Tag: Data Integrity

Quality Culture & The Role of Management

Posted on by Brandon Miller

quality cultureIn the pharmaceutical and medical device industries, quality culture plays an essential role in profit generation, product safety and approval from regulatory bodies. As a result, organizations must prioritize maintaining product and process quality. One significant aspect of quality control is data integrity — a company’s data should be complete, consistent and accurate in both paper and electronic forms.

 

The adoption of electronic record keeping systems has led to a resurgence in data integrity citations. In response, many regulatory agencies — including the Food and Drug Administration (FDA), the Medicines and Healthcare Products Regulatory Agency (MHRA), the Pharmaceutical Inspectorate Consortium (PICS) and the World Health Organization (WHO) — have released guidance on data integrity. Many of these reports discuss quality culture as a key part of maintaining data integrity in life sciences.

 

What Is a Quality Culture?

 

Within an organization, quality culture is a working environment in which the risk of noncompliant and erroneous data and records is minimized. Creating a quality culture requires that all members of an organization encourage the open reporting of errors, omissions and other threats to data integrity and product quality.

 

As the WHO and other regulatory agencies have noted, management must be involved with the creation of a quality culture. Quality control should not be limited to the quality management team, but rather flow across all levels of leadership. Managers and other business leaders must be just as accountable for data integrity as everyone else.

 

How Can Management Contribute?

 

As awareness about the importance of quality increases, pharmaceutical companies are likely to see more requests for documentation demonstrating a commitment to quality and data integrity. Quality is also likely to impact a company’s finances — organizations with highly developed quality cultures may spend around $350 million less fixing mistakes every year.

 

To remain competitive, every business must consider the role of management in quality culture. Here are four ways leaders can contribute to quality in pharmaceutical, medical device, biologics and other organizations:

 

  • Lead by example: Quality culture must be encouraged from the top down. If managers and leaders demonstrate a commitment to quality, people throughout the company will follow.
  • Update reporting procedures: Managers should review and update their companies’ reporting procedures to elevate and address issues with data systems when they arise.
  • Review your audit schedule: While regulators don’t require internal audits, they are an important part of upholding data integrity. Review your audit schedule and ensure you are also auditing contract manufacturers and other outside parties.
  • Act on audit results: When an audit reveals gaps in data integrity, act immediately to address the problem. This shows you take quality seriously. You can address issues independently or seek help from experts like those at Regulatory Compliance Associates.

 

Learn More About Data Integrity and Quality Culture

 

The management role in quality culture is a hot topic in the life sciences industry. To learn more about data integrity and quality, contact Regulatory Compliance Associates or listen to the RCA Radio podcast. In the latest episode, host and RCA’s own, Erika Porcelli and Susan Schniepp discuss the history of data integrity and how management can integrate quality into the product lifecycle.

 

About RCA’s Pharmaceutical Services

 

pharmaceutical consultants

Regulatory Compliance Associates (RCA)® has helped thousands of pharmaceutical companies meet regulatory, compliance, quality assurance, and remediation challenges. With more than 20 years of experience with FDA, Health Canada, EU and global regulatory agencies worldwide, RCA offers leading pharmaceutical consultants that can help you navigate through the challenges associated with evolving industry regulations.

 

Our team of over 500 seasoned FDA, Health Canada and EU compliance consultants and regulatory affairs experts can understand the complexities surrounding the pharmaceutical industry and the unique inner workings of the regulatory process. 

 

Client Solutions

 

Whether you’re in the product planning, development or pharmaceutical lifecycle management stage or need a remediation strategy for a compliance crisis, RCA® Inc. will guide you through every step of the regulatory process and create a customized approach depending on your product and your pharma company’s individual needs. Our clients include:

 

  • Companies new to FDA, Health Canada or EU regulations and the pharmaceutical industry
  • Start-up organizations with novel submissions to 510(k) submissions from multi-national corporations
  • Investment firms seeking private equity due diligence for pre-acquisition and post-deal research
  • Law firms seeking expertise in the remediation of warning letters, consent decrees, 483’s or import bans

 

Regulatory Affairs

 

Regulatory affairs is Regulatory Compliance Associates® Inc.’s backbone and we fully understand the complexities of the pharmaceutical and biopharmaceutical industries. Our expertise spans all facets and levels of Regulatory Affairs, from Regulatory Support for New Products to Life Cycle Management, to other services like Outsourced Regulatory Affairs, Submissions, Training, and more.

