Navigating medical device regulatory requirements is a challenge even for established companies. For start-ups, gaining regulatory approval can be a major hurdle, arguably meaning that many promising device concepts fail to reach the market.
In this article, we present 7-steps for navigating regulatory requirements on a budget. While aimed at pre-revenue companies, these steps may also be useful for established companies seeking to bring new products to market or reduce their regulatory spend.
Step 1 - Plan ahead
The worst - but perhaps most common - mistake made by medical device start-ups is to neglect regulatory requirements until the later stages of product development. With some justification, many companies assume that regulatory documents and processes can only meaningfully be compiled once the device design has been finalised.
The truth is that while some tasks (such as Clinical Evaluation) are better left until the device has reached a level of maturity, others need to be performed from the earliest possible stages of device development. These can be considered foundational systems that form the bedrock of all successful regulatory strategies.
Step 2 - Build foundational systems
Foundational systems and activities are:
- Establishing and maintaining a Quality Management System (QMS)
- Establishing a Risk Management System
Let’s consider each in turn.
1. QMS - Control quality from the earliest stages
When it comes to obtaining final approval for your devices, you will be required to produce evidence that device design was conducted according to an established quality framework. It is essentially impossible to do this in retrospect, so it’s vital to set up a Quality Management System (QMS) as early as possible. While often thought of as expensive and complex, the truth is that an early-stage QMS can be relatively simple if it incorporates important building blocks that will enable it to grow as the company nears market entry.
Basic principles include:
- Adopting a process-driven framework
- Documenting processes and maintaining records
- Controlling documents and records
- Establishing a Quality Policy and Quality Objectives
- Defining roles and responsibilities
- Writing a Quality manual
- Having an effective Document Management System
- Ensuring that suppliers and third parties operate in accordance with your QMS
ISO 13485:2016 is the international standard for Quality Management Systems for medical devices and, ultimately, your QMS will almost certainly need to adhere to its requirements. It’s advisable to obtain a copy as early as possible and begin structuring your activities accordingly. If nothing else, basic considerations are to set objectives, keep records, allocate responsibilities, monitor outcomes and, where necessary, conduct corrective actions. Good habits from the earliest stages will make the development of a definitive QMS much easier as the company matures.
2. Risk Management - The key to successful product design
It is easy to think of medical device Risk Management as just another administrative burden standing between you and regulatory approval. However, the truth is that an effective approach to Risk Management has, amongst other benefits, a direct bearing on successful medical device design, helping your product differentiate from competitors through a unique (and commercially successful) solution.
An effective approach to Risk Analysis may indicate that changes to the device’s design are necessary to mitigate identified risks. While this is relatively easy during the early stages of device design, it may be extremely difficult later on - especially if manufacturing infrastructure has been established for the design and if user tests or clinical trials will need to be repeated following changes.
For these reasons, it’s imperative to begin Risk Management as early as possible. Odds are that the correct approach (based on ISO 14971:2019) will reveal risks that hadn’t previously been considered. Furthermore, you may uncover disadvantages to existing solutions, enabling additional innovation to further differentiate your product.
Correct conduct of Risk Management - especially in the early stages - needn’t be expensive or complex. The Mantra Systems EnableCE Toolkit offers a complete, easy to follow start-to-finish guide to building an ISO 14971:2019-compliant risk management system from scratch. The course is suitable for anyone and is complemented by a full package of Risk Management document templates to ensure correct documentation and traceability.
Step 3 - Know your objectives
When building a successful regulatory strategy, it’s vital to know what your objectives are. In other words, you need to define what you are hoping to demonstrate compliance with, which in turn will inform how compliance will be achieved and demonstrated.
Key considerations are:
- Specifying a clear intended purpose for the device
- Understanding which legislative requirements apply (GSPRs or ERs, depending on framework)
- What risks need to be mitigated or avoided (an output from Risk Management activities)
- The Quality Policy and Quality Objectives that must be addressed by the device
While legislative requirements (such as GSPRs) are imposed by law, the intended purpose is (within reason) entirely down to the manufacturer’s preference. It is therefore vital to think about intended purpose very early in the device’s development. A systematic literature review of the clinical field may help define scope of the intended purpose, as well as further defining weaknesses in competing solutions.
