A Product Life-Cycle Compliance Model

The journey of bringing a new medical device to market is littered with potential pitfalls and obstacles that need to be overcome. A common challenge facing innovators is how to navigate regulatory pathways. Typically, this is a topic that is low on people’s to-do lists.

Irrespective of the regulatory pathway that applies to your product, you will have to demonstrate that your product has valid scientific evidence of adequate safety, performance, and efficacy throughout its product lifecycle. Failure to provide this information is a common reason for delays and rejection of regulatory documentation by regulators such as the U.S. Food and Drug Administration (FDA) and conformity assessment bodies such as EU Notified Bodies. This often leads to increasing costs and failure to obtain market access of a device that may have a positive health outcome and better safety profile.

Therefore, taking time to evaluate regulatory pathways early in the development of a product will mean that you understand evidence requirements and minimize the likelihood of issues during regulatory approval processes. It will also mean that you have a better understanding of regulatory costs and timelines.

Once a positive regulatory decision has been made and your device is on the market, that is not the end of the journey. No medical device is infallible. So, plan to expect issues to arise. Each year, regulators such as the FDA and the United Kingdom’s Medicines and Healthcare Regulatory Agency (MHRA) receive thousands of adverse incident reports about medical devices each year. The harm or potential to cause harm to patients and users caused by device or manufacturing failure, user error, or new unidentified hazard can result in recalls, changes in design, further validation and verification, and reputational risk.

A product life cycle approach, underpinned by a proactive and reactive regulatory and compliance strategy, helps to ensure that you consider all of the key steps, from first having your idea to placing a medical device on the market and then maintaining that market access.

This approach requires the involvement of a range of subject matter experts, such as those with technical, quality, and commercial expertise, to analyze a broad scope of requirements, standards and guidance. It is critical to know what applies and when, know how to keep abreast of changes, and plan how to obtain the evidence necessary to fulfill requirements.  For start-ups and small businesses in particular, it is not always feasible to have all these in-house capabilities.

Nonetheless, a robust regulatory and compliance strategy is the key to success.

Invest in Developing a Regulatory and Compliance Strategy and Keep It Up To Date

Regulatory Strategy—Background and Approach

A regulatory strategy is an essential document that helps you to understand the likely legal compliance requirements that will determine the path to market of your medical device. Before a regulatory strategy can be developed, a clear understanding of the product description, its intended purpose, and, of course, its key technological characteristics that impact safety must be derived. Device manufacturers with market acceptance in other markets may not realize the evidence requirements differ in a new market that they want to access. Therefore, documenting and aligning these three aspects, coupled with defining your target market(s), are critical steps in understanding the likely regulatory route and developing the regulatory framework that needs to be navigated.

It is important that all those involved in the design and development of the product description, intended purpose, and key technological characteristics also understand the medical conditions to be treated, diagnosed, or prevented and what medical/clinical and performance claims are to be made. They also need to have an understanding of the technological characteristics that may impact safety, such as invasiveness, energy, principles of operation, and the key aspects of the product’s design and construction.

Another important point is that those involved need to be aware of how regulatory authorities and regulations define those terms. Therefore, it is often valuable to seek external help from clinical, regulatory, and technical professionals familiar with medical device regulation, compliance, and conformity assessment.

Once these inputs are identified and agreed upon, it is then possible to work through the following aspects of a regulatory strategy within each target market(s):

1. Does your device qualify as a medical device? If so, you can then review the legal definition of a “medical device” in the regulations of your target country.
2. If yes, what is the likely regulatory risk classification, and how does this change based on the product description, intended purpose, and key technological characteristics?
   For example, Class I = low risk, Class III = high risk. This will narrow down the conformity assessment/submission route options. Depending on the classification, you will then start to gain an understanding of the pre-clinical and clinical, as well as non-clinical, evidence you need to collect, analyze, and report, including, in some cases, demonstrating how your new device is equivalent to a legally marketed device. It is a substantial proportion of your submission/technical documentation.
3. Based upon the regulatory risk classification, what are the conformity assessment options available to us in order to receive market approval?

A regulatory strategy may change based on the choices an innovator makes around product claims, intended purpose, and technological characteristics. In some instances, simply choosing to remove claims, particularly around clinical or medical purposes may mean that the product is no longer meeting the definition of a medical device in the chosen market. Similarly, the regulatory classification (and conformity assessment option) may change based on choices around the type of medical purpose, intended purpose, and/or technological characteristics.

Compliance Strategy—Background and Approach

A compliance strategy is another essential document that helps you to understand the likely technical and regulatory compliance requirements that will require demonstration of conformity throughout the product lifecycle. Compliance throughout the product life cycle begins with determining in advance of detailed design and design verification and validation exactly what regulatory and technical requirements will need to be addressed. Before a compliance strategy can be developed, it is important to understand the technical frameworks in place regarding the safety and performance of your particular product. This includes product- and process-based standards, as well as specifications and technical norms published by industry experts, national standards bodies, conformity assessment bodies, and regulatory bodies under a highly structured framework of consensus.

