Sunday, May 12, 2024

 APQP - Advanced Product Quality Planning

APQP had its start with the auto industry (1980s).  Some of its basic principles are taken from ISO 9001, QS 9000, and IATF 16949 (International Automotive Task Force).  Its goal is to provide a guide to assist sharing of development and other key data between suppliers and automotive companies to meet "customer" requirements and support continuous improvement .  Focus is on design, specification compliance, production processes, QC, process capability, product testing  and training.  Obviously compatible with ISO 13485 for the US and EU / Asia.  APQP tools include the 8Ds, SPC, FMEA, 6 Sigma, GR&R+, V&V, design reviews, and similar (see also the US FDA Production and Process Control for devices, pharma, combination devices).  

Some are promoting key elements of APAP for the medical device industry. As you can see by the above, the key elements are already in the US QSR and new QMSR, as well as Europe's MDR / ISO 13485 (and now with the US as well).

Wednesday, March 27, 2024

 eSTAR 510(k) Submission Elements / Templates:

   Submission Type
   Cover Letter / Letters of Reference 
   Applicant Information 
   Pre-Submission Correspondence and Previous Regulator Interaction 
   Consensus Standards
   Device Description
   Proposed Indications for Use (Form FDA 3881)
   Predicates and Substantial Equivalence (includes matrix and discussion)
   Design / Special Controls, Health Risks, and Mitigations (special 
    510(k) only)
   Labeling (labels, IFUs) 
   Shelf Life
   Software / Firmware
   Cybersecurity / Interoperability
   EMC, Electrical, Mechanical, Wireless and Thermal Safety
   Performance Testing
   References (literature, if any)
   Administrative Documentation, e.g., executive summary (recommended), a Truthful and Accuracy   
   Statement, and a 510(k) Summary or Statement) 
   Amendment / Additional Information response (responses to Additional Information requests).\

  Note:  The US 510(k), IDE, De Novo, PMA submission is similar to the EU Technical Document  
  File, in basic content and purpose (proof of meeting regulatory marketing requirements).  


Tuesday, February 6, 2024

 The New QMSR, the CGMPs for Devices

Consists of:

  • ISO 13485:2016, included in its entirety by reference in  revised 21 CFR 820;
  • ISO 9000:2015, clause 3 (definitions), included by by reference in 820;
  • "Read only" copies of both the above are available on the web - addresses provided in the QMSR;
  • Most of previous 21 CFR 820, including all of C-0 subparts, have been removed and reserved;
  • New Subparts A and B comprise the rest of the QMSR, 21 CFR 820.
  • The FDA has stated they are not changing the scope of the QSR in the new QMSR.  So read ISO 13485 as if it includes all of the old QSR in general.  Areas of special emphasis are in the new QMSR / 820 subparts (to address the pertinent requirements of the US' FD&C Act not fully addressed in ISO 13485). 
  • Basic changes are in some changes to definitions, the elimination of FDA's past policy of not reviewing a company's internal audits, quality reviews, vendor audits, increased emphasis on labeling beyond ISO 13485.  
  • ISO 13485's emphasis on risk management to be ISO 14971's definition: to patient, to user/clinician, to use environment plus compliance risk.
  • Corresponding changes to QSIT and applicable guidance documents and 21 CFR 4, Combination Products, will be made.
  • Until a company completes the change, they will be required to follow and be inspected to the the old QSR. 
  • FDA has settled on a two year transition period, until 02/02/2026.
The change will require a rewrite of a company's Quality Manual and QMS SOPs, primarily in terminology and reference citations, not in the specific functions addressed. Training in the same will also be necessary.



Eliminated a typo on Subpart B and added reference to the US' Food, Drug and Cosmetic (FD&C Act). - JEL 05/01/2024 

Wednesday, January 31, 2024

I just received an FDA announcement that the new QMSR (21 CFR 820) which incorporates ISO 13485 by reference, is now, as of February 02, 2024 (when published in the Federal Register), in effect, replacing the previous version of 21 CFR 820, the QSR.  Companies have two years to complete the changeover.  Until changed, a company is responsible to be in compliance to the older QSR.  The Quality Manual, SOPs, terminology, a Device Risk Management File and QMS addressing patient safety / risk needs to be in place. This has always been required but now it's emphasized.

"FDA Issues Quality Management System Regulation: Final Rule Amending the Quality System Regulation

To ensure medical devices on the market are safe, effective, and of good quality, the U.S. Food and Drug Administration (FDA) issued the Quality Management System Regulation (QMSR) Final Rule.

The QMSR rule emphasizes risk management activities and risk-based decision making and aims to reduce regulatory burdens on device manufacturers and importers by harmonizing domestic and international requirements.

The rule amends the current good manufacturing practice requirements of the Quality System regulation in 21 CFR 820.

“This final rule is the latest action taken by the FDA to promote global harmonization in device regulation to help assure that patients and providers have timely and continued access to safe, effective, and high-quality medical devices both at home and abroad,” said Jeff Shuren, M.D., J.D., director of the FDA's Center for Devices and Radiological Health. “By harmonizing key areas of a medical device manufacturer’s quality management system with the international standard, the FDA is streamlining actions device manufacturers must take to meet requirements by multiple regulatory authorities.”

Device manufacturers and importers will have two years to modify their Quality Systems to meet the requirements of the QMSR rule by February 2, 2026. Until then, manufacturers are required to comply with the existing Quality System regulation."



