Crossing the Threshold
( FDA Regulatory Requirements for Medical Device
Manufacturers)
DESIGN CONTROLS
FDA
1
Medical Device Design Controls









Introduction to the FDA
Definitions
Classes of devices
Design control overview
Risk assessment
Verification and Validation testing
Software Quality Assurance
Labeling
Post design transfer issues
2
Regulations
CBER
Biologics
•21 CFR 600/601/610
Blood
CDRH
Devices
CDER
Drugs
•21 CFR 56 (IRB’s)
• 21 CFR 56 (IRB’s)
•21 CFR 58 (GLP)
• 21 CFR 58 (GLP)
•21CFR 606
•21CFR 11 (Electronic
records)
21CFR 1270, 1271
(tissue)
•21 CFRR 800-1050
(devices)
21 CFR 58 (GLP)
•21 CFR 807 (510(k))
21CFR 11 (electronic
records)
•21 CFR 812 (IDE)
•21 CFR 814 (PMA)
• 21CFR 11
(Electronic records)
•21 CFR 210, 211
(Drug GMP’s)
• 21 CFR 312 (IND)
• 21 CFR 314 (NDA)
•21 CFR 21 CFR 820
QSR (GMP)
3
What is a Medical Device?
Type of Product:
An instrument, apparatus, implement, machine,
contrivance, implant, in vitro reagent, or other similar
related article…
Intended use:
…for use in the diagnosis of disease or other conditions,
or in the cure, mitigation, treatment or prevention of
disease . . . or intended to affect the structure or any
function of the body…
Mode of action:
… and which does not achieve any of its primary
intended purposes through chemical action within or on
the body or by being metabolized.
FD&C Act, §201(h)
4
FDA Oversight in a Medical Device Life Cycle
Research
FDA review
Design and Development
Good Clinical Practice
Clinical Trial Controls
Good Laboratory Practice
Investigational Devices
Exemptions (IDE’s)
Design Controls
Good Lab Practices
Document Controls
Electronic Records
Manufacture and Service
Quality Systems Requirements
Establishment Registration
Labeling Controls
Design controls
Recalls
Complaints
Medical Device Reporting
510(k) Clearance
PMA
Document Controls
Obsolescence
Record
Retention
5
12 CFR 820.30 Requirements




All Class II and Class III devices, and some
Class I devices require design controls.
Written procedures required. Procedures are
controlled via document control.
Information about the design must be readily
available to FDA – Design History Files.
Design controls can continue through the
manufacturing and service phase.
6
Intended use

Class I-Simple, Low risk.


General controls needed (registration, labeling,
GMP)
Class II- More complex, Medium risk.


Product Class
Need 510(k) approval (some exemptions)
Class III- Complex, High risk.

Generally life support, life sustaining, preventing
impairment to human health or unreasonable risk
to human life. Premarket Approval (PMA) needed
prior to market.
7
Examples
Class I
Stethoscopes
Tung Depressors
Reagents used in
Clinical Labs
Powered Tooth
Brushes
Dental Chair
Class II
Catheters
Dental Implants
Biopsy Needles
Ultrasound
Imaging System
Powered
Wheelchair
Class III
Automatic
Defibrillators
Artificial Hip
Joints
Heart Valves
Extended Wear
Contact Lenses
Left Ventricular
Assist Devices
8
Quality System
A Medical Device Quality System is
designed to assure that products are Safe
and Effective for their Intended Use
and
Consistently meet the specifications
as defined by results of clinical and/or
detailed technical design and validation
9
Design Control Elements
21CFR 820.30









Design Planning
Design Input (Requirements)
Design Output (Specifications)
Design Reviews (Technical)
Design Verification (Meets Specifications)
Design Validation (Meets clinical needs)
Design Transfer (Moves from Design to
Manufacturing)
Design Changes (Formal Process)
Design History File (DHF)
10
Stage-Gate Method


