Blog

Risk Control Options for Medical Devices: Deviation #6

This blog discusses risk control options for medical devices; the 6th deviation identified in the European National version of the Risk Management Standard.%name Risk Control Options for Medical Devices: Deviation #6

Design is not the same as design and construction. This is the interpretation of the European Commission. The sixth of the seven deviations identified in the European National (EN) version of the Risk Management Standard (i.e., EN ISO 14971:2012; http://bit.ly/ISO14971-2012changes), states that “inherent safety by design” is not precise enough. Section 2 of the Essential Requirements (i.e., Annex I of the MDD) states that the first risk control option must be selection of design and construction that eliminates or reduces risk as far as possible, while the international (ISO) risk management standard (i.e., ISO 14971:2007) only states that inherent safety by design is required.

The difference between the requirements of the ISO and the EN standard are not just semantics. If you read part II of the Essential Requirements (ERs; i.e., ER 7-13), there are many examples of how the construction of devices should be considered. The following are three examples:

  • ER 7.5 – leaking from the device
  • ER 8.2 – tissues of animal origin
  • ER 9.2 -aging of materials

Therefore, in order to comply the the intent of the Directive, you must consider far more than just the design of the device.  Construction is interpreted as both the risks associated with the materials to fabricate a device and the methods of manufacture. In the proposed EU regulations, the European Commission seeks to clarify the requirements for implementation of risk controls, but the draft legislation still seems vague.

Implementing Risk Control Options for Medical Devices

The following wording for implementation of risk control options in the new proposed second Essential Requirement is below:

“The manufacturer shall apply the following principles in the priority order listed:

a. identify known or foreseeable hazards and estimate the associated risks arising from the intended use and foreseeable misuse;

b. eliminate risks as far as possible through inherently safe design and manufacture

c. reduce as far as possible the remaining risks by taking adequate protection measures, including alarms; and

d. provide training to users and/or inform users of any residual risks.”

In this proposed wording, the word “construction” was replaced by the word “manufacture.” However, in other parts of the new proposed Essential Requirements (http://bit.ly/NewERCGap) the materials of fabrication are specifically addressed, as well. For example:

  • ER 7.1d) was added as a new requirement…”d) the choice of materials used, reflecting, where appropriate, matters such as hardness, wear and fatigue strength.”
  • ER 7.6 was added as a new requirement to address risks associated with the size and properties of particles—especially nanomaterials.

The new proposed Essential Requirements also include numerous examples of how the manufacturing processes must ensure proper safety. Essential Requirement 10 specifically references new Commission Regulation (EU) No 722/2012 (http://bit.ly/AnimalTissueReg)–specific to devices manufactured using animal tissues or cells of animal origin.

Even though the proposed regulations are more detailed with regard to application of risk management, they do not specify if it is required to implement risk control options for both materials and methods of manufacture simultaneously, or if the manufacturer may choose between the two. The phrase “taking account of the generally acknowledged state of the art” is used in the second Essential Requirement, but “state of the art” is a moving target, and the European Commission may find existing Standards to be deficient.

For reducing the risk of infection, the Commission does not require that companies implement aseptic processing, antimicrobial materials and terminal sterilization. One of the three is sufficient. This is why we have ISO Standards for sterilization validation, and we define “sterile” as a sterility assurance level of 10-6.

If the Commission maintained the language of the ISO 14971:2007 Standard, “as low as reasonably practicable,” then manufacturers could select risk control options based upon acceptability of risk. However, the EN version of the risk management standard creates significant challenges for implementation, and we are forced to evaluate the risk control measures we implement against those used by other manufacturers during the process of risk option analysis.

If you are interested in ISO 14971 training, we are conducting a risk management training webinar on October 19, 2018.

Posted in: ISO 14971:2019 (Risk Management)

Leave a Comment (1) →

CE marking 4 digit number for medical devices

fourdigitquestion CE marking 4 digit number for medical devicesThis article explains the purpose and use of a CE marking four-digit number for medical devices, minimum size requirements, and other considerations. 

CE marking a four-digit number

The CE marking four-digit number that is displayed next to the CE mark on some medical devices is the Notified Body (NB) number. If there is no CE marking four-digit number, this means that the medical device is a Class I device that does not require NB involvement (i.e., self-declaration). If the device is a Class I device, and there is an NB number next to the CE mark, then the device either has a measuring function or is sterile.

Requirements for CE marking a four-digit number

The Medical Device Directive is divided into Articles and Annexes. Section 1 of Article 16 indicates that the European Commission is responsible for the assignment of NB numbers. In Article 17, ¨CE Marking,¨ it states: ¨[The CE] shall be accompanied by the identification number of the notified body responsible for the implementation of the procedures set out in Annexes II, IV, V, and VI.¨ Annex XII defines the minimum size (i.e., 5 mm) of the CE. The requirements for the size of the NB identification number is not included in Annex XII, but NBs interpret the requirements for size as half the height of the ¨CE.¨

Companies are responsible for reproducing the CE Mark on their labeling and the product–including the 4-digit number. However, if the space available on the product is too small to allow a 5 mm ¨CE,¨, then the company is not required to reproduce it on the product. Instead, it is sufficient to reproduce the CE Mark on product labeling and the Instructions For Use (IFU). One source of the artwork for the ¨C¨ and ¨E¨ is the Europa website.

If an NB number is required, usually, there are a couple of different orientations that are allowed by the NB. Most NBs specify that the NB number shall be to the right or beneath the “C” and “E.” However, most NBs have specific instructions available for the reproduction of the CE Mark and the proper orientation of their NB number. Often, the NB will also provide artwork for downloading that includes the NB number in one or more orientation.

