Medical Device CE Mark: Is ISO 9001 Certification Required?

CE Marking / By / , , ,

For the medical device CE mark: is ISO 9001 certification required? The advantages and dangers of focusing too much on ISO certification are also reviewed.

ISO 9001 is a general quality management system standard, and ISO 9001:2008 is the most recent revision. The focus of that ISO 9001 is customer satisfaction and continual improvement. For medical devices, the applicable international Standard is ISO 13485:2003. This Standard is based upon the ISO 9001 standard, but clauses were added for the specific needs of medical device regulations. Also, the focus of the Standard was changed:

table faq 6 Medical Device CE Mark: Is ISO 9001 Certification Required?

For CE Marking of medical devices, there is a European National version of the Standard: EN ISO 13485:2012 (http://bit.ly/ENISO13485-2012). This is the official harmonized version of the Standard, and certification to EN ISO 13485 presumes compliance with the applicable European New Approach Directives (http://bit.ly/PlenaryVoteBlog). It is not, however, “required” to be ISO certified to either Standard for CE Marking.

If a company chooses not to be certified to a harmonized standard, then the company must:

  1. Be audited to one of the New Approach Directives by their Notified Body, and
  2. Demonstrate how the quality management system they have created complies with the requirements of the applicable Directive(s).

Advantages of ISO certification

The primary advantage of ISO Certification is that your quality system is standardized. Standardization makes it easier for auditors to do their job, and for companies to implement “off-the-shelf” solutions for routine issues that most medical device companies are faced with. Your customers will recognize international standards, and this increases consumer confidence. It has been a considerable benefit to the European Union (EU), because the EU Member States (http://bit.ly/CECountries) have been able to rely heavily upon international standards, instead of having legal debates over nuances between technical Standards developed by each member state.

Another advantage of using harmonized ISO standards is that regulators can establish minimum requirements for all companies. In my experience, the ISO standards are more burdensome for low-risk devices than is probably necessary. However, the ISO standards are often less burdensome for high-risk devices than is perhaps necessary. For the CE Marking process to work effectively, manufacturers must be the experts for their specific device and know when it is required to do more than the minimum. For example, there is an ASTM test specification for cyclic testing of orthopedic implants. Still, recent experience with metal-on-metal (MoM) implants has demonstrated that the ASTM test method is not an adequate predictor of long-term safety and performance. If manufacturers do not develop this expertise, then technical reviews for CE Marking can be quite painful and drawn out as the reviewer is forced to educate the manufacturer on the “State of the Art.”

Dangers of focusing too much upon ISO certification

I find that most medical device company managers are well aware of the ISO 13485 requirements today, but I also believe that many are less aware of the requirements of 21 CFR 820 (http://bit.ly/21CFR820-25) than they were before ISO 13485:2003. Some consulting clients have managers that believe certain regulatory requirements are “just an ISO thing.” It concerns me when the Top Management of a company doesn’t understand basic differences between ISO certification, compliance with 21 CFR 820, and other regulatory requirements. It is the responsibility of the Management Representative to promote awareness of regulatory requirements throughout the organization (i.e., ISO 13485, Clause 5.5.1c). Still, the Management Representative needs the support and commitment of Top Management to promote awareness effectively.

CAPAs, Internal Audits, and Management Reviews are core processes of the ISO 13485 standard. Still, these are also regulatory requirements for the US FDA, Health Canada and CE Marking medical devices in Europe. ISO 13485 Certification, however, is only a mandatory requirement for Canadian Medical Device Licensing (http://bit.ly/FindCMDR). Companies need to focus on the core processes of the quality system and get these right first. In many ways, I would prefer to see companies develop their quality system architecture that best fits their needs. One company I audited did this. Their company has “Leadership Principles.” You can map all of the clauses of ISO 13485 to a specific “Leadership Principle” at that company, but there are requirements included in their principles that exceed the requirements of ISO 13485. If there were no ISO standards, we might see more creative thinking and innovation in the area of quality management systems. Therefore, I encourage every Management Representative to challenge the status quo and to think of ways to improve beyond ISO standards AND meet regulatory requirements.

Medical Device CE Mark: Is ISO 9001 Certification Required? Read More »

Effective training – six steps to teach QMS procedures

1 Comment / ISO Certification / By / , , ,

Six steps to conducting effective training on medical device QMS procedures, including questions to ask for building consistent procedures.

%name Effective training six steps to teach QMS proceduresEffective Training on QMS Procedures

There are six steps to conducting effective training on medical device QMS procedures, including questions to ask for building consistent procedures.

Your Quality Management System (QMS) needs to provide objective evidence (i.e., records) that your staff is trained on the procedures they use and that their training was effective. You must also establish documented requirements for competency. The following examples might help:

  1. A record of you attending a course is a training record.
  2. A record of your taking and passing an exam related to that course is a record of training effectiveness.
  3. A record of you performing a procedure, witnessed by the trainer, is a record of competency. Your resume can also be a record of competency.

Unless a change is trivial in nature, signing a piece of paper that states you read and understood a procedure does not demonstrate training effectiveness. Learning and training are active processes that require engagement and interaction.

In a previous blog, I described a slightly different procedure structure with some extra sections. There are a number of benefits to that structure, one of which is that the structure facilitates training. The additional sections are referred to in this blog. Whatever template you use, consistency of structure, and presentation across your procedures makes the procedures easier to learn and increases usability.

