Labeling risk controls – Deviation #7 in EN ISO 14971:2012

Requirements for the Instructions for Use and labeling as labeling risk controls for medical devices in ISO 14971.

Residual Risks Labeling risk controls   Deviation #7 in EN ISO 14971:2012This article reviews the requirements for Instructions for Use and labeling as risk controls in the risk management standard for medical devices: ISO 14971. Specifically, the impact of the seventh deviation identified in the EN ISO 14971 Standard is reviewed. This is the 7th and final blog in our EN ISO 14971:2012 risk management series. If you would like additional, risk management training, we have a training webinar.

Why are labeling risk controls not effective?

Labeling, instructions, and warnings are required for medical devices. Unfortunately, the information provided by manufacturers is not effective at preventing hazardous situations and foreseeable misuse–especially if the user throws the paper leaflet in the garbage 10 seconds after the box is opened. Since the information provided to the user and patients is not effective in preventing harm, the European Commission indicated that this information (i.e. labeling risk controls) should not be attributed to risk reduction.

Labeling risk controls do not quantitatively reduce risks

The European Commission is not suggesting that your company should stop providing directions or warning users of residual risks. This deviation intends to identify incorrect risk estimation procedures. For example, if you are using Failure Mode And Effects Analysis (FMEA), (see Annex G.4 of the risk management standard) to estimate risk for a new product, you should not be listing labeling risk controls as the primary risk control. Clause 6.2 of the ISO 14971 Standard correctly identifies “information for safety” provided by the manufacturer as risk controls. Still, the effectiveness of labeling risk controls is so poor that you should not estimate that the implementation of labeling and IFUs reduces risks.

In Clause 2.15 of the ISO 14971 Standard, residual risk is defined as “risk remaining after risk control measures have been taken.” However, I prefer the following definition, which incorporates the concept of clinical evidence, design validation, and post-market surveillance:

“Residual risks are risks that remain: 1) after implementation of risk controls, 2) when products are used for new indications for use, 3) when products are used for wider user and patient populations, 4) when products are misused, and 5) when products are used for periods of time longer than the duration of pre-market clinical studies.”

The second essential requirement (ER2) states that users shall be informed of residual risks, but the conclusion that “information about residual risks cannot be a risk control” is incorrect. The most important wording in the deviation is “the information given to the users does not reduce the (residual) risk any further.” Failure to reduce risks any further is due to the lack of effectiveness of risk controls. Validation of risk control effectiveness should be performed during design validation, but validation will be limited to a small group of users and patients.

Risk management reports & post-market surveillance planning

In your risk management report, risk control options analysis should be summarized. Instead of evaluating risk acceptability before implementing risk controls, risk controls should be implemented, and any residual risks should be identified. A benefit/risk analysis must be performed for each residual risk and the overall residual risks. If the conclusion is that the benefits of the device outweigh the residual risks, then the device can be commercially released.

At the time of the final design review and commercial release, a Post-Market Surveillance (PMS) plan should be developed that includes an updated risk management plan. The updated risk management plan should specifically address how to estimate residual risks and verify the effectiveness of information provided to users and patients. Verification of risk control effectiveness should be part of the design verification and validation activities, but verification of effectiveness should also be part of ongoing PMS.

To facilitate future updates of your risk management report, you may want to organize risk controls into the following categories (in this order):

  1. Design elements (highly effective)
  2. Materials of construction (highly effective)
  3. Methods of manufacture (highly/moderately effective)
  4. Protective measures & alarms (moderately effective)
  5. Information provided to users & patients (least effective)

Each of the above risk controls will need to be addressed by your PMS plan.

Posted in: ISO 14971:2019 (Risk Management)

Leave a Comment (3) →

A Gap Analysis Tool for Updating Your Medical Device Reporting Procedure

new 803 A Gap Analysis Tool for Updating Your Medical Device Reporting ProcedureThis blog shows you where to find the new FDA regulation for medical device reporting ( and the associated guidance document ( There is also an explanation of how to perform a gap analysis to compare your procedure for medical device reporting against the new 21 CFR 803 (

On January 22, 2014, Medical Device Academy posted a blog about how to create your own FDA medical device regulatory updates: That post identified a number of sources on the FDA website where you can locate information about new and revised FDA regulatory requirements. One suggestion was to register for receiving the RSS feeds from the following page: This page is where the FDA’s Center for Devices and Radiological Health (CDRH – posts news and updates.

