Category: Uncategorized

Risk Management: A Brief Overview

Risk management is identifying and controlling legal, financial, health, and strategic risks to an organization’s capital.

To appropriately manage such risks, you need to know how to evaluate risk and understand the tools to help you do that.

Principles of Risk Management

There are two primary principles of risk management. They are:

Good Evaluation of the Risk

Risk, by definition, is the probability of occurrence of a harmful event and the severity of that harm. The problem with risk evaluation is how can it be different depending on the current stakeholder.

That’s why the evaluation of risk should be based on scientific knowledge. This is especially important if the risk involves the health of a person.

The Appropriate Level of Effort

The amount of exerted effort to manage a certain risk should correspond to the level of risk. Risk assessments usually involve a considerable amount of formality and documentation, which could be justified should an individual’s health is involved.

However, too much effort exerted on managing a relatively insignificant risk is tedious, unnecessary, and should be avoided.

Examples of Tools Used for Risk Management

Many tools are used for risk management, here are some of the most common ones:

Flowcharts

Think of a flowchart as a mind map. You’d be using lines and boxes to point out the steps or the path that a certain procedure would take based on the surrounding circumstances.

Flow charts are often used for administration and project management purposes, but they could be handy when you want to want to trace how a certain risk could affect the steps of your project.

Process Mapping

Process mapping models look very close to flowcharts. Sometimes they’re even used interchangeably.

They’re indeed similar, but unlike how generic the flowchart can be, a process map is much more detail-oriented. It also contains specific timelines to tell when certain steps will be achieved.

Check Sheets

A check sheet is a large, well-prepared table containing various data. The good thing about check sheets is how versatile they can be since you’re virtually assigning every slot as you see fit.

Check sheets are excellent risk management tools since you can easily display each procedure with its associated risk.

Cause and Effect Diagrams

Cause and effect diagrams utilize a certain goal represented by a horizontal line. Various diagonal lines that indicate different effects and risks would then intersect with that line.

This allows the reader to asses how will those effects alter the current goal.

Levels of Severity

There are four levels of severity in risk management:

Negligible (Low)

Negligible severities are hardly considered risks, and they’re usually accidental events. For example, minor injuries resulting from heavy lifting are negligible severities that won’t affect the final goal.

Moderate

Moderate severity risks are usually accounted for. They might affect the timeline but won’t compromise the intended goal.

Minor monetary losses due to certain market events are a good example of moderate severity risks.

Critical (High)

High-severity risks aren’t only accounted for, but they could jeopardize the integrity of the whole project. These risks are often health-related hazards and may be the main reason behind shutting down a certain establishment.

Improper disposal of nuclear waste that severely affects the health and quality of life of the surrounding individuals is an example of such a high risk.

Catastrophic

Catastrophic risks are usually unexpected because if they were planned for, the project wouldn’t have started, to begin with. They usually end up taking the lives of some people away.

For example, a faulty inspection of a plane’s engines before take-off might lead to an engine failure mid-flight, leading to a catastrophic result.

Final Words

Risk management involves gathering all the data you can find so you can reach your goal with minimum risks.

To do that, you need to use risk management tools and understand the risk severities to prevent unfavorable outcomes from happening.

Big Savings For Small Businesses – Does Your Medical Device Company Qualify?

While very rewarding, it is no surprise that being an entrepreneur in the medical device industry will come with its own set of challenges. One of the hurdles you can expect to face is affording the costs associated with the FDA.  The FDA knows that these costs are a challenge for entrepreneurs trying to improve healthcare through innovation and has fee reductions for qualified small business under the Center for Devices and Radiological Health (CDRH). So, the question is, what do you have to do to be a classified as a “Small Business”?

