ISO – International Organization for Standardization, is the international, non-governmental body for drafting and establishing technical and non-technical standards. These standards are developed by different committees within the ISO. Having around 165 member states, with one representative from each, ISO is a global entity catering to the needs of industry requirements.
Are ISO standards important?
The ISO medical device standards are the Bible for many countries, especially ones which do not have predefined regulations or processes. For regulated countries, in addition to their respective regulations and guidance, ISO standards are also preferred. The most popularly referred ISO standard is the ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes. In addition to general standards, ISO also publishes product-specific guidance such as for Implants, Orthopedic, Medical Electric Equipment, and many more.
Global ISO Requirements
In Europe, the European Commission has the Medical Device Regulation MDR 2017/745 and In-vitro Diagnostic Device Regulation IVDR 2017/746. These regulations provide a detailed framework for introducing a medical device in the European market. However, in addition to that, certain ISO standards may also be referred to for ensuring a better-quality product. Some of the many popularly used standards include:
ISO 14971:2019 Medical Devices – Application of Risk Management to medical devices
ISO 15223-1:2021 Medical devices – Symbols to be used with information to be supplied by the manufacturer – Part 1: General requirements
IEC 60601-2-83 Medical electrical equipment – Part 2-83: Particular requirements for the basic safety and essential performance of home light therapy equipment
IEC 60601-1 Medical electrical equipment – Part 1: General requirements for basic safety and essential performance
The European Commission also has Harmonized Standards, developed by European Standards Organization CEN, CENELEC, or ETSI, per the international standards. It provides a list of the applicable harmonized standards for enhanced product safety and quality.
In the USA, the US Food and Drug Administration (FDA) has a Code of Federal Regulations (CFR) and Guidance.
CFRs are legally binding. Manufacturers must comply with the requirements of CFR
The guidance provides Agency’s thinking on regulatory issues. They are NOT legally binding
In addition to these, the FDA also accepts certain recognized consensus standards from different organizations such as ISO, CLSI, ANSI, IEC, CEN, etc. These standards may be used to justify a Declaration of Conformity for a product. The widely accepted medical device ISO standards are, but are not limited to:
ISO 10993 – Biological Evaluation for Medical Devices
ISO 14160 – Sterilization of Healthcare Products
ISO 11737 – Sterilization of Medical Devices
In Canada, the Standards Council of Canada (SCC) is the ISO member body. Similar to the US FDA, the Therapeutic Products Directorate (TPD) of Health Canada periodically releases a list of acceptable international or national standards for medical devices. Manufacturers can use these recognized standards in conjunction with the Health Canada’s Medical Devices Regulations (SOR-98/282) and the Guidance Documents, to prove product conformity and safe use in the market.
China‘s National Medical Products Administration (NMPA) is developing indigenous standards that more closely align with those of ISO. Biocompatibility testing is one avenue where the scope and requirements for China are more than that of the US/EU. Hence, NMPA has developed various biocompatibility testing standards which are to be used in addition to the ISO standard.
For the rest of the world’s medical device industry,
India encourages ISO certification for all its industries. The medical sector must be ISO 13485 compliant while the pharmaceutical sector must be ISO 9001 compliant for Quality Management Systems, in addition to other relevant and applicable ISO standards.
Japan’s The Japanese Industrial Standards Committee (JISC) is an ISO member body. The regulatory authority, Pharmaceutical and Medical Device Agency (PMDA) revised its Ordinance No. 169 in 2021 to closely align with the ISO 13485:2016 standard. The transition period is 3 years and must comply by March 25, 2024
For the Korean regulatory authority, aligning the requirements of Korean Good Manufacturing Practice (GMP) to that of ISO 13485:2016 is believed to be a step closer to entering the Medical Device Single Audit Program (MDSAP)
Russia’s Federal Service for Surveillance in Healthcare (Roszdravnadzor) is known to accept ISO 13485:2016 certification. Information on acceptance of other ISO standards cannot be confirmed. It does not accept market approvals in the US, EU, or other countries as a reference for market authorization in Russia
Australia’s Standard Australia is a member of the ISO, IEC, and ICSID. It strongly encourages the use of international standards, except where their use is ineffective or inappropriate and does not develop any national Australian standard for which there is already an international standard in existence. In 2019, TGA published Therapeutic Goods (Conformity Assessment Standard for Quality Management Systems) Order 2019which provides a list of applicable conformity assessment standards.