 

As your partner, we can negotiate the potential assessment minefield of pharmaceuticals with insight, hindsight, and the clear advantage of our breadth and depth of knowledge and experience. We offer the following four regulatory affairs services for pharmaceutical companies.

 

  • New Product Support
  • Product Lifecycle
  • Other Regulatory Services

 

Compliance Assurance

 

The regulations process surrounding pharmaceutical companies can be tricky for even the most experienced industry veteran to understand, and just one misstep could mean significant and lasting consequences for your business. At RCA® Inc., we offer the experience and resources necessary to guide you in quality compliance.

 

  • Assessments
  • Audits
  • Regulatory Agency Response
  • Preparation and Training
  • Inspection Readiness

 

Quality Assurance

 

Regulatory Compliance Associates® Inc.’s Quality Assurance services include assessments, strategy, implementations, staff augmentations, and identification of quality metrics to ensure continuous improvement, aligning with your business needs and goals. Our consultants are quality experts with experience spanning major corporations and start-ups. We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.

 

  • 21 CFR Part 11
  • Data Integrity
  • Manufacturing Support
  • Facility Support

 

Remediation 

 

Regulatory Compliance Associates® Inc. has significant experience and a proven approach to managing FDA Warning Letters, Consent Decrees, Remediation and other serious regulatory situations. We know how to partner with executive, legal, and communication teams, and will assist management with a response that will be accepted by the regulatory agency and be realistic to execute.

 

We can develop a comprehensive proof book of documented objective evidence demonstrating the corrective actions taken to remediate non-compliant issues. In addition, RCA can help prepare a comprehensive strategy to assist in your remediation efforts, drive continuous improvement, and maintain compliance with the regulations.

 

  • Regulatory Action
  • Warning Letter
  • 483 Observation
  • Oversight Services

 

About RCA

 

pharmaceutical consultantsRegulatory Compliance Associates® (RCA) provides healthcare consulting services to the following industries for resolution of compliance and regulatory challenges:

 

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA and globally-regulated companies.

 

As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

 

 

How Quality Culture Is Changing Because of the Pandemic

Posted on by Brandon Miller

 

Among the emerging topics of interest to the life science industry, quality culture, quality metrics, and data integrity are in the spotlight due to changes from the COVID-19 pandemic. Regulatory authorities strive to stay on top of the latest challenges in quality assurance and compliance facing medical device and pharmaceutical firms.

 

Regulatory Compliance Associates® understands that data integrity is important for keeping and maintaining accurate data to protect your data’s trustworthiness. This ensures everything else built on that data is trustworthy as well. We’ll explore why quality culture and data integrity are important and what permanent changes have occurred in the wake of the pandemic.

Need help improving your Quality Culture? Contact Us Now →

How Quality Culture Is Linked to Data Integrity 

It’s essential to understand the ways quality culture is linked to data integrity. Regulators have delineated a clear link between the veracity of data generated by a company and its culture. Future regulatory audits to determine an organization’s health may focus on obtaining information about the company’s quality culture and subsequent data. It’s vital to for companies to acknowledge this relationship so they can identify vulnerabilities, perform necessary risk assessments and remediate risks before an inspection. 

 

An Increased Emphasis on the Importance of Data Integrity and Quality Culture

It’s easier to keep a vigilant eye on data when everyone works from the same locations. However, with more people working from home, maintaining quality culture practices to control data integrity is imperative and challenging.  The Food and Drug Administration (FDA) is  drawing parallels between compliance with data integrity regulations and an organization’s overall culture.

 

 The FDA wants companies to maintain a quality culture that is integrated throughout the organization. The more developed and established an organization’s quality culture, the more reliable the data.

 

Ensuring data integrity compliance can benefit a company in the following ways:

  • Fewer supply chain interruptions
  • Less rework needed
  • Reduced financial risk
  • Increased compliance
  • Improved operational performance and productivity

 

Transitions to Electronic Systems

As a result of the pandemic, more companies are switching from paper-based to electronic systems. This migration to electronic data systems poses certain challenges to any organization.