6 Points to Consider for Effective Training on Medical Device QMS Procedures

  1. Training requirements. For a new procedure, decide early in your writing which roles require training, what content is needed, and to what level is competency necessary. The example below is a table from a Quality Auditing procedure. The table shows the different requirements for different roles. I prefer to put this information in the procedure document—where it is unlikely to be overlooked or forgotten.training procedure Effective training six steps to teach QMS procedures
  2. Open book? For each of the roles listed above, determine whether you need trainees to be able to follow the procedure without the document at hand, or to know the procedure, and be able to find what they need.
  3. Training method. One-on-one or group? Classroom style, on-job, or remote? This depends on your company, the nature of the procedure, and your requirements above.
  4. PowerPoint or not? My preference is to walk trainees through the procedure, actually, have them flip the pages and write notes on it. If I use PowerPoint, it’s to clarify the structure and emphasize important points.
  5. Control of training copies. Paper copies of procedures and forms used for training should be controlled. Your Document Control procedure should allow for clearly marked “Training” copies to be available before the effective date. Make sure your training also reminds trainees where to find the officially released copy of procedures after training is completed.
  6. Control of training material. Include your slides, training scenarios, quizzes, etc. in your document control system. Review and revise them each time you change a procedure. 

Building Consistent Procedures: Questions to Ask and Recommendations

Use a consistent structure for your procedures, then build a consistent training structure around that. The predictability in structure will improve the effectiveness of your training.

  1. Purpose. Why are we doing this? What is the outcome we are after?
  2. Scope. When do I use this procedure? When do I not, and what do I do as an alternative?
  3. References. How does this interface with other procedures? Turtle diagrams or interface maps are useful here
  4. Definitions. Unfamiliar jargon, and terms that are used in a very specific way in this procedure
  5. Risk. What risks does this procedure address? How does this affect the design of the procedure – why are we doing it that way? Refer to our earlier blog where we explain how to include this in each procedure
  6. The procedure. Walkthrough the flowchart, explain the accompanying notes, and relate the procedure flow to the responsibilities and authorities outlined earlier in the procedure
  7. Records. What do I do with the completed records from this procedure? Where do I find a copy when I need it?
  8. Examples. I suggest a training version of the form (which should be available later for reference) with guidance and examples
  9. Practice. Provide a scenario and a blank form for trainees to work through, individually or in groups
  10. Testing. Check that the training has been effective. The role competencies that were defined earlier are the basis for the effectiveness criteria for a procedure. This training module may be enough to achieve that level, or a broader training program may be required to ensure operational-level competence. See our blog on training exams for more advice on testing.

Effective training – six steps to teach QMS procedures Read More »

IEC 60601 Medical Electrical Equipment Classification: FAQs

6 Comments / IEC 60601 / By / , , ,

IEC 60601 medical electrical equipment classification frequently asked questions are discussed in this blog. 

subclause IEC 60601 Medical Electrical Equipment Classification: FAQs

All clause references in this blog are to both IEC 60601-1:2005 (3rd edition) and IEC 60601-1:2005 (3rd edition) + Amendment 1:2012 (http://bit.ly/IEC60601-1am1), or the consolidated version IEC 60601-1:2012 ed. 3.1, but the actual text comes from edition 3.1 (http://bit.ly/IEC60601Consolidated).

*Note: ALL CAPITAL LETTERS identifies a defined term for the IEC 60601 series of standards within this blog.

What are the various classifications that are used in IEC 60601-1, edition 3.1? – The table at the beginning of this blog posting identifies the five parts of the Classification section. Each classification is described in more detail below.

Why do I need to classify my product for IEC 60601-1, 3rd ed.? – The standard says you have to classify …ME EQUIPMENT, or parts thereof, including applied parts… as noted in sub-clause 6.1. But a more practical reason you would want to classify your products that fall under the scope of IEC 60601-1 (http://bit.ly/60601scope) is it is a helpful tool in identifying the requirements that apply to the device and helps us in determining the test plan for the product to be tested.

What is an applied part? – The definition of an APPLIED PART is in sub-clause 3.8 of the standard. It states that an APPLIED PART is “part of ME EQUIPMENT that in NORMAL USE necessarily comes into physical contact with the PATIENT for ME EQUIPMENT or an ME SYSTEM to perform its function.” So, it can be a cable, lead, electrode, or many other parts of an ME EQUIPMENT, or an ME SYSTEM that is intended, by the manufacturer, in its NORMAL USE to come in contact with the PATIENT.

What are the classifications for Protection Against Electric Shock? –Two classifications fall under sub-clause 6.2 of the standard: 1) the power source, and 2) applied parts. Power sources can be an external power source and is either classified as a class I or class II ME EQUIPMENT or an internal power source, which is classified as INTERNALLY POWERED MEDICAL EQUIPMENT.

Power Sources – External Class I, External Class II, or Internal – Class I provides its protection against electric shock by having an additional safety ground (known as PROTECTIVELY EARTHED) that is connected to the internal and/or external conductive parts (metal) of the power source. Class II provides its protection against electric shock by having an additional layer of insulation beyond that of BASIC INSULATION (a single layer of insulation) and is provided either by DOUBLE INSULATION (two layers of insulation) or by REINFORCED INSULATION (the same as for DOUBLE INSULATION, but as one insulation system that is twice as thick, typically). An internal power source is usually a battery.

Applied Parts – B, BF, CF (also defibrillation-proof) – The second classification for protection against electric shock is for APPLIED PARTS. APPLIED PARTS are classified in one of six ways, and a product can have more than one type of APPLIED PARTS. The classifications for applied parts are type B, BF, or CF. Each of these three classifications can be DEFIBRILLATION-PROOF APPLIED PARTS for a total of 6 classifications. There are six separate symbols for these APPLIED PARTS, and they are noted in the table below, which comes from Table D.1 of Annex D of the standard.

symbols IEC 60601 Medical Electrical Equipment Classification: FAQsWhy do we have classifications for protection against electric shock? – Protection against electrical shock is important because electric shock is one of the main areas of concern in most electrical safety standards as the shock hazard can cause harm to the OPERATOR or PATIENT or even death. The main reason is we want to protect the PATIENT, who may have a depressed immune system from getting an electric shock that could injure or potentially kill the PATIENT. The depressed immune system makes them more likely to be harmed by an electric shock. We also want to consider the OPERATOR of the device, but they should not have a depressed immune system, so the worst-case to consider is the PATIENT.