If you registered for the RSS feed from CDRH, then you received an update on February 13, 2014, announcing the new Part 803 regulation for medical device reporting. This is NOT a cause for alarm. The fundamental change is simple:

Medical device manufacturers will no longer be allowed to submit FDA Form 3500A in paper form. It will need to be submitted electronically through the Electronic Submissions Gateway (ESG) (

ESG Sign-up

This is just another small step for the FDA to move toward digital records, and to integrate with electronic medical records from healthcare providers. The FDA even created a presentation explaining the process for electronic Medical Device Reporting (eMDR). This 8 minute and 45-second presentation are available on the CDRH Learning page: Slide 5 of the FDA’s presentation identifies the six steps for obtaining an account for an ESG:

  1. Get a test account with the ESG
  2. Send a letter to authenticate your digital identity (
  3. Get a digital certificate
  4. Contact CDRH (
  5. Test sending an MDR to CDRH
  6. CDRH approves production account with the ESG

I have been recommending that my clients switch from submission of the paper FDA Form 3500A to eMDR since 2010 when this training became available. Now, you have 18 months to switch over to eMDR before the August 14, 2015 deadline for implementation. Alternatively, you can also outsource your eMDR reporting to a  service provider that already has an ESG (

Comparison of Current & New Regulations

The first step in understanding the specific changes to the regulation is to compare the old and new versions. The new Part 803 regulation for MDR was released as a PDF document, and therefore it does not lend itself to a direct comparison with the previous version of the regulation. Therefore, Medical Device Academy downloaded the new regulation (, and copied and pasted each section into a Word document. We also did this for the current version ( Then, we compared the two Word documents electronically. Finally, we wrote a gap analysis to summarize the differences between the two documents. If you would like to download this gap analysis, please visit the following webpage:

Gap Analysis of Your Medical Device Reporting Procedure

After you download the gap analysis tool that Medical Device Academy created, then you need to perform your gap analysis of your current MDR procedure against the changes in Part 803. You should create a table with one column identifying the section of the regulations, a second column identifying the section(s) of your current MDR procedure that meets the requirements, and a third column to identify changes that need to be made. You might consider adding additional columns for delegating the responsibility of revising various sections of your procedure, and implementing other tasks listed below (e.g., obtaining an account for ESG).

Next Steps

  1. Download the gap analysis of the new and old versions of 21 CFR 803
  2. Review and update your MDR procedure to address the changes to 21 CFR 803 which are identified in the gap analysis
  3. Apply for an ESG WebTrader account for Low Volume/Single Reports
  4. Revise your training requirements for anyone responsible for MDRs:
    1. Complete all four applicable CDRH online training (
    2. Pass a quiz demonstrating training effectiveness (
    3. Review the draft procedure for potential errors or sections that are unclear
    4. Make any final revisions to the procedure based upon feedback from trainees
    5. Implement your revised procedure

If you need help completing the above steps, please contact Medical Device Academy by emailing Rob Packard, or by visiting the webpage for Medical Device Academy’s Complaint Handling and Vigilance group (

Posted in: Complaint Handling

Leave a Comment (0) →

How to Identify New and Revised European Medical Device Regulations

%name How to Identify New and Revised European Medical Device RegulationsThis blog offers tips and information for locating the latest European medical device regulations for your next management review meeting. 

There are two primary websites to check for new and revised European Medical Device Regulations. The first location is the Europa website, where the three “New Approach” directives and proposed European Medical Device Regulations (EMDR) can be found. There is also a webpage on the Europa website for guidance documents. The following website is managed by Team-NB–a group of Notified Bodies.

Europa Website for Locating European Medical Device Regulations

When you  check the Europa website for new and revised medical device regulations, the three most important pages to check are:

  1. – On-going revision of the medical device directives.
  2. – Current medical device directives
  3. – Guidance MEDDEVs

The first page provides periodic updates on the status of the proposed EMDR. The most recent update on this page was September 26, 2012. If you are following this carefully, and you understand the European legislative process, then you know that there was a vote by the ENVI committee reviewing the EU Commission’s proposal in September 2013. You also would know that the Plenary Vote on the proposal occurred in October 2013. Now, the European Parliament has mandated that the rapporteurs negotiate a final text with the Council–which is going slower than Parliament would like.

The second page has the current legislation. It is not always obvious if amendments have been made. Therefore, you need to review each of the directives to see if it is applicable. The last significant change to the MDD was the M5 version on March 21, 2010 (i.e., amendment 2007/47/EC to 93/42/EEC). There was a commission implementing regulation on September 4, 2013. Two amendments were released in 2012: 1) electronic instructions for use, and 2) medical devices manufactured with tissues of animal origin.

Finally, the third page lists each of the guidance MEDDEV documents. This list also identifies the date of the most recent version for each MEDDEV. The most recent change was to the vigilance reporting guidance document in January 2013.

