Author: Brandon Miller

Medical Device cGMP & QMSR

Posted on by Brandon Miller

The FDA recently issued the Final Rule for the Quality Management System Regulation (QMSR) that amends the current medical device cGMP requirements of the Quality System (QS) regulation (21 CFR 820).

 

The FDA over the last few years has been looking to harmonize its medical device CGMP regulatory compliance and this action continues its efforts to align with other regulatory authorities to promote consistency in the regulation of devices and provide a timelier introduction of safe, effective, high-quality devices for patients.

 

Effective February 2, 2026, two years after the publication of the final rule, FDA will begin to enforce the QMSR requirements upon the effective date. Until then, manufacturers are required to comply with the QS regulation.

 

What is Changing?

Title: The new rule amends the title of the regulation. The revised part 820 will be referred to as the Quality Management System Regulation (QMSR).

 

Requirements: 21 CFR 820 has been amended by incorporating the International Organization for Standardization (ISO), ISO 13485:2016 Medical devices – Quality management systems – Requirements for regulatory purposes. The FDA implemented this final ruling to promote consistency in the regulation of medical devices.

 

Additionally, the rule establishes more requirements that clarify certain expectations and certain concepts used in ISO 13485 to mitigate inconsistencies with other applicable FDA requirements. FDA has also made conforming edits to part 4 (21 CFR part 4) to clarify the device Quality Management System (QMS) requirements for combination products.  These edits do not impact the CGMP requirements for combination products.

FDA’s FAQ’s

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Impact of QMS on Quality Maturity

Posted on by Brandon Miller

In an interview with Pharmaceutical Technology®, Susan Schniepp, distinguished fellow, Regulatory Compliance Associates®, and co-chair of board of directors, Parenteral Drug Association, expands on the importance of maintaining a robust quality management system (QMS) in bio/pharmaceutical manufacturing. 

 

For advanced therapy medicinal products (ATMPs) in particular, Schniepp emphasizes how fast-moving this sector is. “The regulations don’t keep up with the ATMPs. That technology, and their way of thinking, is turning over quicker than the regulatory standards,” she says.

 

Follow the link to watch the free video here

 

“The changes in the regulations that are going to come are going to be around quality culture and maintaining a robust quality management system,” she adds. Ensuring documentation and keeping equipment calibrated are important practices to apply to these new fast-moving ATMPs, she states. Schniepp does not necessarily expect to see many changes in the regulations around ATMP development and manufacturing but thinks that there will likely be more guidance documents issued in the future, with one of FDA’s focuses being its quality management maturity model.

 

“There are some regulations out there that call out quality culture. In particular, the World Health Organization has one on data integrity. It has a definition and standard[s] on what quality culture is,” Schniepp says. She points out that a new aspect of her presentation at INTERPHEX this year is its interactive component, in which she sets up a scenario involving an internal audit where an incident occurs. She gives the audience three potential responses to discuss, but rather than simply asking them which response do they pick or which response is correct, she instead asks what does the chosen response say about that person or that company’s QMS and the maturity of that system?

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Artificial Intelligence in Medical Devices

Posted on by Brandon Miller

Measuring the impact of the FDA’s Regulation Proposal

 

With recent developments in technology, we have seen artificial intelligence and machine learning more commonly used across all aspects of our lives. Whether it’s our phones or smart speakers, this dynamic technology has applications in all industries, including the medical device industry. To ensure AI in medical devices can evolve while still protecting patient well-being and safety, the FDA recently released new information about its plan to regulate developments.

 

Looking to Implement AI into your Medical Device? Contact Us Now →

 

Artificial Intelligence vs. Machine Learning

 

Artificial intelligence and machine learning are two similar terms people commonly use interchangeably when discussing this type of software or technology, but they actually mean different things.

 

Artificial intelligence refers to any kind of technology deemed to be “intelligent,” or capable of understanding new data and adapting its functions accordingly. Machine learning refers — not to the device or software itself — but rather to the method scientists use to “teach” software to adapt to new information through learning and updating stages. Usually, machine learning is applied in the form of decision trees, where a certain action will always lead to a certain response and each action after follows a set path.

 

Researchers are now using machine learning to improve the efficiency of AI in medical devices. Practitioners often use different kinds of software to help them examine and treat patients, and AI as a part of medical device software is growing a little more every day. Machine learning allows AI devices to monitor patients, improve medical imaging software and even the potential to deliver certain treatments to patients.