 

Companies need to have the necessary resources and technical expertise to make sure the electronic systems maintain data integrity concepts. Organizations must be able to provide proof of their compliance supported by an audit trail of their work.

 

Auditing Process Changes Resulting from the COVID-19 Pandemic 

The auditing process may change in many ways as a result of the pandemic:

  • Virtual audits are likely to become more common.
  • Companies will need to ensure systems are secure and files are organized.
  • Companies will have to maintain data integrity in their electronic systems so they can use those systems to transfer data to regulatory auditors.

 

About RCA

pharmaceutical consultantsRegulatory Compliance Associates® (RCA) provides worldwide services to the following industries for resolution of compliance and regulatory challenges:

 

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA-and globally-regulated companies.

 

As your partners, we can negotiate the potential minefield of regulatory compliance and private equity due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

Quality Control & Data Intergity

Posted on by Brandon Miller

quality controlTo learn more about quality control and data integrity, you need to understand what these terms mean and how they can affect your company.

 

What Is Quality Control and Data Integrity?

 

The Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments document from PICS offers perhaps the most comprehensive explanation of what a quality culture is. According to that document, this type of culture is a work environment that is open and transparent, allowing team members to fully and openly communicate mistakes and failures. This open culture is also a work environment where there are processes and structures that allow information about mistakes and problems to flow between team members at different levels.

 

Why Quality Culture?

 

Quality culture and its importance to the World Health Organization, MHRA and PICS recognizes that data quality is reliant on type of workplace. An organization that punishes team members who come forward with mistakes or issues is likely to have fewer reportable issues and less transparency, which can mean less accurate data. By allowing team members to speak freely and permitting the information to flow to different tiers of the organization, you’ll ensure that data can be accurately collected and acted upon.

 

Improving Organizational Quality Culture and Data Integrity through Risk Management

 

If you would like to create a quality culture, your organization can take several steps, including:

  • Creating a quality risk management plan: A written quality risk management plan should include your potential risks and a detailed plan on how to address problems and mistakes. This plan should make it clear that every team member is part of the solution and can report problems without risk of retaliation.
  • Evaluating your risks: Run an organization-wide audit to evaluate which risks could negatively impact product quality. As you start to write your quality risk management plan, begin by evaluating the risks that could impact your product. Could a supplier issue compromise the product? What other problems have arisen in the past or affected others in your industry?
  • Having a remediation plan: Create a written plan on what to do if something happens. How will an issue be reported? Once an issue is reported, what will the next steps be? How can you begin the remediation process?
  • Maintaining your plans as living documents: The goal of a quality risk management plan isn’t to create a document that sits on a computer. Present the document to your team and use it every day. Add to the document as new challenges come to light, and encourage your team to abide by the plan.

 

How We Can Help

 

A quality culture will help you pave the way for success because you’ll be enjoying better data. When you need to submit to global regulatory agencies, having more robust data can also help.

 

While having data integrity and good metrics is a crucial factor for biologics, medical device, pharmaceutical, compounding pharmacy and other organizations, an open quality culture is also important. In addition, it will help you to notice issues and address them in a timely fashion as well as enabling you to plan what to do when problems arise.

 

About RCA

pharmaceutical consultantsRegulatory Compliance Associates® (RCA) provides worldwide services to the following industries for resolution of compliance and regulatory challenges:

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA and globally-regulated companies.

As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

 

Clinical Trials FDA Guidance

Posted on by Brandon Miller

The FDA recently updated guidance for clinical trials & trial design (2022). This update stems from an objective of the 21st Century Cures Act (Cures Act). It includes recommendations for how industry sponsors of pharmaceuticals or biologics should design and conduct clinical trials. The guidance provides a greater explanation of how biologic and oncology trial design can simultaneously evaluate more than one investigational drug.

 

FDA Guidance

 

The guidance goes into depth about the clinical research milestones of master protocol design. Data integrity considerations are also mentioned for biomarker co-development and trial statistical analysis. Traditionally, oncology clinical trials are designed to assess multiple investigational drugs at the same time. Clinical data in this type of design is analyzed across multiple cancer types during the same trial to find all sources of patient efficacy and commercial value.

