CE Mark Conformity Assessment Annex II vs. Annex VII+

C

cverg

We are a 13485 registered Specification Developer of various sterile, Class IIa medical devices. Our notified body cannot advise me on the choice between Annex II and Annex VII+ V conformity assessment routes for CE Marking, although our devices qualify for both routes. From the various flow charts I've reviewed, I cannot determine what the benefits or disadvantages of each route would be. We will CE mark multiple devices, from different device families. We use contract manufacturers for all production. Can anyone help me or direct me on this question?
Thank you in advance.
 
Last edited:

Ronen E

Problem Solver
Moderator
We are a 13485 registered Specification Developer of various sterile, Class IIa medical devices. Our notified body cannot advise me on the choice between Annex II and Annex VII+ V conformity assessment routes for CE Marking, although our devices qualify for both routes. From the various flow charts I've reviewed, I cannot determine what the benefits or disadvantages of each route would be. We will CE mark multiple devices, from different device families. We use contract manufacturers for all production. Can anyone help me or direct me on this question?
Thank you in advance.

Hello,

As a class IIa manufacturer you need to follow annex VII + either one of annex IV, V or VI. Annex IV is rather limiting and costly to implement. Between annexes V & VI, annex VI seems more appropriate for a specification developer that relies on contract manufacturers (annex V relates to production aspects). You could implement annex II instead but IMO that would be an unnecessary expansion.

IMO annex VI is your easiest choice.

Cheers,
Ronen.
 
C

cverg

Thank you very much for this feedback Ronen. I'm going to take a look at VI, since I didn't realize this was also an option for us.
Have a great weekend. :bigwave:
 

bio_subbu

Super Moderator
Hello

I agree with Ronen, but I suggest that Annex II path is more complete. The likelihood of the Annex II path is being recognized by authorities outside the EU is thus higher.

1. ISO 13485 is generally a good basis for a qualification route according to MDD Annex II or Annex V.

2. You have always the possibility to choose a more stringent route than the minimum required.

3. Annex II give you the highest flexibility but you still have to consider every device type in the quality system.

4. A more stringent route (e.g. Annex II instead of Annex V) might lead to higher demands and more controls by the Notified Body.

Since you put the CE mark on the device in your name, even if you use contract manufacturers you need yourself as the legal manufacturer to ensure that you have every quality management procedure in place required by the actual annex, such as post market surveillance procedures, risk management, traceability, vigilance handling, complaint handling etc. You also have to be able to demonstrate all the technical information required In the MDD. However, I suggest you to discuss with your Notified Body / Bodies.
 

Ronen E

Problem Solver
Moderator
It's great to have annex II compliance but it requires much more resources than annex VI. Both initially and later for on-going activity.

I wouldn't recommend implementing annex II for a small specification developer with limited resources and IIa as their higest class, unless there's a clear requirement from a stakeholder or a clear indication that it's going to open up any markets of interest (from the EC regulatory perspective it doesn't matter - annex VI is as good as annex II, for a class IIa device).

Cheers,
Ronen.
 
C

cverg

Thank you both for your input on this question. After Ronen's first comment, I was able to set up a call with the notified body to discuss my options. Not surprisingly, the notified body recommended Annex II. Their reasoning was that we already had a full quality system certification for 13485 and that it didn't make sense to limit our selves by choosing an Annex that didn't cover all parts of the Quality System. Since it seemed to me after our discussion that my audit burden wouldn't be significantly less with another Annex, I went ahead and chose Annex II. I hope I'm not mistaken on that point..... :confused:
Again, thanks to both of you for your help.
 

Ronen E

Problem Solver
Moderator
Thank you both for your input on this question. After Ronen's first comment, I was able to set up a call with the notified body to discuss my options. Not surprisingly, the notified body recommended Annex II. Their reasoning was that we already had a full quality system certification for 13485 and that it didn't make sense to limit our selves by choosing an Annex that didn't cover all parts of the Quality System. Since it seemed to me after our discussion that my audit burden wouldn't be significantly less with another Annex, I went ahead and chose Annex II. I hope I'm not mistaken on that point..... :confused:
Again, thanks to both of you for your help.