Defines phases of project.
Uses design reviews and approvals as gates
between phases.
No
.no
No
No
Feasibility and
planning
OK
Design Review
OK
Design and
development
OK
Design Review
OK
Verification and
Validation
OK
Design Review
OK
Transfer to
manufacturing
Design history file
11
Design Controls
General Stage-Gate Process
Revise
Revise
Phase I
Feasibility and
Planning
Revise or Drop
Project
Drop
Phase I Design
Review
approved
Yes
Document in
Design History
File
Drop
Revise or Drop
Project
Phase II
design review
approval
Phase II, Design
and Development
Yes
Feasibility/
Technical
development
Yes
System integration
Document
approval and
place deliverables
in DHF
Hardware
development
Design Inputcustomer input
documents
Feasibility assessment
Design input specifications
Regulatory/Clinical strategy
Software
development
Initial Risk Assessment
Preliminary Project Plan
Initial Quality Plan
Project planning
Redo testing
Phase III,
Verification and
Validation
System
Verification testing
System Validation
testing
Labeling
verification/
validation
Design Review documentation
Update or drop
Phase III
Design Review
Document
rationale in DHF
Yes
Document
deliverables in the
DHF
Final Design Specifications
Design calculations,
Summary of non-validation testing conducted,
System Risk Assessment
Final software code as intended to be released for
distribution
Quality Plan
Regulatory strategy
Verification and validation test plan
Labeling and user manuals
Trace matrix between design specifications, risk
assessment and verification and validation test plan.
Production prototype units for verification and
validation testing
Bill of materials
Quality documentation plan (inspection procedures,
Device Master Record, etc.)
Design review
Yes
Phase IV, Design
documentation
and transfer
Final design
release
Yes
Yes
Document
approval and
place deliverables
in the DHF
Document
approval and
place deliverables
in the DHF
Regulatory
approvals
Design documentation
Final failure analysis/Risk Management
Labels/labeling
Quality Systems Testing plan
Design
Systems verification test plan/Trace matrix
documentation
Design product brochures & literature
Pilot build test protocol with approvals
Reliability Testing
Material requirements
Manufacturing processes
Packaging validation
Initial manufacture
Sterilization validation
of commercial
Shelf life testing
units
Design and manufacturing V&V testing report
Prior design review minutes review
Essential Requirements Checklist
Design History file
Technical File or Design Dossier (If required per the Regulatory strategy)
Yes
Commercial
manufacture
Completed design of the product as manufactured
Approved vendors list
Complete DMR
Manufacturing process validations as required
Final labeling/DFUs
Final marketing literature
DHF sign off
Design review and minutes
12
Design Planning





Feasibility Studies
Risk Assessments
Project Plan Defines Interfaces with
Others
Stage-Gate Methodology
Constantly Changing
13
Design Input-Feasibility

Where





What




Customers
Technical Papers
Medical experts
Service people
Intended Use
Technical Requirements
Safety Issues
How




Documented
Approved
Filed
Formal Change Control System
14
Risk Assessment
Clinical Risk Analysis
A compilation of the possible causes of death, serious injury or harm to either patient or
user, from a procedural or medical basis, without regard to the specific device used for
the procedure, based on actual clinical reference, prior art, published data, or
documented experiences of knowledgeable clinical practitioners.
These risks are associated with use of the device as detailed in its intended use
statement and when used per the device’s instructions for use.
Manufacturing Risk Analysis
A compilation of the possible causes of death, serious injury or harm to anyone involved
in the supply, testing, packaging, shipment, or disposal of a given device, as referenced
by prior art, published data, or documented experiences or opinions of person(s)
knowledgeable with the device and the methods of supply, testing, manufacture,
packaging, shipment, and disposal of the device.
Also, the manufacturing risk analysis contains the compilation of possible causes of a
device to fail to perform to specifications in its intended use environment for the design
life of the product which are caused by limitations or risks in the manufacturing process.
15
Risk Assessment
Feasibility
Clinical Risk
Summary
Design Input
Preliminary
Design
Specification Trace Matrix:
(links between)
Specification
Risk Analysis
Fault Table
Test Plan
Preliminary Risk
Assessment:
Mitigations:
Final Risk
Assessment:
Risk Management
Document, Approvals
16
ISO 14971
Risk Assessment Example
Example of a Hypothetical Risk
Assessment for a Electronic System to
Monitor Patient Core Body
Temperatures
17
Definitions







