Informational Change control process - Major vs Minor change - Active class III medical devices

Yaut

Registered
#1
Hello everyone,

I am a intern in a young startup that manufactures active class III medical devices. During an external we had as coment "The evaluation of a design change significance is based on an internal rule for estimating the impact on product performance or safety. Other impartial rules less criticizable are available in FDA guidances more valuable during official audits than can be used to be less challenged by your notified body." This external audit served to prepare our future internal audit for ISO 13485 certification.

I find it very difficult to find totally objective criteria to differentiate major changes of minors. I found some ideas thanks to "NBOG's Best Practice Guide", but I do not really know how to implement it concretely. Can I create categories of changes (design, manufacturing process etc) and define major / minor changes for each category?

In addition I need to find a way to lighten the change procedure for minor changes (such as address changes etc, which have no impact on the device safety or on the smq).
But I must admit that I do not know how to do it.

If anyone can give me concrete examples of change control procedure, I would be really grateful.
Thanks
 
Elsmar Forum Sponsor

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#3
510(k) Change Analysis:

  1. Decision Tree:
    1. This Regulatory Analysis is performed in accordance with FDA’s guidance documents titled:
i. “Deciding When to Submit a 510(k) for a Change to an Existing Device”, issued on 10/25/2017.
ii. “Deciding When to Submit a 510(k) for a Software Change to an Existing Device”, issued on 10/25/2017.
    1. Decision Tree:
i. The decision tree is modeled after the flowcharts within the guidance. This is not a stand-alone assessment as necessary considerations within the guidance were also reviewed during this assessment.

Guidance Ref. No.
Question
Answer
Rationale
MAIN FLOWCHART
WHEN TO FILE A 510(K) AFTER CHANGE TO A LEGALLY MARKETED DEVICE

1
Change made with intent to significantly improve the safety or effectiveness of the device?
Yes -New 510K / No – See Question 2
No

2
Labeling change?
Yes -See Chart A / No – See Question 3
No

3
Technology, engineering or performance change?
Yes -See Chart B / No – See Question 3
No

4
Materials change?
Yes -See Chart C / No – Documentation
No

FLOWCHART A – LABELING CHANGES?
A1
Does the change affect the indications for use statement?
Yes – See A1.1 / No – See Question A2
No

A2
Does the change add or delete a contraindication?
Yes -New 510K / No – See Question A3
No

A3
Is this a change in the warnings or precautions?
Yes – See A1.1 / No – See Question A4
No

A4
Could the change affect the directions for use?
Yes – See A1.1 / No – Documentation
No

A1.1
Is it a change from a device labeled for single use only to a device labeled as reusable?
Yes – New 510K / No – See Question A1.2
N/A

A1.2
Is it a change from Rx to over the counter OTC use?
Yes – New 510K / No – See Question A1.3
N/A

A1.3
Is it a change to the device name or to solely improve readability or clarity?
Yes – Documentation / No – See Question A1.4
N/A

A1.4
Does the change describe a new disease, condition, or pt pop that the device is intended in diagnosing, treating, preventing, curing or mitigating?
Yes – Documentation / No – See Question A1.5
N/A

A1.5
Does a risk-based assessment identify any new risks or significantly modified existing risks?
Yes – 510K see chart / No – Documentation
N/A


B1
Is the device an IVD?
Yes – See Chart D / No – See Question B2
N/A

B2
Is it a control mechanism, operating principle, or energy type change?
Yes – New 510K / No – See Question B3
No

B3
Is it a change in sterilization, cleaning, or disinfection?
Yes – See Question B3.1 / No – See Question B4
No

B3.1
Is it a change to a Cat. B or novel method, does it lower the SAL, or is it a change to how the device is provided?
Yes – New 510k / No – See Question B3.2
N/A

B3.2
Could the change significantly affect performance/ biocompatibility?
Yes – New 510k / No – Documentation
N/A

B4
Is there a change in packaging or expiration dating?
Yes – See Question B4.1 / No – See Question B5
No

B4.1
Is the same method or protocol, described in previous 510(k), used to support change?
Yes – Documentation / No – new 510k
N/A