Team-NB Website

The website for Team-NB is On the home page, there is a navigation bar listing archived documents by year. In 2012, there were nine documents released. Several of these documents are related to the PIP Scandal (, which is now old news, but there was one guidance document discussing the transition plans for IEC 60601-1. There were another 12 documents released in 2013. The four most recent documents are confidentiality statements, and five are auditor attestations. Therefore, there are only three new documents of importance to manufacturers:

  1. – guidance on the implementation of electronic Instructions For Use (eIFU)
  2. – 3rd version of the Notified Body Code of Conduct
  3. – FAQs for the implementation of EN 62304

The first document explains two positions from Team-NB. The first position identifies labeling requirements and the use of harmonized symbols for companies implementing eIFUs. The second position indicates that implementation of eIFUs is considered a significant change in the QMS that requires:

  1. Notified Body notification before implementation, and
  2. a list of documents needed by Notified Bodies as objective evidence of readiness for implementation.

The code of conduct includes important details about how the Notified Bodies plan to change the auditing process and qualification of certification auditors to address concerns of the European Council. This includes specific interpretations as to the duration of audits, the duration of an initial Design Dossier review, and the initial plan for unannounced audits by Notified Bodies.

The third document contains 73 frequently asked questions and the response to these questions by Team-NB. There are also four annexes. The 73 questions are organized into the following seven sections:

  1. Scope of EN 62304
  2. Placing Software as a MEDICAL DEVICE on the Market
  3. Life-cycle Processes
  4. Risk Assessment and Risk Management
  5. Classification and Segregation
  6. Specifications, Testing, and Tools
  7. SOUP and Legacy Software

Next Steps

Review each source of information and determine if the document impacts your organization’s quality system and procedures. This gap analysis should be performed by someone familiar with the specific process(es) addressed by the regulations. The most likely actions to be taken are:

  1. initiate specific changes to existing procedures
  2. create new procedures, or
  3. initiate a quality plan for more substantial changes to your quality system

If you need more help preparing for your management review, here’s a link to a free webinar I recorded: You will also receive a management review slide deck.

Posted in: CE Marking

Leave a Comment (0) →

Data Analysis of Medical Device FDA Form 483s Issued in FY2013

The author performed data analysis of medical device FDA Form 483s issued in FY2013. Was Design Controls, CAPA, or complaint handling the number one 483?

The FDA recently updated its webpage for “Inspections, Compliance, Enforcement, and Criminal Investigations” ( The update was the addition of FY2013’s inspection observations (i.e., 483s). Medical Device Academy performed data analysis of the inspection observations report for FY2013. The high frequency of FDA Form 483s referencing CAPA and complaint handling was not a surprise, but the results of the Pareto analysis ( might surprise you.

Pareto Chart FY2013 483s Data Analysis of Medical Device FDA Form 483s Issued in FY2013

Data without Categories Data Analysis of Medical Device FDA Form 483s Issued in FY2013

Ranking of Individual Observation References

If you sort the raw data from the FDA, instead of categorizing the observations first, you see that 21 CFR 820.100(a) (i.e., the CAPA procedure requirement) is the most frequently referenced section. Complaint handling, 21 CFR 820.198(a), is the second most frequently referenced section. CAPA even gets the third spot on the table to the left, while the highest-ranking of an individual section for design controls [i.e., 21 CFR 820.30(i)] is eighth. The problem with this approach is that there 244 different sections to review, and it’s difficult to identify which process areas to focus on. Therefore, Medical Device Academy categorized the data by section first and then sorted the data.

The section of the CFR referenced categorized the data from FY2013. For example, there are 15 different sub-sections related to section 21 CFR 820.198. Therefore, all 15 were grouped under one category. The categorization of the data allowed us to reduce the number of observation references from 244 to 32. By doing this, it was clear that CAPA (11.75%) and complaint handling (10.65%) are more frequently referenced in FDA Form 483s than the next most frequent section—medical device reporting (6.24%). However, categorizing the data first shows that design controls (21 CFR 820.30) were referenced more frequently than any other category in FY2013.

You may also expect to see a large percentage of Form 483 observations issued against management responsibilities. However, section 820.20 (i.e., management responsibilities) ranks 13th out of 32 categories (4.05% in the table below). We even considered that maybe FDA inspectors were issuing fewer 483s against section 820.20 in FY2013 than previous years. However, FY2012 also had slightly more than 4% of the FDA Form 483s issued against this category.

CDRH FY2013 Form 483s Data Analysis of Medical Device FDA Form 483s Issued in FY2013The frequency of 13.25% for design controls may surprise you. However, when all 15 of the different observation references for design controls are combined into one category, there is a total of 582 observations. For the sake of comparison, only 12.68% of the FDA 483 observations were related to design controls in FY2012. Therefore, inadequate implementation of design controls ( remains the most frequently referenced observation.

If you are interested in downloading the Excel spreadsheet that we used to create the above chart and graph, please follow this link:

Preventive Actions

The Pareto analysis can also be used to focus your internal auditors or a mock-FDA inspection. For example, your next audit might start with a review of the CAPA process, since that is the second most frequent observation reference by FDA inspectors ( Next, you may want to audit complaint records and medical device reporting ( These are the third and fourth most frequent observation references. Finally, after you have finished these three areas, you should select a product line that has not been recently inspected by the FDA and perform an audit of the Design History File (DHF):  The auditor should verify that all the changes made to the Device Master Record (DMR) have been documented and validated in accordance with your Design Controls procedure.

