What should be taken into consideration?

Introduction

This article presents an overview of the challenges that accompany the design and development of Medical Devices in accordance with the legal and regulatory laws and ISO management system standards.

Innovation, design, and development in the Medical Devices sector is growing rapidly. However, Covid-19 pandemic has acted as a great detector of some lacking points when it comes to Medical Devices used at the Point of Care (POC). Some of these lacking points include: screening and detection of the corona virus, devices for longitudinal monitoring and detection of vital parameters deterioration to mobilize medical staff effectively, and reducing the impacts of contamination and mortality in long-term care institutions. 

Identifying the different requirements for new Medical Devices development

When it comes to creating a new medical device, the design and development team must take into account many constraints that are determined by the Medical Devices type (IVD, non-IVD), its class (i.e., from the lowest level of risk to the highest), and the jurisdictions of the country where the Medical Device will be marketed. 
Identifying the class is the first step in this process that ensures the conformity of the Medical Devices with the legal and normative framework. For Programmable Electrical Medical Systems (PEMS), the fastest growing market segment with SaaMD and cloud application, the compliance approach will be dual and iterative to address hardware and software constraints. The aim is to identify the essential safety requirements specific to each Medical Device:

• The IEC 60601 and IEC 80601 series of standards provides details about the physical and technological characteristics Medical Devices must meet. The IEC 60601 series address requirements in a wider context, while the IEC 80601 series apply to more specific groups or features.
• For embedded software, IEC 62304 and IEC 62366 are focused on the whole life cycle of the software that controls the Medical Devices.
• For SaaMD applications and other cloud developments, the IEC 80001 standard develops on an IT security management system to which the Medical Devices must respond.

Note: Compliance with IEC 62304, IEC 62366, and IEC 80001 is demonstrated by integrating their requirements into the risk analysis, by identifying the relevant risks, and mitigating them.

To certify your Medical Devices, showing conformity to these standards is mandatory when the Medical Devices do not belong to a lower level of risk. At the same time, the company must demonstrate that their Medical Devices not only meet all the essential requirements, but also are designed thoroughly by considering all the possible events which could hamper the Medical Devices functioning. The risk analysis in case of a PEMS will cover all its aspects, from the casing material, to addressing single fault condition, to its vulnerability to microbiological contamination, and software development validation and verification along its whole life cycle.

The whole design and development of Medical Devices process briefly described above, must be documented in two key documents:

• The Design Master File, which contains in particular the risk analysis and related mitigation measures to lower it. Furthermore, it also provides an insight and track of the design and development iterations and how Medical Devices weaknesses have been identified and remedied.
• The Device History File, which will list all the details and updates of the components, sub-assemblies and software to minimize the risks as per the Design Master File.

Within this framework, the implementation of ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes is an obligation for all Medical Devices manufacturers and distributors, while getting certified against it is highly recommended. This is a starting point for developing corporate governance focused on risk analysis, its impact on all aspects of the realization of the Medical Devices, and throughout its life cycle. This governance must be documented accordingly and employees must be trained to comply with the requirements.

Furthermore, a Medical Devices Quality Management System must have a certain degree of maturity to comply with the requirements, control of production parameters (such as ambient conditions, contamination control, installation validation, operational and performance qualification respectively IQ, OQ and PQ), traceability, and if necessary, the product recall.

Additionally, ISO 13485 certification covers the compliance of the management system to identify/monitor legal and regulatory requirements of the participating countries, namely the USA, Canada, Brazil, Australia, Japan, and Europe, imposing audits carried out by its Notified Bodies.

The demonstration of conformity may vary from one market to another. Nevertheless, choosing an accredited laboratory/notified body that conveys your conformity for all the targeted markets, has a direct impact on the timeline and cost that you are going to spend. Taking into account the different market medical jurisdictions, certification will be a great proof of quality and will determine the selection of partnerships with whom the companies will work.

The MSECB solution

MSECB is accredited by International Accreditation Service (IAS) in accordance with ISO/IEC 17021 standard to offer qualitative ISO 13485 audits and certification processes. At the same time, they analyze, document and eliminate the potential conflict of interests arising from the certification activities. This is all done in coordination with a great number of MSECB auditors who operate all over the world. For you and your company, working with MSECB is the assurance of having at your side all the support you need to get through the audit and certification process against ISO 13485.