Product Failure Investigations

Identification of the NB may not seem important; however, the NB number can help caregivers to identify the NB that approved CE Marking of a product when there is an investigation of product failures with an unknown manufacturer. In that case, the NB will then share this information with the appropriate manufacturer to facilitate an investigation. The NB number is also used to differentiate when the oversight by one NB stops, and a new one begins, after transferring from one NB to another.

If someone wants to know which NB is associated with each NB number, the EU Commission operates the NANDO information system as a database, allowing you to search each of the 60+ NBs by CE marking 4 digit number. The database also allows searching by country, annex/article, product, and horizontal technical competence.

If your company is selecting an NB, you can search the product and technical competency categories to identify which NBs are able to issue CE certificates for your product. There are ten possible technical competencies to use as search criteria. For example, if your company manufactures absorbable sutures (i.e., competency, MDS 7009), there are only 32 NBs (shrinking every day) that have the technical competence to assess your Design Dossier for conformity with the MDD.

If your company is developing porcine-based collagen implants (i.e., competency, MDS 7010), then there are only 24 NBs (shrinking every day) able to issue a Design Examination Certificate for CE Marking. If your company needs additional guidance on how to select an NB, you might consider reading a blog on certification body selection.

Posted in: CE Marking

Leave a Comment (1) →

Management Review Meetings: 3 Compliance Issues

Three (3) compliance issues are discussed regarding management review meetings, including procedural requirements, forms and records, and attendance.

poor management review meetings Management Review Meetings: 3 Compliance Issues

Has your company ever received an audit finding or FDA 483 observation for the failure to provide objective evidence of management with executive responsibility attending the management review?

This type of finding is typically followed by a sentence that begins with “Specifically,” and ends with a quotation from the company’s management review procedure. There are three reasons why this finding is so common:

  1. Procedural requirements for attending the management review meeting do not match the actual practice
  2. Forms and records used to document the management review meetings are inadequate
  3. One or more members of the management team just didn’t show up

There are no prescriptive requirements in ISO 13485 or 21 CFR 820 that specify who must attend a management review meeting. Therefore, let’s investigate each of the possible reasons for this finding.

Procedural Requirements

One of the auditors I worked with for several years used to say, “You need to make sure your procedures give you ‘wiggle room.’” He knew from practical experience that managers are busy, and sometimes they can’t attend meetings. He also knew that sometimes job titles change, but your company’s organizational chart and procedures will lag behind these changes. In one of my previous blogs, I indicated that your management review procedure should allow some flexibility. The following are three probable events related to management review attendance:

  1. Management review requires rescheduling,
  2. Some of the management team is unable to attend
  3. Some of the management team can only participate by conference call

Rescheduling Management Review Meetings

Most companies document the requirement for when reviews must be conducted in the management review procedure. For example, “The management review shall be conducted during the first month of each quarter to review quality metrics from the previous quarter.” Instead, I recommend stating that at least two management reviews shall be conducted each year, and the date of the next management review shall be scheduled as part of the action items during each management review. Your procedure should also state that additional management reviews should be scheduled during periods of significant change to ensure the continued effectiveness of the quality system.

Even if you follow my advice for scheduling management reviews, you still need a mechanism for rescheduling the management review if an emergency comes up. I recommend allowing only the most senior manager on-site and the management representative to have the authority to reschedule the meeting. You can use Microsoft Outlook as a tool for communicating the rescheduled date to top management, but action items from the previous management review should reflect the change. Action items in your management review are quality system records, while printouts of your calendar are not. You should also consider placing a time limit on how far in the future, a management review can be rescheduled.

Delegating Attendance of Management Review Meetings & Conference Calls

To address #2 in the possible scenarios listed above, I recommend that your procedure allows for management to send a delegate in their place to a management review. I also recommend that your procedure allow managers to attend meetings remotely (i.e., via conference call, Webex, etc.) to address #3 listed above. However, management should be making every effort to attend the management review live, and everyone should be able to review the review inputs (i.e., Clause 5.6.2a-h) before the meeting.

Forms & Records of the Management Review Meetings

Management review meeting minutes are records that must indicate who was in attendance. If your procedure indicates that a specific job function should be represented at the Management Review, you need a form that is designed specifically to provide objective evidence that this person attended. Therefore, instead of listing job titles on the attendance sheet, or just using blanks for attendees to sign, you should have a form that lists the job titles. If a delegate is sent, they should indicate that they are the delegate authorized to sign for the absent member of top management.

Skipping the Management Review Meetings

Management review meetings are regulatory requirements and are intended to improve your quality system. If you can’t attend, you need to review the review inputs before the meeting and provide feedback. You should also assign a delegate who is supposed to take notes and represent the function of the manager that is not present. If you have been assigned the responsibility of preparing an input slide to the review, then you still need to provide this even if you are not present. If you are the management representative, and someone fails to provide slides for the management review, I recommend asking the assigned person to provide hard copies for each of the attendees. If the person doesn’t do this, indicate in the meeting minutes that inputs in one area were not available, and add an action item to the meeting conclusions regarding the need to address this gap.

FREE Webinar

If you are interested in a free management review webinar on this topic, please sign-up for our webinar. The webinar will also be available as a free recording for anyone that is registered. Registrants will also receive a copy of the webinar slide deck and a copy of the Medical Device Academy’s Management Review template.

Posted in: ISO Certification

Leave a Comment (0) →

4 Things to Know When Selecting a Medical Device Consulting Firm

choosing a consultant 300x300 4 Things to Know When Selecting a Medical Device Consulting FirmThe author reviews four things to know when selecting a medical device consulting firm, including defining the project scope, interviewing, budget, and contract. 

Medical Device companies utilize consultants for various reasons, including a lack of technical expertise within the company, avoidance of hiring full-time employees for a relatively short-term project and gap analyses for FDA readiness, or notified body audit. Have you ever been tasked with choosing a consultant to help with a critical project, but the consultant you selected failed to meet your needs? Not to worry, you’re not alone. Unfortunately, consultants sometimes make commitments for work; they are not qualified to do. Here are four critical areas to consider when selecting a consultant to help ensure a positive and productive experience.