In addition to performing a mock-FDA inspection, you should also invest in training of employees in each of the four most critical areas:

  1. Design Controls
  2. CAPA
  3. Complaint Handling
  4. MDRs

Signing a training record to indicate that you read and understood a procedure does not meet the requirements for training personnel. You need to develop a training curriculum for each subject area with practical examples—not just bullet points copied from the QSR. In addition to reading and sharing the blogs that are referenced for each of the above areas, you might also consider reviewing the following blog about training effectiveness:

If you are interested in training courses, Medical Device Academy has a library of pre-recorded webinars available: We also have exams that can be used to verify training effectiveness after each webinar. Please let us know if you are looking for something specific because we develop new customized training webinars every month.

Posted in: FDA

Leave a Comment (4) →

7 Considerations for Outsourcing Medical Device Complaints


complaint handling 7 Considerations for Outsourcing Medical Device Complaints

Investigating medical device complaints can be a time-consuming task. This blog reviews seven considerations for outsourcing medical device complaints.

Two different clients of mine recently mentioned that they are overwhelmed by the amount of time required to investigate complaints and to file MDRs with the FDA. I suggested outsourcing the complaint handling to a third-party service provider, but they were unaware of any suppliers with that capability.

I was already familiar with several suppliers offering these services, but I wanted to know if companies were looking for these services. Therefore, I decided to post a discussion on one of the LinkedIn groups I manage: In just two days, there were 21 different comments. Most of these were from consultants offering their services, but their comments were helpful. For example:

  1. “The majority of complaint handling work typically involves a high volume of less critical tasks. Routine things like ensuring all potential complaints are entered into your system, requesting additional information when its needed, documenting updates when they are received, or drafting complaint/reportability decisions based on company policy are all tasks that can easily be performed by a well-qualified service provider for significantly less than if they were done domestically.”  – Matts Bell
  2. “Direct input into ESG is much better and easier than an additional third party software package, as ESG does change often, and the software companies are not keeping up. Keep in mind that each change digs deeper into the quality system and information. What is acceptable today may not be acceptable tomorrow as the validation keys within ESG tighten.” – Courtland Imel
  3. “I too, have provided outsourced complaint, NCMR and CAPA investigations, customer contacts, and root cause analysis to final disposition, sometimes in an FDA remediation project. But it requires active involvement on the part of the client company, with periodic meetings to discuss each case/its resolution, as well as identified trends/their resolution.” – John E. Lincoln
  4. “In the case of adverse events identified through the litigation process, the company cannot contact the complainant directly because the case is in litigation…Utilizing an appropriate third-party service provider to work with you on this process can make this type of adverse event reporting fast, efficient, and cost-effective.” – Melissa Becker

It is true that parts of complaint investigations must be performed internally—such as failure analysis. You also cannot outsource responsibility for review and approval of complaint records or MDRs. However, suppliers can provide trained personnel that are capable of initiating and completing complaint records, performing follow-up with complainants, and determining if complaints are reportable to the FDA and other countries around the world. One of the suppliers I interviewed can translate adverse event reports for countries that require reporting of adverse events in languages other than English, and they have a professional translator verify accuracy. Some personnel even have a medical background (e.g., nursing).

7 Considerations for Outsourcing Medical Device Complaints 

  1. Find a supplier that has many years of experience helping medical device manufacturers with complaint handling and adverse event reporting (no rookies)
  2. Ask for a demo of the software—web-based software is best (I’ll explain why shortly)
  3. Ask to see their complaint handling procedure and perform a procedure review
  4. Ask how the supplier handles complaint investigations when the product is not returned (
  5. Verify that the rationale for MDR decisions is based upon the FDA requirements in 21 CFR 803 (, and vigilance decisions are based upon MEDDEV 2.12/1 (
  6. Ensure that the software system has a tracking of timelines for complaint handling and reporting already built-in
  7. Ensure the electronic forms are adequately designed for capturing information—not just yes/no checkboxes everywhere

Why is web-based software better than hosted?

The US FDA is moving quickly toward Electronic Submission Gateways (ESGs) as the preferred method of submissions ( Unfortunately, there are frequent changes to ESGs that require software modifications and revalidation ( Therefore, unless you prefer to have a full-time person responsible for revalidation of software, web-based software solutions are typically your best choice for regulatory submission software tools. It’s also convenient to be able to access records and print them out for an FDA inspector from any computer. This eliminates any possibility of a 483 being issued against 21 CFR 820.198(f) (

Posted in: Complaint Handling

Leave a Comment (0) →

IEC 60601-1 patient applied parts for Medical Electrical Equipment-Notes 1-2-3

In this blog, “IEC 60601-1 patient applied parts for Medical Electrical Equipment-Notes 1-2-3,” the author uses many figures to explain critical concepts. 

