Design Controls: A 17-Year Learning Curve

The Safe Medical Devices Act of 1990 (SMDA) amended the Food, Drug and Cosmetic Act and gave FDA the authority to add preproduction design controls to the cGMP regulation. This change was based on findings that a significant proportion of device recalls were attributed to faulty product design.

Specifically, in January 1990, FDA published results of an evaluation of device recalls that occurred between October 1983 and September 1989, in a report titled, “Device Recalls: A Study of Quality Problems.”

FDA found that approximately 44 percent of quality problems that led to voluntary recall actions during this sixyear period were attributed to errors or deficiencies that were designed into devices, and may have been prevented by adequate design controls. 

With respect to software used to operate medical devices, the data were even more striking. A study of software-related recalls for years 1983 through 1991 indicated that more than 90 percent of all software-related device failures were due to design errors—generally, the failure to validate software prior to routine production. 

Officially, design controls have been part of 21 CFR, Part 820 for just under 17 years and there have been many lessons learned by both industry and FDA during this tumultuous period. My reminiscence is based upon the initialization of design controls and how industry couldn’t fathom the idea that the Federal government was going to invade the creative parts of “our research” efforts (when they really had no intention of doing so). This imposition was compounded by the fact that the final rule for this QS Regulation was published approximately one year before it became effective and that FDA would additionally give industry a one-year grace period (until June 1, 1998), during which official agency action would not be initiated, including FDA Form 483 observations, warning letters or enforcement cases based upon the failure to comply with Part 820.30.

That year was compounded with denial and disbelief. Even though there were promises that no regulatory actions would be taken against companies with compliance issues related to design, the Establishment Inspection Report would reflect how the new inspection strategy for 820.30 was working at company X. Industry and FDA were full of apprehension. Handling FDA inspections is part of my business. I recall that some FDA inspections were proving grounds and, in some cases, catalyzed long and tension-filled “discussions.” Frankly, both sides didn’t know what they were doing.

Enough with the historical stage setting. Where are we going?
Because design controls apply to a variety of devices, the regulation, by definition, does not prescribe the practices that must be used. Instead, it establishes a framework that manufacturers must use when developing and implementing design controls. The preamble to 820 has a wealth of information, as does the guidance document, “Do It By Design.” The framework provides manufacturers with the flexibility needed to develop design controls that both comply with the regulation and are most appropriate for their own design and development processes.

That’s the good news, and the bad news. It became complicated when this open-ended part of the overall regulation did not (could not) prescribe particular methods of implementation. FDA simply said that manufacturers should seek out technology-specific guidance on applying design controls to their particular situation and learn to appreciate the intrinsic value of design controls in the same breath, i.e. it was a wellestablished fact that the cost to correct design errors is lower when errors are detected early in the design and development process. There are still companies that repeat that sentence over and over again at management meetings, design reviews, strategic planning sessions, etc., but in the reality of day-to-day, still don’t get it. As a linked process in the quality management system, design controls don’t stand alone like research does.

If I were to pick out one over-arching, negative aspect of this QS Regulation in relationship to design over the past 16 years, it would be that companies fail to link Part 820.30 with the rest of Part 820. They manage design controls separately rather than incorporating the inter-relational architecture into the grand scheme of the whole regulation. Words escape me when I sit in one of the many FDA inspections I attend and watch management tap dance around the fact that the design and manufacturing processes were not in synch. This has not changed in 16 years.

When there are proposed process changes in manufacturing, or when quality data from the field necessitates an investigation of the device itself, design controls must be officially approached to consider a possible redesign.

Risk management has changed the way we look at design. Yet, we’re not even close to understanding why.
I’ll bet you think that I’m going to talk about design validation. It’s the only place where risk is mentioned in all of 21 CFR, Part 820. Risk analysis is important before and during design validation, but risk is also an input into the design controls Subsequently, the design process must provide an opportunity to evaluate how the organization will utilize risk management activities to ensure that design inputs are comprehensive and meet user needs, to confirm that risk control measures that were planned have been implemented in the design, and to verify that risk control measures are effective in controlling or reducing risk of the device and support processes. As a bonus jammed-packed with variables, design and development activities will directly affect the organization’s purchasing controls process, because suppliers whose components and/or activities are associated with higher risk to the product or whose activities are critical to the essential design outputs must act like “an appendage” of your risk evaluation activities.

Verify that any risks and risk mitigation measures identified during the risk management process are used as an input in the design and development process. Design outputs are subsequently impacted, even before they become part of the Device Master Record (DMR).

When the design input has been reviewed and the design input requirements are determined to be acceptable, the process of transforming those requirements into a device design begins. So, if you don’t get the input part right, the rest of your efforts could end up being skewed. The first step is conversion of the requirements into system or high-level specifications. Thus, these specifications are a design output. Upon verification that the high-level specifications conform to the design input requirements, they become the design input for the next step in the design process.  This basic technique is used repeatedly throughout the design process.

Each design input is converted into a new design output; each output is verified as conforming to its input; and it then becomes the design input for another step in the design process. In this manner, the design input requirements are translated into a device design conforming to those requirements. The Design History File (DHF) is the basis for the DMR.

