selecting a registrar, and more.

Step 1: Verify Classification

There are four device risk classifications in Canada: I, II, III, and IV. If your device is Class I, then you can work with a distributor in Canada that has an establishment license. However, if your device is Class II, III, or IV, then ISO 13485 certification with CMDCAS is required as a prerequisite for a Canadian Medical Device License Application. Therefore, before you waste time and money on upgrading your ISO 13485 certification to include CMDCAS, you should ensure that your device is Class II-IV.

Each country has slightly different regulations. Often the risk classification is different between the two countries. However, in the following example, the classification is identical. If a device is an active, therapeutic device, then the device is typically classified as Class 2, as per Rule 9 of the CMDR. The rule and the rationale are identical to the EU classification of Class IIa, per rule 9 in Annex IX of the MDD. A manufacturer can confirm this classification by sending an email to the Device Licensing Division, asking them to confirm the classification rationale. Including a copy of the draft, IFU is recommended, so that Health Canada is aware of the intended use when they are verifying your classification rationale. Verification typically is completed within ten days, and there is no charge. If you need help determining the classification, please contact Rob Packard.

Step 2: Health Canada recognizes a verified Registrar

The process for becoming a CMDCAS auditor is one of the most challenging examinations that I have ever taken (http://bit.ly/Instructor-Effectiveness). However, the process of becoming a recognized registrar for CMDCAS is even more challenging. Health Canada acknowledges only 15 registrars. Therefore, ensure that your registrar is on the list first http://bit.ly/RecognizedRegistrars.

If you are selecting a critical subcontractor (i.e., “subcontractors in charge of processes which are essential for ensuring compliance with legal requirements”), you should verify that the company has a registrar that is recognized by Health Canada, as well. If not, this may result in the need for additional scrutiny of the critical subcontractor by the registrar–including the potential for an audit. If you need help selecting a registrar from the 15 recognized registrars, you should read our blog on this topic: http://bit.ly/SelectingRegistrar.

If your registrar is not one of these 15, then you will either need a second registrar, or you will need to transfer to a new registrar. The transfer process is a little different from each registrar. Still, generally, the new registrar must review previous audit reports, your certificate, and any corrective actions that are associated with the previous regulatory audit. This is typically completed in a one day audit that may be on-site or remotely conducted. The next step is to obtain a quote.

Step 3: Obtaining a Quote for CMDCAS Certification

Every registrar I know has a long application form that needs to be completed before they can provide a quote for CMDCAS certification. You will need company information about the various locations for each site covered by the quality system certificate–including the number of people, shifts, and types of activities conducted at each location. If you already have ISO 13485 certification, the quotation will be for an extension to the scope of the original quality system certification. An extension to scope audit is typically one day in duration. Upon successful completion of the audit, your company is recommended for CMDCAS certification, and the existing ISO 13485 certificate is replaced with a CMDCAS Certificate. For some companies, the scope of activities requires that you maintain your original certificate and the new CMDCAS certificate.

Once you obtain your quote(s) for upgrading to CMDCAS, then you must schedule your audit. Typically, auditors are booked at least 90 days in advance. Since the process of making upgrades to your quality system takes no more than 90 days, I don’t recommend waiting to make changes. Just go ahead and schedule the audit, and now you have a real deadline for everyone to work toward.

Part 2 of this article will explain the changes you need to make to the quality system to prepare for your CMDCAS audit.

11 Steps to Obtaining CMDCAS Certification: Part I Read More »

Scroll to Top