What are the classifications for protection against harmful ingress of water or particulate matter? – There is a wide variety of these classifications (per sub-clause 6.3 of IEC 60601-1), and they are based on the standard IEC 60529 (http://bit.ly/IEC60529) titled “Degrees of protection provided by enclosures (IP Code).” The IP Codes range from IP00 to IP68, which means respectively no protection against contact and ingress of objects along with not being protected against liquid ingress (IP00) to No ingress of dust; complete protection against contact along with protected against the effects of continuous immersion in water (IP68).  Table D.3, 2nd row (copied below), in the IEC 60601-1 standard details all the classifications in a summary list.

ipnn IEC 60601 Medical Electrical Equipment Classification: FAQsWhy do we have classifications for protection against harmful ingress of water or particulate matter? – The reason we want to protect the ENCLOSURES of the device is to protect against ingress of these items (liquids and particulates), so they reduce the possibility of causing a hazard, such as a short based on bridging the electronics of the device causing potentially a fire hazard, a shock hazard, a thermal hazard, or other potential hazards.

What are the classifications for methods of sterilization? – For any part of the ME EQUIPMENT or its parts intended to be sterilized needs to be classified per the requirements of sub-clause 6.4. Classifications are based on the types of sterilization methods used in the medical device industry currently such as ethylene oxide (EtO), irradiation by gamma radiation, and moist heat by autoclave. The standard also mentions “…other methods validated and described by the MANUFACTURER.” Classification of sterilization methods is critical because each sterilization method presents unique environmental conditions that can adversely affect the ME EQUIPMENT. For example, EtO Sterilization frequently includes a vacuum cycle which may not be suitable for embedded batteries.

Why do we have a classification for suitability in an oxygen-rich environment? – The RISK of fire in an OXYGEN RICH ENVIRONMENT is considered to exist when a source of ignition is in contact with ignitable material (i.e., flammable materials) and there is no barrier (i.e., a solid enclosure) to prevent the spread of fire.

What are the classifications for modes of operation? – There are two modes of operation described in IEC 60601-1, edition 3.1: 1) CONTINUOUS OPERATION, and 2) non-CONTINUOUS OPERATIONS. When a device is classified as non-CONTINUOUS OPERATION, there is some type of duty cycle involved, so the device is rated properly. A duty cycle means the device is rated to be on for a certain period of time and off for a certain period of time. Many times the duty cycle is required, so a device may pass the EXCESSIVE temperatures in the ME EQUIPMENT test in sub-clauses 11.1.1 & 11.1.2 so as not to exceed the limits of the test requirements.

Leo Photo Cropped IEC 60601 Medical Electrical Equipment Classification: FAQsIf you have questions about this topic or need help with compliance to the IEC 60601 series of Standards, you can email Leo Eisner (http://bit.ly/ConnectwithLeo) directly at Leo@EisnerSafety.com or call Leo at +1-(503)-244-6151. He is the owner and founder of Eisner Safety Consultants (http://bit.ly/LeoEisner).

IEC 60601 Medical Electrical Equipment Classification: FAQs Read More »

Quality Management System Training Presentations and Exams

3 Comments / ISO Certification / By / , , , , ,

Methods for developing a quality management system training presentation and exam to demonstrate training effectiveness for QMS procedures.

Certificate of Participation 1024x768 Quality Management System Training Presentations and Exams

Quality Management System Training

Training records are a basic expectation for any quality system (i.e., Clause 6.2.2 of ISO 13485), but demonstrating effectiveness (Sub-Clause 6.2.2c) and competency (Sub-Clause 6.2.2a) is also required. Verifying training competency will be the subject of a future blog, but this blog focuses on the most common method for demonstrating training effectiveness—an exam.

Resource Needs

The challenge with creating a training exam is that it takes a serious time commitment to create a training presentation, to write an exam, to grade the exam each time an employee is trained, and issue training certificates. Each time you revise the procedure, you need to decide if retraining is required and how you will verify the effectiveness of training on the revised procedure. Finally, you need qualified trainers with appropriate documentation of their competency.

The larger your company is, the more value you will realize from creating training exams. Unfortunately, larger companies usually have more procedures too. It typically takes me 2-4 hours to develop a new training presentation for a process or procedure. I am currently developing training presentations for a small drug/device company that will have approximately 30 procedures. Therefore, it could take 60-80 hours to create training presentations for all the procedures.

Quality Management System Training Presentation Content

We have developed training courses for critical processes, such as CAPA, internal auditing, and design controls. Medical Device Academy will also be offering a free webinar in November on the topic of conducting more effective Management Review meetings. For other processes, such as calibration, we recommend the following step-by-step approach:

  1. Overview slide of requirements
  2. A slide for each sub-clause
  3. An example of how the procedure is applied
  4. An overview of the procedures’ key points

Our calibration procedure required a total of 11 slides—including a title slide and a slide for contact information. We also included a cross-reference to the applicable section of the procedure for each sub-clause of the ISO 13485 Standard (i.e., 7.6a, 7.6b, etc.). A balance used to weigh components was the training example, and there was a slide that explained essential considerations that can affect the accuracy of a balance.

During the process of creating the training presentation, we noticed that one of the sub-clauses of ISO 13485, 7.6, was not addressed by the procedure. Therefore, our systematic approach simplified the creation of a training presentation, and the strategy helped to identify a non-conformity in the procedure before it was released.

