Risk Control Options for Medical Devices: Deviation #6

This blog discusses risk control options for medical devices; the 6th deviation identified in the European National version of the Risk Management Standard.%name Risk Control Options for Medical Devices: Deviation #6

Design is not the same as design and construction. This is the interpretation of the European Commission. The sixth of the seven deviations identified in the European National (EN) version of the Risk Management Standard (i.e., EN ISO 14971:2012; http://bit.ly/ISO14971-2012changes), states that “inherent safety by design” is not precise enough. Section 2 of the Essential Requirements (i.e., Annex I of the MDD) states that the first risk control option must be selection of design and construction that eliminates or reduces risk as far as possible, while the international (ISO) risk management standard (i.e., ISO 14971:2007) only states that inherent safety by design is required.

The difference between the requirements of the ISO and the EN standard are not just semantics. If you read part II of the Essential Requirements (ERs; i.e., ER 7-13), there are many examples of how the construction of devices should be considered. The following are three examples:

  • ER 7.5 – leaking from the device
  • ER 8.2 – tissues of animal origin
  • ER 9.2 -aging of materials

Therefore, in order to comply the the intent of the Directive, you must consider far more than just the design of the device.  Construction is interpreted as both the risks associated with the materials to fabricate a device and the methods of manufacture. In the proposed EU regulations, the European Commission seeks to clarify the requirements for implementation of risk controls, but the draft legislation still seems vague.

Implementing Risk Control Options for Medical Devices

The following wording for implementation of risk control options in the new proposed second Essential Requirement is below:

“The manufacturer shall apply the following principles in the priority order listed:

a. identify known or foreseeable hazards and estimate the associated risks arising from the intended use and foreseeable misuse;

b. eliminate risks as far as possible through inherently safe design and manufacture

c. reduce as far as possible the remaining risks by taking adequate protection measures, including alarms; and

d. provide training to users and/or inform users of any residual risks.”

In this proposed wording, the word “construction” was replaced by the word “manufacture.” However, in other parts of the new proposed Essential Requirements (http://bit.ly/NewERCGap) the materials of fabrication are specifically addressed, as well. For example:

  • ER 7.1d) was added as a new requirement…”d) the choice of materials used, reflecting, where appropriate, matters such as hardness, wear and fatigue strength.”
  • ER 7.6 was added as a new requirement to address risks associated with the size and properties of particles—especially nanomaterials.

The new proposed Essential Requirements also include numerous examples of how the manufacturing processes must ensure proper safety. Essential Requirement 10 specifically references new Commission Regulation (EU) No 722/2012 (http://bit.ly/AnimalTissueReg)–specific to devices manufactured using animal tissues or cells of animal origin.

Even though the proposed regulations are more detailed with regard to application of risk management, they do not specify if it is required to implement risk control options for both materials and methods of manufacture simultaneously, or if the manufacturer may choose between the two. The phrase “taking account of the generally acknowledged state of the art” is used in the second Essential Requirement, but “state of the art” is a moving target, and the European Commission may find existing Standards to be deficient.

For reducing the risk of infection, the Commission does not require that companies implement aseptic processing, antimicrobial materials and terminal sterilization. One of the three is sufficient. This is why we have ISO Standards for sterilization validation, and we define “sterile” as a sterility assurance level of 10-6.

If the Commission maintained the language of the ISO 14971:2007 Standard, “as low as reasonably practicable,” then manufacturers could select risk control options based upon acceptability of risk. However, the EN version of the risk management standard creates significant challenges for implementation, and we are forced to evaluate the risk control measures we implement against those used by other manufacturers during the process of risk option analysis.

If you are interested in ISO 14971 training, we are conducting a risk management training webinar on October 19, 2018.

Risk Control Options for Medical Devices: Deviation #6 Read More »

CE marking 4 digit number for medical devices

fourdigitquestion CE marking 4 digit number for medical devicesThis article explains the purpose and use of a CE marking four-digit number for medical devices, minimum size requirements, and other considerations. 

CE marking a four-digit number

The CE marking four-digit number that is displayed next to the CE mark on some medical devices is the Notified Body (NB) number. If there is no CE marking four-digit number, this means that the medical device is a Class I device that does not require NB involvement (i.e., self-declaration). If the device is a Class I device, and there is an NB number next to the CE mark, then the device either has a measuring function or is sterile.

Requirements for CE marking a four-digit number

The Medical Device Directive is divided into Articles and Annexes. Section 1 of Article 16 indicates that the European Commission is responsible for the assignment of NB numbers. In Article 17, ¨CE Marking,¨ it states: ¨[The CE] shall be accompanied by the identification number of the notified body responsible for the implementation of the procedures set out in Annexes II, IV, V, and VI.¨ Annex XII defines the minimum size (i.e., 5 mm) of the CE. The requirements for the size of the NB identification number is not included in Annex XII, but NBs interpret the requirements for size as half the height of the ¨CE.¨

Companies are responsible for reproducing the CE Mark on their labeling and the product–including the 4-digit number. However, if the space available on the product is too small to allow a 5 mm ¨CE,¨, then the company is not required to reproduce it on the product. Instead, it is sufficient to reproduce the CE Mark on product labeling and the Instructions For Use (IFU). One source of the artwork for the ¨C¨ and ¨E¨ is the Europa website.

If an NB number is required, usually, there are a couple of different orientations that are allowed by the NB. Most NBs specify that the NB number shall be to the right or beneath the “C” and “E.” However, most NBs have specific instructions available for the reproduction of the CE Mark and the proper orientation of their NB number. Often, the NB will also provide artwork for downloading that includes the NB number in one or more orientation.

