Click now to hear from Jordan Elder, RCA’s Director of Regulatory Affairs, regarding the latest info on Quality System Regulation (QSR) regulations and FDA harmonization efforts:
When developing a quality management system (QMS), it is important to understand any pitfalls that could arise as well as understand what each notified body looks for in a compliant quality system. Recently, one of the US Food and Drug Administration’s (FDA’s) top medical device regulators said harmonizing the agency’s current Quality System Regulation with the International Organization for Standardization (ISO) 13485:2016 is a “high priority”.
Click to learn about the latest updates to the QMSR File Rule.
QMS Harmonization
Currently, the US Food and Drug Administration (FDA) does not enforce ISO’s 13458:2016 standards set in place for Quality Management Systems, but uses its own Quality System Regulation (QSR) guidelines that do include parts of the 13458 standards. But this is set to change for the better. The FDA has recently proposed plans to align its quality system requirements with ISO 13485:2016, creating a new regulation dubbed the Quality Management System Regulation (QMRS). This shift came four years after the agency first proposed the regulatory alignment.
Quality Management System
Manufacturers who already conform to the ISO standard should not see much change and this move should help create efficiencies for them in the long run. The FDA proposed the alinement by incorporating the 2016 edition of the international standard specific for medical device quality management systems ISO13485. Through this rulemaking, the FDA is also proposing additional requirements that help connect and align ISO13485 with existing requirements in the FD&C Act and its implementing regulations. This will include making conforming edits to 21 CFR Part 4 to clarify the device CGMP requirements for combination products as well.
Risk Management
The most noticeable difference between the current quality systems regulation and ISO13485 is that the risk management requirements are integrated throughout the aspects of the quality management system in ISO13485. This differs from 21 CFR 820, in that the only risk-specific requirement in the QS regulation is listed in §820.30(g), as it relates to risk analysis as a part of design validation.
These revisions are intended to supplant the existing ISO13485 requirements with the specifications of an international consensus standard for medical device manufacturers. The revisions are expected to reduce device manufacturers’ burdens, specifically aspects of compliance and recordkeeping through the harmonization of domestic and international requirements.
ISO Standard
With a membership of 168 national standards bodies, ISO is an independent, non-governmental international organization that brings together experts from around the world to share knowledge and develop voluntary, consensus-based, market-relevant International Standards that support innovation and provide solutions to global challenges.
Although the standers set by ISO are recognized by organizations around the world, ISO compliance itself isn’t a legal requirement, the standards naturally align with different regulations across the industries. ISO compliance means using ISO standards as guidelines for aligning your policies, processes, and operating procedures to adhere to the standard.
ISO 13485:2016 specifies requirements for medical device quality management systems where an organization needs to demonstrate its ability to consistently meet customer and applicable regulatory requirements. This includes one or more stages of the product life cycle, including:
Design controls and development
Production and manufacturing
Storage and distribution
Installation
Servicing a medical device
Technical support
ISO13485:2016 can also be used by suppliers or external parties that provide products, including quality management system-related services to such organizations.
To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage.
Click now to learn from Sue Schniepp, Distinguished Fellow at Regulatory Compliance Associates, as she describes microbial process design and how your team can improve contamination control.
Human microbes live in every part of a human being, including the skin, gut, and nose. Trillions of microorganisms live inside the human body — often outnumbering human cells by 10 to 1. However, microorganisms only make up roughly 1 to 3 percent of the body’s mass because of their tiny size. Sometimes microbes in food can lead to illness, but it is more common for microbes in human body functions to safely live in their host. Additionally, many types of microbes provide unique qualities that help increase life expectancy and human survival in general.
Annex 1
When it comes to microbial control and process design, there are unique drivers listed in the EU’s Annex 1 regulatory guidance that can help your organization. This regulatory compliance guidance contains different types of contamination control requirements.
Further, these drivers come in many different shapes and sizes, but all can impact manufacturing production if not carefully considered.
Sterile Preparations
Manufacturing sterile products covers a wide spectrum of decisions to be considered by the Quality team and manufacturing operations, including:
Sterile product types
Active substance
Sterile excipient
Packaging material
Finished dosage form
Packaging sizes
Single unit
Multiple units
Sterile processes
Automated systems
Manual processes
Technologies
Biotechnology
Small molecule manufacturing
Closed systems
Additionally, one of the quality assurance goals of sterile product manufacturing is to minimize risk associated with microbial, particulate, and pyrogen contamination.