1. Defining the project scope

Ensure that the scope, timeline, roles of the consultant/ internal company team, and deliverables are crystal clear during consultant interviews and defined within the consulting contract. Do you need advice or suggestions to be carried out by your internal team? Or is “hands-on” work required (writing procedures, conducting training, executing audits, etc.)? I’ve discovered that “hands-on” can mean something entirely different to your company and the consultant. If it’s not clear who is doing the actual work, your internal resources may end up doing the work that was intended for the consultant.

Once the project scope has been clearly explained, ask the prospective consultant to provide a brief document describing how they would approach the project. This will be helpful later on when drawing up the contract. Ask which software or systems the consultant will be using to keep your project on track. A consultant who does not have any version of project management on their laptop, or is unfamiliar with such tools, is a red flag.

Make sure you select a consultant or consulting firm that matches the size of your project. Select and interview three to five companies, based on the size and complexity of the project. If the project primarily involves working at your location, consider the additional cost and travel time from where the consultant(s) is located. If the project allows for working remotely, focus more upon the project management aspects mentioned in the previous paragraph, and how your company will communicate with the consultant.

2. Interviewing

When selecting your consultant, don’t base your decision on word of mouth, or someone that you pick randomly online. Interviewing is an essential part of the selection process. Be wary of a consultant who talks more than listens, especially if the conversation is about their illustrious career. This person should be focused on the scope of your project and asking questions about your company and the project team. You also need to beware of consultants with a condescending attitude. If you are an experienced medical device professional, and the consultant starts to explain the definition of GMP, the consultant has not taken the time to understand their audience. Any consultant that is this disrespecting deserves to be chopped from your list of potential service providers early. 

Don’t limit interviewing to the experience of the lead consultant or owner of the consulting firm. Make sure that you also have a resume or CV for each of the other consulting members that will be working on your project. Imagine the dismay of your internal team when you discover that the owner of the consulting firm has hired friends or former colleagues with little or none of the needed expertise. To prevent this scenario from occurring, include a technical person on the interview team to challenge the expertise of the consultant. This will help you identify a firm that knows all the right buzz words but lacks the knowledge to accurately implement the deliverables and reduce regulatory risk within your company.

Ask for and check references for past clients for whom they have done similar work. Ask for examples of work reports that the consultant has completed for other clients—with any confidential information removed. This is critical in determining if the final job will be “fluff” or real solutions for your company. It will also avoid the “one size fits all” procedures and processes that can rarely be beneficial for your company’s needs. Ask for examples of “out of the box” thinking and best practices that they’ve implemented. How do they remain current on the regulations and standards?

3. Budget

Cost should not be the only determining factor in selecting a consultant. When you’re choosing someone to pave your driveway, you may be able to get away with this. When choosing a consultant for your medical device company, you want several bids, and you want to ensure that each party is bidding against the same scope and deliverables. However, choosing the least expensive bid over the one with the most expertise and best reputation may cost your company more in the long run if the work isn’t properly done or completed on time.

4. Contract

Contracts must be very specific with regard to milestones, timelines, and deliverables with respect to the payment schedule. What recourse does your company have when a consultant assures you during the interview process that they can meet your every need and then doesn’t. No company wants to have to pay for work that hasn’t been done and may never get done.

Be clear about work accommodations – office, cube, conference room, phones, access to printers and company databases, so that there are no misunderstandings once the job starts or excuses for why the work can’t get done “under these conditions.” 

Conclusion

Choosing the right consultant for your company is critical. They don’t come cheap, and if your staff could accomplish the work, you would not be hiring a consultant in the first place. If you are careful in your selection of a consultant or a consulting firm, you may be rewarded with a new partner that can help you grow your business for many years.

Posted in: Project Management

Leave a Comment (0) →

Medical Device CE Mark: Is ISO 9001 Certification Required?

For the medical device CE mark: is ISO 9001 certification required? The advantages and dangers of focusing too much on ISO certification are also reviewed.

ISO 9001 is a general quality management system standard, and ISO 9001:2008 is the most recent revision. The focus of that ISO 9001 is customer satisfaction and continual improvement. For medical devices, the applicable international Standard is ISO 13485:2003. This Standard is based upon the ISO 9001 standard, but clauses were added for the specific needs of medical device regulations. Also, the focus of the Standard was changed:

table faq 6 Medical Device CE Mark: Is ISO 9001 Certification Required?

For CE Marking of medical devices, there is a European National version of the Standard: EN ISO 13485:2012 (http://bit.ly/ENISO13485-2012). This is the official harmonized version of the Standard, and certification to EN ISO 13485 presumes compliance with the applicable European New Approach Directives (http://bit.ly/PlenaryVoteBlog). It is not, however, “required” to be ISO certified to either Standard for CE Marking.

If a company chooses not to be certified to a harmonized standard, then the company must:

  1. Be audited to one of the New Approach Directives by their Notified Body, and
  2. Demonstrate how the quality management system they have created complies with the requirements of the applicable Directive(s).

Advantages of ISO certification

The primary advantage of ISO Certification is that your quality system is standardized. Standardization makes it easier for auditors to do their job, and for companies to implement “off-the-shelf” solutions for routine issues that most medical device companies are faced with. Your customers will recognize international standards, and this increases consumer confidence. It has been a considerable benefit to the European Union (EU), because the EU Member States (http://bit.ly/CECountries) have been able to rely heavily upon international standards, instead of having legal debates over nuances between technical Standards developed by each member state.

