We will cover:
• Overview of proposed changes to ISO 13485:201X, MDSAP
• New EU regulations and unannounced audits
• New directions for QMS and regulatory audits
Presenter:
This webinar will be presented by Danny Kroo, the founder and principal consultant at Docusys Corporation.
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
PECB Webinar: Proposed changes for medical device quality management systems and regulatory requirements
1. MEDICAL DEVICES QMS &
REGULATORY REQUIREMENTS-
PROPOSED CHANGES
BY DANNY KROO
DOCUSYS CORPORATION
docusysco@gmail.com
Copyright Docusys Corporation 2015
2. BRIEF DISCUSSION ON PROPOSED CHANGES
ISO 13485:201X
MEDICAL DEVICE SINGLE AUDIT PROGRAM
EUROPEAN REQUIREMENTS
UNANNOUNCED VISITS
AGENDA
Copyright Docusys Corporation 2015
3. DANNY KROO
President of Docusys Corporation
Established in 1994
Provide medical device quality and regulatory
consulting services.
Medical Device Lead Assessor qualified for ISO 13485,
CMDCAS, MDD, IVD, FDA, JPAL
INTRODUCTION
Copyright Docusys Corporation 2015
4. Establish simple and cost effective systems for
customers
Simple systems easier to maintain
Advantage of being a lead assessor for a major
notified body and registrar
OBJECTIVE
Copyright Docusys Corporation 2015
6. Why Changes?
Stakeholders such as regulatory bodies, consumers
demand improvements in safety & effectiveness
New technologies- APPS
Incidents where system has failed- PIP – breast
implant issue
Could these incidents have been avoided?
Changes
Copyright Docusys Corporation 2015
7. Medical device quality management system
Last major change was in 2003
ISO 13485:201X
Copyright Docusys Corporation 2015
8. ISO TC 210 WG 1 is working on new version
Meeting took place in London, England- August 25-27
Meeting dealt with internal comments from working
group
Revised draft will be circulated to WG1 members
Anticipate that FDIS will be voted on in late 2015 and
standard released in 2016.
Current status of ISO 13485:201X
Copyright Docusys Corporation 2015
9. ISO 13485:201X will not follow the High-Level
structure requirement (Annex SL) now applicable to
all Management System Standards ( ISO 9001)
There may be an issue with alignment of ISO 13485
and ISO 9001 for some clients that have certification
to the 2 new standards.
ISO 13485 will maintain the current numbering system
and structure.
Summary of proposed changes
Copyright Docusys Corporation 2015
10. More emphasis on risk management
More emphasis on product lice cycle management
Additional definitions (i.e. Clinical evaluation, distributor,
importer, risk management…)
Clause 4.1.5 now requires written supplier agreements, and
control of outsourced processes must be risk-based.
Clause 4.2.1.2 requires you to create and maintain a
technical file for products and product families
Clause 4.2.4 requires that patient records are maintained
as confidential records.
Summary of proposed changes
Copyright Docusys Corporation 2015
11. Clause 5.6-include complaint-handling trends as an
input to your management review inputs
Outputs must include changes needed to the quality
system in order to address new and revised
regulatory requirements
Summary of proposed changes
Copyright Docusys Corporation 2015
12. Clauses 6.3 –Infrastructure-Procedures required for
product
Summary of proposed changes
Copyright Docusys Corporation 2015
13. Throughout Clause 7 there are new references to
software
Design-adding Design Transfer as Clause 7.3.8 and the
requirement for a Design and Development File (i.e.,
DHF) as Clause 7.3.10
Purchasing-strengthen supplier controls and make
them risk-based.
Summary of proposed changes
Copyright Docusys Corporation 2015
14. UDI labeling was added as Clause 7.5.3.1
Clause 8.2.1 related to “Feedback” is now a formal input to
the risk management process
The requirement for complaint handling was added as
Clause 8.2.1.2.1
Section with requirements for control of nonconforming
product (i.e., Clause 8.3) was split into four subsections
with new requirements for nonconforming product that
has already been shipped
Summary of proposed changes
Copyright Docusys Corporation 2015
15. Added two new data analysis requirements for audits
and service reports.
