QMS/MDD scope - Two companies located in different places work together

Thukira

Involved In Discussions
#1
Hi all

Please suggest me on how to handle the below case;

Two companies they work together and are located in the different place.

The X company produces hardware and the other Y company develops software but can be used in one whole package which is a laboratory use product, not a medical device. Only the Hardware is CE marked/certified where the manufacture is X company and marketing is Y company as per the certification issued.

X company has provided the hardware servicing training to Y company; hence the servicing activities are taken care by the Y company to the products sold by Y company. Y company sell directly to customers (30%) and major through vendors-distributers/dealers etc (70%).

But the QMS scope does not cover servicing activities as of now.

As a whole package of hardware and software are yet to be CE certified. There are some products already in use some countries where there is no regulation as mandate.

From above:
1)Y company QMS should include servicing activities; how to address the liability issues among the X, Y company and also dealers, distributers.
2)Since the hardware is already a CE certified; who will be responsible for Post market issues like recalls, vigilance, FSCA etc. How to handle this, because Y company involves in servicing. And per CE certification X – manufacturer and Y – marketing.
3)Will the maintenance of existing customer base related to MDD requirements of PMS, recall etc also to be considered upon receipt of CE as a package {or} applicable to customer base post CE is received.
4)How the liability can be shared among the X, Y companies and dealers/distributors related to MDD?
5)Is CE is mandate to get as whole package? Or is that fine to have separate CE for software and Hardware? Or how to handle it
6)How to qualify the software for CE mark?

Please help.
 

yodon

Forum Moderator
Staff member
Moderator
#2
I'll defer to someone else on items 1-4.

On item 5, the CE mark is for a product, not individual parts.

On item 6, the Essential Requirements (12.1a) require validation "... according to the state of the art..." IEC 62304 is the harmonized standard for software lifecycle so (a demonstration of) compliance to it supports the claim for meeting that essential requirement.
 

Thukira

Involved In Discussions
#3
Thanks Yodon...

Here the software is standalone and classification is Class A; still CE to be qualify as whole package as hardware and software, please help
 

QAengineer13

Quite Involved in Discussions
#4
Hi all

Please suggest me on how to handle the below case;

Two companies they work together and are located in the different place.

The X company produces hardware and the other Y company develops software but can be used in one whole package which is a laboratory use product, not a medical device. Only the Hardware is CE marked/certified where the manufacture is X company and marketing is Y company as per the certification issued.

X company has provided the hardware servicing training to Y company; hence the servicing activities are taken care by the Y company to the products sold by Y company. Y company sell directly to customers (30%) and major through vendors-distributers/dealers etc (70%).

But the QMS scope does not cover servicing activities as of now.

As a whole package of hardware and software are yet to be CE certified. There are some products already in use some countries where there is no regulation as mandate.

From above:
1)Y company QMS should include servicing activities; how to address the liability issues among the X, Y company and also dealers, distributers.
2)Since the hardware is already a CE certified; who will be responsible for Post market issues like recalls, vigilance, FSCA etc. How to handle this, because Y company involves in servicing. And per CE certification X – manufacturer and Y – marketing.
3)Will the maintenance of existing customer base related to MDD requirements of PMS, recall etc also to be considered upon receipt of CE as a package {or} applicable to customer base post CE is received.
4)How the liability can be shared among the X, Y companies and dealers/distributors related to MDD?
5)Is CE is mandate to get as whole package? Or is that fine to have separate CE for software and Hardware? Or how to handle it
6)How to qualify the software for CE mark?

Please help.
Hi Thukira,

I am bit perplexed with this product, I would like to understand before I give any recommendation, could you please let us know whether

1.This product can function safe and meet its intended use without the software?

2. You mentioned that software is standalone, so I would like to know how the verification and validation was performed for this product (As a system meaning Hardware + Software )?

3. What about the Firmware in the Hardware, i.e also a software, what software safety classification are those?

4. In your previous comment you mentioned, its not a medical device , then you stated software is Class A so please clarify whether you are following IEC/ISO 62304 which is SDLC for medical device, is this correct?
 

Thukira

Involved In Discussions
#5
Hi

I am bit perplexed with this product, I would like to understand before I give any recommendation, could you please let us know whether

1.This product can function safe and meet its intended use without the software?
Hardware can work with any Hospital with HIS and similarly software also can work with hardware of same specification.