Product Failure Investigations

Identification of the NB may not seem important; however, the NB number can help caregivers to identify the NB that approved CE Marking of a product when there is an investigation of product failures with an unknown manufacturer. In that case, the NB will then share this information with the appropriate manufacturer to facilitate an investigation. The NB number is also used to differentiate when the oversight by one NB stops, and a new one begins, after transferring from one NB to another.

If someone wants to know which NB is associated with each NB number, the EU Commission operates the NANDO information system as a database, allowing you to search each of the 60+ NBs by CE marking 4 digit number. The database also allows searching by country, annex/article, product, and horizontal technical competence.

If your company is selecting an NB, you can search the product and technical competency categories to identify which NBs are able to issue CE certificates for your product. There are ten possible technical competencies to use as search criteria. For example, if your company manufactures absorbable sutures (i.e., competency, MDS 7009), there are only 32 NBs (shrinking every day) that have the technical competence to assess your Design Dossier for conformity with the MDD.

If your company is developing porcine-based collagen implants (i.e., competency, MDS 7010), then there are only 24 NBs (shrinking every day) able to issue a Design Examination Certificate for CE Marking. If your company needs additional guidance on how to select an NB, you might consider reading a blog on certification body selection.

CE marking 4 digit number for medical devices Read More »

Regulatory Consulting Firm Selection

Things to consider for regulatory consulting firm selection: 1) the project scope, 2) personality, 3) qualifications, and 4) budget.

choosing a consultant 300x300 Regulatory Consulting Firm SelectionRegulatory Consulting Firm Selection

This article reviews four key considerations of regulatory consulting firm selection. Even if you already have a vice president of regulatory affairs, you still might need external regulatory consulting expertise. Regulatory consultants specialize in just the regulations and most have sub-specialties because it is impossible to know the medical device regulations in every country. Another reason for hiring a regulatory consultant is that you do not have enough bandwidth to conduct the regulatory work internally. Regardless of the scope of the project, this is a strategic decision rather than a tactical one. Regulatory approval impacts your company’s ability to sell devices and therefore a few months of delay can result in a six or seven-figure loss. In addition, the cost of the regulatory consulting fees is likely to be at least five figures. Finally, a purchasing decision of this magnitude will require C-suite approval and your Board of Directors and/or investors may get involved. Here are four critical areas to consider:

1. Defining the scope of the regulatory consulting project

Ensure that the scope, timeline, roles of the consultant/internal company team, and deliverables are crystal clear during consultant interviews and defined within the consulting contract. Do you need advice or suggestions to be carried out by your internal team? Or is “hands-on” work required (writing procedures, conducting training, executing audits, etc.)? I’ve discovered that “hands-on” can mean something entirely different to your company and the consultant. If it’s not clear who is doing the actual work, your internal resources may end up doing the work that was intended for the consultant.

Once the project scope has been clearly explained, ask the prospective consultant to provide a brief document describing how they would approach the project. This will be helpful later on when drawing up the contract. Ask which software or systems the consultant will be using to keep your project on track. A consultant who does not have any version of project management on their laptop, or is unfamiliar with such tools, is a red flag.

Make sure you select a consultant or consulting firm that matches the size of your project. Select and interview three to five companies, based on the size and complexity of the project. If the project primarily involves working at your location, consider the additional cost and travel time from where the consultant(s) is located. If the project allows for working remotely, focus more on the project management aspects mentioned in the previous paragraph, and how your company will communicate with the consultant.

2. Personality of the consultants

When you are making a regulatory consulting firm selection, don’t base your decision on word of mouth, or someone that you pick randomly online. Interviewing is an essential part of the selection process. Be wary of a consultant who talks more than listens, especially if the conversation is about their illustrious career. The consultant you speak with should be focused on the scope of your project and ask questions about your company’s capabilities. You are the client and ultimately your team will be the hero that brings a new medical device to market. The consultant you hire is an experienced guide that has learned from success and failures. Ideally, the consultant will be able to explain the process in simple terms and help you identify critical tasks in the project. Be wary of the consultant that answers every question with “It depends.” If your team’s style of project management and communication doesn’t fit the consulting firm’s style, keep looking.

3. Qualifications of the regulatory consulting firm

Don’t limit interviewing to the experience of the lead consultant or owner of the consulting firm. Make sure that you also have a resume or CV for each of the other consulting members that will be working on your project. Imagine the dismay of your internal team when you discover that the owner of the consulting firm has hired friends or former colleagues with little or none of the needed expertise. To prevent this scenario from occurring, include a technical person on the interview team to challenge the expertise of the consultant. This will help you identify a firm that knows all the right buzzwords but lacks the knowledge to accurately implement the deliverables and reduce regulatory risk within your company. Ideally, the consulting firm will have a step-by-step plan and they are able to identify the biggest potential obstacles.

You can ask for and check references for past clients for whom they have done similar work, but people seldom give you the name of a referral that will speak negatively about them. Ask for examples of work reports that the consultant has completed for other clients—with any confidential information removed. This is critical in determining if the final job will be “fluff” or real solutions for your company. It will also avoid the “one size fits all” procedures and processes that can rarely be beneficial for your company’s needs. Ask for examples of “out of the box” thinking and best practices that they’ve implemented. How do they remain current on the regulations and standards?

