Regulatory Open Forum

Hello,

I'm interested in how others are addressing the MDR requirement for a strategy for regulatory compliance. Is this a high level approach that is embedded in your QMS and cross referenced in your quality manual, or do you need this strategy applied to and documented for a specific device or device family? If the latter, do you have a strategy document that is revised from design through product retirement?

Here are the text excerpts for reference:

This article suggested adding more information.

I'm familiar with regulatory strategies for commercialization of new products, and I am accustomed to this being integrated with the design control process. My initial thought is to include a strategy for regulatory compliance section in the QM that refers to the design control process and to change management procedures, at a minimum. But I could also envision a separate procedure for a strategy for regulatory compliance to be documented and revision controlled for each device family, from design through product retirement. Also for each country/region. Am I over-simplifying or over-thinking?

I appreciate any insights.

Thanks!
Marianne

------------------------------
Marianne Jacklyn
Principal Consultant
West Linn, OR
United States
------------------------------

Hi Marianne,

Many discussions I have had with people about this "strategy for regulatory compliance" and what this actually means.  Is it a document?  Is it a form, record, or procedure?  Does it get written once during development and never touched again?  Or more simply, just what does it look like?  Even myself have been thinking internally working through these questions about what this regulatory strategy for compliance means and also more importantly, how this is being perceived by the Notified Bodies who will be ultimately auditing you quality system and technical documentation reviewing this regulatory strategy for compliance.

Thus the question an auditor will typically ask is, 'Please show me your strategy for regulatory compliance concerning product X.'  Ok maybe not so much of question, but it will be an audit path companies will have to lead the auditor through.

For me (and this is my personal perspective) is when asked a question like this, the easiest way to answer is to indeed show a document - the objective evidence - as we know a document, procedure, or record is the easiest way to show auditors how compliance is being met.  When I think of a regulatory strategy plan this is maybe more in the design and development phase, in fact, typically in design inputs there is a "Regulatory Plan" created talking about what markets/countries will be achieved, regulatory classification, timelines on submission, additional regulatory needs like clinical trials, or specific performance testing.  This Regulatory Plan may only addresses pre-market activities, i.e. getting from design inputs to product launch into the different markets.

This "Strategy for Regulatory Compliance" is over the entire lifetime of the product, from birth to death.  So in that regard, you are absolutely correct this "document" for regulatory strategy for compliance should be from initial design controls all the way through to product retirement - meaning the product is completely off the market (which for durable equipment might be a long period of time).  For me this Strategy for Regulatory Compliance is a living, breathing document that should be reviewed, updated, lives, through the entire lifetime of the product.  I view it as the backbone or the spine of the product family.  So first, (again my perspective) there should be a procedure describing how to do this regulatory strategy, who does it, when is it done, how is it done - e.g. therefore having a procedure.  Then the next part is there is a Strategy for Regulatory Compliance "document" for each product family.  If your company has 3 Product Families, I would imagine having 3 Strategy documents - because going back to the auditor question would be the regulatory strategy for a product.  This also is a plan, but not a plan.  It is a strategy.  It includes many parts of planning, but is much more than that as well.  As mentioned in analogy, this is backbone or spine of the product family.  The DHF is the brain, and all the other parts like DMR, CER, RMF, Tech Doc, verification testing, validation testing, regulatory classification, UDI, registration changes, etc. are all the vertebrae or ribs from the backbone.  The Strategy for Regulatory Compliance ties all of this together.  Think of it as your "Cliff Notes" of your device product family.  Maybe it is a sort of index, reference document, or pointer document to where everything else is located.  But it can also be more.  So yes, I view this as a high-level document in your QMS that is linking everything together about your product from birth to death.  There is a reference to a Regulatory Status document talking about rationale for classification or needs for submission, references to risk management, references to Technical Documentation, and finally when a product is removed from market a reference to the End of Life document.

Finally, I know people have many different views of what this "strategy for regulatory compliance" looks like, but the person that is going to be reviewing is your Notified Body auditor/reviewer, so talk with them about it, understand what they believe it is, and then document appropriately.  Ultimately the question you are answering is how do you maintain the regulatory compliance for your product over the lifetime?  And then showing how this is accomplished.  Over the lifetime things change: design changes, supplier changes, standards change, indications for use change, even the intended purpose may change, state of the art, so how is this all reflected for you product family and how do you keep up to date supporting your product is still in compliance with all the regulatory requirements.

------------------------------
Richard Vincins RAC
Vice President Global Regulatory Affairs
------------------------------

Original Message:
Sent: 06-Jun-2020 20:16
From: Marianne Jacklyn
Subject: MDR Article 10 Strategy for Regulatory Compliance

Hello,

I'm interested in how others are addressing the MDR requirement for a strategy for regulatory compliance. Is this a high level approach that is embedded in your QMS and cross referenced in your quality manual, or do you need this strategy applied to and documented for a specific device or device family? If the latter, do you have a strategy document that is revised from design through product retirement?