Process Design
Contamination sources are the focus of process design and are commonly due to microbial and cellular debris, as well as particulate matter. Understanding how your facility, equipment and employees contribute to uncleanness (whether intentional or not) is essential to contamination control. Lastly, process design should consider each contamination source individually and as a whole to achieve regulatory compliance.
Manufacturing Plant
The facility your product is manufactured in is the first gap analysis that should be conducted. For example, a food manufacturing plant will have a different set of needs to be considered than a pharmaceutical manufacturing environment. Each will have unique requirements based on equipment, environment and process. Further, pharmaceutical production follows unique FDA guidance recommendations that are unlike many commercialized products on the market.
Cleanroom
One of the first priorities your team should understand is clean room classifications and differences in a regulated clean room environment. There are many types of cleanroom services that can help with clean room design and preparing for regulatory compliance (e.g. ISO 7 or ISO 8).
For example, cleanliness standards and cleanroom supplies should be maintained and monitored for environmental conditions. Finally, airlocks for both personnel and equipment should include HEPA (High Efficiency Particulate Air) air filtration to increase air cleanliness and controls that reduce contaminants.
RABS
Restricted Area Barrier Systems (RABS) and isolators can help assure environmental conditions help minimize microbial contamination. Further, a reliable containment strategy should consider the types of human intervention that can impact the critical zone. This often goes hand-in-hand with the type of grade the zone is.
There are four primary types of critical zones:
Grade A: this area includes high risk operations that must consider air filtration, the aseptic processing line, and filling zone. Additionally, the stopper bowl, open ampoules and vials also must be studied based on contaminates & unidirectional air flow. Finally, process design & SOPs should minimize the number of operators who don’t use barrier protection or glove port
Grade B: this area is commonly a background cleanroom for Grade A aseptic preparation and filling zone. Most importantly, airflow visualization studies should show that air does not enter from any lower grade cleanrooms to Grade B. Air pressure differentials should be monitored to ensure clean airflow.
Grade C and D: These types of cleanroom spaces are used for lower risk manufacturing stages in the manufacturing process. The most often use class for Grade C and D are the preparation and filling of terminally sterilized
Finally, it is critically important when analyzing the grade of a zone when it comes to modular clean room or portable clean room designs. Make sure your cleanroom construction team understands the types of certified cleanroom principles that follow regulatory compliance.
Water Systems
A water treatment plant is one of the most critical elements of microbial process design. The water filter system should minimize both particulates and pyrogens to help reduce the potential for contamination. Further, special attention should be given to the different types of water filter products used & how they are monitored and maintained over time. Nevertheless, water flow should remain forceful & consistent through water filtration pipes to minimize microbial adhesion & the risks associated with biofilm formation.
Sterilizing Agent
When using a pure steam generator as a sterilizing agent, the design should be correctly purified. Additionally, these agents of sterilization should be designed & validated to confirm steam quality meets both chemical levels and endotoxin levels. For the same reason, measure your steam quality for any additional additives that can cause either contamination of your product or manufacturing equipment.
Central Vacuum System
Understanding when gases come into contact with the product or container surfaces is critical during process design. For example, here are process design concepts to validate proper chemical, particulate, and microbial quality:
Relevant parameters (e.g. oil and water content) should be specified in the documentation
Consider the use cases inside the facility & type of gas being used during the process
Respect the gas generation system & if the design complies with the Pharmacopoeia monograph
Gases used in aseptic processes should always be filtered through a sterilizing filter. If your sterilizing filter is used on a batch basis, consider integrity testing the results during batch certification. Finally, any backflow from vacuum systems or pressure systems can produce hazards to the product. Have your quality team consistently review the mechanisms that prevent backflow when the systems are shut down.
Hydraulic Systems
Manufacturing equipment connected by hydraulics or heating & cooling systems, when possible, should be preferably outside the filling room. Equally important, pump hydraulics or fluid hydraulics located in the filling room should include design controls to contain any spillage. Leaks from these types of systems could pose a contamination risk to the product that should be detectable.