4. Budget for a regulatory consulting firm

Cost should not be the only determining factor in selecting a consultant. When you’re choosing someone to pave your driveway, you may be able to get away with this. When choosing a regulatory consultant for your medical device company, you want several bids, and you want to ensure that each party is bidding against the same scope and deliverables. However, choosing the least expensive bid over the one with the most expertise and best reputation may cost your company more in the long run if the work isn’t properly done or completed on time.

Contracts must be very specific with regard to milestones, timelines, and deliverables with respect to the payment schedule. What recourse does your company have when a consultant assures you during the interview process that they can meet your every need and then doesn’t? No company wants to have to pay for work that hasn’t been done and may never get done.

If the regulatory consultant is working on-site, be clear about work accommodations – office, cube, conference room, phones, access to printers and company databases, so that there are no misunderstandings once the job starts or excuses for why the work can’t get done “under these conditions.” 

Conclusion

Making the best regulatory consultant firm selection is critical. If you are careful in your selection of a regulator consulting firm, you should expect an earlier market launch and a predictable process.

Regulatory Consulting Firm Selection Read More »

Medical Device CE Mark: Is ISO 9001 Certification Required?

For the medical device CE mark: is ISO 9001 certification required? The advantages and dangers of focusing too much on ISO certification are also reviewed.

ISO 9001 is a general quality management system standard, and ISO 9001:2008 is the most recent revision. The focus of that ISO 9001 is customer satisfaction and continual improvement. For medical devices, the applicable international Standard is ISO 13485:2003. This Standard is based upon the ISO 9001 standard, but clauses were added for the specific needs of medical device regulations. Also, the focus of the Standard was changed:

table faq 6 Medical Device CE Mark: Is ISO 9001 Certification Required?

For CE Marking of medical devices, there is a European National version of the Standard: EN ISO 13485:2012 (http://bit.ly/ENISO13485-2012). This is the official harmonized version of the Standard, and certification to EN ISO 13485 presumes compliance with the applicable European New Approach Directives (http://bit.ly/PlenaryVoteBlog). It is not, however, “required” to be ISO certified to either Standard for CE Marking.

If a company chooses not to be certified to a harmonized standard, then the company must:

  1. Be audited to one of the New Approach Directives by their Notified Body, and
  2. Demonstrate how the quality management system they have created complies with the requirements of the applicable Directive(s).

Advantages of ISO certification

The primary advantage of ISO Certification is that your quality system is standardized. Standardization makes it easier for auditors to do their job, and for companies to implement “off-the-shelf” solutions for routine issues that most medical device companies are faced with. Your customers will recognize international standards, and this increases consumer confidence. It has been a considerable benefit to the European Union (EU), because the EU Member States (http://bit.ly/CECountries) have been able to rely heavily upon international standards, instead of having legal debates over nuances between technical Standards developed by each member state.

Another advantage of using harmonized ISO standards is that regulators can establish minimum requirements for all companies. In my experience, the ISO standards are more burdensome for low-risk devices than is probably necessary. However, the ISO standards are often less burdensome for high-risk devices than is perhaps necessary. For the CE Marking process to work effectively, manufacturers must be the experts for their specific device and know when it is required to do more than the minimum. For example, there is an ASTM test specification for cyclic testing of orthopedic implants. Still, recent experience with metal-on-metal (MoM) implants has demonstrated that the ASTM test method is not an adequate predictor of long-term safety and performance. If manufacturers do not develop this expertise, then technical reviews for CE Marking can be quite painful and drawn out as the reviewer is forced to educate the manufacturer on the “State of the Art.”

Dangers of focusing too much upon ISO certification

I find that most medical device company managers are well aware of the ISO 13485 requirements today, but I also believe that many are less aware of the requirements of 21 CFR 820 (http://bit.ly/21CFR820-25) than they were before ISO 13485:2003. Some consulting clients have managers that believe certain regulatory requirements are “just an ISO thing.” It concerns me when the Top Management of a company doesn’t understand basic differences between ISO certification, compliance with 21 CFR 820, and other regulatory requirements. It is the responsibility of the Management Representative to promote awareness of regulatory requirements throughout the organization (i.e., ISO 13485, Clause 5.5.1c). Still, the Management Representative needs the support and commitment of Top Management to promote awareness effectively.

CAPAs, Internal Audits, and Management Reviews are core processes of the ISO 13485 standard. Still, these are also regulatory requirements for the US FDA, Health Canada and CE Marking medical devices in Europe. ISO 13485 Certification, however, is only a mandatory requirement for Canadian Medical Device Licensing (http://bit.ly/FindCMDR). Companies need to focus on the core processes of the quality system and get these right first. In many ways, I would prefer to see companies develop their quality system architecture that best fits their needs. One company I audited did this. Their company has “Leadership Principles.” You can map all of the clauses of ISO 13485 to a specific “Leadership Principle” at that company, but there are requirements included in their principles that exceed the requirements of ISO 13485. If there were no ISO standards, we might see more creative thinking and innovation in the area of quality management systems. Therefore, I encourage every Management Representative to challenge the status quo and to think of ways to improve beyond ISO standards AND meet regulatory requirements.

Medical Device CE Mark: Is ISO 9001 Certification Required? Read More »

Effective training – six steps to teach QMS procedures

Six steps to conducting effective training on medical device QMS procedures, including questions to ask for building consistent procedures.

%name Effective training   six steps to teach QMS proceduresEffective Training on QMS Procedures

There are six steps to conducting effective training on medical device QMS procedures, including questions to ask for building consistent procedures.

