Improving Compliance
Full transcript below:
Chris Keech:
Good morning, good afternoon, or good evening depending upon where you are in the world, and welcome to today’s Qmed webinar, “Improving Compliance with Increased Global Regulations,” sponsored by Arena and broadcast by UBM. I’m Chris [Keech] and I’ll be your moderator today.
We have just a few announcements before we begin. First, this webinar is designed to be interactive. The dock of widgets at the bottom of your screen will allow you to learn more about today’s speakers, download resources, share this webinar via social media outlets, and participate in our Q&A session that takes place at the end of our presentation.
The slides will advance automatically throughout the event. You may also download a copy of the slides via the resources widget. And towards the end of our webinar, we will ask you to complete our survey found on the right-hand side of your screen. Please take a moment to fill this out before leaving us today as your feedback will provide us with valuable information on how we can improve future events. And, lastly, if you’re experiencing any technical problems, please click on the help widget found at the bottom of your screen, or type your issue into the Q&A text area and we’d be glad to offer one-on-one assistance.
And one other note here. If we do not get to your question during our Q&A session today, someone will be getting back to you via email after the session is over.
And, now, onto the presentation, “Improving Compliance with Increased Global Regulations.” Discussing today’s topic is Dr. Joy Frestedt, President and CEO at Frestedt Incorporated and Christopher Hill, Director of Quality at Organ Recovery Systems Incorporated; and Ann McGuire, Product Marketing Manager at Arena. To learn more about our speakers, please visit the bios widget.
And, Dr. Frestedt, it’s with great pleasure I now turn this special session over to you to begin.
Dr. Joy Frestedt:
Well, thank you very much. I am excited to be with you today and talking about regulatory compliance, and things that we can do to improve our ability to comply with different regulations.
There is also an agenda for today’s talk that covers three basic areas. I will be starting us out with medical device trends and their impact on compliance. And then Ann will pick up to talk about solutions that are provided, for example, by Arena; and then Chris will pick up to talk about how he’s used Arena to comply with ISO 13485.
So for my part, I wanted to cover some information about trending and how these changes in global regulations have driven a greater need for compliance.
So I have prepared an outline, and I wanted to first introduce you to myself and my company. We’re a small company of about eight employees with over 70 consultants, so we do lots of work in regulatory submissions and different types of negotiations with different notified bodies internationally or with the FDA in the U.S. We do clinical trials, quality, and engineering work, and we come to this talk having done some very interesting work in compliance without electronic systems, and so I’m going to wrap up my talk with a couple of examples about how important it is to have appropriate and helpful electronic solutions to help guide different kinds of compliance activities.
So we’re going to start off with this trending, talking first about the medical device regulation. I’m sure you’ve all known and heard about how the MDR, the Medical Device Regulation, is combining the two current regulations in the European Union, including the Medical Device Directive itself and the separate Active Implantable Medical Device Directive. This combination into one new, overarching document, which you see there on the page and which can be easily linked through Google by searching for those regulatory numbers that are on the page there … The concept for this new regulation is that by the year 2020, people will have had enough time to read this very long regulatory document and understand what it means for them to comply.
In advance of the MDR, last year in 2016 in June, the Medical Device Directive came out about clinical evidence reporting, and it turns out that this MDR is very focused on clinical evidence and getting compliance for devices to have enough clinical data to show that the devices are safe and perform as intended. This change in regulatory scope is at the same time that we’re having updates to different international standards, like the ISO 13485, and we’re going to spend quite a bit of time in the next at least eight slides for me talking about 13485—this new version that came about last year in 2016, and how this globally brings more alignment between international regulatory authorities and the U.S. FDA as part of 21CFR820, or the quality system regulations in the U.S. are kind of tightly linked, or at least more closely linked right now, to ISO 13485, talking about risk and how to better manage risk with all of our device interactions.
And this also comes at a time when many devices are using the Cloud to help interact between the patient and their device, between the device and health care professionals. Things like defibrillators and other devices, and hospital monitoring systems, and different ways to monitor signals are being interacted through the global cloud use—driving the need for better data and cybersecurity, making sure that software and hardware are aligned, and that all of the security risks have been thought about.
So, this time in this current environment is changing rapidly and becoming much more complex, so the need to organize things and the need to make them easily accessible is really driving a lot of revolution in what electronic systems we need and how we use them. In fact, documentation control is becoming center stage for most of the things that we do.
So I wanted to spend a few slides here, I think about eight slides, talking about this ISO 13485 in a little more detail.