Finally, incorporating an indication system can help monitor leakage scenarios where contamination can become an urgent problem. This can include manufacturing technology such as tank gauges, a tank level sensor, and advanced water level monitor functionality.
Regulatory Compliance Associates (RCA) has helped thousands of pharmaceutical companies meet regulatory, compliance, quality assurance, and remediation challenges. With more than 20 years of experience with FDA, Health Canada, EU and global regulatory agencies worldwide, Regulatory Compliance Associates® offers leading pharmaceutical consultants. We’re one of the few pharma consulting companies that can help you navigate the challenges associated with industry regulations.
Our pharmaceutical consulting firm includes over 500 seasoned FDA, Health Canada & EU compliance consultants and regulatory affairs experts who understand industry complexities. It’s a pharma consultancy founded by regulatory compliance executives from the pharmaceutical industry. Every pharmaceutical industry consultant on the Regulatory Compliance Associates team knows the unique inner workings of the regulatory process.
Client Solutions
Whether you’re in the product planning, development or pharmaceutical lifecycle management stage or need a remediation strategy for a compliance crisis, Regulatory Compliance Associates will guide you through every pharmaceutical consulting step of the regulatory process and create a customized approach depending on your product and your pharma company’s individual needs. Our regulatory compliance clients include:
Companies new to FDA, Health Canada or EU regulations and regulatory compliance
Start-up organizations with novel submissions to 510(k) submissions from multi-national corporations
Investment firms seeking private equity due diligence for pre-acquisition and post-deal research
Law firms seeking pharmaceutical consulting firm expertise in the remediation of warning letters, consent decrees, 483’s or import bans
Regulatory affairs is Regulatory Compliance Associates backbone. We exceed other pharma consulting companies with industry experts experienced in complexities of the pharmaceutical and biopharmaceutical industries. Our pharma consulting expertise spans all facets and levels of Regulatory Affairs, from Regulatory Support for New Products to Life Cycle Management, to other services like Outsourced Regulatory Affairs, Submissions, Training, and more.
As your partner, we can negotiate the potential assessment minefield of regulatory compliance services with insight, hindsight, and the clear advantage of our breadth and depth of knowledge and regulatory compliance consulting. We offer the following pharma consulting regulatory affairs services for pharmaceutical companies.
The regulations process surrounding pharmaceutical companies can be tricky for even the most experienced industry veteran to understand. Just one misstep could mean significant and lasting consequences for your business. At Regulatory Compliance Associates, we offer the pharma consulting experience and pharma consultants necessary to guide you through the quality compliance process.
Regulatory Compliance Associates Quality consulting includes assessments, strategy, implementations, staff augmentations, and identification of quality metrics to ensure continuous improvement. Our pharma consultants understand the strategic thinking needed to align your business needs and goals. Regulatory Compliance Associates quality assurance services include quality experts with experience spanning major corporations and start-ups. Our pharmaceutical consulting firm knows firsthand how to achieve, maintain, and improve quality, and we excel in transferring pharma consulting knowledge to your organization.
Regulatory Compliance Associates has a proven remediation services approach to managing FDA Warning Letters, Consent Decrees, Remediation and other serious regulatory situations. Our pharma consultants know how to partner with executive, legal, and communication teams. Each RCA pharma consulting Expert will develop a response that will be accepted by the regulatory agency and be realistic to execute.
Regulatory Compliance Associates pharma regulatory consultants will develop a comprehensive proof book of documented evidence demonstrating the corrective action taken to remediate non-compliant issues. In addition, each Regulatory Compliance Associates pharma consulting Expert understands compliance enforcement. We’ll prepare a comprehensive pharma consulting strategy to assist in your remediation efforts, drive continuous improvement, and maintain regulatory compliance with the regulations.
Regulatory Action
Regulatory Compliance
Regulatory Enforcement
Warning Letter
483 Observation
Oversight Services
Risk Management Plan
About Regulatory Compliance Associates
Regulatory Compliance Associates® (RCA) provides pharmaceutical consulting to the following industries for resolution of life science challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.
