Regulatory Open Forum

 View Only

  • 1.  Process for standards change management

    Posted 31-Dec-2018 16:40

    Happy New Year Regulatory people!   As I'm getting ready to dive back into work later this week after the holidays, I need your input on change management for device standards.

    After having spent the better part of the last 20 years working for large device companies with oodles of resources, systems, and processes, I am now with a very small company with few resources, so I'm the lucky person responsible for standards compliance and maintenance.  

    Here's my problem...  My team of standards "users" consists mostly of staff with little to no prior medical device experience, thus little to no practical experience in the use of standards.   While I provide general training and guidance, I need the designated SMEs to become responsible for analysis and implementation of the technical aspects of their assigned standards.  For example, the standards management SOP that I inherited when I joined the company requires that a clause-by-clause gap analysis be documented for all new standards and all revisions.  IMO this is complete overkill and neither practical nor sustainable considering the other multiple hats each member of the team wears on a daily basis, so this is something I'd like to streamline and simplify in order to achieve and maintain SOP compliance. 

    What I REALLY need are suggestions as to HOW to best manage changes to existing standards that apply to our devices.  I'd love to be able to get my hands on anything – a process flow, checklist, SOP (really, anything would help) that provides some structure and guidance for the SMEs with respect to both new and revised standards, criteria for when a full gap analysis would be warranted, best practices for documenting compliance to a standards, etc.   While I do have some content of my own, I'd really like to incorporate recommendations that are proven to work.  I'm also conducting a deep dive into the user features of the IHS Engineering Workbench to see what could be utilized by the SMEs to document their analysis of the standards outside of our paper-based QS. 

    Any info and/or advice you can share would be immensely appreciated. 

    Thanks!

    Tina



    ------------------------------
    Tina O'Brien RAC, MS
    Director of Regulatory Affairs
    Airport Oaks
    New Zealand
    ------------------------------


  • 2.  RE: Process for standards change management

    Posted 06-Jan-2019 14:27
    Happy New Year!

    I don't have answers, but I think you're asking the right questions.

    You need the SMEs to learn to trust their judgment... When a change has minimal impact, they can document a high-level assessment to that effect in just a couple sentences. When a change is truly significant, they're likely to recognize it, and that's when a point-by-point gap assessment will be worth the effort.​

    ------------------------------
    Anne LeBlanc
    Manager, Regulatory Affairs
    United States
    ------------------------------

    Original Message


  • 3.  RE: Process for standards change management

    Posted 06-Jan-2019 18:33
    ​Happy New Year to you too!   

    Tina, in line with your post, my comments below are targeted at a small device organization with few SMEs wearing multiple hats and having little experience in the use of standards.  

    If your company does not currently maintain a standards matrix that identifies all standards referenced in your technical documentation, that may be a good place to start. Identifying the relevant standards (horizontal and vertical - by industry sector or product, compliance area, specific requirements, etc) by dated version would be the first step in monitoring the sub-set of active standards, and tracking changes as and when the standard is amended.   The EU Essential Requirements Checklist (or TGA/ IMDRF Essential Principles Checklist) would probably identify most frequently used standards, including any particular harmonized standards, that should certainly be monitored routinely, and would possibly require documentation of the clause-by-clause analysis you mention. Another resource for the USA would be the standards cited relevant to your Product Code and/or Specialty Task Group Area from the FDA Recognized Consensus Standards database. Other standards used for demonstrating your products' compliance with particular requirements or test methods (e.g. IEC 62366 or IEC 82304 or UL 94) may also require the same level of clause-by-clause scrutiny, but the large remainder of standards referenced may require only a periodic and high level review to determine if the changes would affect aspects of your product requirements (e.g. packaging to ISTA standards). In short, a risk-based approach to determine the effect of changes to standards on product safety and performance would help establish broad criteria for a practical and sustainable effort, depending on the product range, risk classification, market requirements, etc..

    Since most standards are voluntary anyway, in demonstrating compliance the organization should consider the risks involved and commit to the least burdensome effort needed to ensure on-going product safety and performance.
     
    Regarding a specific structure or checklist to serve as a guide in this exercise, because of the huge diversity of medical devices and the specific product range on offer from your organization, it may not be very useful to adopt an existing SOP from another organization. Better to base your internal procedures on your specific requirements, adopting a risk based approach and following best practices in risk management during the product life cycle, and especially when effecting changes.


    ------------------------------
    Homi Dalal RAC
    Regulatory Affairs Leader
    Christchurch
    New Zealand
    ------------------------------

    Original Message


  • 4.  RE: Process for standards change management

    Posted 06-Jan-2019 20:18
    Thanks Homi!  We have identified all applicable standards and have them organized in our IHS online subscription. 

    My question is focused on managing changes to those standards.  How do other organizations document assessment of changes - e. g. recent updates with the 10993 series. If these changes impact  existing internal procedures, how do you ensure and document that those updates have been properly Incorporated?  Who is ultimately responsible for ensuring this has been done?

