QMS for Software as a Medical Device [SaMD] Lessons Learned from a Quality Perspective



Similar documents
WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

Medical Device Training Program 2015

PHARMACEUTICAL QUALITY SYSTEM Q10

Reporting Changes to your Notified Body

How To Write Software

ICH guideline Q10 on pharmaceutical quality system

US & CANADA: REGULATION AND GUIDELINES ON MEDICAL SOFTWARE AND APPS OR

Guidance for Industry. Q10 Pharmaceutical Quality System

Medical Device Software Do You Understand How Software is Regulated?

Update: Proposed Medical Device Regulation (MDR) & IVD Regulation (IVDR)

The Shifting Sands of Medical Software Regulation

Software within the medical device regulatory framework in the EU

How To Know If A Mobile App Is A Medical Device

How to Use the Design Process to Manage Risk: Elements of Design Controls and Why It Matters

Conducting a Gap Analysis on your Change Control System. Presented By Miguel Montalvo, President, Expert Validation Consulting, Inc.

Addressing Risk in Partner / Contractor Selection and Onboarding. Michael Davidson VP Quality Systems and Compliance March 2014

ISO 13485:201x What is in the new standard?

Risk based 12/1/2015. Digital Health Bakul Patel Associate Director for Digital Health Office of Center Director.

ICH Q10 - Pharmaceutical Quality System

ICT Competency Profiles framework Job Stream Descriptions

Type of Personal Data We Collect and How We Use It

Diagnostic Tests. Brad Spring Director, Regulatory Affairs

ASSESSMENT OF QUALITY RISK MANAGEMENT IMPLEMENTATION

Regulatory Considerations for Medical Device Software. Medical Device Software

Realizing business flexibility through integrated SOA policy management.

ISE Northeast Executive Forum and Awards

FSSC Certification scheme for food safety systems in compliance with ISO 22000: 2005 and technical specifications for sector PRPs PART II

RECALLS in EUROPE. Past, present, near & further future. Gert Bos BSI Medcon May 2012

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

In order to achieve this goal and to address the concerns from NGOs with regards to reporting tools, we have carried out these actions:

EXPLORING THE CAVERN OF DATA GOVERNANCE

IVD Regulation Overview. Requirements to Assure Quality & Effectiveness

How To Write A Contract For Software Quality Assurance

Schweppes Australia Head Office Level 5, 111 Cecil Street South Melbourne Victoria

An Overview of ISO/IEC family of Information Security Management System Standards

UNDERSTANDING THE EC DIRECTIVE 98/79/EC ON IN VITRO DIAGNOSTIC MEDICAL DEVICES

Introduction into IEC Software life cycle for medical devices

Sample Quality Management Plan

GOOD DOCUMENTATION AND QUALITY MANAGEMENT PRINCIPLES. Vimal Sachdeva Technical Officer (Inspector), WHO Prequalification of Medicines Programme

Regulatory Affairs Professional Development Framework AN OVERVIEW

Changes to Medical Device Regulations

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

Annex 2. WHO guidelines on quality risk management. 1. Introduction Glossary Quality risk management process 70

Developing a Mobile Medical App? How to determine if it is a medical device and get it cleared by the US FDA

Complacency is not an Option

1. Understanding Big Data

Medical Device Software Standards for Safety and Regulatory Compliance

ASTRAZENECA GLOBAL POLICY QUALITY AND REGULATORY COMPLIANCE

Taking the pain out of Risk and Compliance Management Systems. Presented by Andrew Batten 23 April 2015

Program Management: Opportunity or CLM?

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

Translation Service Provider according to ISO 17100

Privacy Governance and Compliance Framework Accountability

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

Cloud Computing in GxP Environment

Project Management Plan for

FAMI-QS Certification Rules for Operators. Rules for Operators

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

Software as a Medical Device (SaMD): Possible Framework for Risk Categorization and Corresponding Considerations. Proposed Final IMDRF WG(PF)/N12 R10

SRA International Managed Information Systems Internal Audit Report

Design Controls: Are They Worth the Effort?

THE PRESIDENT S NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COMMITTEE

Website (Digital) & Mobile Optimisation. 10 April G-Cloud. service definitions

Setting Up A Complaint Handling System. Presented by Sue Jacobs Principal Consultant, QMS Consulting, Inc. Complaint Systems

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

Logging In: Auditing Cybersecurity in an Unsecure World

Establish Collaborative Strategies to Better Manage a Global Vendor Network Devise a Proper Float Plan

Medical Device Directive 2007/47/EC What is New? Are we moving towards Drug Rules?