Another advantage of using harmonized ISO standards is that regulators can establish minimum requirements for all companies. In my experience, the ISO standards are more burdensome for low-risk devices than is probably necessary. However, the ISO standards are often less burdensome for high-risk devices than is perhaps necessary. For the CE Marking process to work effectively, manufacturers must be the experts for their specific device and know when it is required to do more than the minimum. For example, there is an ASTM test specification for cyclic testing of orthopedic implants. Still, recent experience with metal-on-metal (MoM) implants has demonstrated that the ASTM test method is not an adequate predictor of long-term safety and performance. If manufacturers do not develop this expertise, then technical reviews for CE Marking can be quite painful and drawn out as the reviewer is forced to educate the manufacturer on the “State of the Art.”

Dangers of focusing too much upon ISO certification

I find that most medical device company managers are well aware of the ISO 13485 requirements today, but I also believe that many are less aware of the requirements of 21 CFR 820 (http://bit.ly/21CFR820-25) than they were before ISO 13485:2003. Some consulting clients have managers that believe certain regulatory requirements are “just an ISO thing.” It concerns me when the Top Management of a company doesn’t understand basic differences between ISO certification, compliance with 21 CFR 820, and other regulatory requirements. It is the responsibility of the Management Representative to promote awareness of regulatory requirements throughout the organization (i.e., ISO 13485, Clause 5.5.1c). Still, the Management Representative needs the support and commitment of Top Management to promote awareness effectively.

CAPAs, Internal Audits, and Management Reviews are core processes of the ISO 13485 standard. Still, these are also regulatory requirements for the US FDA, Health Canada and CE Marking medical devices in Europe. ISO 13485 Certification, however, is only a mandatory requirement for Canadian Medical Device Licensing (http://bit.ly/FindCMDR). Companies need to focus on the core processes of the quality system and get these right first. In many ways, I would prefer to see companies develop their quality system architecture that best fits their needs. One company I audited did this. Their company has “Leadership Principles.” You can map all of the clauses of ISO 13485 to a specific “Leadership Principle” at that company, but there are requirements included in their principles that exceed the requirements of ISO 13485. If there were no ISO standards, we might see more creative thinking and innovation in the area of quality management systems. Therefore, I encourage every Management Representative to challenge the status quo and to think of ways to improve beyond ISO standards AND meet regulatory requirements.

Posted in: CE Marking

Leave a Comment (0) →

Medical Device Management Review Procedure Improvements

management review Medical Device Management Review Procedure ImprovementsThe author provides suggestions for improving the writing of your medical device management review, scheduling meetings, and engaging top management. 

If the US FDA is not allowed to see Management Review meeting minutes, why were there one-hundred and seven 483 inspection observations against the Management Review process in FY 2012?

The US FDA is also not allowed to view records for internal audits and supplier audits, but there are 483 observations for these processes too. The FDA will assess the effectiveness of these processes by reviewing your procedures by verifying that you have a schedule, and you’re sticking to it. The ultimate test is to look for CAPAs initiated from these processes.

To avoid a 483 inspection observation against your Management Review process, you need four things:

  1. Procedure for Management Reviews
  2. Schedule for your Management Reviews
  3. Template to prevent errors
  4. The top management team that is trained

Writing a Medical Device Management Review Procedure

There is no requirement for a Management Review procedure in ISO 13485, but 21 CFR 820.20c states that the quality system shall be reviewed “at defined intervals and with sufficient frequency according to established procedure.” This frequency may be documented in the Quality Manual, or a Management Review procedure.

If you choose to write a procedure, keep it simple and reference a controlled template that includes each of the requirements listed above. Your procedure should also allow flexibility for each of the following probable events:

  1. Management Review requires rescheduling
  2. Some of the Management Team is unable to attend
  3. Some of the Management Team can only attend by conference call
  4. An action item from a previous review is left incomplete
  5. An action item is changed after the Management Review
  6. There is insufficient time available to review all the inputs during a single Review

Your Schedule for a Medical Device Management Review

The most common procedural requirements for the frequency of Management Reviews are:

  1. At least once per year
  2. Semi-annually
  3. Quarterly

Most companies choose to require a schedule of “at least once per year,” but what’s the point of reviewing quality system data from last February in January?

13485 Plus is a guidance document for the implementation of ISO 13485. Section 5.6.1 of the guidance document states, “If changes are planned or being implemented, more frequent reviews are normally needed.” Some companies even include this statement in their Management Review procedure. Unfortunately, most companies do not remember to change their schedule when they plan significant changes to their quality management system—such as mergers, new product launches, or an employee lay-off.

Every Management Review should include an action item scheduling the next Management Review. The timing of the next Management Review should reflect changes planned for the quality system and improvements needed to maintain effectiveness.

Conducting more than one Management Review also gives you the flexibility, assuming your procedure allows it, to review only some of the required inputs during a single Management Review. If you are short of time during your next management review, you could intentionally skip a required element. However, this approach also requires that you track which elements have been covered during your annual schedule and which elements were not. Any skipped elements must be covered at least once during the annual schedule for Management Reviews.

A Template for Medical Device Management Review

One of the most common nonconformities during an ISO audit is a finding that one of the required inputs or outputs was not included in the Management Review. The best way to ensure you don’t forget something is to use a template that is maintained by your document control process. This template should include the following:

  1. Eight Inputs (ISO 13485, Clause 5.6.2)
  2. Three Outputs (ISO 13485, Clause 5.6.3)
  3. Review of the Quality Policy (ISO 13485, Clause 5.3)
  4. Review of the Quality Objectives (ISO 13485, Clause 5.4.1)
  5. Review of the QMS effectiveness (ISO 13485, Clause 5.6.1)

The last item should be a conclusion in your management review meeting minutes. Often, the conclusions are worded in the following way, “The Quality Management System remains suitable, adequate and effective—with the exception of the areas that have been identified as requiring corrective actions in this management review.”

