Part 820 is wide-reaching. In order for a medical device company to fully understand what compliance with Part 820 means, further elaboration is required. Two of the most important areas this applies to are risk management and, for software and software-supported devices, control of software life-cycle.
Risk management is the process of identifying potential hazards a medical device contains, could cause, or could contribute to; determining the likelihood and severity of each hazard; and eliminating or mitigating each hazard to an acceptable level of risk. It is the process by which the safety of a potential device is thoroughly analyzed, with all potential sources of device-failure being accounted for. Depending on the type of device, lack of adequate risk management could result in anything from minor harm to severe disability or death.
In order to provide further clarification on risk management, ISO developed ISO 14971, and the FDA has issued a CDHR guidance on the topic. There is no certification available specifically for ISO 14971, but compliance with 14971 is necessary to gain certification in ISO 13485. Risk management, especially for design and manufacture of devices that have high potential risk, almost always requires input and oversight from experts in the applicable fields – such as electronics, software, medicine, and risk management itself. However, ISO 14971 and the CDHR guidance enable a company to develop a process that ensures the right people are involved in risk management, and that it stays forefront throughout development.
Recently, a new standard has emerged for software and software-supported devices from the increasing scrutiny given to the specific risks introduced by software design. Many software-related medical device failures have stemmed from product upgrades, in which inadequate software process control resulted in security vulnerabilities and product failure. The regulatory industry has responded with IEC 62304, which underscores that software development must be controlled for ongoing risk management. Medical device software cannot be developed in isolation from the wider development effort, and it must be developed in such a way that future product upgrades will continue to meet all applicable safety, security, and regulatory requirements.
Understanding medical standards begins with sorting through the jurisdictions and relationships of the various governing and certifying bodies. Once the relevant governing bodies are identified, the standards coming from each body are seen more clearly and can be accurately applied. While there are many approaches to medical standards, a helpful process first identifies the core, legally binding regulatory standard of a given country, and then uses supplementary standards as a mean of ensuring compliance.
Velentium can help. Our Subject Matter Experts have a combined over 100 years of experience designing dozens of medical devices, shepherding them through the approval and compliance process, and bringing them successfully to market. Reach out to us today to schedule a consultation and learn more.
If you would like to be notified of when these posts go live, please sign up for up-to-date email alerts at the right of this page.
To learn more about Tim Carroll and his background in medical devices, click here.