New draft guidance documents released by the International Medical Device Regulators' Forum (IMDRF) aim to establish new standards for medical device auditing and monitoring organizations, as well as their respective employees.
Background: The IMDRF
IMDRF launched in 2012 as the regulators-only successor to the Global Harmonization Task Force (GHTF), which disbanded in December 2012 after its device regulatory members decided to split off and form their own group without the involvement of industry.
At present, organizations involved in the IMDRF include the US Food and Drug Administration (FDA), Australia's Therapeutic Goods Administration (TGA), Brazil's National Health Surveillance Agency (ANVISA), Health Canada, the European Union (EU), Japan's Pharmaceuticals and Medical Devices Agency (PMDA), and the Asian Harmonization Working Party (AHWP). At IMDRF's 19-21 March 2013 meeting, it was also announced that China had become a full member, and that Mexico had been invited to participate as an official observer, potentially clearing the way to later join the organization.
At the 2012 RAPS annual meeting, US Food and Drug Administration (FDA) regulator Kimberly Trautman, associate director of international affairs, said IMDRF was currently focused on five priority areas: a review of the National Competent Authority Report (NCAR) system, a roadmap for the implementation of a unique device identification (UDI) system, a medical device single audit program (MDSAP), a common list of recognized standards, and a standardized submission process for regulated products (RPS).
At the meeting, Trautman highlighted the auditing standards for organizations, noting that this was the area she was charged with leading. She explained that the guideline will "complement the current ISO13485 revision process under which IMDRF seeks modifications to achieve a harmonized standard amongst its members."
But for another IMDRF member, Health Canada's Mike Ward, the harmonization of auditing standards could not be underestimated. This is the "future of regulation," he said, referring to third parties stepping in to help meet the needs of regulatory authorities.
"The regulatory investment here is very wise," argued Ward, noting that it would allow regulators to divert their limited resources elsewhere. Still, he said a number of issues will need to be worked out: How to audit consistently, which standards get used, and how best to oversee third-party regulators across regulatory regions.
Now, it seems, many of those issues have been worked out to Ward's and Tratuman's satisfaction. In two guidance documents posted on 17 April 2013, IMDRF establishes a draft framework for third-party audits and how they ought to be regulated.
New Guidance: Recognition and Monitoring
The first, Recognition and Monitoring of Organizations Undertaking Audits of Medical Device Manufacturers, is aimed at defining the criteria used by members of IMDRF to recognize and monitor auditing organizations.
The basic premise of third-party auditing, IMDRF explained, is to "maintain public confidence [in devices] by providing objective evidence of the safety and performance of medical devices and of their benefits and risks."
What the guidance does is establish a "common set of criteria" regulators may use to recognize a third-party auditor, which often oversees the conformity assessment process, and to make sure they follow all relevant requirements.
The guidance lists dozens of "specific requirements for medical device auditing organizations," including:
- transparency measures required of the organization, particularly regarding ownership of the company and its independence from other entities
- the personnel of the organization and which ones are barred from participating in audits
- how the company is allowed to advertise its services, including the non-use of certain claims or guarantees
- insurance requirements for the organization to cover legal liabilities
- the use of documented processes and procedures to ensure the quality and accuracy of work completed for a manufacturer
- adherence to a code of conduct and a code of ethics
- methods of safeguarding impartiality
- knowledge and competency standards for staff involved in audits
- use of external experts
- record-keeping requirements
- certification of documents
- confidentiality considerations
- information exchanged to the regulator
- audit requirements
- post-marketing surveillance
- re-audits and recertification procedures
- standards for unannounced audits
- the process for suspending or revoking certification
The guidance also alludes to the requirements of a second guidance, Auditor Competency and Training Requirements for Organizations undertaking Audits of Medical Device Manufacturers, which-as its name implies-aims to establish the requirements for making sure companies employ qualified, competent and well-trained staff who are kept up-to-date on all current requirements.
Those auditors should have met certain prerequisite educational requirements, particularly in scientific fields related to medicine or engineering, as well as the prerequisite experience needed for their particular job function.
Other factors will also play a role, including knowledge of ethics, objectivity, reasoning skills, interpersonal skills, analytical prowess, ability to communicate, and the qualities of diligence, adaptability, tenacity, intuition and observation. Other technical competencies include knowledge of quality systems, regulatory requirements, medical devices in general, auditing procedures and techniques, risk management and statistics.
Both documents are now accepting comments, the comment forms for which can be found here and here.