Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
The ultimate guide to the EU MDR and IVDR general safety and performance requirements (GSPR)
This article is an excerpt from The ultimate guide to the EU MDR and IVDR general safety and performance requirements (GSPR) ebook.
Table of contents
- Overview
- Terminology
- EU MDR/IVDR Annex I
- EU MDR/IVDR Annex II
- Proactive Monitoring & Maintenance
- Comparison Table: EU MDR/IVDR Annex I GSPRs vs EU MDD/IVDD Annex I Essential Principles
With the initial rollout of the European Medical Device Regulation (MDR) complete, medical device companies are shifting focus to the sister In Vitro Diagnostic Regulation (IVDR) which has rolling effective dates starting in May 2022. Like the MDR, the IVDR also includes new General Safety and Performance Requirements (GSPR). The expanded 2nd edition of this ebook includes a detailed summary of the IVDR GSPR regulations in addition to those of the MDR. It provides you with practical guidance on how to meet the GSPR requirements for all types of medical technology products. This ebook, however, should not take the place of reviewing the actual regulations and consulting regulatory experts when needed
Timeline
The EU MDR submission became mandatory from the previous MDD directive on May 26, 2021, and the EU IVDR effective date is quickly approaching. In fact, all submissions for new devices under the new EU IVDR must be implemented no later than May 25, 2022. Below is a high-level overview of key dates for both regulations.
*Note that the timeline for compliance was extended in 2021. Class D (high-risk) devices have until 2025 to comply with IVDR, while Class C devices have until 2026. Class B and Class A sterile devices have until 2027 to comply with IVDR.
What’s the difference between Essential Requirements, General Safety and Performance Requirements (GSPR), and Essential Principles. In order to have a meaningful dialogue, let’s first discuss the three (3) main terms used in the industry.
#1 Essential requirements
The ‘Essential Requirements’ is the backbone for establishing conformity with the Medical Device Directive (MDD 93/42/EEC) and the Active Implantable Medical Device Directive (AIMDD 90/385/EEC). Detailed within Annex I of the MDD and AIMDD, the ‘Essential Requirements’ laid out the requirements that devices must meet in order to state compliance to the directives. With the implementation of the new EU Medical Device Regulation (MDR 2017/745), the ‘Essential Requirements’ will become superseded by the new EU MDR General Safety and Performance Requirements (GSPRs).
#2 Essential principles
The IMDRF laid out Essential Principles requirements in a document entitled Essential Principles of Safety and Performance of Medical Devices and IVD Medical Devices. From a high-level perspective, three basic tenets make up these ‘Essential Principles’:
- A device must be designed to be safe and perform effectively throughout its lifecycle.
- Device manufacturers must maintain all design characteristics.
- Devices must be used in a way that is consistent with how it was designed.
Many countries use the term ‘Essential Principles’ when compiling the documentation required to determine compliance to the law. For instance, the Australian Therapeutic Goods Administration (TGA) uses the term ‘Essential Principles Checklist’. Regardless of the term used, Essential Principles are of similar nature and overlap many of the Essential Requirements and new GSPRs.
#3 General safety and performance requirements (GSPR)
As of May 26, 2021, medical device manufacturers must start to comply with Annex I – General Safety and Performance Requirements (GSPRs) of the new EU Medical Device Regulation (MDR 2017/745). GSPRs are specific to the European MDR and IVDR. If you hear any other term (i.e. Essential Principles), it most likely means it is not referencing the European market.
Annex I of the EU MDR and IVDR details the specific requirements of the General Safety and Performance Requirements (GSPRs). The GSPRs are broken down into three (3) chapters in Annex I, MDR 2017/745 and IVDR 2017/746:
- Chapter 1 - General requirements
- Chapter 2 - Requirements regarding design and manufacture
- Chapter 3 - Requirements regarding the information supplied with the device
Chapter 1 - General requirements
Both the EU MDR and the EU IVDR outline General Safety and Performance Requirements (GSPRs) in great detail for medical device designers and manufacturers. The general requirements for each are almost identical and consist of the following:
- Devices must perform in a way that aligns with the intended design.
- They must not compromise the health or safety of a patient, user, or any other person associated with the device.
- Risks must be reduced as much as possible, but not so much that they negatively affect the risk-benefit ratio.
- Device manufacturers must implement and maintain a thorough, well-documented, and evaluative risk management system that continues to be updated throughout the life cycle of a device.
- Manufacturers and designers must include any necessary measures for protecting users in cases where risks cannot be completely eliminated.
- Manufacturers must provide users with information about any potential risks that remain. This information must be clear, easy to understand, and considerate of the users’ technical knowledge level, use environment, and any applicable medical conditions.
- Devices must withstand the stresses of normal use for the duration of their lifecycle. Devices must be designed, manufactured, and packaged in a way that protects them from damage during transport and storage.
- When it comes to risks and negative side effects that are known and foreseeable, designers and manufacturers must make every effort to minimize negative outcomes. They must also ensure that potential risks are acceptable when compared to the potential benefits of a device to its users.
Chapter 2 - Requirements regarding design and manufacture
The GSPRs also provide key details regarding specific information about the performance, design and manufacture of medical devices. As it relates to design inputs, the MDR and IVDR GSPRs provide highly detailed requirements relating to a device’s technical information. Further detail can be found in the comparison tables in Appendix A and Appendix B, where we have compared MDR to MDD and IVDR to IVDD.
Chapter 3 - Requirements regarding the information supplied with the device
The final key area of governance within the GSPRs relates to specific information a manufacturer must supply with a device. The general requirements for this information states that, “Each device shall be accompanied by the information needed to identify the device and its manufacturer, and by any safety and performance information relevant to the user, or any other person, as appropriate.” The requirements provide further detail as far as location - specific information that must be provided on the following:
- The device label includes its UDI.
- The user instructions.
- The packaging of a device that is intended to maintain its sterile condition.
Medical devices are subject to significant regulations and a full understanding of EU MDR and/or IVDR labeling as defined in Annex 1 Chapter 3.
In addition to the specific requirements identified within Annex I of the EU MDR and IVDR, Annex II, Technical Documentation, identifies additional requirements. Specifically, in both EU MDR and IVDR’s Section 4 – General Safety and Performance Requirements it states:
“the documentation shall contain information for the demonstration of conformity with the general safety and performance requirements set out in Annex I that are applicable to the device taking into account its intended purpose, and shall include a justification, validation and verification of the solutions adopted to meet those requirements. The demonstration of conformity shall include:
(a) the general safety and performance requirements that apply to the device and an explanation as to why others do not apply;
(b) the method or methods used to demonstrate conformity with each applicable general safety and performance requirement;
(c) the harmonised standards, CS or other solutions applied; and
(d) the precise identity of the controlled documents offering evidence of conformity with each harmonised standard, CS or other method applied to demonstrate conformity with the general safety and performance requirements. The information referred to under this point shall incorporate a cross reference to the location of such evidence within the full technical documentation and, if applicable, the summary technical documentation.”
