Regulatory Open Forum

 View Only
  • 1.  Sharing of critical supplier's technical file information between Notified Body and Regulatory Authority, instead of directly with the Legal Manufacturer

    This message was posted by a user wishing to remain anonymous
    Posted 12-Apr-2024 13:21
    This message was posted by a user wishing to remain anonymous

    Hi all,

    I would like to ask if you have experience with situations where during the development phase a critical supplier or sub-contractor of a a finished component which represents a part of your class III device, requires  to not share the technical file or part of it directly with the legal manufacturer (so to protect confidential information), but only through their Notified Body (so the legal manufacture would be oblige in that case to use the same Notified Body of the critical supplier) or through the regulatory Authority (i.e. FDA). Do you know if this is a regulatory scenario accepted by Notified Bodies and by the main regulatory Agencies, such FDA? If yes, do you have experience about a minimum level if information the Legal manufacture must have access to to be able to release its device on the market and to get the CE mark and regulatory authorization? I don't have such experience but it seems to me very risky and difficult to set up a process where the legal manufacture can demonstrate control over the entire process.

    Looking forward to hearing any your comments, experience and opinion.

    Best



  • 2.  RE: Sharing of critical supplier's technical file information between Notified Body and Regulatory Authority, instead of directly with the Legal Manufacturer

    Posted 13-Apr-2024 07:08

    For US FDA, this can be accomplished via master files (Master Access File, or MAF), here is the FDA webpage for details: https://www.fda.gov/medical-devices/premarket-submissions-selecting-and-preparing-correct-submission/device-master-files

    This is a relatively common way of submitting information in the US when a third party is involved and is primarily designed to protect proprietary information, although it can also facilitate information that may be shared across product applications.

    For EU NBs, you'd have to check with your specifically to see if there is any mechanism that they have available as there is no standard method, however I'm aware that some allow something like this, either via sending information directly to the NB or at the time of audit for the critical supplier.



    ------------------------------
    Jonathan Amaya-Hodges
    Director, Technical Services
    Suttons Creek, Inc.
    United States
    jamaya-hodges@suttonscreek.com
    ------------------------------



  • 3.  RE: Sharing of critical supplier's technical file information between Notified Body and Regulatory Authority, instead of directly with the Legal Manufacturer

    Posted 15-Apr-2024 02:29

    Hello Anon,

    As Jonathan indicated, there is a formal process with the US FDA.  You have to check with each individual Notified Body.  The EU side might be challenging because I know of companies even not willing to send to a Notified Body because they are not truly a regulatory agency.  There is no definition for the minimum amount of information, though there needs to be sufficient detailed information for the regulatory reviewer.  FDA's process gives some context for the content and amount, it should be detailed enough explaining - and the supplier can be assured it is kept confidential in the US FDA process.



    ------------------------------
    Richard Vincins ASQ-CQA, MTOPRA, RAC
    Principal Strategy Consultant
    NAMSA
    ------------------------------



  • 4.  RE: Sharing of critical supplier's technical file information between Notified Body and Regulatory Authority, instead of directly with the Legal Manufacturer

    This message was posted by a user wishing to remain anonymous
    Posted 16-Apr-2024 09:11
    This message was posted by a user wishing to remain anonymous

    Many thanks Jonathan and Richard! that was very helpful. Do you know also where I can find some details about manufacturing information FDA requires to be part of a PMA application?

    thanks!




  • 5.  RE: Sharing of critical supplier's technical file information between Notified Body and Regulatory Authority, instead of directly with the Legal Manufacturer

    Posted 16-Apr-2024 11:58

    I'd recommend starting with CDRHLearn content on PMAs, look under the How to Study and Market Your Device section.

    Also check out FDA's PMA webpage for the most comprehensive information. 

    However, note that PMAs are notoriously complex, so if you're organization does not have prior experience I'd highly recommend engaging a consultant with relevant expertise. 

    Best of luck!



    ------------------------------
    Jonathan Amaya-Hodges
    Director, Technical Services
    Suttons Creek, Inc.
    United States
    jamaya-hodges@suttonscreek.com
    ------------------------------



  • 6.  RE: Sharing of critical supplier's technical file information between Notified Body and Regulatory Authority, instead of directly with the Legal Manufacturer

    Posted 16-Apr-2024 10:06

    Hi Anon,

    as Jonathan and Richard say for the US FDA this should work via master files and there is no comparable formal way for the EU.

    Some additional thoughts on the EU side as I see it:

    The procedure of sharing the information with a third party (be it a notified body or an authority) for review in my opinion does not work with the conformity assessment concept of the EU that places the responsibility for the assessment on the manufacturer. This results e.g. in the requirement to include all specifications and information on manufacturing processes for your device into your Technical Documentation in accordance with Annex II. How much information is needed and sufficient for you as the manufacturer to prove conformity with the requirements is something you need to define and justify. If you can say with sufficient confidence that you have a suitable specification in place for the finished component you buy, that you can e.g. check by incoming inspections and can ensure via quality agreements and supplier audits, then access to all details and the full manufacturing process is not necessarily required. If you come to the conclusion that access to the detailed information is absolutely necessary to prove compliance with Annex I requirements, then in my opinion there is no way around that.

    This cannot be solved by having the notified body (or any other third party for that matter) take over the manufacturer's responsibilities for conformity assessment. The notified body participates in the procedure and checks the evaluation of the manufacturer, but they do not perform the evaluation in place of the manufacturer.

    How this can be achieved for an individual case depends a lot on the details and will probably lead to longer discussions with the notified body.

    Best regards, Christoph



    ------------------------------
    Christoph Kiesselbach
    Schrack & Partner
    Reutlingen
    Germany
    ------------------------------