 

Another primary driver is the CDMO race due to testing multiple drugs and sub-populations under the same protocol. Pharmaceutical consultants like RCA Inc. have witnessed a shortening of client commercialization timelines across the life sciences industry. This directly adds incremental pressure on project sponsors. Clinical teams are being tasked to discover late-stage drug success faster than ever before. Every trial must simultaneously ensure patient safety while producing data that satisfies the regulatory safety and effectiveness.

 

Need help with your Clinical Trials? Talk to our Experts

 

Investigational Drugs (IND FDA)

 

The FDA concisely describes this unique protocol design and clinical trial planning for IND filings and multiple sub-studies. Sub-studies may have separate goals and require aligned efforts across the data science team. For example, collaboration is needed in order to appropriately value multiple investigational drugs. Consideration should be given that therapeutic value may be in one or more disease sub-types in the clinical trial.

 

With these considerations in mind, the FDA goes on to describe the benefits of a master protocol across the study design. This provides the project sponsor design flexibility via electronic data capture (EDC) in an EDC system (e.g. shared control arm, adaptive designs, centralized data capture).

 

Clinical Trial Design

 

This new FDA guidance also provides insights on potential challenges the industry should consider when using master protocols. These unintended consequences can include greater difficulty when assigning detailed adverse events to an investigational drug if numerous products are being investigated across the clinical study.

 

Any lack of adverse event reporting clarity can impact the safety profile of an investigational drug. This directly makes the clinical analysis for FDA approval more complicated for the regulatory body. Multiple study groups can also increase the overinterpretation of study findings. For example, signs of positive product efficacy for cardiac biomarkers could be different than from cancer biomarkers. Biomarker discovery for one subpopulation could also be identified as false if based a different ad hoc patient group.

 

Basket Trials

 

Basket trial design includes assessing an investigational drug blend by including a dose-finding or safety lead-in component. The goal is to identify safe quantities of the combination early in the clinical trial before progressing with an efficacy activity-estimating factor. The FDA proposes therapeutic efficacy for sub-studies within basket trials are constructed as single-arm, activity-estimating trial. The primary endpoint would be recorded as total response rate.

 

The guidance goes on to elaborate on sub-study objectives, including study rationale for each population. A comprehensive statistical analysis plan (SAP) with reasoning for sample size and unique stopping rules based on ineffectuality should also be included in the program documentation.

 

Umbrella Trials

 

A master protocol designed to evaluate multiple drugs is commonly referred to as an umbrella trial. These umbrella trials are often administered as a single drug or as a combination product. Umbrella trials are often a randomized controlled trial to evaluate the mechanism of action of the investigational drug/drugs with a common control arm. Study design for an umbrella trial can include sub-studies based on a patient biomarker or to a separate therapeutic sub-study inside the trial.

 

Clinical Study Design

 

As the clinical study focus, the FDA provides a clear understanding of how project sponsors improve the efficiency of master protocols. For example, using a common control arm during an Umbrella Trial has proven to help evaluate multiple drugs simultaneously for a single disease state.

 

Control Arm

 

For clinical trials, the FDA now recommends a project sponsor use a common control arm when numerous drugs are evaluated simultaneously in a single illness (e.g. umbrella trials). The FDA guidance elaborates in the use of a control arm be the current standard of care (SOC) so trial results are understandable from the perspective of the biologic and oncology medical community.

 

Changes in SOC can also take place during the trial because of an FDA approval or the latest scientific data. The Statistical Analysis Plan (SAP) would need to be revised before any data analysis occurs if this is the case.

 

Novel Drugs

 

When a project sponsor uses sub-studies to assess two or more investigational drugs, the FDA advocates for providing a thorough scientific motivation for the combination. This includes the clinical trial sponsor defining the Recommended Phase 2 Dose (RP2D). Analysis should include each novel drug and ensuring the appropriate dosage has been identified for each individual drug.

 

Targeting Biomarkers

 

The FDA goes on to elaborate on digital biomarkers to help validate the patient selection and recruiting for clinical trials. Biomarkers should be clearly identified based on the intended therapeutic response.

 

For example, an oncology biomarker for tumor size can help predict the response to the investigational drug. This type of study biomarker might demonstrate how the mechanism of action succeeded or failed. There needs to be a consensus among the clinical study team on how biomarkers are justified. Understanding study measures for showing marker positivity before patients enter the trial is critical.