B5
Is it any other change in design (e.g., dimensions, performance specifications, wireless communications, components or accessories, patient/user interface)?
Yes – See Question B5.1 / No – Documentation
Yes

B5.1
Does the change significantly affect the use of the device?
Yes – new 510k / No – See Question B5.2
No

B5.2
Does a risk assessment identify any new or significantly modified risks?
Yes – new 510k / No – See Question B5.3
No

B5.3
Is clinical data necessary?
Yes – new 510k / No – See Question B5.4
No

B5.4
Any unexpected issues from V&V activities?
Yes – new 510k / No – Documentation
No


C1
Is the device an IVD?
Yes – See Chart D / No – See Question C2
N/A

C2
Change in material type, formulation, chemical composition, or the material’s processing?
Yes – See Question C3 / No – Documentation
No

C3
Will the changed material directly or indirectly contact body tissues or fluids?
Yes – See Question C4 / No – See Question C5
N/A

C4
Does a risk assessment identify any new or increased biocompatibility concerns?
Yes – See Question C4.1 / No – See Question C5
N/A

C4.1
Has the manufacturer used the same material in a similar legally marketed device (including formulation, processing, type and duration of contact, etc.)?
Yes – See Question C5 / No – New 510k
N/A

C5
Could the change affect performance specifications?
Yes – See Question B5 / No – Documentation
N/A


1
Is the change made solely to strengthen cybersecurity and does not have any other impact on the software of the device?
Yes – Documentation / No – See Question 2
No

2
Is the change made solely to return the system into specification of the most recently cleared device?
Yes – Documentation / No – See Question 3a
No

3a
Does the change introduce a new risk or modify an existing risk that could result in significant harm and that is not effectively mitigated in the most recently cleared device?
Yes – new 510k / No – See Question 3b
No

3b
Does the change create or necessitate a new risk control measure or a modification of an existing risk control measure for a hazardous situation that could result in significant harm?
Yes – new 510k / No – See Question 4
No

4
Could the change significantly affect clinical functionality or performance specifications that are directly associated with the intended use of the device?
Yes – new 510k / No – Evaluate Section VI
No

Section VI
Infrastructure - Does this introduce modifications made to the software support system?
(examples of insignificant/significant changes in guidance)
No

Section VI
Architecture - Does this introduce modifications to the overall structure of the software?
(examples of insignificant/significant changes in guidance)
No

Section VI
Core algorithm - Does this introduce modifications made to an algorithm that directly impact or contribute to the device’s intended use?
(examples of insignificant/significant changes in guidance)
No

Section VI
Clarification of Requirements – No Change to Functionality - Does the change clarify software requirements after a product has received premarket clearance?
(examples of insignificant/significant changes in guidance)
No

Section VI
Cosmetic Changes – No Change to Functionality – Is this a change to the appearance of the device that does not impact the clinical use of the device?
(examples of insignificant/significant changes in guidance)
No

Section VI
Reengineering and refactoring - Does this change:
- Examine and alter software to reconstitute it in a new form, and includes the subsequent implementation of the new form?
- Restructure the software program’s internal structure without changing its clinical performance specification.
(examples of insignificant/significant changes in guidance)
Yes

Section VI
Additional Software Changes not addressed in Guidance Section VI shall be documented below:
N/A

END OF DEVICE SOFTWARE CHANGE DECISION MATRIX


  1. Conclusion: No 510(k) is required for this change. This analysis shall be documented and maintained with the Change Record.
 

yodon

Staff member
Super Moderator
#5
Just to throw a few more wrenches in the works...

Assessing individual changes is good and necessary and there's been some good advice on this. Do recognize, though, that there may be a cumulative effect of changes which could also drive a new 510(k). The guidance doc @Pads38 cites talks to this. (And the path is even foggier, IMO). This includes the cumulative effects of changes in an individual release AND the cumulative effect of changes since initial clearance.