2. You mentioned that software is standalone, so I would like to know how the verification and validation was performed for this product (As a system meaning Hardware + Software )?
Software will not be executed during the intended operation of hardware. Hardware output is used as input for software (PACS)

3. What about the Firmware in the Hardware, i.e also a software, what software safety classification are those?
Class B

4. In your previous comment you mentioned, its not a medical device , then you stated software is Class A so please clarify whether you are following IEC/ISO 62304 which is SDLC for medical device, is this correct?
I’m confused here that the software will not be executed during the use of hardware. Only the hardware will be used with patient. After use, the data will be transferred to software which is hosted on cloud.
 

DEVigil

Involved In Discussions
#6
First, do you intend to sell the software as a standalone product, or only on this hardware?

Second, you mention the software is a PACS. Some PACS are medical devices under the MDD depending on the functionality, and in this case the relationship to the hardware may also be a factor. Does the software receive input directly from the hardware (i.e., is it 'pushed' from the hardware without user intervention)? What processing does the software perform on the input? See the Manual on Borderline and Classification in the Community Regulatory Framework for Medical Devices version 1.18 (12-2017), pp. 53-54.
 

Thukira

Involved In Discussions
#7
As mentioned., Hardware is manufactured for company Y. And y company sell both hardware and software

Data is transferred through USB to software after intended operation with patient
 

QAengineer13

Quite Involved in Discussions
#8
Hi

I am bit perplexed with this product, I would like to understand before I give any recommendation, could you please let us know whether

1.This product can function safe and meet its intended use without the software?
Hardware can work with any Hospital with HIS and similarly software also can work with hardware of same specification.

2. You mentioned that software is standalone, so I would like to know how the verification and validation was performed for this product (As a system meaning Hardware + Software )?
Software will not be executed during the intended operation of hardware. Hardware output is used as input for software (PACS)

3. What about the Firmware in the Hardware, i.e also a software, what software safety classification are those?
Class B

4. In your previous comment you mentioned, its not a medical device , then you stated software is Class A so please clarify whether you are following IEC/ISO 62304 which is SDLC for medical device, is this correct?
I’m confused here that the software will not be executed during the use of hardware. Only the hardware will be used with patient. After use, the data will be transferred to software which is hosted on cloud.
Hi Thukira,

Thank you for clarifying, based on the information provided

A lot of your questing is actually stemming and could be answered by the companies (X & Y) legal and commercial agreements and Business Strategy

1. If you say the Company "Y" is legal manufacturer and the Company "X" is just a Specification developer then all the questions below is "Company Y" responsibility ( Ex. Post market, recall, vigilance, FSCA etc).


"Since the hardware is already a CE certified; who will be responsible for Post market issues like recalls, vigilance, FSCA etc. How to handle this, because Y company involves in servicing. And per CE certification X – manufacturer and Y – marketing."

2.If your business wants to keep them separate entity (i.e) Company X as Legal manufacturer for their hardware and Company Y as legal manufacturer for Software then map a venn diagram with the QMS responsibility of Company X & Company Y after this mapping next think about the intersection of the venn diagram and map those QMS responsibility from a commercial business/ legal and regulatory perspective.

In summary, there are different ways to handle this, either Company X separate (X's QMS) and Company Y separate (Y's QMS) and map their legal and regulatory responsibilities.

[OR]

Part of Company X responsibility (X's QMS) and Part of Company Y responsibility (Y's QMS) and the part they both share will be one of their X's or Y's QMS's ( if the product is considered as a SYSTEM together with Hardware and Software as a package)

Only after you finalise what your business strategy is for this product for marketing and commercialization the second part of legal manufacturing requirements can be mapped to that respective company QMS's scope and responsibility.

I am not sure after this lengthy comment, it made any sense to you! I hope this hasn't confused you from your initial questions ...Good Luck!

Also, please consider what Devigil's previous comment about the PACS system.
 

QAengineer13

Quite Involved in Discussions
#10
Thanks for the clarification....I will try to map QMS scope and decide on responsibilities
Map the QMS function and if you need further assistance, please feel free to post with the mapping so its easier for cover members to assist and give guidance. I have done something very similar to this approach unlike you it was medical device for my business case.
 

Top