Brazil’s ANVISA accepts Good Manufacturing Practices (GMP) along with the ISO 13485
Can QMS be established solely based on ISO standards?
For countries that do not have their own QMS regulations, the ISO standard can be used as a reference. For countries with established local regulations, and that accepts ISO, both ISO standard and local/national regulations must be considered.
Are ISO standards freely available?
No. ISO standards are available for purchase from the ISO official website. However, they do have FREE read-only formats available.
Comparing ISO standards to local regulations, which one takes precedence?
The local or national regulation always takes precedence over the ISO standard.
Can the manufacturer use an older version of an ISO standard for compliance?
No. Manufacturers must make sure they comply with the active or most recent version of the ISO standard. This is not restricted just to ISO standards but applies to National regulations too. Manufacturers must keep their QMS up to date with the latest requirements of the industry. The ideal way to be updated is to refer to the latest version of any Standard or Regulation.
“Corrective action” is the immediate address of an issue, whereas
“Preventive action” is addressed to reduce or stop the recurrence of the same error from happening again.
What is a CAPA?
Corrective And Preventive Action (CAPA) consists of a system of procedures to help improvise the non-conformances, undesirable outcomes and even field safety corrective actions of an organisation. CAPA must include the following steps:
Identify the immediate corrections to be taken
Implementation of corrective actions
Implementation of preventive action
Appropriate methods to evaluate the effectiveness
CAPA is a time-bound activity.
CAPA requirements for US FDA
In the US, the Title 21 CFR part 800-898 governs medical devices. The regulations contain CAPA reports that must meet specific FDA standards. All CAPA reports must be stored in a centralised database. This ensures that all quality staff are aware of the problem and can take appropriate action. A designated individual inside the organisation must also examine and approve CAPA reports. Furthermore, all CAPA reports must be available to the FDA upon request.
This article discusses the CAPA requirements in the US for one of the essential topics, Medical Device Reporting. Medical device reporting is any serious event caused by the medical device that results in serious injury or even death of a patient. To get a detailed insight on the topic, read our Field Safety Corrective Action (FSCA) – US FDA article.
In Europe, ISO standards are widely accepted. ISO 13485, an ISO standard that concerns medical devices, also sets forth the requirements of CAPA in QMS for every manufacturer. Below is an overview of the various titles under ISO 13485 relevant to CAPA.
The most crucial section in ISO 13485 is Clause 8, which contains guidance on monitoring and measurement of the effectiveness of the QMS in place.
The flowchart below summarises the processes in Corrective and Preventive Action.
ISO 13485:2016 Clause 8.5.2 & 8.5.3 requires documented evidence as stated below for a CAPA:
Determining the cause of non-conformities
Evaluate the need for action to ensure non-conformities do not re-occur
Plan and document the actions and implement the actions appropriately
Verify the action taken does not adversely affect the ability to meet the applicable regulatory requirements or safety and performance
Analyse the effectiveness of the corrective and preventive actions taken
Preventive actions to be proportionate to the effects of potential problems
Evaluating the need for action to prevent the occurrence of non-conformities
Why is CAPA necessary?
CAPA must address the issues that a medical device manufacturer may encounter. Issues like non-conformance (NC), customer complaints and any internal errors. It provides a structured process for analysing the causes of these issues and taking a step-by-step corrective action.
What is a CAPA report?
CAPA report is initiated because of non-conformances (NC), client complaints or any recurrent errors. In the case of NCs, the CAPA report addresses major and minor NCs and Opportunities for Improvement (OFIs). The CAPA report owner is the person responsible for the creation of the CAPA plan. In turn, the CAPA owner is also responsible for implementing the corrective actions within the prescribed deadlines mentioned in the report. Internal or external auditors review CAPA, which tracks effectiveness checks.
How does CAPA integrate with Quality Management?
A CAPA is followed to address critical issues raised from various defects in the process, such as Process failures Non-conformances Customer complaints R&D observations Field adverse event reports Product failures, etc.,
A CAPA impacts Management Review decisions, Design controls, Change management, Supplier management, Field issue resolutions, Regulatory compliance impact and others.
