Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
The ultimate guide to the EU MDR and IVDR general safety and performance requirements (GSPR)
This article is an excerpt from The ultimate guide to the EU MDR and IVDR general safety and performance requirements (GSPR) ebook.
Table of contents
- Overview
- Terminology
- EU MDR/IVDR Annex I
- EU MDR/IVDR Annex II
- Proactive Monitoring & Maintenance
- Comparison Table: EU MDR/IVDR Annex I GSPRs vs EU MDD/IVDD Annex I Essential Principles
With the initial rollout of the European Medical Device Regulation (MDR) complete, medical device companies are shifting focus to the sister In Vitro Diagnostic Regulation (IVDR) which has rolling effective dates starting in May 2022. Like the MDR, the IVDR also includes new General Safety and Performance Requirements (GSPR). The expanded 2nd edition of this ebook includes a detailed summary of the IVDR GSPR regulations in addition to those of the MDR. It provides you with practical guidance on how to meet the GSPR requirements for all types of medical technology products. This ebook, however, should not take the place of reviewing the actual regulations and consulting regulatory experts when needed
Timeline
The EU MDR submission became mandatory from the previous MDD directive on May 26, 2021, and the EU IVDR effective date is quickly approaching. In fact, all submissions for new devices under the new EU IVDR must be implemented no later than May 25, 2022. Below is a high-level overview of key dates for both regulations.
*Note that the timeline for compliance was extended in 2021. Class D (high-risk) devices have until 2025 to comply with IVDR, while Class C devices have until 2026. Class B and Class A sterile devices have until 2027 to comply with IVDR.
What’s the difference between Essential Requirements, General Safety and Performance Requirements (GSPR), and Essential Principles. In order to have a meaningful dialogue, let’s first discuss the three (3) main terms used in the industry.
#1 Essential requirements
The ‘Essential Requirements’ is the backbone for establishing conformity with the Medical Device Directive (MDD 93/42/EEC) and the Active Implantable Medical Device Directive (AIMDD 90/385/EEC). Detailed within Annex I of the MDD and AIMDD, the ‘Essential Requirements’ laid out the requirements that devices must meet in order to state compliance to the directives. With the implementation of the new EU Medical Device Regulation (MDR 2017/745), the ‘Essential Requirements’ will become superseded by the new EU MDR General Safety and Performance Requirements (GSPRs).
#2 Essential principles
The IMDRF laid out Essential Principles requirements in a document entitled Essential Principles of Safety and Performance of Medical Devices and IVD Medical Devices. From a high-level perspective, three basic tenets make up these ‘Essential Principles’:
- A device must be designed to be safe and perform effectively throughout its lifecycle.
- Device manufacturers must maintain all design characteristics.
- Devices must be used in a way that is consistent with how it was designed.
Many countries use the term ‘Essential Principles’ when compiling the documentation required to determine compliance to the law. For instance, the Australian Therapeutic Goods Administration (TGA) uses the term ‘Essential Principles Checklist’. Regardless of the term used, Essential Principles are of similar nature and overlap many of the Essential Requirements and new GSPRs.
#3 General safety and performance requirements (GSPR)
As of May 26, 2021, medical device manufacturers must start to comply with Annex I – General Safety and Performance Requirements (GSPRs) of the new EU Medical Device Regulation (MDR 2017/745). GSPRs are specific to the European MDR and IVDR. If you hear any other term (i.e. Essential Principles), it most likely means it is not referencing the European market.
Annex I of the EU MDR and IVDR details the specific requirements of the General Safety and Performance Requirements (GSPRs). The GSPRs are broken down into three (3) chapters in Annex I, MDR 2017/745 and IVDR 2017/746:
- Chapter 1 - General requirements
- Chapter 2 - Requirements regarding design and manufacture
- Chapter 3 - Requirements regarding the information supplied with the device
Chapter 1 - General requirements
Both the EU MDR and the EU IVDR outline General Safety and Performance Requirements (GSPRs) in great detail for medical device designers and manufacturers. The general requirements for each are almost identical and consist of the following:
- Devices must perform in a way that aligns with the intended design.
- They must not compromise the health or safety of a patient, user, or any other person associated with the device.
- Risks must be reduced as much as possible, but not so much that they negatively affect the risk-benefit ratio.
- Device manufacturers must implement and maintain a thorough, well-documented, and evaluative risk management system that continues to be updated throughout the life cycle of a device.
- Manufacturers and designers must include any necessary measures for protecting users in cases where risks cannot be completely eliminated.
- Manufacturers must provide users with information about any potential risks that remain. This information must be clear, easy to understand, and considerate of the users’ technical knowledge level, use environment, and any applicable medical conditions.
- Devices must withstand the stresses of normal use for the duration of their lifecycle. Devices must be designed, manufactured, and packaged in a way that protects them from damage during transport and storage.
- When it comes to risks and negative side effects that are known and foreseeable, designers and manufacturers must make every effort to minimize negative outcomes. They must also ensure that potential risks are acceptable when compared to the potential benefits of a device to its users.
Chapter 2 - Requirements regarding design and manufacture
The GSPRs also provide key details regarding specific information about the performance, design and manufacture of medical devices. As it relates to design inputs, the MDR and IVDR GSPRs provide highly detailed requirements relating to a device’s technical information. Further detail can be found in the comparison tables in Appendix A and Appendix B, where we have compared MDR to MDD and IVDR to IVDD.
Chapter 3 - Requirements regarding the information supplied with the device
The final key area of governance within the GSPRs relates to specific information a manufacturer must supply with a device. The general requirements for this information states that, “Each device shall be accompanied by the information needed to identify the device and its manufacturer, and by any safety and performance information relevant to the user, or any other person, as appropriate.” The requirements provide further detail as far as location - specific information that must be provided on the following:
- The device label includes its UDI.
- The user instructions.
- The packaging of a device that is intended to maintain its sterile condition.
Medical devices are subject to significant regulations and a full understanding of EU MDR and/or IVDR labeling as defined in Annex 1 Chapter 3.
In addition to the specific requirements identified within Annex I of the EU MDR and IVDR, Annex II, Technical Documentation, identifies additional requirements. Specifically, in both EU MDR and IVDR’s Section 4 – General Safety and Performance Requirements it states:
“the documentation shall contain information for the demonstration of conformity with the general safety and performance requirements set out in Annex I that are applicable to the device taking into account its intended purpose, and shall include a justification, validation and verification of the solutions adopted to meet those requirements. The demonstration of conformity shall include:
(a) the general safety and performance requirements that apply to the device and an explanation as to why others do not apply;
(b) the method or methods used to demonstrate conformity with each applicable general safety and performance requirement;
(c) the harmonised standards, CS or other solutions applied; and
(d) the precise identity of the controlled documents offering evidence of conformity with each harmonised standard, CS or other method applied to demonstrate conformity with the general safety and performance requirements. The information referred to under this point shall incorporate a cross reference to the location of such evidence within the full technical documentation and, if applicable, the summary technical documentation.”