 

Data Monitoring

 

One final important note about the master protocol in the updated FDA guidance describes the independent radiologic review committee. This committee medical research should include blinded tumor-based assessments to provide a charter for the independent data monitoring committee (IDMC).

 

The IDMC charter would guide the committee through ad hoc trials, such as patient efficacy and drug futility. The IDMC can also recommend clinical trial protocol actions. This often includes changes in sample size or modification of a sub-study based on overwhelming futility or efficacy evidence.

 

About RCA

 

Regulatory Compliance Associates® Inc. (RCA) provides healthcare consulting services to the following industries for resolution of compliance and regulatory challenges:

 

 

We understand the complexities of running a life science business. Our team possesses areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA-and globally-regulated companies.

 

As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

 

 

Medical Device Cybersecurity Guidance

Posted on by Joby Semmler

The International Medical Device Regulation Forum (IMDRF) recently published updated cybersecurity guidance for the medical device industry. The medical device cybersecurity working groups at IMDRF have been busy lately, publishing multiple final documents about medical devices & software as medical device (SaMD). 

 

Regulatory Compliance

 

IMDRF’s medical device guidance provides steering assumptions for both regulatory compliance & medical device cybersecurity, which are appropriate for sponsors developing medical devices. Further, a primary objective of the guidance is simultaneously increasing patient safety & reducing external threats for providers and HCPs.

 

Global Harmonization

 

The guidance begins with harmonization concepts that could affect multiple departments inside a medical device manufacturer. Additionally, key areas for harmonization programs highlighted by the cybersecurity guidance include:

 

  • Product design
  • Risk management activities
  • Device labelling
  • Regulatory submission
  • Information sharing
  • Post-market activities

 

Product Life Cycle (PLC)

 

IMDRF’s cybersecurity guidance continues on with a deeper evaluation of risks associated across the product life cycle. It is recommended for potential vulnerabilities to be considered for any product life cycle stage, especially considering legacy devices that may be vulnerable to strategic risk. 

 

medical device cybersecurity

 

Product Design

 

Product design considerations include the initial phases of medical device development and continues until the end of support (EOS) once a product is discontinued. The four product design stages the cybersecurity guidance refers to when it comes to total product life cycle:

 

  • Development Stage
  • Support Stage
  • Limited Stage
  • End of Support

 

Development Stage (Stage 1)

 

The Development Stage occurs during the pre-commercialization phase before a medical device is approved by a regulatory body. This is when medical device manufacturers begin to incorporate security into the product concepts being designed. Design controls are critical in this stage for medical device manufacturers to leverage when considering how to mitigate risks.

 

Finally, an important deliverable of the Development Stage is product-related security documentation. The documentation is designed to help unfamiliar users to understand how to securely operate the medical device. 

 

Support Stage (Stage 2)

 

The Support stage is during the initial post-launch phase and may continue for many years. Medical devices in this stage are:

 

  • Currently used for providing patient care
  • Available for purchase on the open market
  • Contain major software, firmware, or programmable hardware components
  • Support for software, firmware or components is provided by the medical device manufacturer

 

Additionally, medical devices in the Support stage should receive full cybersecurity support. This support often includes software patches, software updates, hardware updates, and incremental support the manufacturer considers appropriate.

 

Limited Support Stage (Stage 3)

 

Medical device manufacturers continue to provide cybersecurity support during Stage 3. However, as product development transitions to a more current medical device design, different constraints are involved with the transition. Medical devices in Stage 3 often require additional network controls compared to medical devices in Stage 2:

 

  • Third-party components or software may be used more frequently than internally developed updates or patches
  • Cybersecurity best practices integration is often governed by the ease of following support practices outlined in the Stage 2
  • Medical device manufacturers must explain to users the existing limitations that are now recognized in the devices and services affected
  • Healthcare providers using the medical device should begin to take more of an active role in unmitigated features of security defense.

 

End of Support Stage (Stage 4)

 

Medical devices in Stage 4 are considered more vulnerable than any of the other stages. They may still be in use for providing patient care, but they have been publicly identified as no longer being supported by the medical device manufacturer. Each of these scenarios result in a medical device that cannot be consistently defended against modern cybersecurity dangers.