The CDRH classifies a small business has a company with an annual revenue under $100 million in their most recent tax year. Companies under this annual revenue can be eligible for fee reductions when submitting the following items to the FDA:

Application Type Standard FeeSmall Business Fee
510(k)$12,745$3,186
513(g)$5,061$2,530
PMA, PDP, PMR, BLA$343,858$93,714
De Novo Classification Request$112,457$28,114
Panel-track Supplement$281,143$70,286
180-Day Supplement$56,229$14,057
Real-Time Supplement$26,240$6,560
BLA Efficacy Supplement$374,858$93,714
30-Day Notice$5,998$2,999
Annual Fee for Periodic Reporting on a Class III device (PMAs, PDPs, and PMRs)$13,120$3,280

Additional to these benefits, companies with a reported annual revenue under $30 million specialized in Class III medical devices, are also eligible for a “first premarket application/report” fee waiver.

So how do you apply for a Small Business Certification Request? Firstly, you’ll need to gather your U.S. Federal income tax return for the most recent fiscal tax year. Next, obtain your Organization ID number. This number is specific to your business and assigned to you when you register with the FDA. This number is not the same as your Federal Employer Identification Number or Taxpayer Identification Number. Following this step, download and complete the appropriate form for your business, Form FDA 3602 or Form FDA 3602A. Once all the sections required have been completed, you can mail a hard copy to the following address:

FY 20__ MDUFA Small Business Qualification
Small Business Certification Program
10903 New Hampshire Avenue
Building 66, Room 5305
Silver Spring, MD 20993
U.S.A.

Once received by the FDA, your application will be reviewed within 60 days of its arrival and a decision will be given to you on your business’ status. In our experience, the full turn around time from application receipt to the final status update is quite rapid and does not take a full 60 days. While this may be a confusing journey, the FDA offers several forms of aid to further assist and facilitate this process for you.

If you have any questions regarding this process, you can always contact the User Fees Help Desk at 301-796-7200 or send an email to userfees@fda.gov. In addition to these forms of contact, you can also visit the FDA Guidance Document for Medical Device User Fee Small Business Qualification and Certification at the following link.

If you are approved for your Small Business Application, the FDA will provide you with a start and end date of this business status. Make sure to reapply prior to your end date to keep your small business status up to date with the FDA and reap the benefits of being a Small Business!

Still unsure of this process? No worries, our PrimePath Medtech team is ready and happy to further assist and guide you through this process!

Handling Rejection – What to Do If the FDA Doesn’t Accept Your 510k Application

My 510(k) application was rejected by the FDA, but I don’t understand why?

So, your 510(k) was not accepted by the FDA. There are many possible reasons for this, but don’t stress. We’re here to help you understand why your 510(k) was not accepted and how to move forward.

The FDA has a “Refuse to Accept” checklist that is used to measure your 510(k) application for whether it has substantial information for an substantive review. The RTA serves to “reward complete submissions” and to “reduce the number of review cycles and total time” for a final decision on your application [1]. All in all, the RTA serves to understand the overall individual components of your 510(k) submission; it is not an evaluation of its adequacy or rationale.

The RTA process begins with the receipt of your 510(k) submission. Once received, the application will be checked for a valid user fee/eCopy, if you do not have one then your submission will be placed on hold until one is received. If you do have one, the RTA review will commence. A decision on your submission will be made in up to 15 days of the initiation of the RTA Review. If it is deemed that your application is administratively complete, then your submission is accepted for a substantive review. If it is deemed that your submission is missing administrative information, your submission is put on hold, and you will be contacted for the missing information. If on the 15th day of review, your submission does not have a decision on its administrative completeness, it will automatically be accepted for a substantive review. For more information on the RTA process, check out the checklist utilized here [2].  

How do you pass the FDA Refusal to Accept (RTA) Screening Process?

So, what level of detail do you need to meet to pass the RTA screening process? Firstly, on an administrative level, your submission must include the following:

  1. Statement of no prior submission for subject medical device.
  2. Reference towards prior submission by file number along with information detailing where in your submission previously given feedback is addressed.

Next, a device description should be given which details the device’s applications, images of all components and modifications to it. Additionally, engineering drawings should be attached if applicable and a complete list of components for the device and previously cleared device.