Harm: Physical injury or damage to the health of people, or
damage to property or the environment
Hazard: Potential sources of harm
Risk: Combination of the probability of Occurrence of Harm and
the Severity of the harm
Risk Analysis: Systematic use of available information to
identify hazards and estimate the risk
Residual Risk: Risk remaining after protective measures and
mitigations are taken
Severity: A measure of the possible consequences of the risk
As Low As Reasonably Practicable (ALARP): The residual
risk is reduced to a level which is as low as can be reasonable
implemented without sacrificing patient safety or clinical utility.
The risk/benefit ratio is determined to be acceptable in light of
technical feasibility and economic feasibility of implementing
additional controls.
18
Classification of Residual Risk
Severity
Occurrence
Detection
Risk Quadrants
Current Controls
Corrective Actions
1 –10
Scale
1- 10
Scale
1-3 Scale
1- Risk, None to
Little
None required
None required
2- Risk, Minimal
to Moderate
Recommended
Recommended
Required
Required if no
existing
controls.
(ALARP)
Redesign *
Redesign *
3- Risk,
Significant
4- Risk, Serious
19
Rating
Effect
SEVERITY TABLE
Description of Rating
1
None
No effect. Device operates as intended.
2
Very Minor
Some customers notice defect. Device operates as
intended. No effect on patient or clinician
3
Minor
Device operates as intended. Slight effect on patient,
clinician or user.
4
Very Low
Patient comfort or convenience is slightly
Reduced but with no patient, clinician or user injury.
5
Low
Comfort or convenience is severely
Reduced but with no patient, clinician or user injury.
6
Moderate
Product is inoperable with no patient or user injury.
7
High
Possible transient (reversible) minor injury to patient
or user.
8
Very High
Transient minor injury to patient or user (possibility
of further surgical procedures).
9
Hazardous -
10
Hazardous –
Irrevers
ible
Possibly can contribute to death, severe injury,
permanent significant disability or severe
occupational illness in patient or user.
Can cause irreversible patient or clinician harm.
(including for example organ failure, limb loss or
death)
Example
Negligible
Marginal
Critical
Needle stick
Exposure to
blood
borne
pathogens
Catastrophic
20
Occurrence
Rating
Probability of
Failure
Description of Rating
DFMEA
Failure Rate
PFMEA
1
Improbable
Failure is unlikely.
Failure unlikely. No failures ever associated
with almost identical processes.
1 in 1,500,000
(~ 0.000067%)
2
Remote
Relatively few failures.
Isolated failures associated with almost
identical processes.
1 in 150,000
(~ 0.00067%)
Isolated failures associated with similar
processes.
1 in 15,000
(~ 0.0067%)
Generally associated with processes
similar to previous processes that
have experienced occasional
failures.
1 in 2000
(~ 0.05%)
Generally associated with processes
similar to previous processes that
have often failed.
1 in 80
(~1.25%)
Failure is almost inevitable.
1 in 8
(~ 12.5%)
3
4
Occasional
Occasional failures.
5
6
Probable
Repeated failures.
7
8
Frequent
Failure is almost inevitable.
1 in 400
(~ 0.25%)
1 in 20
(~ 5%)
9
1 in 3
(~ 33 %)
10
 1 in 2 (
50%)
21
Detection
Rating
Probability of
Detecti
on
Description of Rating
DFMEA
1
PFMEA
Almost
Certain