Note 1: Figures that explain APPLIED PART concepts

In IEC 60601-1, Figures 3 and 4 (shown below) are used to show where different parts of ME EQUIPMENT are located, and to help explain some of the defined terms in a pictorial way.

fig 3 AM IEC 60601 1 patient applied parts for Medical Electrical Equipment Notes 1 2 3


fig 4 IEC 60601 1 patient applied parts for Medical Electrical Equipment Notes 1 2 3

In both figures, the APPLIED PART is intended to come into contact with the PATIENT. Figure 3 shows a CLASS I medical device as per sub-clause 3.13. The device is PROTECTIVELY EARTHED (i.e., grounded), in addition to providing BASIC INSULATION. Figure 4 shows a CLASS II medical device per sub-clause 3.14. The device is not PROTECTIVELY EARTHED. Instead, Figure 4 shows how the design uses two levels of protection, which is a basic tenet of the IEC 60601-1 standard. The two levels of protection used are either DOUBLE or REINFORCED INSULATION.

Figures A.1 to A.7 provide examples of the way APPLIED PARTS and PATIENT CONNECTIONS are identified to apply the requirements for PATIENT LEAKAGE CURRENT and PATIENT AUXILIARY CURRENT. APPLIED PART circuits can provide isolation to other parts of the circuitry in the medical device, and these figures present several options for compliance with SPACINGS (i.e., CREEPAGE and AIR-CLEARANCE), DIELECTRIC WITHSTAND (i.e., HiPot test) and INSULATION requirements. The following discussion is limited to Figures A.1 and A.2. For additional information about Figures A.3-A.7, purchase a copy of IEC 60601-1, edition 3.0 ( or edition 3.1 (

a 1 IEC 60601 1 patient applied parts for Medical Electrical Equipment Notes 1 2 3

Figures A.1 and A.2 show an ECG monitor that includes the monitor, PATIENT cable, PATIENT leads, and ECG electrodes. The critical elements of figure A.1 are:

1)     the APPLIED PARTS includes the electrodes and those parts of the PATIENT leads, or PATIENT cable that need to physically contact the PATIENT in NORMAL USE (sub-clause 3.8 definitions),

2)     application of RISK MANAGEMENT might id other parts of the PATIENT leads or PATIENT cable that needs to treated as APPLIED PARTS because of the probability they will come in contact with the PATIENT, (sub-clause 4.6 requirements), and

3)     the PATIENT CONNECTIONS consist of the ECG electrodes, which are part of the same function of the APPLIED PART.

Figure A.2 below shows the required F-TYPE APPLIED PART insulation incorporated in the medical device itself. The components within the dotted line form the PATIENT circuit.

a 2 IEC 60601 1 patient applied parts for Medical Electrical Equipment Notes 1 2 3

Note 2: Parts that are not APPLIED PARTS may need to be treated as an APPLIED PART

Sub-clause 4.6 and Annex A, sub-clause 4.6, provide additional details that apply to the following paragraph below.

Parts of medical devices that are not APPLIED PARTS, but which touch the PATIENT during the NORMAL USE of the device, may need to be treated as APPLIED PARTS. In this case, the part shall not be marked as an APPLIED PART. A RISK ASSESSMENT PROCESS needs to be conducted to determine whether the parts that come in contact with the PATIENT but aren’t APPLIED PARTS should meet the requirements of APPLIED PARTS. Figures A.4 through A.7 all have a statement that roughly states: “The application of RISK MANAGEMENT might identify some parts of the device/system as having to be treated as APPLIED PARTS because of the probability they will come in contact with the PATIENT.” If your RISK ASSESSMENT determines that sub-clause 4.6 is applicable, then all applicable requirements and tests for APPLIED PARTS should be applied to the parts identified in the RISK ASSESSMENT—except for sub-clause 7.2.10 for marking of APPLIED PARTS. These requirements apply to this standard and the relevant collateral and particular standards in the 60601 series of standards. An example of the type of parts that could fall under sub-clause 4.6 could be computer system interface cable (I/O).