Let’s break this down into each part.
Requirement
(a) the general safety and performance requirements that apply to the device and an explanation as to why others do not apply;
What needs to be documented for the requirements that apply or the requirements that do not apply?
Each and every section of the EU MDR GSPR or EU IVDR should be assessed in its own right as it pertains to your medical device. When a requirement applies, a simple statement may be made that this requirement applies to the device. In practice this is often achieved using a checklist or table, with a column for applicability and a Yes/No answer against each requirement. When a requirement applies, you can move on to the other parts of demonstrating conformity regarding methods used and standards applied.
When a requirement is not applicable, a statement must be made to that effect, i.e. a ‘No’ in the applicability column. Additionally, it must be fully and properly justified. Such a justification may be something like ‘The device is not powered and is therefore not an active device. This requirement does not apply.' The justification should clearly state why the requirement has been deemed not to apply so that your notified body can understand your reasoning
Requirement
(b) the method or methods used to demonstrate conformity with each applicable general safety and performance requirement;
What is meant by “method or methods used”?
This relates to the way you complied with that GSPR requirement, historically it would be listed as a standard or other documentation reference that you have applied to demonstrate compliance, however, the question of ‘method or methods used’ is new to the MDR and it is expected that a verbal description be provided such as:
i. Risk analysis weighed against clinical evaluation benefit
ii. Performance intended demonstrated by design requirements, verification and validation
Requirement
(c) the harmonized standards, common standards (CS) or other solutions applied;
What are harmonized standards, common specifications (CS), and “other solutions”?
Harmonized standards
These are standards that have been specifically developed and assessed for compliance to a regulation or directive. They are published in the Official Journal of the European Union (sometimes just referred to as ‘the OJ’) and if you comply with these standards then there is a ‘presumption of conformity’ with that directive or regulation to which they have been harmonized. These harmonized standards can only be created by a recognized European Standard Organization (such as CEN or CENELEC). When a standard is harmonized, an annex is added that describes how the standard conforms to the directive or regulation. When using harmonized standards, you should make sure that you understand how the standard conforms so that you do not claim compliance when the standard either does not meet that requirement or only partially meets that requirement.
If a standard does not meet a certain requirement of the directive or regulation, or indeed only partially meets it, then you must employ additional mechanisms for compliance. If a harmonized standard meets part of a directive or regulation, then by complying with that standard you also fully meet the corresponding requirement(s) The list of harmonized standards continues to grow - refer to the “Healthcare Engineering” section of the European Commission’s Harmonized Standards page for current information. In this case, using an MDD harmonized standard and documenting a justification for doing so (i.e. how you believe the standard demonstrates compliance with the GSPRs), should provide sufficient evidence
Common specifications
Common Specifications (CS) are a new concept in the MDR. They allow the European Union to add additional requirements that must be met in order to claim compliance where harmonized standards do not exist or where relevant standards are considered insufficient. The definition of a Common Specification is:
‘A set of technical and/or clinical requirements, other than a standard, that provides a means of complying with the legal obligations applicable to a device, process or system.’
Requirement
(d) the precise identity of the controlled documents offering evidence of conformity with each harmonized standard, CS or other method applied to demonstrate conformity with the general safety and performance requirements. The information referred to under this point shall incorporate a cross- reference to the location of such evidence within the full technical documentation and, if applicable, the summary technical documentation;
What is the expectation for incorporating a "cross-reference to the location of such evidence within the full technical documentation"?
This means that someone looking at the document should be able to identify exactly where in the technical documentation that the compliance evidence can be found. For example, this may refer to test reports and their exact location, or it could even reference locations within a large document, depending on the GSPR and your particular documentation. (i.e. if you have included usability risks as part of a larger risk assessment, you may need to say ‘See Technical File XXX, Section XX, Doc RMF001 rev 3 lines 65-78’). In other cases it could just mean the whole document reference, i.e. Have you done risk management? – then yes, it is RMF001 rev 3. What the specific reference actually is depends on how you have managed your technical documentation and how defined it is (i.e. separate reports or one big one). There should be no ambiguity as to where the document is located
An example of a completed GSPR checklist could look something like this (applicable and nonapplicable examples are shown):
Specification developers and manufacturers must continually maintain their technical documentation to stay compliant. Part of this process is to ensure that they take into account the "generally acknowledged state of the art".
Proactive monitoring
'State of the art'
There is no formal definition of ‘state of the art’ within the EU MDR or IVDR, although it is mentioned many times. ‘State of the art’ is an ongoing debate; however, it generally means that it embodies what is currently and generally accepted as good practice in the medtech industry. The ‘state of the art’ does not necessarily imply the most technologically advanced solution.
One consensus on state of the art is being up to date and compliant with the current and in effect standards that are applicable to your device. This means that if a standard is updated that your medical device is compliant with, you must evaluate that update to ensure that it would meet the EU MDR or EU IVDR ‘state of the art’ requirement. This is not a new requirement from the EU MDD but it is spelled out more clearly in the EU MDR.
The specification developer or manufacturer is ultimately responsible for determining if the updated standard applies or does not apply to their device(s). Either way, the justification should be documented within a gap analysis.
Monitoring for changes
Of course, 'state of the art' only applies if you actually know if something changed. This is why you need to develop a process for monitoring the standards that compliance is claimed. Every single standard that is associated with your technical documentation must be actively monitored, reviewed, and reported on.
If you have a product on the market and need a better way to monitor and maintain your General Safety and Performance Requirements (GSPR) or Essential Principles, Rimsys can help. Rimsys digitizes and automates GSPR and Essential Requirements so you can dynamically update and proactively monitor changing standards and evidence files.
When a standard or evidence file changes, you will automatically be notified and can update one GSPR or all of your GSPRs as applicable with a single click of a button. If additional information is needed, such as testing, it’s also invaluable to ensure that all devices are identified. What used to take weeks of manual, error-prone administrative tasks is now done in seconds within a fully validated, secure, maintenance-free, cloud-based solution
Maintenance
Maintaining and updating your technical documentation is generally the hardest part of staying compliant. Robust processes must be established to ensure nothing slips through the cracks and show up as nonconformances during regulatory audits.
Gap analysis
In addition to meeting the ‘state of the art’ requirements and the continuous proactive monitoring of standards, once a change has been detected that affects the technical documentation, a proper and thorough gap analysis must be completed.
The gap analysis between the old versions and the new versions, or an evaluation of a brand new standard, must occur and be properly documented. The gap analysis should detail what is applicable and what is not applicable, with your supporting justification.
If something within the new or revised standard was applicable to your device, additional engineering testing, documentation, justification, and, in some instances design changes, may be needed to ensure compliance
GSPR updates
Once the gap analysis has been properly documented, specification developers and manufacturers must update their GSPRs.