Engaging Top Management

Roles and responsibilities for the Management Review must be assigned. Some leaders choose to assign 100% of the Management Review to the Management Representative, and then the same executives complain that reviews are boring and take too long. To get the management team engaged, the responsibility for preparing reviews must be assigned to all members of the team. The Management Representative is responsible for “reporting to top management on the performance of the quality management system and any need for improvement.” Still, the ISO Standard does not imply that the representative cannot seek help from the rest of the team.

Each member of top management should be assigned responsibility for preparing and reporting on the part of the Management Review. This approach will ensure that all members of the management team are involved and engaged in the process. Your team may be assigned to work in pairs or smaller teams. Your team’s responsibilities may also be rotated to ensure that each member of the team is cross-trained and understands the importance of each Management Review requirement.

Before you can expect your management team to accept responsibility for preparing and reporting on the performance of the quality management system and improvement needs, Top Management needs the training to understand each of the requirements.

Free Webinar Training

Medical Device Academy also offers free webinar training on the Management Review process. If you are interested in training your top management team, please register for this management review webinar. It will also be available as a free recording for anyone that is registered. Registrants will also receive a copy of the webinar slide deck and a copy of the Medical Device Academy’s Management Review template.

 

Posted in: ISO Certification

Leave a Comment (3) →

6 Points for Effective Training on Medical Device QMS Procedures

%name 6 Points for Effective Training on Medical Device QMS ProceduresThe author provides 6 points for conducting effective training on medical device QMS procedures, including questions to ask for building consistent procedures.

Your Quality Management System (QMS) needs to provide objective evidence (i.e., records) that your staff is trained on procedures they use, and that their training was effective. You must also establish documented requirements for competency. The following examples might help:

  1. A record of you attending a course is a training record.
  2. A record of your taking and passing an exam related to that course is a record of training effectiveness.
  3. A record of you performing a procedure, witnessed by the trainer, is a record of competency. Your resume can also be a record of competency.

Unless a change is trivial in nature, signing a piece of paper that states you read and understood a procedure does not demonstrate training effectiveness. Learning and training are active processes that require engagement and interaction.

In a previous blog (http://bit.ly/12PartSOPTemplate), I described a slightly different procedure structure with some extra sections. There are a number of benefits to that structure, one of which is that the structure facilitates training. The additional sections are referred to in this blog. Whatever template you use, consistency of structure, and presentation across your procedures makes the procedures easier to learn and increases usability.

6 Points to Consider for Effective Training on Medical Device QMS Procedures

  1. Training requirements. For a new procedure, decide early in your writing which roles require training, what content is needed, and to what level is competency necessary. The example below is a table from a Quality Auditing procedure. The table shows the different requirements for different roles. I prefer to put this information in the procedure document—where it is unlikely to be overlooked or forgotten.training procedure 6 Points for Effective Training on Medical Device QMS Procedures
  2. Open book? For each of the roles listed above, determine whether you need trainees to be able to follow the procedure without the document at hand, or to know the procedure, and be able to find what they need.
  3. Training method. One-on-one or group? Classroom style, on-job, or remote? This depends on your company, nature of the procedure, and your requirements above.
  4. PowerPoint or not? My preference is to walk trainees through the procedure, actually have them flipping the pages and writing notes on it. If I use PowerPoint, it’s to clarify the structure and emphasize important points.
  5. Control of training copies. Paper copies of procedures and forms used for training should be controlled. Your Document Control procedure should allow for clearly marked “Training” copies to be available before the effective date. Make sure your training also reminds trainees where to find the official released a copy of procedures after training is completed.
  6. Control of training material. Include your slides, training scenarios, quizzes, etc. in your document control system. Review and revise them each time you change a procedure. 

Building Consistent Procedures: Questions to Ask and Recommendations

Use a consistent structure for your procedures, then build a consistent training structure around that. The predictability in structure will improve the effectiveness of your training.

  1. Purpose. Why are we doing this? What is the outcome we are after?
  2. Scope. When do I use this procedure? When do I not, and what do I do as an alternative?
  3. References. How does this interface to other procedures? Turtle diagrams or interface maps are useful here
  4. Definitions. Unfamiliar jargon, and terms that are used in a very specific way in this procedure
  5. Risk. What risks does this procedure address? How does this affect the design of the procedure – why are we doing it that way? Refer to my earlier blog (http://bit.ly/12PartSOPTemplate) where I explain how to include this in each procedure
  6. The procedure. Walkthrough the flowchart, explain the accompanying notes, relate the procedure flow to the responsibilities and authorities outlined earlier in the procedure
  7. Records. What do I do with the completed records from this procedure? Where do I find a copy when I need it?
  8. Examples. I suggest a training version of the form (which should be available later for reference) with guidance and examples
  9. Practice. Provide a scenario and a blank form for trainees to work through, individually or in groups
  10. Testing. Check that the training has been effective. The role competencies that were defined earlier are the basis for the effectiveness criteria for a procedure. This training module may be enough to achieve that level, or a broader training program may be required to ensure operational level competence. See Rob Packard’s blog on training exams for more advice on testing (http://bit.ly/TrainingExams)

Posted in: ISO Certification

Leave a Comment (0) →

IEC 60601 Medical Electrical Equipment Classification: FAQs

IEC 60601 medical electrical equipment classification frequently asked questions are discussed in this blog. 

subclause IEC 60601 Medical Electrical Equipment Classification: FAQs

All clause references in this blog are to both IEC 60601-1:2005 (3rd edition) and IEC 60601-1:2005 (3rd edition) + Amendment 1:2012 (http://bit.ly/IEC60601-1am1), or the consolidated version IEC 60601-1:2012 ed. 3.1, but the actual text comes from edition 3.1 (http://bit.ly/IEC60601Consolidated).