Let’s break this down into each part.
Requirement
(a) the general safety and performance requirements that apply to the device and an explanation as to why others do not apply;
What needs to be documented for the requirements that apply or the requirements that do not apply?
Each and every section of the EU MDR GSPR or EU IVDR should be assessed in its own right as it pertains to your medical device. When a requirement applies, a simple statement may be made that this requirement applies to the device. In practice this is often achieved using a checklist or table, with a column for applicability and a Yes/No answer against each requirement. When a requirement applies, you can move on to the other parts of demonstrating conformity regarding methods used and standards applied.
When a requirement is not applicable, a statement must be made to that effect, i.e. a ‘No’ in the applicability column. Additionally, it must be fully and properly justified. Such a justification may be something like ‘The device is not powered and is therefore not an active device. This requirement does not apply.' The justification should clearly state why the requirement has been deemed not to apply so that your notified body can understand your reasoning
Requirement
(b) the method or methods used to demonstrate conformity with each applicable general safety and performance requirement;
What is meant by “method or methods used”?
This relates to the way you complied with that GSPR requirement, historically it would be listed as a standard or other documentation reference that you have applied to demonstrate compliance, however, the question of ‘method or methods used’ is new to the MDR and it is expected that a verbal description be provided such as:
i. Risk analysis weighed against clinical evaluation benefit
ii. Performance intended demonstrated by design requirements, verification and validation
Requirement
(c) the harmonized standards, common standards (CS) or other solutions applied;
What are harmonized standards, common specifications (CS), and “other solutions”?
Harmonized standards
These are standards that have been specifically developed and assessed for compliance to a regulation or directive. They are published in the Official Journal of the European Union (sometimes just referred to as ‘the OJ’) and if you comply with these standards then there is a ‘presumption of conformity’ with that directive or regulation to which they have been harmonized. These harmonized standards can only be created by a recognized European Standard Organization (such as CEN or CENELEC). When a standard is harmonized, an annex is added that describes how the standard conforms to the directive or regulation. When using harmonized standards, you should make sure that you understand how the standard conforms so that you do not claim compliance when the standard either does not meet that requirement or only partially meets that requirement.
If a standard does not meet a certain requirement of the directive or regulation, or indeed only partially meets it, then you must employ additional mechanisms for compliance. If a harmonized standard meets part of a directive or regulation, then by complying with that standard you also fully meet the corresponding requirement(s) The list of harmonized standards continues to grow - refer to the “Healthcare Engineering” section of the European Commission’s Harmonized Standards page for current information. In this case, using an MDD harmonized standard and documenting a justification for doing so (i.e. how you believe the standard demonstrates compliance with the GSPRs), should provide sufficient evidence
Common specifications
Common Specifications (CS) are a new concept in the MDR. They allow the European Union to add additional requirements that must be met in order to claim compliance where harmonized standards do not exist or where relevant standards are considered insufficient. The definition of a Common Specification is:
‘A set of technical and/or clinical requirements, other than a standard, that provides a means of complying with the legal obligations applicable to a device, process or system.’
Requirement
(d) the precise identity of the controlled documents offering evidence of conformity with each harmonized standard, CS or other method applied to demonstrate conformity with the general safety and performance requirements. The information referred to under this point shall incorporate a cross- reference to the location of such evidence within the full technical documentation and, if applicable, the summary technical documentation;
What is the expectation for incorporating a "cross-reference to the location of such evidence within the full technical documentation"?
This means that someone looking at the document should be able to identify exactly where in the technical documentation that the compliance evidence can be found. For example, this may refer to test reports and their exact location, or it could even reference locations within a large document, depending on the GSPR and your particular documentation. (i.e. if you have included usability risks as part of a larger risk assessment, you may need to say ‘See Technical File XXX, Section XX, Doc RMF001 rev 3 lines 65-78’). In other cases it could just mean the whole document reference, i.e. Have you done risk management? – then yes, it is RMF001 rev 3. What the specific reference actually is depends on how you have managed your technical documentation and how defined it is (i.e. separate reports or one big one). There should be no ambiguity as to where the document is located
An example of a completed GSPR checklist could look something like this (applicable and nonapplicable examples are shown):
Specification developers and manufacturers must continually maintain their technical documentation to stay compliant. Part of this process is to ensure that they take into account the "generally acknowledged state of the art".
Proactive monitoring
'State of the art'
There is no formal definition of ‘state of the art’ within the EU MDR or IVDR, although it is mentioned many times. ‘State of the art’ is an ongoing debate; however, it generally means that it embodies what is currently and generally accepted as good practice in the medtech industry. The ‘state of the art’ does not necessarily imply the most technologically advanced solution.
One consensus on state of the art is being up to date and compliant with the current and in effect standards that are applicable to your device. This means that if a standard is updated that your medical device is compliant with, you must evaluate that update to ensure that it would meet the EU MDR or EU IVDR ‘state of the art’ requirement. This is not a new requirement from the EU MDD but it is spelled out more clearly in the EU MDR.
The specification developer or manufacturer is ultimately responsible for determining if the updated standard applies or does not apply to their device(s). Either way, the justification should be documented within a gap analysis.
Monitoring for changes
Of course, 'state of the art' only applies if you actually know if something changed. This is why you need to develop a process for monitoring the standards that compliance is claimed. Every single standard that is associated with your technical documentation must be actively monitored, reviewed, and reported on.
If you have a product on the market and need a better way to monitor and maintain your General Safety and Performance Requirements (GSPR) or Essential Principles, Rimsys can help. Rimsys digitizes and automates GSPR and Essential Requirements so you can dynamically update and proactively monitor changing standards and evidence files.
When a standard or evidence file changes, you will automatically be notified and can update one GSPR or all of your GSPRs as applicable with a single click of a button. If additional information is needed, such as testing, it’s also invaluable to ensure that all devices are identified. What used to take weeks of manual, error-prone administrative tasks is now done in seconds within a fully validated, secure, maintenance-free, cloud-based solution
Maintenance
Maintaining and updating your technical documentation is generally the hardest part of staying compliant. Robust processes must be established to ensure nothing slips through the cracks and show up as nonconformances during regulatory audits.