 

Critical facets healthcare information technology departments should look for include:

 

  • Medical devices that have been declared EOS by the medical device manufacturer
  • Medical devices that are not actively marketed or sold by the medical device manufacturer
  • Medical devices that contain software, firmware, or programmable hardware components no longer supported by software developers
  • Medical devices with known risks to device safety and effectiveness that are unmitigated

 

Risk Management

 

risk managementFurther, the guidance calls for a risk management approach to product lifecycle management featuring:

 

  • Security risk analysis
  • Security risk evaluation
  • Security risk control
  • Security risk acceptability

 

The cybersecurity guidance expands on product design and how security is incorporated and maintained through the product life cycle. This can be accomplished through using risk control and a secure development framework.

 

Risk mitigation recommendations for medical device manufacturers include:

 

  • Security design and controls based on intended use of the medical device
  • Security risk assessments across the risk management process
  • Threat modelling to help determine operational risk

 

Security testing and communication for medical device manufacturers include:

 

  • Customer facing product security documentation & communication
  • Post-market monitoring of cybersecurity vulnerabilities
  • Identification of vulnerabilities in third party risk management
  • Vulnerability risk identification based on the device security design, controls, and mitigations

 

Ensuring availability of security patches & mitigations based on device risk:

 

  • Coordinated and clear communication to all affected users
  • Description related to the vulnerability and its corresponding mitigations
  • Identification of other mitigation options when a security patch is unavailable

 

Data Integrity

 

One of the core principles the guidance stresses is cybersecurity information, data integrity and the importance of information sharing. IMDRF encourages medical device industry stakeholders to implement a proactive pre- and post-market approach to cybersecurity information sharing.

 

Moreover, timely information can help the industry recognize threats, evaluate associated risks, and react quickly as needed. An increase in industry transparency could directly benefit healthcare providers, medical device users and medical device companies.

 

Security Updates

 

An important section of the medical device cybersecurity guidance details stakeholder responsibilities related communications, risk management, and transfer of responsibility. Specifically, it is important that medical device manufacturer communications are comprehensive & identify types of documentation needed and when the medical device user may need it. 

 

Product Security Documentation

 

Medical device manufacturers should ideally provide PLC documentation about security or support changes early in the Support stage. This helps HCP risk management during both the procurement & deployment of medical devices. Types of life cycle support for product security documentation includes:

 

  • Manufacturer disclosure statement for medical device security
  • Software Bill of Materials (SBOM)
  • Security test report summaries
  • Third-party security certifications
  • Customer security documentation

 

Product Life Cycle Documentation

 

Medical device companies should communicate the strategic life cycle milestones to their customers. Further, these interactions would include cybersecurity EOL and EOS dates if available. This helps to support HCPs during both the procurement & installation process.

 

Additionally, medical device manufacturers should provide this information as far in advance as possible. The goal is at least 2 years in advance to best support healthcare professionals with the following information:

 

  • Affected medical devices
  • Medical device operating system(s)
  • Version of medical device deployed
  • Medical device software components
  • Expected date of medical device service changes
  • Extent of medical device maintenance after a service change occurs
  • Additional design controls that help all involves parties

 

Vulnerability & Patching Information

 

If a vulnerability is uncovered, medical device companies should provide related vulnerability information. Further, the guidance specifically mentions the importance of both the appropriate mitigation or available software patch. Additionally, the guidance stresses an elevated priority be placed on high-risk vulnerabilities where timely communication is required. This communication is designed to help prevent both patient injury or device interruption.

 

Finally, the mitigation method and implementation instructions should be provided to the medical device operators. These security updates include both an over-air update or deployment of service personnel to help install the remedy.

 

Proactive Communications for Third-Party Components

 

Medical device software and other digital components within a medical device will reach EOL/EOS before the product itself does. In these cases, risk can increase based on the lack of support for these elements. To help compensate for these security risks, the cybersecurity guidance suggests medical device companies should:

 

  • Validate the list of third-party components used in medical devices
  • Track support status updates of third-party components used within their device
  • Assess the risks that exist when third-party components become unsupported
  • Communicate new risks and available risk mitigations to healthcare providers

 

About RCA’s Medical Device Consulting Services

 

The regulatory process surrounding the medical device industry involves a strict adherence to pre/post market compliance throughout a device’s life-cycle. Even a single compliance issue you have can turn into a significant effect on your business. Regulatory Compliance Associates® medical device consultants can help guide you through any stage of this strategic process, with capabilities during product development through the regulatory clearance/approval of your product.