Here are the text excerpts for reference:

Article 10, 9. 

…The quality management system shall address at least the following aspects:  

(a) a strategy for regulatory compliance, including compliance with conformity assessment procedures and procedures for management of modifications to the devices covered by the system; … 

Annex IX, Chapter 1, 2.2  

…Moreover, the documentation to be submitted for the assessment of the quality management system shall include an adequate description of, in particular:  … 

(c) the procedures and techniques for monitoring, verifying, validating and controlling the design of the devices and the corresponding documentation as well as the data and records arising from those procedures and techniques. Those procedures and techniques shall specifically cover:  

- the strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, choice of and compliance with conformity assessment procedures, …. 

This article suggested adding more information.

I'm familiar with regulatory strategies for commercialization of new products, and I am accustomed to this being integrated with the design control process. My initial thought is to include a strategy for regulatory compliance section in the QM that refers to the design control process and to change management procedures, at a minimum. But I could also envision a separate procedure for a strategy for regulatory compliance to be documented and revision controlled for each device family, from design through product retirement. Also for each country/region. Am I over-simplifying or over-thinking?

I appreciate any insights.

Thanks!
Marianne

------------------------------
Marianne Jacklyn
Principal Consultant
West Linn, OR
United States
------------------------------

When addressing anything in Article 10, I recommend starting with CEN/TR 17223:2016. It maps each requirement to the conformity assessment annexes and to the corresponding clauses in ISO 13485:2016. It also explains whether ISO 13485:2016 covers the Article 10 requirement.

I think that when CEN standardizes ISO 13485:2016 to the regulations the EU version will include the items from CEN/TR 17223:2016.

Art. 10(9)(a) goes to Annex IX, Chapter 1, 2.2 paragraph 2 c) indent 1 as well as ISO 13485:2016 clauses 4.1.1 and 7.3.9.

I recommend writing one QMS procedure that is your regulatory strategy. In your Annex IX application to the Notified Body, reference the procedure. If you are not doing Annex IX, you still need the procedure.

This procedure applies to the QMS only, it is not device specific.

The Annex IX reference says:
The procedures and techniques for monitoring, verifying, validating, and controlling the design of the devices and the corresponding documentation as well as the data and records arising from those procedures and techniques. Those procedures and techniques shall specifically cover the strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, and choice of and compliance with conformity assessment procedures.

The ISO 13485:2016 references are:
4.1.1 doesn't have a section title, but deals with establishing a QMS, identifying regulatory requirements, and documenting roles
7.3.9 Control of design and development changes

CEN/TR 17223:2016 then says that ISO 13485:2016 partially covers the requirement, "[ISO 13485:2016] requires that the organization identifies applicable regulatory requirements and incorporates them in their quality management system. An explicit requirement for a documented regulatory strategy is not included. Control of design and development changes is explicitly specified."

Write one QMS procedure for the regulatory strategy. It should include the Annex IX information and the ISO 13485:2016 information. I anticipate that you have procedures that cover some of these areas, so point to them instead of have similar information in two places.

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

Original Message:
Sent: 06-Jun-2020 20:16
From: Marianne Jacklyn
Subject: MDR Article 10 Strategy for Regulatory Compliance

Hello,

I'm interested in how others are addressing the MDR requirement for a strategy for regulatory compliance. Is this a high level approach that is embedded in your QMS and cross referenced in your quality manual, or do you need this strategy applied to and documented for a specific device or device family? If the latter, do you have a strategy document that is revised from design through product retirement?

Here are the text excerpts for reference:

Article 10, 9. 

…The quality management system shall address at least the following aspects:  

(a) a strategy for regulatory compliance, including compliance with conformity assessment procedures and procedures for management of modifications to the devices covered by the system; … 

Annex IX, Chapter 1, 2.2  

…Moreover, the documentation to be submitted for the assessment of the quality management system shall include an adequate description of, in particular:  … 

(c) the procedures and techniques for monitoring, verifying, validating and controlling the design of the devices and the corresponding documentation as well as the data and records arising from those procedures and techniques. Those procedures and techniques shall specifically cover:  

- the strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, choice of and compliance with conformity assessment procedures, …. 

This article suggested adding more information.

I'm familiar with regulatory strategies for commercialization of new products, and I am accustomed to this being integrated with the design control process. My initial thought is to include a strategy for regulatory compliance section in the QM that refers to the design control process and to change management procedures, at a minimum. But I could also envision a separate procedure for a strategy for regulatory compliance to be documented and revision controlled for each device family, from design through product retirement. Also for each country/region. Am I over-simplifying or over-thinking?