 

However, AI doesn’t learn the same way humans do. AI software and algorithms are taught to adapt based on statistics and patterns they gather from experience. This capability means AI medical devices have the potential to develop very quickly as they receive and analyze risk management data in real-time and in real-life applications.

 

FDA Concerns About Artificial Intelligence in Medical Devices

 

There are two main types of technological algorithms:

 

  • Locked algorithms: only understand information and analyze it based on the way they were programmed. If you ask a locked algorithm a question or input certain data, it will always offer the same solution or result.
  • Adaptive algorithms: can respond and recognize new patterns or opportunities as it receives new data, and adjust it’s process or response accordingly.

 

Adaptive algorithms in medicine are currently causing the FDA the most concern. When companies that create software or medical devices give AI-based programs or products the freedom to examine or help treat patients by allowing them to respond to real-world situations and data, they have less control over what the AI learns and how it uses that information to adapt. If left unchecked or under-regulated, this could pose the possibility of changes developing that could create patient risk.

 

The FDA is currently working to develop a framework that will allow for the safe use of ever-adapting AI in the hospital setting. To make sure patients stay protected, FDA representatives have indicated that if an AI medical device is approved, it would have to be monitored constantly for changes in its algorithm. Making sure all the information the AI absorbs and analyzes stays transparent and malleable is crucial for maintaining a secure healthcare practice.

 

Challenges of Implementing AI Medical Devices

 

Another concern that artificial intelligence medical devices FDA regulations will address is helping AI respond better to individual patients. Unfortunately, there is no one-size-fits-all approach. Some illnesses or conditions may affect people differently.

 

This means some situations might confuse an AI machine or cause it to not analyze things properly. Researchers and the FDA must account for such gray areas and variables that could cause an AI device to malfunction or compromise the safety of patients. Programming an AI algorithm to understand cause and effect or to strategize using a decision tree can’t account for all potential factors.

 

The Future of AI in Medical Devices

 

The FDA is working to develop appropriate regulations for the use of Software as a Medical Device. Products that are driven by AI software or processes fall under this category, but given their unique ability to adapt to new data, they likely require separate scrutiny. As AI continues to evolve in the coming years, the FDA will have to keep a close watch on its applications and uses in the medical field to ensure patient protection.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Postmarket Surveillance: Leveraging Outsourcing

Posted on by Brandon Miller

Companies within the life sciences industry have been increasing their use of third parties to manage postmarket surveillance activities in recent years. If you are thinking about outsourcing some of your company’s more time-consuming tasks, it’s important to keep in mind that there are both advantages and disadvantages to this method.

 

Interested in Outsourcing your Postmarket Surveillance activities? Contact RCA Now →

 

Below, we will discuss some of the pros and cons of outsourcing so that you have the knowledge to make the right choice for your business.

 

Pros

 

  • Reduced costs: Outsourcing your post market surveillance activities will improve upon your overall business functions, thereby reducing operating costs and increasing profits. You can use those savings to foster growth for your company.
  • Leveraging resources: While cost is one of the main benefits to outsourcing quality assurance, the advantages offer so much more. For example, you can use the time and effort you save on post market surveillance to leverage your talent and resources on other high-value tasks. By delegating less complex work to a team of compliance experts, you can make the most of your valuable employees with riskier responsibilities.
  • Taking advantage of core competencies: What are your team members’ strengths in relation to your customers’ needs? This question will weigh heavily in your decision to outsource, especially if your internal resources lack the qualifications necessary to handle regulatory affairs. Outsourcing allows you to focus on your own core competencies while using a third party’s core competencies to increase productivity.
  • Improved speed and efficiency: If a task falls outside your core competency, it will take longer to complete it, with a greater risk for error. However, outsourcing to an expert speeds up your processes and helps create a more efficient work process for all parties involved.

 

Cons

 

  • Less direct control: When you outsource business processes, you release direct control you might otherwise have over those processes. It’s important to keep this in mind if you know that a mistake or failure of a task could have serious implications on the business.
  • Pressure on supplier management control: Outsourcing places pressure on your supplier management controls, which could result in losses for your company if poorly handled. As a result, you will need to establish a co-governance plan that allows you to retain some control.
  • Quality of the process: Potential negative impact on quality of the process outcome or services and its impact on profitability and customer satisfaction.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

 

DHF & Design Controls

Posted on by Brandon Miller

 

When you scale your Design Controls appropriately to the complexity and size of your company, it makes it easier to manage the scope of everyday work needed to keep your files current. Things to remember when scaling your Design History Files (DHF):

 

  • One size does not fit all
  • All classes of devices need design controls
  • The process is scaled based on the complexity of the device and the size of the company
  • Don’t wait for the regulators to identify any gaps

 

Also, identifying your gaps up front, closing them upon identification, then wrapping them into your entire DHF process with your team or with a third-party consultant like RCA helps ensure you have a rock-solid DHF and that you will be prepared when the regulators ask questions.

