white paper

Why Design Control Makes Sense

Common challenges in Design Development and how those problems can be minimized through compliance to FDA requirements for Design Control.

About RCA
Regulatory Compliance Associates® Inc. (RCA) provides worldwide services to the pharmaceutical, biologic, sterile compounding, biotechnology, and medical device industries for resolution of compliance and regulatory challenges.

Please complete the form to access the white paper.


Why Design Control Makes Sense

The author describes challenges in a Design and Development Plan and how those problems can be minimized through design control compliance with FDA requirements.

The time and investment needed to bring an idea for a new medical product all the way to FDA approval can be daunting. In developing new drugs, the costs and timing required to conduct multiple stages of clinical studies, even under the best of circumstances, can be a “non-starter” if the projected long term revenue and profit potential is not sufficient to justify the cost and risk associated with development.

Similarly, the development of software design control is complex in the extent of interactions among components and the number of areas where a seemingly small problem can lead to catastrophic product system failure. Even the development of “simple” single-use medical devices can involve years of development and millions of dollars in capital investment.

Design Control

It’s no wonder that with design control medical device scenarios frequently involving such large investments in time and resources, product development teams can be under intense pressure. What is not always fully appreciated is that regulations put in place by the United States Food & Drug Administration (FDA) with regard to medical product development are an aid to help ensure consistency and thoroughness of the development process.

21 CFR 820

In 1990 the Safe Medical Device Act (SMDA, Public Law No. 101-629) was approved as an amendment to the federal Food, Drug, and Cosmetic Act. The SMDA included a set of design control regulations to better regulate the design process for Medical Devices (21CFR, Part 820.30). These regulations are legally applicable only to certain classes of medical device and diagnostic products, yet the principles behind Design Controls are logical and can be applied to any type of Medical Product Development.

Design Control Process

Early phase development that includes exploratory R&D, development of concept models and early feasibility testing is not governed by Design Controls. The design control process begins after an initial product concept has been determined and Design Inputs are formally documented; prior to formal Design Verification and Validation testing.

Design Inputs

Frequently the requirements of the customer are not well understood. It is not enough to say the product being designed must be able to jump—there must be an understanding of how high the product must be able to jump from the customer perspective (known as the “Voice of the Customer”).

Then, the engineer or scientist must translate that voice of the customer into specifications with quantifiable design boundaries that enable measurement of development progress, and ultimately enables assessment of the degree to which the product will consistently meet requirements.

In the example above, one might determine the initial design input to be under x and y conditions, the product must be able to jump vertically 2.3 +/- 0.2 meters with at least 95 percent confidence.

Technical Specification

Design control requires that a set of Design Inputs be established early during product development. Design Inputs are a set of technical specifications that represent a translation of the customer requirements into measurable engineering terms. As a design evolves and test methods and acceptance criteria are better determined, the Design Inputs document is intended to be updated and treated as a formal revision-controlled document.

Frequently, Design Inputs are incomplete, unclear or not measurable. Without adequate Design Inputs, the risk of completing qualification only to find problems during expensive clinical studies is increased. The product might even work sufficiently to get approved, only to find “surprises” following commercialization.

Design Control Plan

Early during development, risk analysis that identifies and evaluates the potential failure should be conducted as part of a successful design control plan. Failure Mode Effects Analyses can help determine potential sources of failure and potential patient hazards due to Customer Use / Misuse (UFMEA), Design (DFMEA) or Process (PFMEA). For complex product systems, Fault Tree Analysis can be an effective alternative for risk analysis.

Risk Analysis

Risk analyses are done prior to final qualification testing since verification and validation testing frequently is part of plans for risk mitigation. Design For Six Sigma (DFSS) is frequently applied to critical design elements to ensure statistically adequate safety margin in reliably meeting requirements. Comprehensive risk analysis can be effective in avoiding those dreaded manifestations of Murphy’s Law.

Design Control Requirements

The identification of risks early on allows the project team to adjust the design control requirements or process, or through other means mitigate the likelihood of occurrence of the hazard. This reduces the possibility of a last minute major program setback.

