Abstract: The development and manufacture of medical devices require stringent design control processes to ensure their safety, effectiveness, and compliance with regulatory standards. This white paper provides an in-depth examination of medical design control processes, with a particular focus on the International Organization for Standardization (ISO) 13485 standard, other relevant standards and the Medical Device Regulation (MDR). The paper discusses key concepts, stages, and activities involved in design control, along with the regulatory requirements imposed by the standards and the MDR. By adhering to these standards, medical device manufacturers can streamline their design processes and enhance patient safety and product quality.
1. Introduction Design control processes play a critical role in the development of safe and effective medical devices. These processes encompass a series of activities from the initial concept phase to post-market surveillance. Compliance with international standards such as ISO 13485 and regulatory frameworks like the MDR is essential for ensuring the quality, safety, and performance of medical devices. This white paper aims to provide a comprehensive overview of medical design control processes, highlighting the significance of ISO 13485 and the MDR in guiding manufacturers through the design and development of medical devices.
2. Medical Design Control Processes: Key Concepts Design control is a systematic approach that encompasses planning, inputs, design activities, outputs, and reviews to ensure that a medical device meets its intended use, regulatory requirements, and user needs. The following are key concepts associated with medical design control processes:
2.1 Design and Development Planning:
- Defining the design and development activities, resources, and timelines.
- Establishing design inputs, outputs, and verification and validation activities.
- Identifying necessary reviews, approvals, and documentation.
2.2 Design Inputs:
- Gathering and documenting user needs, regulatory requirements, and intended use.
- Identifying and assessing risks associated with the device.
- Defining performance and safety requirements.
2.3 Design Activities:
- Translating design inputs into device specifications.
- Conducting design verification and validation activities.
- Iterative prototyping, testing, and refinement.
2.4 Design Outputs:
- Comprehensive documentation, including design specifications, drawings, and instructions.
- Device labeling, packaging, and manufacturing specifications.
- Risk management documentation.
2.5 Design Reviews:
- Formal assessments of design outputs against design inputs.
- Ensuring compliance with regulatory requirements.
- Identifying and addressing design deficiencies.
2.6 Design Changes:
- Establishing a controlled process for managing design changes.
- Evaluating the impact of changes on the device’s performance, safety, and compliance.
- Documenting and implementing changes appropriately.
3. ISO 13485: Medical Devices – Quality Management Systems ISO 13485 is an internationally recognized standard that sets out the requirements for a quality management system specific to medical device manufacturers. The standard establishes guidelines for design control processes, ensuring that manufacturers adhere to best practices and regulatory expectations. Key aspects related to design control in ISO 13485 include:
3.1 Design and Development Planning:
- Requirement for documented procedures and plans.
- Identification of responsible personnel and their competencies.
- Consideration of regulatory requirements during planning.
3.2 Design Input:
- Clear definition of user needs and intended use.
- Effective management of requirements and risk assessment.
- Traceability and validation of design inputs.
3.3 Design Output:
- Documented procedures for design verification and validation.
- Control of design outputs and their updates.
- Ensuring completeness, accuracy, and traceability of design documentation.
3.4 Design Review:
- Systematic evaluation of design at appropriate stages.
- Identification of deficiencies and necessary corrective actions.
- Records of design review activities and outcomes.
3.5 Design Changes:
- Well-defined process for managing design changes.
- Evaluation of the impact on other processes and regulatory compliance.
- Implementation of changes through appropriate documentation.
4. The Medical Device Regulation (MDR) The Medical Device Regulation (MDR) is a regulatory framework that governs the design, manufacture, and commercialization of medical devices in the European Union. The MDR, which replaced the Medical Device Directive (MDD), places additional emphasis on design control and post-market surveillance. Key elements of the MDR related to design control include:
4.1 General Obligations:
- Manufacturers must establish, document, implement, and maintain a quality management system.
- Compliance with state-of-the-art design and manufacturing principles.
- Conducting clinical evaluation and post-market clinical follow-up activities.
4.2 Design and Manufacturing Requirements:
- Manufacturers must ensure devices are designed and manufactured in accordance with state-of-the-art practices.
- Implementation of risk management processes.
- Ensuring the technical documentation demonstrates conformity with the essential requirements.
4.3 Post-Market Surveillance and Vigilance:
- Manufacturers must establish and maintain a post-market surveillance system.
- Evaluation of the device’s performance, safety, and clinical benefits.
- Prompt reporting of incidents, corrective actions, and field safety corrective actions.
5. Standards for Electrical Safety, Risk Management, and Usability Engineering
In addition to ISO 13485 and the MDR, medical device manufacturers must adhere to specific standards addressing electrical safety, risk management, and usability engineering. This section discusses three essential standards in this domain: ISO 60601-1 for electrical safety, EN ISO 14971:2019 for risk management, and IEC 62366-1:2015 for usability engineering.
5.1 ISO 60601-1: Medical Electrical Equipment – General Requirements for Basic Safety and Essential Performance ISO 60601-1 is an international standard that sets the requirements for the electrical safety of medical electrical equipment. It ensures that medical devices are designed, manufactured, and operated with regard to their electrical safety aspects. Key aspects of ISO 60601-1 include:
5.1.1 Scope:
- Defines the general requirements for basic safety and essential performance of medical electrical equipment.
- Applies to all medical electrical equipment, including diagnostic devices, therapy equipment, and monitoring devices.