I appreciate any insights.

Thanks!
Marianne

------------------------------
Marianne Jacklyn
Principal Consultant
West Linn, OR
United States
------------------------------

@Dan O'Leary, @Richard Vincins, thank you both for your responses, they are very helpful. ​​A follow up question - would the procedure be specific to EU MDR compliance or have you seen it applied more broadly to address other regions' requirements? I would expect the objective evidence to be region/regulatory authority specific or it becomes unwieldy, but how about the procedure?

------------------------------
Marianne Jacklyn
Principal Consultant
West Linn OR
United States
------------------------------

Original Message:
Sent: 07-Jun-2020 09:05
From: Dan O'Leary
Subject: MDR Article 10 Strategy for Regulatory Compliance

When addressing anything in Article 10, I recommend starting with CEN/TR 17223:2016. It maps each requirement to the conformity assessment annexes and to the corresponding clauses in ISO 13485:2016. It also explains whether ISO 13485:2016 covers the Article 10 requirement.

I think that when CEN standardizes ISO 13485:2016 to the regulations the EU version will include the items from CEN/TR 17223:2016.

Art. 10(9)(a) goes to Annex IX, Chapter 1, 2.2 paragraph 2 c) indent 1 as well as ISO 13485:2016 clauses 4.1.1 and 7.3.9.

I recommend writing one QMS procedure that is your regulatory strategy. In your Annex IX application to the Notified Body, reference the procedure. If you are not doing Annex IX, you still need the procedure.

This procedure applies to the QMS only, it is not device specific.

The Annex IX reference says:
The procedures and techniques for monitoring, verifying, validating, and controlling the design of the devices and the corresponding documentation as well as the data and records arising from those procedures and techniques. Those procedures and techniques shall specifically cover the strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, and choice of and compliance with conformity assessment procedures.

The ISO 13485:2016 references are:
4.1.1 doesn't have a section title, but deals with establishing a QMS, identifying regulatory requirements, and documenting roles
7.3.9 Control of design and development changes

CEN/TR 17223:2016 then says that ISO 13485:2016 partially covers the requirement, "[ISO 13485:2016] requires that the organization identifies applicable regulatory requirements and incorporates them in their quality management system. An explicit requirement for a documented regulatory strategy is not included. Control of design and development changes is explicitly specified."

Write one QMS procedure for the regulatory strategy. It should include the Annex IX information and the ISO 13485:2016 information. I anticipate that you have procedures that cover some of these areas, so point to them instead of have similar information in two places.

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States

Original Message:
Sent: 06-Jun-2020 20:16
From: Marianne Jacklyn
Subject: MDR Article 10 Strategy for Regulatory Compliance

Hello,

I'm interested in how others are addressing the MDR requirement for a strategy for regulatory compliance. Is this a high level approach that is embedded in your QMS and cross referenced in your quality manual, or do you need this strategy applied to and documented for a specific device or device family? If the latter, do you have a strategy document that is revised from design through product retirement?

Here are the text excerpts for reference:

Article 10, 9. 

…The quality management system shall address at least the following aspects:  

(a) a strategy for regulatory compliance, including compliance with conformity assessment procedures and procedures for management of modifications to the devices covered by the system; … 

Annex IX, Chapter 1, 2.2  

…Moreover, the documentation to be submitted for the assessment of the quality management system shall include an adequate description of, in particular:  … 

(c) the procedures and techniques for monitoring, verifying, validating and controlling the design of the devices and the corresponding documentation as well as the data and records arising from those procedures and techniques. Those procedures and techniques shall specifically cover:  

- the strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, choice of and compliance with conformity assessment procedures, …. 

This article suggested adding more information.

I'm familiar with regulatory strategies for commercialization of new products, and I am accustomed to this being integrated with the design control process. My initial thought is to include a strategy for regulatory compliance section in the QM that refers to the design control process and to change management procedures, at a minimum. But I could also envision a separate procedure for a strategy for regulatory compliance to be documented and revision controlled for each device family, from design through product retirement. Also for each country/region. Am I over-simplifying or over-thinking?

I appreciate any insights.

Thanks!
Marianne

------------------------------
Marianne Jacklyn
Principal Consultant
West Linn, OR
United States
------------------------------

Following ISO 13485:2016, you have identified all the regulatory regions for your devices, your company's role in each regulatory region, and the requirements for each combination of roles and requirements. In addition, you have implemented processes for each requirement.

The EU-MDR adds a requirement for an overarching regulatory strategy. You could implement it as an EU specific stand-alone procedure or write a larger scale procedure.