Following this, a predicate device with substantial equivalence should be identified, compared for indications for use and features. This is vital to your application as it shows that a device that is comparatively equivalent to your submission has already been approved by the FDA for the same features and intentions of use.

Additionally, labeling for your submission should be included that includes outer package labeling, the instructions for use (IFU), and a surgical technique manual. The indications for use should be consistent across the form, IFU label, and 510(k) summary.

Next, your submission should be classified as either sterile or non-sterile. So, what constitutes a sterile medical device? To be considered a sterile device, your submission should meet one or more of the following criteria:

  1. Sterilization method including dose for radiation
  2. Description of method to validate the sterilization parameters
  3. Sterility Assurance Level
  4. Description of packaging
  5. Shelf-Life/ Expiration date
  6. Methods that will establish packaging and device performance is maintained for entire shelf-life

If your device is not sterile based on the criteria previously listed, it should be non-sterile and match the following criteria:

  1. Cleaning/Disinfection Method
  2. Sterilization parameters
  3. Shelf-life is not applicable
  4. Statement for why the performance data is not needed to maintain device performance

Per ISO 10993-1, medical devices should be assessed for their biocompatibility in their evaluation of risk. Therefore, the FDA requires that materials and standards be specified in your application. Additionally, should biocompatibility not be tested and presented with your submission, rationale for why this was not needed should be provided. Any changes to your submission’s biocompatibility should also be stated. For more guidance on the determination of whether your device should be tested for biocompatibility, check the guidance document provided here [3].

Finally, another key aspect to your submission is performance data. This includes a test report summary detailing the test performed, the methodologies, results, discussion, and conclusions from the testing. Additionally, rationale for the potential worst-case components/constructs should be included. Additional to this, a complete test report should be submitted with your submission. This includes the test performed, worst-case construct, methods, result tables, images both the testing set up and failure modes, the corresponding loading curve graphs and detailed discussion and conclusion on the testing findings presented.

What if your submission does not have specific subject systems to detail information on?

Not a problem, the FDA understands medical devices differ across a broad spectrum of uses and knows each submission will be unique and different. If you have no information to provide on a specific subject system (i.e. software), just note “Does not apply” in your submission to inform the FDA reviewer that you did see the section was required in your application, but that your submission is not applicable.

As this process can be lengthy and confusing at times, it is recommended that your first 510(k) submission be done with a qualified and experienced regulatory affairs representative. Having an RA work with you will ensure all sections of your submission are completed properly and in accordance with the FDA checklist previously discussed. Once submitted, you can always reach out to an FDA representative at 510K_Program@fda.hhs.gov for status updates on your submission. 

References:

[1] Brittany Ferrell, “510(k) Refuse to Accept Checklist: Why is my submission not good enough?” Lead Reviewer, Extra columnar Spinal Devices Team, FDA U.S. Food & Drug Administration

[2] Acceptance Checklist for 510(k), FDA U.S. Food & Drug Administration

[3] Center for Devices and Radiological Health, “Use of International Standard ISO 10993-1, “Biological evaluation of medical devices – Part 1: Evaluation and testing within a risk management process,” Guidance for Industry and Food and Drug Administration Staff

Why Is ISO 13485 Training Critical to Building a Career in Medical Devices?

The medical device industry is booming. The U.S. medical device manufacturing market was valued at 176.7 billion USD in 2020 and is anticipated to exhibit a compound annual growth rate (CAGR) of 5.0% by 2028. A growing population and technological advances have led to an increased demand for medical devices.

Medical devices need to be safe and effective to help patients. They also need to be cost-effective and manufacturable for the company. Medical devices are inherently risky, which means we have more regulations because there’s more likelihood of risk to patient safety. Their design requires specific knowledge that is not found in other industries.

Every medical device set to hit the market has to go through many checks and audits before it even leaves the manufacturing unit. A risk-based approach is used to identify, evaluate, and mitigate risks associated with a product or project.