Back in 2016, when this international standard was updated, this was a big change for most people, and the change continues as different global regulations like the MDR come into focus. And as changes to 21CFR820 in the U.S. is anticipated, although not currently as front and center, certainly some of these global changes will impact the U.S. and regulatory changes here will follow suit at some level. But for right now, ISO 13485 has become more closely aligned to 21CFR820, which is the quality system regulation in the U.S., and this concept of risk management that is kind of inherent, if not explicitly stated in 21CFR820.
So just to clarify if you’re not a regulatory person—what’s the difference between an international standard like ISO 13485 and a regulation like 21CFR820, or the regulation like the European Council on Medical Device Regulations? So as you all may remember, the laws are written by Parliament in Europe and by the U.S. Congress in the United States, and those laws that are written by these politicians become codified in different instruments, like the Code of Federal Regulations in the U.S., or the European Journal in Europe where the council directives are outlined in the Medical Device Regulation.
As these become more aligned, the regulations and the international standards and the guidelines, things like risk are becoming a focus for many different regulatory groups, and then in turn for many different sponsors, and for many patients. As we think about how to improve our attention to high-risk problems and make sure that they’re resolved, this is critical to us.
International standards are voluntary. Regulations and the laws that lead the regulations are mandatory. When I talk about ISO 13485, I’m talking about a voluntary standard that’s designed to help get compliance with the regulation. So in the United States, 21CFR820 is required and it’s mandatory. In the European Union, right now, the Medical Device Directive and the Active Implantable Medical Device Directive are both mandatory. In the future, just the Medical Device Regulation will be mandatory because it combines those two.
So just giving you kind of a sense of where ISO 13485 fits into the regulatory structure. It’s a great standard. It helps drive compliance. It’s a way to think about business and to develop standard operating procedures in order to get global compliance. These standards and the regulations are not product specific, and they don’t talk about business or finance, so it’s up to us to figure out how to use them, and it is up to us to figure out how to integrate risk into our operating systems. And I submit this is part of why electronic systems may be helpful in order to contain those guidelines that we develop for our companies to be very product specific and very financially responsible, and also to train others.
So as we dig a little more deeply into 13485, this voluntary international standard about the risk-based approach, this new version in 2016 has a clause in Section 4.1, which is specifically about the risk-based approach now. And it talks about risk management, and how to make decisions. Currently, the U.S. guidelines don’t have such a risk-based requirement, but they do expect this. When you work with the FDA or international notified bodies, risk will be center stage, and it will become more refined as we go forward because, for the U.S. FDA, they react to the high safety signals. Safety signals are critical to the U.S. public, and they expect sponsors to anticipate those types of signals so that they can react to them. So this risk-based approach, very center stage currently.
ISO 13485 in 2016 also had a section in clause 4.2 which gets more in line with the U.S. regulations, which is about confidential health information. So this international standard now calls out the need to protect confidential health information more than it used to, and it focuses on the deterioration of that information or loss of that information. So, these confidentiality risks continue to increase in our visual appearance of them. We see them more often, and as we try to deal with keeping things confidential, and knowing what things are not confidential, again, ways to identify documents and keep electronic records that help us understand that we know the difference between things that can be released to the public and things that can’t. That concept is critical.
In clause 6.2 of the international standard, the human resources component that was recently released in 2016 tends to exceed what is currently in the quality system regulations in the U.S. for 21CFR820. Currently, the U.S. requires training and experience, but now, 13485 adds this concept of competence, and a company’s need to be aware of their personnel’s abilities. So this effectiveness, how effective is your training, is an international evolutionary step, I think, as we try to understand the difference between a person who is new to the company versus a person who has been there for a few years and has a different level of competence, and separate that from the expert, the 30-year veterans who are very well competent and able to talk strategy. Being able to manage our training and our staff to understand those differences and to integrate that into our approach to effectiveness is becoming more visible through these international standards, and, I assume there will be even more conversations with the U.S. FDA as different products come to market.
For example, products that require learning on the part of the user, require training on the part of the user. The FDA has been ever more vigilant about explaining what the company needs to do to make sure that that training is clear to the user, and that the company has done everything they can do to de-risk that problem, to de-risk that someone may not fully understand how to use the product. So this training effectiveness, I think, something to look forward to in the future, more resources dedicated to it, and more effort to understand how to make training effective.
Also in ISO 13485, this new 2016 version, in clause 7.2, there is an increasing awareness of communication with customers and with regulatory authorities, what type of product information needs to be out there. How do we listen for complaints? If you’re working on devices, the need to have something more active than just passively collecting complaints is something that’s been talked about a lot in the last year as we got used to the clinical evidence requirements, and as we think about the new Medical Device Regulation that’s coming, and being responsible for understanding the safety and performance of the devices is center stage. Similarly, for drugs, the ability to understand how to report safety events and how to do periodic safety updates with the U.S. or with the international regulatory authorities is really critical.