These updates include finding the withdrawn or superseded standard or evidence file throughout each row within your GSPR table, for every single device on the market on which this change is applicable. This could be one table or dozens of tables depending on the complexity of the products and your product mix.
Without a holistic RIM system to help you, this is an error-prone process as is it tedious, administrative, and extremely easy to miss an inappropriate referenced standard or evidence file.
Extreme diligence on the regulatory or engineering team must occur to ensure these critical updates to the GSPRs are not missed and a gap analysis must be properly referenced throughout. Any justification for including or excluding a new standard or evidence file will be scrutinized by regulatory auditors, and without proper maintenance, may lead to additional review time.
To continue reading this eBook including Comparison Table of the EU MDR Annex I GSPR vs. the EU MDD Annex I Essential Requirements, please register to download the full version.
The beginner's guide to the FDA PMA submission process
This article is an excerpt from The beginner's guide to the FDA PMA submission process ebook.
Table of Contents
- Introduction
- PMA basics
- FDA interactions
- Contents of a traditional PMA submission
- PMA supplements and amendments
- PMA Quality Management System (QMS)
- Review process and timeline
If your organization is planning to market a new medical device in the United States, you first need to determine which regulatory class the device falls under. The vast majority of medical devices regulated by the FDA are either Class I or Class II medical devices, requiring a 510(k) premarket notification or a simple registration if exempt from 510(k) requirements. However, if your device sustains or supports life, is implanted, or presents a “potential unreasonable risk of illness or injury,” your device is likely a Class III device which will require Premarket Approval (PMA) from the FDA before it can be marketed in the United States. Novel devices, for which there are no existing substantially equivalent devices, are automatically classified as Class III as well. Novel devices with a lower risk profile, however, may qualify for the De Novo process instead of the PMA. Just 10% of devices regulated by the FDA are Class III devices.
This ebook provides an overview of the PMA process and its requirements, but it is not designed to be the only resource used in compiling a PMA submission. The FDA provides significant documentation on this process, starting with the regulation governing premarket approval that is located in Title 21 Code of Federal Regulations (CFR) Part 814.
FDA: Background and device oversight
Before we explain what a PMA is, let’s first talk generally about the Food and Drug Administration (FDA) and device oversight. The FDA is the U.S. governmental agency responsible for overseeing medical devices, drugs, food, and tobacco products. When it comes to medical devices, the FDA’s mission is to “protect the public health by ensuring the safety, efficacy, and security of...medical devices.” At the same time, the FDA also has an interest in “advancing public health by helping to speed innovations.” In other words, the FDA’s goal is to make sure devices are safe and effective for public use, while also ensuring that devices have a quick and efficient path to market.
In order to achieve this balance of safety and efficiency, the FDA has three different levels of oversight depending on the risk level of the device: (1) exempt from premarket notification, (2) Premarket Notification, also known as 510(k), and (3) Premarket Approval (PMA).
When is a PMA required?
The PMA process is the most stringent regulatory process for medical device approval under the FDA and applies to almost all Class III devices. To determine whether your device requires a PMA, you must first Classify your device by searching the Product Classification Database. The database will provide you with similar devices; their name, classification, and link to the Code of Federal Regulations (CFR) if applicable.
- If a substantial equivalent is found in the Product Classification Database with a submission type of 510(k), you should submit a 510(k), not a PMA.
- If the product classification database identifies your device as Class III and/or requiring a PMA - you should submit a PMA.
- If your device involves a new concept and does not have a classification regulation in the CFR, the database will list only the device type name and product code. In this case, the three-letter product code can be used to search the PMA database and the 510(k).
- If your device cannot be found in the product classification database because it is a new type of device and should be classified as a Class III device because of the level of risk it presents*.
Class III devices support or sustain human life, are of substantial importance in preventing impairment of human health, or present a potential and unreasonable risk of illness or injury.
Note that if your device is a new concept without a substantial equivalent, but does not present the level of risk of a class III device, it may be eligible for the De Novo process as a class I or class II device.
PMA vs 510(k)
Not only are PMA and 510(k) processes applicable to different types of devices, they have different purposes.
510(k): A 510(k) is intended to demonstrate that the device for which approval is being sought is as safe and effective as a currently marketed device that does not require a PMA.
PMA: A PMA is intended to prove that a new device is safe and effective for the end user. A PMA is much more detailed and in-depth than a 510(k). Device manufacturers are typically required to present human clinical trial data, in addition to laboratory testing data.
The difference in complexity between a PMA and 510(k) also affects the time needed to process the submissions. The FDA typically accepts or rejects a 510(k) submission within 30-90 days, at which point the device is posted to the FDA’s 510(k) database. A PMA submission can take up to 180 days to be processed, at which point the FDA can approve or deny the application. The FDA may also issue an “approvable” or “not approvable” letter, which the applicant can choose to respond to, thereby adding time to the submission process.
PMA application methods
There are a number of types of PMA application methods. While most devices which require a PMA will follow the traditional process, be sure to verify that you are using the correct application process to maximize your chances for success and avoid unnecessary delays:
Traditional PMA
The most common method for attaining FDA clearance for Class III devices, the traditional PMA is the appropriate option for most devices that have completed clinical testing.
Modular PMA
The modular PMA is the appropriate application method for devices that have not yet completed clinical testing. Applicants complete individual “modules,” with final confirmation granted once all sections are completed. For additional information on specific requirements of a modular PMA, read the FDA’s Premarket Approval Application Modular Review.
Product Development Protocol
Use the Product Development Protocol (PDP) with medical devices that are based on well-established technology. The PDP process for gaining market approval merges the clinical evaluation and development of information, and involves an agreement between the manufacturer and the FDA. The process provides the advantage of early predictability for the manufacturer and allows early interaction that can identifyFDA concerns as soon as possible in the development process. Because the PDP identifies the agreed upon design and development details, a completed PDP is considered to have an approved PMA. For additional information, read more about the FDA’s PMA Application Methods.
Humanitarian Device Exemption
A Humanitarian Use Device (HUD) is specifically defined as a device intended to benefit patients that are affected by a disease or condition that affects less than 8,000 individuals in the U.S. per year. TheHumanitarian Device Exemption (HDE) approval process is designed to encourage clinical activity around rare conditions, and does have certain restrictions, including:
- After receiving HDE approval, a HUD is eligible to be sold for profit only if the device is intended to address a disease or condition that occurs primarily in pediatric patients, or occurs in pediatric patients in small numbers.
- If an HDE is approved to be sold for profit, the FDA will determine an annual distribution number(ADN). Any devices sold beyond the ADN limit are required to be sold for no profit.
For more information see the FDA’s explanation of the Humanitarian Device Exemption.
CBER Submissions
There are two centers within the FDA responsible for evaluating medical devices. While the majority of devices will go through the Center for Devices and Radiological Health (CDRH), some will be managed by The Center for Biologics Evaluation and Research (CBER). CBER regulates medical devices related to blood and cellular products, including blood collection and processing procedures as well as cellular therapies. This ebook focuses on submissions made through the CDRH, but you can view CBER Regulatory Submissions – Electronic and Paper for more information on the CBER process.