Gap analysis
In addition to meeting the ‘state of the art’ requirements and the continuous proactive monitoring of standards, once a change has been detected that affects the technical documentation, a proper and thorough gap analysis must be completed.
The gap analysis between the old versions and the new versions, or an evaluation of a brand new standard, must occur and be properly documented. The gap analysis should detail what is applicable and what is not applicable, with your supporting justification.
If something within the new or revised standard was applicable to your device, additional engineering testing, documentation, justification, and, in some instances design changes, may be needed to ensure compliance
GSPR updates
Once the gap analysis has been properly documented, specification developers and manufacturers must update their GSPRs.
These updates include finding the withdrawn or superseded standard or evidence file throughout each row within your GSPR table, for every single device on the market on which this change is applicable. This could be one table or dozens of tables depending on the complexity of the products and your product mix.
Without a holistic RIM system to help you, this is an error-prone process as is it tedious, administrative, and extremely easy to miss an inappropriate referenced standard or evidence file.
Extreme diligence on the regulatory or engineering team must occur to ensure these critical updates to the GSPRs are not missed and a gap analysis must be properly referenced throughout. Any justification for including or excluding a new standard or evidence file will be scrutinized by regulatory auditors, and without proper maintenance, may lead to additional review time.
To continue reading this eBook including Comparison Table of the EU MDR Annex I GSPR vs. the EU MDD Annex I Essential Requirements, please register to download the full version.
The beginner's guide to the FDA PMA submission process
This article is an excerpt from The beginner's guide to the FDA PMA submission process ebook.
Table of Contents
- Introduction
- PMA basics
- FDA interactions
- Contents of a traditional PMA submission
- PMA supplements and amendments
- PMA Quality Management System (QMS)
- Review process and timeline
If your organization is planning to market a new medical device in the United States, you first need to determine which regulatory class the device falls under. The vast majority of medical devices regulated by the FDA are either Class I or Class II medical devices, requiring a 510(k) premarket notification or a simple registration if exempt from 510(k) requirements. However, if your device sustains or supports life, is implanted, or presents a “potential unreasonable risk of illness or injury,” your device is likely a Class III device which will require Premarket Approval (PMA) from the FDA before it can be marketed in the United States. Novel devices, for which there are no existing substantially equivalent devices, are automatically classified as Class III as well. Novel devices with a lower risk profile, however, may qualify for the De Novo process instead of the PMA. Just 10% of devices regulated by the FDA are Class III devices.
This ebook provides an overview of the PMA process and its requirements, but it is not designed to be the only resource used in compiling a PMA submission. The FDA provides significant documentation on this process, starting with the regulation governing premarket approval that is located in Title 21 Code of Federal Regulations (CFR) Part 814.
FDA: Background and device oversight
Before we explain what a PMA is, let’s first talk generally about the Food and Drug Administration (FDA) and device oversight. The FDA is the U.S. governmental agency responsible for overseeing medical devices, drugs, food, and tobacco products. When it comes to medical devices, the FDA’s mission is to “protect the public health by ensuring the safety, efficacy, and security of...medical devices.” At the same time, the FDA also has an interest in “advancing public health by helping to speed innovations.” In other words, the FDA’s goal is to make sure devices are safe and effective for public use, while also ensuring that devices have a quick and efficient path to market.
In order to achieve this balance of safety and efficiency, the FDA has three different levels of oversight depending on the risk level of the device: (1) exempt from premarket notification, (2) Premarket Notification, also known as 510(k), and (3) Premarket Approval (PMA).
When is a PMA required?
The PMA process is the most stringent regulatory process for medical device approval under the FDA and applies to almost all Class III devices. To determine whether your device requires a PMA, you must first Classify your device by searching the Product Classification Database. The database will provide you with similar devices; their name, classification, and link to the Code of Federal Regulations (CFR) if applicable.
- If a substantial equivalent is found in the Product Classification Database with a submission type of 510(k), you should submit a 510(k), not a PMA.
- If the product classification database identifies your device as Class III and/or requiring a PMA - you should submit a PMA.
- If your device involves a new concept and does not have a classification regulation in the CFR, the database will list only the device type name and product code. In this case, the three-letter product code can be used to search the PMA database and the 510(k).
- If your device cannot be found in the product classification database because it is a new type of device and should be classified as a Class III device because of the level of risk it presents*.
Class III devices support or sustain human life, are of substantial importance in preventing impairment of human health, or present a potential and unreasonable risk of illness or injury.
Note that if your device is a new concept without a substantial equivalent, but does not present the level of risk of a class III device, it may be eligible for the De Novo process as a class I or class II device.
PMA vs 510(k)
Not only are PMA and 510(k) processes applicable to different types of devices, they have different purposes.
510(k): A 510(k) is intended to demonstrate that the device for which approval is being sought is as safe and effective as a currently marketed device that does not require a PMA.
PMA: A PMA is intended to prove that a new device is safe and effective for the end user. A PMA is much more detailed and in-depth than a 510(k). Device manufacturers are typically required to present human clinical trial data, in addition to laboratory testing data.
The difference in complexity between a PMA and 510(k) also affects the time needed to process the submissions. The FDA typically accepts or rejects a 510(k) submission within 30-90 days, at which point the device is posted to the FDA’s 510(k) database. A PMA submission can take up to 180 days to be processed, at which point the FDA can approve or deny the application. The FDA may also issue an “approvable” or “not approvable” letter, which the applicant can choose to respond to, thereby adding time to the submission process.
PMA application methods
There are a number of types of PMA application methods. While most devices which require a PMA will follow the traditional process, be sure to verify that you are using the correct application process to maximize your chances for success and avoid unnecessary delays:
Traditional PMA
The most common method for attaining FDA clearance for Class III devices, the traditional PMA is the appropriate option for most devices that have completed clinical testing.
Modular PMA
The modular PMA is the appropriate application method for devices that have not yet completed clinical testing. Applicants complete individual “modules,” with final confirmation granted once all sections are completed. For additional information on specific requirements of a modular PMA, read the FDA’s Premarket Approval Application Modular Review.
Product Development Protocol
Use the Product Development Protocol (PDP) with medical devices that are based on well-established technology. The PDP process for gaining market approval merges the clinical evaluation and development of information, and involves an agreement between the manufacturer and the FDA. The process provides the advantage of early predictability for the manufacturer and allows early interaction that can identifyFDA concerns as soon as possible in the development process. Because the PDP identifies the agreed upon design and development details, a completed PDP is considered to have an approved PMA. For additional information, read more about the FDA’s PMA Application Methods.
