The U.S. FDA’s effort to marry its quality systems regulations with ISO 13485 has hardly gone off without a hitch, but Melissa Torres, director of international programs at the FDA’s device center, said the agency is “very hopeful” it can publish a draft rule for that task by the end of this year. However, Torres said some of the accompanying inspectional questions are still up in the air, advising attendees on a webinar that the FDA “will not be simply accepting 13485 certificates” for inspections in lieu of FDA inspections.
Torres was speaking on a June 8 webinar hosted by the Association for the Advancement of Medical Instrumentation (AAMI), during which she noted that the appearance of the FDA transition from Part 820 to ISO 13485 had first appeared at the Office of Management and Budget’s unified regulatory agenda in 2018.
The proposal has appeared twice since then at the OMB regulatory agenda to reflect the shifting timelines for harmonizing device quality systems regulations, and Torres repeated the oft-heard claim that the U.S. Quality Systems Regulations (QSRs) and ISO 13485 are roughly 95% identical. “It was important to look globally and recognize that 13485 is used by many other regulatory entities around the world,” Torres said, which means a shift to the ISO standard would decrease the burden on both industry and competent authorities.
‘A few years’ likely to pass before implementation
The FDA is still working on the proposal for the change, but the wide range of organizational effects is complicating that task, Torres said. The objective is to issue a proposed rule this year, which will be accompanied by an advisory hearing. She said that once the rule is in finished form, the FDA’s transition to 13485 would require “a few years” to complete, adding that there are some legal requirements that have to be addressed as that transition takes place.
However, Torres also noted that there are several questions about the agency’s inspectional authority in this new regulatory realm. The FDA is a member of the team of competent authorities that are taking part in the Medical Device Single Audit Program (MDSAP), which is built around ISO 13485. However, the FDA will not simply accept at face value any non-MDSAP inspections under the 13485 regime in the meantime.
Torres said the Quality Systems Inspection Technique (QSIT) will have to be amended to reflect the new requirements under the ISO standard. An August 1999 FDA document provides some details about the QSIT program, a top-down approach that entails examination of a company’s records. Torres said medical device manufacturing sites across the globe are taking part in the MDSAP program, a development the FDA has lauded, but she noted that the definition of risk as spelled out in ISO 13485 “is quite concerning” for the FDA. The FDA expects that participation in the MDSAP program will continue to be voluntary after the agency formalizes its adoption of 13485.
Eamonn Hoxey, who chairs the AAMI board of directors, said ISO has gone to some lengths to highlight the common elements in the various QMS standards it publishes, a series of publications that address aerospace and automotive safety, among others. ISO had considered a revision of 13485 as part of a quinquennial review of standards, but the regulatory instability in Europe and elsewhere drained any appetite for a significant overhaul of 13485. The net effect of the ISO action on 13485 was to confirm the standard as is for another five years, although ISO can move to revisit the standard more quickly should circumstances suggest a need.
MDSAP mandates disclosure of internal audits
Aaron Dunbar, vice president for research and engineering for Boston Scientific Corp., of Marlborough, Mass., advised that Part 820 is significantly more prescriptive than ISO 13485 on a number of points, including regarding the content of product labels. The definitions used in the two standards are not fully overlapping, but those definitions are not identical even when they address the same subject. However, Dunbar noted that while the FDA does not require that firms disclose the results of internal quality systems audits, those documents must be presented on demand for MDSAP certifications. MDSAP participants are thus more comfortable providing those documents to representatives of regulatory agencies, and he said, “I don’t think that will be too big a deal for most firms” in the MDSAP program.
The FDA will have to deal with combination products in its rulemaking on the 13485 convergence, including Part 211, the portion of the Code of Federal Regulations that describes good manufacturing practices (GMPs) for finished pharmaceuticals. The MDSAP program is not applicable to combination products, however, a difference that may or may not be exacerbated by a recent FDA compliance program bulletin.
The June 4 bulletin addresses inspections of facilities making drug- or device-led combination products, and calls for the issuance of a single establishment inspection report as well as a single inspectional form 483, assuming a 483 is necessary. The FDA field inspector is instructed to use inspection practices as spelled out by the Office of Regulatory Affairs for the lead center on that combination product application or approval. This applies for biologics license applications handled by the Center for Drug Evaluation and Research, but combination products led by a product regulated by the Center for Biologics Evaluation and Research are governed by a separate policy document.