5.1.2 Risk Management:
- Emphasizes the integration of risk management principles throughout the device lifecycle.
- Manufacturers must identify and mitigate risks associated with electrical hazards, mechanical hazards, and software-related hazards.
5.1.3 Essential Performance:
- Defines essential performance requirements that devices must meet to ensure their effectiveness and safety.
- Establishes criteria for functional performance, accuracy, reliability, and usability.
5.1.4 Testing and Compliance:
- Specifies testing requirements and procedures to verify compliance with electrical safety standards.
- Addresses insulation, leakage current, mechanical strength, temperature, and other performance criteria.
It is important to remember that the ISO 60601 is a whole series of standards and that you need to check if any additional standards in the series is applicable for the specific product.
5.2 EN ISO 14971:2019: Medical Devices – Application of Risk Management to Medical Devices EN ISO 14971:2019 is a European standard that provides guidance on the application of risk management to medical devices. It helps manufacturers identify, evaluate, and control risks throughout the device’s lifecycle. Key aspects of EN ISO 14971:2019 include:
5.2.1 Risk Management Process:
- Manufacturers must establish a systematic approach to identify hazards, estimate risks, and implement risk control measures.
- Risk management should be an iterative process, continuously monitored and updated throughout the device’s lifecycle.
5.2.2 Risk Analysis and Evaluation:
- Manufacturers must perform a thorough risk analysis, considering all potential hazards and associated harms.
- Risks are assessed based on severity, probability, and detectability to prioritize risk control measures.
5.2.3 Risk Control Measures:
- Manufacturers must implement appropriate risk control measures to reduce risks to an acceptable level.
- Risk mitigation strategies may include design modifications, protective measures, warnings, and instructions for use.
5.2.4 Risk Acceptability:
- Manufacturers must define criteria for determining the acceptability of risks.
- Risk-benefit analysis is conducted to assess whether the benefits of the device outweigh the identified risks.
5.3 IEC 62366-1:2015: Medical Devices – Part 1: Application of Usability Engineering to Medical Devices IEC 62366-1:2015 is an international standard that provides guidance on applying usability engineering processes to medical devices. It emphasizes the importance of designing devices that are safe, effective, and easy to use by healthcare professionals and patients. Key aspects of IEC 62366-1:2015 include:
5.3.1 User-Related Risk Management:
- Manufacturers must identify and assess risks associated with user interactions and usability issues.
- Mitigation strategies are implemented to reduce the likelihood of use errors and user-related hazards.
5.3.2 User Interface Design:
- Emphasizes the design of user interfaces that are intuitive, clear, and easy to learn and operate.
- User feedback and usability testing are conducted to evaluate and improve the user interface design.
5.3.3 Usability Validation:
- Manufacturers must conduct usability testing with representative users to validate the device’s usability.
- Usability validation includes assessing user performance, user satisfaction, and the identification of usability issues.
6. Summary of ISO 62304: Software Life-cycle Processes
ISO 62304 is an international standard that provides guidance on the software life-cycle processes for medical device software. It outlines specific requirements for the development, validation, and maintenance of software used in medical devices. The following is a summary of key aspects covered by ISO 62304:
6.1 Software Development Process:
- Establishing a software development plan that defines objectives, resources, and activities.
- Documenting software requirements, architecture, and design specifications.
- Conducting verification and validation activities to ensure compliance and functionality.
6.2 Software Risk Management:
- Identifying and assessing software-related risks, including hazards and potential harms.
- Implementing risk control measures to mitigate identified risks.
- Monitoring and updating risk management activities throughout the software life cycle.
6.3 Software Configuration Management:
- Establishing procedures for managing software configuration items, versions, and changes.
- Ensuring traceability of software components, including documentation and code changes.
- Maintaining integrity and consistency of software throughout its life cycle.
6.4 Software Verification and Validation:
- Conducting software verification activities to ensure that software meets specified requirements.
- Performing software validation to demonstrate that the software fulfills its intended use and user needs.
- Documenting verification and validation activities and their results.
6.5 Software Maintenance:
- Establishing procedures for managing software maintenance activities, including bug fixes and updates.
- Implementing a change control process for software modifications.
- Ensuring traceability and documenting software maintenance activities.
Adhering to ISO 62304 helps ensure that medical device software is developed and maintained in a systematic and controlled manner. By following the standard’s guidelines, manufacturers can enhance the safety, reliability, and performance of software components in medical devices.
7. Conclusion Medical device manufacturers must comply with various standards to ensure the safety, effectiveness, and usability of their products. ISO 60601-1 addresses electrical safety requirements, EN ISO 14971:2019 provides guidance on risk management, and IEC 62366-1:2015 focuses on usability engineering. By following these standards, manufacturers can mitigate risks, enhance device performance, and improve user satisfaction. Adherence to these standards, in conjunction with ISO 13485 and the MDR, forms a comprehensive framework for the design control and regulatory compliance of medical devices.
References:
Medical Device Regulation 2017/745 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0745
ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes
IEC 62366-1:2015 Medical devices — Part 1: Application of usability engineering to medical devices
ISO 60601-1:2015 Medical electrical equipment — Part 1-11: General requirements for basic safety and essential performance — Collateral standard: Requirements for medical electrical equipment and medical electrical systems used in the home healthcare environment
EN ISO 14971:2019 Medical devices — Application of risk management to medical devices ISO 62304:2006 Medical device software — Software life cycle processes