Cloud and Big Data Standardisation

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

This interpretation of the revised Annex

CHAPTER 7 Software Configuration Management

Quality Assurance. Disclosure for Lilli Møller Andersen. No relevant financial relationships exist for any issue mentioned in this presentation

Frequently Asked Questions. Unannounced audits for manufacturers of CE-marked medical devices. 720 DM a Rev /10/02

New Guidelines on Good Distribution Practice of Medicinal Products for Human Use (2013/C 68/01)

Safeguarding public health The Regulation of Software as a Medical Device

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

STS Federal Government Consulting Practice IV&V Offering

Bringing Legacy Medical Devices into Usability Compliance. Shannon Clark 4/29/2015

Regulated Mobile Applications

Professional Practice Eight - Business Continuity Plan Exercise, Audit, and Maintenance

International Medical Device Regulators Forum (IMDRF) US FDA Center for Devices and Radiological Health - Update

Haulsey Engineering, Inc. Quality Management System (QMS) Table of Contents

DRAFT GUIDANCE. This guidance document is being distributed for comment purposes only. Document issued on: July 2015

REGULATORY IMPACT ANALYSIS (RIA)

Third-Party Cybersecurity and Data Loss Prevention

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

Welcome to the Audit, Control & Security Stream. Sponsored by:

Page 1 of 5. IS 335: Information Technology in Business Lecture Outline Computer Technology: Your Need to Know

Interagency Science Working Group. National Archives and Records Administration

SA Tool Kit release life cycle

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned

Combination Products. Presented by: Karen S. Ginsbury For: IFF March PCI Pharma

Transcription:

QMS for Software as a Medical Device [SaMD] Lessons Learned from a Quality Perspective MedCon 2015 Francis Blacha, Robert Banta

Evolution from Physical to Digital Devices From To icloud Platform Mechanical injection pens: --Instructions for Use (IFU) (printed) --Labeling (printed) --Patient Inserts (PI) (printed) --Secondary Packaging (required) --Cartons (required) App running on mobile device Software as a Medical Device (SaMD): --Instructions for Use (IFU) (on screen) --Labeling (on screen) --Patient Inserts (PI) (none) --Secondary Packaging (none) --Cartons (none) 2

QS Elements Commonalities & Differences Physical vs Digital Devices Elements Common? Different? Data Integrity Training Product Launch Approvals CAPA Cybersecurity Risk Management Human Factors Purchasing Controls/Supplier Management Digital Connectivity Complaints Recall/Market Withdrawal Change Control/Configuration Management Labelling/IFUs 3

QS Elements Commonalities & Differences Physical vs Digital Devices Challenge: Evaluate & enhance Device QMS to enable Development & Commercialization of SaMDs icloud Platform App running on mobile device 4

Assessing QMS: Support Development & Commercialization of SaMD Typical linear development life cycle model for physical devices Source: http://www.qualitydigest.com/inside/fda-compliance-column/no-fda-guidance-or-specific-regulation-don-t-overlook-criticality-product.html 5

Assessing QMS: Support Development & Commercialization of SaMD Typical nonlinear (iterative) development life cycle model for SaMD Source IBM: http://www.ibm.com/developerworks/rational/library/compliant-agile-medical-device/fig05_lg.html 6

QMS Building Blocks System of Quality Model 1. Integrating Standards: Provide clear expectations on how to achieve quality objectives. The standards describe what and who is responsible. 2. Business Processes: Simple and effective, provide information on how operations are to be performed to meet requirements per the integrated standards. 3. Organizational: Defined roles to assure clear responsibilities and accountabilities. Skills must meet the needs of the specific roles. 4. Governance/Management Oversight: Ensures management is involved when decisions are required at the appropriate accountable levels. 7

System of Quality Model Applying the Lilly System of Quality results in consistent outputs: High-quality products Accurate and complete safety and efficacy data through design, execution, monitoring and continuous improvement of Quality These outputs are achieved via: Applying sound scientific principles Balancing product commercialization effort commensurate with risk Facilitating continuous improvement 8

Lessons Learned So Far Some Recent Experiences Source: http://www.pmmajik.com/project-pmo-lessons-learned-overview/ 9

Integrated Standards Device Classification Integrated Standards U.S. Medical Device Classification Decision Process Decision Process Determine Intended Use Class III Outcomes PMA Submission & GMP s required Determine Product Codes(s) & Regulation Number(s) Class II 510(k) Submission & GMP s required Device? Yes Class I No submission, but GMP s are required No No submission, GMP exempt, except for specific provisions Mobile App (NOT mobile medical apps) 10

Integrated Standards Device Classification Integrated Standards Stand Alone S/W Determine Intended Purpose Device? No EU Device Standalone Software Decision Process 1 Yes Decision Process Active medical device No Drive or influence another device? Yes Classification Rules 9-12 Classified the same as the other device Outcomes & Requirements Class I Class IIa Class IIb (It depends) Annex VII: Tech Documentation Declaration of Conformity AE reporting & complaint handling Recalls Annex II: Quality System Notified Body Cert Tech Documentation Declaration of Conformity AE reporting & complaint handling Recalls 1 MEDDEV 2.1/6 January 2012 NOT a medical device the software does not perform an action on data, or it performs an action limited to storage, archival, Communication, simple search 11

Integrated Standards Device Classification Integrated Standards International Medical Device Regulators Forum (IMDRF) Source: http://www.imdrf.org/docs/imdrf/final/meetings/imdrf-meet-140829-washington-presentation-samd.pdf 12