Your Quality Management System (QMS) needs to provide objective evidence (i.e., records) that your staff is trained on the procedures they use and that their training was effective. You must also establish documented requirements for competency. The following examples might help:

  1. A record of you attending a course is a training record.
  2. A record of your taking and passing an exam related to that course is a record of training effectiveness.
  3. A record of you performing a procedure, witnessed by the trainer, is a record of competency. Your resume can also be a record of competency.

Unless a change is trivial in nature, signing a piece of paper that states you read and understood a procedure does not demonstrate training effectiveness. Learning and training are active processes that require engagement and interaction.

In a previous blog, I described a slightly different procedure structure with some extra sections. There are a number of benefits to that structure, one of which is that the structure facilitates training. The additional sections are referred to in this blog. Whatever template you use, consistency of structure, and presentation across your procedures makes the procedures easier to learn and increases usability.

6 Points to Consider for Effective Training on Medical Device QMS Procedures

  1. Training requirements. For a new procedure, decide early in your writing which roles require training, what content is needed, and to what level is competency necessary. The example below is a table from a Quality Auditing procedure. The table shows the different requirements for different roles. I prefer to put this information in the procedure document—where it is unlikely to be overlooked or forgotten.training procedure Effective training   six steps to teach QMS procedures
  2. Open book? For each of the roles listed above, determine whether you need trainees to be able to follow the procedure without the document at hand, or to know the procedure, and be able to find what they need.
  3. Training method. One-on-one or group? Classroom style, on-job, or remote? This depends on your company, the nature of the procedure, and your requirements above.
  4. PowerPoint or not? My preference is to walk trainees through the procedure, actually, have them flip the pages and write notes on it. If I use PowerPoint, it’s to clarify the structure and emphasize important points.
  5. Control of training copies. Paper copies of procedures and forms used for training should be controlled. Your Document Control procedure should allow for clearly marked “Training” copies to be available before the effective date. Make sure your training also reminds trainees where to find the officially released copy of procedures after training is completed.
  6. Control of training material. Include your slides, training scenarios, quizzes, etc. in your document control system. Review and revise them each time you change a procedure. 

Building Consistent Procedures: Questions to Ask and Recommendations

Use a consistent structure for your procedures, then build a consistent training structure around that. The predictability in structure will improve the effectiveness of your training.

  1. Purpose. Why are we doing this? What is the outcome we are after?
  2. Scope. When do I use this procedure? When do I not, and what do I do as an alternative?
  3. References. How does this interface with other procedures? Turtle diagrams or interface maps are useful here
  4. Definitions. Unfamiliar jargon, and terms that are used in a very specific way in this procedure
  5. Risk. What risks does this procedure address? How does this affect the design of the procedure – why are we doing it that way? Refer to our earlier blog where we explain how to include this in each procedure
  6. The procedure. Walkthrough the flowchart, explain the accompanying notes, and relate the procedure flow to the responsibilities and authorities outlined earlier in the procedure
  7. Records. What do I do with the completed records from this procedure? Where do I find a copy when I need it?
  8. Examples. I suggest a training version of the form (which should be available later for reference) with guidance and examples
  9. Practice. Provide a scenario and a blank form for trainees to work through, individually or in groups
  10. Testing. Check that the training has been effective. The role competencies that were defined earlier are the basis for the effectiveness criteria for a procedure. This training module may be enough to achieve that level, or a broader training program may be required to ensure operational-level competence. See our blog on training exams for more advice on testing.

Effective training – six steps to teach QMS procedures Read More »

IEC 60601 Medical Electrical Equipment Classification: FAQs

IEC 60601 medical electrical equipment classification frequently asked questions are discussed in this blog. 

subclause IEC 60601 Medical Electrical Equipment Classification: FAQs

All clause references in this blog are to both IEC 60601-1:2005 (3rd edition) and IEC 60601-1:2005 (3rd edition) + Amendment 1:2012, or the consolidated version IEC 60601-1:2012 ed. 3.1, but the actual text comes from edition 3.1.

Note 1: ALL CAPITAL LETTERS identifies a defined term for the IEC 60601 series of standards within this blog.

Note 2: The current version of IEC 60601-1 is now ed 3.2.

What are the various classifications that are used in IEC 60601-1, edition 3.1?

The table at the beginning of this blog posting identifies the five parts of the Classification section. Each classification is described in more detail below.

Why do I need to classify my product for IEC 60601-1, 3rd ed.?

The standard says you have to classify …ME EQUIPMENT, or parts thereof, including applied parts… as noted in sub-clause 6.1. But a more practical reason you would want to classify your products that fall under the scope of IEC 60601-1 is it is a helpful tool in identifying the requirements that apply to the device and helps us in determining the test plan for the product to be tested.

What is an applied part?

The definition of an APPLIED PART is in sub-clause 3.8 of the standard. It states that an APPLIED PART is “part of ME EQUIPMENT that in NORMAL USE necessarily comes into physical contact with the PATIENT for ME EQUIPMENT or an ME SYSTEM to perform its function.” So, it can be a cable, lead, electrode, or many other parts of an ME EQUIPMENT, or an ME SYSTEM that is intended, by the manufacturer, in its NORMAL USE to come in contact with the PATIENT.

What are the classifications for Protection Against Electric Shock?

Two classifications fall under sub-clause 6.2 of the standard: 1) the power source, and 2) applied parts. Power sources can be an external power source and is either classified as a class I or class II ME EQUIPMENT or an internal power source, which is classified as INTERNALLY POWERED MEDICAL EQUIPMENT.