As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
Founded in 2000
Headquartered in Wisconsin (USA)
Expertise backed by over 500 industry subject matter experts
The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.
Sotera Health Company, along with its three best-in-class businesses – Sterigenics®, Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.
We are a trusted partner to 5,800+ customers in over 50 countries, including 40 of the top 50 medical device companies and 9 of the top 10 pharmaceutical companies.
Commitment to Quality
Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.
To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage.
Among the emerging topics of interest to the life science industry, quality culture, quality metrics, and data integrity are in the spotlight due to changes from the COVID-19 pandemic. Regulatory authorities strive to stay on top of the latest challenges in quality assurance and compliance facing medical device and pharmaceutical firms.
Regulatory Compliance Associates® understands that data integrity is important for keeping and maintaining accurate data to protect your data’s trustworthiness. This ensures everything else built on that data is trustworthy as well. We’ll explore why quality culture and data integrity are important and what permanent changes have occurred in the wake of the pandemic.
It’s essential to understand the ways quality culture is linked to data integrity. Regulators have delineated a clear link between the veracity of data generated by a company and its culture. Future regulatory audits to determine an organization’s health may focus on obtaining information about the company’s quality culture and subsequent data. It’s vital to for companies to acknowledge this relationship so they can identify vulnerabilities, perform necessary risk assessments and remediate risks before an inspection.
An Increased Emphasis on Data Integrity
It’s easier to keep a vigilant eye on data when everyone works from the same locations. However, with more people working from home, maintaining quality culture practices to control data integrity is imperative and challenging. The Food and Drug Administration (FDA) is drawing parallels between compliance with data integrity regulations and an organization’s overall culture.
The FDA wants companies to maintain a quality culture that is integrated throughout the organization. The more developed and established an organization’s quality culture, the more reliable the data.
As a result of the pandemic, more companies are switching from paper-based to electronic systems. This migration to electronic data systems poses certain challenges to any organization.
Companies need to have the necessary resources and technical expertise to make sure the electronic systems maintain data integrity concepts. Organizations must be able to provide proof of their compliance supported by an audit trail of their work.
Auditing Process Changes Resulting from the COVID-19 Pandemic
The auditing process may change in many ways as a result of the pandemic:
Regulatory Compliance Associates (RCA) has helped thousands of pharmaceutical companies meet regulatory, compliance, quality assurance, and remediation challenges. With more than 20 years of experience with FDA, Health Canada, EU and global regulatory agencies worldwide, Regulatory Compliance Associates® offers leading pharmaceutical consultants. We’re one of the few pharma consulting companies that can help you navigate the challenges associated with industry regulations.
Our pharmaceutical consulting firm includes over 500 seasoned FDA, Health Canada & EU compliance consultants and regulatory affairs experts who understand industry complexities. It’s a pharma consultancy founded by regulatory compliance executives from the pharmaceutical industry. Every pharmaceutical industry consultant on the Regulatory Compliance Associates team knows the unique inner workings of the regulatory process.
Client Solutions
Whether you’re in the product planning, development or pharmaceutical lifecycle management stage or need a remediation strategy for a compliance crisis, Regulatory Compliance Associates will guide you through every pharmaceutical consulting step of the regulatory process and create a customized approach depending on your product and your pharma company’s individual needs. Our regulatory compliance clients include:
Companies new to FDA, Health Canada or EU regulations and regulatory compliance
Start-up organizations with novel submissions to 510(k) submissions from multi-national corporations
Investment firms seeking private equity due diligence for pre-acquisition and post-deal research
Law firms seeking pharmaceutical consulting firm expertise in the remediation of warning letters, consent decrees, 483’s or import bans
Regulatory affairs is Regulatory Compliance Associates backbone. We exceed other pharma consulting companies with industry experts experienced in complexities of the pharmaceutical and biopharmaceutical industries. Our pharma consulting expertise spans all facets and levels of Regulatory Affairs, from Regulatory Support for New Products to Life Cycle Management, to other services like Outsourced Regulatory Affairs, Submissions, Training, and more.
As your partner, we can negotiate the potential assessment minefield of regulatory compliance services with insight, hindsight, and the clear advantage of our breadth and depth of knowledge and regulatory compliance consulting. We offer the following pharma consulting regulatory affairs services for pharmaceutical companies.
