Tag: Cybersecurity

Click now to listen to RCA’s Director of Regulatory Affairs, Jordan Elder, in this RCA Radio audio update:

 

 

The European Parliament recently voted for a timeline extension to MDR regulation, including an extended timeline for medical device regulatory submission. The 537-3 vote by members of the official body provides a final approval to extend MDR deadlines for compliance. Included in the legislation is revisions to regulatory submission rules for certifying medical devices. Additionally, the timeline includes new dates for both Regulation (EU) 2017/745 (MDR) and Regulation (EU) 2017/746 (IVDR).

 

Regulated Companies

 

European officials extended the MDR timeline to include legacy devices with existing certificates under the MDD to stay on the market until 2024. Industry executives have suspected for some time that the EU medical device backlog of submissions would lead to this type of scenario. Equally important, many EU health ministers voiced their opinion during a December 2022 session medical device shortages would occur without a MDR timeline extension.

 

MDR Timeline

 

Manufacturers now have until 2027 or 2028 to have medical devices certified and approved under MDR guidelines. The timeline includes new dates for both high-risk medical device products and low risk medical devices. For medical devices covered by a certificate or a declaration of conformity issued before 26 May 2021, the transition period to the new rules is extended from 26 May 2024 to:

 

  • 31 December 2027 for Class III and IIb;
  • 31 December 2028 for Class IIa and I.
  • 26 May 2026 for Class III implantable custom-made devices

 

The original “sell-off’ date requirement that was required under the MDR has been removed

 


Need help with your MDR or IVDR transition? Talk to our Experts →


 

IVDR Timeline

 

Meanwhile, the EU Commission has previously recommended the IVDR application date be extended due to the EU notified body bottleneck.

 

  • General EU MDR Class 1 Low-risk devices that are non-measuring, non-sterile, non-reusable, non-surgical, and that do not require review from a notified body will still go into effect in 2022.
  • Non-sterile Class A and B Devices (low risk) – May 26, 2022
  • Class D (Highest Risk) – May 26, 2025
  • Class C (Medium Risk) – May 26, 2026
  • Sterile Class A and B Devices (low risk) – May 26, 2027

 

Industry Reaction

 

Life science media outlets have reported extensively on the change since it was proposed at the meeting.

 

Stella Kyriakides, the European health commissioner, first proposed postponing the current MDR deadline dates during the EPSCO council meeting in Brussels. The health commissioner projected around 23,000 devices and 1,500 IVDs are currently approved and certified under MDD, but have not yet transitioned to the new MDR regulation. These medical devices are likely to expire in 2024 and 2025,

 

“The transition to the new rules has been slower than we anticipated,” said Kyriakides. “The pandemic, shortages of raw materials caused by the Russian invasion against Ukraine and low notified body capacity has put a strain on market readiness.”

 

Medical Device Manufacturers

 

Additionally, many unique viewpoints have emerged about the current landscape and the impact of recertification.

 

“If the three-year deadline is truly unattainable, these extensions could prevent devices that are perfectly safe for use from being taken off the market because they were unable to get recertified in time,” said Alexandra Murdoch, a medical analyst at GlobalData.

 

Murdoch added both medical device manufacturers and suppliers must now deliver MDR regulatory documentation for market approval, including data about materials used in medical device manufacturing.

 

Medical Device Safety

 

Both Pinto & Rocha have documented the MDR proposal concerns that “only medical devices considered safe will benefit from the extension”. This includes medical device manufacturers that have begun the process of submission and certification under the MDR.

 

Further, the Commission has recognized the ongoing need for patient safety and proposed a 2023 pilot project for medical device manufacturers. For example, expert panels to advise manufacturers with qualified scientific advice about devices that help treat rare diseases.

 

Medical Device Shortage

 

Ireland’s minister of health, Stephen Donnelly, supported the change based on COVID-19 procurement and preventing future medical device shortage scenarios.

 

“Participation in the EU COVID-19 vaccine strategy has allowed us to conduct the largest immunization program in our country’s history, saving countless lives and enabling the resumption of normal social and economic life.” said Donnelly.

 

“This measure needs to be adopted and take effect without delay to ensure that the devices our citizens and health systems rely on remain available.”

 

Cybersecurity

 

By contrast, it is still unknown how different types of EU legislation will regulate connected medical devices. There is concern across the industry about which legislation may take precedence and the level of postmarket surveillance data needed.

 

The European Commission (EC) published a proposal for a Cyber Resilience Act (“CRA”) to strengthen cybersecurity across medical device interoperability. Both Wright & Wenzel have documented this legislation does not consider MDR to impose as many obligations on medical device manufacturers. Further, the commentary suggests the EC may not require as much documentation about unknown vulnerabilities are not present for medical devices.