*Note: ALL CAPITAL LETTERS identifies a defined term for the IEC 60601 series of standards within this blog.

What are the various classifications that are used in IEC 60601-1, edition 3.1? – The table at the beginning of this blog posting identifies the five parts of the Classification section. Each classification is described in more detail below.

Why do I need to classify my product for IEC 60601-1, 3rd ed.? – The standard says you have to classify …ME EQUIPMENT, or parts thereof, including applied parts… as noted in sub-clause 6.1. But a more practical reason you would want to classify your products that fall under the scope of IEC 60601-1 (http://bit.ly/60601scope) is it is a helpful tool in identifying the requirements that apply to the device and helps us in determining the test plan for the product to be tested.

What is an applied part? – The definition of an APPLIED PART is in sub-clause 3.8 of the standard. It states that an APPLIED PART is “part of ME EQUIPMENT that in NORMAL USE necessarily comes into physical contact with the PATIENT for ME EQUIPMENT or an ME SYSTEM to perform its function.” So, it can be a cable, lead, electrode, or many other parts of an ME EQUIPMENT, or an ME SYSTEM that is intended, by the manufacturer, in its NORMAL USE to come in contact with the PATIENT.

What are the classifications for Protection Against Electric Shock? –Two classifications fall under sub-clause 6.2 of the standard: 1) the power source, and 2) applied parts. Power sources can be an external power source and is either classified as a class I or class II ME EQUIPMENT or an internal power source, which is classified as INTERNALLY POWERED MEDICAL EQUIPMENT.

Power Sources – External Class I, External Class II, or Internal – Class I provides its protection against electric shock by having an additional safety ground (known as PROTECTIVELY EARTHED) that is connected to the internal and/or external conductive parts (metal) of the power source. Class II provides its protection against electric shock by having an additional layer of insulation beyond that of BASIC INSULATION (a single layer of insulation) and is provided either by DOUBLE INSULATION (two layers of insulation) or by REINFORCED INSULATION (the same as for DOUBLE INSULATION, but as one insulation system that is twice as thick, typically). An internal power source is usually a battery.

Applied Parts – B, BF, CF (also defibrillation-proof) – The second classification for protection against electric shock is for APPLIED PARTS. APPLIED PARTS are classified in one of six ways, and a product can have more than one type of APPLIED PARTS. The classifications for applied parts are type B, BF, or CF. Each of these three classifications can be DEFIBRILLATION-PROOF APPLIED PARTS for a total of 6 classifications. There are six separate symbols for these APPLIED PARTS, and they are noted in the table below, which comes from Table D.1 of Annex D of the standard.

symbols IEC 60601 Medical Electrical Equipment Classification: FAQsWhy do we have classifications for protection against electric shock? – Protection against electrical shock is important because electric shock is one of the main areas of concern in most electrical safety standards as the shock hazard can cause harm to the OPERATOR or PATIENT or even death. The main reason is we want to protect the PATIENT, who may have a depressed immune system from getting an electric shock that could injure or potentially kill the PATIENT. The depressed immune system makes them more likely to be harmed by an electric shock. We also want to consider the OPERATOR of the device, but they should not have a depressed immune system, so the worst-case to consider is the PATIENT.

What are the classifications for protection against harmful ingress of water or particulate matter? – There is a wide variety of these classifications (per sub-clause 6.3 of IEC 60601-1), and they are based on the standard IEC 60529 (http://bit.ly/IEC60529) titled “Degrees of protection provided by enclosures (IP Code).” The IP Codes range from IP00 to IP68, which means respectively no protection against contact and ingress of objects along with not being protected against liquid ingress (IP00) to No ingress of dust; complete protection against contact along with protected against the effects of continuous immersion in water (IP68).  Table D.3, 2nd row (copied below), in the IEC 60601-1 standard details all the classifications in a summary list.

ipnn IEC 60601 Medical Electrical Equipment Classification: FAQsWhy do we have classifications for protection against harmful ingress of water or particulate matter? – The reason we want to protect the ENCLOSURES of the device is to protect against ingress of these items (liquids and particulates), so they reduce the possibility of causing a hazard, such as a short based on bridging the electronics of the device causing potentially a fire hazard, a shock hazard, a thermal hazard, or other potential hazards.

What are the classifications for methods of sterilization? – For any part of the ME EQUIPMENT or its parts intended to be sterilized needs to be classified per the requirements of sub-clause 6.4. Classifications are based on the types of sterilization methods used in the medical device industry currently such as ethylene oxide (EtO), irradiation by gamma radiation, and moist heat by autoclave. The standard also mentions “…other methods validated and described by the MANUFACTURER.” Classification of sterilization methods is critical because each sterilization method presents unique environmental conditions that can adversely affect the ME EQUIPMENT. For example, EtO Sterilization frequently includes a vacuum cycle which may not be suitable for embedded batteries.

Why do we have a classification for suitability in an oxygen-rich environment? – The RISK of fire in an OXYGEN RICH ENVIRONMENT is considered to exist when a source of ignition is in contact with ignitable material (i.e., flammable materials) and there is no barrier (i.e., a solid enclosure) to prevent the spread of fire.

What are the classifications for modes of operation? – There are two modes of operation described in IEC 60601-1, edition 3.1: 1) CONTINUOUS OPERATION, and 2) non-CONTINUOUS OPERATIONS. When a device is classified as non-CONTINUOUS OPERATION, there is some type of duty cycle involved, so the device is rated properly. A duty cycle means the device is rated to be on for a certain period of time and off for a certain period of time. Many times the duty cycle is required, so a device may pass the EXCESSIVE temperatures in the ME EQUIPMENT test in sub-clauses 11.1.1 & 11.1.2 so as not to exceed the limits of the test requirements.