Humanitarian Device Exemption
A Humanitarian Use Device (HUD) is specifically defined as a device intended to benefit patients that are affected by a disease or condition that affects less than 8,000 individuals in the U.S. per year. TheHumanitarian Device Exemption (HDE) approval process is designed to encourage clinical activity around rare conditions, and does have certain restrictions, including:
- After receiving HDE approval, a HUD is eligible to be sold for profit only if the device is intended to address a disease or condition that occurs primarily in pediatric patients, or occurs in pediatric patients in small numbers.
- If an HDE is approved to be sold for profit, the FDA will determine an annual distribution number(ADN). Any devices sold beyond the ADN limit are required to be sold for no profit.
For more information see the FDA’s explanation of the Humanitarian Device Exemption.
CBER Submissions
There are two centers within the FDA responsible for evaluating medical devices. While the majority of devices will go through the Center for Devices and Radiological Health (CDRH), some will be managed by The Center for Biologics Evaluation and Research (CBER). CBER regulates medical devices related to blood and cellular products, including blood collection and processing procedures as well as cellular therapies. This ebook focuses on submissions made through the CDRH, but you can view CBER Regulatory Submissions – Electronic and Paper for more information on the CBER process.
To continue reading this eBook, including a walk through of the different types of required and optional FDA meetings and communications, a detailed list of the contents of a traditional PMA submission, and an overview of quality management system requirements, please register to download the full version.
An overview of 21 CFR Part 11 regulations for medical device companies
What is 21 CFR Part 11?
21 CFR Part 11 refers to the federal regulation that address electronic records and electronic signatures associated with FDA requirements. This single, relatively small, part of the Code of Federal Regulations is extremely significant for companies with FDA-regulated products because it impacts every document signature, electronic file, and FDA submission. Codified in 1997, interpretations of this FDA-issued regulation continue to be debated and re-evaluated as the technology supporting electronic records and signatures changes. In this article, we’ll discuss the regulation and generally accepted interpretations.
Note that discussions and statements in this document are our observations only and should not be taken as fact. You can refer directly to the regulation here.
Part 11: General Provisions
The General Provisions section of 21CFR11 addresses the scope of the regulation, when and how it should be implemented, and defines some of the key terms used. It states that the purpose of Part 11 is to define the criteria under which electronic records, electronic signatures, and handwritten signatures attached to electronic records are equivalent to, and as reliable as, handwritten signatures on paper documents.
Fundamentally, any record that is maintained, used, or submitted under any FDA records regulation is subject to Part 11, and the FDA will accept electronic records in lieu of paper records if an organization can prove that their records and systems meet the Part 11 requirements.
The General Provisions subpart also sets forth a number of definitions, and we’ve listed the ones that are most significant to our discussion here:
- Closed System: A computer system or software whose access is controlled by the same people who are responsible for the information stored in the system. Because the opposite of a closed system, and “open system,” is subject to additional scrutiny be sure that you are able to thoroughly explain and provide documentation for a decision to classify your system as a “closed system.”
- Open System: A computer system or software whose access is not controlled by the same people who are responsible for the information stored in the system.
- Digital Signature: An electronic signature created in a manner that can be verified, ensures the identity of the signer, and maintains the integrity of the document and signature. This often involves the use of cryptography and/or biometric data.
- Electronic Signature: Symbols that represent a legally binding equivalent to an individual’s handwritten signature (as adopted and authorized by the signer).
Part 11: Electronic Records
The Electronic Records section sets forth the requirements for administration of closed and open electronic record-keeping systems, then discusses signature manifestations and requirements for establishing a link between signatures and records.
Part 11 defines a “closed system” as any computer system in which the users controlling access to the system are the same people who are responsible for the data in the system. Today, most systems can be classified as closed systems, but take special care to document control procedures around software that is hosted offsite or classified as a SaaS solution.
This section of the regulation deals with the controls that need to be in place for all applicable electronic record systems by defining:
- Procedures to ensure that all electronic records are authentic, have integrity, and can ensure confidentiality (where that is appropriate).
- Validation requirements for systems that maintain electronic records to ensure that all records are accurate, reliable, and that the system performs consistently according to regulatory requirements.
- Audit trail requirements for all regulated records to ensure a complete history of all changes to records are maintained.
- Controls around system access and document signatures.
Part 11: Electronic Signatures
The Electronic Signatures section defines the components of electronic signatures and the required controls and procedures necessary for using them.
In general, an organization must be able to demonstrate that electronic signatures:
- Are unique to each individual, and that the individual assigned an electronic signature has had their identity and level of authorization verified.
- Must be based either on biometric data (such as fingerprints) or made up of two distinct pieces (ie: a User ID and password)
- Require appropriate controls to ensure that they are verified periodically, cannot be used by someone other than the intended user, and are immediately deactivated if compromised in any way.
Practical application of 21CFR Part 11 for regulatory affairs professionals
21 CFR Part 11 is a critical regulation, and one that can be open to interpretation. Below, we cover some of the key areas that should be of concern for RA professionals. This is an overview of key areas only, and should not be taken as complete instruction or guidance for 21CFR part 11 compliance.
System compliance and validation
Any system that you are using to store electronic records that fall under FDA regulations needs to be compliant with Part 11. This includes everything from spreadsheets to full-featured RIM and document management systems.
Software vendors will often document how their systems are developed to be compliant, and may even support system validation during implementation - but it is ultimately the responsibility of the user organization to ensure that their systems and processes are compliant with Part 11. System validation is the process of documenting that your system meets all of the Part 11 requirements. Software vendors can support this process by ensuring that their systems are built on a highly secured infrastructure that can be demonstrated and proven.
The Rimsys system was built from the ground up to meet the stringent requirements of not only 21 CFR Part 11, but other industry standards and good practices guidelines (GxP). We have put in place a rigorous validation program, built by industry experts and supported by a secure and well-documented infrastructure. For more information, visit the Rimsys Security and Privacy page.
Audit trails
Audit trails are the required system logs that track the who, when, and what of every change made to data that falls under Part 11. Audit trails should be generated and time-stamped by the system, with no ability for users to change that information. Audit trails serve two purposes under 21 CFR Part 11:
- To demonstrate that documented policies and procedures are being followed, including that only users with the appropriate authority are managing data.
- To prove that data retention policies are being adhered to (see below).
At any time, you should be able to view the history of any record, from a Design History File to a submission document, in order to determine what changes have been made, when they were made, and by whom.
Record retention
21 CFR Part 11 specifies that electronic records must be protected and readily available throughout the defined record retention period. Additionally, 21 CFR Part 820 specifies that records related to the quality, manufacturer, regulatory submissions, or any other data that falls under FDA regulation, should be maintained for the life of the medical device and for a minimum of two years from the date of first commercial distribution. This is often referred to as “cradle to grave” tracking.