Built specifically for this industry, the ISO 13485:2016 standard is an important tool to keep every team member on track when designing and releasing a new medical device.

Being trained in ISO 13485 gives medical device manufacturers the support to design a quality management system that enables consistency and effectiveness throughout each stage of the product life cycle.

The apparent advantage of the ISO 13485 training courses is that it provides an understanding of how the product will be built and manufactured, streamlining every process from design to the final disposal of the product. However, there are other ample benefits of getting trained, making it critical for your career in medical device development.

More Control Over Quality with Systematic Operations

Operational inefficiencies can hinder the entire process of manufacturing. Without a system to comprehend them and produce consequent action for improvements, quality will always be impacted.

The ISO 13485 training enables manufacturers to establish norms that pave the way for effective communication to pinpoint the product deficiencies along with systemic techniques and methods to counter them.

It promotes a standardized way of manufacturing with an organized structure in all processes. The addition of constant Management Reviews brings the focus on data provision to monitor progress and formulate the subsequent path if defects are identified, both in terms of product development and quality requirements.

With the quality management system, the manufacturers are always in control, guaranteeing that the products developed meet the quality and safety standards that fit both the patients and users.

Less Time to Market with Quality Assessment

Organization in manufacturing processes has a direct impact on the speed of development. With continuous monitoring of processes and systems, any defect or deficiency that could lengthen the development time is detected and rectified early on.

From administration to purchasing, all departments involved benefit from an organizational culture that stimulates excellence. Quality Management System training emphasizes quality in every stage of manufacturing, thus ensuring the devices are produced at a faster rate.

More Value with Less Waste

Another positive impact of quality systems training is on the waste produced during manufacturing medical devices. Overproduction, excessive waiting on process completion, surplus inventory, multiple defects, and unregulated scraps are aspects of the production cycle that can be avoided with the implementation of the ISO standards.

Constant supervision of the standard ensures the identification and resolution of problems that could result in a wastage of time, effort, and resources. With fewer failures to battle, consumers remain happy with the quality of the products. By targeting to achieve process excellence, you invest less in production, including labor, and profits run higher.

Wider Scope for Business Growth

The ISO 13485 training brings the scope of collaborating with larger organizations. Their preference often reflects an inclination towards ISO-certified suppliers as they meet exceptional quality and service standards.

If you have implemented the standard, you will offer the same reliability and quality that medical devices need to have across the globe. Such standardization in production makes your product the perfect fit for exports.

With a stringent adherence to a risk-based approach to minimize them as well as the legal, contractual, and regulatory requirements for medical devices, you will have the opportunity to make your company a priority when large companies need subcontractors and broaden your business practices.

Get all the benefits of being ISO certified with Prime Path Medtech™’s Quality System Training. From describing objectives to identifying device requirements and comprehending their real-world application, you and your team will be able to recognize the common elements found in the global QMS requirements.

Annex 11 & Part 11: What’s the Difference?

What’s Part 11?

In the early 1990s, computerized systems were becoming increasingly normal in business, and Industry professionals wanted to reduce paper-based records and signatures. Having no standards for which to model electronic records and signatures, the FDA was tasked with providing guidelines.

In 1997, the FDA introduced Title 21 Code of Federal Regulations Part 11, or, 21 CFR 11, or simply, Part 11, as guidance for pharma manufacturers. Part 11 is what equivocated electronic signatures’ legal equivalence with traditional “wet ink” signatures on paper.

Part 11 is a federally enforceable regulation that emphasizes identity verification, accountability of actions by authorized individuals, and the reporting of obligations.

What does Part 11 mean to Medical Device Manufacturers?