To continue reading this eBook, including a walk through of the different types of required and optional FDA meetings and communications, a detailed list of the contents of a traditional PMA submission, and an overview of quality management system requirements, please register to download the full version.
An overview of 21 CFR Part 11 regulations for medical device companies
What is 21 CFR Part 11?
21 CFR Part 11 refers to the federal regulation that address electronic records and electronic signatures associated with FDA requirements. This single, relatively small, part of the Code of Federal Regulations is extremely significant for companies with FDA-regulated products because it impacts every document signature, electronic file, and FDA submission. Codified in 1997, interpretations of this FDA-issued regulation continue to be debated and re-evaluated as the technology supporting electronic records and signatures changes. In this article, we’ll discuss the regulation and generally accepted interpretations.
Note that discussions and statements in this document are our observations only and should not be taken as fact. You can refer directly to the regulation here.
Part 11: General Provisions
The General Provisions section of 21CFR11 addresses the scope of the regulation, when and how it should be implemented, and defines some of the key terms used. It states that the purpose of Part 11 is to define the criteria under which electronic records, electronic signatures, and handwritten signatures attached to electronic records are equivalent to, and as reliable as, handwritten signatures on paper documents.
Fundamentally, any record that is maintained, used, or submitted under any FDA records regulation is subject to Part 11, and the FDA will accept electronic records in lieu of paper records if an organization can prove that their records and systems meet the Part 11 requirements.
The General Provisions subpart also sets forth a number of definitions, and we’ve listed the ones that are most significant to our discussion here:
- Closed System: A computer system or software whose access is controlled by the same people who are responsible for the information stored in the system. Because the opposite of a closed system, and “open system,” is subject to additional scrutiny be sure that you are able to thoroughly explain and provide documentation for a decision to classify your system as a “closed system.”
- Open System: A computer system or software whose access is not controlled by the same people who are responsible for the information stored in the system.
- Digital Signature: An electronic signature created in a manner that can be verified, ensures the identity of the signer, and maintains the integrity of the document and signature. This often involves the use of cryptography and/or biometric data.
- Electronic Signature: Symbols that represent a legally binding equivalent to an individual’s handwritten signature (as adopted and authorized by the signer).
Part 11: Electronic Records
The Electronic Records section sets forth the requirements for administration of closed and open electronic record-keeping systems, then discusses signature manifestations and requirements for establishing a link between signatures and records.
Part 11 defines a “closed system” as any computer system in which the users controlling access to the system are the same people who are responsible for the data in the system. Today, most systems can be classified as closed systems, but take special care to document control procedures around software that is hosted offsite or classified as a SaaS solution.
This section of the regulation deals with the controls that need to be in place for all applicable electronic record systems by defining:
- Procedures to ensure that all electronic records are authentic, have integrity, and can ensure confidentiality (where that is appropriate).
- Validation requirements for systems that maintain electronic records to ensure that all records are accurate, reliable, and that the system performs consistently according to regulatory requirements.
- Audit trail requirements for all regulated records to ensure a complete history of all changes to records are maintained.
- Controls around system access and document signatures.
Part 11: Electronic Signatures
The Electronic Signatures section defines the components of electronic signatures and the required controls and procedures necessary for using them.
In general, an organization must be able to demonstrate that electronic signatures:
- Are unique to each individual, and that the individual assigned an electronic signature has had their identity and level of authorization verified.
- Must be based either on biometric data (such as fingerprints) or made up of two distinct pieces (ie: a User ID and password)
- Require appropriate controls to ensure that they are verified periodically, cannot be used by someone other than the intended user, and are immediately deactivated if compromised in any way.
Practical application of 21CFR Part 11 for regulatory affairs professionals
21 CFR Part 11 is a critical regulation, and one that can be open to interpretation. Below, we cover some of the key areas that should be of concern for RA professionals. This is an overview of key areas only, and should not be taken as complete instruction or guidance for 21CFR part 11 compliance.
System compliance and validation
Any system that you are using to store electronic records that fall under FDA regulations needs to be compliant with Part 11. This includes everything from spreadsheets to full-featured RIM and document management systems.
Software vendors will often document how their systems are developed to be compliant, and may even support system validation during implementation - but it is ultimately the responsibility of the user organization to ensure that their systems and processes are compliant with Part 11. System validation is the process of documenting that your system meets all of the Part 11 requirements. Software vendors can support this process by ensuring that their systems are built on a highly secured infrastructure that can be demonstrated and proven.
The Rimsys system was built from the ground up to meet the stringent requirements of not only 21 CFR Part 11, but other industry standards and good practices guidelines (GxP). We have put in place a rigorous validation program, built by industry experts and supported by a secure and well-documented infrastructure. For more information, visit the Rimsys Security and Privacy page.
Audit trails
Audit trails are the required system logs that track the who, when, and what of every change made to data that falls under Part 11. Audit trails should be generated and time-stamped by the system, with no ability for users to change that information. Audit trails serve two purposes under 21 CFR Part 11:
- To demonstrate that documented policies and procedures are being followed, including that only users with the appropriate authority are managing data.
- To prove that data retention policies are being adhered to (see below).
At any time, you should be able to view the history of any record, from a Design History File to a submission document, in order to determine what changes have been made, when they were made, and by whom.
Record retention
21 CFR Part 11 specifies that electronic records must be protected and readily available throughout the defined record retention period. Additionally, 21 CFR Part 820 specifies that records related to the quality, manufacturer, regulatory submissions, or any other data that falls under FDA regulation, should be maintained for the life of the medical device and for a minimum of two years from the date of first commercial distribution. This is often referred to as “cradle to grave” tracking.
This means that regulatory professionals need to not only be aware of their company’s record retention policy, but need to ensure that any system being used to track regulatory submissions or other data subject to audit meets Part 11 and Part 820 requirements. Note that record retention requirements apply also to paper records where they are the source document.
Electronic and digital signatures
An important piece of 21 CFR Part 11 is its definition of electronic and digital signatures. “Electronic signature” is used to define any set of symbols that are used in place of a handwritten signature, whereas a “digital signature” is an electronic signature based on methods that ensure the identity of the signer where the integrity of the data can be verified. A digital signature can be based on biometric data (such as fingerprints) or secure user IDs and passwords that are controlled to ensure only one authorized user can use the signature.
As a regulatory affairs professional, you should ensure that:
- Everyone on your team who needs to sign documents has their own unique digital signature and understands the importance of protecting it. Sharing of electronic credentials is a common FDA audit observation. Also ensure that users who are not required to sign documents have appropriate access to data to discourage other users from sharing login credentials with them.
- You are following your company’s policies concerning electronic signature audits so that passwords remain updated and strong and signatures are revoked when a user leaves or changes positions.