Summary of proposed changes
Copyright Docusys Corporation 2015
16. What is MDSAP?
Developed by a group of medical device regulators to
allow recognized third-party auditors to conduct a
single audit of a medical device manufacturer that will
cover ISO 13485:2003 and their respective regulatory
requirements
Benefits organizations selling to multiple jurisdictions
One audit instead of multiple audits
Medical Device Single Audit Program
Copyright Docusys Corporation 2015
17. Audit based on ISO 13485 by an approved Auditing
Organization and shall include as applicable,
requirements from Health Canada, US FDA, ANVISA
Brazil, Australia TGA and Japan MHLW and PMDA
Based on a three year cycle
In pilot stage
MDSAP
Copyright Docusys Corporation 2015
18. To enable the appropriate regulatory oversight of medical
device manufacturers’ quality management systems while
minimizing regulatory burden on industry.
• To promote, in the longer term, greater alignment of
regulatory approaches and technical requirements globally
based on international standards and best practices
To promote more efficient and flexible use of regulatory
resources through work-sharing and mutual acceptance
among regulators while respecting the sovereignty of each
authority.
MDSAP OBJECTIVES
Copyright Docusys Corporation 2015
19. Standardized Rating System for Manufacturer Audit
Findings
Standardized Rating System for Recognized Auditing
Organization
Assessment Findings
MDSAP Quality Management System
MDSAP Standardization
Copyright Docusys Corporation 2015
20. Special Audits, Audits Conducted by Regulatory
Authorities, and Unannounced Audits are
extraordinary audits that may occur at any time
within the audit cycle
Grading of Nonconformities- minor, major
Unannounced audits to close down major NCs
MDSAP audit reports are being sent to all regulators.
MDSAP
Copyright Docusys Corporation 2015
21. The participating regulatory authorities hope to achieve
more consistency among the auditing organizations.
By following the MDSAP Audit Model:
Audits performed for MDSAP will be conducted in a
consistent manner across auditing organizations.
Audits will be conducted logically and efficiently, with
attention to the interactions between processes.
Auditors will be able to determine whether systemic
quality management system nonconformities are present.
Benefits of MDSAP
Copyright Docusys Corporation 2015
22. Current EU Medical Devices Directives will soon be
replaced by a new Regulation.
Expected to be adopted and published within 12 months
with implementation from 2015 to 2018.
Significant impacts on clinical, biocompatibility, preclinical
performance and other technical requirements.
For IVDs, it is uncertain whether the transition period will
be 3 or 5 years, meaning that the final implementation date
could be 2018 or 2020.
EU Medical Directives
Copyright Docusys Corporation 2015
23. Scandals such as PIP scandal and metal-on-metal hip
joints caught the attention of the EU public at large
on the safety management of medical devices.
European Parliament issued a Resolution in June 2012,
which called for stricter approval rules for Notified
Bodies, stronger requirements for preclinical and
clinical evaluation of medical devices and mandated
unannounced inspections of medical device
manufacturers.
EU Medical Directives
Copyright Docusys Corporation 2015
24. Changes are described in the EU Commission
proposed IVD and Medical Device regulations dated
September 26, 2012 and Parliament’s IVD and Medical
Device amendments on October 22, 2013
Copyright Docusys Corporation 2015
EU Medical Directives
25. The European Commission will be able to review
recommendations for CE Marking prior to approval
(i.e., the scrutiny process).
The European Commission’s ability to create common
technical specifications (CTS) will be expanded to all
devices.
Only newly created Special Notified Bodies will be
able to issue CE Certificates for high-risk devices such
as implants.
EU Medical Directives
Copyright Docusys Corporation 2015
26. Notified Bodies will be audited for compliance with
the new regulations jointly by Competent Authorities.
Until 2013, audits of Notified Bodies were performed
only by the Competent Authority from the member
state in which the Notified Body is located.
Copyright Docusys Corporation 2015
EU Medical Directives
27. Manufacturers will be subject to unannounced audits by Notified
Bodies.