21 CFR 11 compliance requires adherence to the following:

  1. Authentic Electronic Records
  2. Administrators must grant permissions for document access within the system
  3. The system must be capable of generating an audit trail for each record
  • Unique Electronic Signatures
  • Each user needs a unique digital signature
  • Electronic records require:
  • Name of the signer
  • Date and time of signature
  • Type of signature (i.e., quality, reviewer, etc.)
  • Record and Signature Interconnectivity
  • Traceability must exist between the electronic record and the signer
    • Handwritten signatures scanned into the system apply, as well
  • Identification and Password Authentication
  • The system must employ at least two identification components:
    • a unique identification code
    • a password
  • Training Integration
  • There must be training history for anyone using electronic systems requiring electronic signatures and dates
  • Effective Change Control Management
  • Maintain an audit trail that captures revision and change control procedures
  • System Validation
  • Electronic systems that manage compliance-related documents must be validated

What’s Annex 11?

EU Annex 11 is directed at products and services manufactured and sold in the EU. It is the European Union equivalent of FDA Part 11 without the weight of enforcement. In other words, it is not federally enforceable like 21 CFR 11.

Instead, it is a strongly recommended, comprehensive guideline that supplements the full set of GMP rules, officially known as the EUDRALEX Rules Governing Medicinal Products in the European Union, Volume 4, Good Manufacturing Practice. These rules apply to all human and veterinary medical products that are sold or manufactured in the EU.

This guidance system mandates electronic records and signatures within the pharmaceutical industry beyond electronic documents, including hardware, personnel, risk management, and software.

The provision covers:

  • Accuracy checks
  • Archiving and records
  • Audit trails
  • Batch releases
  • Business continuity
  • Change management
  • Configuration management
  • Data storage
  • Electronic signatures
  • Periodic evaluation
  • Printouts
  • Security
  • Validation of data

Annex 11 includes all computerized systems that are part of the GMP-related activities to reflect the increased use and complexity of automated systems. These include the following:

  • Clinical trials
  • Corrective and preventative action (CAPA)
  • Distribution
  • Laboratory testing
  • Material supply
  • Process controls
  • Production
  • Quality system
  • Records and documentation
  • Product release
  • Storage

What does Annex 11 mean to Medical Device Manufacturers?

Although Annex 11 only speaks to medicinal products and pharmaceuticals, (as of 2022), many medical device companies comply with these guidelines in the assumption they will be relevant in the future.

A former FDA inspector recommended that medical device makers who plan to market their products in the EU comply with Annex 11 now for sake of meeting future regulations, easier.

What’s the Difference?

 Annex 11CFR Part 11
ScopeComputerized GMP applications should be validated; IT infrastructure qualified.Electronic records/signatures for FDA-regulated organizations.
FocusComputerized quality management systemUse of electronic signatures/records in open/closed computer systems.
ObjectiveComputerized systems should yield the same results as manual systems with no risk increase.The electronic records/signatures captured and stored should be as reliable as wet signatures.
Relevance and ValidationGMP-relevant; referenced elsewhere tooPer GMP, GDP, GLP, GCP, and medical device validations

Interested to know more about Good Documentation Practices and Electronic Records Requirements?

Contact Prime Path Medtech today! One of our friendly medical device quality professionals will be happy to help ensure that your electronic and physical records meet the required standards and set your mind at ease.

Clearing The FDA Bar – The Steps To Bring Your Medical Device To Market

The Food and Drug Administration or FDA regulates the sale of medical device products and examines their safety and efficacy in the US. If you plan on joining the club of legal medical device sales in the, going through the FDA is your ticket inside. The device development process can look different based on what you plan on bringing to market. But don’t feel intimidated, here’s an overview of what you need to be aware of so you can hit the market with your medical device as soon as possible.

How To Get FDA Clearance – A Step by Step Overview

Device Classification – Knowing your device’s categorization will be the first step toward FDA clearance. Medical devices can vary widely in their design and goals. To address this, the FDA has provided different classifications based on the risks a medical device may pose to consumers. Let’s look at the different classes so you can get schooled on where your device fits in.

