Insights & Intelligence for Regulatory Leaders

For many medtech companies, structured, post-market surveillance reporting requirements are a new component of a product’s regulatory lifecycle. The EU MDR/IVDR regulations introduced a host of new post-market surveillance requirements for medical devices and in vitro diagnostics made available for sale in the EU—including regular summary reporting to be recorded within the device technical file or submitted directly to Notified Bodies. This article provides a brief background of Periodic Safety Update Reports (PSUR), the types of products which they’re applicable to, and what content is typically included in a PSUR.

What is a PSUR?

The Periodic Safety Update Report or PSUR is not a new term, at least to the pharmaceutical community. The industry has been operating with regulations related to PSUR for some time. But for the medical device and IVD community, it’s a new requirement that stems from EU Regulations MDR 2017/745 (article 86) and IVDR 2017/746 (article 82). A PSUR is basically a report summarizing critical actions and conclusions derived from post-market surveillance data of a medical or in vitro diagnostic device. All associated preventive and corrective actions should be documented throughout the lifetime of the device, even if the product is no longer on the market.

The introduction of the PSUR under the MDR and IVDR requires a more consistent, standardized, and systematic review of all Post Market Surveillance (PMS) data by medical and IVD device manufacturers. The PSUR is meant to summarize the results and conclusions of the analysis of the post-market surveillance data that has been gathered, resulting from the activities detailed in either the Post-Market Surveillance Plan (PMSP). In addition, any rationale and description of any preventive and corrective actions taken for safety reasons should be included.

The PSUR is for specific classes of medical and IVD devices, as per the table below:

Note: a European competent authority or Notified Body can request your PMSR or PSUR at any given time.‍

What is the purpose of a PSUR?

The purpose of a PSUR is for manufacturers to demonstrate with objective evidence that they have designed and deployed a Post-Market Surveillance system which uses data to drive action within their Quality Management System and ensure the continued safety, performance, and efficacy of their devices. It’s intended for moderate and high-risk devices (MD Class IIa, IIb, III: IVD Class C and D) and provides a detailed summary of results and conclusions derived from the PMS data.‍

What’s included in a PSUR?

Medical device and IVD manufacturers need to prepare a PSUR for each device, and where relevant, for each category or group of devices. The manufacturer is responsible for preparing and updating the PSURs and making it part of the technical documentation that should be included with the Essential Principles/GSPR’s. These reports must be clear, organized, searchable and in easy-to-read format.

The PSUR should be a stand-alone document. While the content of a PSUR can vary, depending on the amount of specific data the vendor chooses to include, the PSUR should, at a minimum, always include: an executive summary, safety conclusions and benefit-risk determination, main findings of the Post Market Clinical Follow-up (PMCF) [or Post Market Performance Follow-up for IVDs], vigilance data, information about sales volume, user population, and usage frequency. A PSUR is meant to provide an overview of information, not to be a complete duplicate of all the PMS report information.

Something very important to note, A PSUR is required throughout the lifetime of the device plus the shelf-life where relevant. So for example, A single use device could have a lifetime of 1 year, but a shelf life of 5 years. After the end of device production, the PSUR can be stopped only when the cumulative data of the PSUR issued for this device covers the duration of the shelf life (6 years).‍

What is the format of a PSUR?

The PSUR format is composed of two elements: the PSUR form and the PSUR report. 

The PSUR report is a PDF file that the manufacturer will be required to upload in EUDAMED for class III devices and for implantable devices. The PSUR form is an electronic form that will be  completed by the manufacturer in EUDAMED, after they have finished the “completeness” check. 

The PSUR form contains all your relevant administrative information as well as data to identify and distinguish between different PSURs for the same device. It should also contain data necessary for the registration of the PSUR in EUDAMED. The PSUR form will be available by the Commission on their website at a later date to be announced.