The regulations process surrounding pharmaceutical companies can be tricky for even the most experienced industry veteran to understand. Just one misstep could mean significant and lasting consequences for your business. At Regulatory Compliance Associates, we offer the pharma consulting experience and pharma consultants necessary to guide you through the quality compliance process.
Regulatory Compliance Associates Quality consulting includes assessments, strategy, implementations, staff augmentations, and identification of quality metrics to ensure continuous improvement. Our pharma consultants understand the strategic thinking needed to align your business needs and goals. Regulatory Compliance Associates quality assurance services include quality experts with experience spanning major corporations and start-ups. Our pharmaceutical consulting firm knows firsthand how to achieve, maintain, and improve quality, and we excel in transferring pharma consulting knowledge to your organization.
Regulatory Compliance Associates has a proven remediation services approach to managing FDA Warning Letters, Consent Decrees, Remediation and other serious regulatory situations. Our pharma consultants know how to partner with executive, legal, and communication teams. Each RCA pharma consulting Expert will develop a response that will be accepted by the regulatory agency and be realistic to execute.
Regulatory Compliance Associates pharma regulatory consultants will develop a comprehensive proof book of documented evidence demonstrating the corrective action taken to remediate non-compliant issues. In addition, each Regulatory Compliance Associates pharma consulting Expert understands compliance enforcement. We’ll prepare a comprehensive pharma consulting strategy to assist in your remediation efforts, drive continuous improvement, and maintain regulatory compliance with the regulations.
Regulatory Action
Regulatory Compliance
Regulatory Enforcement
Warning Letter
483 Observation
Oversight Services
Risk Management Plan
About Regulatory Compliance Associates
Regulatory Compliance Associates® (RCA) provides pharmaceutical consulting to the following industries for resolution of life science challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.
As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
Founded in 2000
Headquartered in Wisconsin (USA)
Expertise backed by over 500 industry subject matter experts
The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.
Sotera Health Company, along with its three best-in-class businesses – Sterigenics®, Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.
We are a trusted partner to 5,800+ customers in over 50 countries, including 40 of the top 50 medical device companies and 9 of the top 10 pharmaceutical companies.
Commitment to Quality
Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.
To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage.
The International Medical Device Regulation Forum (IMDRF) recently published updated cybersecurity guidance for the medical device industry. The medical device cybersecurity working groups at IMDRF have been busy lately, publishing multiple final documents about medical devices & software as medical device (SaMD).
Regulatory Compliance
IMDRF’s medical device guidance provides steering assumptions for both regulatory compliance & medical device cybersecurity, which are appropriate for sponsors developing medical devices. Further, a primary objective of the guidance is simultaneously increasing patient safety & reducing external threats for providers and HCPs.
Global Harmonization
The guidance begins with harmonization concepts that could affect multiple departments inside a medical device manufacturer. Additionally, key areas for harmonization programs highlighted by the cybersecurity guidance include:
Product design
Risk management activities
Device labelling
Regulatory submission
Information sharing
Post-market activities
Product Life Cycle (PLC)
IMDRF’s cybersecurity guidance continues on with a deeper evaluation of risks associated across the product life cycle. It is recommended for potential vulnerabilities to be considered for any product life cycle stage, especially considering legacy devices that may be vulnerable to strategic risk.
Product Design
Product design considerations include the initial phases of medical device development and continues until the end of support (EOS) once a product is discontinued. The four product design stages the cybersecurity guidance refers to when it comes to total product life cycle:
Development Stage
Support Stage
Limited Stage
End of Support
Development Stage (Stage 1)
The Development Stage occurs during the pre-commercialization phase before a medical device is approved by a regulatory body. This is when medical device manufacturers begin to incorporate security into the product concepts being designed. Design controls are critical in this stage for medical device manufacturers to leverage when considering how to mitigate risks.
Finally, an important deliverable of the Development Stage is product-related security documentation. The documentation is designed to help unfamiliar users to understand how to securely operate the medical device.