  • Class I – Medical devices in this category pose the most negligible risks to consumers. Think bandages and stethoscopes. Devices like these are subject to general control that ensures the safety and effectiveness of the device after manufacturing. While devices in this category require premarket notification known as 510(k), they are not subject to premarket approval.
  • Class II – Devices in class 2 pose a higher risk to consumers and are susceptible to both general and special controls. The special controls in the classification include labeling requirements, specific mandatory performance standards, and specific testing requirements. Class II devices aim to demonstrate that they are substantially equivalent to a similar product that has already received FDA clearance. You might find devices like syringes and contact lenses in this category.
  • Class III – These devices are made to support or sustain life, implemented inside the human body, or risk inflicting injury or disease to the user. This includes devices like pacemakers and cochlear implants. Producers must provide the safety and efficiency of the product coupled with general controls. These devices also require pre-market approval.

Prototype Development – Developing a prototype is the second stage in the development process. Prototypes in this stage won’t be ready for human use but instead be used for testing in laboratory environments. This will help reduce risks before human use. Then, the device may continue on to clinical trials

Application Submission – After the prototype stage it’s time to submit an application to the FDA for review. Once you have filed your application, the FDA will conduct a thorough evaluation of your product. As a part of the application process your device will require FDA verification and validation.

FDA verification makes sure the requirements you set for your product are fulfilled. You should ask yourself, am I designing the device right? You can answer yes if your requirements are implemented, verified, and that the requirement standards are met.

FDA validation on the other hand asks the question, are you designing the right device? Your device should meet the needs of users, internal stakeholders, and regulatory stakeholders.

Waiting for Review – No one likes waiting, but this step is how the FDA determines that your device meets the requirements.

Maintain FDA Compliance – Obtaining approval from the FDA doesn’t end the process like you might expect. You will need to ensure that your product maintains compliance for its lifespan. While the process may seem long and arduous it ensures the safety and efficacy of medical devices on the market. Learn more about how PrimePath can help you with these steps and you’ll be on your way to introducing the world to your newest life-saving product. (Or the latest in tongue depressor technology if that’s what you’re after).

GDP for GMP – Black or Blue Ink?

It has been said that in the medical device and pharmaceutical industries, “If it isn’t documented, it didn’t happen.”

Therefore, we document to provide written proof that something happened. For this reason, good documentation practices (GDPs) are crucial for maintaining compliance and quality. Failure to comply with GDPs can lead to data integrity risks, security and safety risks, as well as current Good Manufacturing Practices (cGMP) audit failures.

Real-Time documentation of production events represents the only true record of:

• Batch processing

• Device production

• Batch or product release or rejection

• Corrective actions or preventive actions (CAPAs)

• Deviations or production non-conformances

In addition to regulatory requirements, it is also important to maintain accurate records for quality assurance purposes. Maintaining accurate records gives manufacturers the ability to pinpoint issues throughout production, allowing them to make quality improvements as necessary. Organized records also assure regulators that manufacturers are documenting their production processes in real-time.

There is no industry-specific GDP requirement to follow. However, ISO 13485 and 21 CFR 820 require documents to be legible, hence GDPs are essential for attaining and sustaining ISO certification. In addition, GDPs are enforced by regulatory agencies such as the FDA, TGA, and Health Canada.

GDPs apply to everyone who documents activities related to cGMP. Compliance with the Food and Drug Administration’s Good Laboratory Practices (GLP), regulations (21 CFR Part 58), as well as GMP regulations for drugs and medical devices (21 CFR Parts 211 and 820), requires the use of GDPs.

What does a GDP look like? Well for example, it could come down to the type of ink you use on your documentations. While there is no industry specific requirement to use black or blue ink, whatever type you choose should remain consistent with what is specified by a site’s standard operating procedures. For instance, an auditor will probably notice if they read within a site-specific SOP that only black ink is acceptable for hand-written remarks on forms, but when they begin auditing hand-documented forms, they’re looking at nothing but hand-written blue ink.