This means that regulatory professionals need to not only be aware of their company’s record retention policy, but need to ensure that any system being used to track regulatory submissions or other data subject to audit meets Part 11 and Part 820 requirements. Note that record retention requirements apply also to paper records where they are the source document.
Electronic and digital signatures
An important piece of 21 CFR Part 11 is its definition of electronic and digital signatures. “Electronic signature” is used to define any set of symbols that are used in place of a handwritten signature, whereas a “digital signature” is an electronic signature based on methods that ensure the identity of the signer where the integrity of the data can be verified. A digital signature can be based on biometric data (such as fingerprints) or secure user IDs and passwords that are controlled to ensure only one authorized user can use the signature.
As a regulatory affairs professional, you should ensure that:
- Everyone on your team who needs to sign documents has their own unique digital signature and understands the importance of protecting it. Sharing of electronic credentials is a common FDA audit observation. Also ensure that users who are not required to sign documents have appropriate access to data to discourage other users from sharing login credentials with them.
- You are following your company’s policies concerning electronic signature audits so that passwords remain updated and strong and signatures are revoked when a user leaves or changes positions.
- You immediately report any possible loss, theft, or sharing of user credentials or devices that generate identification codes.
While 21 CFR Part 11 is usually considered more of a “quality regulation,” it is important that regulatory teams within medical device organizations fully understand this regulation and its compliance implications. To learn more about the regulations, click below to read our regulatory brief.
STED is dead
What is STED?
The STED, or Summary of Technical Documentation, format was created originally by the Global Harmonization Task Force (GHTF), the precursor to the current International Medical Device Regulators Forum (IMDRF). The original STED format, defined in 2007, was the first attempt to harmonize medical device submission information and standardize the information required under the EU MDD and regulations in other countries.
As medical devices and corresponding regulations developed more stringent regulations that defined their market access submissions, regulators found that this original harmonized format did not require sufficiently detailed technical information, nor did it provide enough structure. As a result, more recent regulations have replaced STED with expanded requirements. Note that some in the industry may refer to “STED” when discussing the newer requirements that have replaced it.
Is STED still valid?
Technical documentation formatted using STED may come close to meeting current requirements in some cases. However, many major markets have updated their regulations and requirements for technical documentation, or they have standardized on MDR. EU notified bodies expect MDR technical files, which may have specific requirements depending on the notified body that a manufacturer is using.
In addition to MDR in the EU, we have seen other countries over the past few years make changes to their regulatory systems and requirements, including:
- New regulations in China based on IMDRF in June, 2021 (Order #739)
- Emerging regulations in Canada and Brazil that are currently based on the IMDRF ToC
- New Regulations for Saudi Arabia that closely resemble EU MDR
- Massive regulatory restructuring in ASEAN market
What has replaced STED?
STED has been replaced by the IMDRF Table of Contents (ToC) submission dossier. This submission template has more defined requirements than STED and we are seeing countries update their regulations to adhere closely to the IMDRF ToC. There are a few additional benefits to the IMDRF ToC:
- Additional Flexibility - The IMDRF ToC has a specific numbering structure for technical requirements that allow authorities to “pick and choose” requirements based on submission type and risk classification.
- Efficiency – Countries that use the IMDRF ToC will have a matrix structure for their submissions to note what is required (R), Conditionally Required (CR), Not Required (NR) or optional (O). This can cut down on extraneous information that does not need to be in a submission. Canada already has draft guidance in place with their matrix submission style.
- Standardization – each country that follows the IMDRF ToC will number their submission document requirements with the same Table of Contents.
There are also other markets that are using alternative pathways to STED. The ASEAN market uses ASEAN CSDT (common submission dossier template), which is similar to the IMDRF ToC format, but uses different numbering. There are also two versions of the CSDT – one for standard medical devices and one for in vitro diagnostic devices.
Note that Singapore HSA has good information and is considered the “gold standard” for regulatory submission processes in the ASEAN market.
Expectations for future medical device submission requirements
We expect requirements to only get more complex and burdensome as countries move to further improve patient safety and address the needs of increasingly complex medical devices. A well-defined submission template strategy is critical to managing your device types. Within Rimsys, you can not only access standard IMDRF, NMPA, and other templates - you can design customized templates as needed for your holistic regulatory strategy.
Additional resources
Would you like to learn more about how Rimsys handles submission templates? Schedule a conversation with our experts now.
An overview of the UK Medicines and Healthcare Products Regulatory Agency (MHRA)
There’s no question that the medical device market is global, and the United Kingdom (England, Scotland, Wales, and Northern Ireland) is one of the world’s most viable and vital markets. It’s certainly one that you want your medical device in if you hope to make a global impact. The Medicines and Healthcare products Regulatory Agency (MHRA) is the gatekeeper of that market and one of the world’s most influential regulatory bodies.
Knowing who the MHRA is and understanding their role in ensuring that only safe, effective, high-quality medical devices enter the market is vital to your success in the UK. In this brief article, we’ll tell you more about who the MHRA is, their authority and responsibilities, and even some of the requirements you must meet to get your medical device into this market.
What is the MHRA?
The MHRA is an executive branch of the Department of Health and Social Care. It’s the UK’s equivalent of the US Food and Drug Administration (FDA), meaning that they set the quality and regulatory standards for medical devices in Great Britain.
Because the UK used to be part of the European Union, products required a CE marking to enter the UK market. Since Brexit, the MHRA has been the sole regulatory authority in Great Britain (England, Scotland, and Wales) and the gatekeeper to its robust medtech market.
What does the MHRA do?
As you know, medical devices must meet specific requirements before they can be sold in most markets around the world. Generally, the more developed the nation and its healthcare and medical device industries, the more complex its healthcare regulations are.
The MHRA is responsible for:
- Monitoring and regulating post-market surveillance of all medical devices currently on the market and creating regulations and requirements for medical devices entering the UK. They also enforce regulations, ensure medical devices meet the necessary safety, efficacy, and quality standards, and have the power to pull noncompliant products from the shelves.
- Making sure that supply chains for medical devices and the materials that comprise them are safe and secure. This includes everything from the facilities where products are made and stored, to their packaging and the systems and logistics applied in their transport.
- Educating the general public, healthcare professionals, and manufacturers about the risks and health benefits of medical devices.
- Engaging in harmonization efforts with other countries to develop standardized pathways to global markets. They influence international regulatory standards, best practices, and frameworks to support this effort.
How do you register a medical device with the MHRA?