So this idea that the communication with our customer, the person who’s using the product, and understanding the safety and performance of our device is escalated more than ever before. So these alignments between the international standard, 13485, and the 21CFR820 quality system regulations where we have complaints and medical device recording and corrections and removals and recalls are becoming more closely aligned in thinking about how to make sure that we are communicating well with the people using our products and understanding how to drive risks out of our device designs or our drug designs. So being better able to communicate both ways, in listening and in talking to our customers to make sure that the products are safe and effective.
So 13485 has clauses seven and eight, which highlight the product record. They talk about design, development, how to handle complaints, and how to report to the authorities. These now are much closer aligned to the U.S. federal regulations, as you can see on the slide, of kind of itemized where the clauses in 13485 and the corollary in the United States quality system regulation. Going to make it clear that as we go through the years, in my experience at least, over the last 35 years, this concept of globalization used to be just an abstract idea, and now it’s becoming very concrete that the things that are needed are very much the same globally. Patients need to be safe, the products need to do what we say they’re going to do, they need to be effective, and they need to perform well. So this is just another part of that fabric of making sure our products are doing what we need them to do.
Another area for ISO 13485 is in the supply chain. This clause 7.4 requires the companies to pay careful attention to their supply chain, and make sure that there have been risk assessments for each supplier along the way, and that those suppliers are being held accountable for regulatory compliance. Not just the sponsor itself, but whoever you use as third parties, you need to scrutinize their ability to comply. So no longer is it the case where you can say, “Well, that’s their problem.” If you’re the company making a drug or device, you have to be thinking about how that company might be encouraged to be a better partner. And this is very similar to the purchasing controls in the U.S. QSR, the quality system regulations.
There’s also this recently increased awareness of unique device identifiers, UDIs, and on the drug safety supply chain, there’s a similar corollary on the drug side. But in 13485, clause 7.5.8 talks about product identity and the move towards requiring this documentation. It’s no longer just an idea. It’s now coming into force as different timelines have been passed for compliance. I think the only one left is the Class I device, which I think is next year for compliance with UDIs. So now we’re seeing much closer alignment with the U.S. 21CFR820 and this international standard for 13485 where UDIs are required.
So that’s kind of what I wanted to highlight in terms of the regulatory situation that drives us to say we might need better control and better structure for ways to control documents and to understand how changes might evolve as we go forward. So I just wanted to wrap up my part of this talk with two case studies. The first one, a challenge that we had with a very large company, both drug and device, and they had the U.S. FDA come in and issue them a 483, which is a very common scenario if the company has a product that’s been around for 30, 40 years, and all of their history of design records were done on paperback in the ‘70s and ‘80s. Sometimes back to the ‘50s. In this case, it was the mid-‘80s. And they had about 250 boxes of data that were off-site in multiple locations around the world. Some parts had been scanned and indexed from past efforts, and some have not, and they were simply making electronic records.
Well, when the FDA came in, they said, well, that’s not sufficient. You have to actually be able to get your hands on the record that we want to see, such that anyone in your company could find and use the documents that they need in order to understand the history of the device, and what the safety impact of a new signal might be, given that history of the device. So we needed to come in and figure out a way to guide their design history file development, create a framework for their design history file, and actually construct the record where they had all the electronic documents that they needed to fit into that framework.
And in that way, we were able to create a system that they could navigate in order to keep their records organized, controlled, and easily accessed. I know it sounds like a really simple thing, but it’s a really hard thing when you’re coming at a project that’s been going on for 30 or 40 years, and you’ve got paperwork all around the world. But they needed to have control of the BOM. Their order materials, their master record for how they made those devices, the history record, and any engineering change order issues that they had.
So these complex issues are very, very common, and you have to really think them through and solve all of the details first, and then figure out how you’re going to construct a framework that everyone can use. And so electronic systems are really helpful for doing these kinds of things.
The second case study that I wanted to offer us was a non-medical company and they have a small medical device division. So they’re looking at things other than devices. They’re making trains and planes and automobiles, for example, and they had this small division that they had acquired, and they were transferring operations to Minnesota, and they were needing help because the people picking up the new operation were not the 50-year veterans that the people who previously had run this business … They were not the same people, right? So they had to have a way of creating a transfer plan and tracking device movement from the old facility to the new facility, and implementing unique device identifiers at the same time they were doing this transfer.