Support Stage (Stage 2)
The Support stage is during the initial post-launch phase and may continue for many years. Medical devices in this stage are:
Currently used for providing patient care
Available for purchase on the open market
Contain major software, firmware, or programmable hardware components
Support for software, firmware or components is provided by the medical device manufacturer
Additionally, medical devices in the Support stage should receive full cybersecurity support. This support often includes software patches, software updates, hardware updates, and incremental support the manufacturer considers appropriate.
Limited Support Stage (Stage 3)
Medical device manufacturers continue to provide cybersecurity support during Stage 3. However, as product development transitions to a more current medical device design, different constraints are involved with the transition. Medical devices in Stage 3 often require additional network controls compared to medical devices in Stage 2:
Third-party components or software may be used more frequently than internally developed updates or patches
Cybersecurity best practices integration is often governed by the ease of following support practices outlined in the Stage 2
Medical device manufacturers must explain to users the existing limitations that are now recognized in the devices and services affected
Healthcare providers using the medical device should begin to take more of an active role in unmitigated features of security defense.
End of Support Stage (Stage 4)
Medical devices in Stage 4 are considered more vulnerable than any of the other stages. They may still be in use for providing patient care, but they have been publicly identified as no longer being supported by the medical device manufacturer. Each of these scenarios result in a medical device that cannot be consistently defended against modern cybersecurity dangers.
Critical facets healthcare information technology departments should look for include:
Medical devices that have been declared EOS by the medical device manufacturer
Medical devices that are not actively marketed or sold by the medical device manufacturer
Medical devices that contain software, firmware, or programmable hardware components no longer supported by software developers
Medical devices with known risks to device safety and effectiveness that are unmitigated
Risk Management
Further, the guidance calls for a risk management approach to product lifecycle management featuring:
Security risk analysis
Security risk evaluation
Security risk control
Security risk acceptability
The cybersecurity guidance expands on product design and how security is incorporated and maintained through the product life cycle. This can be accomplished through using risk control and a secure development framework.
Risk mitigation recommendations for medical device manufacturers include:
Security design and controls based on intended use of the medical device
Security risk assessments across the risk management process
Threat modelling to help determine operational risk
Security testing and communication for medical device manufacturers include:
Customer facing product security documentation & communication
Post-market monitoring of cybersecurity vulnerabilities
Identification of vulnerabilities in third party risk management
Vulnerability risk identification based on the device security design, controls, and mitigations
Ensuring availability of security patches & mitigations based on device risk:
Coordinated and clear communication to all affected users
Description related to the vulnerability and its corresponding mitigations
Identification of other mitigation options when a security patch is unavailable
Data Integrity
One of the core principles the guidance stresses is cybersecurity information, data integrity and the importance of information sharing. IMDRF encourages medical device industry stakeholders to implement a proactive pre- and post-market approach to cybersecurity information sharing.
Moreover, timely information can help the industry recognize threats, evaluate associated risks, and react quickly as needed. An increase in industry transparency could directly benefit healthcare providers, medical device users and medical device companies.
Security Updates
An important section of the medical device cybersecurity guidance details stakeholder responsibilities related communications, risk management, and transfer of responsibility. Specifically, it is important that medical device manufacturer communications are comprehensive & identify types of documentation needed and when the medical device user may need it.
Product Security Documentation
Medical device manufacturers should ideally provide PLC documentation about security or support changes early in the Support stage. This helps HCP risk management during both the procurement & deployment of medical devices. Types of life cycle support for product security documentation includes:
Manufacturer disclosure statement for medical device security
Software Bill of Materials (SBOM)
Security test report summaries
Third-party security certifications
Customer security documentation
Product Life Cycle Documentation
Medical device companies should communicate the strategic life cycle milestones to their customers. Further, these interactions would include cybersecurity EOL and EOS dates if available. This helps to support HCPs during both the procurement & installation process.
Additionally, medical device manufacturers should provide this information as far in advance as possible. The goal is at least 2 years in advance to best support healthcare professionals with the following information:
Affected medical devices
Medical device operating system(s)
Version of medical device deployed
Medical device software components
Expected date of medical device service changes
Extent of medical device maintenance after a service change occurs
Additional design controls that help all involves parties
Vulnerability & Patching Information
If a vulnerability is uncovered, medical device companies should provide related vulnerability information. Further, the guidance specifically mentions the importance of both the appropriate mitigation or available software patch. Additionally, the guidance stresses an elevated priority be placed on high-risk vulnerabilities where timely communication is required. This communication is designed to help prevent both patient injury or device interruption.