Registering a medical device in the UK is different than in years past due to Brexit, which was the British exit from the European Union. Before Brexit, the UK adhered to the EU regulatory requirements as put forth in the EU MDD/IVDD, which Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) eventually replaced. However, the MHRA will be instituting its new regulations currently set to be in force in July 2024.
One of the first steps of registering a product in the UK is getting the UK Conformity Assessment (UKCA) marking on your device and packaging. Manufacturers of Class I (lowest-risk classification) devices and general In Vitro diagnostic devices can self-certify against UKCA marking if these devices are non-measuring and non-sterile.
Class II and III devices must go through conformity assessment by a UK approved body. Approved bodies are the UK’s equivalent of Notified Bodies in the EU. These organizations have the authority to perform conformity assessments and apply UKCA markings on medical devices. UK approved bodies also perform post-market surveillance of devices currently on the market to ensure they’re safe and compliant for as long as they’re in use.
The process is a little different for device manufacturers outside of the UK who want to market their medical devices. Foreign manufacturers must designate a single person based in the UK to serve as their authorized representative (or UK Responsible Person). The UK Responsible Person acts as a liaison between the manufacturer and the relevant approved regulatory bodies, and handles the task of registering that company’s products with the MHRA.
The MHRA and Northern Ireland
When registering a device in Great Britain and Northern Ireland, you’ll notice that there are different procedures even though both were part of Brexit. According to the Northern Ireland Protocol (Northern Ireland’s response to Brexit), Northern Ireland applies Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) to its own regulatory framework, whereas Great Britain has decided to implement its own regulations over the next couple of years.
For instance, as Northern Ireland still adheres closely to Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR), UK approved bodies cannot provide conformity assessments for them. In fact, if a manufacturer based in Great Britain wants to put a medical device on the market in Northern Ireland, they must designate an EU Authorized Representative to register the product for them.
Furthermore, an EU Notified Body must provide a conformity assessment according to Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) for the device to receive UKNI marking (Northern Ireland’s conformity assessment mark). Likewise, Northern Ireland Authorized Representatives cannot represent Northern Irish or other foreign manufacturers in Great Britain, nor can Northern Ireland Notified Bodies provide UKCA marking for medical devices. In short, Northern Ireland has decided to continue to abide by EU medical device and in vitro diagnostics regulations as set forth by the European Medicines Agency, whereas Great Britain has not.
How to achieve compliance
The MHRA is firmly positioned as one of the foremost regulatory authorities in the world. They’re responsible for creating, implementing, and enforcing regulations for medical devices and IVDs in the UK while also providing research and education to promote the safety and efficacy of devices worldwide.
Adherence to UK regulations is essential to getting your medical device on that market and keeping it there. Medical devices entering the Great Britain market must adhere to the MDR/IVDR (until June 30, 2023) or UK MDR 2002, whereas Northern Ireland still abides by EU regulations.
Manufacturers based outside of Great Britain that want to put their devices on the market there must designate a UK Responsible Person (UKRP) to represent their interests and a UK-approved body to perform conformity assessments and apply UKCA marks. At the same time, Northern Ireland still adheres to EU regulations, requiring foreign manufacturers to utilize EU and NI responsible persons and notified bodies to assess medical devices, documentation, and manufacturing facilities while requiring the EU’s CE marking.
Bringing your device to market in the UK requires a dynamic regulatory strategy that enables you to optimize your projects and processes, ensuring your medical devices hit the mark for both the GB and NI markets. Also, it’s vital that you do your due diligence to ensure conformity with the regulations of both markets while also avoiding conflating their processes and regulatory requirements. Ultimately, getting your medical devices compliant with both markets could set your medtech company up to be a mainstay in the UK.
Introducing impact surveys
When we think of medtech regulatory affairs it’s easy to focus in on pre-market activities: the identification of market entrance requirements and the submission process to obtain market clearance for a new device. This is an important aspect of the work that RA teams do, but it’s definitely not all they do.
The reality is that regulatory work is never done because products are never done. Medtech companies are consistently making product updates, whether optimizing manufacturing or supply chains, adding accessories, working with new materials, or releasing software updates. This is normal, but in a highly-regulated industry, any of these changes can have an impact on a product’s license or market clearance status.
Impact assessments of new regulations, product or manufacturing changes, or standards updates are a core RA activity and one that we’ve focused on automating within Rimsys. Our unique “product-centric” data structure allows registrations, submissions, standards, and technical files to be linked to individual products. This association means that any RA team member can instantly pull a list of products that may be impacted by a standards change, or, conversely, a list of registrations that may be impacted by a product change.
Now we’ve enhanced Rimsys’ impact assessment capabilities by allowing teams to survey registration owners or country managers and collect their individual feedback about the impact of pending changes.
Feedback is a critical element of impact assessments
Communication and feedback within a broader regulatory team is a critical component of any impact assessment. In larger organizations, different teams often have responsibility for different regions, whether those are dedicated RA teams, consultants, or in-country representatives. A product or manufacturing change can impact any number of country registrations in different ways, so to properly assess the regulatory workload needed to process the change, teams need to gather and document input across the extended RA team.
Traditionally this activity has involved a flurry of emails, some shared spreadsheets, and no clear tracking or management, making it time-consuming and difficult to effectively collect this information.The new impact survey feature from Rimsys automates this task and centrally collects all of the necessary feedback within a consolidated project plan.
How it works
Impact surveys are included in the projects module in Rimsys. Now, when you start a new project request you can automatically send a survey to all of the owners for registrations that are associated with the project. Owners are notified to log into Rimsys, review the product details and any linked documentation, and fill out a short form to document whether they think their particular registration will be impacted by the proposed project, the remediation required (registration update, audit, etc.), and the expected time required.
Registrations where the owner indicates an impact are automatically flagged, and a progress bar provides an at-a-glance view of the survey status (completed responses, pending responses, % of registrations impacted). When the project request is approved, all impacted registrations and timeline are carried over to the active project plan.
Automated impact assessments deliver more than efficiency
The new survey feature is another key piece in our goal to streamline and automate as many regulatory activities as possible. Centralizing the surveys within the Rimsys platform ensures that everybody has access to the information they need to assess the impact of proposed changes on specific markets and registrations. It allows surveys to be completed more quickly and ensures that all of the potential impacts are incorporated into a project plan.
This allows RA teams to work more quickly, but more importantly, it ensures that all potential impacts are properly identified, preventing project delays and eliminating noncompliance risks. If a product design change unexpectedly invalidates a license in a particular country, companies may have no choice but to withdraw that product until it can be recertified. Regulatory automation isn’t just about increasing efficiency, it can also have a significant revenue impact.