So a lot of our work focused on trying to help their system move from a simple number, a six-digit number that no one in the new facility had a record of, to having a system where they could both describe what that item was as well as keep it in their system under that BOM, that bill of materials six-digit number so that they wouldn’t lose the traceability of their past record, but they would gain some visibility for the new users to make the use of the system simpler.
So in this process, in both of these examples, it was important to help the companies understand the difference between a design history file, a device master record, and other types of tools that companies use like travelers to follow different production units through the process of development. And keep those things separate, and organized, and easily retrievable is a critical part of our operations, and for companies who are not yet electronic, that move from paper-based to electronic systems is still very, very real. Even today in 2017, the need to think about what companies can use that are maybe incremental improvements or massive overhauls to make this transition complete. Hopefully, in the next three years before 2020 when the new MDR comes out, especially if you’re a global company, these types of changes will be even more apparent if you haven’t done them yet, how important it is to enable your ability to find the right records by being electronic.
So for my part, that’s what I wanted to share, and I look forward to your questions as we go forward, but at this time, I’d like to turn over the controls here to Ann McGuire.
Ann McGuire:
Hi. I’m Ann McGuire with Arena Product Marketing. Thank you, Dr. Frestedt, for your informative talk.
I’m going to talk about how trends in the medical device industry impact your business results as well as how product-centric QMS helps you meet these challenges. After my short presentation, Chris will show how he used Arena at Organ Recovery Systems to comply with recent regulatory changes.
Let’s start by introducing Arena. Arena is the leading cloud solution provider for today’s product innovators. Our enterprise product realization platform is built from the ground up to enable engineering, manufacturing operations, quality, and supply chain partners to collaborate effectively. We empower more than 1,000 customers of all sizes to realize their product goals, and about 20% of our customers develop medical device products.
QMS has evolved over the years in terms of technology, information format, and process workflow. It started as purely paper-based systems with typewriters and word processors, papers, and folders that were then walked around and filed. Then with the advent of client-server computing, software companies emerged that modeled these same documents in electronic files that were indexed and could be emailed and electronically signed for big benefits.
And, today, we have product-centric QMS, which is cloud-based and uses an intelligent product record. We’ll talk a little bit more about that later, but now, just instead of, say, a flat file, like a spreadsheet for a bill of materials, an intelligent product record is a live, complete data set formatted so it works with other enterprise systems.
Here are the trends, and I’m sure you recognize many if not all of them. We’ll discuss how each trend impacts your organization and how product-centric QMS can uniquely help.
The first trend I want to talk about is product complexity. IoT [Internet of Things] and other technology is being used today to administer medicine dosages, monitor vital signs, send the results to nursing stations. It’s also being used to monitor calibration and maintenance schedules on hospital equipment. These are all crucial, cost-effective improvements, but in order to provide that functionality, the products are becoming more and more complex. And a lot of the complexity is because these are different types of components in the product, and they have specialized design tools for each type, and specialized workgroup vaults to manage the daily work in progress. And that’s all good until it comes time to release the product, when you want to get the information to a production system, like an ERP system.
When the information resides in these siloed workgroup vaults, they’re not in any format that an ERP system or any kind of a follow-on system can use, so you have to add another step of actually structuring it into a bill of material, into the format that the other systems need. And, of course, going through all that and its own review process, that slows down new product introduction, new feature introduction. But also with the information scattered in workgroup vaults, it slows down the quality processes, like complaints, CAPA, because all these processes have an investigation step, and it just really slows down the investigator if they have to look among three or four different workgroup vaults for the entire picture of the product to figure out maybe what’s the source of the problem, where should they start doing some more deep investigation.
So how product-centric QMS helps is it connects the complete product record with the quality processes, so it structures all the components that are listed above here. Also, it includes the documentation required to build and market, and support the product, so think about all the documentation there are. There’s assembly instructions. There’s standards. There’s test instructions, packaging, and labeling specifications. So all of these components revise as well as the part, as the product. So we keep that all in that intelligent product record.
Also in product-centric QMS, you can manage product projects, and an example of a product project is adding a new feature to a product. So when you’re putting together that plan, you have tasks, you have durations, you have, of course, owners and deliverables. All those elements of the project, including the deliverables, can be managed in the product-centric QMS system. And the same way quality processes can be all in that same system, which accelerates all these processes, the product, and the quality processes.
The next trend I want to talk about is outsourced development and manufacturing, and whether you’re outsourcing development, like adding IoT functionality to your device, or outsourcing specialized product realization steps, like sterilization, or going full turnkey, more medical device companies are leveraging partners for manufacturing. And the reason for this is it gives them access to innovations—flexible access that they need.