The FDA 510(K) Pre-market notification submission as per 21 CFR 807 Subpart E is to be adopted by manufacturers to receive FDA clearance to market medical devices or for commercial distribution in the U.S. This review is done by FDA’s Centre for Devices and Radiological Health (CDRH). A 510(K) submission allows medical devices to be “FDA Cleared” and not FDA Approved.
The route to 510(K) must be carefully investigated by the manufacturer through a step-by-step process which allows determining if the regulatory pathway chosen for the Medical Device’s FDA access is in the right direction.
Step: 01 Decision Criteria Checklist
The assessment checklist helps the manufacturer to arrive at a decision if they are eligible or fall under the rules to submit an FDA 510(K) application.
510(K) Submission required?
Are you a domestic manufacturer willing to commercially distribute your product in the U.S?
Are you developing specifications for a Finished device and you have an external firm/contractor who manufactures the device based on your specifications?
Are you a repacker or re-labeller who makes significant changes to the device operations such as changing label contents/warnings/safety signs / operating conditions to the original device label prior to sale to the market?
Are you a foreign manufacturer?
Are you making changes to an existing 510(K) cleared finished device where the changes could significantly affect the device’s safety and effectiveness?
Are you making changes to the intended use of the medical device?
Do you manufacture accessories for a medical device that are sold directly to the end-user as replaceable/serviceable parts?
Do you sell unfinished devices or components to another firm that places the Finished device for sale using your components in their device?
Are you willing to introduce your finished devices for clinical trials only to the market? (this means you are only subjecting your device for clinical trials and not commercially distributing them)
Are you acting the role of a distributor for a domestically manufactured device by affixing only labels indicating “distributor” or “manufacturer” details?
Are you an “Importer” who is willing to import a foreign manufactured device and that device has already been 510(K) cleared?
Is your device either Class I or Class II and falls under the Medical Device Exemptions 510(K) and GMP requirements of the FDA?
Step: 02 Device Classification
The next step toward submission is to verify how the medical device is classified under the FDA classification regulations. There are different generic types of devices identified by the FDA and placed under 3 categories of regulatory classes based on the risk posed by the medical device and the level of controls necessary for the safety and effectiveness of the device.
Class I Devices Low-Risk Devices – General Controls
The above states that certain class I low-risk devices are exempted from the “General Controls”.
Class II Devices Moderately Risk Devices – General Controls and Special Controls
The above states that certain class II devices are exempted while others fall under the provisions of “General and Special Controls”.
Class III Devices High-Risk Devices – General Controls and Pre-market Approvals
Step: 03 Determine if your device is Substantially Equivalent to a Predicate Device
510(K) submission is applicable only for devices that can claim Substantial Equivalence (SE) to a predicate device. Below flowchart is an illustration that helps to clearly understand the decision route:
“SE” – Substantial Equivalent
“NSE” – Non-Substantial Equivalent
Multiple Predicate Devices
In certain cases, the manufacturer may identify more than one predicate device i.e., multiple predicates. In such cases, the primary predicate refers to the one that is most similar to the below factors:
Indications for use
The manufacturer is recommended to identify the most appropriate primary predicate device with a well-supported decision document.
Supporting Documents to Claim Substantial Equivalence
The following are required by the manufacturer but not limited to, while demonstrating the most appropriate predicate device and that the new device to be submitted for 510(K) is a substantial equivalent to a predicate device.
Indications for Use
Technological Characteristics (similarities, differences and whether the differences pose different questions on safety and effectiveness)
Performance data to support substantial equivalence (biocompatibility testing, Electrical safety and Electromagnetic Compatibility, Software verification and validation testing, mechanical testing, clinical study, animal study, if applicable)
A declaration of conformity to recognised standards applicable to the medical device
Refer to the Section 807.92 content and format of a 510(K) summary.
Step: 04 Determine the Type of 510(K) Submission
Within the 510(K) applications, there are 3 categories of submissions as discussed below
Type of 510(K) applicable
To introduce a new medical device into the market which has a predicate device available
If a manufacturer introduces changes introduced to the device that is already existing in the market and has obtained a 510(K) clearance
If submission relies on FDA guidance documents voluntary consensus standard demonstration of compliance with special controls for the device type
Step: 05 The 510(K) Submission Process
Step:5.1FORM FDA 3601 Medical Device User Fee Cover Sheet
Take a printed copy of this user fee cover sheet. This could be the first page of the 510(K).