There are arguments to be made about what ink type is superior. Blue ink can help to distinguish original signatures from printed replicas, while some believe blue ink is unable to reliably produce photocopies. But in this case, it is more than about choosing the superior ink. It is about being consistent in the records you provide to ensure you are following good documentation practices.

Now I know what you might be thinking. Are we really discussing ink color in 2022? While this information may seem irrelevant in today’s day and age the same general concept still applies. You will have to decide the best practices to ensure records are clear and consistent in a digital format. It is critical that manufacturers understand the FDA’s Guidance on electronic records, 21 CFR 11, and the EU’s approximate counterpart, Annex 11. These guidelines are central to understanding medical device manufacturers’ electronic data regulation requirements in the EU and the U.S. So even if you don’t have to worry about what color ink you are using, there are still requirements that are necessary to follow regarding your digital records.

To better understand the expectations of and differences between the EU’s Annex 11 and the FDA’s 21 CFR Part 11, check out Annex 11 & Part 11: What’s the Difference?

Whether it is black ink, blue ink, or digital record keeping, Prime Path Medtech™ is happy to consult with firms to ensure all their site-specific documentation practices maintain compliance with regulations. Contact us today to find out how we can assist you in your efforts.

Annex 11 & Part 11: What’s the Difference?

What’s Part 11?

In the early 1990s, computerized systems were becoming increasingly normal in business, and Industry professionals wanted to reduce paper-based records and signatures. Having no standards for which to model electronic records and signatures, the FDA was tasked with providing guidelines.

In 1997, the FDA introduced Title 21 Code of Federal Regulations Part 11, or, 21 CFR 11, or simply, Part 11, as guidance for pharma manufacturers. Part 11 is what equivocated electronic signatures’ legal equivalence with traditional “wet ink” signatures on paper.

Part 11 is a federally enforceable regulation that emphasizes identity verification, accountability of actions by authorized individuals, and the reporting of obligations.

What does Part 11 mean to Medical Device Manufacturers?

21 CFR 11 compliance requires adherence to the following:

  1. Authentic Electronic Records
  2. Administrators must grant permissions for document access within the system
  3. The system must be capable of generating an audit trail for each record
  • Unique Electronic Signatures
  • Each user needs a unique digital signature
  • Electronic records require:
  • Name of the signer
  • Date and time of signature
  • Type of signature (i.e., quality, reviewer, etc.)
  • Record and Signature Interconnectivity
  • Traceability must exist between the electronic record and the signer
    • Handwritten signatures scanned into the system apply, as well
  • Identification and Password Authentication
  • The system must employ at least two identification components:
    • a unique identification code
    • a password
  • Training Integration
  • There must be training history for anyone using electronic systems requiring electronic signatures and dates
  • Effective Change Control Management
  • Maintain an audit trail that captures revision and change control procedures
  • System Validation
  • Electronic systems that manage compliance-related documents must be validated

What’s Annex 11?

EU Annex 11 is directed at products and services manufactured and sold in the EU. It is the European Union equivalent of FDA Part 11 without the weight of enforcement. In other words, it is not federally enforceable like 21 CFR 11.

Instead, it is a strongly recommended, comprehensive guideline that supplements the full set of GMP rules, officially known as the EUDRALEX Rules Governing Medicinal Products in the European Union, Volume 4, Good Manufacturing Practice. These rules apply to all human and veterinary medical products that are sold or manufactured in the EU.

This guidance system mandates electronic records and signatures within the pharmaceutical industry beyond electronic documents, including hardware, personnel, risk management, and software.

The provision covers:

  • Accuracy checks
  • Archiving and records
  • Audit trails
  • Batch releases
  • Business continuity
  • Change management
  • Configuration management
  • Data storage
  • Electronic signatures
  • Periodic evaluation
  • Printouts
  • Security
  • Validation of data

Annex 11 includes all computerized systems that are part of the GMP-related activities to reflect the increased use and complexity of automated systems. These include the following:

  • Clinical trials
  • Corrective and preventative action (CAPA)
  • Distribution
  • Laboratory testing
  • Material supply
  • Process controls
  • Production
  • Quality system
  • Records and documentation
  • Product release
  • Storage

What does Annex 11 mean to Medical Device Manufacturers?