 

Click to listen to RCA’s full DHF & Design Control podcast Here!

 

FDA Design Control

 

RCA offers medical device consultants who will help you navigate through new product development and remediating legacy Design History Files (DHF). Our life science consultants have a thorough understanding of the specific design history requirements for U.S. and international medical device industries. We’ll support your team’s ability to ensure regulatory compliance and accelerate medical device DHF best practices.

 

In addition to DHF content, development, and management, download our handout to view more of our DHF-related support services, including:

 

  • FDA design control requirements
    • Quality System Regulation, 21 CFR Part 820
    • Design control medical device CGMPs and 21 CFR 820.30
    • Device Master Records (DMR)
    • Device History Record (DHR)
  • ISO 13485 design control
    • Design control procedures
    • Design control process evaluation
    • Design control documents
    • Design quality control
  • The EU’s Medical Device Regulations (MDR) including Technical File / Design Dossier
  • Risk management (ISO 14971) for medical devices including risk analysis, FMEA, risk evaluation, and risk controls through Corrective and Preventive Action (CAPA) plan and design control requirements
  • IEC 60601-1-11 (2010) including Programmable Electrical Medical Systems (PEMS) (Clause 14)
  • Total product life cycle (TPLC)
  • AAMI design control

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Crisis Management Playbook

Posted on by Brandon Miller

crisis management playbookDeveloping a crisis management playbook designed for the challenges of the pharmaceutical industry sector is vital to ensuring long term business continuity. Below are a few critical risk management elements you should consider for your team during crisis handling & developing a crisis management playbook.

 

Risk Management

 

Being able to identify factors that impacted product safety or regulatory compliance is one of the most important elements during the risk assessment phase. During RCA’s risk management services process, operational risk management is one of the first remediation steps to consider.

 

Identify Risk

 

Being able to identify the product hazards that caused the crisis is critical to understand scenario planning. Conduct due diligence to ensure that your product design outputs include no risks that are unnecessary to the consumer. Hazards that do include one or more risk factors must be analyzed why the patient benefit exceeds the financial risk.

 

Measure Risk

 

During scenario planning, identify the critical elements to measure your team and results by via a risk management framework. A risk profile for each product in question can support evaluating, reporting and monitoring adverse events. Systemic risk should be analyzed for product risk profiles with longer term, reoccurring events or specific pharmacovigilance indicators identified as proactive crisis control.

 

Mitigate Risk

 

Being able to work clearly and concisely with your regulatory agency is critical for the due diligence solutions presented for review. Examining all hazards that have been identified during the risk mitigation phase is essential to success during the risk management process. Consider any of the threats that are regarded as acceptable with known risks and document unusual activity in your risk management plan.

 

Crisis Management Communications

 

An initial step recommended by RCA’s medical device consulting team is to identify and evaluate the regulatory compliance dangers and situations. For example, assessing the vulnerability of medical device cybersecurity must consider internal and external threat modeling. Any type of cyber breach that might impact your operations team, business reputation, or stakeholder relationships should have a detailed communication strategy.

 

Crisis Communication Plans

 

A veteran RCA medical device consultant suggests developing a universal shared space where team members can bookmark & access the crisis comms document. A communication strategy would then be shared with communication partners engaged in the public relations and crisis management campaign.

 

Risk Management Communications

 

Inside a successful crisis communication team, everyone knows their role and responsibilities. RCA’s regulatory consulting Experts often designate a process leader who clearly understands the team stakeholders and functions they represent. Refine your approval process so that messaging not only meets external approved communications from these stakeholders, but also legal concerns.

 

Crisis Control

 

A detailed risk management communication plan helps specify different examples for sharing risk messaging to either internal audiences or external stakeholders. Design your communication plan templates so that information is easy to understand for multiple audiences. Different types of tactics to be considered for templates (e.g. press release, social media) to confirm the messaging reliability of the crisis communication strategy.

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].