Step:5.2FORM FDA 3514 CDRH PREMARKET REVIEW SUBMISSION COVER SHEET
Download form FDA 3514 pdf. This form captures detailed information required for the different types of submissions.
A cover letter and/or the FDA Form 3514 should follow the User fee cover sheet. If FDA Form 3514 is not affixed, then the cover letter should contain all the elements relevant to the submission contained in Form 3514. This will expedite the processing time.
Step:5.3 510(K) Submission Acknowledgement receipt by FDA
If a valid eCopy and a proper user fee has been paid Acknowledgment Letter get received from DCC through email. If the proper fee and a valid eCopy are submitted by the holder, then the holder receives an acknowledgement letter from the DCC through an email. The following are identified by the Acknowledgement Letter:
Receipt’s date (the date that FDA received the 510(k) submission, an eCopy and the proper user fee payment);
The receipt’s date (this is the day that 510(k) submission was received by FDA, valid eCopy, and proper user fee payment); and 510(k) number
Step: 5.4 Document Contents in a 510(K) Submission
Below is the minimum list of contents necessary to be available in 510(K) submission documents.
Table of Contents
Indications for Use (FDA Form 3881)
510(K) Summary or Statement
Truthful and accurate statement as required by 21 CFR 807.87(l)
Class III Summary and Certification (to be submitted when claiming equivalence to a Class III device) As per 21 CFR 807.94
Financial Certification & Disclosure Statement
Declaration of Conformity and Summary Reports
Sterilization and Shelf Life
Substantial Equivalence Comparison
Electromagnetic compatibility and Electrical Safety
Performance Data (Summary on Clinical and Non-Clinical data)
Mode of Submission to FDA – E copies
In section 745A(b)(1) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) (21 U.S.C. 379k-1) FDA is amending its regulations on medical device submissions to remove requirements for paper and multiple copies and replace them with requirements for a single submission in electronic format. Submissions in electronic format include eCopies, submissions created and submitted on CD, DVD, or flash drive and mailed to FDA, and eSubmissions, submission package produced by an electronic submission template.
Fees, Exemptions and Waivers
Under the user fee system, medical device companies pay fees to the FDA when they register their establishments and list their devices with the agency, whenever they submit an application or a notification to market a new medical device in the U.S. and for certain other types of submissions.
The MDUFA (Medical Device User Fee) website User Fee has information on the current fee charges applicable. Payment must be received and processed at the time or before the date the application is sent. If the FDA receives an application without full payment of all required fees, the FDA will consider the application incomplete and will not begin its review.
This is based on the Refuse to Accept (RTA) policy by the FDA. It is a mechanism adopted by the FDA to provide a quick review of the 510(K) submission.
This stage is only the initial (Acceptance review) stage where the FDA reviewer using separate checklists for each type of submission (traditional, abbreviated and special) reviews the submission and gives a declaration if the submission contents meet the minimum threshold requirements or is placed on RTA hold.
The FDA reviewer evaluates the submission against specific acceptance criteria and informs the submitter within the above timeline on acceptance or indicate the missing element(s) in submission.
In order to enhance the consistency of FDA’s acceptance decisions and to help submitters better understand the types of information FDA needs to conduct a substantive review, this guidance, includes the checklists to clarify the necessary elements and contents of a complete 510(k) submission.
Only if this stage is cleared, the submission gets qualified for the actual Substantive review stage. The reviewer conducting substantive review is the actual Lead reviewer.
During Substantive Review, the Lead Reviewer conducts a comprehensive review of the 510(k) submission and communicates with the submitter through a Substantive Interaction, which should occur within 60 calendar days of receipt of the 510(k) submission.
Substantive Interaction communication is typically:
an email stating that FDA will proceed to resolve any outstanding deficiencies via Interactive Review; or
an Additional Information (AI) request which places the submission on hold.
Additional Information (AI) request
If the lead reviewer sends an AI request, then it means the submission is placed on hold. The submitter has 180 calendar days to address the queries from the date of additional information request by FDA reviewer. If the queries are not addressed by the applicant within this time span, then 510(K) submission is deleted from the FDA database and the applicant will need to submit a new 510(K) to pursue the FDA market clearance process.