The PSUR report will contain all of the core content including the executive summary, grouping of devices, sales volume, and PMS data discussed in the previous section.‍

Keeping on top of technical documentation

PSUR requirements, and PMR data are now a critical part of the technical documentation that regulatory affairs professionals in medtech are required to maintain. Along with the expanded GSPR requirements that come with the MDR/IVDR rollouts, traditional approaches to managing technical docs are no longer effective, and can be prohibitively time-consuming to maintain. Regulatory Intelligence Management (RIM) systems, like Rimsys, can provide a much more powerful, effective, and streamlined way to manage all of a products’ technical files and supporting documentation.‍

To learn more about RIM systems, read our case study to see how a global leader in in vitro diagnostics was able to reduce the time spent on maintaining technical docs by 99% or request a custom demo of the Rimsys platform.

This article is an excerpt from The beginner's guide to the FDA De Novo classification process ebook.

Contents

• Introduction
• Chapter 1: What is an FDA De Novo request?
• Chapter 2: Contents of a De Novo request
• Chapter 3: Submitting a De Novo request
• Appendix A: Acceptance review checklist

Congratulations, you have successfully developed a new medical device! Now you need to take it to market. Normally in the United States this would mean completing a 510(k) submission. However, the 510(k) relies on “substantial equivalence”—a comparison to a similar device already on the market (also called a predicate device) to assess the risk profile of the new device. What if your device is totally new, and there isn’t a similar device to compare it to? Enter the FDA De Novo process. The De Novo process provides a pathway to market for novel devices with a low to medium risk profile.

What does De Novo mean?

According to the Merriman-Webster dictionary, de novo is a Latin word meaning “as if for the first time; or anew.” Perfectly fitting that the FDA uses this term “De Novo” to describe market approval requests for new medical devices or technology where there is no comparable predicate device on the market.

The Food and Drug Administration Modernization Act of 1996 provided the FDA with the authority to create the De Novo Classification Process. It's a process that uses a risk-based strategy for a new, novel kind of medical device, in vitro diagnostic, or medical software solution whose type has previously not been identified and/or classified. It’s a process by which a novel medical device can be classified as a Class I or Class II device, instead of being automatically classified as Class III, which may not be appropriate. Before the implementation of the De Novo process in 1997, all the “not substantially equivalent” (NSE) products were required to be initially classified as a Class III device. But for a lot of devices, this risk class didn’t really make sense. The De Novo process provides a pathway for more accurate classifications of novel, lower-risk devices.

October, 2021, the FDA released a final guidance document "De Novo Classification Process (Evaluation of Automatic Class III Designation)" to provide guidance to the requester (also known as the manufacturer) and the FDA on the process for the submission and review of a De Novo Classification Request under section 513(f)(2) of the Federal Food, Drug, and Cosmetic Act (the FD&C Act). This process provides a pathway to an initial Class I or Class II risk classification for medical devices for which general controls or general and special controls, provide a reasonable assurance of safety and effectiveness, but for which there is no legally marketed predicate device. This guidance document replaced the "New Section 513(f)(2) – Evaluation of Automatic Class III Designation, Guidance for Industry and CDRH Staff" document, dated February 19, 1998.

Consistent with the final rule, the FDA updated the guidance documents below to provide recommendations for submitting De Novo requests, as well as criteria and procedures for accepting, withdrawing, reviewing, and making decisions on De Novo requests, effective January 3, 2022.

• User Fees and Refunds for De Novo Classification Requests
• FDA and Industry Actions on De Novo Classification Requests: Effect on FDA Review clock and Goals
• Acceptance Review for De Novo Classification Requests

The 510(k) and the De Novo processes are similar in that they are both pathways to market for medical devices with low to moderate risk, which is Class I and Class II. The biggest difference between the two is that the 510(k) heavily relies on the concept of "substantial equivalence" to an existing medical device. You must prove this to get the clearance of your 510(k) submission. In the De Novo process, there isn’t a product currently on the market that is “substantially equivalent” to yours, so it’s like starting with a clean slate. For more on the 510(k) process, see our Beginner’s Guide to the 510(k) ebook.