Power Sources – External Class I, External Class II, or Internal

Class I provides its protection against electric shock by having an additional safety ground (known as PROTECTIVELY EARTHED) that is connected to the internal and/or external conductive parts (metal) of the power source. Class II provides its protection against electric shock by having an additional layer of insulation beyond that of BASIC INSULATION (a single layer of insulation) and is provided either by DOUBLE INSULATION (two layers of insulation) or by REINFORCED INSULATION (the same as for DOUBLE INSULATION, but as one insulation system that is twice as thick, typically). An internal power source is usually a battery.

Applied Parts – B, BF, CF (also defibrillation-proof)

The second classification for protection against electric shock is for APPLIED PARTS. APPLIED PARTS are classified in one of six ways, and a product can have more than one type of APPLIED PARTS. The classifications for applied parts are type B, BF, or CF. Each of these three classifications can be DEFIBRILLATION-PROOF APPLIED PARTS for a total of 6 classifications. There are six separate symbols for these APPLIED PARTS, and they are noted in the table below, which comes from Table D.1 of Annex D of the standard.

symbols IEC 60601 Medical Electrical Equipment Classification: FAQsWhy do we have classifications for protection against electric shock?

Protection against electrical shock is important because electric shock is one of the main areas of concern in most electrical safety standards as the shock hazard can cause harm to the OPERATOR or PATIENT or even death. The main reason is we want to protect the PATIENT, who may have a depressed immune system from getting an electric shock that could injure or potentially kill the PATIENT. The depressed immune system makes them more likely to be harmed by an electric shock. We also want to consider the OPERATOR of the device, but they should not have a depressed immune system, so the worst-case to consider is the PATIENT.

What are the classifications for protection against harmful ingress of water or particulate matter?

There is a wide variety of these classifications (per sub-clause 6.3 of IEC 60601-1), and they are based on the standard IEC 60529 titled “Degrees of protection provided by enclosures (IP Code).” The IP Codes range from IP00 to IP68, which means respectively no protection against contact and ingress of objects along with not being protected against liquid ingress (IP00) to No ingress of dust; complete protection against contact along with protected against the effects of continuous immersion in water (IP68).  Table D.3, 2nd row (copied below), in the IEC 60601-1 standard details all the classifications in a summary list.

ipnn IEC 60601 Medical Electrical Equipment Classification: FAQsWhy do we have classifications for protection against harmful ingress of water or particulate matter?

The reason we want to protect the ENCLOSURES of the device is to protect against ingress of these items (liquids and particulates), so they reduce the possibility of causing a hazard, such as a short based on bridging the electronics of the device causing potentially a fire hazard, a shock hazard, a thermal hazard, or other potential hazards.

What are the classifications for methods of sterilization?

For any part of the ME EQUIPMENT or its parts intended to be sterilized needs to be classified per the requirements of sub-clause 6.4. Classifications are based on the types of sterilization methods used in the medical device industry currently such as ethylene oxide (EtO), irradiation by gamma radiation, and moist heat by autoclave. The standard also mentions “…other methods validated and described by the MANUFACTURER.” Classification of sterilization methods is critical because each sterilization method presents unique environmental conditions that can adversely affect the ME EQUIPMENT. For example, EtO Sterilization frequently includes a vacuum cycle which may not be suitable for embedded batteries.

Why do we have a classification for suitability in an oxygen-rich environment?

The RISK of fire in an OXYGEN RICH ENVIRONMENT is considered to exist when a source of ignition is in contact with ignitable material (i.e., flammable materials) and there is no barrier (i.e., a solid enclosure) to prevent the spread of fire.

What are the classifications for modes of operation?

There are two modes of operation described in IEC 60601-1, edition 3.1: 1) CONTINUOUS OPERATION, and 2) non-CONTINUOUS OPERATIONS. When a device is classified as non-CONTINUOUS OPERATION, there is some type of duty cycle involved, so the device is rated properly. A duty cycle means the device is rated to be on for a certain period of time and off for a certain period of time. Many times the duty cycle is required, so a device may pass the EXCESSIVE temperatures in the ME EQUIPMENT test in sub-clauses 11.1.1 & 11.1.2 so as not to exceed the limits of the test requirements.

The Author

Leo Eisner 2024 IEC 60601 Medical Electrical Equipment Classification: FAQsIf you have questions about this topic or need help with compliance to the IEC 60601 series of Standards, you can email Leo Eisner (the “60601 Guy”) directly at Leo@EisnerSafety.com or call Leo at +1-(503)-244-6151. He is the owner and founder of Eisner Safety Consultants.

IEC 60601 Medical Electrical Equipment Classification: FAQs Read More »

Quality Management System Training Presentations and Exams

Methods for developing a quality management system training presentation and exam to demonstrate training effectiveness for QMS procedures.

Certificate of Participation 1024x768 Quality Management System Training Presentations and Exams

Quality Management System Training

Training records are a basic expectation for any quality system (i.e., Clause 6.2.2 of ISO 13485), but demonstrating effectiveness (Sub-Clause 6.2.2c) and competency (Sub-Clause 6.2.2a) is also required. Verifying training competency will be the subject of a future blog, but this blog focuses on the most common method for demonstrating training effectiveness—an exam.

Resource Needs

The challenge with creating a training exam is that it takes a serious time commitment to create a training presentation, to write an exam, to grade the exam each time an employee is trained, and issue training certificates. Each time you revise the procedure, you need to decide if retraining is required and how you will verify the effectiveness of training on the revised procedure. Finally, you need qualified trainers with appropriate documentation of their competency.