Performing an early analysis of legislative requirements (such as the EU MDR Annex I GSPRs) for relevance to the product will define what additional requirements must be met; in turn, this will help define what pre-clinical and clinical testing needs to be conducted to demonstrate compliance. Please watch our video which explains how to analyse the MDR Annex I GSPRs for relevance.
Step 4 - Get technical
MDR Annexes II and III set out requirements for a range of additional technical documents that must be produced for each device. In outline, Annex II technical documents include:
- General device description & specification
- Information to be supplied by the manufacturer
- Design & manufacturing information
- General Safety & Performance Requirements (GSPRs)
- Verification & Validation information
- Risk assessment
- Declaration of Conformity
If you follow the framework in this article, you will already have addressed section 4 and much of section 6. For the others, the key is to start early and keep contemporaneous records of document updates and revisions.
Section 7 (Declaration of Conformity) is the only one that should be left until the end. To ensure correct structuring of Annex II technical documents (and to avoid excluding vital information), the EnableCE Annex II template pack includes everything you need.
MDR Annex III primarily concerns Post-Market Surveillance (PMS) activities. While a new device won’t have any PMS data, it’s imperative that you specify how PMS activities will be conducted in a PMS Plan.
Step 5 - Prove it
Securing regulatory approval ultimately comes down to one thing: evidence. Can you demonstrate through suitable evidence that your device:
- Is suitable for its intended purpose?
- Demonstrates conformity with relevant GSPRs / ERs?
- Has a favourable benefit-risk profile?
- Compares favourably with safety and performance of similar (comparable alternative) devices?
Because these four questions form the heart of Clinical Evaluation, a vital stage in device approval, it’s necessary from foundational stages to consider how you will generate suitable evidence. Depending on the device and the individual requirement, such evidence may include:
- Proof of adherence to recognised standards (such as ISO 10993 - Biocompatibility)
- Conduct of pre-clinical studies (e.g. on materials properties, packaging integrity, sterility, etc)
- Usability studies
- Clinical studies
When planning clinical studies, ensure you align with requirements in MDR Annex XV and ISO 14155:2020. Also consider that conduct of clinical studies takes considerable time and, often, money. Which leads us to the next major consideration…
Step 6 - Budget
There’s no getting away from the fact that gaining regulatory approval will cost money and failure to adequately budget is a common failure point. Contrary to popular belief, investors may be encouraged by a proper consideration of expenses relating to regulatory requirements, since it demonstrates a proper consideration of go-to-market costs.
The bottom line is: ensure you have enough money set aside. While costs will vary according to device class and complexity, they may run anywhere from £25,000 to £250,000 and beyond, especially if the device requires complex clinical trials.
The EnableCE Toolkit offers an innovative supported do-it-yourself approach that can really help to control budget. The toolkit combines training resources, document templates and a full document management system, enabling you to develop a full technical document portfolio without the added costs of outsourcing. It’s a unique resource that is perfect for cash-strapped start-ups, alongside established companies looking to reduce outsourcing requirements.
Step 7 - Get in the queue
One final consideration is that Notified Bodies (and UK Approved Bodies) are currently stretched beyond capacity, meaning that gaining access for conformity assessments is taking much longer than would be preferred. While there’s no shortcut to this, the message is to start conversations early, seeing if you can get ‘in the queue’ ahead of time. Note, however, that you do need to be ready should availability arise, so play it carefully.
Mantra Systems offers a range of products and services to support start-ups on their journey through regulatory compliance. These include:
- MDReady - A free starter guide to MDR compliance
- EU MDR Compliance Guide - A free compendium of all aspects of working with the EU MDR
- EnableCE Training Courses providing detailed guidance on key aspects of regulatory compliance
- EnableCE Document Templates for Annex II technical documents, Risk Management, CERs, CEPs and more
- A Gap Analysis tool helping you identify key deficiencies in your regulatory system
- A cost-effective Document Management System for effective version control, access control and secure document storage
- A range of consulting services including Clinical Evaluation, PMCF and systematic literature reviews giving you access to our worldwide network of clinical and regulatory specialists
Please contact us if you have any questions about this article or would like to discuss our products and services in more detail.