The goal is to verify that management has committed to and has responsibility for overall risk management planning, including ongoing review of the effectiveness of risk management activities ensuring that policies, procedures and practices are established and documented for analyzing, evaluating and controlling product and process risk during product realization.

Remember that a quality management system that has been implemented effectively, monitored to identify and address existing and potential problems, and has an integrated risk management process utilizing risk-based decision-making is more likely to produce medical devices that function as intended. 

Note: The documentation and control of changes begins when the initial design inputs are approved, and continues for the life of the product. Design change control applies to changes to inputs or outputs as a result of design verification or design validation, changes to labeling or packaging, changes to enhance a product’s performance, changes of production process(es) and changes that result from the analysis of quality data. Change can be acceptable as long as it is controlled.

To just have data is not good enough. Effectively using the data is paramount.
The appropriate sources of quality data must be identified for input into the design controls process at all stages of this life-cycle approach, including customer complaints, feedback, service records, returned product, internal and external audit findings, adverse events, data from the monitoring of products, processes, nonconforming products and suppliers. Data derived from your competition is always understated but so very important (as you compare the issues versus your own devices). It is imperative that you confirm that data from these sources are accurate and analyzed using valid statistical methods to identify existing and potential product and quality management system nonconformities that may require redesign. As a manufacturer, you must make effective arrangements for gaining experience from the post-production phase.

Utilize information from the analysis of production and postproduction quality data to amend the analysis of product and process risk, as appropriate. You may choose to enact new or more stringent controls to maintain an acceptable level of product and process risk.

Some other sources of quality data that may be useful in identifying potential problems are acceptance activities, such as component, in-process or finished device testing; environmental monitoring and statistical process control (SPC). Results of acceptance activities may indicate an unfavorable trend that left unattended may result in product nonconformity. 

The requirements for delivery, installation and servicing of a particular device should have already been evaluated and addressed by the organization during design and development and planning for product realization. If risk control measures were identified involving the delivery, installation and servicing for a particular device, you must confirm in continuum that the necessary processes have been implemented to ensure the risk control measures are in place. As related, multi-use medical devices are becoming more important from a costing standpoint in the operating room. Service reports can be an important source of quality data for input into the organization’s design process. When necessary, you must confirm that data regarding service reports is analyzed for possible corrective action/preventive action and design changes. Service reports must also be analyzed to determine if the service event represents an adverse event that is reportable to regulatory authorities. Measured trends in this area of medical device reporting show that in the majority of cases the design is suspect. 

Verify that design and development changes were controlled, verified (or where appropriate validated), and approved prior to design change have been identified and mitigated to the greatest extent practical. 

Human Factors: Yes, design controls are all about safety and effectiveness for human use.
You must establish and maintain a continuous process of risk management that covers the entire life cycle of the product. Possible hazards must be identified in both normal and fault conditions, including those arising from human factors issues. Your design process must have procedures in place to determine how much risk is acceptable. Determining an acceptable level of risk depends upon the intended use of the device, including the particular health concern of the patient population, the training of the users involved and the use environment.

Design validation must address the needs of all appropriate parties, such as the patient, healthcare worker, biomedical engineer and storage clerk. Consideration must be given to the environment in which the device will be stored, transported and used. Design validation needs to be performed for each intended use. Design validation must also confirm that user needs and intended uses associated with the device’s packaging and labeling are met. These outputs have human factor implications, and unless they are adequately considered during design validation, they may adversely affect the device and its use. Confirm that design validation data show that the approved design met the predetermined user needs and intended uses. The intended uses must include the purpose of the device, patient type (adult, pediatric or newborn) and the environment in which the device is to be transported and used (domestic use, hospitals, ambulances, etc.).

Where are we going? We’re going to continue to get better.
The planning exercise and execution of the plans is complex because of the many areas and activities that should be covered, but are not covered during the urgency to get the device to market.

Risks cannot always be removed from medical devices, but they should be known and controlled to the extent feasible with existing technology. There are human factor and validation process techniques that can be used in developing a risk analysis.

All risk evaluation results should be reviewed by manufacturing, as well as product development personnel who compare these results with specifications, including safety and performance standards, to make certain that the desired level of essential quality has been designed into the device.

The appropriate design of manufacturing processes, including validation where appropriate, is needed to assure that production can achieve the level of quality designed into the device. As mentioned earlier, if there is one over-arching, negative aspect of this QS Regulation in relation to design over the past 16 years, it’s that companies fail to link Part 820.30 with the rest of Part 820. They manage design controls separately, rather than incorporating the inter-relational architecture into the grand scheme of the whole QS Regulation.

We should be going in the direction that joins the design and manufacturing effort together on a daily basis to assure that process controls actually work, and that medical devices are safe and effective for human use. 

John Gagliardi has had success over the past 43 years in the Medical Device and Pharmaceutical industries because of his practical approach to process-orientation and business. He has been actively involved in research and development, quality assurance, training, operations, process architecture, FDA inspections and regulatory affairs. John specializes in building systems in a compliant and business-ready manner. John can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

MidWest Process Innovation, LLC