Dawn A. Lissy, Founder & President, Empirical07.19.22
I’m proud to be a member of an industry built on patient safety. At every step of getting a medical device to market and into the human body, there are checks and balances in place to safeguard health. No matter what your role is in medical devices, it somehow relates back to ensuring the work you do results in good outcomes for the patient.
But how we get there can be a long and winding road. And depending on which markets you target, that road can take different turns when it comes to the quality systems required for device clearance. For devices marketed in the European Union, ISO 13485 tells device producers how to manage the processes by which they meet regulatory requirements. For U.S.-based sales, the U.S. Food and Drug Administration (FDA), 21 CFR 820 is the standard.
And for companies targeting both, there’s been a persistent gap between the two systems in quality requirements to get their products to market. FDA estimates 4,400 companies are caught in that gap. On Feb. 22, 2022, the agency issued a proposed rule to harmonize 21 CFR 820 with ISO 13485, which could save medical device companies $439 million to $533 million over a decade. But the transition is expected to cost about $7.6 million.
“In the long run, it’s a good thing,” said Meredith May, director of Consulting for Empirical Technologies Corp. “The pains of getting there are going to be expensive. But it really pushes our domestic companies toward a place where they are closer to becoming international companies than the way it was set up before.”
We’re hearing from many of those companies trying to make sense of the changes and get up to speed. May is working with Jan Janson, president and owner of Technical Training and Consulting of Monroe, Ohio, to support clients working to become registered for ISO 13485 or bring their 21 CFR 820 system up to ISO 13485 standards.
“Most of these guys don’t know what 13485 is,” Janson said. “Most of these people are being told by somebody, mostly their client, that they’re gonna need (ISO) 13485 registration to play in both the domestic and international market. In the old days, the client said, ‘Do you have a quality system?’ In the new days, the client is saying, ‘Are you 13485 registered?’ Most of these guys are saying, ‘What the hell is that?’”
Fortunately for these gap companies, the differences between 21 CFR 820 and ISO 13485 are similar enough that most companies only need to make fairly small adjustments to obtain ISO 13485 registration. It’s typically more detailed documentation about quality processes and a bigger focus on risk assessment.
“For traditional risk assessment, you had to look at your product and evaluate your risk,” May said. “Then you had to look at your manufacturing process and evaluate the risk. Now you have to show you incorporated risk management into everything. You have to have an overarching risk management process. It’s adding another layer to what they’re doing, but not necessarily changing what they do.”
To help these companies obtain certification, Janson reviews processes, suggests improvements, and creates manuals and forms to satisfy an outside auditor.
But it’s both a perspective shift and an expense that seems to have caught many off guard, he said. Most of his clients are small businesses that are a single point in the development process rather than developers working their way through the clearance process, so quality audits have not historically been a concern.
“I think the biggest issue with this system is getting (the affected companies) to fill out the forms,” Janson said. “Most of these people are good at making a product. They’ve never had [to perform this level of documentation]. If an auditor finds it, they won’t pass for registration. I can get you legal, but you have to do a mindset change.”
Part of that mindset change is clarifying the difference between regulatory and quality—two industry subsets that are related but not redundant. I explain to clients that each has a specific function as they work together. When you get a device cleared, you’re not just getting the widget cleared, you’re getting clearance on an entire set of processes—the prints, the design history file, how you make it, how you label it, etc. Your regulatory clearance isn’t just for the end product, it’s for everything that gets you to that end. How you craft your product is your quality system, and it should give you all the information you need to solve any problems that may arise.
“It’s a completely different area that relates to product impact to the patient,” May said. “Regulatory relates to requirements for commercialization and interfacing with the FDA on those requirements. Quality relates to internal processes and communicating and interfacing with internal processes to meet those requirements. I can be a quality person and not talk to FDA my entire career. They’re two separate departments all the way around.”
Separate, but equal in importance. And with this new push for harmonization, quality systems with ISO 13485 registrations are now in higher demand.
“Most of these guys call me when they’re about to lose their major customer because out of the clear blue sky the customer says, ‘You need to be registered or else I’m taking my business to someone who is,’” Janson said.
Depending on the company, adding in a system can be a financial and administrative burden some companies may choose to forego.
“I think it’s going to shrink the pool of manufacturers and subcontractors,” May said. “The flipside is, if they’re not interested in doing the things necessary to put a safe medical device in my grandma, I don’t want them working in medical products anyway.”
Dawn Lissy is a biomedical engineer, entrepreneur, and innovator. Since 1998, Empirical Technologies Corp. has operated under Lissy’s direction. Empirical offers the full range of regulatory and quality systems consulting, testing, small batch and prototype manufacturing, and validations services to bring a medical device to market. Empirical is very active within standards development organization ASTM International and has one of the widest scopes of test methods of any accredited independent lab in the United States. Because Lissy was a member of the U.S. Food and Drug Administration’s Entrepreneur-in-Residence program, she has first-hand, in-depth knowledge of the regulatory landscape. Lissy holds an inventor patent for the Stackable Cage System for corpectomy and vertebrectomy. Her M.S. in biomedical engineering is from The University of Akron, Ohio.