A result of the De Novo process to be aware of is that a successful submission will lead to a new predicate device type that someone else can reference to bring their product to market through the 510(k) process. You’ve done all the work, so now it’s available for anyone to use to provide "substantial equivalence".

De Novo history/timeline

Preparing a De Novo request

1. Do your research! Be sure to complete all the necessary research prior to your submission. You want to be sure that your device is not substantially equivalent to an existing device. Resources to review include:

• The Center for Devices and Radiological Health (CDRH)
• U.S. FDA Device Classification Database
• Device Classification Under Section 513(f)(2)(De Novo)

2. A De Novo request can be submitted with or without a preceding 510(k). There are two options for when you can submit a De Novo request:

Option A: After receiving a not substantially equivalent (NSE) determination (that is, no predicate, new intended use, or different technological characteristics that raise different questions of safety and effectiveness) in response to a 510(k) submission.

Option B: If you’ve determined, after extensive research, that there is no legally marketed device on which to base a determination of substantial equivalence.

3. Be sure all fees are paid to the FDA in advance of submitting a De Novo request. The FDA’s fiscal year begins in October and runs through the following September. Fees have increased each year since they were introduced, but the FDA’s percentage of reviews completed within the 150-day window has increased as well.

A business that is qualified and certified as a “small business” is eligible for a substantial reduction in most of the FDA user fees, including De Novo. The CDRH is responsible for the Small Business Program that determines whether a business is qualified. 

Medical Device User Fee Amendments (MDUFA) guidance documents can provide more detailed information about all FDA user fees.

4. The initial request process serves only to determine if the De Novo request is administratively acceptable based upon the Acceptance Checklist. The initial acceptance is followed by substantive review which will determine the final risk classification of your device.

5. A Pre-Submission (Pre-Sub) is a formal written request for feedback from the FDA that is provided in formal written form, and then followed by a meeting. Although a Pre-Sub is not required prior to a De Novo request, it can be extremely helpful to receive early feedback, especially for devices that have not previously been reviewed under a 510(k). If you think you would like to submit a pre-sub first, there are suggested guidelines for submission you should consider:

• Describe your rationale for a Class I or Class II classification for your device.
• Provide the search results of FDA public databases and other resources used to determine that no legally marketed device and no classification for the same device type exists.
• Provide a list of regulations and/or product codes that may be relevant.
• Provide a rationale for why the subject device does not fit within and/or is different from any identified classification regulations, based on available information.
• Identify each health risk associated with the device and the reason for each risk.
• Briefly describe any ongoing and/or planned protocols/studies that need to be completed in order to collect the necessary data to establish the device’s risk profile.
• Provide information regarding the safety and effectiveness of the device. Cite the types of valid scientific evidence you anticipate providing in your De Novo request, including types of data/studies relating to the device’s safety and effectiveness.
• Briefly describe any ongoing and/or planned protocols/studies that need to be completed to collect the necessary safety and effectiveness data.
• Provide protocols for non-clinical and clinical studies (if applicable), including how they will address the risks you anticipate and targeted performance levels that will demonstrate that general controls or general and special controls are sufficient to provide reasonable assurance of safety and effectiveness.
• Share any proposed mitigation measure(s)/control(s) for each risk, based on the best available information at the time of the submission. Highlight which mitigations are general controls and which are special controls and provide details on each.
• Include any other risks that may be applicable, in addition to those identified in the Pre-Sub, given the indications for use for the device.
• If applicable, provide any controls that should be considered to provide a reasonable assurance of safety and effectiveness for the device.
• Provide any non-clinical study protocols that are sufficient to allow the collection of data from which conclusions about device safety and/or effectiveness can be drawn. These protocols should address whether the identified level of concern is the appropriate level of concern for the device software, and if any additional biocompatibility and/or sterility testing is required.
• If clinical data is needed, provide information to show that the proposed study design and selected control groups are appropriate?