The input to a compliance strategy again begins with the detailed product description, the intended purpose, users, use environment, and technological characteristics. However, this differs from a regulatory strategy as there is a much more detailed assessment of the actual technical regulations, standards, specifications, and norms that will shape the expectation of conformity. A good way to distinguish the difference is that the regulatory strategy enables you to ensure you identify and follow the right regulatory requirements and pathway, whereas a compliance strategy enables you to demonstrate that your product now conforms to the necessary “state of the art,”¹ ultimately helping address how to comply.

In developing a compliance strategy, it is critical that relevant product safety and technical specialists are involved in its development and implementation so that the correct standards, specifications, and norms are identified and ultimately defined. It is often the case that technical-based innovators exhibit bias around their technical specialization, such as electronic and electrical design, materials, software, etc., but do not necessarily understand the technical requirements of less familiar areas, such as packaging, human factors, sterilization, and connected technologies.

Many regulatory frameworks applicable to medical technologies have safety and performance requirements that need to be addressed, and these requirements cover multiple characteristics that impact safety or deliver essential performance.  These requirements may be generally referred to as essential principles of safety and performance.

Ultimately, the compliance strategy is composed of:

1. The safety and performance requirements and the characteristics that determine them, as applicable
2. A comprehensive evaluation of the technical regulations, standards, specifications, and norms that need to be complied with through design, manufacture, installation, servicing, and use (a product life cycle approach)
3. A detailed overview of what requires full compliance, partial compliance, or options for compliance and
4. The method of achieving compliance, such as risk management, design solutions, manufacturing controls, packaging systems, information for safety, and human factors.

Once a compliance strategy is identified, it is possible then to determine the likely evidence requirements necessary and now can focus your teams on the detailed design and development requirements that will need verification and validation.

The importance of having a good compliance strategy throughout a product’s entire lifecycle cannot be overstated. It is specifically to minimize the risk of market access delays caused by conformity assessment bodies or regulatory agencies requiring technical evidence that was not originally planned for or budgeted. Examples would include having to undertake unexpected electrical safety testing, material safety studies, or tests that are representative of a product’s lifetime or worse-case environments. In some circumstances, market access has simply been denied or interrupted either due to the complete lack of evidence or a total loss of confidence from the regulator or conformity assessment body that the product can be brought into compliance within reasonable timeframes.

Identifying Relevant Requirements and Solutions for Safety and Performance

The Need

In an environment where change is the only constant, there is a need to have a system that is able to evaluate the legal requirements against the product characteristics and intended purpose in real time. Through advanced algorithms and data analytics, identifying the key requirements defined within relevant standards, legislation, applications, and guidance gives assurance that certain legal requirements are not missed.

Ultimately, regardless of how medical technologies are brought to market and the regulations that apply, we all need to work smarter rather than harder, using digital tools to augment evidence gathering for conformity assessment activities and generating faster yet reliable data/results to bring safer medical devices to market that improve patient outcomes.

The How

Regulatory Intelligence Digital Tools

Preparing a regulatory strategy requires an in‑depth knowledge of the databases, publications, and regulatory and technical information necessary to comply for particular jurisdictions. Often, these sources are not well publicized, are not easily searchable, or simply exist behind paywalls.

Be sure to keep a library of applicable regulations, including their date and type, and create labels or tags that outline the reason for applicability. Table 1 provides an example of how to categorize FDA guidance documents related to EMC considerations.

Table 1: Sample categorization of FDA guidance documents and their applicability

Creating a database of the identified guidance, standards, technical regulations, specifications, or norms will then ensure that not only do you obtain, evaluate, and decompose requirements within those documents but that you can also periodically search for updates and evaluate whether they remain current and applicable. Often, these documents also define exactly what must be designed and tested to demonstrate conformity.

In addition, regulatory intelligence management systems (RIMS) may help you track regulations and key technical requirements and provide you with updates that may impact your regulatory strategy.

Compliance Strategy Digital Tools

Preparing a compliance strategy requires a careful alignment of the device’s intended purpose with its technological characteristics that potentially impact safety and performance and then ensuring you describe why a technical publication is relevant to inform your compliance efforts.

As we discussed in the previous section, it is important to align chosen regulatory and technical standards, specifications, and norms with why they are relevant to your compliance strategy. Table 2 provides an example.

Table 2: Sample categorization of compliance documents

By documenting in this way, you can now utilize internal and external tools to identify, evaluate, and monitor regulations and compliance requirements across the lifecycle. Further, by using various product lifecycle management software, it is possible to document the sources of requirements that will inform your product design and evidence generation for conformity assessment.

