Insights & Intelligence for Regulatory Leaders

Regulatory affairs is constantly changing, and these changes span the entire product lifecycle - from pre-market awareness of global regulations to managing varying and changing market placement and post-market activities. Managing all types of regulatory changes without streamlined processes and methods in place is a daunting task and one that can set regulatory affairs teams up for risks, including project delays, non-compliances, financial impacts, and employee turnover.

With regulatory affairs interactions and activities often spanning various departments, office locations, and external stakeholders, many regulatory affairs teams are left wondering how they can better streamline their process management.

We recapped core methodologies from our recent webinar, Navigating regulatory change: Why streamlined process management is critical for medtech regulatory teams, to help RA teams review their existing processes, identify gaps, and put together a remediation and implementation plan that will enable them to reduce risks and maintain regulatory continuity.

Phase 1 – Assess your team’s current processes

Assigning resources to provide an honest assessment of your regulatory processes can be tough. We've seen the most success by having awareness and involvement from all of your team’s stakeholders, as many of them have a vested interest in your regulatory processes and information. Additionally, we've seen even greater success when those efforts are supported by an executive sponsor who's committed to streamlining these processes and making the changes.

When we talk about assessing current processes, we don’t just mean reading common SOPs and flow charts. We're talking about an honest review of the adequacy of your regulatory inputs. Some questions you can ask to help with your assessment are:  

• Do we have everything that we need when we need it?  
• Does this process generate valuable deliverables? How hard are we working to generate these outputs?  
• Do we have the right tools in place? If not, what tools on the market can help us achieve our goals?  

It’s safe to say you can spend less time on processes that you've identified are working well. If you don’t know exactly where to start in a process assessment, it's helpful to think about where you spend most of your time. When focusing on the processes that are taking up most of your time, it’s easier to see where the inefficiencies lie.  

Once the opportunities for improvement are identified, it's time to consider all potential risks. Compliance risk is an important thing to consider, but there’s also business risk with slow processes, inefficient processes, or even worse, ineffective processes where RA professionals spend a lot of time arriving at the wrong output or no output at all.  

As risk is assessed for these opportunities, you should then consider the effort that it's going to take to resolve each. This measurement doesn't have to be highly specific. The intent for it is to ultimately help you prioritize which regulatory process changes you want to execute with your team first.

Phase 2 – Planning for Improvement

While there is some planning that needs to take place at the time that you kick off the assessment phase to help you understand and establish who's going to assess which processes., this phase is intended to focus on planning for improvement. It starts with prioritizing your inefficient processes from highest to lowest. Gaps should be prioritized and resourced first without trying to “boil the ocean.” This will help your team set itself up for a successful implementation phase next. From our experience, it’s hard to appropriately focus on process improvement when trying to change too many processes at once.  

Within the planning phase, you can review the results of the assessments with all of the regulatory stakeholders and any other stakeholders who are involved with the outputs of the processes. The process owners can then take this opportunity to break down silos by understanding the relationship that their processes have with other departments and the effect their outputs have on these departments. Taking the time to understand the impact your processes have on other departments will allow you to be able to make any necessary adjustments to the inputs and outputs of your processes and hone your communication strategies.  

From here, you can assign resources and tasks to manage the overall effort with regular check-ins.  

‍

Phase 3 – Implementation  

Implementation, the easy part as we jokingly say. As you work through the implementation tasks identified in the planning phase and check in with your stakeholders, it's a good idea to test and iterate on your changes to ensure that they continue to make sense. This is also crucial to verify that your changes are advancing the project or the task toward your overall process management goals.

Training is a key element in the implementation phase as well. Any upfront communication that can be provided to the users of the process ahead of the training is going to be beneficial for change adoption and change management. It’s important to not only communicate that  process changes are coming but also why they are coming and what benefits the end users of the process and the consumers of the outputs expect to see as a result.

Once those process changes have been implemented, and training is completed, it’s important to measure and monitor the process for the effectiveness of the changes. Some key questions to consider here are:  

• Did we gain efficiencies?  
• Did we make our lives easier with these process changes?  
• What impact have these process changes had on our team, other departments, and our organization?  

If you can’t answer these questions positively, it’s important to go back through the assessment planning phase activities to make sure all improvement opportunities and tasks were properly identified and assigned. When you’ve found those changes have made a positive impact, you should communicate those successes with all relevant teams to build a success story within your organization and to encourage additional adoption of these changes.  

Our webinar replay, Navigating regulatory change: Why streamlined process management is critical for medtech regulatory teams, has more tips to help you optimize your process management and explains how regulatory tools such as RIM systems can help RA teams automate, track, and manage their processes across global internal and external teams. Download the full replay here.  