6. The FDA will attempt to review the De Novo request submission within 15 calendar days of receipt of the request to make a determination that the submission is declined or accepted for review. If they are unable to complete the review within the 15 days, your submission will automatically move to “accepted for review” status. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/de-novo-classification-process-evaluation-automatic-class-iii-designation

7. There are times when the FDA will refund your application fee. They have created a guidance document “User Fees and Refunds for De Novo Classification Requests” for the purpose of identifying:

1. the types of De Novo requests subject to user fees
2. exceptions to user fees
3. the actions that may result in refunds of user fees that have been paid

When is a De Novo request subject to a user fee?

When will the FDA refund a De Novo user fee?

What fee must be paid for a new device submission following a De Novo “decline” determination?

To continue reading this eBook including a detailed walk-through of all the Traditional 510(k) components, submission requirements and timelines, and an overview of the other 510(k) forms including the Abbreviated 510(k) and the Special 510(k), please register to download the full version.

GUDID is an important source of information as well as a key regulatory requirement for medtech manufacturers who market medical devices, in vitro diagnostics, or medical software in the United States. This article provides an overview of the system, and links to relevant FDA resources you can visit to learn more.

What is GUDID?

GUDID is an acronym for the Global Unique Device Identification Database, a central repository of detailed medical device information created by the FDA. It is often pronounced “Good ID”. The GUDID was implemented as a component of the FDA’s Unique Device Identifier (UDI) requirements, and serves as a digital hub of all the UDI information for all the medical devices that are marketed in the United States.

The GUDID database is designed to help identify and trace all medical devices sold in the U.S., and provides detailed specifications about each device including manufacturer and production information, intended use, safety, and storage and handling requirements. The database is accessible to regulators, manufacturers, healthcare providers, insurers, and the public at large.‍

GUDID history

The GUDID was implemented as a part of the FDA’s UDI system. This system requires that each medical device have a unique identification code that is included in the device label (printed on the device itself or its packaging) in both machine and human readable format. An example of a UDI code is included below. The UDI code contains information about the device, the manufacturer, and when/where the device was manufactured.

The FDA’s UDI program was established in 2013, when a rule was issued requiring all medical devices to carry a UDI by 2020. The GUDID database was included with the same regulation, and manufacturers were required to submit all of their UDI information electronically to this database as the requirements came online for different device classes. The overall UDI requirements rollout had the following timeline:

The GUDID database was launched ahead of the first device deadline in December, 2013, and the public access portal AccessGUDID went live in May, 2015.

Who should submit data to the GUDID?

The FDA specifies that the GUDID submission is the ultimate responsibility of the “device labeler”. This is the entity/company who is identified on the device’s label (which also contains the UDI code). So the same entity that attaches the UDI to the device, is also responsible for the electronic GUDID submission. In almost all cases this is the manufacturer of the device, however, it can be the U.S. distributor for the product if they are named on the product’s label.

What data must be submitted to the GUDID?

The information submitted to the GUDID includes all of the device information that is in the UDI code along with additional information about product distribution, product and packaging size, sterilization, and storage and handling instructions. The following information is required to be included with each submission:

• Device identifier information - This includes the device identifier (the first part of the UDI code), a detailed device description, and information about the labeler including the DUNS code, and company name and address.
• Commercial distribution - This includes the distribution status—whether or not the device is in commercial distribution, and the distribution end date—when the device will no longer be distributed.
• Alternative identifiers - If the device has another DI, either a direct marketing DI, a distinct packaging DI, one from another issuing agency, or one that was used previously, this information must be provided.
• Customer contact information - A phone and email address for patients or consumers who have questions about the device.
• FDA codes and listing number - If the device completed a pre-market authorization (PMA) that should be included as well.
• Manufacturing information - Manufacturing date, lot or batch number, serial number, and expiration date for the device.
• Latex information - Whether or not the device or its packaging contains rubber components.
• Device dimensions - What is the clinically relevant size and unit of measure for the device.
• Storage and handling - Requirements and parameters for storage including temperature, humidity, and pressure.
• Sterilization - Whether the device is packaged as sterile or requires sterilization prior to use.