They also get more scalable production capacity, so as your product catches on, you can ramp volume as needed. And you can do all this with reduced capital investment. You don’t have to build a factory.
But the impact of this is they’re all related to the fact that someone who is not your employee is building your products, and I look at it as three major hits. One is quality control. Are they building to the right revision? Next is quality assurance. Are the products coming down the line within the acceptable tolerances? And then the last one is lost expertise. If you have somebody else building your product, someone else becomes an expert in building your product, so there’s some loss there. But with product-centric QMS, it enables global collaboration, so your employees can collaborate with your partners.
So say you are going to add that new functionality to your product. Your engineers and your designers can work with the people directly who are manufacturing the product to make sure that they can review it from a design-for-manufacturing point of view.
You can also, in product-centric QMS, manage supplier quality processes. We have supplier-corrected actions, or SCARs, in the system. You can also support global operations with cloud architecture. A lot of times, these partners aren’t in your area code or time zone. Sometimes they’re on the other side of the world. And so you need to have a system that provides product information to the people who need it any time of the day.
On the flip side, we are talking about your intellectual property, and because Arena has been developed from the beginning to support this business model, there are many layers of security to make sure that your intellectual property is only getting shared with people who need it.
The next trend is growth and mergers and acquisitions. In 2015 and ‘16 alone, there were over 150 acquisitions in the U.S. medical device market. And the reason for that is companies want to be able to provide better service by offering a full range of therapies. They also find that they can manage costs through consolidation.
But the challenge of merging product companies is you end up with large, disjointed data sets, processes, and systems. So potential synergies, or the forecasted synergies, are not realized. But with product-centric QMS, you can harmonize your product processes and get them into the system so everyone can start using them. You can normalize your part numbering, and what I mean by that is you can normalize it with respect to … This is for purchasing. Purchase parts. You can normalize it with respect to the manufacturing part number. You can roll up demand across product lines, and place purchase orders that way, and a lot of our customers are surprised by the volume discount you can get when you do that kind of work.
Next is integrating systems. When you’re merging, you’re also merging your systems together. Because our product information is already in a format that other ERP systems can use, that just facilitates integrating with other systems that you’re merging with.
And then finally the system scales. So whether you’re adding users, new products, new product lines, the system scales automatically with more computing power, memory, storage, whatever you need to keep the performance going. And that’s automatic.
The next trend I want to talk about is operational goals, and today’s medical device customers, as you know, are more cost-sensitive than ever, meaning operational goals are more important to medical device companies. So, some operation goals are product quality levels, time to market, cost of goods sold. There’s just that constant pressure to turn a profit, and there’s two areas … There’s many areas, but these two I want to talk about that can help with this pressure is accelerated NPI (or new product introduction). When you’re the first product to market, you can set the price, and then also the lower cost of goods sold. If there is some price fluctuation, if you can keep the cost of goods sold low, you can retain a margin.
So what product-centric QMS does to help with this is it provides visibility. So it provides accurate product information to everybody who needs it, and the way that I like to think about the value here is what if you didn’t do this? What if you didn’t provide accurate product information, or you provided inaccurate product information? That’s going to hit all your goals. Your product goals, your time-to-market goals. Of course, with those two problems, you’re going to get, the cost of goods are going to go up.
You can also track employee and partner training. Say you have a new assembly instruction, and you want to make sure that the partner reads it, understands it, and starts to use it. You can see that in the training record system, which is part of the product-centric QMS. You can see that they read the new assembly instruction, took a quiz to verify that they can do it, and you know that.
And then, finally, just one more point on integration is, of course, with integration, it helps with product quality by eliminating keystroke errors and time to market. It’s a lot faster than a person.
The final trend I want to talk about, and I won’t talk about this too much because this is going to be Chris’s main topic, is complying with evolving global regulations. So even with initiatives that harmonize global regulations, many markets have their own regulations, and they change. Sorry. Click.
And the impact of that can be a delay to lucrative markets, or maybe you have to leave a lucrative market if you can’t maintain compliance. You have to spend resources to maintain compliance. So product-centric QMS supports compliance. The major way they do it right from the beginning is within Arena, you can define processes, and then it automatically records the activity that demonstrates the compliance. It records all the user activity, so when the auditor comes, you can not only show them your complaint process, you can show them that the users are following that complaint process. And as Chris is going to show you here in a second, you can configure the system to change processes to meet new requirements without any programming.