 

About RCA’s Medical Device Consulting Services

 

The regulatory compliance process surrounding the medical device industry involves a strict adherence to pre/post market information throughout a device’s life cycle. Even a single compliance issue you have can turn into a significant effect on your business. Regulatory Compliance Associates can help guide you through any stage of the medical device consulting process, with capabilities during product development through the regulatory clearance/approval of your product.

 

Our team of over 500 medical device consulting Experts — including former FDA officials and regulatory compliance leaders in the field of medical device regulation — will work with your company to create a quality assurance and regulatory compliance approach tailored to your products and regulatory needs. Regulatory Compliance Associates works with international Fortune 100 companies, venture capital start ups, and companies of all sizes and shapes. our compliance enforcement solutions for law firms include remediation for warning letters, FDA 483’s, import bans or consent decrees. Very few regulatory compliance services have the same regulatory compliance expertise in a variety of medical fields.

 

Cybersecurity

 

For medical device manufacturers, technology can be a double-edged sword. The innovative technologies that elevate the quality of life for patients can also be used to potentially undermine the organization using the device. The consequences can affect the device itself if Regulatory Compliance Associates medtech consultants do not implement good IoT cybersecurity and FDA cybersecurity protocols.

 

At Regulatory Compliance Associates, we offer a wide variety of services for medical devices security to help ensure that your product is protected from cyber-attacks. With a well-planned design, along with full visibility of product development and the supply chain, Regulatory Compliance Associates medical device consultant Experts can help strengthen your device’s cybersecurity. We partner with medical device companies in each phase of the design cycle, including protecting inputs from threat exposure and hardening outputs for regulatory compliance & FDA submission approval of your medical technology.

 

  • SaMD Consulting
  • Threat Modeling
  • Proof of Concept
  • Quality Assurance Services
  • TIR 57 & TIR 97
  • ISO 62304
  • ISO 27001

 

Regulatory Affairs

 

Regulatory affairs is Regulatory Compliance Associates® backbone, and we handle more submissions in a month than many manufacturers do in a lifetime. Our regulatory compliance consulting Experts have experience working with the FDA, global regulatory bodies and / or agencies, and notified bodies worldwide. Therefore, you can count on us for in-depth and up-to-date insights which increase speed-to-market.

 

As a trusted regulatory affairs consultant, our FDA veterans and industry experts represent Regulatory Compliance Associates® as one of the top medical device consulting firms. We’re here to help you navigate the difficulties associated with new product submissions. Regulatory Compliance Associates® medical device consulting company has expertise in both the approval process and post-approval support. 

 

  • New Product Approval
  • Post-Approval Support
  • Outsourced Staffing
  • EU MDR
  • Combination Products

 

Compliance Assurance

 

Increasingly, life science companies are feeling the pressure of greater scrutiny by regulators, and responding by developing sustainable compliance strategies. Whether it’s preparing for an audit, developing a response to an FDA finding, or remediation to an adverse event, Regulatory Compliance Associates® can help.

 

Our network of over 500 medical device consultant & FDA, MHRA & EMA veterans are industry professionals offers a unique blend of expertise. This allows Regulatory Compliance Associates® to handle both simple and complex regulatory compliance challenges within medical device consulting companies.

 

  • Gap Assessments
  • Internal Audits
  • Employee Training
  • Notified Body Response
  • Data Integrity

 

Quality Assurance

 

Regulatory Compliance Associates® Quality Assurance consulting includes quality system assessments, strategy, implementations, and identification of quality metrics to ensure continuous improvement, aligning with your business needs and goals. Each Regulatory Compliance Associates® medical device consultant is a quality expert with experience spanning major corporations and start-ups. We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.

 

In the medical devices field, quality assurance (QA) is more than merely ensuring the quality of a finished product. You need the tools to monitor and regulate every process from the design of a new product to continued quality compliance as the device is sent to market. At Regulatory Compliance Associates®, we offer you the quality assurance services you need to monitor these processes and ensure quality compliance every step of the way.

 

With more than 20 years experience working with medical device consulting companies, Regulatory Compliance Associates® trusted medical device quality assurance consultant team is fully equipped to handle your unique QA needs.

 

  • ISO13485 
  • 21 CFR 210
  • 21 CFR 211
  • Outsourced Staffing
  • MDSAP
  • Facility Validation
  • Equipment Validation
  • Quality Metrics

 

Remediation Services

 

Regulatory Compliance Associates® is widely recognized within medical device consulting companies & the life science industry for our remediation services & support. Regulatory Compliance Associates® ability to help companies successfully resolve complex regulatory challenges have a proven track record of success. Our medical device consulting services include significant experience with the development of responses to 483 Observations, Warning Letters, Untitled Letters and Consent Decrees.