The larger your company is, the more value you will realize from creating training exams. Unfortunately, larger companies usually have more procedures too. It typically takes me 2-4 hours to develop a new training presentation for a process or procedure. I am currently developing training presentations for a small drug/device company that will have approximately 30 procedures. Therefore, it could take 60-80 hours to create training presentations for all the procedures.

Quality Management System Training Presentation Content

We have developed training courses for critical processes, such as CAPA, internal auditing, and design controls. Medical Device Academy will also be offering a free webinar in November on the topic of conducting more effective Management Review meetings. For other processes, such as calibration, we recommend the following step-by-step approach:

  1. Overview slide of requirements
  2. A slide for each sub-clause
  3. An example of how the procedure is applied
  4. An overview of the procedures’ key points

Our calibration procedure required a total of 11 slides—including a title slide and a slide for contact information. We also included a cross-reference to the applicable section of the procedure for each sub-clause of the ISO 13485 Standard (i.e., 7.6a, 7.6b, etc.). A balance used to weigh components was the training example, and there was a slide that explained essential considerations that can affect the accuracy of a balance.

During the process of creating the training presentation, we noticed that one of the sub-clauses of ISO 13485, 7.6, was not addressed by the procedure. Therefore, our systematic approach simplified the creation of a training presentation, and the strategy helped to identify a non-conformity in the procedure before it was released.

Exam Content

Verifying effective training is easiest with the use of quizzes or exams to test what the person learned. For training exams, we try to ensure that exam questions are objective and easy to grade. Therefore, most exams are ten questions. Questions are typically the fill-in-the-blank type of questions or multiple-choice questions. “Trick questions” are not recommended, but we do recommend using questions that force the trainee to look up the answers. This will force the trainee to become more familiar with the procedure.

For our calibration training exam, we could easily have one question corresponding to each slide, but not every sub-clause requirement is equally important. Therefore, we always try to include a question related to the most common things auditors and FDA inspectors will be looking for.

The calibration process includes a requirement to assess the impact on a product if a measurement device used for inspections is found to be Out-Of-Tolerance (OOT). Is there a need to retest or even recall products?

Almost every auditor I meet asks the above question during an audit, and most will even request records of calibrated devices that were found OOT.

Grading & Certificates

We typically use 70% as the criteria for passing an exam. The exams are protected forms with spaces to fill in and checkboxes. There are also spaces for the trainee’s name, title, and date of the training. Exams are emailed to the instructor, and the instructor will unprotect the document. The correct answers are indicated by highlighting the choice in green. Incorrect answers are indicated by highlighting the choice in red. Explanations for why an answer is incorrect are added after the question and highlighted in yellow. The graded exam is then emailed back to the trainee—along with a training certificate similar to the one shown at the beginning of this blog.

Retraining

In one of our blog posts, we recommended including a section on training and retraining requirements in each procedure. The challenge with revised procedures is that retraining is not always required. If retraining is needed, we recommend the following approach:

  1. Create a separate retraining exam
  2. Include a question(s) specific to the procedural revisions
  3. Include a question(s) specific to recent nonconformities in the process (if any)

If you are interested in learning more about procedures, records, and training as it relates to ISO 13485 Certification, please consider our ISO 13485 webinar training.

 

Quality Management System Training Presentations and Exams Read More »

Unannounced Audits: When will your Notified Body’s next audit be?

The author reviews details of the European Commission’s recommendations for medical device auditing by Notified Bodies–including unannounced audits, joint audits of Notified Bodies, and the likelihood of Notified Body mergers.

Were Back 300x146 Unannounced Audits: When will your Notified Body’s next audit be?

On September 25, I posted a blog about the release of the EU Commission’s recommendation on medical device audits and assessments performed by Notified Bodies (http://bit.ly/ENVIVotepasses). You can download the final released version of the recommendation directly from the Official Journal of the European Union (http://bit.ly/ECRecommendation). The most talked-about component of the recommendation is Annex III, which is specific to unannounced audits. I had the pleasure of being invited and attended a TUV SUD.

Training session two weeks ago in Boston (post-RAPS). Hans Heiner Junker (http://bit.ly/Hans-Heiner-Junker) reviewed the recommendation with attendees line-by-line, and there were several items where he said we don’t know what this means, or how this would be implemented. Notified Bodies that are part of Team-NB have met to discuss the interpretation of earlier drafts of the announcement, and each member state is expected to adopt the EC recommendation. For more details about the Team-NB position on the EC recommendation, you can download an article written by Gert Bos of BSI (http://bit.ly/UnannouncedAuditPrep).

Below are the more notable aspects of the EC recommendation.

Annex II – Quality System Assessment

#15 in the list states that “Notified bodies should check the coherence between the quantity of produced or purchased crucial raw material or components approved for the design and the number of finished products.” This recommendation is a direct response to the PIP scandal (http://bit.ly/MHRAReport), but how would an auditor perform a physical inventory during a quality system audit?

At the end of Annex II, the Commission makes recommendations regarding subcontractors. It states that “Notified bodies should refrain from signing arrangements with manufacturers unless they receive access to all critical subcontractors and crucial suppliers and thus to all sites where the devices or its crucial components are produced, regardless of the length of the contractual chain between the manufacturer and the subcontractor or supplier.” Does your supplier quality agreement have this provision?