The FDA provides a detailed spreadsheet of data requirements that you can use to prepare your submission.

Creating a GUDID submission

In addition to gathering the required information (and obtaining a UDI code for your device) there are several additional steps to complete in order to create a GUDID submission for your product. First, if you don’t have one, you’ll need to create a GUDID account. The FDA allows you to request an account online. Note that you will need to have a DUNS number for your business. If you don’t have one you can request one from Dun & Bradstreet at no cost.

There are two ways that you can enter your submission. You can do this online through the GUDID Web application. The FDA also allows you to submit your GUDID information all at once using an XML file that complies with Health Level 7 (HL7) Structured Product Labeling (SPL) formats. These submissions are made via the FDA Electronic Submissions Gateway, and require you to set up a gateway account.

In addition, some software providers (like Rimsys) include the ability to make electronic GUDID submission directly from their tools. They provide a system to organize and manage UDI data for the US and other countries, and can ensure that GUDID information for your products is kept up to date.

The global proliferation of UDI regulations

The GUDID was one of the first public databases of medical device information, but many additional countries and regions have followed suit. The European Union, China, South Korea, and Taiwan have all introduced UDI databases and requirements that manufacturers submit records for all of their products sold in-market, and ensure that they are kept up to date. 

For more information about global UDI programs and timelines, see our UDI quick reference guide. And you can find more detailed information about the specific requirements in the EU and China in our Ultimate guide to the MDR/IVDR UDI and Ultimate Guide to the China NMPA UDI requirements ebooks.

We’re excited to announce that we’ve closed $16M in Series A financing led by Bessemer Venture Partners, with participation from Allos Ventures, Private Opportunities, and Innovation Works. Rimsys was created because there wasn’t a viable regulatory information management (RIM) solution on the market for medtech companies, leaving regulatory affairs (RA) teams to manage increasingly complex work with spreadsheets. The growth that we’ve seen (3X this year), and the work we’ve done with some of the world’s largest medtech companies including Johnson & Johnson, Terumo, Siemens, and the Cooper Companies, makes us incredibly excited about what’s to come.

Regulatory digitization and automation for the medtech industry

The regulatory landscape for medical device, in vitro diagnostic, and medical software products is growing increasingly complex. The implementation of the new European Union Medical Device Regulations in May, to be followed by the In Vitro Diagnostic Regulations next year, brought new general safety and performance, unique device identification, and post-market surveillance requirements that manufacturers must comply with. Research from MedTech Europe predicts that as many as 76% of products will be withdrawn from the market as a result.

Growing complexity isn’t limited to the EU region. This year, Australia has released new essential principles requirements, Canada has expanded post-market requirements, and China has launched a new UDI system. The simple fact is that the largely manual way that RA teams have managed processes won’t work moving forward.

The Rimsys RIM Platform provides an automated, digital alternative to these traditional approaches. It’s a 100% cloud-based software solution that’s specifically designed around medtech regulatory activities and processes.

Rimsys provides a centralized "single source of truth" for all regulatory information and documents. It automates regulatory submissions, including product and UDI registrations, and monitors expiration dates, applicable standards, and regulations for changes that might impact products. It’s a single, integrated solution that supports the full breadth of regulatory activities, and organizes all of it at the individual product level, giving medtech companies unprecedented visibility into and control over their regulatory processes.

New leadership to drive continued growth

We’re also excited to announce new company leadership that will help us through our next phase of growth. We’ve added two new executive leaders with extensive industry experience: Adam Price, former head of post-market surveillance at Philips, and Christine Robertson, former IT leader supporting regulatory at Thermo Fisher Scientific. Adam will lead post-market strategy for Rimsys, developing new offerings to streamline and simplify that part of the regulatory lifecycle. Christine will lead implementation and professional services, bringing best-practices from successful large-scale RIM deployments to all of our customers.

