It may not be the most exhilarating subject, but staying in medical device compliance with regulations is nonetheless crucial for medical device manufacturers. Not only does failing to be in compliance with these regulatory requirements put you at risk for fines and supply chain disruptions, but it also ultimately means that a customer may be using a faulty product. This could significantly impact patient safety and the overall medical device quality in the market.
People rely on these medical devices for their health, making quality and compliance a top-of-mind issue for medical device companies. Ensuring safety effectiveness is essential throughout the product lifecycle. Here are some best practices to keep in mind when striving to make your manufacturing process compliant with device regulatory standards.
Medical device regulations present a lot of material to cover, but it’s important to have at least a cursory understanding of them. Of course, you already know that—that’s what brought you here.
If you only intend to sell your device in the U.S. market, then you’ll need to become familiar with Title 21 Code of Federal Regulations (CFR) Part 820. ISO 13485, on the other hand, is a global standard that is quite similar to Part 820. Compliance with the ISO standard is particularly important for selling your devices in the European market. Both standards emphasize the importance of a robust quality management system (QMS).
However, both of these systems can be applied to your manufacturing process, and it is highly recommended that you apply both. That way, you will ensure that your devices are completely safe for your customers and available for sale in as broad a market as possible. This dual compliance enhances your reputation in the industry and assures adherence to global regulatory standards.
There are 14 domains of medical device manufacturing that Title 21 offers regulatory guidance on:
Diving into each of these domains in depth is outside the scope of this article (you can review the full code yourself here), but we’ll want to pay special attention to three key documents that appear throughout the regulation, often called the three Ds.
In order to be in compliance with Part 820, you’ll need to focus on correctly developing and maintaining a Design History File (DHF), Device Master Record (DMR), and Device History Record (DHR). These documents are crucial for ensuring device regulatory compliance.
A DHF file documents the design and development processes of your medical device, such as user needs, risk assessments, and verification and validation protocols, among other requirements. You’ll need to develop this prior to gaining FDA approval to manufacture your device. This aligns with maintaining high medical device quality from the outset.
A DMR file builds off the DHF to document all the information needed to build, test, package, and maintain your device. It serves as a blueprint for manufacturing and is integral to your quality management QMS.
A DHR file contains the documentation related to the production history of your device. If you get audited, the auditor will likely compare the DHR to the DMR to see if the actual production matched the intended production. This ensures that regulatory requirements are consistently met during manufacturing.
ISO 13485 broadly maps to the requirements laid out in Part 820, in part because the FDA worked with the ISO to develop the standard. For example, the standard doesn’t require the creation of a DHR but does contain a clause relating to the “Planning of Product Realization,” which would effectively be satisfied by creating a DHR. Compliance with ISO 13485 is essential for companies looking to compete in international markets, ensuring that compliance medical device standards are universally met.
ISO 13485 provides guidance on the following aspects of medical device regulation:
Quality management systems
Management responsibilities
Resource management
Product realization
Measurement, analysis, and improvement
By meeting the requirements of Part 820, you’ll meet many of the requirements of the ISO 13485 standard as well. Although it costs a small fee, getting a copy of the standard is highly recommended: you can do so here.
Another important distinction between these two quality system frameworks is that Part 820 is a federal law, while the ISO 13485 is an optional standard. That means that your facility or your manufacturer’s facility can get certified in the standard, and individuals at your organization can get certified as ISO 13485 auditors. To ensure compliance, getting certified under ISO 13485 is well worth your time. Certification enhances your commitment to regulatory compliance and reinforces your quality management QMS.
But you’ll also want to consult with somebody who has experience with FDA audits. This could be a manufacturing consultant who has undergone an audit before, but ideally, this would be a former FDA auditor familiar with device regulatory processes.
Naturally, this can be a time-consuming and costly process. A more straightforward method would be to work with a contract manufacturer that has been audited before and has already received the ISO 13485 certification to avoid the costs associated with medical device regulation compliance. Partnering with such a manufacturer can streamline your path to compliance regulatory success.
