A Guide for Start-up Companies www.intertek.com/medical
www.intertek.com/medical

Bringing a medical device to market can be difficult and time consuming, and with the recent impacts of the global economy on the job market, many manufacturers lack the necessary manpower and resources. Navigating the regulations and requirements as a start-up company can be even more challenging and many early-stage companies may not realize that the consideration of medical device certification requirements should begin at the planning phase of the development process.
The medical device industry relies on a higher level of documentation records than many other certification categories. It is important that manufacturers consider that developing a functional prototype will not be sufficient to meet the full regulatory burden and it is critical to generate the documentation that covers the key elements of the IEC 60601- standard series, Food and Drug Administration (FDA) guidance, the Medical Device Regulation of Europe (MDR), and more.
Below we’ve summarized five important and necessary steps during the product development process to help medical device manufacturers prepare for product certification.

1. Plan your Work
When starting the product development process, it’s important to do so with the end in mind. The ISO 13485 and the FDA’s Medical Device Single Audit Program (MDSAP) requirements for design input planning are more than just a quality management system (QMS) checkmark. These requirements:
• Dictateallthepaperworkthatneedstobegeneratedduringthenext12monthsofthe process
• Laythebaselineofsoftwarerequirementsandverificationplanning
• Definetheriskanalysisactivitiestobeperformedandstructurescomponentselections
to mitigate these risks
• Defineyouruseenvironmenttodeterminetheclinicalandhumanfactorsstudiesthat should be scheduled at the first design lock
Not only is this planning critical for internal milestones, but the records of these plans, design meetings, management approvals, and design locks are all part of the documentation that can and will be audited by certifying bodies and regulatory bodies alike.

2. Develop Software in a Controlled and Traceable Space
The IEC 62304 standard for medical device software requires a high level of architecture planning and detailed design notes. These software units need to trace to the risk management activities happening in the system level design meetings. The verification plan needs to be written before the requirements specification is formalized. The structure of IEC 62304 as a standard discusses these milestones and empowers auditors to scrutinize the records. This results in medical device manufacturers consistently reverse- engineering their own software to create a traceable and audit-ready list of activities, tests, and system validation just to support an audit. If a development environment with built-in configuration management is in place and software units are marked with risk classes at the start of product development, the need to recreate a traceable audit after the fact is minimized.

3. Continuous Design Meetings
During third-party review of the product information against the recognized standards, project milestones are identified. These are self-imposed check points where the plan is reaffirmed, and the activities that were planned are executed, reviewed, and documented. ISO 14971 states that risk management is a continuous and ongoing process throughout the design and commercialization of the product. By having these design meetings logged and documented, there will be audit-ready evidence that the planned tasks took place at regular intervals, with top management support, and that the plan was being executed or modified along the development lifecycle.

4. Early Communication with Suppliers and Subcontractors
It’s common for medical start-ups to have lean staffs, resulting in the need to seek external partners for things like additional design support, parts, testing, documentation, and various studies. Key activities that typically extend beyond the core competencies of a start-up include:
• ElectricalsafetyandEMCtesting
• Biocompatibilitystudyortesting
• Clinicalevaluationand/orinvestigations
• Humanfactors/usabilitystudies
• Cybersecuritytesting(includingpenetrationtestingandongoingmonitoring)
• RoHSandREACHcomponentreviewandtesting
• Incominginspectionortestingofvendorparts(whenperformedbythemanufacturer)
Each of these activities has a QMS requirement that the device manufacturer will have to address. The appropriate accreditation of those individuals performing the tasks will be an audit record. ISO 13485 states that the manufacturer’s quality system should extend to cover suppliers and subcontractors. Companies can minimize unexpected delays and potential need for re-testing simply by selecting the best resources in advance of deadlines.

5. Create a Trace Matrix for Every Activity
The activities performed by medical device start-ups are substantial. An external review of the design history file (DHF) will be performed by an auditor with a limited amount of time to review the materials. By placing a trace matrix for the upcoming audit into the DHF early, the flow of the audit is improved and a checklist will be in place to approach these agencies only when the necessary documents are complete. These trace matrices, or checklists, are particularly common in the following activities:
• FDA510(k)
• MDRtechnicalfile
• QMSreviewagainstISO13485orMDSAP
• RiskmanagementperIEC60601series
• SoftwarelifecycledevelopmentperIEC62304
• HumanfactorsstudyperIEC62366-1
• CybersecurityevaluationfollowingUL2900series
By making the file easier to audit, barriers to timelines are removed and the work progresses.

 

Note: *The Intertek legal entities that provide medical device management system certification services (including ISO 13485 and MDSAP) and Notified Body services (MDR 2017/745 and MDD 93/42/EEC) do not provide any consulting services. Clients who have used other Intertek legal entities’ consulting services are not eligible to receive management system certification services or Notified Body services from Intertek.

Intertek is a leading Total Quality Assurance provider to industries worldwide. Our network of more than 1,000 laboratories and offices in more than 100 countries, delivers innovative and bespoke Assurance, Testing, Inspection and Certification solutions for our customers’ operations and supply chains. Intertek Total Quality Assurance expertise, delivered consistently with precision, pace and passion, enabling our customers to power ahead safely.
Our team of medical device experts has brought various products to market and has experience with the current documentation issues faced when bringing innovative medical device products to market.