The submitter must submit the response, with a valid eCopy, to the DCC. The response should:
include the submitter’s name;
list the 510(k) number;
identify the submission as Additional Information (AI) to the 510(k);
list the date of FDA’s request for additional information; and
provide the requested information in an organized manner.
If the Lead Reviewer chooses to continue with an Interactive Review, this means the Lead Reviewer has determined that any outstanding deficiencies may be adequately addressed within the timeframe set by the Medical Device User Fee Amendment of 2012 (MDUFA III) performance goal for a 510(k) (90 FDA days) and that the submission will not be placed on hold. The Lead Reviewer communicates with the submitter during the Interactive Review using tools such as:
During Interactive Review, the Lead Reviewer may request additional information from the submitter, who may either send the information to the Lead Reviewer directly or to the DCC (Document control centre). Note: During Interactive Review, any information submitted to the DCC must include a valid eCopy.
Timeline – An overview of 510(K) Submission
FDA receives the 510(K)-application submission
FDA sends the acknowledgement letter (or) FDA sends HOLD letter (in case of issues)
FDA conducts Acceptance Review and informs the applicant if the application is eligible for substantive review (or)
Places it under RTA Hold
FDA conducts Substantiative Review and communicates on the next move towards Interactive Review
FDA sends Final MDUFA Decision Letter
Step:06 Final 510(K) Decision Letter
MDUFA Decisions for 510(k) submissions include findings of substantially equivalent (SE) or not substantially equivalent (NSE).
When a decision is made, FDA will issue the decision letter to the submitter by email to the email address provided in the 510(k) cover letter.
A 510(k) that receives an SE decision is considered “cleared.”
FDA adds the cleared 510(k) to the 510(k) database, which is updated weekly.
The IFU and the summary will be sent as attachments to the SE letter. The IFU will not be signed since it is considered an attachment to the SE letter. Therefore, the signature on the SE letter will apply to both the letter and the IFU.
If FDA does not reach an MDUFA decision within 100 FDA days (i.e., 10 days after the MDUFA goal), FDA will issue a Missed MDUFA Communication, which is written feedback to the submitter to be discussed in a meeting or teleconference, including the major outstanding review topic areas or other reasons that are preventing FDA from reaching a final decision, with an estimated date of completion.
Medical devices are those products used to prevent, diagnose, treat, and monitor the many diseases known to humankind. Medical devices and medicines play an equally important role in treating human beings. To learn more about medical devices, read our article on the definition of a medical device. This article discusses the nomenclature of medical devices and examples of these.
What is the nomenclature of medical devices?
To simply put it, the nomenclature is the naming of a medical device. Although medical devices are classified into different risk classes, they should be named so that it is universally identified. Standardised nomenclature facilitates this easy identification.
A nomenclature is needed to simplify trade and tracking among the different regulatory authorities, Ministries of Health, and other organisations that regulate medical devices.
A standardised nomenclature aids in the following aspects:
Grouping and classification of medical devices.
Registration under different regulatory bodies or Ministries of Health
Streamlined procurement and distribution
Grouping of medical devices in various electronic health records and medical device databases
Vigilance reporting, field safety and post-market surveillance
The different device nomenclatures available are as follows:
GMDN or Global Medical Device Nomenclature.
EMDN or European Medical Device Nomenclature
UMDNS or Universal Medical Device Nomenclature System
Other nationally developed nomenclature systems
Global Medical Device Nomenclature (GMDN)
About 10% of countries use Global Medical Device Nomenclature worldwide. It is a system of internationally accepted descriptors used to identify medical devices. The GMDN Agency manages GMDN codes, a non-profit organisation.
GMDN is a 5-digit code containing the following information:
GMDN Term Name: Anaesthesia ventilator
GMDN Code: 34851
GMDN Definition: A mains electricity (AC-powered) stand-alone, automatic cycling device used to assist and control alveolar ventilation during general anaesthesia and is compatible with inhaled anaesthetic agents. It has fewer functions and is less complex to operate than an intensive care ventilator but adequately meets the patient’s ventilation needs for oxygen (O2) and carbon dioxide (CO2) exchange to maintain normal blood gas concentrations. The device provides a mechanical means to deliver the breathing gas to the patient in a controlled pattern. It is equipped with alarms to warn of changes in respiration or the onset of unsafe operating conditions.