You can see in the decision tree that @Ed Panek cites that there are plenty of risk-related questions. Reviewers will likely focus on your risk assessments first. I typically assess (and document results) each change for:
  • Impact on form/fit/function
  • Impact on applicable regulatory requirements
  • Impact on intended use
  • Impact to Risk Analysis (consider if new hazards are identified, if new means to realize the hazard are identified, if the existing risk scores [severity, occurrence] are impacted, if existing controls are impacted or if new controls are warranted, and if conclusions are impacted)
  • Impact to Usability
  • Impact to constituent components
  • Impact to units in the field
  • Impact on realization
  • How / what to verify and/or validate
Labeling is a tricky area. I'm working with a client right now that didn't manage an address change too well and they're having all sorts of fall-out. Address changes will always need to be communicated and the ripple effect on labeling can be sizeable.

Finally, since you're on the path for ISO certification, recognize that the Notified Body needs to be apprised of all changes and the criticality of the change will possibly impact your Technical File (review) and your postmarket assessments.
 

Yaut

Registered
#6
Thank you for your answers.

Actually, I have already come across this FDA document, but our problem is not "when to submit a new 510k". Indeed, we are not yet in the US market.
What I would like is a clear procedure on "how to conduct change control internally, in accordance with ISO 13485?"

But your answers have already given me some leads. The decision tree might be interesting to put in place. My biggest problem is really how to define a major or minor change (or intermediate? why not) in agreement with the ISO.

For me it would be more logical to establish "major/minor" criteria depending on the domain (design change, QMS change,...) but it becomes very difficult to define a minor (or intermediate) change that is not just "does not correspond to a major change ".

For example, a few months ago we changed the address of the company. Can it be part of a major change? For my manager, the procedure is too heavy to just change address on documents because it does not impact the safety of the device, or the QMS.

I do not know if I am very clear. Maybe the answer is obvious, but it's a new area for me. Thank you to the people who will take the time to help me.
 

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#7
its sort of like a contract. There is an offer (Describe what is changing), consideration (test results, etc) and approval (signatures) and recording (Doc Control)
 

Yaut

Registered
#8
You are absolutely right! And when you have minor change, this contract can't be eased? In my minor change procedure, I would like to suppress the "risk assessment part" (because, by definition a minor change is not a risky one), and keep the level of control of this change at a departemental state (only the design manager would have to sign if he's concern + the QA/RA manager of course, for example) to limit paperwork and signatures.

Would it be acceptable in your opinion?
 
Last edited:

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#9
If you have a risk management plan you should reference each change against the plan. If the plan is not affected by the change make sure to document it. Auditors are not experts on your device so its difficult for them to challenge you on technical details. They can however challenge if you have not properly considered the risk and documented the review.

With each change we review whether our risk Management File needs to be updated. If not we write a memo like this:

Changes introduced with ECO Blah Blah Blah

  • Changes include Blah Blah Blah

References:

  • Risk Management SOP-RISK-001
  • Product Requirements Specification, PRD001.
  • Traceability Matrix, TM-TT100, TM-TT300.
  • Design and Development Plan for XXXXX
  • ISO 14971:2012 Medical devices – Application of risk management to medical devices.
  • IEC 62304: 2006 Medical device software – Software lifecycle processes.

Methods:

  • Referencing Risk Management Plan for product XXX
  • Referencing ISO 14971, risk has two components:
    • The probability of occurrence of harm;
    • The consequences of that harm

Analysis:

  • The intended use of the device is not changing.
    • The experience of the device user has not changed.
    • The experience of the clinician interpreting the data has not changed.
  • Risks and mitigations identified in XXX Risk Management Files are not altered.
  • FM-RISK-002 questionnaire was reviewed, and the answers are unchanged.

Conclusion:

  • The risks for this change have no impact on the overall risk assessment for this family of devices.
  • As testing continues, results will be analyzed for any indication this risk review needs to be revisited.
 