Note 3: Definition of associated term PATIENT CONNECTION

A PATIENT CONNECTION is part of the APPLIED PART, as shown in figure A.1. Sub-clause 3.78 defines a PATIENT CONNECTION as: “Individual point on the APPLIED PART through which current can flow between…PATIENT and ME EQUIPMENT in NORMAL…or SINGLE FAULT CONDITION.” In this example, the conductive part of the ECG electrode is considered the PATIENT CONNECTION.

partial a1 IEC 60601 1 patient applied parts for Medical Electrical Equipment Notes 1 2 3

IEC 60601-1 assumes the PATIENT is earthed as a NORMAL CONDITION per sub-clause 8.5.4, 4th dashed item because there are many opportunities in the normal operation of medical electrical devices where the PATIENT can accidentally become grounded. Therefore, some PATIENT LEAKAGE CURRENT tests are configured with the LEAKAGE CURRENT measuring device (see Figure 12) directly connected to earth on one side and passing thru the measuring device to the APPLIED PART circuit that is being tested. The boxed-in area in Figure 15 is the portion of the PATIENT LEAKAGE CURRENT test measuring circuit that is connected from the PATIENT CONNECTION (item 4) thru the measuring device to earth (left-hand corner of the figure—symbol sometimes called “upside-down Christmas tree”).

fig 12 IEC 60601 1 patient applied parts for Medical Electrical Equipment Notes 1 2 3


fig15 IEC 60601 1 patient applied parts for Medical Electrical Equipment Notes 1 2 3

Leo Eisner is the owner and founder of Eisner Safety Consultants ( If you need help with IEC 60601 compliance, email Leo directly at or call him at +1 (503) 244-6151.  You can also connect on LinkedIn at


Posted in: IEC 60601

Leave a Comment (7) →

4 Ways to Create Your Own FDA Medical Device Regulatory Updates

Although FDA medical device regulations are centrally located in one place:, this blog discusses four information areas you can monitor to create your own FDA medical device regulatory updates-(guidance docs, standards,), etc.

fdaupdates 4 Ways to Create Your Own FDA Medical Device Regulatory Updates

  1. Guidance documents released (,
  2. Recognized standards (,
  3. Device classifications (, and
  4. Total Product Lifecycle (TPLC) database (

Guidance Documents

When you check the FDA website for the new draft and final guidance documents, the webpage to monitor is This page had already had four new guidance documents in 2014, and in October 2013,  the FDA released an important update about the eCopy program for 510(k) submissions:

Recognized Standards

The FDA has a separate database for all recognized consensus standards: This database is used to verify which Standards can be used for verification and validation testing of new devices, and the reference of any of these Standards in a device submission must also be accompanied by the completion of Form FDA 3654:

Device Classifications

Changes to device classifications and/or regulatory approval pathways are rare at the FDA, but you should periodically check the classification database to verify that there have been no changes. The most likely changes will be the addition or removal of recognized standards applicable to your devices. The database for looking up device classifications can be found at

TPLC Database

For each 3-letter product classification code, there is a database that shows all the recent 510(k) submissions, all recalls, and summarizes all the medical device reports submitted for serious injuries and deaths. This database,, should be monitored to proactively identify problems that occurred with similar products before they happen to your product. Also, there may be voluntary reports from user facilities regarding your device that were not reported directly to your company. The possibility of voluntary reports makes this an important database to monitor weekly. Other resources include:

  1. – This is the page of the device division of the FDA (CDRH), where news and updates are posted. You may find it helpful to register for receiving the RSS feeds from this page so that you are informed of any updates as FDA posts them.
  2. – This is the page where CDRH lists all of the online training courses for medical device manufacturers. This includes popular courses such as the “Pre-market Notification Process – 510(k)s” and “Medical Device Recalls.” This page also had four recent updates: 1) “Investigation Device Exemption Process – IDE,” updated on December 6, 2013; 2) “Device Establishment Registration and Listing,” updated on July 31, 2013; 3) “Global Initiatives,” updated on October 31, 2013; and 4) “Unique Device Identification (UDI) System,” updated on December 23, 2013.

Next Steps

Review each of the above streams of information from the US FDA on a scheduled basis as preparation for quarterly management reviews and determine any potential impact on your organization’s quality system and procedures. This gap analysis should be performed by someone familiar with the specific process(es) addressed by the regulations. The most likely actions to be taken are:

  1. Initiate specific changes to existing procedures
  2. Create new procedures, or
  3. Initiate a quality plan for more substantial changes to your quality system

Management Review-Free Webinar Recording

If you need more help preparing for your management review, here’s a link to a free webinar I recorded: You will also receive a management review slide deck, as well.

Posted in: FDA

Leave a Comment (0) →

How Declaration of Conformity (DoC) templates are created

This article about the declaration of conformity for medical device CE Marking identifies three possible sources for creating a template and includes recommendations for making the transition to the proposed EU Medical Device Regulation (EMDR).

%name How Declaration of Conformity (DoC) templates are createdCurrent declaration of conformity requirements

Each of the three “New Approach” Device Directives requires that manufacturers create a Declaration of Conformity (DoC). For the Medical Device Directive (MDD), this requirement is found in Annex II, IV, V, VI, and VII. The “Declaration of Conformity” is part of the title for each of those Annexes. A DoC is required for each CE Marked product family, but the MDD does not guide the format or content. Manufacturers need a controlled template.

