Thanks! You've successfully subscribed to the BONEZONE®/OMTEC® Monthly eNewsletter!

Please take a moment to tell us more about yourself and help us keep unwanted emails out of your inbox.

Choose one or more mailing lists:
BONEZONE/OMTEC Monthly eNewsletter
OMTEC Conference Updates
Advertising/Sponsorship Opportunities
Exhibiting Opportunities
* Indicates a required field.

Strategic Planning for Regulatory Compliance

Convincing the senior management of a small or mid-sized company to make investments in regulatory affairs is quite difficult—until you have a Warning Letter or your Notified Body threatens to suspend your CE Certificate. The cost of implementing corrective actions and supporting special audits to address nonconformities is significant, too. If you have to hire regulatory experts to implement corrective actions urgently, the cost can quickly equal an additional head count. Therefore, I offer this detailed advice for preparing for regulatory changes.

#1 – Identifying New & Revised Regulatory Updates

This is difficult primarily because many of the people responsible for regulatory affairs are not aware of where to look for knowledge. The most common recommendation is to subscribe to RSS feeds to learn of updates. These are provided by most of the FDA, Notified Bodies, authorized representatives, bloggers and organizations that issue standards (AAMI, ANSI, ASTM, etc.). If you subscribe to an RSS feed for this purpose, you actually need to read your emails. When there is something new that requires further investigation, I recommend creating an automated task reminder in your smartphone or your computer to do the work when you have the time.

In addition to the sources of new regulations and standards, you also need to be aware of trends in the industry. Professional networking organizations such as RAPS and ASQ are great for word of mouth. LinkedIn discussion groups and regulatory blogs are my personal favorites. Calling a regulatory affairs colleague who works for a different company is a great way to compare notes too—especially when you hear that someone just experienced an FDA inspection or an unannounced audit.

The third most common method for gathering information on regulatory changes is performing Post-Market Surveillance. This is not just analyzing complaint information. You must be proactive. FDA has a tool called the Total Product Life Cycle (TPLC) Report. I explained this tool briefly in a blog, with screen captures; refer to the endnotes to find the link.3 The European Database of Medical Devices (Eudamed) will be publically available in the future (2015-2017) with this type of vigilance data—starting with the high-risk implantable devices.

#2 – Performing a Gap Analysis

Gap analysis involves three critical pieces. First, you need to identify the appropriate subject matter expert(s) to perform the gap analysis. Second, the gap analysis needs to be cross-functional in most cases. A specific change may impact more than just QA/RA. Changes can affect purchasing departments that are responsible for negotiating with suppliers, engineering departments that communicate changes to suppliers and IT departments that may need to validate software modifications to increase traceability of raw materials and finished goods. Third, the gap analysis needs to be documented with an action plan for implementation. A gap analysis that identifies the gap is only the starting point for a new Quality Plan. That Quality Plan should be referenced in the gap analysis to document what actions were taken.

#3 – Initiating Quality Plans

The acronym CAPA stands for corrective and preventive action. Corrective actions are typically short-term. Preventive actions are typically long-term. If a gap is identified prior to the mandatory implementation date for a new or revised regulation, then the actions taken in response to the gap analysis are “true” preventive actions. These “true” preventive actions make your Notified Body auditors very happy. Many companies have trouble identifying these opportunities, but these same companies often receive nonconformities for their failure to implement new and revised regulations. Therefore, I recommend documenting the actions taken to address gaps as preventive actions if the steps can be implemented in a timely manner. If the actions require more than six months to implement, a long-term Quality Plan may be more appropriate to document these projects. These plans will have many of the same elements of a Design and Development Plan. Therefore, you may want to adapt your Design Controls procedure and forms to meet the needs of a Quality Plan.


Security code