Unfortunately, risk analyses are not always comprehensive and risks are not always fully mitigated. This can ultimately lead to recalls of commercialized products, or expensive product re-engineering programs. Management may then ask, “How could this happen?” or “Why did we not anticipate this failure in advance?”

Standard Operating Procedures (SOP)

Risk analysis done merely as a paperwork exercise to meet a company SOP may not capture the real issues—known as “Garbage In–Garbage Out”. Risk analysis needs to tap appropriate expertise regarding medical use, product design and manufacturing. Even with the most rigorous of efforts to develop risk analysis, there are legitimate unknowns regarding frequency of occurrence of certain failures when estimated early during product development.

This is why risk analysis documents are intended to be updated periodically as frequency of occurrence or severity of the hazards become better understood or new failure modes are discovered.

Risk Management

Risk Management is central to implementation and compliance with Design Controls. Expectations and best practices in the utilization of Risk Management have evolved significantly over the past ten years. Since many medical products were developed prior to adoption of expanded risk management methodologies, supporting technical files sometimes lack comprehensive risk analysis.

Hence, many companies have remediation programs in place to address the need for supporting risk analysis. Unfortunately, risk analyses are not always comprehensive and risks are not always fully mitigated.

Design and Development Planning

FDA Design Controls require that the development process occur in thoughtful, planned manner. Poor project planning can result in a process that is ad hoc and lacking in confidence as to when milestones may be achieved.

Good planning that results in realistic schedules can reduce schedule pressure on the project team, and thus mitigate a historical contributing factor to design defects that can cause patient injury. By mandating the creation and maintenance of Design and Development Plans, FDA is forcing industry to do what it should be doing anyway.

Design Plan

A comprehensive Design and Development Plan may include the following interdisciplinary areas:

  1. Prototype Development Plan
  2. Quality Plan
  3. Manufacturing Plan
  4. Risk Management Plan
  5. Regulatory Plan
  6. Verification and Validation Planning, including Clinical Studies where applicable
  7. Launch Plan

Design Review

Realistic schedules need to allow for development being an iterative process, particularly when trial and error is required through prototyping to finetune critical tolerances, or in the case of software development where time to eliminate bugs in the system is normally needed. Additionally, the common use of Stage Gates and Design Reviews during development implies by their nature the possibility of a feedback loop in the development process.

“Each manufacturer shall establish and maintain plans that describe or reference the design and development activities and define responsibility for implementation.” (21 CFR820.30(b))


Design Control

FDA Waterfall Model 

Many organizations have added commentary on the FDA’s Waterfall Model. At RCA® Inc., we believe Design Verification refers to systematically testing to ensure that design control inputs are met by the proposed design (See Figure 1).

Verification Testing

Verification testing needs to be sufficient to address any required mitigations identified by Risk Analysis. Correspondingly, Design Validation through clinical studies or simulated product use testing is performed to check that the user needs have been met. Design Validation is critical because Design Inputs are not always complete or accurately translated from the voice of the customer.

Validation Testing

Design and Development Plan validation often includes project files with gaps, where not all Design Inputs were verified or use conditions validated. A common design control process problem is verification and validation testing is not statistically adequate. Lastly, verification and validation test planning needs should ensure the product remains functional and reliable after the intended shelf life.

Design Reviews

Design Reviews are essential checkpoints conducted periodically to ensure that design process deliverables are being sufficiently performed. Design review meetings are intended to ensure the following:

  1. Design Inputs are comprehensive and measurable
  2. Verification and Validation Testing is thorough (all Design Inputs Verified and all User Needs Validated) and statistically sufficient
  3. Design control process risks have been identified and sufficiently mitigated
  4. Design Development Plans are updated, sufficient and realistic
  5. Prior to manufacturing ramp-up (Design Transfer), specifications are finalized and manufacturing processes are properly validated.
  6. Regulatory clearances are received prior to clinical or commercial human use.

Design Control

Product Design

Design reviews provide objective independent review and management oversight that ensures that day-to-day pressures to deliver the product design quickly have not led to short cuts that could jeopardize product quality. Formal Design Reviews must be documented and identified issues must be tracked and resolved.