We’ve also added two new board members: Andrew Hedin, Partner at Bessemer Ventures, and Eric Boduch, Co-founder of Pendo, a $2.6B SaaS company that helps companies develop better software products. Both bring a wealth of start-up, SaaS, and industry experience that will be incredibly valuable as we scale the company.

What’s next

Our goal is to build a comprehensive software platform for medtech regulatory affairs that supports activities across the regulatory lifecycle from pre-market to market placement to post-market surveillance. This year we became the first vendor to offer UDI management directly integrated with product registration data. And we announced a new partnership with Clarivate to bring world-class regulatory intelligence into the Rimsys platform where customers can leverage it directly within automated processes.

We will continue to expand our capabilities at an even faster pace, with new collaborative submission authoring, electronic transmission, regulatory intelligence, document management, and post-market surveillance features coming to the platform. We will also continue to expand our team with a new UK office to better serve the European market, and a number of new roles across the company. If you’re interested in helping medtech companies get lifesaving products to market more quickly, we’d love for you to join our team.

Learn more about Rimsys

We’d love to show you how the Rimsys RIM Platform can help medtech companies streamline processes across the regulatory lifecycle, strengthen global compliance, and get new products to market faster. Contact us to schedule a free custom demo.

Regulatory Information Management (RIM) refers to a category of software solutions that are designed to support and streamline the activities of regulatory affairs (RA) teams. For most teams they are a net-new category of software, and generally replace manual processes that are paper-based or run using traditional productivity software (spreadsheets and docs). RIM systems first emerged to support pharmaceutical regulatory activities, but in recent years medtech-focused solutions have hit the market as well.

Given their general new-ness, especially for medtech RA teams, it’s not surprising that many teams are unfamiliar with the technology. In our, admittedly informal, survey of RAPS 2021 attendees, only 11% of respondents said they currently use a RIM system, and 33% had no knowledge of the category at all. This article provides some background on what RIM systems are, and what they do to help medtech RA teams operate more effectively.

The role of regulatory affairs in medtech

To understand RIM systems, first we have to look at the role of regulatory affairs. In medtech, which includes medical devices, in vitro diagnostics, and medical software, RA teams play a critical role across a product’s lifecycle.

Before products are released for sale, RA teams work closely with research and development (R&D) teams to ensure that a new product meets necessary local requirements to be legally marketed in the desired target markets. There are over 113 different regulatory regimes around the world that medical devices are subject to. While there are many similarities, RA teams must understand the nuances between countries and guide R&D to ensure that products are developed accordingly.

Once products obtain market clearance, RA teams switch to monitoring mode to ensure that products can remain on the market. This includes keeping track of expiration dates and certificates, any changes in regulations or international standards that could impact the product, and any changes in the product or it’s technical documentation. Health authorities in many countries regularly perform product audits, so keeping all information in order and up-to-date is an important part of regulatory work.

RA teams usually take the lead on post-market surveillance activities as well, working closely with their quality assurance (QA) counterparts. They track adverse events and complaints, compiling this information from public and internal sources, and ensure that the data is reported appropriately to health authorities. Not all markets require extensive post-market surveillance for medical devices, but these regulations are becoming more common. Both the EU and Canada have recently implemented expanded surveillance requirements including the need for regular summary reporting to continuously confirm product performance and safety.

The information challenge

All of the regulatory activities highlighted in the previous section are repeated for every individual product the company sells in every regulated country or region. And, all of these activities are highly dependent on specific information. To do their jobs effectively, medtech regulatory affairs professionals need insight into global regulations and standards, detailed product specifications, testing, performance, and safety data, and a full record of all regulatory registrations and processes.

The problem is that this information is often scattered across the company. It’s stored in multiple systems, (sometimes physical) documents, and individual employees’ heads. Because this information is so scattered, RA professionals can spend up to 50% of their time just looking for things, and simple requests such as identifying whether a product has clearance to be marketed in a specific country can take days to complete.