If you choose to follow that route, you’ll want to make sure that you’re working with a reliable manufacturer. It can be difficult to trust a third party with manufacturing your devices, and any failed audits could disrupt your supply chain. Here are some questions on how you can vet a potential contract manufacturer. Ensuring they adhere to regulatory standards is paramount for maintaining patient safety and delivering safe effective products.
Ask to see their quality manual and quality procedures. Any compliant contract manufacturer will have their quality management policies documented in a quality manual as well as procedures for enforcing those policies. Review their manual and procedures to see if they meet medical device regulations and support your management QMS.
What are the contents of their DHF, DMR, and DHRs? As noted earlier, these documents are critical for remaining in compliance with FDA regulations. Being aware of the general contents of each will allow you to determine whether your contract manufacturer is adhering to the proper procedures. Since the actual documents for each customer are confidential, they will only be able to share general guidelines on what information they maintain.
Do they conduct process validations? How many steps are involved in their validation processes? Ask them to describe each step and provide one or two examples of their validation procedures. The results of process validation (or objectively confirming that your manufacturing processes meet your quality requirements) are based on medical device regulations. Solid procedures should allow you to gain confidence in their facility’s compliance and their commitment to maintaining high medical device quality.
Ask about their risk management approach. Your contract manufacturer should have adopted some risk management method. There are a variety of methods out there, but FMEA, or Failure Mode and Effects Analysis, is the preferred approach. In this method, an engineer reviews an entire system for the different ways it can fail (a failure mode) and its downstream effects. An FMEA should be conducted at regular intervals, such as every year, every time there is an engineering change order, every time a new machine is introduced, and so on. Effective risk management is crucial for ensuring safety effectiveness and complying with regulatory requirements.
Are they familiar with CAPA? If so, what method do they use to analyze a non-conforming event? CAPA refers to Corrective and Preventive Action and establishing a CAPA process is required by the FDA. When a non-conforming event occurs, such as a faulty medical device, manufacturers should start their pre-determined CAPA process to determine the root cause and address the problem. This process is essential for maintaining compliance medical standards and ensuring patient safety.
Have they passed an FDA audit? If so, how many nonconformities resulted? Since the FDA conducts random routine audits, not all manufacturers will have been audited. If they have been audited, ideally they will have passed the audit with zero nonconformities. This reflects their commitment to device regulatory compliance and adherence to regulatory standards.
Unfortunately, the real challenge of medical device regulations isn’t in understanding them—it’s in implementing them consistently, 100%, every time. People are going to rely on these devices for their health, and a faulty device can be extremely harmful. Ensuring that their devices work as intended is a serious responsibility for medical device manufacturers—a responsibility that regulatory bodies take equally seriously. This is why post market surveillance is crucial to monitor the devices after they are released.
This means that the recommended processes need to be followed as intended. When conducting an internal audit, for instance, manufacturers can’t merely conduct the audit on paper in order to technically meet the requirements; they need to actually assess their operations and processes. Genuine compliance safeguards patient safety and upholds the integrity of the product lifecycle.
It’s also important to ensure that all manufacturing personnel are fully trained to the regulations and in full compliance. Operators on the line can’t decide that a process really only requires eight steps when the documented process calls for 10. Adhering strictly to procedures ensures safety effectiveness and maintains medical device quality.
Medical device compliance requires personnel, time, money, training, and practice, but doing it right benefits everybody involved. Having all the proper systems in place and managed by qualified staff makes for quality products and successful audits, both of which will ensure continued production, more innovation, and that your devices consistently meet your customer’s needs. By embracing robust quality management QMS practices and adhering to regulatory compliance standards, you position your company for long-term success in the competitive medical device industry.
Sanbor Medical is committed to helping medical device OEMs navigate the complexities of compliance. With our FDA-registered and ISO 13485-certified facilities, we ensure that your products meet all regulatory requirements and standards. Learn more about how we can support your compliance needs and help you deliver safe, effective medical devices to the market.