I would create the larger scale procedure to avoid having an "outlier" that applies to only one regulatory region. Don't make it complex; point to the procedures you already have. Also, define the terms broadly. For example, in the EU you would classify the device and then pick some combination of conformity assessments Annexes. In the US, you would classify the device and then pick some conformity assessment method allowed by the law and the classification regulations. They are examples of conformity assessment, so write a broad definition.

Similarly, I infer you have a procedure to evaluate each design change and the need to bring it to the attention of the regulator (FDA, NB, etc.)

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

Original Message:
Sent: 07-Jun-2020 11:10
From: Marianne Jacklyn
Subject: MDR Article 10 Strategy for Regulatory Compliance

@Dan O'Leary, @Richard Vincins, thank you both for your responses, they are very helpful. ​​A follow up question - would the procedure be specific to EU MDR compliance or have you seen it applied more broadly to address other regions' requirements? I would expect the objective evidence to be region/regulatory authority specific or it becomes unwieldy, but how about the procedure?

------------------------------
Marianne Jacklyn
Principal Consultant
West Linn OR
United States

Original Message:
Sent: 07-Jun-2020 09:05
From: Dan O'Leary
Subject: MDR Article 10 Strategy for Regulatory Compliance

When addressing anything in Article 10, I recommend starting with CEN/TR 17223:2016. It maps each requirement to the conformity assessment annexes and to the corresponding clauses in ISO 13485:2016. It also explains whether ISO 13485:2016 covers the Article 10 requirement.

I think that when CEN standardizes ISO 13485:2016 to the regulations the EU version will include the items from CEN/TR 17223:2016.

Art. 10(9)(a) goes to Annex IX, Chapter 1, 2.2 paragraph 2 c) indent 1 as well as ISO 13485:2016 clauses 4.1.1 and 7.3.9.

I recommend writing one QMS procedure that is your regulatory strategy. In your Annex IX application to the Notified Body, reference the procedure. If you are not doing Annex IX, you still need the procedure.

This procedure applies to the QMS only, it is not device specific.

The Annex IX reference says:
The procedures and techniques for monitoring, verifying, validating, and controlling the design of the devices and the corresponding documentation as well as the data and records arising from those procedures and techniques. Those procedures and techniques shall specifically cover the strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, and choice of and compliance with conformity assessment procedures.

The ISO 13485:2016 references are:
4.1.1 doesn't have a section title, but deals with establishing a QMS, identifying regulatory requirements, and documenting roles
7.3.9 Control of design and development changes

CEN/TR 17223:2016 then says that ISO 13485:2016 partially covers the requirement, "[ISO 13485:2016] requires that the organization identifies applicable regulatory requirements and incorporates them in their quality management system. An explicit requirement for a documented regulatory strategy is not included. Control of design and development changes is explicitly specified."

Write one QMS procedure for the regulatory strategy. It should include the Annex IX information and the ISO 13485:2016 information. I anticipate that you have procedures that cover some of these areas, so point to them instead of have similar information in two places.

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States

Original Message:
Sent: 06-Jun-2020 20:16
From: Marianne Jacklyn
Subject: MDR Article 10 Strategy for Regulatory Compliance

Hello,

I'm interested in how others are addressing the MDR requirement for a strategy for regulatory compliance. Is this a high level approach that is embedded in your QMS and cross referenced in your quality manual, or do you need this strategy applied to and documented for a specific device or device family? If the latter, do you have a strategy document that is revised from design through product retirement?

Here are the text excerpts for reference:

Article 10, 9. 

…The quality management system shall address at least the following aspects:  

(a) a strategy for regulatory compliance, including compliance with conformity assessment procedures and procedures for management of modifications to the devices covered by the system; … 

Annex IX, Chapter 1, 2.2  

…Moreover, the documentation to be submitted for the assessment of the quality management system shall include an adequate description of, in particular:  … 

(c) the procedures and techniques for monitoring, verifying, validating and controlling the design of the devices and the corresponding documentation as well as the data and records arising from those procedures and techniques. Those procedures and techniques shall specifically cover:  

- the strategy for regulatory compliance, including processes for identification of relevant legal requirements, qualification, classification, handling of equivalence, choice of and compliance with conformity assessment procedures, …. 

This article suggested adding more information.

I'm familiar with regulatory strategies for commercialization of new products, and I am accustomed to this being integrated with the design control process. My initial thought is to include a strategy for regulatory compliance section in the QM that refers to the design control process and to change management procedures, at a minimum. But I could also envision a separate procedure for a strategy for regulatory compliance to be documented and revision controlled for each device family, from design through product retirement. Also for each country/region. Am I over-simplifying or over-thinking?

I appreciate any insights.

Thanks!
Marianne

------------------------------
Marianne Jacklyn
Principal Consultant
West Linn, OR
United States
------------------------------