How RIM systems can help

At a fundamental level, RIM systems are about helping RA teams corral and manage all of the information they need to do their jobs. RIM systems serve as a “single source of truth” for RA teams. They store and manage regulatory documents, integrate with systems across the company, and create a traceable record of all regulatory activities. All of this information is linked to individual products and countries or regions, making it much easier to find.

All of the collected information in a RIM system can be used to streamline regulatory activities across the product lifecycle. Before products are released, they provide access to regulatory intelligence, including market entrance requirements, that RA teams can use to guide product development and regulatory submissions. RIM systems also provide a collaborative digital hub where teams can author and assemble supporting documentation for new regulatory submissions.

For products currently on the market RIM systems can monitor registration expiration dates, and track changes in relevant standards and regulations to identify potential product impacts. This automated monitoring can give RA teams an “early warning”, and allow them to accommodate changes that might impact the selling status of a product.

RIM systems can also help with post-market surveillance activities. They can collect and centralize post-market data analytics, and facilitate planning and active surveillance activities to meet the most current regulatory requirements. These systems can also ensure that actions and conclusions drawn from the post-market surveillance process are consistently applied throughout the quality management system. And, the same authoring capabilities used to assemble pre-market submissions can be used for post-market reporting and communication with regional regulatory authorities.

Project planning, tracking, and management

Underpinning all of these capabilities is a full set of project features that allow RA teams to effectively manage and track their activities. This can include project request features that allow internal teams or 3rd-party partners such as local distributors to request specific regulatory activities or information. RIM systems also provide project task management, approval workflows, and digital signature capabilities that are fully auditable, and 21 CFR Part 11 compliant.

RIM systems also provide detailed reporting in the form of customized dashboards and registration, product, standards, and documentation reports. These reports offer at a glance monitoring of key information and detailed visibility into regulatory status and activities. For many teams this level of visibility is new, and allows them to fully measure, benchmark and report on their activities to company leadership.

The impact of RIM systems

RIM systems can have a tremendous impact on RA teams. By centralizing information they improve team productivity by ensuring that up-to-date information is always easily available and consistently applied. By automating workflows like new submission creation, or essential principles/GSPR table assembly they ensure that work gets done quickly and in-line with country/region requirements. RIM systems also provide more visibility into regulatory activities, allowing teams to benchmark and more accurately forecast the time required for new market clearance, and other product milestones.

To the company, the increased regulatory efficiency and effectiveness means reduced revenue risk from noncompliance or having to pull products from market, stronger, more confident global regulatory compliance, and ability to get new products to market much more quickly.

To learn more about RIM systems, their key capabilities, and if your organization could benefit from bringing one onboard, read our RIM System Buyer’s Guide for Medtech Companies.

At first glance, the juxtaposition of RIM and change management seems a little strange. One is a software tool and the other a management discipline, but one of the things we’ve seen across RIM deployments is that it’s difficult to have one without the other. For many regulatory affairs teams, a RIM system isn’t simply a tool, it’s a digital transformation. This means that there’s a broader set of organizational considerations and actions that need to surround the implementation of a RIM system to ensure its success. Remember that 70% of digital transformation initiatives fail.

RIM systems are a disruptive technology

Disruptive? Really? Aren’t RIM systems supposed to streamline regulatory activities, and improve team productivity? Yes they definitely provide these benefits, but they also require a change in how the team works. Most RIM implementations aren’t replacing existing software, they’re replacing manual processes. In our experience, Rimsys is displacing registrations that are managed via spreadsheets, and sometimes even paper-based processes.

This means that the way that teams have managed processes is changing significantly. While it’s likely that teams are struggling to operate effectively (there’s usually some organizational pain that leads to a RIM evaluation), there’s also discomfort with the change. RA team members are proficient in their work, they know how to get things done, and likely have systems they’ve created to cope with the inefficiencies in their current processes.

Regardless of department or industry, automation initiatives can lead to employees feeling threatened with obsolescence, lacking direction, and afraid of being replaced. In medtech regulatory affairs this is rarely the case. Most companies have to invest heavily in external consultants just to keep pace with the current workload. In fact, large medtech companies regularly outsource 50% or more of their regulatory activities. This doesn’t mean that team members won’t experience these insecurities. That’s why it’s important to have a change management strategy in place to support any RIM rollout.