Want to learn more about automated impact assessments in Rimsys? Contact us today for a custom demo.
Medical Devices: Comparing standards, regulations, directives, guidance, and laws
The energy sector, the financial sector, and the healthcare sector are some of the most heavily regulated sectors out there due to the possibility of significant risk to consumers in those industries. In particular, the healthcare sector is regulated to ensure that only the highest quality care is provided to patients and that medical devices are optimized for safety and efficacy.
In the world of Regulatory Affairs, words such as “standards” and “regulations” are used frequently. While they can be rather similar, they do have different meanings in different situations. Let’s explore their definitions and meanings when being used by medical device regulatory affairs professionals.
In general, legislative bodies pass laws, government agencies develop regulations to implement the laws, and industry groups and organizations create and approve standards.
Medical Device Standards
Standards refer to industry standards that device manufacturers use to design, develop, and manufacture safe medical devices. Standards help to demonstrate safety, manage risk, and to achieve regulatory compliance. Harmonized standards are used, when possible, to make working across borders easier.
Example: ISO, IEC, and UL are all examples of industry standard organizations that develop standards to help guide manufacturers on safe design, development, and manufacturing of quality products.
Standards are:
- Technical documents
- Driven by the need for a consensus
- Crafted by experts
- Approved by peers within the industry
Medical Device Laws
Laws are created by the government, as are regulations, but the two are different. Regulations are the practices which need to be followed to ensure that the law are followed.
Example: Criminal laws, civil laws, federal laws, international laws, etc.
Laws are:
- Rules created by the government
- Designed to regulate commercial and business transactions
- Legal rules that apply to all members of society and/or institute
- Not changed frequently
Medical Device Regulations
Regulations are the process of monitoring and enforcing established government rules and laws.
Example: The EU implemented the Medical Device Regulation (MDR) Regulation EU 2017/745 for all its member states. This regulates the clinical investigation and sale of medical devices for human use. If you want to sell a medical device in the EU, it must be designed, developed, and manufactured according to this regulation.
Regulations:
- Define processes for the monitoring and enforcing the laws
- Provide a consistent method to ensure laws are followed
- Are known to change often and without notice
Medical Device Directives
In Europe, Directives are legal acts of the European Union. Directives comply with the EU's desire for subsidiarity and acknowledges that different member states have different legal systems, allowing each member state the leeway to choose its own statutory wording.
Directives:
- Are legal acts set up by the European Parliament and Council .
- Require member states to uphold the acts without dictating specific processes.
- Allow member state to have flexibility as to how the rules are to be adopted.
Medical Device Guidance
Guidance documents are designed by federal and/or regulatory agencies, such as the FDA and European Union, and are meant to help further explain or provide clarity on existing rules.
Example: The FDA provides many guidance documents to help medical device manufacturers better understand the rules and regulations governing the safe design, development, and manufacturing of medical devices.
Guidance documents are:
- Designed by federal and regulatory agencies
- Intended to help people better understand legal rights and obligations
- Not designed to be enforceable under law
Medical Device Policies
A policy defines how an institution should execute a regulation. While it’s not against the law to not follow policy, failing to follow the policy can result in situations that cause an organization to operate outside of the law. The government creates regulatory policies to ensure that industries operate in a sustainable manner and that any risks are minimized (i.e., foreign policy, economic policy, ethics policy, environmental policy, etc.).
A Policy is:
- How an institution interprets and implements regulations.
- Is meant to execute a regulation, depending on an institution’s size, complexity, location, and other factors.
- Helpful in providing people with guidelines for making day-to-day decisions.
As you can see, there are many different rules, regulations, etc. that need to be considered and followed, and they can sometimes be intertwined. When developing and selling medical device equipment, it’s very important for regulatory affairs teams to understand how each needs to be followed. You also need to be aware of the constant changes, especially when doing business in more than one country. A regulatory information management system is a great place to start to ensure the security of your products – no matter where they are being distributed and sold.
EU MDR transitional period to be extended
The Council of the European Commission has concluded their December 9th meeting meant to address member states’ concerns over the challenges and issues in meeting current MDR deadlines. MDD certificates for medical devices will continue to be accepted for an additional three to four years beyond current MDR deadlines, with limited exceptions.
While not all details are available, it is believed that the following changes will be adopted:
- An extension of the transitional period, allowing medical devices to continue to be marketed under MDD certifications through 2027 for class IIb and class III devices, 2028 for class IIa and class I devices that require an external conformity assessment, and 2028 for class 1 devices that are sterile or have a measuring function.
- An extension of the validity of certificates issues under the MDD.
- Some restrictions will be put in place under the new extensions. Devices not eligible for extended deadlines will include those devices presenting an unacceptable risk, those that have undergone significant changes since being certified, and devices for which the manufacturers are already in the process of obtaining certification under the MDR.
- The removal of the existing “sell off” provision.
It is expected that the MDCG will release a guidance to address bridging the gap for expiring MDD certificates within the coming days and that the full legislative proposal will be introduced in January, 2023.
Stay tuned for additional information as we learn exactly how this will be implemented and what restrictions will be in place.
Additional articles and information:
- MDCG 2022-18: MDCG Position Paper on the application of Article 97 MDR to legacy devices for which the MDD or AIMDD certificate expires before the issuance of a MDR certificate
- New extension to implement MDR (MDlaw.eu)
- Summary of the EU Commission Meeting – including video (Easy Medical Device LinkedIn post)
- Jan 6 update - EC adopts proposal
- 6 reasons medtech companies shouldn't delay MDR certification
Making the case for a RIM system
Regulatory Information Management (RIM) systems are becoming more prevalent in medical technology companies of all sizes. Yet many regulatory teams still rely on spreadsheets and software designed for other purposes, such as quality systems or pharmaceutical regulatory applications. When your team is ready for a medical device RIM system, what information and arguments can you use to obtain the budget and executive buy-in you will need?
In this article, we discuss the benefits of a RIM system that can be used in calculating and estimating ROI, along with examples of results achieved by Rimsys customers.
Improved efficiency
Arguably the greatest benefit to implementing a RIM system is the increased process efficiencies it brings, but this benefit is often the most difficult to quantify. It is not difficult to imagine that moving from spreadsheets and manual processes to a dedicated regulatory information management system will improve efficiency, but how do you measure this?