But how we get there can be a long and winding road. And depending on which markets you target, that road can take different turns when it comes to the quality systems required for device clearance. For devices marketed in the European Union, ISO 13485 tells device producers how to manage the processes by which they meet regulatory requirements. For U.S.-based sales, the U.S. Food and Drug Administration (FDA), 21 CFR 820 is the standard.
And for companies targeting both, there’s been a persistent gap between the two systems in quality requirements to get their products to market. FDA estimates 4,400 companies are caught in that gap. On Feb. 22, 2022, the agency issued a proposed rule to harmonize 21 CFR 820 with ISO 13485, which could save medical device companies $439 million to $533 million over a decade. But the transition is expected to cost about $7.6 million.
“In the long run, it’s a good thing,” said Meredith May, director of Consulting for Empirical Technologies Corp. “The pains of getting there are going to be expensive. But it really pushes our domestic companies toward a place where they are closer to becoming international companies than the way it was set up before.”
We’re hearing from many of those companies trying to make sense of the changes and get up to speed. May is working with Jan Janson, president and owner of Technical Training and Consulting of Monroe, Ohio, to support clients working to become registered for ISO 13485 or bring their 21 CFR 820 system up to ISO 13485 standards.
“Most of these guys don’t know what 13485 is,” Janson said. “Most of these people are being told by somebody, mostly their client, that they’re gonna need (ISO) 13485 registration to play in both the domestic and international market. In the old days, the client said, ‘Do you have a quality system?’ In the new days, the client is saying, ‘Are you 13485 registered?’ Most of these guys are saying, ‘What the hell is that?’”
Fortunately for these gap companies, the differences between 21 CFR 820 and ISO 13485 are similar enough that most companies only need to make fairly small adjustments to obtain ISO 13485 registration. It’s typically more detailed documentation about quality processes and a bigger focus on risk assessment.
“For traditional risk assessment, you had to look at your product and evaluate your risk,” May said. “Then you had to look at your manufacturing process and evaluate the risk. Now you have to show you incorporated risk management into everything. You have to have an overarching risk management process. It’s adding another layer to what they’re doing, but not necessarily changing what they do.”
To help these companies obtain certification, Janson reviews processes, suggests improvements, and creates manuals and forms to satisfy an outside auditor.
But it’s both a perspective shift and an expense that seems to have caught many off guard, he said. Most of his clients are small businesses that are a single point in the development process rather than developers working their way through the clearance process, so quality audits have not historically been a concern.
“I think the biggest issue with this system is getting (the affected companies) to fill out the forms,” Janson said. “Most of these people are good at making a product. They’ve never had [to perform this level of documentation]. If an auditor finds it, they won’t pass for registration. I can get you legal, but you have to do a mindset change.”
Part of that mindset change is clarifying the difference between regulatory and quality—two industry subsets that are related but not redundant. I explain to clients that each has a specific function as they work together. When you get a device cleared, you’re not just getting the widget cleared, you’re getting clearance on an entire set of processes—the prints, the design history file, how you make it, how you label it, etc. Your regulatory clearance isn’t just for the end product, it’s for everything that gets you to that end. How you craft your product is your quality system, and it should give you all the information you need to solve any problems that may arise.
“It’s a completely different area that relates to product impact to the patient,” May said. “Regulatory relates to requirements for commercialization and interfacing with the FDA on those requirements. Quality relates to internal processes and communicating and interfacing with internal processes to meet those requirements. I can be a quality person and not talk to FDA my entire career. They’re two separate departments all the way around.”
Separate, but equal in importance. And with this new push for harmonization, quality systems with ISO 13485 registrations are now in higher demand.
“Most of these guys call me when they’re about to lose their major customer because out of the clear blue sky the customer says, ‘You need to be registered or else I’m taking my business to someone who is,’” Janson said.
Depending on the company, adding in a system can be a financial and administrative burden some companies may choose to forego.
“I think it’s going to shrink the pool of manufacturers and subcontractors,” May said. “The flipside is, if they’re not interested in doing the things necessary to put a safe medical device in my grandma, I don’t want them working in medical products anyway.”
Dawn Lissy is a biomedical engineer, entrepreneur, and innovator. Since 1998, Empirical Technologies Corp. has operated under Lissy’s direction. Empirical offers the full range of regulatory and quality systems consulting, testing, small batch and prototype manufacturing, and validations services to bring a medical device to market. Empirical is very active within standards development organization ASTM International and has one of the widest scopes of test methods of any accredited independent lab in the United States. Because Lissy was a member of the U.S. Food and Drug Administration’s Entrepreneur-in-Residence program, she has first-hand, in-depth knowledge of the regulatory landscape. Lissy holds an inventor patent for the Stackable Cage System for corpectomy and vertebrectomy. Her M.S. in biomedical engineering is from The University of Akron, Ohio.