Although Annex 11 only speaks to medicinal products and pharmaceuticals, (as of 2022), many medical device companies comply with these guidelines in the assumption they will be relevant in the future.

A former FDA inspector recommended that medical device makers who plan to market their products in the EU comply with Annex 11 now for sake of meeting future regulations, easier.

What’s the Difference?

 Annex 11CFR Part 11
ScopeComputerized GMP applications should be validated; IT infrastructure qualified.Electronic records/signatures for FDA-regulated organizations.
FocusComputerized quality management systemUse of electronic signatures/records in open/closed computer systems.
ObjectiveComputerized systems should yield the same results as manual systems with no risk increase.The electronic records/signatures captured and stored should be as reliable as wet signatures.
Relevance and ValidationGMP-relevant; referenced elsewhere tooPer GMP, GDP, GLP, GCP, and medical device validations

Interested to know more about Good Documentation Practices and Electronic Records Requirements?

Contact Prime Path Medtech today! One of our friendly medical device quality professionals will be happy to help ensure that your electronic and physical records meet the required standards and set your mind at ease.

ISO 13485 and 21 CFR 820, What’s The Difference?

Regulations mandated by ISO (International Organization for Standardization) and CFR (Code of Federal Regulations) specify the requirements for manufacturers to implement quality management systems that ensure the safety and security of their products. A quality management system, or QMS, helps to demonstrate an organization’s ability to follow regulations and meet the needs of their customers. And when it comes to medical devices, both ISO 13485 and 21 CFR 820 may seem similar in their goals, but there are a few key differences. Let’s look at an overview of each of these regulations.

What is ISO 13485?

The 2016 version of ISO 13485 is a voluntary standard based upon the general quality management system outlined by ISO 9001:2008. This rule is frequently utilized by manufacturers to establish and maintain a system that can meet the demands of the medical device market. The latest version of ISO 13485 includes heightened regulatory emphasis on product safety, risk management requirements in products and processes, and improvements of reporting systems to regulatory bodies.

What is 21 CFR 820?

FDA 21 CFR 820 is the quality system approved by the Federal Drug Administration of the United States. Its requirements are aimed at ensuring the safety and efficacy of medical devices. While the rule defines a specific quality management system to follow, it is up to the manufacturers to determine which limits apply to their processes and products. In other words, the maker of the medical equipment is responsible for determining how they intend to comply with QMS set by the FDA.

Some Major Differences

While both standards involve the implementation of quality standards for organizations, there are a few key differences between the two.

  1. 21 CFR 820 is a mandatory quality system for the distribution and regulation of medical devices in the US, while ISO 13485 is neither a regulation nor law. Think of the ISO requirements as an internal endeavor by the company to ensure customer satisfaction while the FDA requirements are imposed externally by a government body.
  1. ISO 13485 is a standard that does not mandate a specific quality management system structure. But with 21 CFR 820, companies should line themselves up with the outlined documentation structure. Fulfilling the ISO requirements is known as conformance, while fulfilling the FDA requirements is known as compliance.
  1. ISO 13485 is a globally accepted standard that provides ways to comply with general regulatory requirements, while CFR 820 is a regulation mandatory for US manufacturers. Countries outside the US can still have their own laws and regulations.
  1. The standards created by ISO 13485 are based on input by the FDA and other members of ISO, but the CFR 820 is not based on input from the International Organization for Standardization.

A Change in Standards?

While both standards exist simultaneously and are used for different purposes, the FDA has revealed their plans to adopt ISO 13485 as the new standard for medical device companies in the US, essentially replacing 21 CFR 820. This intends to achieve more global harmonization and make it easier for US companies to comply internationally. It will also simplify the quality management systems of companies who are looking for FDA approval for medical devices. But until then, remember what sets these standards apart and how they affect your business.