FDA continues to cite manufacturers for serious design control violations found during inspections that lead to warning letters. Very recently, a company received a warning letter that included significant design control findings. It suggested the company consider withdrawing a previously cleared 510(k) if it is found to have unreliable or unverifiable data. Imagine the impact to your company if you had to remove a major product from the market because a 510(k) had to be withdrawn. We have put together some practical points to consider when implementing and maintaining a compliant design control process.
- Manufacturers should define a simple and attainable design control process that can be updated and improved as product menus expand.
- Manufacturers should rely on risk analysis to determine the level of detail required for design controls. Low-risk devices typically do not require documentation of design and development steps or design output to be as detailed as higher risk products.
- The process of product development generates useful documentation per the design and development plan that should be included in the Design History File (DHF). However, firms should not clutter the DHF with unnecessary documents such as records of every phone call made, all memos sent, e-mails, and so forth.
- Some design information is sensitive and confidential. Company policy should require the marking of confidential sections of design history file documentation to handle issues that may arise from FDA release to FOI.
- ISO 13485 certification does not guarantee compliance with FDA design control. Companies with ISO 13485 should perform an audit for the purpose of identifying any missing elements to be in full compliance with FDA design controls. The goal should be to have a single product development process—a superset—that complies with both FDA and ISO 13485.
- Product clearance or approval of a medical device submission (510(k), PMA, or IDE) does not guarantee or imply compliance with FDA's design control regulations, even though design data may have been included in the submission.
- The CGMP Final Rule, 21 CFR Part 820, Subpart E, Purchasing Controls puts the responsibility for design controls squarely on the shoulders of manufacturers, even if the design is subcontracted out.
- All medical devices with a software component, including Class I devices, require implementation of design controls. Manufacturers should implement software validation as part of design validation for all software components. The level of detail of software validation is a function of the level of risk resulting from the use of software components in the device.
Dennis Rubenacker is co-founder and senior partner of the consulting firm of Noblitt & Rueland, which provides consulting and training services for medical device and IVD manufacturers. Rubenacker specializes in software validation, FDA electronic recordkeeping, design control, risk assessment, software development, and software quality management for the medical device industry. He has extensive experience dealing with product development, software development, software quality assurance, and software verification and validation for IVD medical device instrumentation and automated processes. His medical product line experience includes clinical chemistry analyzers, immunoassay analyzers, microbiology analyzers, glucose monitors, and OTC diagnostic devices. Rubenacker has assisted international companies ranging in size from less than $1 million in sales to Fortune 100 companies. He received his BS in electrical engineering with highest honors from the University of Illinois and is a member of the Institute for Electrical and Electronic Engineers, RAPS, OCRA, and ASQ. He can be contacted by phoning 888/892-4664 or via e-mail at firstname.lastname@example.org. For more information about Noblitt & Rueland, view its listing in the online Consultants Directory or go to the firm's Web site at www.fdaconsulting.com.