Finally, the mitigation method and implementation instructions should be provided to the medical device operators. These security updates include both an over-air update or deployment of service personnel to help install the remedy.
Proactive Communications for Third-Party Components
Medical device software and other digital components within a medical device will reach EOL/EOS before the product itself does. In these cases, risk can increase based on the lack of support for these elements. To help compensate for these security risks, the cybersecurity guidance suggests medical device companies should:
Validate the list of third-party components used in medical devices
Track support status updates of third-party components used within their device
Assess the risks that exist when third-party components become unsupported
Communicate new risks and available risk mitigations to healthcare providers
To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].
The onset of a global pandemic and other factors are causing many U.S.-based pharmaceutical and medical device companies to evaluate whether to bring back manufacturing facility operations they’ve previously outsourced to other countries. In a time where ensuring quality is paramount, insourcing has the potential to allow these organizations to implement more stringent quality control standards. Deciding between a brownfield and greenfield strategy also optimizes logistics networks and reduces transportation costs, provided raw material suppliers are readily available.
A primary consideration when onshoring manufacturing is deciding whether to select a brownfield or greenfield site.
What Is a Brownfield Facility?
A brownfield manufacturing process utilizes a suitable existing facility and infrastructure. In many cases, the manufacturer will either purchase or lease the structure and perform any modifications required to complete the “fit-out”. In many brownfield projects, production is already occurring and personnel who are familiar with the projects and compatible quality control systems are in place. This may even be an existing facility within the corporate structure of the company.
The most obvious advantage of choosing a brownfield site is a faster implementation. There’s no need to wait for the construction of a new facility, which could take a year or longer. If executed correctly, the transition to a brownfield facility can be quick and seamless, reducing downtime and minimizing disruptions that negatively impact service. Additionally, these sites may have legacy tech systems (ERP, eDoc, CAPA etc.) that can integrate the new operational processes.
On the downside, brownfield facilities may have some production limitations due to the nature of the existing infrastructure. Scaling the operation may also pose significant challenges. As these structures are often older, they may have some operational inefficiencies and require more maintenance and upkeep. Some systems may even require replacement or considerable overhaul.
If you’re exploring the possibility of moving into a brownfield site when onshoring manufacturing processes, it’s essential to evaluate its current validation status. Transferring a new product into an existing facility often triggers a regulatory inspection and could lead to inspectional observations surrounding existing operations.
What Is a Greenfield Facility?
A greenfield site entails the construction of a manufacturing facility from the ground up. The manufacturer has more flexibility to customize the structure’s design to the project’s unique requirements. With proper planning, the site can also accommodate future growth more efficiently. Maintenance costs are usually lower than with a brownfield facility, as the building, equipment and machinery are typically brand-new and in peak operating condition.
One drawback to opening a greenfield site is time. It may not be a viable option if the manufacturer must act quickly to keep up with customer demand or bring a new product to market when there is an immediate need. Hiring new staff and onboarding can also introduce a significant learning curve and lengthen the time frame until operations are up to speed.
Regulatory Compliance Associates (RCA) has helped thousands of pharmaceutical companies meet regulatory, compliance, quality assurance, and remediation challenges. With more than 20 years of experience with FDA, Health Canada, EU and global regulatory agencies worldwide, Regulatory Compliance Associates® offers leading pharmaceutical consultants. We’re one of the few pharma consulting companies that can help you navigate the challenges associated with industry regulations.
Our pharmaceutical consulting firm includes over 500 seasoned FDA, Health Canada & EU compliance consultants and regulatory affairs experts who understand industry complexities. It’s a pharma consultancy founded by regulatory compliance executives from the pharmaceutical industry. Every pharmaceutical industry consultant on the Regulatory Compliance Associates team knows the unique inner workings of the regulatory process.
