Clinical Evaluation Report Updating Procedure

L

Lussy

Following the new revision of MEDDEV 2.7.1 , if the company requisted to re-write our Clinical Evaluation Report according the new requirements and new assessment of equivalence
or we need just to update our report with new data from PMS and PMCF and manage the report according to the new requirements?
 

Ronen E

Problem Solver
Moderator
Hello Lussy and welcome to the Cove :bigwave:

I'd tend to think that in certification and re-certification audits the expectation would be to have a Clinical Evaluation Report (CER) fully in compliance with the new MEDDEV revision (4). I'm not so sure regarding surveillance audits though. Probably best to present a direct question to your NB.

Cheers,
Ronen.
 

Parul Chansoria

Regulatory and Quality Expert
Good question Lussy! Time taken to move to a new standard or requirement can be decided by the company unless their Notified Body (NB) or other regulatory body has defined it clearly. In this case, you should update your CER and make it compliant to the Rev 4. However, the transition to this updated requirement can be triggered by Management Review Meeting (MRM), an internal audit or external documents log review which is a part of your QMS.

1. As per the MRM outlined in ISO 13485 2016 Clause 5 it is required that Management discusses during the MRM about new and update regulatory requirements. In your MRM, under meeting inputs, you would have to talk about updated MEDDEV 2.7.1 and decide when the company will move to this new requirement. You can decide the timeline for transition depending on the gap assessment that would need to be performed between MEDDEV 2.7.1 Rev 3 and Rev 4. Typically, you would want to assign a shorter time for transition if you have fewer products and the gaps are critical from patient’s safety and efficacy standpoint, but longer timeline with more number of products, and the gaps would not have a safety efficacy impact. During your surveillance audit/re-certification audit, your NB will appreciate such pro-active and thoughtful transition to new requirements.
2. Internal audit is performed periodically (as defined in your SOPs) to current regulatory requirements. During this audit, non-compliance to the new revision can be identified as an NC, and a CAPA can be opened to address it.
3. Every company has to maintain a list of external documents including guidances and standards. This external document log needs to be reviewed periodically to check for any requirement and standard update. This can be a trigger to perform gap assessment and update your CER before you add this new Revision to your external document log.
 

Ronen E

Problem Solver
Moderator
Hello Parul and welcome to the Cove :bigwave:

Maybe a little :topic: but FWIW:

2. Internal audit is performed periodically (as defined in your SOPs) to current regulatory requirements. During this audit, non-compliance to the new revision can be identified as an NC, and a CAPA can be opened to address it.

I don't consider myself an expert on internal audits (there are some around here, hopefully they will chip in soon), but in my opinion internal audits shouldn't be "performed to current regulatory requirements". It's not the internal auditor's job to keep abreast of the most current regulatory requirements (moreover, I don't consider MEDDEVs "regulatory requirements" - it is guidance, albeit applied as de-facto regulation) and enforce their application internally. Rather, I understand internal audits as intended to monitor adherence to the org's issued SOPs and to the applicable QMS standard (ISO 13485 in this case). Those SOPs do have to align with current applicable regulations, but that should be the output of the regulatory vigilance and compliance process rather than the internal audit process. Furthermore, the internal audit process can (and should) monitor, among others, the regulatory compliance process, and thus contribute to making it more effective and indirectly to all other processes being aligned with applicable regulations.

3. Every company has to maintain a list of external documents including guidances and standards.

Has to or should?
 
Last edited:

Parul Chansoria

Regulatory and Quality Expert
Hello Parul and welcome to the Cove :bigwave:

Maybe a little :topic: but FWIW:



I don't consider myself an expert on internal audits (there are some around here, hopefully they will chip in soon), but in my opinion internal audits shouldn't be "performed to current regulatory requirements". It's not the internal auditor's job to keep abreast of the most current regulatory requirements (moreover, I don't consider MEDDEVs "regulatory requirements" - it is guidance, albeit applied as de-facto regulation) and enforce their application internally. Rather, I understand internal audits as intended to monitor adherence to the org's issued SOPs and to the applicable QMS standard (ISO 13485 in this case). Those SOPs do have to align with current applicable regulations, but that should be the output of the regulatory vigilance and compliance process rather than the internal audit process. Furthermore, the internal audit process can (and should) monitor, among others, the regulatory compliance process, and thus contribute to making it more effective and indirectly to all other processes being aligned with applicable regulations.



Has to or should?

Thank you Ronen for the note. Yes, internal audits are performed to SOPs, and SOPs must be updated to current requirements/regulations/standards, updates can be triggered by different things, as you stated. Having SOPs/documents in place is a prerequisite of performing an internal audit, here talking about ISO 13485. When I stated “Internal audit is performed periodically (as defined in your SOPs) to current regulatory requirements.” it is assuming that organization has done the due diligence to update its SOPs to current regulatory requirements or guidances or standards. The language used here was from customer standpoint.

A company “has to” maintain external document log which is a method of fulfilling ISO 13485 2016 Clause 4.2.4(f) “ensure that documents of external origin, determined by the organization to be necessary for the planning and operation of the quality management system, are identified and their distribution controlled”. To meet this particular requirement, I recommend maintenance of “External documents log” as the first step, now of course, standard does not spell how you implement various requirements defined in it, rather it lays out expectations, and every person can find different ways to meet that expectation.
 
Top Bottom