So these are the trends, and if you are in the medical device field, you are dealing with these trends, and product-centric QMS can help you rise to these new and old challenges. So please contact Arena for more information.
And I am going to hand it off to Chris Hill.
Christopher Hill:
All right. Thank you very much, Ann. There we go. Well, as the slide says, I’m Chris Hill and Director of Quality for Organ Recovery Systems.
So far in the presentation, Dr. Frestedt has told you what we need to do and has told you what we could do with Arena. And my part of this is essentially a case study to tell you what we have done.
So as part of the case study, I start with just a brief introduction to provide the context for the company and the product. Organ Recovery Systems is a small company, but we like to think that we have a big responsibility. We manufacture medical device equipment and the sterile solutions and disposables for use in organ transplants. And as you can see on the map, we sell in a variety of markets around the world.
What you see on the left is the LifePort Kidney Transporter, and on the right, there’s sterile disposables that go with it. So instead of putting the donor kidney in a bucket of ice, our product allows the organ to be profused with solutions essentially to keep it alive or keep metabolism going while it’s waiting to be transplanted. This improves kidney performance in the recipient and increases the number of usable kidneys for transplant since expanded criteria kidneys can be used from less healthy donors this way.
So as a side note, the LKT design on the left has actually received several awards and is on permanent display at the Museum of Modern Art in New York City. The LifePort Kidney Transporter has been around for 15 years, and the LifePort Liver Transporter there on the bottom is in clinical trials now, and we anticipate many of the same advantages for the liver transplants.
So based on our product line, we are closely regulated by the FDA as a medical device, and we need to meet the regulatory requirements of our markets, particularly in Europe, Brazil, China, and Canada.
All right. Well, let’s talk a little bit about what Organ Recovery Systems has seen as challenges. So when we started as a small company, we had the paper system, just like everyone does. But as we grew, things got more complicated. We had geographically separated employees. Our company was acquired by another company. We had multiple supply chain partners. We had contract manufacturer relationships that were terminated. We changed office locations and we had lots of physically archived documentation—those boxes and boxes that Dr. Frestedt mentioned in her case study. That was us at one point, too.
Ann touched on many of these topics in her slides, so what I’m going to talk about is specifically how Organ Recovery Systems tackles these challenges using the Arena platform, and how we plan to meet the new challenges that Dr. Frestedt discussed in her slides.
So, get started with the basics. Every company needs to control their design, their processes, and the documentation. That part is nothing new. But what we did, and obviously we picked the electronic control approach rather than the paper system now, or I wouldn’t have been invited to join you today. Arena has the bill of material and the change module already provided in a pretty easy format to use, so there’s very little customization. We uploaded our drawings. We customized the change of workflow to suit our terminology and our needs. We were able to document the change of description, the rationale, the approvals. Everything was secure and compliant with 21CFR11. So during the audits for FDA, for ISO, for customers, we can pull up the current version of any product drawing or procedure very easily.
Likewise, every company at QMS has to document complaints. We investigate issues. We track corrective and preventive actions. The Arena quality module comes with some standard workflows, but we modified them to meet the ISO 13485 and the 21CFR820 standards. Ann used the term product-centric QMS and, really, these workflows are where that becomes advantageous. At each step in the workflows, I can link the CAPA, the audit observation, the complaint, the nonconformance, et cetera, directly to the product itself, or to a change made as a result of the investigation, or to a document that describes the risk assessment, or to another related investigation. So, essentially, you can provide that evidence of implementation at any step of the way.
Everything can be cross-referenced so all supporting documentation is easy to get to. And when it comes time for trending the quality processes, I can export the data as a report into Excel and then use the pivot tables and charting functions to make it look much nicer.
So documenting control and the workflows address may of the basic requirements. I also wanted to share what we thought was a creative use of Arena to cover other basic requirements.
Traditionally, the device master record and the design history file were large files or binders that physically held the documents needed to support product claims or to submit to regulatory agencies, and if they got ever larger, many companies move to indexes, referencing the binder or the physical location of the documents. Maintaining those files can be a lot of work since the documents are often being updated to meet new standards, new submissions, new claims, labeling updates, et cetera.
So what we did at ORS, we created a living device master record and a design history file using the Arena Quality Module. Each has an index of documents organized by the ISO and FDA standards with introductions to explain the contents of each section. Once we had them created for each product group with the correct documents scanned, uploaded, and linked, maintaining them became a much easier task. Individual documents can be updated, but the DMR and the DHF indexes always link to the current version. Auditors, including the FDA, really like this approach.