Thread starter Similar threads Forum Replies Date
A UDI and Design Controls - Labeling change via the Design Control process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
R Software change control process and defect tracking ISO 13485:2016 - Medical Device Quality Management Systems 1
B IATF 16949 Clause 8.5.6.1.1 (Temporary Process Control Change) IATF 16949 - Automotive Quality Systems Standard 24
J Change in our SharePoint Document Control Process - Is this ok? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T TS 16949 compliant Change Control Management Process IATF 16949 - Automotive Quality Systems Standard 3
M Change Control Process - Deviation from Standard for Parts Document Control Systems, Procedures, Forms and Templates 1
A Implementing a change for a particular Process - Document & Change Control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
K Software Device "Urgent" Releases? Software Change Control Process IEC 62304 - Medical Device Software Life Cycle Processes 9
Z Subcontractor Assessment - Change control process Quality Manager and Management Related Issues 2
P Product vs. Process Change Control ISO 13485:2016 - Medical Device Quality Management Systems 2
M Change Control Form - Approval process for cross departmental communication ISO 13485:2016 - Medical Device Quality Management Systems 4
Q Seeking: Process Change Control Sample Procedure / Help IATF 16949 - Automotive Quality Systems Standard 6
D Change Control - Product Name Change and its associated labeling EU Medical Device Regulations 7
U Change Management vs Change Control? Design and Development of Products and Processes 4
R SaMD - Software as a Medical Device - Software change control form ISO 13485:2016 - Medical Device Quality Management Systems 3
T Change control and configuration management - When to create a new model/part number? Other Medical Device and Orthopedic Related Topics 0
JoshuaFroud Change Control - Minimum Requirements and Unhappy Staff ISO 13485:2016 - Medical Device Quality Management Systems 16
N Change Control - Compliance with FDA 21 CFR Part 820 Document Control Systems, Procedures, Forms and Templates 3
A Can change control can be closed if the CAPA is still open? Nonconformance and Corrective Action 3
S DHF File Change Control Requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
C Medical Device Website Change Control ISO 13485:2016 - Medical Device Quality Management Systems 3
Y Change Control - General Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Change Control Form vs. Document Change Notification ISO 13485:2016 - Medical Device Quality Management Systems 3
R Does anyone have any experience on change control? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
E Challenges in document control, revisional control, and change control Document Control Systems, Procedures, Forms and Templates 8
elkel Control Plan Contents - Part Number / Latest Change Level FMEA and Control Plans 2
M Document Change Control for a Very Small Business Document Control Systems, Procedures, Forms and Templates 12
S How to connect NCMR, Deviations and Change Control ? Nonconformance and Corrective Action 2
V Can Regulatory Head Initiate/Trigger the Change Control for Quality Procedures US Food and Drug Administration (FDA) 9
T Change Control Requirements when changing Suppliers IATF 16949 - Automotive Quality Systems Standard 4
drgnrider How to control documents that most likely won't change ever ? Document Control Systems, Procedures, Forms and Templates 5
T Paper Quality Manual Change Control Methods Quality Management System (QMS) Manuals 5
A Company Name Change & Control of Documents Document Control Systems, Procedures, Forms and Templates 9
L Use of checksum(s) to control product change(s) Misc. Quality Assurance and Business Systems Related Topics 1
C Change Control Forms Post Software Validation Medical Information Technology, Medical Software and Health Informatics 2
T Searching for books which have content of 7.1.4. Change Control topics Book, Video, Blog and Web Site Reviews and Recommendations 2
C Change Control in a SCRUM World Misc. Quality Assurance and Business Systems Related Topics 3
S Is it possible to have a General Change Control SOP and Form? Document Control Systems, Procedures, Forms and Templates 6
H Blood Banking (CFR 21 PART 606) Change Control Requirements US Food and Drug Administration (FDA) 8
K Change Control for Software System that Controls Aspects of GMP Quality Assurance and Compliance Software Tools and Solutions 5
E Help with ECR/DCR Document Change Control Software Validation Qualification and Validation (including 21 CFR Part 11) 6
J ECO (Engineering Change Order) Control for Unreleased Products Document Control Systems, Procedures, Forms and Templates 3
A Change Ratio [Guideline in Control Limit Update] Statistical Analysis Tools, Techniques and SPC 3
L Engineering Change Control Software Systems - Recommendations? Document Control Systems, Procedures, Forms and Templates 2
A Document Control Procedure Change 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
M Internal Auditing of Area with Active Change Control Internal Auditing 14
Q Document Control ECO (Engineering Change Order) or QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
T Living Documents which change every day - Control or Uncontrolled? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
A Change Control Review Management Success or Effectiveness Metric Quality Manager and Management Related Issues 3
C Change Control Plan/Procedure for Slickline/Wireline Services (Oil Field) Quality Manager and Management Related Issues 1
Similar threads


















































Top Bottom