 

  • Regulatory Action
  • Regulatory Compliance
  • Regulatory Enforcement
  • Warning Letter
  • 483 Observation
  • Oversight Services

 

Our value goes beyond the initial response by helping companies successfully execute their action plans, develop an improved compliance culture tailored to the needs of their business, and ultimately move beyond the regulatory action to emerge as a stronger business. We negotiate difficult demands of remediation with insight and the clear advantage of our medical device consultant expertise and experience that makes partnering with Regulatory Compliance Associates®  a competitive differentiator in the remediation space.

 

  • Quality System
  • Technical File
  • Design History File
  • Data Integrity
  • cGMP

 

Strategic Consulting

 

Whether it’s a strategy, a technical plan, or project, Regulatory Compliance Associates® medical device consultancy can help ensure a successful project. Regulatory Compliance Associates® medical device strategy consulting can deliver your project on time, on budget, and you’re never embroiled in a costly mistake.

 

Our medical device consultant Experts are industry Experts are here to provide the unique insight you need before an M&A deal, through a staffing crisis and in every area of your product’s development and life cycle. As the trusted medical device manufacturing consultants of thousands of companies around the world, we have the knowledge and expertise needed to deliver exceptional results to your business — no matter your size or unique needs.

 

  • Manufacturing Optimization
  • Product Lifecycle Management
  • Mergers & Acquisitions (M&A)
  • Due Diligence
  • Device Vigilance
  • Risk Management Plan
  • Product Complaints
  • Medical Information

 

About Regulatory Compliance Associates

 

mdr consultingRegulatory Compliance Associates® (RCA) provides medical device consulting to the following industries for resolution of life science challenges:

 

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.

 

As your partners, Regulatory Compliance Associates can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

About Sotera Health

 

The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.

 

Sotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.

 

We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.

 

Commitment to Quality

 

Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

 

fda guidanceThe pharmaceutical and biologics industry recently received updated FDA guidance on the use of Generally Accepted Scientific Knowledge (GASK) in regulatory submissions.

 

The FDA guidance provides new examples of when it is applicable to leverage GASK data to meet safety requirements required in a new drug application. Clinical information in the drug discovery data that supports the nonclinical safety of a drug can contain GASK citations. Additionally, the citations would be based on existing clinical studies that have been validated by FDA in approved products on the market.

 

What is GASK?

 

Generally Accepted Scientific Knowledge refers to information and methods widely considered as accepted by life science industry experts. It can include established scientific principles, published papers, and best practices that have passed the regulatory scrutiny of drug development. GASK is most often utilized during the evaluation of safety and efficacy data of regulated products.

 

FDA Approval

 

The FDA guidance elaborates on the process of FDA regulators and how new drug applications are evaluated. Further, the FDA often requires life science companies to provide a significant amount of regulatory data to support safety and efficacy claims.

 

This regulatory clinical research often comes from clinical trials, preclinical studies, and other types of scientific data sources. However, in scenarios where there may be limited clinical trial data conducted, GASK can be used to provide supporting documentation for regulatory compliance. 

 

Drug Development

 

Life science companies are required to offer nonclinical information to support regulatory approval of a New Drug Application (NDA) or Biologics License Application (BLA). Additionally, the FDA guidance elaborates on how nonclinical information helps the Agency focus on important matters, such as:

 

  • Identifying pharmacological effects, including the mechanism of action of the drug in vitro and/or in vivo
  • Identifying absorption, distribution, metabolism, and excretion of the drug in vitro and/or in animals
  • Identifying possible consequences of exposure duration (e.g., chronic)
  • Identifying risks for special populations (e.g., pediatrics)

 

Regulation Examples

 

The FDA guidance goes on to describe unique conditions in which sponsors have successfully used GASK in their product development program. Each sponsor cited these GASK resources to meet FDA’s regulatory approval requirements instead of conducting certain nonclinical studies:

 

  • Products containing a substance that naturally occurs in the body. Sponsors submitted GASK regarding that substance and the known effects on biological processes.
  • Demonstrated drug impact on a particular biological pathway. Sponsors submitted GASK regarding the impact and FDA regulators concluded specific nonclinical studies were not necessary to support drug approval and drug labeling.

 

Active Ingredient

 

The FDA guidance continues by listing examples of substances that are typically present in a healthy human body. For example, endogenous substances where the drug replaces a substance that should naturally be present but, for pathological reasons, a patient may lack sufficient amounts. The FDA approved drug may enable and help accelerate the proper functioning of the human body.

 

Pharmacological

 

Additionally, a key driver of using GASK for FDA approval is the patient who has been prescribed a drug & the pharmacological impact experienced. Existing human pharmacokinetic studies and toxicology studies are recommended and may support the approval of the regulatory application. Specifically, regulators wil look to examine if the drug helps increase the level of the endogenous substance to the level of a healthy individual.  