GMDN was introduced for a variety of regulatory purposes. GMDN is based on the ISO 15225: Medical device nomenclature data structure’. Read more about the frequently asked questions about GMDN here.
European Medical Device Nomenclature (EMDN)
European Medical Device Nomenclature or EMDN is introduced due to Article 26 of EU Regulation 2017/745 of Medical devices and Article 23 of EU Regulation 2017/746 of in-vitro diagnostic medical devices. Like GMDN, it plays a considerable role in device nomenclature and serves various regulatory purposes. One of the primary uses is while registering a medical device in EUDAMEDwhere it is closely linked to UDI-DI.
Structure of EMDN
The European Medical Device Nomenclature is characterised by its alphanumeric structure and is established in a seven-level hierarchical tree where it clusters medical devices into three primary levels:
Categories: the first hierarchical level – alphanumeric.
Groups: the second hierarchical level – 2 numbers indicating group.
Types: the third hierarchical level – a series of numbers 1,2,3,4 and 5.
EMDN was adopted from the Classificazione Nazionale Dispositivi medici (CND) classification. The EMDN can be accessed at the EMDN list. European Medical Device Nomenclature categorises into three primary levels, categories, groups, and types. A category comprises several groups composed of various kinds of medical devices.
Universal Medical Device Nomenclature System (UMDNS)
Universal Medical Device Nomenclature System or UMDNS was developed by the Emergency Care Research Institute (ECRI). Many nations have adopted this standard around the world. UMDNS is used in inventory control, work order control, and regulatory systems applications. It is a 5-digit code unique code and a term for different types of medical devices. One can find the UMDNS code list here. UMDNS is updated monthly.
CND nomenclature or ‘Classificazione Nazionale Dispositivi medici’ was developed by Italian Ministry of Health. In addition to Italy, it is also used in Portugal and Greece. The guidance document on CND nomenclature explains the basic principles and structure of CND, which also applies to EMDN as EMDN was adopted from CND nomenclature. Following this, medical devices are clustered into three levels:
Is UDI the same as GMDN?
Both Unique Device Identification System (UDI) and GMDN are used in device identification. However, the two have some fundamental differences. UDI is inferior because of its lack of unity. It does not have a structure; therefore, device identification becomes more difficult with UDIs. Nonetheless, it is an effective tool for the traceability of medical devices. FDA utilises UDIs for medical device identification. The user guide to GUDID explains how the UDIs are managed in US FDA’s database, GUDID.
Can EMDN be accessed free of charge?
The EMDN is accessible to all stakeholders- free of charge. Hence, it can be utilised by a non-exhaustive list of stakeholders such as manufacturers, patients, research organisations, practitioners, hospitals, etc. The EMDN can also be downloaded from here.
Is there a guidance document that helps economic operators to map the EMDN information into the forthcoming EUDAMED database?
Yes, there are two guidance documents released by the EU commission
The FDA introduced current Good Manufacturing practices (cGMP) to maintain a system that provides proper design, monitoring, and control of manufacturing processes and facilities. The cGMP standards ensure products’ identity, strength, quality, and purity by requiring manufacturers to maintain proper control over their manufacturing processes. This system helps the manufacturer avoid as many failures and errors as possible. The “C” in cGMP refers to “current,” which means that organisations must employ up-to-date technologies and systems to comply with the rules.
The cGMP is subdivided into the following chapters:
Subpart A-General Provisions (§§ 820.1 – 820.5)
Subpart B – Quality System Requirements (§§ 820.20 – 820.25)
Subpart C – Design Controls (§ 820.30)
Subpart D – Document Controls (§ 820.40)
Subpart E – Purchasing Controls (§ 820.50)
Subpart F – Identification and Traceability (§§ 820.60 – 820.65)
Subpart G – Production and Process Controls (§§ 820.70 – 820.75)
Subpart H – Acceptance Activities (§§ 820.80 – 820.86)
Subpart I – Nonconforming Product (§ 820.90)
Subpart J – Corrective and Preventive Action (§ 820.100)
Subpart K – Labelling and Packaging Control (§§ 820.120 – 820.130)
Subpart L – Handling, Storage, Distribution, and Installation (§§ 820.140 – 820.170)
Subpart M – Records (§§ 820.180 – 820.198)
Subpart N – Servicing (§ 820.200)
Subpart O – Statistical Techniques (§ 820.250)
Quality System Requirements
Establishing appropriate policies for maintaining quality requirements and ensuring they are followed in responsibility of the manufacturer. Handling matters such as the responsibility, authority, and interrelation of all personnel, resource allocation, quality plan, quality system procedure, and instructions is the manufacturer’s responsibility.