Design Control will almost certainly detect a
potential Cause of Failure or subsequent
Failure Mode.
Current Controls almost certain to detect failure
mode or Cause.
Very High
Very high chance Design Control will detect Cause
of Failure or subsequent Failure Mode.
Very high likelihood that Current Controls will
detect failure mode or Cause.
High
High chance Design Control will detect Cause of
Failure or subsequent Failure Mode.
High likelihood that Current Controls will detect
failure mode or Cause.
2
Moderate
Moderate chance Design Control will detect Cause
of Failure or subsequent Failure Mode.
Moderate likelihood that Current Controls will
detect failure mode or Cause.
3
Low
Low chance Design Control will detect Cause of
Failure or subsequent Failure Mode.
Low likelihood that Current Controls will detect
failure mode or Cause.
Remote
Remote chance Design Control will detect Cause of
Failure or subsequent Failure Mode.
Remote likelihood that Current Controls will
detect failure mode or Cause.
Absolute
Uncertai
nty
Design Control will not detect a potential Cause of
Failure or subsequent Failure Mode.
No known Controls available to detect Failure
Mode or Cause.
22
Quadrant Map
Occur
rence
10
9
Quad 4
8
7
Quad 3
6
5
Quad 2
4
3
2
Quad 1
1
1
2
3
4
5
6
7
8
9
10
Severity
23
Risk Assessment Table
Clinical Risk Assessment
Cause ID #Potential
Clinical Risk
CRA 01
CRA 02
CRA 03
CRA 04
CRA 05
CRA 06
CRA 07
Possible
effects
Potential
causes
Patient Core
Temperature
exceeds
physiological limits
Patient Core
Temperature
exceeds
physiological limits
Patient Core
Temperature
exceeds
physiological limits
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Probe has a
intermittent or
“noisy” signal due
to EMI in area
Probe is loose or
disconnected
Patient Core
Temperature
exceeds
physiological limits
Patient Core
temperature
exceeds
physiological limits
Patient Core
temperature lower
than physiological
limits
Patient Core
temperature lower
than physiological
limits
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Severe
Hyperthermia
(Seizure, Death,
Brain Damage)
Patient enters
Hypothermia
Patient enters
Hypothermia
Initial State
S
O
Of effect
Of cause or
failure
Controlling Action's)/
Design Mitigations
Score
Post Mitigation
State
.
Score
(Quad)
18
Q3
Spec Ref
S
O
D
Of effect
Of cause or
failure
Of cause or
failure
Audible and Visual Check
Probe alarm
EMC testing to UL/IEC
60601-1-2 Requirements
Audible and Visual Check
Probe alarm
9
2
1
9
2
1
18
Q3
CDS-019
Factory calibration window
set for 400 Series thermistor
Software Check for probe
range
Audible and Visual Check
Probe alarm
Audible and Visual High
Temp Alarm
9
2
1
18
Q3
CDS-002
9
2
1
18
Q3
CDS-012
9
6
54
CDS-015
9
6
54
Probe not in
9
calibration window
Wrong Temp
Probe used
7
63
Infection, Drug
reaction, disease
state
9
4
36
Patient not being
appropriately
monitored
9
5
45
Audible and Visual High
Temp Alarm
Labeling and Training
9
2
1
18
Q3
CDS-015
Probe has a
intermittent or
“noisy” signal due
to EMI in area
Probe is loose or
disconnected
9
4
36
Audible and Visual Low
Temp Alarm
Design for EMI immunity
9
2
1
18
Q3
CDS-016
9
6
54
Audible and Visual Low
Temp Alarm
Audible and Visual Check
Probe alarm
Design fro interlocking
connector
9
2
1
18
Q3
CDS-018
24
Design Output

