QMS & Medical Device Vigilance
Quality Management System (QMS)
All manufacturers of medical devices need a Quality Management System (QMS) that covers, among other topics the development, production and monitoring of products on the market. Manufacturers often develop their QMS according to ISO 13485 to prove that they meet the legal requirements of the Medical Device Regulation (MDR) (Regulation (EU) 2017/745) and the In-vitro Diagnostic Regulation (IVDR) (Regulation (EU) 2017/746) for a QM-system.
With the exception of Class I medical devices, certification of medical devices by a notified body is usually required. Policies, Standard Operating Procedures (SOPs) and Work Instructions are all necessary to ensure that processes established within an organisation are adequately described in accordance with applicable regulations, directives, ISO standards etc..
Manufacturers are obliged to have available within their organisation a person who is responsible for regulatory compliance and to ensure, for example, that the technical documentation is prepared in compliance with their own QMS procedural documents and other medical device requirements. Due to the strict regulatory nature of the industry, best practices need to be established, documented and implemented.
Not only medical device manufacturers have to comply with the Medical Device Regulation (MDR), but also other stakeholders such as e.g. distributors, importers or authorised EU-representatives. The aim of the Medical Device Regulation (MDR) (EU) 2017/745, is to ensure that each economic operator checks – where possible – that the economic operator one step earlier in the supply chain has complied with the regulatory requirements.
Post-market surveillance (PMS)
Post-market surveillance (PMS) is designed to monitor the performance of a marketed medical device by collecting and analysing field use data. Article 10 of the EU MDR (EU) 2017/745 and IVDR (EU) 2017/746 requires all device manufacturers to have a post-market surveillance system in place.
Besides the classic sources of safety data such as clinical evaluation reports, complaint and adverse event reporting, manufacturers have to proactively search for safety-relevant information to their own products on a world-wide basis in social media networks, industry and academic literature, EUDAMED (European Database for Medical Devices) database and registries. The manufacturer is responsible to regulate with their distributors, authorised representatives and importers who is responsible for which activities in the context of post-market surveillance.
Until the EUDAMED database is fully operational in accordance with Article 33 of the MDR (EU) 2017/745, notification of serious incidents have to be submitted to national competent authorities within the timelines outlined in Article 87(3) to (5) in the MDR.
All incidents have to be collected by the manufacturer in order to comply with the requirements for trend reporting in accordance with Article 88 of the MDR.
Audits & Inspections
Organisations which maintain a certified QMS according to ISO 13485 are part of regular audits by the organisation which issued the ISO certificate.
The majority of compliance activities are initiated and resolved in writing, however, it may be necessary for competent authorities to inspect medical device manufacturing sites.
Under the Medical Device Regulation (MDR) (EU) 2017/745, national competent authorities can issue:
- A compliance notice to formally outline perceived offences and request to correct a non-compliance
- A restriction notice, in order to restrict the availability of a particular medical device, or of devices of a particular class or description.
Audits provide an objective evaluation of an organisation’s system. Good audits will provide an accurate measurement of the implementation of an organisation’s system against its procedures and the applicable legal requirements. They are a vital part of the Quality Management System (QMS) of an organisation.