Client Solutions
Whether you’re in the product planning, development or pharmaceutical lifecycle management stage or need a remediation strategy for a compliance crisis, Regulatory Compliance Associates will guide you through every pharmaceutical consulting step of the regulatory process. Our pharmaceutical consulting Experts will create a customized approach depending on your product and company’s individual needs. Our regulatory compliance clients include:
Companies new to FDA, Health Canada or EU regulations and regulatory compliance
Start-up organizations with novel submissions to 510(k) submissions from multi-national corporations
Investment firms seeking private equity due diligence for pre-acquisition and post-deal research
Law firms seeking pharmaceutical consulting firm expertise in the remediation of warning letters, consent decrees, 483’s or import bans
Regulatory affairs is Regulatory Compliance Associates backbone. We exceed other pharma consulting companies with industry experts experienced in complexities of the pharmaceutical and biopharmaceutical industries. Our pharma consulting expertise spans all facets and levels of Regulatory Affairs. Additionally, we specialize in Regulatory Support for New Products to Life Cycle Management, Outsourced Regulatory Affairs, Submissions, Training, and more.
As your partner, we can negotiate the potential assessment minefield of regulatory compliance services with insight, hindsight, and the clear advantage of our breadth and depth of knowledge and regulatory compliance consulting. We offer the following pharma consulting regulatory affairs services for pharmaceutical companies.
The regulations process surrounding pharmaceutical companies can be tricky for even the most experienced industry veteran to understand. Just one misstep could mean significant and lasting consequences for your business. At Regulatory Compliance Associates, we offer the pharma consulting experience and pharma consultants necessary to guide you through the quality compliance process.
Regulatory Compliance Associates Quality consulting includes assessments, strategy, implementations, staff augmentations, and identification of quality metrics to ensure continuous improvement. Our pharma consultants understand the strategic thinking needed to align your business needs and goals. Regulatory Compliance Associates quality assurance services include quality experts with experience spanning major corporations and start-ups. Our pharmaceutical consulting firm knows firsthand how to achieve, maintain, and improve quality. Finally, our regulatory compliance services team excels in transferring continuous improvement knowledge to your organization.
Regulatory Compliance Associates has a proven remediation services approach to managing FDA Warning Letters, Consent Decrees, Remediation and other serious regulatory situations. Our pharma consultants know how to partner with executive, legal, and communication teams. Each RCA pharma consulting Expert will develop a response that will be accepted by the regulatory agency and be realistic to execute.
Regulatory Compliance Associates pharma regulatory consultants will develop a comprehensive proof book of documented evidence demonstrating the corrective action taken to remediate non-compliant issues. In addition, each Regulatory Compliance Associates pharma consulting Expert understands compliance enforcement. We’ll prepare a comprehensive pharma consulting strategy to assist in your remediation efforts, drive continuous improvement, and maintain regulatory compliance with the regulations.
Regulatory Action
Regulatory Compliance
Regulatory Enforcement
Warning Letter
483 Observation
Oversight Services
Risk Management Plan
About Regulatory Compliance Associates
Regulatory Compliance Associates® (RCA) provides pharmaceutical consulting to the following industries for resolution of life science challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.
As your partners, Regulatory Compliance Associates can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
Founded in 2000
Headquartered in Wisconsin (USA)
Expertise backed by over 500 industry subject matter experts
The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.
Sotera Health Company, along with its three best-in-class businesses – Sterigenics®, Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.
We are a trusted partner to 5,800+ customers in over 50 countries, including 40 of the top 50 medical device companies and 9 of the top 10 pharmaceutical companies.
Commitment to Quality
Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.
To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage.
Why has product launch become more complex after the pandemic & how have the “roots of compliance” changed the EU regulatory environment?
In this sound bite from RCA Radio, host Brandon Miller is joined by Kinga Demetriou, an Expert Certifier at BSI, as they discuss how the pandemic changed the “roots of compliance” in the EU regulatory environment.
Since the pandemic, quick routes to market such as EUAs have been stopped leading to market servaliance company’s putting more scrutiny on products (e.g. PPE masks)
Manufactures have found out that offering a products in different markets take a lot of recourses to understand the roots of compliance depending on the location
Different market access requirement have been introduced depending on geography
New rules and certifications are in place making it more complex to launching products in multiple markets
Listen to the full Podcast on Global Regulatory Trends –> Click Here
To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].
Regulatory Compliance Associates® (