Exam Content

Verifying effective training is easiest with the use of quizzes or exams to test what the person learned. For training exams, we try to ensure that exam questions are objective and easy to grade. Therefore, most exams are ten questions. Questions are typically the fill-in-the-blank type of questions or multiple-choice questions. “Trick questions” are not recommended, but we do recommend using questions that force the trainee to look up the answers. This will force the trainee to become more familiar with the procedure.

For our calibration training exam, we could easily have one question corresponding to each slide, but not every sub-clause requirement is equally important. Therefore, we always try to include a question related to the most common things auditors and FDA inspectors will be looking for.

The calibration process includes a requirement to assess the impact on a product if a measurement device used for inspections is found to be Out-Of-Tolerance (OOT). Is there a need to retest or even recall products?

Almost every auditor I meet asks the above question during an audit, and most will even request records of calibrated devices that were found OOT.

Grading & Certificates

We typically use 70% as the criteria for passing an exam. The exams are protected forms with spaces to fill in and checkboxes. There are also spaces for the trainee’s name, title, and date of the training. Exams are emailed to the instructor, and the instructor will unprotect the document. The correct answers are indicated by highlighting the choice in green. Incorrect answers are indicated by highlighting the choice in red. Explanations for why an answer is incorrect are added after the question and highlighted in yellow. The graded exam is then emailed back to the trainee—along with a training certificate similar to the one shown at the beginning of this blog.

Retraining

In one of our blog posts, we recommended including a section on training and retraining requirements in each procedure. The challenge with revised procedures is that retraining is not always required. If retraining is needed, we recommend the following approach:

  1. Create a separate retraining exam
  2. Include a question(s) specific to the procedural revisions
  3. Include a question(s) specific to recent nonconformities in the process (if any)

If you are interested in learning more about procedures, records, and training as it relates to ISO 13485 Certification, please consider our ISO 13485 webinar training.

 

Quality Management System Training Presentations and Exams Read More »

Unannounced Audits: When will your Notified Body’s next audit be?

1 Comment / CE Marking / By

The author reviews details of the European Commission’s recommendations for medical device auditing by Notified Bodies–including unannounced audits, joint audits of Notified Bodies, and the likelihood of Notified Body mergers.

Were Back 300x146 Unannounced Audits: When will your Notified Body’s next audit be?

On September 25, I posted a blog about the release of the EU Commission’s recommendation on medical device audits and assessments performed by Notified Bodies (http://bit.ly/ENVIVotepasses). You can download the final released version of the recommendation directly from the Official Journal of the European Union (http://bit.ly/ECRecommendation). The most talked-about component of the recommendation is Annex III, which is specific to unannounced audits. I had the pleasure of being invited and attended a TUV SUD.

Training session two weeks ago in Boston (post-RAPS). Hans Heiner Junker (http://bit.ly/Hans-Heiner-Junker) reviewed the recommendation with attendees line-by-line, and there were several items where he said we don’t know what this means, or how this would be implemented. Notified Bodies that are part of Team-NB have met to discuss the interpretation of earlier drafts of the announcement, and each member state is expected to adopt the EC recommendation. For more details about the Team-NB position on the EC recommendation, you can download an article written by Gert Bos of BSI (http://bit.ly/UnannouncedAuditPrep).

Below are the more notable aspects of the EC recommendation.

Annex II – Quality System Assessment

#15 in the list states that “Notified bodies should check the coherence between the quantity of produced or purchased crucial raw material or components approved for the design and the number of finished products.” This recommendation is a direct response to the PIP scandal (http://bit.ly/MHRAReport), but how would an auditor perform a physical inventory during a quality system audit?

At the end of Annex II, the Commission makes recommendations regarding subcontractors. It states that “Notified bodies should refrain from signing arrangements with manufacturers unless they receive access to all critical subcontractors and crucial suppliers and thus to all sites where the devices or its crucial components are produced, regardless of the length of the contractual chain between the manufacturer and the subcontractor or supplier.” Does your supplier quality agreement have this provision?

If you think the above recommendation is unreasonable, items a, b, c, and d at the end of the section, stretch credibility to the limit. My personal favorite is item (b), “Notified bodies should note that manufacturers…do not fulfill their obligation to have at their disposal the full technical documentation and/or of a quality system by referring to the technical documentation of a subcontractor or supplier and/or to their quality system.” If your supplier has confidential processes and trade secrets, your company has no choice but to reference the subcontractor’s documentation. Therefore the requirement to have full technical documentation will need to be addressed by the use of supplier agreements, which allow Notified Bodies access to the Technical Documentation. This requirement will also need to be clarified by the Commission.

Annex III – Unannounced Audit

#1 in the list recommends that unannounced audits shall be conducted once every three years, and more frequently for high-risk devices. The recommendation also states that at least two auditors shall conduct the audits. This represents a 25-50% increase in the number of QMS audit days in a three-year certification cycle. I wonder where Notified Bodies will find 25-50% more auditors to perform these unannounced audits?

This annex includes a requirement that Notified Body contracts with manufacturers would require the manufacturer to inform the Notified Body of the period when devices will not be manufactured. The rationale behind this requirement is so that Notified Bodies will know when they can visit and observe manufacturing actually in progress. However, most Notified Body auditors are scheduled for their audits at least 90 days in advance. Therefore, auditors will have great difficulty ensuring that unannounced audits coincide with the timing of manufacturing lots.

The recommendations also call for unannounced audits of critical suppliers. How will Notified Bodies find the resources to perform these audits when there is already a shortage of qualified auditors?