 

Our team of over 500 medical device consultant Experts — including former FDA officials and other leaders in the field of medical device regulation — will work with your company to create a quality assurance and regulatory compliance approach tailored to your products and regulatory needs. Regulatory Compliance Associates® works with both international Fortune 100 companies and small local start-ups, as well as law firms requesting remediation for warning letters, 483’s, import bans or consent decrees. Very few medical device consulting companies have the same expertise in a variety of medical fields.

 

Cybersecurity

 

For medical device manufacturers, technology can be a double-edged sword. The innovative technologies that elevate the quality of life for patients can also be used to potentially undermine the organization using the device. The consequences can affect the device itself if Regulatory Compliance Associates® medtech consultants do not implement good IoT cybersecurity and FDA cybersecurity protocols.

 

At Regulatory Compliance Associates®, we offer a wide variety of services for medical devices security to help ensure that your product is protected from cyber-attacks. With a well-planned design, along with full visibility of product development and the supply chain, Regulatory Compliance Associates® medical device consultant Experts can help strengthen your device’s cybersecurity posture throughout. We partner with medical device companies for the entire life cycle, including from the development of your product to the regulatory submission services involved with medical technology consulting.

 

Regulatory Affairs

 

Regulatory affairs is Regulatory Compliance Associates® backbone, and we handle more submissions in a month than many manufacturers do in a lifetime. Our medical device regulatory consulting Experts have experience working with the FDA, global regulatory bodies and / or agencies, and notified bodies worldwide. Therefore, you can count on us for in-depth and up-to-date insights which increase speed-to-market.

 

As a trusted regulatory affairs consultant, our FDA veterans and industry experts represent Regulatory Compliance Associates® as one of the top medical device consulting firms. We’re here to help you navigate the difficulties associated with new product submissions. Regulatory Compliance Associates® medical device consulting company has expertise in both the approval process and post-approval support. 

 

  • New Product Approval
  • Post-Approval Support
  • Outsourced Staffing
  • EU MDR

 

Compliance Assurance

 

Increasingly, life science companies are feeling the pressure of greater scrutiny by regulators, and responding by developing sustainable compliance strategies. Whether it’s preparing for an audit, developing a response to an FDA finding, or remediation to an adverse event, Regulatory Compliance Associates® can help.

 

Our network of over 500 medical device consultant & FDA, MHRA & EMA veterans are industry professionals offers a unique blend of expertise. This allows Regulatory Compliance Associates® to handle both simple and complex regulatory compliance challenges within medical device consulting companies.

 

  • Gap Assessments
  • Internal Audits
  • Employee Training
  • Notified Body Response

 

Quality Assurance

 

Regulatory Compliance Associates® Quality Assurance consulting includes quality system assessments, strategy, implementations, and identification of quality metrics to ensure continuous improvement, aligning with your business needs and goals. Each Regulatory Compliance Associates® medical device consultant is a quality expert with experience spanning major corporations and start-ups. We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.

 

In the medical devices field, quality assurance (QA) is more than merely ensuring the quality of a finished product. You need the tools to monitor and regulate every process from the design of a new product to continued quality compliance as the device is sent to market. At Regulatory Compliance Associates®, we offer you the medical device consultant assistance you need to monitor these processes and ensure quality compliance every step of the way.

 

With more than 20 years experience working with medical device consulting companies, Regulatory Compliance Associates® trusted medical device quality assurance consultant team is fully equipped to handle your unique QA needs.

 

  • ISO13485 
  • 21 CFR 210
  • 21 CFR 211
  • Outsourced Staffing
  • MDSAP
  • Facility Validation
  • Equipment Validation

 

Remediation Support

 

Regulatory Compliance Associates® is widely recognized within medical device consulting companies & the life science industry for remediation support. Regulatory Compliance Associates® ability to help companies successfully resolve complex regulatory challenges have a proven track record of success. Our medical device consulting services include significant experience with the development of responses to 483 Observations, Warning Letters, Untitled Letters and Consent Decrees.