Tuesday, January 23, 2024

Start addressing the proposed FDA device QMSR now

Device risk is going to have major emphasis in the revised 21 CFR 820 (currently it's only mentioned casually under Design Control, 820.30) which will include ISO 13485 by reference, and add consideration of ISO 14971 Device Risk Management to it to further flesh out 820.  ISO 14971 defines risk as 1) patient, 2) user / clinician, 3) use environment safety, not financial, scheduling, compliance risk, et al.  ISO 14971 requires a device risk management file, and risk incorporated throughout a company's QMS.  While I have emphasized such risk management since 2003 -- when I was called to assist a company that had 3 FDA inspectors on site for several months overseeing the company generate risk management files and resolve outstanding CAPA files with complete Failure Investigation and Root Cause Analysis documentation, reviewing every completed document prior to allowing it to be added to the company's CGMP documentation / records.

Incidentally, the FDA includes cybersecurity issues as a part of patient safety, if systems affecting the patient are, or can be, networked.

The Device Risk Management File format the Agency approved was similar to the following (one file for each device 'family'):

1.  Narrative:  Device background / description, use environment, team (including a relevant clinician), assumptions, and similar;

2.  Hazard List (basic use hazards and severity to patient);

3.  Fault Tree Analysis (expanding upon the Hazard List);

4.  FMECA's:  Design-, Process-, and Use-FMECAs (also expanding upon the Hazard List);

5.  Problems from "Normal" use  (added later to address the one problem with FTA,       FMEA, and FMECAs being only focused on "Failures" causing problems. Note:       14971 requires that "Control" be included under "Probability" in any final version       of a FMECA (RPN = S x P (including C)). 

6.  Final "Report" / discussion of residual risk, and the Benefit / Risk analysis /               statement. 

Not only did this format pass the inspection of those three inspectors back in 2003, but it has since passed numerous FDA inspections, Notified Body audits, 510(k) and IDE submissions, 483 / Warning Letters' remediation's (with companies in the US, EU, and Asia) since then. 

Get a jump on the upcoming Device CGMP changes, and be in compliance now, by addressing your risk management files now.

Also, SOPs(and the QM) should start including not only references to the 820 regulation (in general), but also specific references to the appropriate ISO 13485:2016 citation(s).  I've been doing this for many years already for my clients. 


 Project Management

  • For most projects, I use a Gantt Chart. But I never work off "% complete" - too vague. I break the project down into discrete deliverables (milestones) and the steps necessary to achieve that deliverable (tasks). E.g., a part spec, an SOP, an equipment installation and validation, and so on., which are easier to evaluate as to completion. The more unfamiliar I am with the project, the more discrete milestones I include. With inspection resolution, each observation is it's own deliverable / milestone. When I have parallel activities to track, I supplement the Gantt (day-to-day management) with a network diagram (CPM, PERT) which is infrequently updated, to show the parallel activities and the critical path. --

Tuesday, December 5, 2023

A question on prototype devices:


My company is a small startup  We want to get proceed into certifications and regulatory approval using a “production equivalent prototype”. This prototype is identical in design to our planned production model (equivalent design controls), however the materials and manufacturing methods of a few of the external enclosure parts will be different. We need to do this because we don’t have the funding to create production molds for these parts and we would rather use cheaper methods/materials to get through regulatory before we invest huge sums of money into production.
My question for you is: If we take this approach and use the pre-production materials for completing regulatory approval do you think we will need submit another 510k when we want to move into higher volume production in the future? We plan on providing test data showing the enclosure still passes 60601-1 (we will get another report done through our test lab), provide data showing performance of clinical function is within tolerance to the production prototype and justify that the production method/materials are better controlled and higher preforming than the production equivalent prototype?
 ANS:  By certification, I assume the product is to be sold outside the US and you have to hire a Notified-Body to certify your QMS, some inspections in manufacturing and your Technical File.  The  US FDA has a registration process.  All have fees associated with them.
The FDA specifically requires that the product tested for regulatory submission be equivalent to what will be sold, e.g., Design Control 21 CFR 820.30, under (g) Design validation - "shall include testing of production units under actual or simulated use conditions." 
Changes in material (and resulting electrical characteristics, biocompatibility issues, etc.), IF they impact safety and effectiveness, require a new 510(k); if validation data shows no new impacts on S and E (see the two Guidance Documents on changes to devices having a 510(k) requiring submitting a new 510(k)) then the test data would be sufficient (retained in your device's DHF, subject to FDA inspection) and no new 510(k) would be required.
Your proposed method carries a high degree of risk on the surface, and its success would be dependent upon solid test / verification and validation data showing at least equivalence if not some superiority. However, since this is an enclosure there would be less safety issues, I'd assume. However, companies do occasionally use short life tooling initially for molded parts, changing to more expensive and durable tooling as market acceptance increases, and usually validation is sufficient to address the S&E issues. 
QUES:  I think we can justify that the initial device tested for regulatory submission can be considered a “production unit” but it would only be feasible for small scale initial production runs. If our product were to build up demand, we would need to switch to an injected part. We hoped we could do this with an engineering design change with additional, testing, data and documentation as I described below. We would want to avoid having to submit another 510k if we did need to make this modification, but I really can’t see how we would reduce S&E with this change.  The high production unit parts would be stronger, have a more controlled production method and have more examples of successful biocompatibility assessments, therefore I think there is little risk that the test data shows a reduction.
My main concern is that FDA would see the production method change and have an issue with that aspect of this design change. Let me know what you think.
ANS: If the only change is from limited tooling to high-volume tooling, it's not an issue.  If the change is from thermo forming or similiar to high volume injection molding that should not be an issue that can't be addressed by robust V&V.  If that change is coupled with a material change then this is the area of major concern, but can usually be addressed with all necessary test data showing same or better resolution of S&E with the injection molded part.  Those two Guidance Documents on changes and the 510(k) do allow for good QSR / V&V data to address the S&E, possibly eliminating the need for a new 510(k) (S&E is what an FDA review of a 510(k) focuses on).