 

Diet

 

Further, exogenous substances that are already present in a patient’s diet may help expedite U.S. Food and Drug Administration approval. This scenario includes a patient’s exposure to an unmodified food substance that doesn’t exceed typical levels of dietary exposure when the drug is taken orally. The FDA guidance also states that certain nonclinical studies may be unnecessary based on the relevance of the exogenous substance to the clinical research submitted. 

 

New Drug Application

 

If an FDA sponsor utilizes GASK information in their new product application, they must submit justification in the appropriate regulatory submission filing (e.g. BLA submission, 510(k) submission, etc.). The FDA guidance recommends as early as possible in product development to the assigned FDA regulator.

 

Finally, food and drug regulation feedback would be provided to the sponsor for the proposed regulatory strategy for approval. The FDA submission should incorporate evidence for the use of GASK, including textbook excerpts and/or non-product-specific published literature.

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

 

In this soundbite from RCA Radio, Dr. Helin Raagel and Dr. Matthew Jorgensen from Nelson Labs explain why the Cytotoxicity test during a biocompatibility evaluation is the most important test you will run.

 

cytotoxicity

What is Cytotoxicity? – Cytotoxicity is the degree to which a substance can cause damage to a cell. A substance or process that causes cell damage or death is referred to as cytotoxic, “cyto” meaning cell and “toxic” meaning poison. (Will the device kill or harm the cells it comes in contact with?)

 

There are three reasons why the cytotoxicity test is the most important test you run during a biocompatibility evaluation.

  1. The test can be run quickly.
  2. It is the most cost-effective test in an evaluation.
  3. Most evaluation concerns come from the cytotoxicity results.

 


Listen to the full episode “What is Cytotoxicity?” now!


 

About RCA’s Medical Device Consulting Services

 

The regulatory compliance process surrounding the medical device industry involves a strict adherence to pre/post market information throughout a device’s life cycle. Even a single compliance issue you have can turn into a significant effect on your business. Regulatory Compliance Associates can help guide you through any stage of the medical device consulting process, with capabilities during product development through the regulatory clearance/approval of your product.

 

Our team of over 500 medical device consulting Experts — including former FDA officials and regulatory compliance leaders in the field of medical device regulation — will work with your company to create a quality assurance and regulatory compliance approach tailored to your products and regulatory needs. Regulatory Compliance Associates works with international Fortune 100 companies, venture capital start ups, and companies of all sizes and shapes. our compliance enforcement solutions for law firms include remediation for warning letters, FDA 483’s, import bans or consent decrees. Very few regulatory compliance services have the same regulatory compliance expertise in a variety of medical fields.

 

Cybersecurity

 

For medical device manufacturers, technology can be a double-edged sword. The innovative technologies that elevate the quality of life for patients can also be used to potentially undermine the organization using the device. The consequences can affect the device itself if Regulatory Compliance Associates medtech consultants do not implement good IoT cybersecurity and FDA cybersecurity protocols.

 

At Regulatory Compliance Associates, we offer a wide variety of services for medical devices security to help ensure that your product is protected from cyber-attacks. With a well-planned design, along with full visibility of product development and the supply chain, Regulatory Compliance Associates medical device consultant Experts can help strengthen your device’s cybersecurity. We partner with medical device companies in each phase of the design cycle, including protecting inputs from threat exposure and hardening outputs for regulatory compliance & FDA submission approval of your medical technology.

 

  • SaMD Consulting
  • Threat Modeling
  • Proof of Concept
  • Quality Assurance Services
  • TIR 57 & TIR 97
  • ISO 62304
  • ISO 27001

 

Regulatory Affairs

 

Regulatory affairs is Regulatory Compliance Associates® backbone, and we handle more submissions in a month than many manufacturers do in a lifetime. Our regulatory compliance consulting Experts have experience working with the FDA, global regulatory bodies and / or agencies, and notified bodies worldwide. Therefore, you can count on us for in-depth and up-to-date insights which increase speed-to-market.

 

As a trusted regulatory affairs consultant, our FDA veterans and industry experts represent Regulatory Compliance Associates® as one of the top medical device consulting firms. We’re here to help you navigate the difficulties associated with new product submissions. Regulatory Compliance Associates® medical device consulting company has expertise in both the approval process and post-approval support. 

 

  • New Product Approval
  • Post-Approval Support
  • Outsourced Staffing
  • EU MDR
  • Combination Products

 

Compliance Assurance

 

Increasingly, life science companies are feeling the pressure of greater scrutiny by regulators, and responding by developing sustainable compliance strategies. Whether it’s preparing for an audit, developing a response to an FDA finding, or remediation to an adverse event, Regulatory Compliance Associates® can help.