Dr. Frestedt mentioned the increased focus on risk management by ISO and the FDA, so as a company, Organ Recovery Systems needed a simple way to incorporate risk assessment into the processes without making it overly burdensome. So we addressed this in two steps. I’ll describe it. The first step, and then come around to the second piece momentarily.
So, number one, we incorporated a risk assessment into the change management process, the ECO, with a series of 10 yes or no pull-down menus to answer questions right out of the FDA guidance document for when to submit changes to a 510K. So, is it a control mechanism change? Is it an operating principle change? Is it a change in energy type? And you probably recognize some of those questions, and based on the answers, we classified the change as either minor or major. Minor changes can go through pretty quickly, with minimal review and approval, while major changes require a review of the risk management file.
Similarly, we needed a way to incorporate a review of the verification and validation requirements as part of any change. This isn’t a new requirement, but we wanted to make it easier and more consistent in execution. So what we did, just like before, based on the change level, a minor change can go through pretty quickly, but a major change would require an assessment for revalidation or reverification needs. The design history file with the design requirements and a validation and verification report are only a few clicks away.
So coming back to risk management, we needed an efficient way to incorporate a review of the risk management file into the change management process. We talked about how I added it to the ECO before to make it mandatory to do the review, but I needed to make it easier. So just like the device master record and the design history file, we created a living risk management file using the Arena Quality Module. Each risk management file is an index of documents organized by the ISO and FDA standards with introductions to explain the contents of each section, just like before. Major changes require a review of the risk management file, which happens to be easily accessible and just two clicks away.
So really, all the Arena architecture I’ve discussed comes down to our efforts to make data access more efficient and effective for the end-user. We’re a small company with a limited headcount, so we need an easy way to manage the processes that meet those regulatory requirements and provide a practical benefit.
So that was short and sweet, I hope, as a case study, and I will hand it back to Mr. Chris Keech for some questions.
Chris Keech:
All right, thank you Chris, and thank you Dr. Frestedt, and thank you, Ann, for a great presentation.
Now, before I begin with today’s Q&A, please direct your attention to our webinar survey available on the right- hand side of your presentation window. If you’ve closed the survey, you can reopen the widget by clicking on the icon along the bottom of your screen. And thank you in advance for filling out the feedback form. Your participation in this survey allows us to better serve you.
We’re now going to move on to the question and answer portion of our event. As a reminder, to participate in our Q&A session, just type your question into the text box located to the right of the presentation window, or click on the Q&A icon at the bottom of your screen, type your question in, and then click the submit button. Please note that we’ll try to get to as many questions as we can in the time that we have left, but if we do not get to your question today, someone will be getting back to you via email after the program is over.
And so, let’s move on to our first question. I should say our first question is going to be for Chris. Chris, how do you do trending of quality data entered into the Arena workflows?
Christopher Hill:
Okay. When you’re setting up the quality process, you’ve got the option to put different attributes with pull-down menus. So when I want to set the basic classifications, I’m going to do all that classification work upfront so when they open a new complaint or a CAPA or an investigation, whatever it is, they select from the predefined pull-down menu for each of the root cause and the source and the supplier.
Once that’s done, the rest of it I do outside Arena. So I can run the report, I pull all that data out of Arena, it gets populated into an Excel spreadsheet, and then from there, I can use the pivot tables and the charts to make the trending much, much easier.
But the key would be to get those pull-down menus built into the initial data collection. That makes the trending much easier later on.
All right. Thank you, Chris. We have another question here for Dr. Frestedt. Dr. Frestedt, your second case study involved an acquisition. What steps do you take the client through to harmonize processes? Any advice for someone just getting started?
Dr. Joy Frestedt:
Oh, yes. Plenty of advice. You’ve hit on a really critical piece about harmonizing different processes from different groups, right? So it’s not enough just to have a system, but different groups have to understand that it’s present, and they have to learn how to use it.
So the advice is, first, have a grand plan. Few things happen in this world without a plan. This is no different.
Understand what the attributes are that are really helpful for people and tell them about that. Basically, sell your plan to the audience.
Secondly, know where the hiccups are, the places, the pitfalls that may be difficult, and may be different than what you’re used to doing, so if you’re used to doing paper, people are going to have a hard time adapting to electronic. And you just need to smooth that out for them and stay focused on the positives.
So I guess harmonizing is, in one sense, kind of letting go of the things of the past, and adapting to the things of the future, while still keeping quality center of mind, right? So making sure that all the things that you’re doing that used to be paper-based and are now electronic if that’s the example, that the people are aligned on that goal and help them to celebrate their successes, right?
So my advice would be to have a plan, walk people through it, stay focused on the positives, and celebrate the success.
