Traceability: Navigating The Myriad Of Compliance Rules And Regulations
Any newcomers to the medical devices manufacturing scene, could be forgiven for thinking that every part of their life has to be documented and evidence must be available. Well, that’s not far from reality, certainly in terms of all that relates to the development and production process for manufacturers.
To help make sense of this, we designed Compass to effectively be the engine underneath the guided compliance to help navigate through the myriad of compliance rules and regulations.
Because the onus is on the manufacturer to comply with everything stipulated by the relevant regulatory authorities – namely the U.S. Food and Drug Administration (FDA), European Medicines Agency (EMA) and national competent authorities including the UK’s Medicines and Healthcare products Regulatory Agency (MHRA) – they need to show evidence to be able to answer each and every requirement.
This includes translating user needs into design inputs which, in turn, need to be documented and linked to design outputs. Add to that, risk analysis of what needs to be tested and controlled, these essential elements comprise the working parts of our engine and are at the heart of Compass, providing vital support for those building medical devices.
That all makes sense, when one considers the need for safeguards and the exacting liabilities imposed on the potential life-saving applications of medical devices, but what can this offer from a user’s point of view?
For a start, there is absolutely no room for error. You literally can’t forget or miss a step and must follow demonstrably watertight processes. This is why traceability protocols enabled by Compass are so important from start to finish of the development of a product though to market adoption.
Traceability Tracks & Monitors Standard Operating Procedures
Compliance is not optional. Compass supports compliance with major industry standards and regulations, including: IEC 60812, 21 CFR part 11, EU 2017/745, ISO 13485, 21 CFR 820.30, ISO 14971, IEC 62366. Standards are issued at different levels:
- National (e.g. American National Standards Institute or ANSI in the US)
- Regional (e.g. European Committee for Standardization or CEN)
- International (e.g. ISO and the International Electrotechnical Commission or IEC)
Apart from mandatory records, traceability allows manufacturers to track and monitor Standard Operating Procedures (SOP). In this way, you can document processes on how you work — demonstrate what your device is and show that you adhere to your way of working (SOP) and that everyone involved in the design and build of the device possess the appropriate skills and experience.
That means that only those who are qualified are able to make changes, that they need the right permission/authorisation level to sign off on tasks throughout the manufacturing process. This is implemented online with Standard Operating Procedures, governing roles and responsibilities, establishing who is assigned to each role – all of which must be documented in the development plan, confirming that personnel have all worked in these processes. This protocol will also be able to track any changes relating to specific individuals and that they had the right authorisation.
Authorisation: Built In From The Ground Up
In Compass, we document the design and development process, the roles, who are assigned to them – and these are the people who can use the tool — so Compass guides you to ensure that you have the right responsibility. It logs everything everyone wants to do.
A history file will record all of this providing complete visibility and accountability down to the time, the action taken, and the person who did it. Everything is recorded from a process and personnel perspective.
At Compass, we start by describing the roles assigned to individuals and set up the roles within the software itself, assigning responsibilities in line with workflow. Everything is logged in the history of the document and every action is assigned and accounted for.
For example – within the Compass software environment you could look at the user needs section and try to access the document. But checks and security levels are built in. That means that to edit records, you’re prompted to sign-in by password and take several other steps; therefore only an approved user would be able to fulfil this action. Authorisation is built in from the ground up, through assigning responsibilities from the start.
Evidence That Everything Was ‘Done By The Book’
In fact, the tool cannot start working unless the documented development and risk management processes are in an approved state, ensuring full accountability and traceability.
Full audit logs of who did what at each stage ensures compliance accuracy and that personnel cannot depart from agreed protocols and provides cast-iron evidence that everything was ‘done by the book’. This is essential in ensuring safety and transparency and provides proof that everything has been conducted correctly and that the approved and assigned people were involved in the right way.
Using Word and other document management systems, a level of safety can be achieved, but you would be lucky if there was any clarity about who did what. You need an accurate ‘Compare’ function, but that is not available in other systems, because they are not designed for it.
With Compass there’s no way that anyone could say ‘It wasn’t me’. No escaping the audit trail here. And considering in the US (but not yet in Europe), the FDA are actually police officers and have the authorisation to arrest in cases of breach of processes or attempts to falsify records, the need for traceability goes beyond compliance.
Yes, compliance is a serious business. And it needs to be.