Informal Design Reviews include activities such as review and approval of test reports or approval of engineering drawings. Informal reviews do not require independent reviews, issues tracking, etc. as required for Formal Design Reviews. Design & Development Plans should recognize that product design control may lead to certain development activities needing to be iterated (See Figure 2). Design review meetings are intended to ensure risks have been identified and sufficiently mitigated.

Design History File (DHF)

Maintaining a record of the design process is required as part of Design Controls, but it is also good business practice. Product life cycles do not end with initial launch of the product. Product or process changes typically are required at different points over the lifetime of the product. Many changes require a new look at risk analyses to identify new risks or changes in frequency of occurrence. Additionally, new tests or portions of previous verification or validation testing may need to be repeated.

Product Lifecycle

Accordingly, key revision-controlled documents such as Design Inputs, Risk Analyses, and Design Outputs are updated as necessary over the product lifecycle. The ready availability of these core documents as part of a Design History File (DHF) means that when product changes are needed, there is a repository of design information available that needs only review or modification. Re-creating such analysis and documentation to enable a minor product or process change can slow down a company’s design and development plan.

Design Control Documents

Additionally, having access to comprehensive hazards and risk analysis will allow for credible determination of actions when investigating product issues encountered by customers. If an FDA investigator responding to reports of patient harm associated with a product discovers that there is not even a process in place by which the risk of harm could have been anticipated, red flags arise.


In summary, design development requires significant analysis and documentation to ensure that requirements are understood, risks are addressed and that ultimately the product launched will be safe and effective. The small investment in front end documentation can avoid embarrassing and costly program delays, save time and money, and reduce the risk to patients.

FDA Investigation

An investigator knows there could be many other potentially harmful situations that also have not be predicted. If the development and post-market surveillance processes are sound, product recalls or emergency field corrective actions may still be necessary. However, this situation would have fewer regulatory consequences due to non-compliance.

The ready availability of a Design History File means that when product changes are needed, there is a repository of design information available that needs only review or modification.


About RCA’s Medical Device Consulting Services

The regulatory compliance process surrounding the medical device industry involves a strict adherence to pre/post market information throughout a device’s life cycle. Even a single compliance issue you have can turn into a significant effect on your business. Regulatory Compliance Associates can help guide you through any stage of the medical device consulting process, with capabilities during product development through the regulatory clearance/approval of your product.

Our team of over 500 medical device consulting Experts — including former FDA officials and regulatory compliance leaders in the field of medical device regulation — will work with your company to create a quality assurance and regulatory compliance approach tailored to your products and regulatory needs. Regulatory Compliance Associates works with international Fortune 100 companies, venture capital start ups, and companies of all sizes and shapes. our compliance enforcement solutions for law firms include remediation for warning letters, FDA 483’s, import bans or consent decrees. Very few regulatory compliance services have the same regulatory compliance expertise in a variety of medical fields.



For medical device manufacturers, technology can be a double-edged sword. The innovative technologies that elevate the quality of life for patients can also be used to potentially undermine the organization using the device. The consequences can affect the device itself if Regulatory Compliance Associates medtech consultants do not implement good IoT cybersecurity and FDA cybersecurity protocols.

At Regulatory Compliance Associates, we offer a wide variety of services for medical devices security to help ensure that your product is protected from cyber-attacks. With a well-planned design, along with full visibility of product development and the supply chain, Regulatory Compliance Associates medical device consultant Experts can help strengthen your device’s cybersecurity. We partner with medical device companies in each phase of the design cycle, including protecting inputs from threat exposure and hardening outputs for regulatory compliance & FDA submission approval of your medical technology.

  • SaMD Consulting
  • Threat Modeling
  • Proof of Concept
  • Quality Assurance Services
  • TIR 57 & TIR 97
  • ISO 62304
  • ISO 27001


Regulatory Affairs

Regulatory affairs is Regulatory Compliance Associates® backbone, and we handle more submissions in a month than many manufacturers do in a lifetime. Our regulatory compliance consulting Experts have experience working with the FDA, global regulatory bodies and / or agencies, and notified bodies worldwide. Therefore, you can count on us for in-depth and up-to-date insights which increase speed-to-market.