- You immediately report any possible loss, theft, or sharing of user credentials or devices that generate identification codes.
While 21 CFR Part 11 is usually considered more of a “quality regulation,” it is important that regulatory teams within medical device organizations fully understand this regulation and its compliance implications. To learn more about the regulations, click below to read our regulatory brief.
%2520(1755%2520x%2520550%2520px)%2520(855%2520x%2520268%2520px).avif)
Why a RIM System is Critical to Successfully Support MedTech M&A Activities
There was significant M&A activity in the MedTech sector in 2024, and the industry is predicting another big year for mergers and acquisitions. As MedTech companies aim to expand their product lines, enter new markets, innovate faster, and remain competitive in a rapidly evolving space, mergers and acquisitions can be attractive and cost-efficient options. Additionally, some manufacturers are choosing to divest parts of their business to hone their focus, drive additional investment in other key areas, and optimize operations.
For the regulatory affairs professional, M&A activities can be anything but efficient. An influx of new products, registrations, and regulatory information to maintain can wreak havoc on RA teams who are already struggling to effectively manage and maintain compliance amid a seemingly constant state of regulatory change.
In an increasingly complex regulatory landscape, many MedTech teams are turning to RIM systems to help them centralize regulatory information across the business, automate time-consuming, manual processes, and strengthen global compliance. These benefits are even more palpable for companies undergoing mergers, acquisitions, and divestitures, giving them streamlined, fully visible regulatory information management that can scale with their evolving business needs and additional regulatory information to manage.
Case Study: Large, Publicly Traded Device Manufacturer Navigates Product Line Divestiture with Ease
A large, publicly traded manufacturer of products for pain management, digestive health, and IV therapy was in the process of divesting one of its product lines to another company. As a result, some of their regulatory employees were transitioned to the company that purchased its product line. The customer leveraged Rimsys’ unique Linked Accounts feature, which allows users to grant external stakeholders controlled access to Rimsys, to give those impacted access to the 100+ registrations associated with the divested products. As a result, the transitioned employees lost no access to their respective products and are able to manage, review, and approve those registrations as they normally would.
“Linked Accounts is a fantastic feature that I didn’t originally appreciate as much. Rimsys made it easy for us to identify the products impacted by the divestiture and provide access to those who need them. It has been a bright spot in the sea of headaches both teams are experiencing when trying to review and approve information in other systems.”
-Program Manager, Regulatory Information Management
When the transaction is complete, the customer will easily be able to export the list of registrations by product tag and archive the registrations in Rimsys for easy management and visibility. The transitioned employees will also still retain access to the information they need in Rimsys as they work to implement their own Rimsys solution to manage those registrations.
Navigating Business and Regulatory Changes with RIM Systems
As the MedTech industry prepares for additional mergers, acquisitions, and divestitures this year, getting a solid regulatory information foundation in place is critical for a successful transition and ongoing compliance. Yet, many MedTech RA teams are using manual processes and siloed systems to manage regulatory information.
One of Rimsys’ goals is to serve as a strategic partner to MedTech RA teams, helping them better understand their current RIM state and the steps they need to advance their processes. This includes the implementation of a RIM system such as Rimsys to centralize their regulatory information, enable easy collaboration with internal and external stakeholders, and automate time-consuming manual processes for strengthened global compliance.
See our Guide to MedTech RIM Maturity, which provides our RIM Maturity Model Framework, for ways to better assess your organization’s current RIM state and incrementally reach new milestones.
Rimsys has helped global MedTech leaders navigate business and regulatory change with unified RIM software that provides full visibility into their regulatory activities. If you’re looking to stay ahead of upcoming strategic activities or are simply looking for a better way to manage your information amid increasing complexity, contact us to learn how Rimsys can help you streamline and automate your processes for long-term success.
Rimsys POV: Updated EUDAMED timeline
The EU Commission has recently announced updates for completing and implementing EUDAMED based on amendment 2024/1860. This article outlines the current EUDAMED timelines and our point of view on these timelines to help industry prepare accordingly.
Current EUDAMED Timelines:
- The target date for the first mandatory application of functional EUDAMED modules is still January 1, 2026. The Vigilance module is expected to be mandatory beginning in Q3 2026 with full EUDAMED functionality planned for Q2 2027.
- The Actor, UDI & Devices, Certificates, and Market Surveillance modules are currently under audit. The independent Minimum Viable Product (MVP) audit is intended to assess and confirm functionality and interconnectivity of the modules that are deemed audit ready. This audit is foreseen to be completed by Q2 2025.
- Mandatory use of each module is to commence six (6) months after the module is declared fully functional through the independent audit and publication in the Official Journal of the European Union (OJEU). The Actor, UDI & Devices, Certificates, and Market Surveillance modules are expected to be declared fully functional at the end of Q2 2025, leading to their mandatory application date of January 1, 2026.
- The Actor, UDI & Devices, Certificates, and Market Surveillance modules are expected to be declared fully functional by the end of Q2 2025 and mandatory for industry use on January 1, 2026.
- The Vigilance module is not part of the ongoing MVP audit and will not be declared fully functional along with the previously mentioned modules. The revised timeline indicates that the audit of that module will occur between Q2 and Q3 of 2025, with the goal of the mandatory application date in Q2 of 2026.
- The development of the Clinical Investigation/Performance Studies (“CI/PS”) module is intended to continue through Q3 2026. An audit to assess the CI/PS module together with the other five (5) modules will be completed once the CI/PS MVP has been developed.
Photo courtesy of the European Commission
Here is how Rimsys views the impact of this announcement for each stakeholder group:
Rimsys
UDI is front of mind as well as future interaction with the Vigilance module. There is no change to our current plans, as Rimsys will continue to develop UDI and Post Market Surveillance functionality regardless of the updated target dates. We also recognize the potential impact of establishing data transfer (DTX) capabilities to interact with EUDAMED in a machine-to-machine (M2M) capacity. With the publication of the final requirements needed for M2M DTX to EUDAMED, Rimsys is positioned to finalize our connection and deliver M2M capabilities as part of the EUDAMED solution.
Industry/customer
Since the European Commission(EC) has made multiple updates to EUDAMED timelines, we expect industry will have some reluctance to accept the new target dates. As a result, this could delay re-engagement with EUDAMED preparations. However, we do not expect the EC to push these updated timelines. Manufacturers that don’t have a plan to submit data to EUDAMED by Q2 this year should expect significant challenges to meet these deadlines. With the audit of expected modules underway with the associated technical documentation published, Rimsys recommends taking steps to organize regulatory data now and submit their information early to all available EUDAMED modules.
EU Commission
The EC strongly recommends industry continues to establish its solution and to submit data on a voluntary basis. Do not wait. The commission’s position is that submitting data early will give companies an advantage by having their data “in” before the onslaught of the entire global MedTech industry, all trying to add data at the same time EUDAMED becomes mandatory. These companies will also be in front of the line to work with the commission resources if data submission issues occur.
