QMS references in Safety Assurance Case?

EmiliaBedelia

Quite Involved in Discussions
Can the QMS and design controls be referenced to support a safety assurance case? I am preparing a Safety Assurance Case for an infusion pump and having trouble determining if and how to reference QMS procedures, particularly to support the argument that activities were carried out by appropriately qualified personnel.

For example, if the argument is "Risk management activities were carried out by qualified people", is "Training is documented for all personnel per SOP #TrainingProcedure" acceptable evidence? Or is it better to reference the record for that specific document (eg, "dFMEA was reviewed and approved by qualified personnel - Reference: dFMEA 123")? Is a signature page that shows approvers sufficient evidence that the activities were performed by qualified people, or do I need to go deeper and reference specific training for that particular activity?

On one hand, I would normally not provide procedures or training as part of a submission, so I don't want to run the risk of a reviewer asking for documentation that isn't in the scope of a 510k. TIR 38 specifically mentions that FDA does not generally require training records so that level of detail isn't required in an SAC. However, it still mentions "personnel qualified to do analysis" as part of the safety case that should be presented.

On the other hand, it just seems strange to me that a qualified QMS wouldn't be part of the supporting evidence for a device when a lot of our design controls are tied to QMS processes. To me, it seems easiest to identify the QMS and design controls as "context" for the SAC and put document review/approval, training, design control processes, etc under one heading which can serve to support later arguments. Does this make sense? What exactly is FDA looking for as evidence of qualified personnel?

Thanks for your input!
 

yodon

Leader
Super Moderator
What we do for our Risk Management is list the participants and their roles along with minimum qualifications. Then, we can show evidence that they are qualified for that role. For example, for a product for ENT practitioners, we required that an ENT with minimum 5 years of experience for the clinical expertise role.

I think you could do the same for your safety case. I don't see how referencing your QMS can support any assertions for appropriately qualified personnel.

I also wouldn't rely on just training records. Competence and training don't always go hand-in-hand. :) Just because I train someone on 14971 doesn't mean they are qualified to lead the Risk Management effort.

Side question: I know the FDA instituted the Safety Case program for infusion pumps more than a decade ago but I never heard it was actually put into practice much less required. Are you getting direction from FDA that it's required?
 

EmiliaBedelia

Quite Involved in Discussions
To answer your last question first, the most successful previous 510ks included a safety assurance case, and submissions that didn't resulted in RTAs for not having one. So, we're doing an SAC. This is my first 510k for this type of device so I don't want to break what isn't broken, so to speak :)

Are you saying that your risk management file explicitly lists the qualifications for each role and evidence that the person fulfills them? (eg, "Role: R&D Engineer. Experience: 5 years experience minimum. Joe Engineer has 7 years of experience so he is qualified as R&D representative for the Risk Management team. Evidence: Joe Engineer's Resume". In other words, do your documents "stand alone" as far as demonstrating that whoever was involved was qualified to do so? I know that our documents don't have this level of detail, but as far as I can tell there isn't any requirement to demonstrate competency in the record itself. We already ensure that people are qualified to perform their job duties - It's just not explicitly spelled out in each and every document, it's called out in governing procedures and other internal records.

So it seems like the alternative is to prove within the SAC that each document was prepared by qualified people, which seems... unwieldy, if I need to provide job descriptions, resumes, procedures etc. Is it required to provide every piece of evidence, or is it sufficient just to reference it within the SAC? Is this level of detail actually the expectation? Should I just get over it and enjoy my job security ?
 

yodon

Leader
Super Moderator
Are you saying that your risk management file explicitly lists the qualifications for each role and evidence that the person fulfills them? (eg, "Role: R&D Engineer. Experience: 5 years experience minimum.
Yes, in the RM Plan, we identify key roles with qualification requirements. And bear in mind that we just list KEY roles. For example, clinical expertise is now expected so we list that. Someone with (RM) process experience is expected so we list that. Beyond that, we generally have contributions from Software, Electrical, and Systems.

Joe Engineer has 7 years of experience so he is qualified as R&D representative for the Risk Management team.

Not exactly. In the specific activities (e.g., FMEAs), we list WHO contributed in a particular role. It's easy enough then, to match up resumes / training / experience (competence) with the role they have.

For this, you could probably do it all in the final report.

Thanks for the feedback on why you're doing it. We supported doing one once and it was a TON of work. I can't say I saw it giving better safety assurance than a good Risk Management process. It was certainly an interesting exercise.
 

EmiliaBedelia

Quite Involved in Discussions
Thank you for the feedback, this is helpful. I think our processes are actually more similar than I thought - just need to push for a little additional language in the final reports.

Perhaps in the future I will be able to make the case for not doing the SAC, but going through the exercise once should help.
 
Top Bottom