Three sources of declaration of conformity examples

There are three possible sources for creating a declaration of conformity template:

  1. Copy another company’s declaration of conformity
  2. Authorized Representatives
  3. Annex III of the proposed European Medical Device Regulations

Most companies are using option number 1—often without knowing it. The problem with this approach is you have no regulatory reference to justify the basis for the content and format of your Declaration.

The second option is to ask your Authorized Representative (AR). The AR is supposed to verify that you have a DoC for each product family and that the company has the required technical documentation for each product family. The AR must provide a DoC for each product they represent to the Competent Authority upon request. Therefore, some ARs provide manufacturers with a template for the DoC to ensure that your DoC meets requirements. This approach gives you a reference of external origin, and you can be sure that the template will meet current requirements.

My new recommendation for Creating A declaration of conformity

Option 3 is my new recommendation for companies. The proposed European Medical Device Regulation (EMDR) was released on September 26, 2012. The proposal provides a prescriptive template for the content of a DoC. This will eventually be required for every DoC. Annex III is only one page long, and there are only ten requirements:

  1. Name of the Manufacturer and the AR
  2. A declaration that DoC Issued under Sole Responsibility of Manufacturer
  3. Unique Device Identifier (UDI)
  4. Product Name and Catalog Numbers
  5. Risk Classification
  6. Declaration Statement of Conformity
  7. Reference to Harmonized Standards and Common Technical Specifications (CTS)
  8. Notified Body Name and Number, Description of Conformity Assessment Procedure and Certificate
  9. Additional Information
  10. Place and Date of Issue, along with the Name and Function of the Person Signing

Instead of waiting for the final approval of the EMDR, I recommend creating a declaration of conformity (DoC) template now that matches the proposed Annex III (you might want to add this to recommendations for improvement in your next management review).

Brigid Glass is the subject matter expert behind most of the conventions that our consulting firm uses for document templates. As with all of our forms, we assign a document control number (e.g., FRM-001), and the revision is “D1” for the first draft. The template is in table format to facilitate easier review by auditors and your AR. The left column of the table lists each of the required elements, and the right column is where the variable data is entered. Variable fields that are examples are in green font, and the content that does not require changing is in black font. There are some comments to explain how to fill in the variable content, and several items that will change when the proposed regulation is approved are identified. The following harmonized symbols from ISO 15233-1 are used in the template, as well:

DoC How Declaration of Conformity (DoC) templates are created

Please click here to download the Medical Device Academy’s declaration of conformity (DoC) template.





Posted in: CE Marking

Leave a Comment (2) →

How to Identify New and Revised Canadian Medical Device Regulations

Canada How to Identify New and Revised Canadian Medical Device RegulationsThe author reviews four steps for identifying new and revised Canadian medical device regulations and guidance documents for management review meetings.

Several times throughout the year, clients ask me to help them prepare a slide for their Management Review that summarizes new and revised regulatory requirements. My recommendation is to conduct management reviews every quarter and to perform a systematic review of new and revised medical device regulations just before each management review.

Each country has different websites for communicating medical device regulations. For Canada, the information you need can be located in two places. The first location is the Justice Canada website, where the most current version of the Canadian Medical Device Regulations (CMDR) can be downloaded. The second location is the Health Canada webpage that lists legislation and guidance documents.

Identifying New and Revised Canadian Medical Device Regulations-Step 1

You need to look up the most recent version of the CMDR ( This link tells you how to search for the Medical Device Regulations on the Justice Canada website ( When you type in “Medical Device Regulations” in the proper search field, it will take you to a page with a link for Canadian Medical Device Regulations (i.e., CMDR or SOR/98-282; Then you can decide if you want to download the CMDR in HTML, XML, or PDF format.

Why not click directly on the last link I provided?

Because the location on the Justice Canada website may change, and Health Canada does not control the Justice Canada website.

Step 2

Once you download the CMDR, you want to compare it for changes with the previous version you were using. In June 2012, I wrote a blog that explains how to do this: I’ll save you some time; however, the first page tells you what you need to know. The most current version of the CMDR is current to November 26, 2013 (it will change soon), but the last amendment was on December 16, 2011. Therefore, Health Canada has not made any changes to the wording of the CMDR in two years.

Step 3

Once you have reviewed the CMDR, you will want to search for new guidance documents. Health Canada provides a page summarizing the medical device guidance documents in chronological order, from most recent to oldest: There have only been four new guidance documents in the past two years:

1. – Final guidance document for Class III and IV medical device license applications was released on July 5, 2012.

2. – Updated guidance license applications for ultrasound systems and transducers were published on September 13, 2013.

3. – Updated guidance on license renewal and fees for the right to sell medical devices was released on November 18, 2013.