Notified Body Consolidation is Coming Soon

You may have noticed Notified Bodies are already making a few changes to address the need for qualified auditors:

  1. Unhappy auditors are being lured away from one Notified Body by another
  2. Notified Bodies are using recruiters and advertising open positions with high pay
  3. Sub-contractors are being offered part-time jobs as 3rd party auditors

The compromise amendment 44a to the proposed European Medical Device Regulations (http://bit.ly/EMDR-Frankenstein), creates a new class of Notified Body—the “Special Notified Body” (SNB). This will eliminate the most profitable business for any Notified Body that is not deemed “Special.” This may create an opportunity for larger SNBs to hire the key employees away from smaller Notified Bodies more rapidly.

Competent Authorities have also started performing joint inspections of Notified Bodies this year as a pilot program. There were 11 joint audits performed earlier this year, and eight more are scheduled for the remainder of 2013. As a result of these audits, two Notified Bodies are no longer able to issue new certificates until issues are resolved. This will increase the pressure further for smaller Notified Bodies to merge with larger SNBs.

Will the EC Commission Achieve its Goal?

The EC Commission began pushing for the unannounced audits and increased scrutiny of Notified Bodies in response to the Poly Implant Prosthèse (PIP) breast implants scandal (http://bit.ly/MHRAReport). This was a case of fraud—not neglectful auditing. Some of the solutions proposed by the EC Commission, such as unannounced audits and performing physical inventories, are intended to prevent fraud. In 2014 we will see if these methods are effective. Still, I suspect auditors will remain a step or two behind companies committing fraud, and the only impact will be higher operating costs for medical device manufacturers.

Unannounced Audits: When will your Notified Body’s next audit be? Read More »

European Medical Device Regulations: A Bureaucratic Frankenstein

1 Comment / CE Marking / By

Author reviews details of the latest proposal for medical device CE Marking regulations in Europe–including recommendations and predictions for the plenary vote by the European Parliament.

The Future of Medical Device CE Marking European Medical Device Regulations: A Bureaucratic Frankenstein
Who will approve medical device CE Marking in the future?

Last year we were concerned about the potential for delays caused by the “Scrutiny Process”—Article 44 of the proposed European Medical Device Regulations (EMDR). Two weeks ago, we reported on the vote by the EU Parliament Committee for the Environment, Public Health and Food Safety (ENVI). The EVNI vote was in favor of the compromise amendments to the EMDR. This vote eliminated Article 44 and replaced it with Article 44a. Article 44a is a “case-by-case” assessment procedure for certain high-risk devices.

Comparison of Article 44a with the US FDA’s pre-market approval (PMA) process was made (http://bit.ly/EucomedSep25PressRelease), but the compromise amendment is unique. Three things differentiate the EMDR from any other system used in the World:

  1. Instead of a centralized regulatory authority like the US FDA, CE Marking will continue to use Notified Bodies. Still, we will now have two distinct classes: Regular Notified Bodies and Special Notified Bodies.
  2. The proposed “case-by-case” assessment process will involve the most complicated bureaucratic maze of three and four-letter acronyms in the World:
    1. Medical Device Advisory Committee (MDAC)
    2. Medical Device Coordination Group (MDCG)
    3. Special Notified Bodies (SNBs)
    4. European Medicines Agency (EMA)
    5. Assessment Committee for Medical Devices (ACMD)
  3. This insane process will be expanded to a broader range of devices than just Class III devices:
    • Class III devices,
    • Implantable devices,
    • Devices utilizing non-viable tissues/cells of human/animal origin or their derivatives,
    • Devices incorporating a medicinal, and
    • Devices for delivery of a medicinal.

What Will the Future CE Marking Process Be?

I started to draft a process flow chart for the case-by-case process, but others have already done this, and I have zero confidence that the current draft will be adopted. I hope that the following elements of the compromise proposal are eliminated:

  1. Existence of a Medical Device Advisory Committee (MDAC)
  2. Existence of an Assessment Committee for Medical Devices (ACMD)
  3. Direct Involvement of the Commission in the CE Marking Process
  4. Independent review of CE Marking in parallel with Notified Bodies, special or otherwise

The following elements of the compromise proposal are probably here to stay:

  1. Regular Notified Bodies will no longer be allowed to approve CE Marking of high-risk devices.
  2. High-risk devices will be expanded beyond Class III devices—as indicated above.
  3. The role of the EMA will be expanded to include oversight of Special Notified Bodies.
  4. The proposed MDCG will be created to interpret regulations and recommend changes, but the Commission will control the MDCG.

The following element is missing from the draft legislation: a lack of emphasis on post-market monitoring of device safety and performance. Post-market monitoring is critical because no regulatory process will ever be perfect. Regulators need a mechanism for efficiently identifying unsafe devices that are on the market and removing them quickly.

Predictions for the Plenary Vote on October 22

The Plenary vote by the EU Parliament is the next step of the legislative process. As I stated in my earlier blog (http://bit.ly/ENVIVotepasses), I do not expect a vote in favor of these amendments on October 22. There are currently too many unanswered questions about the details, and the cost will be great for implementing the ill-conceived compromise. European politicians need time to develop a plan for creating each of the new organizations, time to clarify the compromises, and time to quantify the economic impact of implementing the EMDR—especially in a fragile European economy.

The failure to pass accept the draft legislation and send it on to the Council for adoption would be bad. Still, other legal experts (i.e., Erik Vollebregt) believe that the actual situation is worse. In his October 1 blog posting, Erik suggested that Parliament would not amend the draft legislation further and would approve it. This forces the Council to accept the Frankenstein-like compromise that rapporteur Dagmar Roth-Behrendt has facilitated (http://bit.ly/DraftLegislation), or the Council must see past the political circus of the EU Parliament and draft a new proposal that makes sense.

If you want to learn more about the European legislative process, the procedure is explained in the following infogram: http://bit.ly/EULegislativeProcedure. I hope for outright rejection of the draft legislation in the Plenary, but Erik is probably right. Insanity will probably win, and we will be forced to watch in horror as the legislative process proceeds to the European Council.