 

Our network of over 500 medical device consultant & FDA, MHRA & EMA veterans are industry professionals offers a unique blend of expertise. This allows Regulatory Compliance Associates® to handle both simple and complex regulatory compliance challenges within medical device consulting companies.

 

  • Gap Assessments
  • Internal Audits
  • Employee Training
  • Notified Body Response
  • Data Integrity

 

Quality Assurance

 

Regulatory Compliance Associates® Quality Assurance consulting includes quality system assessments, strategy, implementations, and identification of quality metrics to ensure continuous improvement, aligning with your business needs and goals. Each Regulatory Compliance Associates® medical device consultant is a quality expert with experience spanning major corporations and start-ups. We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.

 

In the medical devices field, quality assurance (QA) is more than merely ensuring the quality of a finished product. You need the tools to monitor and regulate every process from the design of a new product to continued quality compliance as the device is sent to market. At Regulatory Compliance Associates®, we offer you the quality assurance services you need to monitor these processes and ensure quality compliance every step of the way.

 

With more than 20 years experience working with medical device consulting companies, Regulatory Compliance Associates® trusted medical device quality assurance consultant team is fully equipped to handle your unique QA needs.

 

  • ISO13485 
  • 21 CFR 210
  • 21 CFR 211
  • Outsourced Staffing
  • MDSAP
  • Facility Validation
  • Equipment Validation
  • Quality Metrics

 

Remediation Services

 

Regulatory Compliance Associates® is widely recognized within medical device consulting companies & the life science industry for our remediation services & support. Regulatory Compliance Associates® ability to help companies successfully resolve complex regulatory challenges have a proven track record of success. Our medical device consulting services include significant experience with the development of responses to 483 Observations, Warning Letters, Untitled Letters and Consent Decrees.

 

  • Regulatory Action
  • Regulatory Compliance
  • Regulatory Enforcement
  • Warning Letter
  • 483 Observation
  • Oversight Services

 

Our value goes beyond the initial response by helping companies successfully execute their action plans, develop an improved compliance culture tailored to the needs of their business, and ultimately move beyond the regulatory action to emerge as a stronger business. We negotiate difficult demands of remediation with insight and the clear advantage of our medical device consultant expertise and experience that makes partnering with Regulatory Compliance Associates®  a competitive differentiator in the remediation space.

 

  • Quality System
  • Technical File
  • Design History File
  • Data Integrity
  • cGMP

 

Strategic Consulting

 

Whether it’s a strategy, a technical plan, or project, Regulatory Compliance Associates® medical device consultancy can help ensure a successful project. Regulatory Compliance Associates® medical device strategy consulting can deliver your project on time, on budget, and you’re never embroiled in a costly mistake.

 

Our medical device consultant Experts are industry Experts are here to provide the unique insight you need before an M&A deal, through a staffing crisis and in every area of your product’s development and life cycle. As the trusted medical device manufacturing consultants of thousands of companies around the world, we have the knowledge and expertise needed to deliver exceptional results to your business — no matter your size or unique needs.

 

  • Manufacturing Optimization
  • Product Lifecycle Management
  • Mergers & Acquisitions (M&A)
  • Due Diligence
  • Device Vigilance
  • Risk Management Plan
  • Product Complaints
  • Medical Information

 

About Regulatory Compliance Associates

 

Cytotoxicity testRegulatory Compliance Associates® (RCA) provides medical device consulting to the following industries for resolution of life science challenges:

 

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.

 

As your partners, Regulatory Compliance Associates can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

About Sotera Health

 

The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.

 

Sotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.

 

We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.

 

Commitment to Quality

 

Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.

 

To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 

 

The International Medical Device Regulation Forum (IMDRF) recently published updated cybersecurity guidance for the medical device industry. The medical device cybersecurity working groups at IMDRF have been busy lately, publishing multiple final documents about medical devices & software as medical device (SaMD). 

 

Regulatory Compliance

 

IMDRF’s medical device guidance provides steering assumptions for both regulatory compliance & medical device cybersecurity, which are appropriate for sponsors developing medical devices. Further, a primary objective of the guidance is simultaneously increasing patient safety & reducing external threats for providers and HCPs.

 

Global Harmonization

 

The guidance begins with harmonization concepts that could affect multiple departments inside a medical device manufacturer. Additionally, key areas for harmonization programs highlighted by the cybersecurity guidance include:

 

  • Product design
  • Risk management activities
  • Device labelling
  • Regulatory submission
  • Information sharing
  • Post-market activities

 

Product Life Cycle (PLC)

 

IMDRF’s cybersecurity guidance continues on with a deeper evaluation of risks associated across the product life cycle. It is recommended for potential vulnerabilities to be considered for any product life cycle stage, especially considering legacy devices that may be vulnerable to strategic risk. 