 

Our value goes beyond the initial response by helping companies successfully execute their action plans, develop an improved compliance culture tailored to the needs of their business, and ultimately move beyond the regulatory action to emerge as a stronger business. We negotiate difficult demands of remediation with insight and the clear advantage of our medical device consultant expertise and experience that makes partnering with Regulatory Compliance Associates®  a competitive differentiator in the remediation space.

 

  • Quality System
  • Technical File
  • Design History File
  • Data Integrity
  • cGMP 

 

Strategic Consulting

 

Whether it’s a strategy, a technical plan, or project, Regulatory Compliance Associates® medical device consultancy can help ensure a successful project. Regulatory Compliance Associates® medical device strategy consulting can deliver your project on time, on budget, and you’re never embroiled in a costly mistake.

 

Our medical device consultant Experts are industry Experts are here to provide the unique insight you need before an M&A deal, through a staffing crisis and in every area of your product’s development and life cycle. As the trusted medical device manufacturing consultants of thousands of companies around the world, we have the knowledge and expertise needed to deliver exceptional results to your business — no matter your size or unique needs.

 

  • Manufacturing Optimization
  • Product Lifecycle Management
  • Mergers & Acquisitions (M&A)
  • Due Diligence
  • Device Vigilance
  • Product Complaints
  • Medical Information

 

About RCA

medical device cybersecurityRegulatory Compliance Associates® (RCA) provides medical device consulting to the following industries for resolution of life science challenges:

 

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.

 

As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

About Sotera Health

The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.

 

medical device cybersecuritySotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.

 

We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

 

Data Integrity

Posted on by Brandon Miller

data integrityData integrity is the reliability, consistency, and accuracy of data at rest and in transit. Quality data adheres to several standards, beginning with integrity, confidentiality and availability.

 

Data integrity is a process to ensure consistent and accurate data over its life cycle. Requirements specify that data records need to be attributable, legible, contemporaneous, original, and accurate (ALCOA). In addition to the ALCOA, there is ALCOA+ which also requires data to be complete, consistent, enduring, and available.

 

Good Practices for Data Management and Integrity

 

Compromised data can lead to poor business decisions. Any decisions based on inaccurate data are suspect during inspections. To ensure the integrity of your company’s data:

 

  • Implement access controls. Locking and securing sensitive records and restricting unauthorized users from accessing data can reduce loss and corruption. 
  • Make backups. Once lost, raw data is irreplaceable. Backups must include original, raw data creates a duplicate in an alternate location. 
  • Validate the data. Automate digital validation by organizing and filtering data using scripts. Validation checks the quality of the data to be secure, meaningful and correct. 
  • Have a quality system in place. Having a quality system in place and ensuring procedures can be completed on- or off-site will help solve any issues. 
  • Think through changes. If you’re going to change processes to adapt to a more virtual environment where employees work from home, think about all necessary steps or procedures.
  • Organize files and systems. Systemically arranging your files helps you easily pass off or explain data to others such as auditors and inspectors.
  • Validate input. You can use input validation to block cyberattacks, such as structured query language (SQL) injection prevention. Checking input at the time it is recorded is crucial.

 

Does your team need help with Data Integrity? Talk to our Experts→

 

New Guidance From the Food and Drug Administration (FDA)

 

The best way to maintain a supply of safe and effective products and prevent a drug shortage is to comply with data integrity concepts to prevent batch rejection/recall and monitor sites and stay up to date on FDA guidelines. You can do this by: 

 

  • Reviewing the staff manual guide. This guide covers FDA internal procedures for requesting records in advance of or in place of a drug inspection. 
  • Ensuring your company has a quality culture. Complications during the COVID-19 pandemic have only made processes more complicated, so establishing procedures around quality culture can help deter issues. 
  • Building quality into your operations: make sure you have a strong training program and it’s importance to the organization and the product.
  • Having a solid risk management plan. A solid risk management strategy can save you money, time, and unnecessary manufacturing disruptions and establish a process to deal with potential risks that may arise.

 

About RCA

 

medical device consultantsRegulatory Compliance Associates® (RCA) provides medical device consultant services to the following industries for resolution of compliance and regulatory challenges:

 

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.

 

As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

About Sotera Health

 

The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.

 

sotera healthSotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.

 

We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.

 

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

 

 

Our website uses cookies to give you the best possible experience.

By continuing to use this site, you agree to the use of cookies.
Continue
Privacy Policy