European Medical Device Regulations: A Bureaucratic Frankenstein Read More »

Risk Control Selection – Deviation #5 in ISO 14971

2 Comments / ISO 14971:2019 (Risk Management) / By / , , , ,

ISO 14971:2012 deviation #5 is specific to selecting risk control options and protective measures for CE Marking medical devices.

%name Risk Control Selection Deviation #5 in ISO 14971If your company is CE Marking medical devices, you are required to satisfy the Essential Requirements for Safety and Performance as defined in the three European Directives: the MDD, the AIMD, and the IVDD. Throughout these Essential Requirements, there is a requirement to reduce risks “as far as possible” (AFAP) by implementing risk controls. At one time, the expectation was for companies to implement state of the art concerning risk controls, and “state of the art” was interpreted as the latest version of the harmonized ISO Standards. However, lawyers dominating the European Commission appear to disagree with the status quo.

Therefore, in 2012, the European National (EN) version of the Medical Device Risk Management Standard was revised. There is no change to the content of Clauses 1 through 9. Instead, the European Commission identified seven content deviations between the ISO 14971 Standard and the EU Directives. These deviations are identified and explained in Annexes ZA, ZB, and ZC. This blog is the fifth installment of Medical Device Academy’s seven-part blog series on this topic. The goal of the series is to identify solutions for meeting the Essential Requirements by suggesting changes to the current best practices of implementing a risk management process for medical device design.

Discretion as to the Risk Control Options/Measures

Essential Requirements 1 and 2 require that risk control options are implemented for all risks before determining the acceptability of residual risks. The 2nd Essential requirement also requires manufacturers to implement all risk control options—unless the risk controls do not further reduce risk.iso14971 deviation 5 Risk Control Selection Deviation #5 in ISO 14971

Clause 6.2 of the 14971 Standard suggests that you only need to use “one or more” of the risk control options, and Clause 6.4 indicates that further risk control measures are not required if the risk is acceptable. There is an apparent contradiction between the intent of the Standard and the Directives.

If risk acceptability has no impact on whether you will implement risk controls, there is no need for performing a preliminary risk evaluation. Therefore, I have three recommendations for changes to your current risk management process:

  1. Ignore Clause 5 of the 2007/2009 version of ISO 14971
  2. Eliminate the second step of risk assessment from your flow chart for risk management (see Figure 1 from the 14971 Standard)
  3. Define risk management policies upon clinical benefits, rather than absolute risks

Instead of performing a preliminary risk evaluation (Clause 6.5), risk/benefit analysis should be moved to Clause 7, where the evaluation of overall residual risk acceptability is required. By making this change, risk controls will be implemented, regardless of risk acceptability, and the acceptability of risks will be dependent upon the risk/benefit analysis alone.

Impact of this Deviation

Implementing changes to your risk management process to address this deviation has great potential to impact the design of devices—not just the risk management documentation. Design teams will no longer be able to stop the design process with an initial design that has an “acceptable risk.” Instead, design teams will be forced to implement additional risk controls and protective measures for device designs that already have a low risk of harm for specific failure modes.

The requirement to implement additional risk controls will increase the cost of devices that may have been relatively safe without the risk controls. For example, if a device is not intended to be implanted, it is a potential foreseeable misuse. Your company may have used the instructions for use to communicate the residual risk associated with misuse of the device. However, now your company will have to implement design controls (e.g., –a selection of materials suitable for implantation) to eliminate the risks associated with misuse and protective measures (e.g., – radio-opaque thread) to help retrieve product that was implanted in an “off-label” usage.

If you are interested in risk management training, Medical Device Academy offers a risk management training webinar.

Risk Control Selection – Deviation #5 in ISO 14971 Read More »

Procedure template for ISO ISO 13485:2016 quality systems

5 Comments / ISO Certification / By / , , , ,

This 12-part procedure template for your medical device QMS can result in writing shorter, more effective documents that facilitate training.%name Procedure template for ISO ISO 13485:2016 quality systems

Procedure Template

We all have a standard template for our quality system procedures. Typically, we begin with purpose, scope, and definitions. This 12-part procedure template for your medical device QMS  can result in shorter, more effective documents that are easier to train personnel on.

1. Purpose. Often I read something like, “This purpose of this document is to describe the CAPA procedure.” That necessary information is the reason why we title procedures. A better statement of purpose would be, “The purpose of this procedure is to provide a process for identifying, preventing and eliminating the causes of an actual or potential nonconformity, and using risk management principles.” The second version gives readers a better indication of the purpose of the procedure.

2. Scope. This section should identify functions or situations that the procedure applies to, but it is even more critical to identify which situations the procedure does not apply to.

3. References and Relationships. Reference documents that apply to the entire quality management system (e.g., – ISO 13485 and 21 CFR 820) only need to be listed in the Quality Manual. This reduces the need for future revisions to the procedures. I list here any procedure-specific external standard (e.g., – ISO 14971) in the applicable procedure. The relationship between procedures is more important than the references. Therefore, I prefer to use a simple flow diagram, with inputs and outputs, similar to the one below for a document control process.

sys 001 Procedure template for ISO ISO 13485:2016 quality systems

4. Document Approval. Who must sign off on the procedure? Keep this list short. Ideally, just the primary process owner and Quality Manager (to ensure consistency and integrity across the quality management system).

5. Revision History. A brief listing of each revision and a brief description of what was changed in the procedure.

6. Responsibilities and Authorities. A listing of the main areas of responsibility for each role. Remember to include the title of managers who may be required to approve forms, or make key decisions.

