While 510(k) is the preferred regulatory strategy of many North American medical device companies, launching in Europe first with a CE mark can be beneficial. This blog concludes my highlights of 510(k) and CE Marking similarities and differences. Last week I covered Terminology, Device Risk Classification, and Process. This week I explore the Quality Management System (QMS) and Documentation aspects, and conclude with a Prolog.
Quality Management System
With CE marking, the quality system is audited as party of the process before the CE mark can be applied. There are some similarities to Health Canada requirements for CMDCAS ISO13485 QMS to be in place before selling product. In addition, pilot manufacturing data is required for the full quality assurance route Annex II, which can catch people out as the CE mark must not be present on the devices/labeling until a successful outcome.
One of the confusions with CE marking is that in addition to there being multiple directives, each directive indicates multiple ways for conformity to the Essential Requirements to be demonstrated. A manufacturer who has an existing quality system in place conforming to FDA QSR 820 including design controls would probably add any additional requirements defined by the corresponding directive into their existing QMS; in effect complying with “Annex II – Full Quality Assurance” route which requires periodic compliance audits.
Finally, a common misconception is that an ISO13485 compliant quality system is required for CE marking. What is actually required is a QMS which complies with the associated directive. However, since this can cause confusion with your notified body, it is more common to implement a QMS which complies with ISO13485, with a few additions for compliance with FDA (such as procedures for transfer activities), MDD (such as risk management) and Health Canada (such as labeling requirements) where appropriate.
The Technical File is a compilation of documentation which is reviewed by the Notified Body for completeness before being able to apply the CE mark. The technical file will, at a minimum, contain the Essential Requirements Checklist, manufacturer’s Declaration of Conformity, Risk Management Report, Design documentation and Manufacturing documentation.
Both FDA and MDD require design to be controlled. A Design Plan is developed to control the design process, then one generates documentation in support of the plan – requirements, architecture, specifications, verification, validation. As mentioned above, a complete DHF is usually in place for a 510(k) submission, but for CE marking as mentioned above, the DMR must also be developed and any manufacturing validation activities be completed before the certification audit, which must be carefully worked into any market launch planning activities.
The Technical File should also comprise a Risk Management file, which at the very least contains risk management plan, risk analysis, risk verification and test reports for all external testing used to mitigate risk. The risk management file can be summarized by a risk management report which demonstrates that risk management was planned, hazards identified, risks managed and verified, biocompatibility addressed and where appropriate electrical basic safety (EN IEC60601-1), EMC (EN IEC60601-1-2) and particular electrical standards (for example EN ISO80601-2-61) followed. Note that the MDD clearly states that compliance to the essential requirements is presumed if the device conforms to harmonized standards, so it can be simpler to get external, accredited testing performed at a recognized test house rather trying to develop a compelling justification for why you did not perform testing. As a final comment regarding risk management, there are some differences between the MDD and ISO14971 which are highlighted in EN ISO14971 (2012) – essentially all risks must be reduced as far as possible without economic consideration, which is different to the FDA’s acceptance of risks being reduced as low as reasonably possible.
The Technical File must also contain a Clinical Evaluation report. At the minimum, this must contain a literature review of similar devices in the field, with a search of any vigilance databases to identify known hazards and risks of using those devices, and a summary of both positive and negative clinical data. If the safety and efficacy of the device cannot be established via literature search, then the clinical evaluation report should also contain a summary of clinical investigations undertaken to prove safety and efficacy, referring to supporting materials as required. Although this may sound daunting, a freely available MedDev document provides clear guidance on what the report should contain.
Finally, the Technical File must contain a manufacturer’s Declaration of Conformity to the essential requirements, which is usually signed by the CEO. The DoC also includes date of applying the CE mark and placing on the market.
There are currently several routes to CE marking for medical products in Europe, and this article touched on a most common path for Class IIa/b devices whereby the manufacturer employs Full Quality Assurance, as this provides the most flexibility when developing new, similar devices. There are options (other Annexes) to exclude design, perform batch type testing, or CE mark fixed device installations (such as MRI), depending on the device type.
The MDD as it stands is currently being re-written as the Medical Device Regulation. This is in part due to the French PIP breast implant scandal. The currently proposed changes, which are not expected to be finalized until 2015 and come into force 2017-19 include:
- Device Classification rules amended and extended (e.g nano-particles)
- Consolidated Conformity Assessment
- Full Quality Assurance & Design Examination
- Type Examination
- Product Verification (Quality/Product)
- Unique Device Identifier – as per FDA, phased and risk-based introduction
- Nominated “Qualified Person” responsible for Regulatory Compliance
- Improved traceability of devices in supply chain
- Regulations on Post Market clinical follow-up/surveillance
- Un-announced Notified Body audits and sample testing
- ‘Common Technical Specification’ for instances lacking Harmonized Standards
The most significant change for a manufacturer is the “Qualified” Regulatory person. What this means and how it will impact small companies remains to be seen.
I opened Part 1 of this blog noting that many clients who approach StarFish have already identified 510(k) as their preferred regulatory pathway to reach the market in the US. The reasons are clear: Large single market with a transparent regulatory body and minimal costs (compared to PMA). I hope my highlights of the similarities and differences between 510(k) and CE Marketing help those unfamiliar with CE marking effectively prioritize their regulatory efforts. This article is intended for general knowledge. Readers should consult with a regulatory professional regarding the specifics of their situation before taking action. I look forward to hearing feedback and actual experiences from readers.
Vincent Crabtree, PhD is a Project Manager and Regulatory Advisor, with an emphasis on Project Leadership ensuring projects conform to consensus standards such as ISO 14971, IEC 60601-1 and managing clients setting-up Quality Management Systems that comply with ISO 13485 and FDA Quality System Regulations. He is passionate about commercializing innovative technology, and brings an entrepreneurial perspective.