‍

UDI: More than Just a Barcode and Label

Unique Device Identification (UDI) is a global requirement mandated by regulatory bodies in various countries to facilitate the easy tracking of key medical device information throughout the supply chain. This system ensures traceability from the moment a device is manufactured until it is used in a medical facility or at home.

The UDI system mandates specific labeling requirements, including the placement of a UDI number, a barcode, and essential device information on the medical device's label. This facilitates the straightforward identification and tracking of the device.  

The importance of UDI to regulatory affairs teams

The obligations of the device labeler extend beyond just labeling. Manufacturers are also required to submit and update device information in regulatory databases specific to each country where the device is marketed. This part of the regulation underscores the importance of managing UDI data effectively, as it is critical for legally marketing and maintaining medical devices in different markets. As a result, the responsibility for UDI compliance is increasingly recognized as falling within the purview of regulatory affairs departments within manufacturing companies.

‍

The Unique Device Identification (UDI) system, initially introduced by the US FDA, has since been adopted by regulatory authorities worldwide. These authorities are developing their own UDI programs tailored to their countries to deliver similar patient benefits. Each country's UDI program typically mandates specific labeling and device data reporting and maintenance. While there are overlapping elements for the UDI data required, individual countries have set up additional, localized requirements. This creates a layer of digital complexity through unique regulatory database requirements, interfaces for data entry, and the need for machine-to-machine submissions to handle large-scale reporting.

The increasing blend of shared and unique UDI data requirements, along with country-specific regulatory database needs, highlights the importance of developing comprehensive compliance solutions. The drive for digital transformation in this area is fueled by the intensive data demands from both regulators and manufacturers. This transformation aims to simplify the management of expanding requirements and address the growing complexity as more countries adopt UDI programs.

As UDI programs and the necessity for database reporting become mandatory in more countries, manufacturers and labelers must be ready to establish and maintain UDI datasets for both new and existing products in those markets.  

How Rimsys can help

Rimsys regulatory management software offers a platform that simplifies the creation, maintenance, and reporting of UDI data. It also provides tools to oversee and manage the entirety of a company's UDI program through a unified solution.

Business outcomes supported by the Rimsys UDI module:

• Remove the risk of data entry error that comes with keeping identical data sets manually in sync - The Rimsys solution allows users to create and manage UDI attribute data from a centralized location and then apply that information to global UDI requirements, where the data requirements overlap multiple markets.
• Reduce the burden of keeping up to date with each country's UDI program - Rimsys monitors global UDI regulatory changes and adds new country requirements directly into the platform as UDI programs are implemented and become required. Rimsys also keeps up with the latest changes to supported UDI programs for the US (FDA) EU (MDR), Saudi Arabia (SFDA), China (NMPA), South Korea (MFDS), and Singapore (HSA) and updates the required fields directly into the platform.
• An open API ecosystem allows "source of truth" data to be integrated into Rimsys as a "post go-live" phase - Ensure data is up to date and locked at the source of truth, yet centralized for application to global UDI requirements in Rimsys. Data that is required but not controlled in a customer's source system can be managed within Rimsys.
• Built-in support of machine to machine (M2M) transmission to GUDID (FDA) with EUDAMED (EU) coming soon - Rimsys alleviates the need to manually upload UDI data into databases when relevant information changes to ensure compliance. Acknowledgments from machine-to-machine interactions are saved directly to Rimsys and associated to each UDI record.
• Leverage the existing product hierarchy in Rimsys to efficiently manage Basic UDI to reduce non-compliance risk for EU MDR - Data requirements for Basic UDI established in Rimsys are included with the M2M process - Coming Soon
• Facilitate impact assessments in Rimsys since UDI information sits alongside product and registration data - Eliminate the need to manually combine disparate data sets.

Ready to see how Rimsys software can help you create and manage the complexities of UDI data? Schedule a custom demo here.  

‍

The Total Product Life Cycle Advisory Program (TAP) is a voluntary pilot program launched by the FDA’s Center for Devices and Radiological Health (CDRH) in October 2023. The TAP Pilot is one of the commitments between the FDA and industry as part of the MDUFA V reauthorization, which aims to provide faster patient access to safe and effective medical devices, increase innovation, improve patient safety through enhanced surveillance and data collection, and provide a more efficient regulatory process for FDA and industry.  