A RIM change management strategy

All of these factors mean that RIM implementation that doesn’t have an accompanying change management strategy won’t see the same level of success, or deliver on expected outcomes. The good news is that there are a universal set of tactics to support effective change management that can be easily applied in this scenario. Here are 4 steps that you can take to lay the groundwork for a successful RIM implementation.

Step 1: start at the top

Teams that are in the process of acquiring a RIM system likely already have leadership support, but it’s important that your senior leaders have a visible presence in the process. This means issuing communications, participating in kick-off meetings, and being available to answer questions. This applies both to RA leaders and those in adjacent departments like QA and IT as well.

The visible support reinforces the idea that leadership teams are aligned and fully supportive of the changes taking place. It affirms that RIM is a strategic priority for the company, and helps to alleviate any fear or anxiety about the change. Leadership support also helps to signal to teams that they’ll be supported as they go through the implementation process, and that work will be prioritized.

Step 2: communicate early and often

RA teams are busy—often very busy. This is typically why a RIM system is being implemented in the first place. However, when teams are really busy, it’s really easy for communications to fall through the cracks. This means that plans and timelines for a RIM implementation need to be communicated more than once.

Communications should emanate from leadership teams (see step 1), and be candid about coming changes, the reasons for them, and the expectations from team members as the project moves forward. Leaders should encourage communication that moves in both directions, and be open to feedback from team members. Companies should look to create channels for RA team members to reach out with any comments or concerns.

Step 3: strive to minimize disruption

While there’s no way to completely eliminate the disruption associated with a new RIM system—it will fundamentally change the way a RA team works there’s no way around it—there are ways to minimize disruption. There first part of this is making sure you’re communicating enough about the project (see step 2). Team members are much more receptive to change if they aren’t blindsided by it.

It’s also helpful to take steps to make sure that team members have an opportunity to learn about the RIM systems throughout the acquisition and implementation process. Bring team members into product demonstrations, and let them ask questions about solutions that are being evaluated. Don’t wait to run training sessions until the RIM system is fully implemented. These can run in parallel. With this approach the whole team feels invested in the solution, and is fully ramped to start running at the end of implementation.

Step 4: lay the groundwork for continuous improvement

This article discusses change management from the perspective of a discrete event—the acquisition and implementation of a RIM system. However, RA teams shouldn’t look at change as something with fixed start and end, but rather as something continuous. RIM systems today represent one way that RA teams can embrace digitization and automation to improve how they work. There will be many additional opportunities as regulations, regulatory bodies, and technology evolve.

In recent years we’ve seen an expansion of UDI requirements for medical devices across markets. We’ve seen more stringent requirements for post-market surveillance. And we’ve seen the growing adoption of digital pathways for regulatory submissions and other interactions with health authorities. For many teams, a successful RIM implementation is just the first step on what will be a broader organizational transformation.

Successful changes for RIM and beyond

RIM systems can provide enormous benefits to RA teams, but only if they’re fully implemented and adopted. While deep in the weeds of requirements gathering and vendor evaluations it’s easy to overlook the fact that moving from traditionally manual processes to automated ones in a RIM system represents a significant organizational change. As a part of any RIM acquisition initiative, teams should fully understand their change management needs, and take steps to address them in concert with software selection.

Having teams fully onboard and supportive of the initiative makes them much more likely to adopt the final solution. Engaging in this way also allows you to plan for, and prioritize the resources needed for the implementation phase—leading to faster time to value for the project. Ultimately organizational change will and should be something that RA teams are comfortable with. The practices adopted with a RIM implementation can be used to support future digitization and automation across all RA activities.

To learn more best practices around RIM sourcing and implementation including an organizational self-assessment, detailed overview of capabilities, and a worksheet you can use for vendor evaluations, check out our RIM Buyer’s Guide for MedTech Companies.