Chris Keech:
All right, thank you, Dr. Frestedt. We have another question here for Chris. Chris, other QMS software solutions link investigations and corrective actions with parent/child relationships. So how is this accomplished in Arena?
Christopher Hill:
Sure. There isn’t a formal parent/child relationship, and I’ve used TrackWise. It takes that approach and a few others, but everything in Arena can be linked. So you can link the items, the files, the processes to each other, so you still get the same linkage, but it’s more of a … We’ll call it a pure relationship rather than parent/child. So it is still easy to jump from one investigation to the corrective action. In fact, you can have multiple corrective actions linked to the investigation. Multiple CAPAs or multiple nonconformances, we haven’t had a problem with that.
Chris Keech:
All right. Thank you, Chris. We have a question now for Ann. Ann, how does Arena help with system validation?
Ann McGuire:
Hi. Thanks for asking.
Ann McGuire:
Yeah. This is another benefit of cloud architecture. People who’ve invested in client-server architecture-based products may have gone through the long validation process, which results in not wanting to go through the long validation process again, so you don’t want to ever upgrade the system. So we call that rev lock, so you might be rev locked if you can only access your system through some kind of an antique browser, say.
But, anyway, the way that Arena can help with validation, it starts with cloud architecture. Everybody is running the same release, the same version of the software, so Arena validates the application against predefined requirements, which are also called intended uses, for every release, and then it shares the documented validation results with the customers that subscribe to that service.
If you need any more detailed information, contact us and we will help you, but we give you a big head start on validation.
Chris Keech:
All right, thank you, Ann. Another question here for Dr. Frestedt. Dr. Frestedt, do suppliers to device manufacturers need to comply with ISO 13485 and/or 21CFR?
Dr. Joy Frestedt:
Well, suppliers can choose to comply with ISO 13485. It is not mandatory. It’s a guideline or a standard. By choosing to comply with an international standard like this, you can have a well-founded argument for why your process should be a good process. But in that choice, you need to make sure that your company can actually do those things in order to be compliant with the mandatory 21CFR820, the quality system regulation. That’s not optional. The suppliers, though, may not be doing something that’s directly governed by the regulation, and it’s the job of the manufacturer to make sure that they understand who their critical suppliers are versus just supplying paper, for example, to record information on is different than a supplier who is making a critical component on a device, or if that critical component fails, the patient may be harmed.
So those persons, those third parties, if they are, are making those critical basic components of your device, they must comply with the federal regulations in the United States or the international regulations if they’re overseas. And it’s the job of the manufacturer to make sure that the whole device hangs together, and that the weakest link has been well considered, and the enforcement of overseeing that risk and making sure that the risk is removed is the job of the manufacturer.
So the supplier may argue that they don’t need to be compliant with 21CFR or the regulations. That may or may not be true, but it’s the job of the manufacturer to know the difference, and then to enforce it through their supply chain, buying parts that will make the product safe and make it perform as intended.
Chris Keech:
All right, thank you, Dr. Frestedt. We have time for, it looks like, just one more question here. This one is going to be for Ann. Ann, how could Arena scale for a small startup company with only five to six employees?
Ann McGuire:
Great question. A lot of Arena’s customers do start when they’re small. Our prime example is GoPro. Started with I think it was three employees when they invested in Arena. License-wise, you can buy as little as one license and, of course, with the cloud architecture, that license includes all the hardware you need. So you’re not buying anything for your site.
Ann McGuire:
Also, you would start with Arena’s experienced consulting staff to start you right off with good practices right from the beginning. So it is actually very easy. We have a lot of customers that start with just three to six, fewer than 10, I should say, employees. Yeah, if you have any concerns, just contact Arena. But, yes, we do that frequently, and it’s a great benefit as you scale.
Chris Keech:
All right, thank you, Ann.
Ann McGuire:
Thank you.
Chris Keech:
That does look like all the time that we have for questions for today. I’d like to thank Dr. Frestedt, Christoper, and Ann. Qmed appreciates your time and expertise on today’s topic. And I’d like to thank our sponsor, Arena, as well as everyone in the audience. We appreciate your attention and participation.
Within the next 24 hours, you’ll receive a personalized follow-up email with details and a link to today’s presentation on-demand. Please feel free to invite your colleagues and peers who may not have been available to attend today’s event.
This webinar is copyright 2017 by UBM. The presentation materials are owned by our copyright by Qmed, and Arena, and the individual speakers are solely responsible for their content and opinions.
Once again, we’d like to thank you for joining us, and we hope you have a great day.