* Note - this article includes regulatory interpretations and opinions from the Rimsys team. We try to be as informative as possible, but this information isn’t intended to serve as a substitute for official guidance from regulatory authorities.
%2520(1).avif)
Using EUDAMED as the Foundation for a Global UDI Strategy
If your company is selling medical devices in the European Union, you’re likely thinking about EUDAMED. If you’re not, it's time to start. Come January 2026, medical device manufacturers will be required to submit their UDI data to EUDAMED. EUDAMED’s data requirements and interconnectivity are complex. Not only is it easy to underestimate the time it will take to organize and verify UDI data, but many manufacturers are still using manual processes such as spreadsheets or internally built systems to manage this information. And with a number of organizations treating UDI data management and submission as an IT or supply chain process, some RA teams don’t even know where their UDI data is.
Getting your UDI data EUDAMED ready for submission by January 2026 is going to take some time, but there is a tremendous opportunity amidst the extensive preparation. With a little bit of foresight, RA teams can position the data output of their EUDAMED compliance project as the foundation for a global UDI program. Here are some reasons why using EUDAMED as the primary building block for a global UDI strategy will enable long-term success:
The product data needed for EUDAMED can be applied to current and future global UDI requirements
With many required data attributes and Basic UDI family groupings, establishing EUDAMED compliance for UDI is going to take some careful planning, detailed organization of current data, and careful consideration of your regulatory strategy for the European market. Many manufacturers need to start with the basics: locating current UDI data to understand how it is currently managed and transmitted to the respective regulatory bodies. This process is also going to require an assessment of your UDI data. Do you have information populated for all of the required attributes?Is this information current and accurate? Finding answers to these questions is going to take thoughtful collaboration among all stakeholders, but it’s also going to set your organization up with a solid data foundation that will help you meet additional market requirements.
It’s going to require an audit of your people, processes, and systems
Industry is focused on establishing UDI data in EUDAMED to align with current requirements for timing but transmitting your UDI interaction with EUDAMED is not a one-time process as it may be currently treated for other regulators. New devices, device changes, UDI data updates, and commercial availability may require EUDAMED updates or establishing new UDI profiles altogether. Are your current processes able to support you long-term? Manual processes are going to make it nearly impossible to keep pace and compliance, and internally built systems are going to require regular validation and subject matter expertise to keep up with evolving requirements and EUDAMED version updates. Taking the time to make sure you have the proper expertise and systems to maintain EUDAMED compliance will more easily allow you to scale your UDI management as your business grows and the regulatory landscape evolves.
The risks of non-compliance are too steep to ignore
Those who fail to submit UDI data to EUDAMED in line with the required timelines are at risk of audit findings, financial penalties, product delays, and worst of all, having to remove products from the market. Not only does product removal have lasting productivity, competitive, and economic impacts on the manufacturer, but it also decreases the availability of life-changing medical devices to end users. These risks are simply too significant to ignore and necessitate a comprehensive global compliance strategy that can meet the needs for EUDAMED and additional countries as global regulations change.
Additional regulators are establishing UDI requirements and big data technologies
As the value of UDI is recognized, More global markets are adopting UDI requirements to enhance the traceability of their devices and improve patient safety. For instance, Australia has established UDI requirements with mandatory compliance for data submission expected in the summer of 2025. Additionally, Rimsys expects the competent authorities from Switzerland and the United Kingdom to adopt their own UDI requirements following their exit from the European Union. Even though each regulator has varying requirements to some degree, organizing product data to meet EUDAMED’s robust set of data attributes and requirements will put you in a position to more easily meet additional global UDI requirements.
How Rimsys supports a global UDI strategy
Both the regulatory and technology requirements for UDI continue to grow in complexity. Rimsys has an integrated, automated UDI solution that provides medical device manufacturers the ability to manage their UDI data alongside their regulatory activities for total visibility and control.
Not only does Rimsys have the expertise necessary to help MedTech manufacturers navigate UDI data and transmission to EUDAMED for January 2026, but we're also dedicated to supporting MedTech companies with solutions and strategies that go beyond EUDAMED compliance to support a scalable and efficient global UDI program to meet the needs of evolving regulatory requirements. Rimsys provides MedTech manufacturers with a single-sourced UDI solution that allows them to manage their UDI data and status alongside regulatory activities.
Our novel Universal UDI® approach centrally stores common data attributes across global markets for simple management, reduced compliance risk, and increased efficiency. Using data established in Rimsys for EUDAMED as a baseline, we’re enabling MedTech companies to more easily meet additional global UDI requirements in a unified RIM solution that applies these common attributes between various market requirements (with more coming soon!):
Ready to increase your team’s efficiency and compliance with integrated and automated UDI management to support your long-term goals? Request a custom Rimsys UDI demo here!
%2520(1).avif)
Assessing RIM Maturity: Takeaways from our Expert Panel
Rimsys recently hosted a webinar, Assessing RIM Maturity for Your Regulatory Management Strategy, to help RA teams put together a practical RIM transformation plan for their MedTech company. Featuring industry leaders, Adrian Bishop of Boston Scientific, Brian Williams of KPMG, Steve Gens of Gens Associates, and James Gianoutsos of Rimsys, the discussion centered on the evolving MedTech regulatory information management (RIM) landscape, using the RIM Maturity Model Framework to guide your regulatory information management strategy, a RIM maturity case study, and AI’s role in regulatory information management. Here's a quick recap of the insights we discussed:
The Growing Need for MedTech RIM Modernization
The session underscored the increasing complexity of global regulatory requirements in the MedTech sector. From EU MDR to the adoption of EUDAMED, the shifting regulatory environment is pushing companies to modernize their RIM processes to ensure compliance and avoid operational inefficiencies. Steve Gens shared key insights from his 2024 World Class RIM Study research that by 2024, 52% of life sciences companies had fully adopted global RIM programs, a significant leap from 32% in 2022. However, many MedTech organizations remain in the early stages of RIM maturity, reflecting the need for process harmonization and robust digital solutions.
“The manual nature of spreadsheets and desktop authoring tools is no longer sustainable with all the different regulations and the global operating model that most companies have where you're trying to quickly get submissions out to different markets and then have to keep track of where your products are registered and where there are renewals, and where there are expiration dates. Having that information in informal spreadsheets and SharePoint sites is really not sustainable and creates a lot of compliance risks." - Brian Williams, KPMG
The RIM Maturity Model: A Framework for Transformation Progress
Our panel also explored the new RIM Maturity Model framework from Rimsys, which was built to help MedTech teams modernize their processes no matter where they are in their transformation journey.