Integrated Standards Integrated Standards Device Classification IMDRF Framework for Risk Categorization of SaMDs Source: http://www.imdrf.org/docs/imdrf/final/meetings/imdrf-meet-140829-washington-presentation-samd.pdf 13

Integrated Standards Integrated Standards Standards Analysis Mapping Standards Applicable to SaMDs Source: http://www.emdt.co.uk/article/developing-medical-device-software-iso-62304 14

Integrated Standards Standards Analysis Integrated Standards Evaluation of Various Standards Assessed traditional Device Standards associated with software, including: Software Validation Medical Device Software Device QSR Device QSM 15

Integrated Standards Standards Analysis Integrated Standards Mapping Standards Applicable to SaMDs 16

Standards Analysis Exercise Output was a Roadmap addressing IEC 62304 Risk-scaled Deliverables across Design Control Phases Integrated Standards SaMD Medical Device Software Lifecycle Model (IEC 62304: 2006) 17

Integrated Standards Analysis Output Integrated Standards Developed a Global Quality Standard that defines SaMD quality requirements for (among others): Design controls Risk management (including cybersecurity) Human Factors Distribution Purchasing Controls Labeling Privacy Data Integrity Product Recall 18

Business Processes Human Factors Business Processes SaMD Formative Human Factors Studies Formative HF Study to verify the effectiveness of knowledge gained Essential to have a cross-functional HF team Users interact with software Users/Programmers verify changes Usability experts take user feedback Programmers make design changes based on feedback Rapid iteration of HF Studies allows for easier change/verify cycles in software versus conventional change/verify cycles for physical devices. 19

Business Processes Product Recall Business Processes SaMD Recall/Market Withdrawal Commonalities/Differences Plan for physical removal from market Accomplished via print media and traditional mailings Physical removal from market Physical counting of recalled product Problem Identification Risk Assessment & Decision to recall Recall plan & communication planning Issue recall communications Recall / Market Withdrawal Monitor/review recall Effectiveness/ Update stakeholders Recall Complete Plan for SaMD deactivation or forced software upgrade Accomplished via e-mail notifications Digital deactivation or forced software upgrade Measured digitally via SaMD connection with cloud 20

Business Processes Patient Instructions Business Processes Labels and Instructions for Use (IFU) Physical Device Label attached to device IFU included with packaging Label update via printing of new labels IFU update via printing of new IFU Label and IFU subject to loss, alteration, or replacement without authorization SaMD Label integrated into software and displayed on screen IFU integrated into software and displayed on screen Label updated electronically via software upgrade IFU updated electronically via software upgrade Software label and IFU cannot be lost, altered, or replaced 21

Organization: Roles and Responsibilities Organization SaMD require new technical expertise: Mobile Application Software Engineer IT Network Infrastructure Specialist Global Information Security Architect Source: http://www.pmoplanet.com SaMD require identification of right span of control plus clear accountability: Device classification Software safety classification determination Risk management process ownership Patient safety decision ownership Cloud service provider supplier chain ownership 22

Organization: Defining Roles and Responsibilities Organization SaMDs require clear lines of accountability for among other items issue escalation/resolution regarding: SaMD commercialization decisions SaMD launch approvals Privacy decisions Data analytics usages Cybersecurity practices (app level and Cloud level) Due diligence of Cloud vendors Source: http://blog.procore.com/ 23

Organization - Capability Example of Team Participants Organization Physical Device Team: Project Manager Regulatory Affairs/Qualified Person Medical Device Development Engineer Medical Device Quality Assurance Representative Human Factors Consultant Medical Affairs Consultant Additional Software skills: Mobile Application Software Developer Global Information Security Architect IT Quality Assurance Representative Cloud Infrastructure Consultant 24

Governance/Management Oversight Gov./Mgmt. Oversight Focusing on governance/ management oversight: Management involvement Problem escalation Decision making Auditing Source: http://www.praxity.com/about-us/pages/the-governance-of-the-alliance.aspx 25

Governance/Management Oversight Gov./Mgmt. Oversight 26

So far Lessons Learned Early identification of the regulatory classification for SaMD both US and OUS Establish global quality standard (quality requirements) Ensure involvement of IT team in oversight of Cloud infrastructure Modify recall/market withdrawal processes to address SaMD technology capability Formative HF Studies enhanced by modifying SaMD code from daily patient interactions Enhance product surveillance processes and patient safety processes to address the unique technology associated with SaMD 27

Conclusion System of Quality Model used to enhance device QMS to support development and commercialization of SaMD Created a Quality standard that addresses design control and product commercialization requirements for MMA/SaMDs Integrated Standards Business Processes Increased HF Study design enhancements Modified recall/ market withdrawal Adapted process controls for e-labels/e-ifus Established Cloud change control governance Developed cross-functional due diligence process for selection of Cloud vendors Addressed auditing responsibilities for MMA/SaMDs Governance/ Management Oversight Organization Brought mobile app software SMEs into device design team Added Cloud infrastructure vendor & established supplier controls for Cloud vendor 28

Questions? 29