A representative must be appointed who ensures the quality requirements and periodically reports its performance to the executive management.
Quality audits must be mandatorily performed by personnel who are not directly responsible for the matters under audit and reports of such audits must be documented and shared with executive management. Ensuring availability of trained personnel for each task, and training activities for the same is must.
Every manufacturer, irrespective of any device class should maintain a specific design plan that must include design input requirements and the development process, which should be reviewed and updated periodically.
The manufacturer must maintain procedures to define and document design input and output data and be reviewed regularly. The results of design reviews must be documented in the design history file (DHF).
The manufacturer is also expected to maintain procedures for verification and validation of the design procedure. Design changes and procedures for the changes to product specifications must be part of the manufacturer’s design control plan.
All information listed above must be part of the manufacturer’s Design History File (DHF).
This subpart describes how documents should be verified before distribution.
A responsible for checking document adequacy before circulation with their signature and date of verification is must and should be documented.
Any changes to the documents can be verified by an individual(s) in the same function or organisation unless specifically designated and changes made are to be communicated to the concerned person.
Information such as the description of the change, identification of the affected documents, the signature of the approving individual(s), the approval date, and when the change becomes effective must be part of the change record.
This subpart describes that each manufacturer must maintain a procedure to verify if all purchased or received products conform to the specified requirements.
Manufacturers must evaluate and document their suppliers, contractors, and consultants for all specified requirements, including quality requirements. The type of control over these operators must be defined, and a list of permissible operators should be documented.
It is a must to maintain data with a clear description or reference to specified requirements, including servicing. Purchasing data shall be approved in accordance with Sec 820.40.
Identification and Traceability
This subpart describes identification and traceability requirements.
Manufacturers must establish methods to identify the product during all stages of receipt, production, distribution, and installation to prevent mix-ups. Devices intended for surgical implants or to support or sustain life must have procedures to identify the product with a control number 0f each unit, lot or batch of finished devices. This will help while taking corrective action. Such identification details must be documented in DHR.
Production and Process Controls
This subpart describes how the manufacturer should develop, conduct, control and monitor production processes to ensure that a device conforms to its specifications.
Details of Documented instructions, SOPs, methods that define and control the manner of production, monitoring and control of process parameters, compliance with specified standards, and approval processes criteria for workmanship must be included where process control is required.
Production and process changes must be verified and validated according to Sec 820.75, and changes shall be approved in accordance with Sec 820.40. There must be proper procedure to maintain its working if environmental control is applicable.
Details on personnel, contamination control, buildings, Equipment, Maintenance schedule, Inspection, Adjustment, Manufacturing material and automated processes are mentioned in detail in this section.
Section 820.72 describes inspection, measuring and test equipment. Various aspects from the control of inspection, measuring and testing equipment to its calibration and records are discussed in detail in this section.
Section 820.75 describes process validation. The processes must be verified with a high degree of assurance and approved according to established procedures.
Manufacturers must maintain procedures for monitoring and control of validated processes. Any changes or deviations in the process should be reviewed, evaluated, revalidated if necessary, and appropriately documented.
This subpart describes the process of receiving in-process and finished device acceptance and acceptance status in detail. Finished products shall not be released for distribution until:
(1) The activities required in the DMR are completed (2) the associated data and documentation are reviewed (3) the release is authorised by the signature of a designated individual(s)
(4) the authorisation is dated.
The acceptance record shall include the following details:
(1) The acceptance activities performed (2) the dates acceptance activities are performed (3) the results (4) the signature of the individual(s) conducting the acceptance activities (5) where appropriate, the equipment used. These records shall be part of the DHR
To ensure that the product that has passed the required acceptance activities is distributed, used, or installed, the identification of acceptance status must be maintained throughout the product’s production, packaging, labelling, installation, and service.