Taking a medical device from concept to commercialization in the United States is often a long and challenging process that involves participation and adoption from FDA, clinicians, payers, and patients. The TAP program is addressing the obstacles that device manufacturers often encounter throughout this process with:

• Early and frequent interactions: FDA will provide more opportunities for sponsors to interact with the agency early in the development process, which can help to identify and address potential issues early on.
• Strategic input from stakeholders: The program will involve input from a variety of stakeholders, including clinicians, patient advocates, and payers, which can help to ensure that the development of new devices is meeting the needs of patients and the healthcare system.
• Proactive, strategic advice from CDRH: FDA will provide proactive and strategic advice to sponsors throughout the development process, which can help to reduce the risk of regulatory delays.

Currently, TAP program membership includes the companies or individuals developing the medical devices, the medical device sponsors, dedicated staff within the CDRH, stakeholders consisting of clinicians, patient advocates, payers, and academic experts, and independent advisors. However, It is unclear if independent advisors will continue to be part of the program as TAP expands. Additionally, specific individuals involved in the TAP program at a given time will vary based on the device being developed and the stage of the development process.

While currently still in its pilot phase, the TAP program is open to a limited number of medical devices. To be considered for the program, device manufacturers must have breakthrough designation with no previous pre-submission meetings. The TAP program started with 15 cardiovascular devices last fall and is now at 31 enrolled devices as of February 2024. Enrollment could reach as high as 60 devices by the end of 2024.

As part of the MDUFA V reauthorization, the TAP Program shares the goal of facilitating the development of high-quality, safe, effective, and innovative medical devices. Additionally, the TAP Program strives to reduce device development time and costs through early and frequent feedback from FDA, increase innovation with more predictable and efficient regulatory pathways for new devices, and improve patient access to new devices.

Overall, the TAP program’s focus is on improving the medical device landscape by addressing various challenges and opportunities throughout the product lifecycle. The program's success will be measured by its ability to expedite development, foster innovation, ensure device quality, and ultimately, improve patient access to these potentially life-changing technologies. For more information about the TAP program and enrollment in it, visit FDA’s website.  

‍

The number of software as a medical device (SaMD) is growing and with it are questions about how to effectively obtain market clearance for them. One question we hear often is, “Are FDA risk classifications and submissions any different for SaMDs?” Currently, the FDA is regulating SaMDs the same way it’s regulating traditional medical devices. As a result, you’ll still have the same three risk classifications, Class I, Class II, and Class III.

The submission process is also the same. Most Class I devices are 510(k) exempt, and most class II devices would fall under a 510(k) or De Novo submission depending on whether or not substantial equivalence can be made to another US-marketed device. Most Class III devices require PMA submissions.  

There have been discussions about FDA pre-certification programs and following IMDRF guidelines for SaMDs, which would alter the submission process and also the risk stratification of SaMDs. However, none of these discussions have matured. The FDA continues to mirror their risk classification and submission guidelines for SaMDs and traditional medical devices.

Watch the full answer to this question from our recent panel discussion with subject matter expert, Prabhu Raghavan of MDQR Solutions, below.

‍

You can also download the full replay here to get answers to other common SaMD questions such as:  

• How is the FDA regulating AI/ML in SaMDs?
• What is a Predetermined Change Control Plan (PCCP) for machine learning-enabled medical devices?
• What cybersecurity considerations sh ould be made when taking SaMDs to market?

‍

A standard is a published document that is established by consensus and is approved by a recognized body (ISO, IEEE, UL, etc.). It outlines requirements, specifications, guidelines, or characteristics that are used in a repeated way to ensure that materials, products, processes, and services are developed for a specific purpose. Think of it as a formula for an agreed upon way of doing something that establishes the best way of performing a function. It could be developing a product, managing a process, or even supplying materials to a manufacturer.

Why are standards important?

Standards enable technology to work seamlessly across industries and markets and help to build consumer trust that products and services are designed to work together in an efficient way. They form the fundamental building blocks for product development by establishing consistent requirements that can be universally applied, practiced, and understood. For example:

• Quality standards reduce product failures on the assembly line.
• Environmental standards reduce environmental impacts, reduce waste, and provide sustainability.
• Health and safety standards reduce accidents in the workplace.
• Food safety standards prevent food from being contaminated.

To ensure standards stay relevant and are aligned with technology changes, many standards organizations require that their standards be reviewed periodically and updated as necessary.

‍Is an industry standard the same as a regulation?

No, but there is a very close relationship between the two. Simply put, a standard is a guideline whereas a regulation includes laws. Industry standards are used voluntarily (although strongly encouraged) while regulations are not voluntary because they are a requirement from a government agency or similar authority, i.e. ISO 13485 is a standard and building codes are regulations.