As a trusted regulatory affairs consultant, our FDA veterans and industry experts represent Regulatory Compliance Associates® as one of the top medical device consulting firms. We’re here to help you navigate the difficulties associated with new product submissions. Regulatory Compliance Associates® medical device consulting company has expertise in both the approval process and post-approval support. 

  • New Product Approval
  • Post-Approval Support
  • Outsourced Staffing
  • EU MDR
  • Combination Products


Compliance Assurance

Increasingly, life science companies are feeling the pressure of greater scrutiny by regulators, and responding by developing sustainable compliance strategies. Whether it’s preparing for an audit, developing a response to an FDA finding, or remediation to an adverse event, Regulatory Compliance Associates® can help.

Our network of over 500 medical device consultant & FDA, MHRA & EMA veterans are industry professionals offers a unique blend of expertise. This allows Regulatory Compliance Associates® to handle both simple and complex regulatory compliance challenges within medical device consulting companies.

  • Gap Assessments
  • Internal Audits
  • Employee Training
  • Notified Body Response
  • Data Integrity


Quality Assurance

Regulatory Compliance Associates® Quality Assurance consulting includes quality system assessments, strategy, implementations, and identification of quality metrics to ensure continuous improvement, aligning with your business needs and goals. Each Regulatory Compliance Associates® medical device consultant is a quality expert with experience spanning major corporations and start-ups. We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.

In the medical devices field, quality assurance (QA) is more than merely ensuring the quality of a finished product. You need the tools to monitor and regulate every process from the design of a new product to continued quality compliance as the device is sent to market. At Regulatory Compliance Associates®, we offer you the quality assurance services you need to monitor these processes and ensure quality compliance every step of the way.

With more than 20 years experience working with medical device consulting companies, Regulatory Compliance Associates® trusted medical device quality assurance consultant team is fully equipped to handle your unique QA needs.

  • ISO13485 
  • 21 CFR 210
  • 21 CFR 211
  • Outsourced Staffing
  • Facility Validation
  • Equipment Validation
  • Quality Metrics


Remediation Services

Regulatory Compliance Associates® is widely recognized within medical device consulting companies & the life science industry for our remediation services & support. Regulatory Compliance Associates® ability to help companies successfully resolve complex regulatory challenges have a proven track record of success. Our medical device consulting services include significant experience with the development of responses to 483 Observations, Warning Letters, Untitled Letters and Consent Decrees.

  • Regulatory Action
  • Regulatory Compliance
  • Regulatory Enforcement
  • Warning Letter
  • 483 Observation
  • Oversight Services

Our value goes beyond the initial response by helping companies successfully execute their action plans, develop an improved compliance culture tailored to the needs of their business, and ultimately move beyond the regulatory action to emerge as a stronger business. We negotiate difficult demands of remediation with insight and the clear advantage of our medical device consultant expertise and experience that makes partnering with Regulatory Compliance Associates®  a competitive differentiator in the remediation space.

  • Quality System
  • Technical File
  • Design History File
  • Data Integrity
  • cGMP


Strategic Consulting

Whether it’s a strategy, a technical plan, or project, Regulatory Compliance Associates® medical device consultancy can help ensure a successful project. Regulatory Compliance Associates® medical device strategy consulting can deliver your project on time, on budget, and you’re never embroiled in a costly mistake.

Our medical device consultant Experts are industry Experts are here to provide the unique insight you need before an M&A deal, through a staffing crisis and in every area of your product’s development and life cycle. As the trusted medical device manufacturing consultants of thousands of companies around the world, we have the knowledge and expertise needed to deliver exceptional results to your business — no matter your size or unique needs.

  • Manufacturing Optimization
  • Product Lifecycle Management
  • Mergers & Acquisitions (M&A)
  • Due Diligence
  • Device Vigilance
  • Risk Management Plan
  • Product Complaints
  • Medical Information


About Regulatory Compliance Associates

design controlRegulatory Compliance Associates® (RCA) provides medical device consulting to the following industries for resolution of life science challenges:

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.

As your partners, Regulatory Compliance Associates can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021


About Sotera Health

The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.

Sotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.

We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.


Commitment to Quality

Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.


To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

Our website uses cookies to give you the best possible experience.

By continuing to use this site, you agree to the use of cookies.