Ensuring Robust Scientific Data Through Design Verification and Validation Testing

Confirming within your organization exactly with which requirements you wish to comply creates a series of design and development activities that ultimately lead to verification and validation activities. Verification confirms that the medical device has been designed correctly, and validation confirms that the right medical device has been designed. This is a critical nuance within all aspects of medical device development, which means that compliance requirements derived from your compliance strategy will require verification and/or validation testing.

In order to ensure robust scientific data has been gathered from testing, it is important that you undertake the following steps:

1. Confirm the compliance strategy and how you wish to comply with regulations and requirements detailed in applicable standards
2. Identify the requirements within applicable regulations and standards that require verification testing
3. Evaluate whether testing can be conducted internally. If so, ensure that it can withstand regulatory scrutiny associated with internal testing and self-assessment and
4. If internal testing is not feasible, identify appropriate third-party testing partners and begin discussions as early as possible.

Identifying what testing is needed is carried out by considering relevant essential principles of safety and performance against product characteristics. These safeguarding principles are generally adopted in many pieces of legislation and provide assurances the device is safe and performs as intended. They set out broad, high-level expectations for design, production, and postproduction (including post-market surveillance) throughout the product lifecycle.

There are many methods to generate evidence to verify your device meets relevant principles and requirements defined in applicable regulations and requirements. This includes bench performance testing methods, such as in vitro, in vivo, and in silico, based on consensus/recognized standards or validated methods. The voluntary use of certain product and process standards can give a presumption of conformity to relevant requirements. Standards generally satisfy only a portion of a submission/documentation but play a significant contribution to evidence of compliance to relevant principles. You also have the option to provide alternative data or information along with a scientific rationale for why the alternative addresses the principle.

Standards also give confidence that you are applying “state-of-the-art” requirements. They help you understand that a high level of protection has been achieved, giving increased predictability and easing the premarket process. With a large number of recognized standards in each country (about 1600 FDA consensus standards and about 200 China National Medical Products Administration (NMPA) national and industry standards), identifying relevant standards applicable to your device to meet essential principles can be a challenge. Keeping up to date with changes to standards adds to that challenge.

Once you have identified the relevant standard, you will want to achieve a level of confidence in the test results. One rationale for the refusal of premarket application (PMA) by the FDA is whether the collection of pre-clinical data has been conducted in compliance with good laboratory practices and supports the validity of the data generated. Selecting third-party testing providers early in your journey enables you to adapt your design verification and validation plans and gain confidence that what you are doing is correct and that the results are more accurate, helping to ensure that your device is safe and performs as intended.

Before deciding on which test provider to use, it is prudent to review the website of a national accreditation body in the country where you want to conduct testing to verify that the test provider is accredited and has the competency to undertake the testing you require. Accreditation certificates for every testing provider are freely available to download and list the standards to which they are certified to test. Test providers may also be able to undertake testing for which they are not certified, but you need to consider the impact of any deviations that could impact the results and overall conclusions.

Testing undertaken to standards achieved by consensus is strongly encouraged by regulatory bodies and will make the regulatory conformity assessment process much smoother. Testing to recognized standards is also valuable when entering into commercial discussions, as end users gain confidence that standards of quality, safety, and performance have been met.

Third-party testing partners are exactly that. They help you understand the test requirements, sample and conditioning requirements, variability and uncertainty within the test, the impact of deviations, and how to ensure robust scientific results that are impartial and free from bias. Check regulations on the use of in‑house and third-party testing facilities.

Summary

A robust regulatory and compliance strategy is the key to success. It is critical that relevant product safety and technical specialists are involved in its development and implementation.

Regardless of how medical devices are brought to market and the regulations addressing conformity, we all need to work smarter rather than harder, using digital tools to augment strategies and evidence gathering for conformity assessment activities and producing faster yet reliable data/results that help us to bring safer medical devices to market.

Endnote

1. IMDRF/GRRP WG/N51 provides the following definition: Developed stage of technical capability at a given time as regards products, processes and services, based on the relevant consolidated findings of science, technology and experience. (ISO/IEC Guide 2:2004)

Disclaimer

The content of this article is provided for information only, and no reliance should be placed on it whatsoever. The information contained in this article is representative of the current status as of the date of drafting, is subject to change, and is provided on an “as is” basis, without any endorsement or representation made, and without warranty of any kind.

For clarity, the information provided in this paper:

• Does not, and is not intended to constitute formal, professional, or legal advice
• Is not necessarily comprehensive, complete, accurate, or up to date
• Is not intended to address the specific circumstances of any individual, organization, or entity, and
• Is representative of the opinions and views of Element Materials Technology Limited only and does not represent the views of any third parties.

The content of this disclaimer shall be governed by and construed in accordance with the laws of England and Wales. Any dispute arising from this disclaimer shall be subject to the exclusive jurisdiction of the courts of England and Wales.