7. Procedure. I prefer to create a detailed flowchart outlining each step of a process before writing the procedure. Each task box in the flowchart will include a reference number. If you organize the reference numbers in an outline format, then you can write the text of your procedure to match the flowchart—including the numbering of the flowchart task boxes.

example Procedure template for ISO ISO 13485:2016 quality systemscapa Procedure template for ISO ISO 13485:2016 quality systems

8. Monitoring and Measurement. An explanation of how the process is monitored and measured, who does it, how often, format, method of communicating the analysis, and what process that analysis will be input into, e.g., Management Review.

9. Training/Retraining. Tabulated, which roles need to be trained in this procedure, and to what level? The example below is also from a Document Control procedure.role Procedure template for ISO ISO 13485:2016 quality systems

10. Risk Management. This section identifies risks associated with each procedure and how the procedure controls those risks. As well as complying with the requirement to apply risk management throughout product realization (i.e., Clause 7 of ISO 13485), including a section specific to risk management forces the author of the procedure to think of ways the process can fail and to develop ways to avoid failure. Risks can also be a starting point for training people on the procedure.

11. Records. Tabulated, form number and names, a brief description of its purpose, and a column for retention and location. This column also allows for reference to compilations if the record becomes part of, e.g., the Design History File, Device Master Record, or the Risk Management File.

12. Flowcharts. Step-by-step through the process, saying who performs the step when it isn’t apparent. I keep task shapes simple: rectangles for tasks, rounded rectangles for beginnings and endings, diamonds for decision boxes, and off-page reference symbols.

When the task needs supporting text, e.g., guidance or examples, put a number in the box and a corresponding number in the table in (7) above.  Ideally, the flowcharts are placed in the document with the Notes table on the same page or the opposite page. In practice, I often put them at the end to simplify the layout. One of my clients loves her flowcharts and puts them on the front page.

Benefits of this Approach

Information is well structured and presented consistently across procedures, more so than can be achieved through narrative.

  • The flowchart is the primary means of documenting the procedure.
  • Tables provide details that are not clear in the flowchart.

The procedure structure described above facilitates a consistent training approach built around the document. Purpose and scope are presented first, and then the Risk section is presented to explain what is essential in the procedure and why. The flowchart, the table, and the formwork together describe each step of the procedure. Finally, a PowerPoint template can be used to guide process owners in developing their training.

And to make it even easier, you have already spelled out who needs to be trained and to what level.

Procedure template for ISO ISO 13485:2016 quality systems Read More »

What are the Essential Requirements for Medical Device CE Marking?

9 Comments / CE Marking / By / , , ,

ER Table1 What are the Essential Requirements for Medical Device CE Marking?

The author reviews the essential requirements for medical device CE marking. Common mistakes to avoid, and the proposed EU regulations are also discussed.

Essential Requirements (ERs) are the requirements for safety and performance specified in Annex I of the three medical device directives. ERs are divided into Part I (i.e., – general requirements) and Part II (i.e., – requirements for design and construction). Evidence of conformity must be provided for all general requirements in Part 1 for all devices—regardless of risk classification, design, or construction. The Design and construction requirements in Part 2 may be not applicable, depending upon your device.

When a Notified Body reviews your Technical File or Design Dossier for CE Marking, the auditor must verify that you have addressed each ER. This is typically demonstrated by providing an ER Checklist (ERC). You can find a template for an ERC on the International Medical Device Regulators Forum (IMDRF) website (http://bit.ly/IMDRFDoc) in Appendix A (see example in Figure 1 below) of the GHTF Guidance document explaining the use of a Summary Technical Document (STED) to demonstrate conformity with the principles of safety and performance (http://bit.ly/GHTFSTEDGuidance).

Figure 1 ERC Example What are the Essential Requirements for Medical Device CE Marking?

Figure 1: Example of an ERC

To demonstrate compliance with the ERs, you must provide the following information by filling in the four columns of the ERC:

  1. Applicability to your device,
  2. The method used to demonstrate conformity with the ER,
  3. Reference to the method(s) used, and
  4. Reference to the supporting controlled documents.
Subparts & Common Mistakes

Completing the ERC would be easy if there were only 13 ERs, but eight of the 13 ERs have multiple requirements. For example, ER 13.3 has 14 subparts (i.e., – 13.3a through 13.3n). Each subpart must be addressed when you complete the columns of the ERC table. If any of the parts in ER 7-13 do not apply to your device, you need to provide a justification. For example, ER 11 and its subparts do not apply to devices that do not emit radiation. This justification must be documented in the ERC for each subpart.

When you write your justification for the non-applicability of an ER, you need to be careful to provide a justification for each part of the requirement. For example, there are three sub-parts to ER 7.5. Each part is a separate paragraph, but these are not identified by a letter, as is done in ER 13.3 and 13.6. Instead, each subpart is a separate paragraph. Within those paragraphs, there is further room for confusion. For example, the third paragraph states that if you use Phthalates in a product that is intended for women or children, then you must provide a justification for its use in the technical documentation, in the instructions for use, within information on the residual risks for these patient groups (i.e., –women and children) and, if applicable, on appropriate precautionary measures.

Proposed EU Regulations

The proposed EU Medical Device Regulations (MDR) are organized into Articles and Annexes–just like the current EU Directives, and the ERs will still be the first Annex of the MDR. However, there will be 19 ERs instead of 13. The early reviews of the proposed regulations indicated that there were no significant changes. Still, I have learned the hard way that you should always go to the source and verify the information for yourself. The general organization of the Essential Requirements is still the same. Nevertheless, several significant changes will require providing additional documentation in your Technical File or Design Dossier for CE Marking. Most companies will probably submit a revised ERC to address the new requirements, but you may want to read Medical Device Academy’s review of the new ERs (http://bit.ly/NewERCGap) and prepare accordingly.