“MedTech teams want to modernize their processes but don't know where to start from a business or data collection standpoint. They don't have a framework that takes their current processes into account." - James Gianoutsos, Rimsys
The RIM Maturity Model categorizes organizations into six levels based on their current regulatory information management processes:
- Level 0 - Unaware
- Level 1 – Aware
- Level 2 – Reactive
- Level 3 – Proactive
- Level 4 – Well Managed
- Level 5 – Optimized
Most MedTech teams fall between Levels 0 and 2, relying on siloed data and manual processes and reactive regulatory information management. Progressing toward higher maturity levels involves:
- Data Harmonization: Establishing consistent definitions and processes across business units.
- Process Transformation: Moving beyond "firefighting" modes to proactive regulatory planning.
- Technology Adoption: Implementing a RIM system that centralizes data, automates tasks, and facilitates cross-functional alignment. This is a critical step to reaching fully optimized regulatory information management.
“If you're considering a RIM adoption or are already going through one, make sure you understand your own expectations. You can't get to a spacecraft without without getting into a horse and buggy, Data collection and harmonization is milestone-driven and progression-based. You're not going to get to an optimized state on Day 1. But as long as you keep continuing to make well-informed decisions with your data and aligning internally on key terms in that data digitization processes, you will… get there." - James Gianoutsos, Rimsys
"As you're progressing, you need to be really thoughtful about the cost benefit of any initiatives that you're undertaking, Make sure that you have clear objectives that can be measured and that you can report value against and really just make sure that you create recognition with your management teams and with your operational teams that this is going to be a phased journey. You're not going to get there overnight and set expectations appropriately, but try to make measurable steps along the way. And as you do that, you start to build confidence, you build awareness and you build trust that you're delivering on the kind of the objectives that you set out to deliver. It's really a journey.” - Brian Williams, KPMG
Case Study: RIM Maturity Lessons from Boston Scientific
Adrienne Bishop from Boston Scientific shared her company’s journey toward RIM maturity. After previous attempts to implement global systems, the team learned to prioritize readiness, secure buy-in from stakeholders, and leverage external expertise.
“The added benefit of a MedTech solution is also that with these external partners, we can understand what is industry standard and that can help us with our change management.” -Adrienne Bishop, Boston Scientific
Key lessons they learned include:
- Start with Data: Define data fields clearly and cross-check sources to ensure accuracy.
- Limit Customization: Avoid over-customizing solutions that can hinder transformation; instead, adopt proven industry-standard processes.
- Invest in Change Management: Equip teams with the skills and mindset to embrace transformation.
Boston Scientific’s phased approach—beginning with foundational product registration data and expanding capabilities over time—demonstrates the importance of incremental progress. Boston Scientific, for example, has made strides in adopting a RIM system by focusing on transformation rather than harmonization alone, emphasizing the importance of cross-department collaboration and clear data governance.
"The solution we picked works for other people, so we can make it work for us. We also realized that what we were doing before maybe wasn't wrong, but it was definitely inefficient. We now have different inputs and different regulations. And now we need to change to get there." - Adrienne Bishop, Boston Scientific
AI and Automation in RIM
The panel distinguished the key differences between automation and AI, noting that while automation focuses on rule-based processes, AI serves as a good starting point for handling complex, abstract tasks. While AI can reduce time spent on tasks, it’s important for RA teams to verify the source information and the outputs for accuracy.
“There's a lot of anxiety about really what AI will deliver. But I think a lot of people that have been working with it, they see it as the virtual assistant or assisting. So it's more augmentation because there's a lot of concern.” - Steve Gens, Gens and Associates
Both automation and AI are important to regulatory modernization. Specific use cases include:
- Automation: Streamlining data ingestion, workflows, and compliance monitoring.
- AI: Mining historical regulatory data, collecting regulatory research, and enhancing regulatory intelligence.
Despite the attention around AI, the panel emphasized that its effectiveness hinges on high-quality, harmonized data. Poor data foundations can render even the most advanced AI tools ineffective, highlighting the need for a phased, data-first approach to digital transformation.
“There are some benefits you can definitely achieve with AI. But first and foremost data is going to be the most challenging yet the most effective way to get to that holy grail that I think everybody wants out of a regulatory information management system.” - James Gianoutsos, Rimsys
Looking Ahead: The Future of RIM As the MedTech industry advances
Achieving higher levels of RIM maturity will require strategic investment in technology, data, and talent. Organizations must treat RIM modernization as a holistic transformation, integrating robust processes and aligning cross-functional teams. With automation poised to play an increasingly significant role, companies that prioritize data governance and process maturity today will be well-positioned to leverage advanced technologies like AI tomorrow.
RIM modernization is not just a compliance imperative but a competitive advantage. By adopting a structured maturity model, focusing on data quality, and embracing RIM solutions like Rimsys, MedTech organizations can streamline regulatory processes, reduce risk, and drive innovation. If your organization is considering RIM modernization, now is the time to assess where you stand and take the first steps toward a holistic transformation.
For more insights, listen to the webinar recording here!
.avif)
5 Reasons It’s Time to Stop Managing Your UDI Data in Spreadsheets
UDI data management is continuously getting more complex. Not only do global markets have varying UDI requirements, but new markets are expected to come online in the coming months. Additionally, the mandatory application of EUDAMED will begin in January of 2026, meaning that MedTech manufacturers selling products in the European Union will have to submit their UDI information to EUDAMED.
Submitting UDI information to EUDAMED will require careful and thorough preparation to ensure that manufacturers have all of the required data attributes necessary to meet the EU’s requirements and that they have a strategy in place to organize, review, and submit all of their information.
MedTech regulatory affairs processes are largely manual and siloed, and UDI management is no different. Many teams are still managing their UDI data in complex spreadsheets. While the forthcoming mandatory EUDAMED requirements have prompted many manufacturers to start planning more comprehensive UDI strategies, managing a high volume of UDI data in spreadsheets is unsustainable long term.
Efficient and scalable UDI management requires deep expertise, collaboration, and full visibility into your products’ global regulatory activities that spreadsheets simply can’t match. Here are 5 reasons it’s time to move away from managing your UDI data in spreadsheets:
1. They’re setting you up for compliance risks
UDI management involves a high volume of data across different markets and regulator IT systems. Not only are the assembly and maintenance of those data in a spreadsheet prone to human error, but they don’t enable the regulatory expertise necessary to ensure that your requirements for each applicable market are up to date. Further, siloed spreadsheets aren’t connected to systems that help you unlock regulatory insights. The responsibility is yours to make sure your spreadsheet has current, accurate, and reliable information.
With cumbersome version history and change tracking (or lack thereof), spreadsheets also lack the traceability needed for audits, making it difficult and time-consuming for MedTech companies to effectively demonstrate compliance. This not only adds time to the audit, but opens your organization up for audit findings, financial penalties, product delays, and revenue loss.
2. They’re time-consuming and difficult to manage
When multiplying the markets you’re selling in by the number of products you’re selling, it’s easy to see how complex UDI spreadsheets can get. Since there’s no automation to ensure the attributes and data in your spreadsheet are up to date, it’s up to you to validate it periodically and research the updated requirements. If you do establish a process to validate that UDI data, this adds critical time for Medtech teams that are already tasked to execute faster with limited team members. If you do not periodically validate UDI data, you take on an increased risk of non-compliance.
