Regulatory Open Forum

This message was posted by a user wishing to remain anonymous

​​Hi all,

I have been doing Regulatory Affairs for decades, and never had to consider this new challenge I am facing... Just started a new job, and our company (Company A) is starting a new project, where all the design and development activities will be done by another company (Company B). We (Company A) will be the legal manufacturer (our name on the products, we do the registration, we do the complaints / adverse events and post market activities), so I am anticipating we will have to own at minimum the risk management file associated with the product, but I am struggling to make my opinion regarding which level of documentation we should obtain from the Company B (we can have it all, we are drafting the contract now, but do we have to?).

For example, they will do the design reviews, the V&V activities, the FMEAs, etc (both Company A and Company B are ISO 13485 certified)... so do we need to own these? Or simply integrate these documents as external documents in our QMS?

Any guidance or idea on how to start structuring my train of thought would be really helpful!

Thank you.

F

Hello,

There are couple different ways that you could manage this that will try to have short summary below.

- At a minimum: Company A must have permanent access to design history file and development records (DHF) from Company B
- Company A has continuous access to DHF, but rely on Company B maintaining everything
- Company A maintains Company B DHF info as "external documentation" so a complete copy is at Company A
- Company A has Company B maintain the records and Company A generates a "skeleton" DHF referencing back to Company B documentation, i.e. a development plan, product specification, and final design review

As you can see there are some different ways that you can manage this, but there are 2 key parts: 1) Company A must have DHF files or permanent access to those files and 2) a contract must be in place to establish roles, responsibilities, record retention, etc.  Each company is a bit different, design control activities can be different, and product risk classification is different, so have to determine what is most suitable for your organisation.

------------------------------
Richard Vincins RAC
Vice President Regulatory Affairs
------------------------------

Original Message:
Sent: 19-Jul-2018 01:10
From: Anonymous Member
Subject: Outsourcing entire design process

This message was posted by a user wishing to remain anonymous

​​Hi all,

I have been doing Regulatory Affairs for decades, and never had to consider this new challenge I am facing... Just started a new job, and our company (Company A) is starting a new project, where all the design and development activities will be done by another company (Company B). We (Company A) will be the legal manufacturer (our name on the products, we do the registration, we do the complaints / adverse events and post market activities), so I am anticipating we will have to own at minimum the risk management file associated with the product, but I am struggling to make my opinion regarding which level of documentation we should obtain from the Company B (we can have it all, we are drafting the contract now, but do we have to?).

For example, they will do the design reviews, the V&V activities, the FMEAs, etc (both Company A and Company B are ISO 13485 certified)... so do we need to own these? Or simply integrate these documents as external documents in our QMS?

Any guidance or idea on how to start structuring my train of thought would be really helpful!

Thank you.

F

Versions of this are becoming more common, so I doubt you are the only one struggling with it. Much depends on your individual business and how much oversight you need to be comfortable being "accountable" as the legal manufacturer. At a minimum, I'd suggest you at least review and have "on demand" access to the deliverables of the DHF and DMR. If you have expertise to do so, you should also ask to be involved in design reviews and design validation (make sure it will work for your customer). As a note, because their deliverable structure may be different, you may have to do a little work to "trace" the DMR/DHF. Keep this trace matrix in your files somewhere.

Beyond this, look at your quality system. It may well require (at least currently) that you get copies of all the documents and release in your system. If so, you will either need to do so or change the system. You will also need a Quality Agreement with the other company spelling out who is responsible for what aspects of 21CFR820,803 etc. They should want this as well as you - especially if you are taking on the post market work.

Finally, I'd really suggest you put together a Quality Plan (or call it a Development Plan if that resonates better in your company). THis plan should describe in detail how you will with each aspect of design controls (etc) for this project. What level of review you will have (audit, sign off, copies?) for each, who will do it etc. Pay particular attention to the design transfer section - which will be critical when handing off from a design firm.

I've done this a couple times, and with proper planning it does work.

g-

------------------------------
Ginger Glaser RAC
Chief Technology Officer
MN
------------------------------

Original Message:
Sent: 19-Jul-2018 01:10
From: Anonymous Member
Subject: Outsourcing entire design process

This message was posted by a user wishing to remain anonymous

​​Hi all,

I have been doing Regulatory Affairs for decades, and never had to consider this new challenge I am facing... Just started a new job, and our company (Company A) is starting a new project, where all the design and development activities will be done by another company (Company B). We (Company A) will be the legal manufacturer (our name on the products, we do the registration, we do the complaints / adverse events and post market activities), so I am anticipating we will have to own at minimum the risk management file associated with the product, but I am struggling to make my opinion regarding which level of documentation we should obtain from the Company B (we can have it all, we are drafting the contract now, but do we have to?).

For example, they will do the design reviews, the V&V activities, the FMEAs, etc (both Company A and Company B are ISO 13485 certified)... so do we need to own these? Or simply integrate these documents as external documents in our QMS?

Any guidance or idea on how to start structuring my train of thought would be really helpful!

Thank you.

F

This message was posted by a user wishing to remain anonymous

​​Ginger, Richard, many thanks for your answers. This totally makes sense and confirm I am on the right track. Just what I needed!

Thanks for your contribution to this community.

Cheers

F
Original Message:
Sent: 19-Jul-2018 01:10
From: Anonymous Member
Subject: Outsourcing entire design process

This message was posted by a user wishing to remain anonymous

​​Hi all,

I have been doing Regulatory Affairs for decades, and never had to consider this new challenge I am facing... Just started a new job, and our company (Company A) is starting a new project, where all the design and development activities will be done by another company (Company B). We (Company A) will be the legal manufacturer (our name on the products, we do the registration, we do the complaints / adverse events and post market activities), so I am anticipating we will have to own at minimum the risk management file associated with the product, but I am struggling to make my opinion regarding which level of documentation we should obtain from the Company B (we can have it all, we are drafting the contract now, but do we have to?).

For example, they will do the design reviews, the V&V activities, the FMEAs, etc (both Company A and Company B are ISO 13485 certified)... so do we need to own these? Or simply integrate these documents as external documents in our QMS?

Any guidance or idea on how to start structuring my train of thought would be really helpful!

Thank you.

F