 

 

Product Design

 

Product design considerations include the initial phases of medical device development and continues until the end of support (EOS) once a product is discontinued. The four product design stages the cybersecurity guidance refers to when it comes to total product life cycle:

 

  • Development Stage
  • Support Stage
  • Limited Stage
  • End of Support

 

Development Stage (Stage 1)

 

The Development Stage occurs during the pre-commercialization phase before a medical device is approved by a regulatory body. This is when medical device manufacturers begin to incorporate security into the product concepts being designed. Design controls are critical in this stage for medical device manufacturers to leverage when considering how to mitigate risks.

 

Finally, an important deliverable of the Development Stage is product-related security documentation. The documentation is designed to help unfamiliar users to understand how to securely operate the medical device. 

 

Support Stage (Stage 2)

 

The Support stage is during the initial post-launch phase and may continue for many years. Medical devices in this stage are:

 

  • Currently used for providing patient care
  • Available for purchase on the open market
  • Contain major software, firmware, or programmable hardware components
  • Support for software, firmware or components is provided by the medical device manufacturer

 

Additionally, medical devices in the Support stage should receive full cybersecurity support. This support often includes software patches, software updates, hardware updates, and incremental support the manufacturer considers appropriate.

 

Limited Support Stage (Stage 3)

 

Medical device manufacturers continue to provide cybersecurity support during Stage 3. However, as product development transitions to a more current medical device design, different constraints are involved with the transition. Medical devices in Stage 3 often require additional network controls compared to medical devices in Stage 2:

 

  • Third-party components or software may be used more frequently than internally developed updates or patches
  • Cybersecurity best practices integration is often governed by the ease of following support practices outlined in the Stage 2
  • Medical device manufacturers must explain to users the existing limitations that are now recognized in the devices and services affected
  • Healthcare providers using the medical device should begin to take more of an active role in unmitigated features of security defense.

 

End of Support Stage (Stage 4)

 

Medical devices in Stage 4 are considered more vulnerable than any of the other stages. They may still be in use for providing patient care, but they have been publicly identified as no longer being supported by the medical device manufacturer. Each of these scenarios result in a medical device that cannot be consistently defended against modern cybersecurity dangers.

 

Critical facets healthcare information technology departments should look for include:

 

  • Medical devices that have been declared EOS by the medical device manufacturer
  • Medical devices that are not actively marketed or sold by the medical device manufacturer
  • Medical devices that contain software, firmware, or programmable hardware components no longer supported by software developers
  • Medical devices with known risks to device safety and effectiveness that are unmitigated

 

Risk Management

 

risk managementFurther, the guidance calls for a risk management approach to product lifecycle management featuring:

 

  • Security risk analysis
  • Security risk evaluation
  • Security risk control
  • Security risk acceptability

 

The cybersecurity guidance expands on product design and how security is incorporated and maintained through the product life cycle. This can be accomplished through using risk control and a secure development framework.

 

Risk mitigation recommendations for medical device manufacturers include:

 

  • Security design and controls based on intended use of the medical device
  • Security risk assessments across the risk management process
  • Threat modelling to help determine operational risk

 

Security testing and communication for medical device manufacturers include:

 

  • Customer facing product security documentation & communication
  • Post-market monitoring of cybersecurity vulnerabilities
  • Identification of vulnerabilities in third party risk management
  • Vulnerability risk identification based on the device security design, controls, and mitigations

 

Ensuring availability of security patches & mitigations based on device risk:

 

  • Coordinated and clear communication to all affected users
  • Description related to the vulnerability and its corresponding mitigations
  • Identification of other mitigation options when a security patch is unavailable

 

Data Integrity

 

One of the core principles the guidance stresses is cybersecurity information, data integrity and the importance of information sharing. IMDRF encourages medical device industry stakeholders to implement a proactive pre- and post-market approach to cybersecurity information sharing.

 

Moreover, timely information can help the industry recognize threats, evaluate associated risks, and react quickly as needed. An increase in industry transparency could directly benefit healthcare providers, medical device users and medical device companies.

 

Security Updates

 

An important section of the medical device cybersecurity guidance details stakeholder responsibilities related communications, risk management, and transfer of responsibility. Specifically, it is important that medical device manufacturer communications are comprehensive & identify types of documentation needed and when the medical device user may need it. 

 

Product Security Documentation

 

Medical device manufacturers should ideally provide PLC documentation about security or support changes early in the Support stage. This helps HCP risk management during both the procurement & deployment of medical devices. Types of life cycle support for product security documentation includes:

 

  • Manufacturer disclosure statement for medical device security
  • Software Bill of Materials (SBOM)
  • Security test report summaries
  • Third-party security certifications
  • Customer security documentation

 

Product Life Cycle Documentation

 

Medical device companies should communicate the strategic life cycle milestones to their customers. Further, these interactions would include cybersecurity EOL and EOS dates if available. This helps to support HCPs during both the procurement & installation process.