Additionally, new market regulatory and IT requirements make managing UDI information even more difficult each time a new market is added. With several countries expected to mandate or enact new UDI requirements and systems over the next couple of years, the complexity is only going to grow with time.
3. They limit collaboration across your team
Multiple stakeholders working within the same spreadsheet can easily create confusion. Not only is it difficult to track changes, but there’s a likelihood of overwriting critical information. This can not only lead to the compliance risks mentioned above, but spreadsheets also impact your team’s ability to effectively collaborate. Team members often duplicate the spreadsheet and work off of different versions when there are limited controls in place to prevent this from happening.
On a strategic level, spreadsheets impact your team’s ability to share knowledge with one another. There’s no way to effectively share detailed notes and tasks, and there’s also limited functionality to track transmission status and troubleshoot transmission errors with your team.
4. They don’t provide full visibility into your products’ selling statuses
UDI spreadsheets are usually designed for one purpose, UDI data management. However, UDI is just one facet of obtaining market clearance for your product. The product must also be approved and registered in each respective market. Many manufacturers have multiple teams and spreadsheets to track regulatory activities where UDI responsibilities may lie outside of the regulatory team. This approach limits their ability to get full visibility into the status of their products and integrate this information with other relevant applications across the business. With regulatory information scattered and siloed, it’s easy to miss the connection between UDI data and upcoming expirations and renewals.
5. They don’t easily scale with your business and growing market requirements
As you create new products and bring existing ones into new markets, do you have a plan in place to help you scale effectively? The regulatory activities along with the expanding UDI requirements associated with new product introductions and market expansions are high enough, and spreadsheets simply can’t keep pace with business growth.
Moving your UDI management off spreadsheets is going to set you up for a successful, long-term UDI program. MedTech companies not only need to be aware of the forthcoming mandatory EUDAMED application timelines, but they also need a sustainable solution as additional UDI requirements come online. Finding a solution that’s built with the complexities of UDI data management in mind, automates time-consuming, manual processes, and offers complete visibility into all of your regulatory activities is going to help you ensure that your UDI program is compliant and scalable to meet your evolving business needs.
The Rimsys RIM platform allows you to manage your UDI program in a single-sourced, unified, and connected solution that enables you to track your UDI activities alongside your product registrations and selling status to give you confidence in your compliance. Additionally, Rimsys has a novel Universal UDI approach that captures common attributes across various market requirements to reduce administrative burden and help you submit your UDI information consistently and with ease.
Want to see how a purpose-built MedTech RIM solution can offer you a compliant, scalable, and comprehensive approach to UDI management? Request a demo to see Rimsys in action!
.avif)
Rimsys secures $5 million in growth financing round
Rimsys recently secured $5 million in a growth financing round from Global Opportunity Pennsylvania Fund II, L.P. (GO PA Fund), Riverfront Ventures, and existing investor, Innovation Works. GO PA Fund, Riverfront Ventures, and Innovation Works have a strong commitment to fostering innovation and creativity in Pennsylvania, which makes them great financial partners for Rimsys.
“We’re ecstatic to have support from GO PA Fund, Riverfront, and existing investors as we enter a new growth phase at Rimsys,” said James Gianoutsos, Rimsys Founder and CEO. “Our next phase of growth builds on our mission to increase accessibility to life-changing medical technologies with a focus on regulatory intelligence, submissions management, and UDI enhancements and thoughtfully incorporating advanced technologies like AI into our roadmap to meet growing demand and changing global regulatory requirements. We are grateful to work with firms that are committed to nurturing innovation in the Pittsburgh region, which has given so much opportunity to us.”
Our growth financing will help ensure that Rimsys provides a world-class, unified regulatory information management (RIM) solution for the medtech industry and that it meets the challenges that come with a frequently evolving regulatory landscape.
Those interested in learning more can read the press release from GO PA Fund and a recent Post-Gazette interview with our founder, James Gianoutsos:
ABOUT GO PA FUND
Formed by Ben Franklin Technology Partners of Southeastern Pennsylvania, with collaboration from Ben Franklin of Northeastern Pennsylvania, Ben Franklin of Central and Northern Pennsylvania, and Innovations Works from Southwestern Pennsylvania, the GO PA Fund invests in technology-based ventures throughout the Commonwealth of Pennsylvania. The GO PA Fund primarily invests as a follow-on fund to companies selected from Ben Franklin’s statewide portfolio of more than 600 burgeoning ventures throughout Pennsylvania. The Fund leverages Ben Franklin’s best-in-class multi-year/multi-round due diligence to ensure access to qualified and vetted opportunities while minimizing costs of investment. Visit us at gopafund.com.
ABOUT BEN FRANKLIN TECHNOLOGY PARTNERS OF SOUTHEASTERN PENNSYLVANIA
Ben Franklin Technology Partners of Southeastern Pennsylvania (“Ben Franklin”) is the Philadelphia region’s Partners with a Purpose. Nationally ranked among the most active seed and early-stage investors, Ben Franklin helps high-growth innovative enterprises plant and nurture their roots, creating both immediate connections and lasting economic growth. The nonprofit has supported more than 2,000 companies to deliver an impact of more than $5 billion and 32,000 jobs in the Philadelphia region. Whether in tech, life sciences, manufacturing, or industries and breakthroughs yet discovered, Ben Franklin works to raise the community of innovation higher, to benefit present and future generations of Pennsylvanians. Visit us at partnerswithapurpose.org, or follow us at @bftp_sep.
ABOUT INNOVATION WORKS
Innovation Works is one of the most active early-stage investors in the country and the most active in Pennsylvania. Since its inception of the seed fund in 1999, Innovation Works has invested in over 760 companies that have gone on to raise $3.3 billion in follow-on funding. Portfolio companies have generated and retained over 20,000 jobs in Pennsylvania. Innovation Works is part of the Ben Franklin Technology Partners network, which has catalyzed economic growth over the last 30 years by providing access to capital and networks that help foster innovation and technology-based economic development in Pennsylvania. Learn more at innovationworks.org.
ABOUT RIVERFRONT VENTURES
Riverfront Ventures is an early-stage venture capital fund based in Pittsburgh, PA focused on investing in early-growth stage tech companies. Learn more at riverfrontventures.com.
ABOUT RIMSYS
Rimsys is improving global health by accelerating delivery and increasing availability of life-changing medical technologies. Rimsys Regulatory Information Management (RIM) software digitizes and automates regulatory activities, helping medtech regulatory affairs teams to plan more effectively, execute more quickly, and confidently ensure global regulatory compliance. Rimsys is designed around medtech workflows and supports a full breadth of regulatory activities including registrations, submissions, UDI, essential principles, and standards management in a single, integrated platform. For more information, visit www.rimsys.io.