Essential Principles Checklists

Health Canada has an Essential Principles checklist (EPC) that is similar to the European ERC, and Australia has a similar document (http://bit.ly/EPCTGA) with only a few minor differences. The Global Harmonized Task Force (GHTF) created an earlier version in 2005 (http://bit.ly/EPSafetyPerf). Health Canada will typically accept your ERC developed for the European Medical Device Directive (MDD), but a gap analysis should be performed against the Australian Regulations.

Now that the ENVI vote has passed (http://bit.ly/ENVIVotepasses), I asked a new consultant working for me to create a template for the new Essential Requirements in the new EU MDR regulations. You can download the MDD ERC Template and the new EU MDR Template. This new template also indicates the items that were recently modified (see the red lines).

What are the Essential Requirements for Medical Device CE Marking? Read More »

What is the IEC 60601 Scope?

18 Comments / IEC 60601 / By / , ,

This blog will help you understand the IEC 60601 scope and to determine if and how the IEC 60601-1 Standard applies to your medical electrical product.  Definitions, third-party testing, etc. discussed.60601 300x274 What is the IEC 60601 Scope?One of the first questions clients ask before a project starts is, “Does this medical electrical product fall under IEC 60601-1?” Another common question clients ask is whether IEC 60601-1 applies to battery-operated medical devices. To answer these questions, we must review and understand the scope (sub-clause 1.1) of IEC 60601-1 to determine if and how the IEC 60601-1 Standard applies to a medical electrical product.

The title of IEC 60601-1:2005 (3rd edition) (http://bit.ly/IEC60601-1) is Medical electrical equipment – Part 1: General requirements for basic safety and essential performance. The IEC 60601-1 Standard itself states, “This…Standard applies to…MEDICAL ELECTRICAL EQUIPMENT and MEDICAL ELECTRICAL SYSTEMS…referred to as ME EQUIPMENT and ME SYSTEMS.”

*Note: ALL CAPITAL LETTERS identifies a defined term for the IEC 60601 series of standards within this blog. “IEC” is an acronym for the International Electrotechnical Commission (http://bit.ly/IECwebsite). IEC is a non-profit, non-governmental international standards organization that prepares and publishes International Standards for all electrical, electronic, and related technologies.

All clause references in this blog are to both IEC 60601-1:2005 (3rd edition) and IEC 60601-1:2005 (3rd edition) + Amendment 1:2012, or the consolidated version IEC 60601-1:2012 (edition 3.1), but the actual text comes from edition 3.1.

Definitions 

The ME EQUIPMENT definition (sub-clause 3.63) is:

“…equipment…

a)    provided with not more than one connection to a particular SUPPLY MAINS, and

b)    intended by its MANUFACTURER to be used:

1)    in the diagnosis, treatment or monitoring of a PATIENT; or

2)    for compensation or alleviation of disease, injury, or disability.”

and “…having an APPLIED PART or transferring energy to or from the PATIENT or detecting such energy transfer to or from the PATIENT….”

Note: The above definition aligns well with the description of medical electrical devices in the European Medical Device Regulation.

From the definition above, we know that a device can have up to one power cord, or be hard-wired to the building’s power by one power line, and/or be battery powered.

We also need to understand the term APPLIED PARTS (sub-clause 3.8): “Part of…ME EQUIPMENT…in NORMAL USE necessarily comes into physical contact with the PATIENT for…” the device “…to perform its function.” Classification of the different types of APPLIED PARTS and other classifications (there are eight different classification criteria in the IEC 60601 Standard) need to be completed early in the process of setting up a test plan for design verification to determine the applicable testing requirements, and to develop an appropriate test plan.

Examples within Scope of IEC 60601-1:2005

Examples of electrical medical products fitting the definition above are broad and include battery-operated thermometers, gamma imaging systems, endoscopic cameras, and infusion pumps. IEC 60601-1 may also apply to many ACCESSORIES (sub-clause 3.3) used with ME EQUIPMENT.

Examples not within Scope of IEC 60601-1:2005

The scope of IEC 60601-1 also identifies which devices are not included in the IEC 60601 series:

  • “in vitro-diagnostic equipment…IEC 61010 series;
  • implantable parts of active implantable(s) … ISO 14708 series…;
  • medical gas pipeline systems…ISO 7396-1…”
IEC 60601 & ISO 13485

Design verification must confirm that design outputs (i.e., – product specifications) meet design inputs (e.g., – product must meet IEC 60601-1 requirements).

Many projects don’t identify all the applicable IEC 60601 standards. This could cause multiple nonconformances during an audit by the national regulatory body (i.e., FDA, EU Notified Body), or that you don’t obtain approval to sell and distribute your device from the national regulatory body.

A test plan, with multiple test protocols, is developed from the product specification. This test plan should identify all the requirements of the IEC 60601 series of standards, in addition to any other applicable standards and regulations that apply to the device before performing device testing.

Third-Party Testing

IEC testing can be performed by a third-party test house (i.e., – a safety certification agency, such as a UL, CSA, TÜV SÜD),  an independent test lab (i.e. Medical Equipment Compliance Association), or the manufacturer can conduct the testing if they have the proper equipment, trained personnel and a good understanding (i.e., – used the Standard on several projects, and successfully tested previous similar electrical medical device(s) by a third-party test lab, and been approved by a national regulatory body) of the Standard (s).

Design verification reports generated from the test process are either the applicable IEC 60601, and IEC 80601 series of standards test report forms or the manufacturer’s generated test reports.

If your company needs help with IEC 60601-1 gap analysis, preparation of the risk management file for the third edition, or training on the Standard, please contact Leo Eisner. We are also developing a webinar series on IEC 60601-1, 3rd edition.

What is the IEC 60601 Scope? Read More »

Scroll to Top