    ------------------------------
    Tina O'Brien RAC, MS
    Director of Regulatory Affairs
    Airport Oaks
    New Zealand
    ------------------------------

    Original Message


  • 5.  RE: Process for standards change management

    Posted 07-Jan-2019 06:02
    Edited by Richard Vincins 07-Jan-2019 06:04
    Hello Tina,

    You have definitely good question asking there that I get asked all of the time from smaller organisations with limited resources.  You are already one step above having an online subscription with a company like IHS to at least know when changes occur.  So many companies even struggle with knowing when changes occur that I go into an audit of a facility and ask them why they are not following the 2016 version of the standard when it is well into 2018.  They say: 'There is a 2016 version?!?'  Sigh.

    Honestly, I am not sure there is enough space here to write all of the solutions as there are a myriad of different ways that can be done.  Because unfortunately it does also differ between the standards which are applied.  For example, assessing changes to say IEC 60601 standard for electrical and electronic devices is completely different from assessing changes to say ISO 11135 for EO sterilisation.  I agree with Homi that you should take a risk-based approach to support in your statement that going through standards clause by clause can be quite burdensome.  Some standards also just have corrigendums that correct references, correct grammatical, or clarify sentences - it does not change anything about the requirements themselves.  Even Amendments to standards sometimes do nothing more than clarify and do not add any new requirements.

    So with that said, I have used different models in the past depending on the standard, depending on the "expertise" of the individuals in the company, depending on the product type, depending on resource availability like having internal regulatory support or external regulatory support, etc.  For smaller organisations what I found using say a simple tabular list that has only the aspects that have changed, old standard text, new standard text, a risk assessment statement, review needed of previous products? verification needed? validation/re-validation needed? etc etc.  Finally there should be some overall statements either in some paragraphs or bullet list of how the change to standard has impacted the product and quality system.  Some changes might be very straightforward, yet others like when IEC 60601-1-2 changed to 4th Edition there were many companies with electromechnical devices that had to perform a large assessment of the change.

    And who should be responsible ... depends on the company maybe it is the quality/regulatory responsible person.  However, I always tried to use a cross-functional team approach even when you had 2 or 3 people wearing multiple hats.  I would describe their role, what they are responsible for, and have some acceptance/approval from them documented on their assessment.

    ------------------------------
    Richard Vincins RAC
    Vice President Global Regulatory Affairs
    ------------------------------

    Original Message


  • 6.  RE: Process for standards change management

    Posted 07-Jan-2019 09:28
    There are several services that will provide you with the redlines to the documents when they provide the updated version.  I have asked staff to review the redlines and respond to those specifically if they affect product compliance.  I then provide a template on how to look at each section and determine if yes/no you are still in compliance.

    ------------------------------
    Elizabeth Peterson
    Regulatory and Compliance Manager
    Gainesville FL
    ------------------------------

    Original Message


  • 7.  RE: Process for standards change management

    This message was posted by a user wishing to remain anonymous
    Posted 08-Jan-2019 09:44
    This message was posted by a user wishing to remain anonymous

    ​Hi Tina,

    I can certainly appreciate your question as this is something that I have struggled with over the years in working with small, limited resource companies.  The question is not how to become notified of changes, as there are many companies who will provide this service, but rather how to evaluate the ramifications and implement the changes into existing processes, or legacy devices.  In my current company, Regulatory is the keeper of the standards, but it is the responsibility of the SME to conduct a gap assessment and implement the necessary changes (or justification for not doing so).  Regulatory receives notification of change from our standards provider and will notify Doc Control and the SME of the change so that the masterlist can be updated and the gap assessment can be performed.  However, it recently became apparent that the loop on these gap assessments was not adequately not being closed, so we are currently reviewing this process.  One possibility is to create a CR when a new/revised standards is posted which would not be closed until the gap assessment is complete and the masterlist is duly updated.  Any other suggestions for monitoring gap assessments and closing this loop would be very much appreciated.
    Original Message


  • 8.  RE: Process for standards change management

    Posted 09-Jan-2019 06:31
    Tina dealing with people not fully trained is always challenging. In order to give them guidance in my opinion a tool kit of possible changes with its categorization such as critical, Major, minor would help. You can use permutations and combinations of most likely changes and attribute severity against each of these based on its impact to the device and its performance. High severity goes as critical change, medium as major and low as minor. You can then put validation rules against those such as critical - full validation, Major- partial and minor - simple verification or review. Ofcourse there can be an exception to these. But creating this stepwise approach helps!
    In permutations and combination of events you can take few common regulatory changes and few common design changes and then create the list by marrying those.





    ------------------------------
    Rashida Najmi, Sr VP
    Quality, Regulatory and Pharmacovigilance
    Piramal Enterprises Ltd
    Bethlehem PA
    USA
    ------------------------------

    Original Message


  • 9.  RE: Process for standards change management

    This message was posted by a user wishing to remain anonymous
    Posted 10-Jan-2019 12:12
    This message was posted by a user wishing to remain anonymous

    ​My company utilizes our CR system to track external standard changes.  When there is a change, we obtain a redline from our standards management service provider.  The SME and small team, if needed, review for relevance to our internal processes using the risk based thought process mentioned.  These CR's can sometimes be open for quite a while, but its quite easy to track the work and to show regulators why/how we determined relevance or not.  We categorize the CR as "external standard" and these have different rules for due dates, etc. The CR can either have SOP's that require change within it, or we can reference the CR number in the SOP change requests.
    Original Message


Related Content