This subpart describes the control of nonconforming products and nonconformity review and disposition.
A procedure to identify, document, evaluate, segregate, and disposition a nonconforming product must be maintained by the manufacturer. The evaluation and investigation results must be documented.
The manufacturer must also establish and maintain a procedure for rework, such as retesting and re-evaluating nonconforming products after rework. All these activities must be documented in the DHR (Device History Record).
Corrective and Preventive Action
This subpart describes corrective and preventive actions. Procedures such as analysing, investigating, identifying, verifying, implementing, ensuring correct information, and submitting relevant information for all processes must be established and followed by the manufacturer.
All the nonconforming products must be reported and documented. During the verification process, the manufacturer must ensure that the corrective and preventive action should be effective and should not adversely affect the finished device.
Labelling and Packaging Control
This subpart describes how to establish and maintain procedures to control labelling activities.
Labels affixed to the device must remain legible throughout the manufacturing process and until it is delivered to the end-user.
Manufacturers must establish a procedure for labelling inspection, labelling storage, and labelling operations. During the inspection process, the responsible person must ensure the correct unique device identifier (UDI) or universal product code (UPC), expiration date, control number, storage instructions, handling instructions, and any additional processing instructions present on the label.
A control number as per Sec820.65 for each product must be part of the labelling. This subpart also mentions that the manufacturer must establish a proper procedure for device packaging during different stages of the manufacturing process.
Handling, Storage, Distribution, and Installation
This subpart describes the product’s handling, storage, distribution, and installation.
During storage and handling, the manufacturer must ensure that mix-ups, damage, deterioration, contamination or other adverse effects must not affect the product.
Manufacturers must establish a procedure to authorise the receipt and dispatch the product to storage rooms. Manufacturers must maintain distribution records which should include the following:
(1) The name and address of the initial consignee (2) The identification and quantity of devices shipped (3) The date shipped (4) Any control number(s) used.
Further, Details on Installation procedures to be adopted by the manufacturer are given in detail.
This subpart describes the requirements of record keeping.
The manufacturer is expected to maintain confidentiality if required and a set record retention period for all records as per the nature of the document.
It shall include device specifications, production process, Quality assurance procedures, packaging, labelling, installation, maintenance, and servicing procedures and methods.
The manufacturer must also maintain a Device history record (DHR) which should contain the following information:
(a) The dates of manufacture (b) The quantity manufactured (c) The quantity released for distribution (d) The acceptance records which demonstrate the device is manufactured in accordance with the DMR (e) The primary identification label and labelling used for each production unit (f) Any unique device identifier (UDI) or universal product code (UPC), and any other device identification(s) and control number(s) used
Detailed information on complaint files and Quality system records are also included in this subpart.
This subpart describes servicing requirements.
Manufacturers are expected to analyse service reports with appropriate statistical methodology as per Sec 820.100.
Any service report that must be reported to the FDA under part 803 of the CGMP document shall automatically consider the report a complaint and proceed according to Sec 820.198. In general, the service report must include the following details:
(1) The name of the device serviced (2) Any unique device identifier (UDI) or universal product code (UPC) and any other device identification(s) and control number(s) used (3) The date of service (4) The individual(s) servicing the device (5) The service performed (6) The test and inspection data
The last subpart of the CGMP document gives details of Statistical Techniques to be used while following the CGMP guidelines.
What are the field safety corrective actions of the FDA?
FDA has a stringent FSCA requirement. Refer to our article to understand the FDA’s field safety corrective action procedures.
Are there exemptions from GMP?
Medical devices published in the Federal Register and codified in 21 CFR 862 to 892 and exempted by FDA classification regulations are exempted from following the GMP requirements. However, manufacturers of finished devices must maintain complaint files (21 CFR 820.198) and general requirements concerning records (21 CFR 820.180). Medical devices manufactured under an investigational device exemption (IDE) are not exempt from design control requirements under 21 CFR 820.30 of the QS regulation.
Is it acceptable for a manufacturer to produce sterile products by aseptic processing to rely solely on ISO standards to qualify the facility?
No, in addition to the ISO standards it is required that the manufacturer follows applicable FDA regulations.