• Standards are technical documents, driven by consensus that are crafted by experts.
• Regulations are sometimes based on standards, created by a variety of individuals and entities, while overseen by federal, state, and/or municipal authorities.

It's important to note that while standards aren't mandated by law, many regulatory authorities recognize standards and recommend adherence to them in order to promote safety and quality.

What kind of standards are medtech manufacturers responsible for tracking?

The medical device industry has the responsibility for the design and manufacturing of a wide range of products used to diagnose and treat illnesses to improve health in patients. Medical device standards help ensure that a manufacturing or design process can consistently produce the quality required to serve patients and healthcare professionals around the world.

Some of the more common standards used by the medtech industry include, but are certainly not limited to:

ISO 9001 – A general standard (not industry specific) for quality management and implementing a rigorous quality system. For medtech specifically, it helps with the management of the quality control process by helping to keep costs low, improve accountability and simplify regulatory compliance.

ISO 13485 – This standard is designed for medtech specifically and expands on the framework set up by ISO 9001. Compliance with this standard helps with quality control, process validation, and risk management, often referred to as the risk management standard.

ISO 14971 – This standard specifies terminology, principles, and a process for the risk management of medical devices, including software and in vitro. This helps to identify hazards that may be associated with devices and to minimize those risks.

IEC 60601-1 – Medical Electrical Equipment, general requirements for basic safety and essential performance of equipment.

ISO 10993 – Biological evaluation of medical devices that includes biocompatibility testing of materials used to design product parts that would come into contact with a patient, testing for skin sensitization, and irritabilities.  

ISO 15223 – Symbols to be used with information to be supplied by the manufacturer. This standard identifies symbols that are globally accepted to be used in a broad spectrum of medical devices. These symbols can be placed on the device, on the packaging, or on any accompanying information such as instructions for use.  

ISO 45001 – This standard outlines the requirements for occupational health and safety management systems that can be employed in the medical device industry to help reduce occupational risk.

Where do I get these standards?

Standards used to design and build medical devices need to be purchased, and you must always maintain the most current revision of that standard to ensure proper adherence to it. They can be purchased as electronic copies, or you can request a paper copy for your files. You can purchase them directly from the standard organization (ISO, IEC, ASTM, UL, etc.). There are also organizations services that will provide standards from many organizations, serving as your to be your one-stop shop.

How do I know when standards change?

The best way to manage how you receive information about changes to industry standards would be to implement an electronic standard tracking system. These systems help to:

• Give you early notifications of changes
• Mitigate your company's risk by ensuring you're up-to-date
• Save you time by eliminating the tracking on your own
• Ensure your standards are up-to-date

Using manual processes such as spreadsheets to manage standards updates can be difficult, time-consuming, and lead to compliance risks - especially when a high number of standards and markets are involved. There are a variety of standards management tools to help medtech companies monitor and manage global standards, including Rimsys.

How can Rimsys help?

Rimsys’ regulatory management software offers standards management to help you stay ahead of the mayhem by providing:  

• Access to a library of over 1.6 million global standards through a partnership with IHS Markit
• The ability to link standards to individual products to more easily assess the impact of changes across your product portfolio
• Automatic alerts when standards are changed, superseded, or withdrawn to reduce compliance risks and enable faster reaction times
• Bulk updates to your essential principles/GSPR tables when standards change for easier maintenance and compliance

For more information, visit www.rimsys.io/solutions/standards-management.

Recently, our Founder and CEO, James Gianoutsos, was a guest on an episode of the Easy Medical Device podcast. Hosted by Monir El Azzouzi, a quality and regulatory professional with over 16 years of industry experience, the Easy Medical Device podcast explores a wide range of topics, news, and challenges to help medtech quality and regulatory professionals gain valuable insights that will help them excel in their roles.

In the episode, Why should you invest in your regulatory team?, James and Monir explore the limitations of traditional cost-center approaches to resourcing and preparing budgets for regulatory affairs teams and discuss the benefits of treating regulatory affairs as a revenue function. Hear their thoughts about:

• How regulatory affiars teams are typically structured
• The importance of the RA job function on revenue
• The impact AI will have on regulatory affairs
• How digital tools can enable RA teams

James also provided tips RA professionals can use to convince their stakeholders to invest in regulatory affairs teams. He emphasized that getting buy-in often involves a mindset shift that will change the dynamic of the conversation. For example, when planning for a renewal, think about the financial impacts of missed renewals rather than the sheer volume of renewals you're doing.
‍

When you're trying to convince your leadership team, don't talk about how many renewals I did for this product in a particular month. talk about the dollar figures you saved the company or retained on the market.

‍

For more tips, listen to the full interview on the Easy Medical Device website.