Questions:
1. What is the extent of your ISO 13485 certification? Have you excluded any sections, e.g. 7.3?
2. Is your NB going to accept your ISO 13485 as-is (and practically skip auditing your QMS) or are they going to challenge your QMS to an extent?
3. is there a price difference in the NB's quote between the different annexes?

BTW, I can't see how choosing a "weaker" annex is limiting you once you get the EC certificate, unless there are specific requirements / reasons for a "stronger" annex as I stated in my previous post.

Cheers,
Ronen.
 
C

cverg

1. We have a full quality system certification, including Design Controls.
2. We had our MDD audit and since we had recently had our 13485 surveillance audit by the same notified body, they basically just looked at the provisions which were specific to MDD, beyond the requirements of 13485, like 14971:2012, European vigilance etc. So that was easy enough and took about a day and a half to audit.
3. I didn't get a quote for Annex VI, but I saw that it still required an on-site audit and I assumed it would take at least a day also, therefore, not a big difference in cost.

I'm also not sure how the weaker Annex would limit us if we don't have Class III devices, but since I was unsure, I tried to take the safer choice.

Thanks,
Christie
 

Ronen E

Problem Solver
Moderator
1. We have a full quality system certification, including Design Controls.
2. We had our MDD audit and since we had recently had our 13485 surveillance audit by the same notified body, they basically just looked at the provisions which were specific to MDD, beyond the requirements of 13485, like 14971:2012, European vigilance etc. So that was easy enough and took about a day and a half to audit.
3. I didn't get a quote for Annex VI, but I saw that it still required an on-site audit and I assumed it would take at least a day also, therefore, not a big difference in cost.

I'm also not sure how the weaker Annex would limit us if we don't have Class III devices, but since I was unsure, I tried to take the safer choice.

Thanks,
Christie

Hi,

The good thing is that it's done and you're happy with the results.

For others who come across this thread:

2. 1.5 days is a LONG audit for class IIa with full ISO 13485 certification... Basically, the NB is not supposed to challenge your QMS if you already have it certified to ISO 13485, and was only recently surveyed (but they do sometimes, I know), and there isn't a lot more to it in terms of auditing. I've witnessed 1-day audits for similar class devices (spec developers) that also included a certification audit to 13485 & 9001 at the same time. The auditor simply was effective and efficient and didn't play around (and yes, it was a rather long day). BTW, ISO 14971 is not a MDD requirement more than it is an ISO 13485 one; it's a recommendation in both, and since (I assume) you already complied with it during your ISO 13485 certification, it should have already been covered by the ISO 13485 auditor. Strange...

3. I'm sure there would have been a non-negligible price difference; auditing costs don't end on audit day - there's also some desktop audit prior to that, and sometimes also after. Unless, of course, that NB is there for making a buck (it happens), in which case I wouldn't be surprised if the 1.5 days extent was set upfront, regardless of any specifics. Personally, I would think twice before engaging such a NB, because it would tell me they're either too business-oriented or just inefficient. I'm not sure what's your role in the company, but if I was the CEO I would have definitely asked what's the cost implication of going for the "stronger" annex; not just in the NB bill, but also in the company conduct, longer term, so I could do a benefit per cost analysis. While QA / regulatory professionals normally look for safety / confidence, CEOs normally look for the highest ROI...

:topic:
I found it intriguing that you mentioned "ISO 14971:2012" (actually it's EN ISO 14971:2012 in that context) as a MDD requirement. Nothing wrong with mentioning EN ISO 14971 in general; however, the 2012 revision of that standard essentially said the the standard in its current form doesn't satisfy the MDD requirements...

Cheers,
Ronen.
 
Last edited:
Top Bottom