On February 2nd, 2024 the U.S. Food and Drug Administration (FDA) made its formal announcement and ruling providing guidance on 21 CFR Part 820 which up to that point was the standard overseeing medical device quality system regulation and current good manufacturing practices (cGMP) in the United States of America. The big news – 21 CFR 820 will be heavily amended to incorporate ISO 13485 as the leading guidance for Quality Management System Regulation (QMSR) and cGMP. While the news wasn’t a surprise, it does put a final note on the direction the agency intends to take for medical device practices moving forward, especially as it relates to risk management. While many device OEMs already utilize ISO as their leading regulation standard, those who don’t will have two years to adjust to these changes to be in compliance effective February 2nd, 2026. Here’s what you need to know as it relates to the differences between 21 CFR 820 and ISO 13485, as well as considerations OEMs should take into account in order to meet the 2026 deadline. Big Picture:
Key Differences: Transitioning to ISO 13485 Transitioning from CFR 820 to ISO 13485 involves several steps to ensure compliance with the ISO standard. A general outline of the steps an OEM should take to transition may include: 1. Understand the Requirements of ISO 13485: Familiarize yourself with the requirements of ISO 13485. This includes understanding the structure of the standard, its key clauses, and any specific requirements which may differ from CFR 820. (see above table for highlights) 2. Gap Analysis: Conduct a thorough gap analysis to identify the differences between your current quality management system under CFR 820 and the requirements of ISO 13485. This will help you determine what changes, if any, need to be made to your existing processes, procedures, and documentation. This is also a great time to do a review of your QMS tool to determine if it is an appropriate tool for future use. 3. Document Review and Update: Review your existing documentation, including quality manuals, procedures, work instructions, and forms, to ensure they align with the requirements of ISO 13485. Update or create new documents as necessary to meet the standard's requirements. 4. Training and Awareness: Provide training to relevant personnel to ensure they understand the requirements of ISO 13485 and their roles in implementing and maintaining the QMS. This may include training on new procedures, processes, and documentation. 5. Implementation of New Processes: Implement any new processes or procedures required by ISO 13485. This may include processes related to risk management, design and development, purchasing, production, and service provisions. 6. Internal Audits: Conduct internal audits of your QMS to verify compliance with ISO 13485 requirements. Identify any non-conformities and take corrective actions to address them. 7. Management Review: Hold management reviews to evaluate the effectiveness of the QMS and identify opportunities for improvement. Ensure top management is actively involved in the transition process and committed to maintaining the QMS. 8. Certification Audit: BEFORE you consider this step be sure to speak with a regulatory affairs subject matter expert to ensure it is necessary. Once you believe your QMS is fully compliant with ISO 13485, engage a certification body to conduct a certification audit. The audit will assess your organization's compliance with the standard and determine if you are eligible for certification. 9. Address Non-conformities: If any non-conformities are identified during the certification audit, take corrective actions to address them. The certification body will typically require verification that corrective actions have been implemented before issuing the ISO 13485 certificate. 10. Continual Improvement: Continuously monitor and improve your QMS to ensure ongoing compliance with ISO 13485 and to enhance the efficiency and effectiveness of your processes. Although the 21 CFR 820 and ISO 13485 vary in their structure, and at times use different terminology to describe similar concepts, 21 CFR 820 and ISO 13485 are substantially similar in that both prioritize principles such as risk management, design controls, and continual process improvement. It’s possible as organizations begin to look at their current standards and systems, they will find the transition process is not as cumbersome as initially thought. While this is an obvious assumption, it’s important to note regulatory affairs professionals should be counseled throughout this entire process to ensure appropriateness of adoption and change management.
0 Comments
“They gave us world class, but all we needed was the basics.”
Last week I was speaking with a VP of Quality at a small medical device company at which point he politely complained to me about a recent experience he had with a consultant their company brought onboard. The company was implementing a new online quality management system (QMS) and was utilizing this consultant to get it up and running. The VP shared with me his irritation about how the consultant came in and took on the project as an expert in the field. The consultant had done many QMS implementations prior and came with good recommendations of his work. As the conversation went on the VP share further irritation about his experience working with the consultant. He brought in an expert to do a job that was rather straight forward yet that’s not what the company got in the end. Unfortunately, the consultant failed to understand one of the most important aspects of his job – understand the needs of the customer and implement accordingly. “We’re a small company, we don’t need all the bells and whistles right now [from a QMS system]. We just need a system that keeps us in compliance while making things easier from a process flow standpoint.” The VP was sharing with me a painful experience he was having as a result of someone doing work for him and not understanding what was actually needed in the moment to be successful on that project. Sometimes what’s needed is the basics, not world class. The key is knowing when each of these is appropriate. All to often we show up to a project or work with the idea we’re going to dress up the proverbial pig ready for a fancy night out on the town. This pig of ours is going to look amazing, amazing because of the work we did to get it there. However, we end up missing the mark because we don’t bother to ask the right questions along the way. If we had bothered to ask the right questions to understand what was truly needed by the company and the key stakeholders we may find out the ‘pig’ just needs a new pair of shoes, not a whole wardrobe change. Here’s how this played out in the scenario above with my client and VP…
Here’s the rub on the situation. If the consultant had bothered to ask the vital question of their client upfront “What does ‘success’ looks like at the end of the project?” he would have found out the client needed a practical QMS which met the basic needs of their product and regulatory requirements yet did not need a lot of the fancy bells and whistles larger companies utilize with their QMS. Basically, this small medical device company needed a QMS that was straightforward, basic yet allowed them to upgrade their company to meet the regulatory requirements for their product. The client wanted a no frills, basic system yet what they got was a world class system they’ll probably never fully utilize. Key Takeaway: Don’t assume your work or project requires you to put forth world class service. Sometimes ‘good enough’ is all that’s needed. Knowing the different between ‘good enough’ and world class work outputs is a vital skill to develop and implement in your career. Action Item: Before you begin your next project at work think to yourself “what’s really needed here? The basics or something more?”. Then actually go ask the key stakeholder in charge. Doing this shows an ability to think big picture with an appreciation for what’s best for the company, not what’s best to make you look good as a result of the work you can do. Our client, a Class III medical device company, was issued an FDA 483 warning letter due to product field failures and QMS issues posing life threatening risks to implant patients. The Square-1 Engineering subject matter experts (SME team) were brought in to identify & correct systems and process issues across six (6) functional departments and two (2) manufacturing locations domestically. As you can guess our clients’ situation was dire due to several implant failures in the field. We invite you to download the case study below to learn how we saved our client $4.5M while successfully concluding the remediation project.
Want to get through your remediation project successfully? Doing these two things helps dramatically increase your chances of success. #fearlessmedtech #remediation #fda #medicaldevice #medtech #quality #compliance #QMS About the AuthorTravis Smith is the founder and managing director of Square-1 Engineering, a medical device consulting firm, providing end to end engineering and compliance services. He successfully served the life sciences marketplace in SoCal for over 15 years and has been recognized as a ‘40 Under 40’ honoree by the Greater Irvine Chamber of Commerce as a top leader in Orange County, CA. Categories
All
Archives
March 2024
|
Visit Square-1's
|
|