If you think the above recommendation is unreasonable, items a, b, c, and d at the end of the section, stretch credibility to the limit. My personal favorite is item (b), “Notified bodies should note that manufacturers…do not fulfill their obligation to have at their disposal the full technical documentation and/or of a quality system by referring to the technical documentation of a subcontractor or supplier and/or to their quality system.” If your supplier has confidential processes and trade secrets, your company has no choice but to reference the subcontractor’s documentation. Therefore the requirement to have full technical documentation will need to be addressed by the use of supplier agreements, which allow Notified Bodies access to the Technical Documentation. This requirement will also need to be clarified by the Commission.

Annex III – Unannounced Audit

#1 in the list recommends that unannounced audits shall be conducted once every three years, and more frequently for high-risk devices. The recommendation also states that at least two auditors shall conduct the audits. This represents a 25-50% increase in the number of QMS audit days in a three-year certification cycle. I wonder where Notified Bodies will find 25-50% more auditors to perform these unannounced audits?

This annex includes a requirement that Notified Body contracts with manufacturers would require the manufacturer to inform the Notified Body of the period when devices will not be manufactured. The rationale behind this requirement is so that Notified Bodies will know when they can visit and observe manufacturing actually in progress. However, most Notified Body auditors are scheduled for their audits at least 90 days in advance. Therefore, auditors will have great difficulty ensuring that unannounced audits coincide with the timing of manufacturing lots.

The recommendations also call for unannounced audits of critical suppliers. How will Notified Bodies find the resources to perform these audits when there is already a shortage of qualified auditors?

Notified Body Consolidation is Coming Soon

You may have noticed Notified Bodies are already making a few changes to address the need for qualified auditors:

  1. Unhappy auditors are being lured away from one Notified Body by another
  2. Notified Bodies are using recruiters and advertising open positions with high pay
  3. Sub-contractors are being offered part-time jobs as 3rd party auditors

The compromise amendment 44a to the proposed European Medical Device Regulations (http://bit.ly/EMDR-Frankenstein), creates a new class of Notified Body—the “Special Notified Body” (SNB). This will eliminate the most profitable business for any Notified Body that is not deemed “Special.” This may create an opportunity for larger SNBs to hire the key employees away from smaller Notified Bodies more rapidly.

Competent Authorities have also started performing joint inspections of Notified Bodies this year as a pilot program. There were 11 joint audits performed earlier this year, and eight more are scheduled for the remainder of 2013. As a result of these audits, two Notified Bodies are no longer able to issue new certificates until issues are resolved. This will increase the pressure further for smaller Notified Bodies to merge with larger SNBs.

Will the EC Commission Achieve its Goal?

The EC Commission began pushing for the unannounced audits and increased scrutiny of Notified Bodies in response to the Poly Implant Prosthèse (PIP) breast implants scandal (http://bit.ly/MHRAReport). This was a case of fraud—not neglectful auditing. Some of the solutions proposed by the EC Commission, such as unannounced audits and performing physical inventories, are intended to prevent fraud. In 2014 we will see if these methods are effective. Still, I suspect auditors will remain a step or two behind companies committing fraud, and the only impact will be higher operating costs for medical device manufacturers.

Unannounced Audits: When will your Notified Body’s next audit be? Read More »

European Medical Device Regulations: A Bureaucratic Frankenstein

Author reviews details of the latest proposal for medical device CE Marking regulations in Europe–including recommendations and predictions for the plenary vote by the European Parliament.

The Future of Medical Device CE Marking European Medical Device Regulations: A Bureaucratic Frankenstein
Who will approve medical device CE Marking in the future?

Last year we were concerned about the potential for delays caused by the “Scrutiny Process”—Article 44 of the proposed European Medical Device Regulations (EMDR). Two weeks ago, we reported on the vote by the EU Parliament Committee for the Environment, Public Health and Food Safety (ENVI). The EVNI vote was in favor of the compromise amendments to the EMDR. This vote eliminated Article 44 and replaced it with Article 44a. Article 44a is a “case-by-case” assessment procedure for certain high-risk devices.

Comparison of Article 44a with the US FDA’s pre-market approval (PMA) process was made (http://bit.ly/EucomedSep25PressRelease), but the compromise amendment is unique. Three things differentiate the EMDR from any other system used in the World:

  1. Instead of a centralized regulatory authority like the US FDA, CE Marking will continue to use Notified Bodies. Still, we will now have two distinct classes: Regular Notified Bodies and Special Notified Bodies.
  2. The proposed “case-by-case” assessment process will involve the most complicated bureaucratic maze of three and four-letter acronyms in the World:
    1. Medical Device Advisory Committee (MDAC)
    2. Medical Device Coordination Group (MDCG)
    3. Special Notified Bodies (SNBs)
    4. European Medicines Agency (EMA)
    5. Assessment Committee for Medical Devices (ACMD)
  3. This insane process will be expanded to a broader range of devices than just Class III devices:
    • Class III devices,
    • Implantable devices,
    • Devices utilizing non-viable tissues/cells of human/animal origin or their derivatives,
    • Devices incorporating a medicinal, and
    • Devices for delivery of a medicinal.

What Will the Future CE Marking Process Be?