Final design specifications






Quantitative
Documented
Approved
Final specifications are contained in the
design history file.
Final risk assessments completed.
Clinical testing may be needed.
25
Design Reviews






Formal Process
Required for Phase Approval
Checklists
Minutes
 Attendees- one not associated with items
reviewed
 Areas covered
 Action items/open issues
Open items closed for final release
Formal design review prior to release for manufacture
and distribution
26
Design Verification and Validation




Demonstrates that all the risks have
been mitigated.
Demonstrates that specifications have
been met.
Uses a trace matrix between risk
assessment, specs and V&V plans.
Clinical trials may be needed to
demonstrate safety and/or
effectiveness.
27
Design Verification And Validation






Verification - meets specification
Validation - meets intended use
Written procedure required.
Testing must be documented, reviewed
and approved.
Software must be verified and
validated.
Manufacturing processes must be
verified and validated.
28
System Verification and Validation
Product Requirements
Specification complete
System
Validation Test
Plan generated
Software Requirements
Specification generated
and approved
No
Plan
approved ?
Software Validation and
Verification Plan drafted
Yes
Software Development
Detailed design
No
Plan
approved ?
System integration
completed
Yes
Plan executed
Pilot Run completed
Yes
No
Software V &
V acceptable ?
System Validation
and Verification
Test Plan executed
Software Validation
and Verification Test
Report generated
No
System V & V
testing OK ?
Yes
System Validation and
Verification Test
Report generated
Final Design Review
29
Software Quality-Design Controls
System Design Specs and System
V&V Activities
SRS
SDS
Unit level Risk and
SRS trace
Software Verification
Testing
Unit verification activities
30
Design Transfer




Design moves from R&D to
manufacturing
Manufacturing and production
specifications are documented
Manufacturing risk assessment may be
needed
Manufacturing IQ, OQ, PQ



IQ - Installation Qualification (Equipment)
OQ - Operational Qualification( 1st ones meet specs)
PQ - Performance Qualification (Consistently repeatable)
31
Design Changes

All changes to the design after release
must be formally controlled (Change
Control).



Re-validation may be needed
Continues for the life of product.
Documentation control system is
necessary.
32
Labeling 21 CFR 801

Section 201(k) defines "label" as a:
"display of written, printed, or graphic matter upon the
immediate container of any article..." The term "immediate
container" does not include package liners. Any word,
statement, or other information appearing on the immediate
container must also appear "on the outside container or
wrapper, if any there be, of the retain package of such article,
or is easily legible through the outside container of wrapper."

Section 201(m) defines "labeling" as:
"all labels and other written, printed, or graphic matter
(1) upon any article or any of its containers or wrappers, or
(2) accompanying such article" at any time while a device is held for
sale after shipment or delivery for shipment in interstate
commerce.
33
Rx Medical Device Labeling








Intended Use
Indications for Use
Contraindications for Use
Warnings, Cautions
Description of the Device
User Instructions
Specifications
Corrective Actions (Troubleshooting)
34
Labeling Controls
Need for a label or
Labeling identified
Requirements
determined
Draft labeling
created and
reviewed
Validation of
labeling
Translations
needed?
Select qualified
Supplier
Final labeling
approval via
QSP0-0002 ECO
process
Translations
created
File and control
per QSP0-0001
Documentation
Control Process
35
Labeling Verification



Labeling must be verified prior to FDA
review and product release.
Users should also review labeling.
Risk assessment “labeling” mitigations
must appear as warnings or cautions.
36
Design History File

Record of the
Development Process





Plans
Specifications
V&V Test Results
Design Reviews
Changes to the Design
37
Class Exercise-Design Controls
Dr. Bright and Dr. Idea have found a novel way to produce a
machine to determine if a heart attack patient has additional
blockage in the coronary arteries that may be caused by the
surgical bypass procedure (CABG). The machine noninvasively measures arterial flow by using Doppler sonar to
determine if the arteries are blocked. It can be used in a
patient’s home, by itself, on post heart attack patients who
may be at risk for additional heart attacks. It transfers the
data to a monitoring station at a EMS facility for 24/7
monitoring.
They have formed a company (The Bright-Idea Company),
built a prototype and tested it in the lab on sheep and pigs. It
worked great. Now they want to begin marketing it for use on
humans.
1.
2.
3.
Is the machine a medical device?
What steps should Dr. Bright and Dr. Idea take before they
can begin marketing the machine?
What documents do they need to have on file?
38
Questions
39