Spinal implants, devices that control and monitor active implants,
nanomaterials, apheresis machines, and combination products will
be reclassified as Class III devices requiring technical documentation
known as a design dossier.
Most in vitro diagnostics (IVDs) will require Notified Body
involvement.
A Unique Device Identification (UDI) system will be required for
labeling, and the European Databank on Medical Devices (Eudamed)
will be expanded.
Formatting of declarations of conformity and technical files will be
revised.
EU Medical Directives
Copyright Docusys Corporation 2015
28. Notified Bodies are challenging clinical evidence not only
for new higher risk class III and IIa devices but also existing
devices that have been CE Marked since the inception of
the Directives, even those that are lower risk class IIa and I
sterile/measuring devices.
Pressure has been applied to Notified Bodies and
Competent Authorities that are charged with designating
and oversight of the Notified Bodies in the member
countries. Information about the performance of Notified
Bodies was published on June 17, 2014 in a
document “Commission Staff Working Document”
Impact of changes
Copyright Docusys Corporation 2015
29. Audits of several Notified Bodies conducted from
February 2013 to May 2014 revealed weaknesses
among some of them and also for one of the
Competent Authorities. There are fewer Notified
Bodies than there were a few years ago, and the ones
that remain are much more vigilant.
Copyright Docusys Corporation 2015
Impact of changes
30. Unannounced audits have become more common
since the Commission Recommendation on Notified
Body audits of September 24, 2013, which clarifies the
authority of Notified Bodies to carry out
unannounced audits of medical device
manufacturers. Until now, the EU regulatory system
enabled Europeans access to innovative medical
technologies earlier than Americans; not anymore.
Impact of changes
Copyright Docusys Corporation 2015
31. Dedicated personnel and action plan
Securing Regulatory Affairs resources: “Qualified Person”
+ new resources for additional work
Check that they have selected the right Notified Body
Increased internal and external training to ensure full
compliance to the more stringent requirements including
those related to material safety (i.e., biocompatibility and
clinical data
Prepare for higher costs for the overall assessments and
submission fees
What should manufacturers plan
for?
Copyright Docusys Corporation 2015
32. Prepare for longer review times for all devices, especially
class III devices, class IIb implantable devices and novel
devices
Review clinical data evaluation – get prepared for clinical
investigations for certain device types; specifically Class II
and implantable Class IIb devices
Updating Technical Files to meet the more rigorous
requirements by the implementation date
Establish SOPs (Standard Operating Procedures) and
training for handling unannounced Notified Body
inspections of themselves and critical suppliers
What should manufacturers plan
for?
Copyright Docusys Corporation 2015
34. European medical device regulations are undergoing
many significant changes that will impact
manufacturers, suppliers, and Notified Bodies. One
major and immediate change is the EU Commission
requirement for Notified Bodies to conduct
unannounced audits on manufacturers of CE marked
products.
PIP scandal
UNANNOUNCED VISITS
Copyright Docusys Corporation 2015
35. Frequency- at least once every three years, and this
frequency will need to be increased should the
devices be considered a high risk.
Must be unpredictable and without prior notice, so
there will be no communication with your company
prior to the audit.
The Notified Body auditors will present themselves at
your premises, and the company must provide
immediate and unrestricted access.
Unannounced Audits Process
Copyright Docusys Corporation 2015
36. Access to your critical sub-contractors and crucial
suppliers by the Notified Body may also be required,
Subject to identical requirements, in situations where
this is likely to provide more effective control by the
Notified Body. This right of access will need to be
covered in your contracts with these suppliers.
Unannounced Audits Process
Copyright Docusys Corporation 2015
37. Auditors arrive without notice.
Focus is usually related to manufacturing ( inspection
and test), control of suppliers and technical files
Auditors decide on following an audit trail
UNANNOUNCED AUDITS
Copyright Docusys Corporation 2015
38. Recommend training and procedure for key personnel
such as reception, top management and QA to
understand the requirements and the process
Update contracts with key suppliers to include a
provision for unannounced visits.
UNANNOUNCED AUDITS
Copyright Docusys Corporation 2015