I started to draft a process flow chart for the case-by-case process, but others have already done this, and I have zero confidence that the current draft will be adopted. I hope that the following elements of the compromise proposal are eliminated:

  1. Existence of a Medical Device Advisory Committee (MDAC)
  2. Existence of an Assessment Committee for Medical Devices (ACMD)
  3. Direct Involvement of the Commission in the CE Marking Process
  4. Independent review of CE Marking in parallel with Notified Bodies, special or otherwise

The following elements of the compromise proposal are probably here to stay:

  1. Regular Notified Bodies will no longer be allowed to approve CE Marking of high-risk devices.
  2. High-risk devices will be expanded beyond Class III devices—as indicated above.
  3. The role of the EMA will be expanded to include oversight of Special Notified Bodies.
  4. The proposed MDCG will be created to interpret regulations and recommend changes, but the Commission will control the MDCG.

The following element is missing from the draft legislation: a lack of emphasis on post-market monitoring of device safety and performance. Post-market monitoring is critical because no regulatory process will ever be perfect. Regulators need a mechanism for efficiently identifying unsafe devices that are on the market and removing them quickly.

Predictions for the Plenary Vote on October 22

The Plenary vote by the EU Parliament is the next step of the legislative process. As I stated in my earlier blog (http://bit.ly/ENVIVotepasses), I do not expect a vote in favor of these amendments on October 22. There are currently too many unanswered questions about the details, and the cost will be great for implementing the ill-conceived compromise. European politicians need time to develop a plan for creating each of the new organizations, time to clarify the compromises, and time to quantify the economic impact of implementing the EMDR—especially in a fragile European economy.

The failure to pass accept the draft legislation and send it on to the Council for adoption would be bad. Still, other legal experts (i.e., Erik Vollebregt) believe that the actual situation is worse. In his October 1 blog posting, Erik suggested that Parliament would not amend the draft legislation further and would approve it. This forces the Council to accept the Frankenstein-like compromise that rapporteur Dagmar Roth-Behrendt has facilitated (http://bit.ly/DraftLegislation), or the Council must see past the political circus of the EU Parliament and draft a new proposal that makes sense.

If you want to learn more about the European legislative process, the procedure is explained in the following infogram: http://bit.ly/EULegislativeProcedure. I hope for outright rejection of the draft legislation in the Plenary, but Erik is probably right. Insanity will probably win, and we will be forced to watch in horror as the legislative process proceeds to the European Council.

European Medical Device Regulations: A Bureaucratic Frankenstein Read More »

Risk Control Selection – Deviation #5 in ISO 14971

ISO 14971:2012 deviation #5 is specific to selecting risk control options and protective measures for CE Marking medical devices.

%name Risk Control Selection   Deviation #5 in ISO 14971If your company is CE Marking medical devices, you are required to satisfy the Essential Requirements for Safety and Performance as defined in the three European Directives: the MDD, the AIMD, and the IVDD. Throughout these Essential Requirements, there is a requirement to reduce risks “as far as possible” (AFAP) by implementing risk controls. At one time, the expectation was for companies to implement state of the art concerning risk controls, and “state of the art” was interpreted as the latest version of the harmonized ISO Standards. However, lawyers dominating the European Commission appear to disagree with the status quo.

Therefore, in 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised. There is no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the ISO 14971 Standard and the EU Directives. These deviations are identified and explained in Annexes ZA, ZB, and ZC. This blog is the fifth installment of Medical Device Academy’s seven-part blog series on this topic. The goal of the series is to identify solutions for meeting the Essential Requirements by suggesting changes to the current best practices of implementing a risk management process for medical device design.

Discretion as to the Risk Control Options/Measures

Essential Requirements 1 and 2 require that risk control options are implemented for all risks before determining the acceptability of residual risks. The 2nd Essential requirement also requires manufacturers to implement all risk control options—unless the risk controls do not further reduce risk.iso14971 deviation 5 Risk Control Selection   Deviation #5 in ISO 14971

Clause 6.2 of the 14971 Standard suggests that you only need to use “one or more” of the risk control options, and Clause 6.4 indicates that further risk control measures are not required if the risk is acceptable. There is an apparent contradiction between the intent of the Standard and the Directives.

If risk acceptability has no impact on whether you will implement risk controls, there is no need for performing a preliminary risk evaluation. Therefore, I have three recommendations for changes to your current risk management process:

  1. Ignore Clause 5 of the 2007/2009 version of ISO 14971
  2. Eliminate the second step of risk assessment from your flow chart for risk management (see Figure 1 from the 14971 Standard)
  3. Define risk management policies upon clinical benefits, rather than absolute risks

Instead of performing a preliminary risk evaluation (Clause 6.5), risk/benefit analysis should be moved to Clause 7, where the evaluation of overall residual risk acceptability is required. By making this change, risk controls will be implemented, regardless of risk acceptability, and the acceptability of risks will be dependent upon the risk/benefit analysis alone.

Impact of this Deviation

Implementing changes to your risk management process to address this deviation has great potential to impact the design of devices—not just the risk management documentation. Design teams will no longer be able to stop the design process with an initial design that has an “acceptable risk.” Instead, design teams will be forced to implement additional risk controls and protective measures for device designs that already have a low risk of harm for specific failure modes.

The requirement to implement additional risk controls will increase the cost of devices that may have been relatively safe without the risk controls. For example, if a device is not intended to be implanted, it is a potential foreseeable misuse. Your company may have used the instructions for use to communicate the residual risk associated with misuse of the device. However, now your company will have to implement design controls (e.g., –a selection of materials suitable for implantation) to eliminate the risks associated with misuse and protective measures (e.g., – radio-opaque thread) to help retrieve product that was implanted in an “off-label” usage.

If you are interested in risk management training, Medical Device Academy offers a risk management training webinar.

Risk Control Selection – Deviation #5 in ISO 14971 Read More »

Scroll to Top