Leo Photo Cropped IEC 60601 Medical Electrical Equipment Classification: FAQsIf you have questions about this topic or need help with compliance to the IEC 60601 series of Standards, you can email Leo Eisner (http://bit.ly/ConnectwithLeo) directly at Leo@EisnerSafety.com or call Leo at +1-(503)-244-6151. He is the owner and founder of Eisner Safety Consultants (http://bit.ly/LeoEisner).

Posted in: IEC 60601

Leave a Comment (3) →

EU Mandates Fast-Tracking Changes to the CE Mark Approval Process

EU Parliament is fast-tracking changes to “New Approach” and the CE Mark approval process. Impact of October 22 plenary vote is reviewed and predictions made.

newapproace2.0 EU Mandates Fast Tracking Changes to the CE Mark Approval Process

The “New Approach” was applied to CE Marking of medical devices in the 1990s when member states adopted three “new approach” directives specific to medical devices:

  1. Medical Device Directive, 93/42/EEC (http://bit.ly/M5MDD),
  2. Active Implantable Medical Devices Directive, 90/385/EEC (http://bit.ly/AIMDDirective), and
  3. In Vitro Diagnostics Directive, 98/79/EC (http://bit.ly/currentIVDD).

The “Old Approach” Directives were extremely detailed. EU member states introduced national standards and regulations faster than the Commission could finalize the “Old Approach” Directives. These national standards and regulations created trade barriers within the EU. Therefore, on May 7, 1985, the European Council resolution was proposed as “a new approach to technical harmonization and standards” (http://bit.ly/CouncilResolution1985).

Basics of the “New Approach”

The “New Approach” Directives (http://bit.ly/EuropaNewApproach) rely heavily upon International Standards, and the Directives are limited to Essential Requirements for Health & Safety. Implementation of the “new approach” directives allows for medical devices to be CE Marked by the manufacturer if the manufacturer completes one of the conformity assessment procedures identified in the applicable Directive.

Typically, Class I devices are self-certified by the manufacturer, while Class IIa, IIb and Class III devices require Notified Body (NB) involvement. Each NB interprets the Directives slightly differently, and the competent authority presiding over each NB audits the NB for compliance with the Directives. These differences are not ideal, but the process enables rapid approval of CE Marking applications because there is no centralized review process—unlike the US FDA.

The Council Resolution of 1985 states that the EU Commission shall review new International standards to determine if the standards are harmonized with the requirements of the applicable Directive (s). If not, the Commission may identify the shortcomings of those standards. A list of the harmonized standards is maintained on the Europa website. The following is a link to the standards harmonized with the MDD: http://bit.ly/ENHarmonizedStandards. For more information about the implementation of the “New Approach,” you can download a guidance document from the Europa website: http://bit.ly/Resolution85.

Politics of the Plenary Vote

Erik Vollebregt (http://bit.ly/ErikVollebregt) wrote an excellent analysis on October 21 (http://bit.ly/10minutestomidnight) about the flaws in the rapporteur’s (http://bit.ly/DagmarRoth-Behrendt) arguments for the draft legislation. In one of his earlier blog postings, however, he predicted that the EP would vote in favor of the draft legislation. Amanda Maxwell (http://bit.ly/AmandaMaxwell) wrote another article in Clinica on October 18 (http://bit.ly/TwoPossibleOutcomes). She predicted two possible outcomes.

The first possible outcome was a mandate from the EP for the rapporteurs to negotiate a final text for the Medical Device Regulations (MDR, http://bit.ly/DraftMedicalDeviceLegislation) with the European Council (i.e., fast-track procedure).

The second possible outcome was a vote of the text as the first reading position of the EP. Due to the European legislative process (http://bit.ly/EULegislativeProcedure), this outcome would result in a delay of final approval of the MDR beyond the April 2014 elections in Europe. On October 12 (http://bit.ly/EMDR-Frankenstein), I stated that I hoped for outright rejection of the draft legislation. Still, I predicted that we would have the worst possible outcome—an EP mandate to negotiate a final text with the Council.

Flawed Interpretations by the EU Commission

Instead of relying heavily upon International Standards, the EU Commission is identifying minor differences between the Directives and the International Standards. In the past, these differences would be resolved when competent authorities issued a guidance document (i.e., MEDDEVs). However, now the Commission is proposing to adopt new Common Technical Specifications (CTS) instead. This provision for adopting a CTS is found in Article 7 of the proposed regulations. The compromise amendments retained the provision in Article 7 for adopting a CTS, but Amendment 7 now indicates that a CTS shall only be adopted when harmonized standards do not exist, are not likely to be adopted within a reasonable period, “have become obsolete or have been demonstrated as clearly insufficient according to vigilance or surveillance data.”

The seven deviations identified in the EN ISO 14971:2012 Standard (http://bit.ly/riskblogs) are an example of how the EU Commission is using literal interpretations of the Directives to subjugate the CE Marking process to a corrupted version of the ground-breaking “New Approach.” The details of the EP changes are not yet available, but I suspect Amendment 7 will not change. What is also unclear is if the Commission will continue to insist that International Standards do not meet the letter of the law and therefore are inadequate. It is quite scary to think that politicians and lawyers believe they know better than a committee of international subject matter experts.

An EP Improvement? – New Approach v2.0

The Plenary vote today introduced some new regulations that did not exist in the draft legislation, and the EP mandated negotiation with the Council. Early reactions to the vote were published by Eucomed (http://bit.ly/EPImprovement) and Clinica (http://bit.ly/Clinica-EUFast-Track). These reactions were more positive than I expected, but I fully expect Eucomed to return to its position of criticizing the EP version of regulations before the holidays arrive.