 

Additionally, medical device manufacturers should provide this information as far in advance as possible. The goal is at least 2 years in advance to best support healthcare professionals with the following information:

 

  • Affected medical devices
  • Medical device operating system(s)
  • Version of medical device deployed
  • Medical device software components
  • Expected date of medical device service changes
  • Extent of medical device maintenance after a service change occurs
  • Additional design controls that help all involves parties

 

Vulnerability & Patching Information

 

If a vulnerability is uncovered, medical device companies should provide related vulnerability information. Further, the guidance specifically mentions the importance of both the appropriate mitigation or available software patch. Additionally, the guidance stresses an elevated priority be placed on high-risk vulnerabilities where timely communication is required. This communication is designed to help prevent both patient injury or device interruption.

 

Finally, the mitigation method and implementation instructions should be provided to the medical device operators. These security updates include both an over-air update or deployment of service personnel to help install the remedy.

 

Proactive Communications for Third-Party Components

 

Medical device software and other digital components within a medical device will reach EOL/EOS before the product itself does. In these cases, risk can increase based on the lack of support for these elements. To help compensate for these security risks, the cybersecurity guidance suggests medical device companies should:

 

  • Validate the list of third-party components used in medical devices
  • Track support status updates of third-party components used within their device
  • Assess the risks that exist when third-party components become unsupported
  • Communicate new risks and available risk mitigations to healthcare providers

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

 

Why has product launch become more complex after the pandemic & how have the “roots of compliance” changed the EU regulatory environment?

 

 

In this sound bite from RCA Radio, host Brandon Miller is joined by Kinga Demetriou, an Expert Certifier at BSI, as they discuss how the pandemic changed the “roots of compliance” in the EU regulatory environment.

 

  • Since the pandemic, quick routes to market such as EUAs have been stopped leading to market servaliance company’s putting more scrutiny on products (e.g. PPE masks)
  • Manufactures have found out that offering a products in different markets take a lot of recourses to understand the roots of compliance depending on the location
  • Different market access requirement have been introduced depending on geography
  • New rules and certifications are in place making it more complex to launching products in multiple markets

 


Listen to the full Podcast on Global Regulatory Trends –> Click Here


 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

What should you do if you are having trouble executing your design protocols? 

Listen to this highlight from RCA Radio where Walter Mason explains what needs to be done if you have troubles executing your design protocols even after training.

 

 

Listen to the entire episode where we take an in-depth look at protocols for biologics and their importance. RCA Radio Episode 13.

 

What can you do?

  • Go to the developer and let them know that it is not working for you
  • Talk through the design protocols in general
  • Procede step-by-step through the design protocols process
  • Look back at the FDA guidance documents
  • Get feedback on your design protocols
  • Implement changes in your training or to the protocol itself

 

About RCA’s Biotech Consulting Services

 

Regulatory Compliance Associates® can assist you in ensuring the quality of your biologics or biosimilar product during its entire lifecycle. From pre-market to post-market reviews, inspection, and compliance, our Biotech consulting experts can shepherd your biologics through design, labeling, promotion, production, and testing. Our Biologics consultants & consulting services include:

 

Regulatory Affairs

 

Regulatory affairs is Regulatory Compliance Associates®  backbone and we fully understand the complexities of the biologics industry. Our biotech consulting expertise spans all facets and levels of Regulatory Affairs, from early phase & bioanalytical sciences through late phase and post approval.

 

  • Preclinical & CMC Consulting
    • FDA Meetings & Briefing Package Assistance
    • Clinical Trial Applications
    • Marketing Applications
    • Medical Writing
  • Lifecycle Management
    • Combination Products
  • Submission Planning & Strategic Support
    • eCTD Publishing & Submissions
  • Strategic Consulting & Intelligence
    • Risk Management Plan
  • US Agent
  • Project Management Support
    • Data Integrity
  • Clinical Development Support
    • Clinical Research Organization (CRO) Sourcing
  • Analytical Development Support
    • Bioassay Design & Validation
    • Immunoassay Support
    • Statistical Analysis & Specification Setting

 

Compliance Assurance

 

Increasingly, life science companies are feeling the pressure of greater scrutiny by regulators, and responding by developing sustainable compliance strategies. Whether it’s biologics consultants preparing for an audit, developing a response to an FDA finding, or remediation to an adverse event, Regulatory Compliance Associates® biotech consulting global team can help.