- Eliminate “non-value add” work
Identify the processes on which your RA team spends the most “non-value add” time. How much time does it take for them to determine all of the countries in which a product is approved for sale? What registrations are expiring this year? What GSPRs need to be updated because a standard has changed? For many medical device manufacturers, these processes take hours, days, or even weeks, of combing through multiple data sources and verifying information. A properly implemented RIM system can be expected to provide this type of information in minutes. - Improve communication between departments
Consider how your systems and departments communicate with each other. When the product team makes a change, how quickly and seamlessly are the quality and regulatory teams notified? Do they always have the time they need to react to such changes? If the regulatory team identifies a new requirement that the quality and product teams need to be aware of - how seamlessly is that handled? A RIM system can not only identify items that need to be communicated to other teams, but can also be integrated with PLM, eQMS, and ERP systems to automate such communication. One good example of this is Rimsys’s ability to share a product’s selling status with the manufacturer’s ERP system. This ensures that a product is never sold into a market where it has not been approved. - Enforce company processes and workflows
A RIM system can help enforce your processes and ensure proper communication by managing approvals and other tasks within the system. By automating communications around process tasks, teams do not need to rely on individual emails (or remember to send those emails). RA teams don’t need to hunt through email history to confirm that they haven’t missed anything, and processes, approvals, and actions are recorded in a secure and compliant system.
Reduce the impact of RA staff turnover
A strong RIM system not only helps to reduce the risk and cost associated with staff turnover, but can also help reduce turnover in the first place! When RA staff turns over, or a new member joins the team, a RIM system will provide:
- Clear and defined processes that are standardized and built into the system.
- A central repository of product registration information, submission records, and more.
- Immediate availability of current and historical records when dealing with regulatory agencies and notified bodies.
A RIM system also speeds up the onboarding process new RA team members, which can otherwise take 6 months or more for employees to get fully up to speed on the product portfolio, in-flight and upcoming projects, and previous interactions with health authorities.
Providing your existing RA team with a well-implemented RIM system reduces the time they spend searching for information, allowing them to spend more time doing what they do best—implementing regulatory strategies and managing the regulatory affairs of the company. Your RA team will be more productive, feel more empowered, and be more likely to say in their role.
Minimize compliance risks
Medtech regulatory teams need to ensure that they are staying current with ever-changing global regulations, guidance documents, and standards. Each change needs to be evaluated for its impact on items such as existing GSPRs and pending compliance deadlines (think of the changing UDI labeling and database deadlines in many countries). RA teams are also responsible for ensuring that required reporting and submission deadlines are met for every product in every country in which they are sold.
RA teams that rely on manual processes and spreadsheets are opening their companies to a higher level of compliance risk than those using holistic RIM systems. RIM systems can automate many of the processes required to ensure regulatory compliance, including:
- Identification of GSPRs affected by a standards change.
- Notifications of pending license expirations and regulatory deadlines.
- Approval and notification tasks.
Without a central regulatory system and automated processes, required regulatory actions may be missed resulting in expired registrations that require products to be pulled from the market or audit findings resulting from information being incomplete or unavailable.
In addition, RIM systems like Rimsys are designed to be verified under 21 CFR part 11 requirements and provide quick access to data required during an audit or by a notified body or regulatory agency.
Reduced costs
Wasted time
Many of the RIM advantages discussed above also lead directly to cost savings. When making the case for a RIM system in your organization, use as much specific data as possible - including average RA salary and time-savings estimates based on your team and processes. In general, though, consider that:
- The average RA professional wastes 30-50% of their time looking for information that could be easily retrieved with a RIM system.
- The average salary of an RA professional is $97,000.
- Approximately $30-$49k of each employee's salary is wasted due to inefficient processes.
In addition, a RIM system may allow you to reduce the cost of outside consultants and contracted regulatory work. Medtech regulatory consultants can charge between $150 and $300 an hour - resulting in consultant fees in the millions of dollars for many medical device manufactuers. One Rimsys customer was able to eliminate 15 consultants at the time they implemented the Rimsys RIM solution.
Cost of non-compliance
If your organization is found to be out of compliance by any regulatory agency, the cost can be extremely high. Not only must you put time and effort into becoming compliant, but you may likely face fees, penalties, higher consultant fees, and other direct costs. If a product needs to be removed from a market, and then re-approved, the costs can be significant. The largest concern for most companies, however, may be the costs associated with a well-publicized non-compliance issue (often following an adverse event or major quality issue). While difficult to quantify, if your company has faced major recalls or other public issues, use the actual lost revenue and increased cost numbers as available.
According to a McKinsey report, the average share value of a company experiencing a major quality event drops by 16.8%. The same report lists the average cost of a recall in companies surveyed at $2 million, a warning letter at $1 million, and a consent decree at $400 million (this last number is one consent decree at a single company).
Increased revenue
We believe that regulatory teams do not get enough credit for driving revenue within their organizations. A well-run regulatory team with the right tools drives:
- Increased speed to market: Regulatory teams using RIM systems complete new product submissions and registrations renewals in much less time than those without dedicated regulatory software. This means more products getting to market more quickly. Consider estimating how many weeks/months you can reduce product submission activities by and estimate additional revenue based on expected product releases in the coming year.
- Less revenue at risk from compliance issues: The potential for lost revenue can also be reduced by improving regulatory processes through a RIM system. If a product needs to be pulled from a market or experiences a serious and public regulatory event, how much revenue will your company lose in that market during the months or years it will take to recover? Medical device manufacturers reduce this risk by implementing strong regulatory systems that ensure registration renewals, ongoing reporting requirements, and updated requirements are visible and well-managed.
Real-world examples from Rimsys customers
- A leading In-Vitro diagnostic manufacturer reduced the time it took to update the 1400 GSPRs they were managing when a single standard changed by from 360 person-hours (3 regulatory professionals x 3 weeks) to 30 minutes. The time to create a GSPR table was reduced by 50% and required maintenance was reduced by 99%. (read the full case study)
- One medical device company had no communication between their PLM, eQMS, and ERP systems - causing delays in getting products registered and into new markets. They implemented Rimsys (replacing existing spreadsheets) and streamlined their product authorization process - reducing workload by 88%. It now takes just a few minutes to determine where a product is sold, versus the hours it took previously. (read the full case study here)
- BISCO, a leading global manufacturer of dental adhesives and cement, has a well-organized product registration process, but the information was difficult to share and search. Maintaining essential principle tables was also a growing concern. According to Ryan Hobson, BISCO's Global RA Manager, Rimsys allowed them to take “a process that could take a week or a week-and-a-half all told, and shortened it to a matter of minutes.” (read the full case study here)
Looking for information and data you can use to make the case for budget or leadership buy-in for a regulatory information management project? Download our RIM ROI infographic for a quick reference of all of the potential cost savings and revenue growth that can be realized with a RIM system.