4. – Updated guidance on review fees for medical device license applications was released on November 18, 2013.

Note: The most recent fees are now found on the following page

Step 4

Review each guidance document and determine if the document impacts your organization’s quality system and procedures. This gap analysis should be performed by someone familiar with the specific process(es) addressed by the regulations. The most likely actions to be taken are:

  1. initiate specific changes to existing procedures,
  2. create new procedures, or
  3. initiate a quality plan for more substantial changes to your quality system.

If you need more help preparing for your management review, here’s a link to a free webinar I recorded: You will also receive a management review PowerPoint training slide deck.

Posted in: Health Canada

Leave a Comment (0) →

IEC 60601-1 Definition of Patient Applied Parts

iec 60601 1 me IEC 60601 1 Definition of Patient Applied Parts

This article reviews the IEC 60601-1 definition of patient applied parts for medical electrical equipment. It includes examples, as well.

Classification of medical electrical devices was discussed in a previous blog ( At the same time, this article focuses on APPLIED PARTS—one portion of the “Protection Against Electric shock” classification in sub-clause 6.2 of IEC 60601-1. ALL CAPITAL LETTERS identifies a defined term for the IEC 60601 series of standards within this blog.

All clause references in this blog are to both IEC 60601-1:2005 (3rd edition) and IEC 60601-1:2005 (3rd edition) + Amendment 1:2012 (, or the consolidated version IEC 60601-1:2012 ed. 3.1, but the actual text comes from edition 3.1 (


To understand what an APPLIED PART is, we first need to understand its definition. Sub-clause 3.8 states that an APPLIED PART is “part of ME EQUIPMENT that in NORMAL USE necessarily comes into physical contact with the PATIENT for ME EQUIPMENT or an ME SYSTEM to perform its function.”


An APPLIED PART can be a blood pressure cuff or a SpO2 sensor of a multi-parameter monitor, the tabletop of an MRI, and many other parts of ME EQUIPMENT that manufacturers intend to come into contact with a PATIENT during NORMAL USE.

iec 60601 1 me 2 IEC 60601 1 Definition of Patient Applied Parts

Electrical-medical devices can have different types of APPLIED PARTS or more than one of the same type (e.g., multi-parameter monitors frequently have temperature sensors, and blood pressure monitoring components in the base configuration and other APPLIED PARTS can be added). As discussed in the previous blog (, APPLIED PARTS can have six different classifications: TYPE B, BF, or CF (and each can be DEFIBRILLATION PROOF). Each of these classifications also has an associated symbol.

The requirements for an APPLIED PART are more stringent because it has to be assumed that the PATIENT’s immune system is depressed. So, the probability of HARM is increased for a sick PATIENT, rather than for a healthy OPERATOR. Therefore, the standard aims to reduce the severity of HARM by requiring more stringent limits upon LEAKAGE CURRENTS. The computer equipment standard (IEC 60950-1 Information Technology Equipment Standard) applying to your home or business computer allows for higher limits for LEAKAGE CURRENTS because the computer equipment standard assumes the user is healthy—just like medical equipment operators.

The level of HARM to a PATIENT by an APPLIED PART can be adversely affected if a PATIENT is not conscious (e.g., during general anesthesia), because the PATIENT may be unable to react while they are unconscious. Therefore, understanding a device’s intended use (i.e., what the device is intended to do), and indications for use (i.e., the environment of use, part of the anatomy and intended population), is critical when you are conducting RISK ANALYSIS and USABILITY ANALYSIS of a device. 

Three Notes About the IEC 60601-1 Definition of Patient Applied Parts

There are three (3) notes associated with the definition of APPLIED PART:

  1. Sample figures that show APPLIED PARTS in different system configurations
  2. Parts of the device that are not APPLIED PARTS, but in NORMAL USE necessarily come into physical contact with the PATIENT, shall be treated as APPLIED PARTS, but is not allowed to be marked as an APPLIED PART; and
  3. The associated term PATIENT CONNECTION

The sample figures related to the first note, Figures 3 & 4 and figures A.1 to A.7 of Annex A, show APPLIED PARTS in different system configurations. These figures provide guidance and a rationale for why and what is happening. The second note is important because any part that necessarily comes into physical contact with the PATIENT, for the equipment to perform its function, will also need to be tested as if it were an APPLIED PART. Still, it will not be allowed to be marked as such. The third note regarding PATIENT CONNECTION, in sub-clause 3.78 & Annex A for 3.78, is the part of the APPLIED PART that is intended to contact the PATIENT that current flows through. The next blog will review all three notes in greater detail.

If you need help with the IEC 60601 series of Standards, email Leo Eisner ( directly at, or call Leo at +1-(503)-244-6151. He is the owner and founder of Eisner Safety Consultants (

Posted in: IEC 60601

Leave a Comment (4) →
Page 20 of 29 «...101819202122...»