The European Parliament (EP) is rewriting the strategic plan for medical device regulation in Europe. Eliminating the European Medicines Agency from the mix (Article 44a) and replacing it with an “improved” scrutiny process (Article 44, rev 2?) will not substantially accelerate approval of CE Marking applications for high-risk devices. Companies are already frustrated by delays at Notified Bodies and multiple rounds of questions during the review process. The addition of scrutiny by the proposed Medical Device Coordination Group (MDCG), established in Article 78 of the proposal, will increase the costs and delays associated with the CE Marking process. Instead of a streamlined process that allows innovative medical devices to get to market quickly, the EP has created a Frankenstein of regulatory bodies that will result in skyrocketing healthcare costs and bring the flow of innovative devices to a screeching halt.

The EP has mandated that the rapporteurs negotiate a final text with the Council. The EP knows that the member states cannot afford this “stricter” process, and medical device companies cannot afford it either. I predict this will be an ugly political war between the Council and the EP. I also have zero confidence that the EP approach to the MDR will prevent scandals and unsafe products from getting to market. Scandals (http://bit.ly/MHRAReport) and safety issues associated with Metal-on-Metal (MoM) hip implants (http://bit.ly/MoMImplantLessons) are post-market problems—not weaknesses in the CE Marking approval process. I hope that the Council’s counter-proposal to the rapporteurs will be different, but what if it’s worse?

Is anyone interested in learning about Canadian Medical Device Licensing (http://bit.ly/ClassificationforHC)?

Posted in: CE Marking

Leave a Comment (0) →

Creating Effective Quality Management System Training Presentations and Exams

The author reviews methods for developing a quality management system training presentation and exam to demonstrate training effectiveness for QMS procedures.

Training certificate Creating Effective Quality Management System Training Presentations and Exams

Training records are a basic expectation for any quality system (i.e., Clause 6.2.2 of ISO 13485), but demonstrating effectiveness (Sub-Clause 6.2.2c) and competency (Sub-Clause 6.2.2a) is also required (http://bit.ly/21CFR820-25 and http://bit.ly/13485Plus). Verifying training competency will be the subject of a future blog, but this blog focuses on the most common method for demonstrating training effectiveness—an exam.

Resource Needs

The challenge with creating a training exam is that it takes a serious time commitment to create a training presentation, to write an exam, to grade the exam each time an employee is trained, and issue training certificates. Each time you revise the procedure, you need to decide if retraining is required and how you will verify the effectiveness of training on the revised procedure. Finally, you need qualified trainers with appropriate documentation of their competency.

The larger your company is, the more value you will realize from creating training exams. Unfortunately, larger companies usually have more procedures too. It typically takes me 2-4 hours to develop a new training presentation for a process or procedure. I am currently developing training presentations for a small drug/device company that will have approximately 30 procedures. Therefore, it could take 60-80 hours to create training presentations for all the procedures.

Quality Management System Training Presentation Content

We have developed training courses for critical processes, such as CAPA, internal auditing, and design controls. Medical Device Academy will also be offering a free webinar in November on the topic of conducting more effective Management Review meetings. For other processes, such as calibration, we recommend the following step-by-step approach:

  1. Overview slide of requirements
  2. A slide for each sub-clause
  3. An example of how the procedure is applied
  4. An overview of the procedures’ key points

Our calibration procedure required a total of 11 slides—including a title slide and a slide for contact information. We also included a cross-reference to the applicable section of the procedure for each sub-clause of the ISO 13485 Standard (i.e., 7.6a, 7.6b, etc.). A balance used to weigh components was the training example, and there was a slide that explained essential considerations that can affect the accuracy of a balance.

During the process of creating the training presentation, we noticed that one of the sub-clauses of ISO 13485, 7.6, was not addressed by the procedure. Therefore, our systematic approach simplified the creation of a training presentation, and the strategy helped to identify a nonconformity in the procedure before it was released.

Exam Content

For training exams, we try to ensure that exam questions are objective and easy to grade. Therefore, most exams are ten questions. Questions are typically fill-in the blank type of questions or multiple-choice questions. “Trick questions” are not recommended, but we do recommend using questions that force the trainee to look-up the answers. This will force the trainee to become more familiar with the procedure.

For our calibration training exam, we could easily have one question corresponding to each slide, but not every sub-clause requirement is equally important. Therefore, we always try to include a question related to the most common things auditors and FDA inspectors will be looking for.

The calibration process includes a requirement to assess the impact on a product if a measurement device used for inspections is found to be Out-Of-Tolerance (OOT). Is there a need to retest or even recall products?

Almost every auditor I meet asks the above question during an audit, and most will even request records of calibrated devices that were found OOT.

Grading & Certificates

We typically use 70% as the criteria for passing an exam. The exams are protected forms with spaces to fill-in and checkboxes. There are also spaces for the trainee’s name, title, and date of the training. Exams are emailed to the instructor, and the instructor will unprotect the document. The correct answers are indicated by highlighting the choice in green. Incorrect answers are indicated by highlighting the choice in red. Explanations for why an answer is incorrect are added after the question and highlighted in yellow. The graded exam is then emailed back to the trainee—along with a training certificate similar to the one shown at the beginning of this blog.

Retraining

Brigid Glass wrote a blog posting recently (http://bit.ly/12PartSOPTemplate), where she recommended including a section on training and retraining requirements in each procedure. The challenge with revised procedures is that retraining is not always required. If retraining is needed, we recommend the following approach:

  1. Create a separate retraining exam
  2. Include a question(s) specific to the procedural revisions
  3. Include a question(s) specific to recent nonconformities in the process (if any)

If you are interested in learning more about procedures, records, and training as it relates to ISO 13485 Certification, Brigid Glass and I will be teaching a seminar hosted by FX Conferences on November 5. The following link includes a $50 discount code for the seminar: http://bit.ly/ISOCertStep4. This is part of a 6-part ISO Certification series that is available as recordings too.

 

Posted in: ISO Certification

Leave a Comment (3) →
Page 20 of 29 «...101819202122...»