 

  • Assessments
    • Current Good Manufacturing Practice (cGMP)
    • Corrective & Preventive Action (CAPA), Investigations & Deviations
    • Facility & Maintenance 
    • Data Integrity
    • Quality System Gap Assessment
    • Quality Metrics
  • Audits
    • Supplier Audits
    • CRO Audits
    • cGMP Compliance Audits: Manufacturing, Pilot Plant, Laboratory
    • cGLP Audits
    • Good Clinical Practices
  • Preparation, Training & Inspection Readiness
    • cGMP Fundamentals (Annual Training Required by Regulations)
    • Quality System Regulation
    • Risk Management
    • Investigations, Deviations & CAPA & Root Cause Analysis
    • Validation & Technology Transfer
    • Purchasing Controls & Supplier Management
    • Document Management & Change Control
    • Audit Readiness
    • Quality Culture & Management Responsibility
    • Data Integrity & Good Documentation Practices (GDP) Centered on How the Data is Recorded, How to Correct an Error, and How to Document the Reason(s) for the Error

 

Quality Assurance

 

Regulatory Compliance Associates® Quality consulting services include assessments, strategy, implementations, staff augmentations, and identification of quality metrics. Our biologics consultants goal is to ensure continuous improvement, aligning with your business needs and goals. Our biotech consulting subject matter experts have experience spanning major corporations and start-ups.

 

We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.

 

  • Quality Management System Implementation
  • SOP Development
  • Document Control Systems
  • Change Control
  • Laboratory Operations & Control

 

Remediation Services

 

Regulatory Compliance Associates® is widely recognized within the life science industry and global regulatory agencies for its ability to help companies successfully resolve complex regulatory services regulatory challenges. With a proven track record of success, Regulatory Compliance Associates® biologics consultants have significant experience with the development of responses to 483 Observations, Warning Letters, Untitled Letters and Consent Decrees.

 

  • Regulatory Action
    • 483 Response & Remediation
    • Warning Letter Response & Remediation
    • Consent Decree Response & Remediation
    • Oversight Services
  • Consulting
    • Comprehensive Audits
    • Remediation Plan Development & Implementation
  • Manufacturing Support
    • Re-validation of Existing Equipment & Processes
    • Remediation of System Deficiencies Related to, Manufacturing Process, Equipment, or Facility 
    • Facility Improvements (Aging Facilities) 

 

Strategic Consulting

 

Whether it’s a corporate needs analysis, corporate growth / transformation strategy or due diligence / acquisition, Regulatory Compliance Associates®  worldwide biotech consulting experience can help ensure a successful mix of top-notch advice and people so your engagement is on time, on budget, and you’re never embroiled in a costly mistake.

 

  • Portfolio Management
  • Mergers & Acquisitions / Due Diligence
  • Staffing Support

 

Biostatistics

 

At Regulatory Compliance Associates, we recognize that biostatistics continues to change life science consulting one project at a time. Our biostatistics consultant Experts can help with both your internal or external clinical study and medical research needs.

 

RCA biostatisticians will create a custom scope of work based on the applicable statistical tests and predictive techniques that increase regulatory compliance. In fact, our statistical consulting team approach to clinical study design and clinical research provides Regulatory Compliance Associates clients a true competitive advantage during product development and commercialization. 

 

Our biostatistics consulting services include:

 

  • Clinical research
  • Medical research
  • Epidemiological research
  • Disease occurrence research
  • Disorder prevalence research
  • Data safety monitoring
  • Adverse event research

 

Regulatory Compliance Associates healthcare consulting Experts can provide quantitative analysis that propels your commercialization projects faster and more accurately. Our statistical consulting Experts can provide deep insights into the regulatory compliance process of what can help you with your regulatory submission.

 

Biostatistics is more than just getting your white paper published – it’s about saving lives and getting the right products to market. RCA’s epidemiological consulting team will provide a custom scope of work based on your clinical research studies. For over 20 years we’ve partnered with clinicians, PhD’s, MD’s, and epidemiologists to increase the success of their initiatives, including clients from:

 

  • Hospitals and healthcare systems
  • Government agencies and departments
  • Academic and university research programs
  • Life science manufacturers and organizations
  • Private equity and venture capital

 

Regulatory Compliance Associates biostatistics consulting team provides a diverse set of healthcare consulting services during the clinical research trials process, including:

 

  • Biostatistics
    • Clinical trials
      • Phase 1 clinical trial
      • Phase 2 clinical trial
      • Phase 3 clinical trial
      • Phase 4 clinical trial
    • Medical trials
      • Clinical trial oversight
        • World wide clinical trials
        • Decentralized clinical trial
        • Randomized clinical trial
        • Clinical test oversight
        • Pragmatic trial
        • Open label studies

About Regulatory Compliance Associates

 

Regulatory Compliance Associates (RCA) provides biologics consulting & biotech consulting to the following industries for resolution of life science challenges:

 

 

We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.

 

As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.

 

  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021

 

About Sotera Health

 

The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.

 

Sotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.

 

We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage.