IMDRF latest developments: towards global regulatory harmonisation

International Medical Device Regulators Forum (IMDRF) is a group of regulators specialising in the field of medical devices. The IMDRF aims to move forward with international medical device regulatory harmonisation and convergence. Established in October 2011, the current members of the Forum are Australia, Brazil, Canada, China, Europe, Japan, Russia, Singapore, South Korea, the United Kingdom, and the United States. In 2023, the IMDRF conference took place in Brussels, as the EU is this year’s Forum Chair.

Among the various activities, the IMDRF regularly publishes documents providing guidance and best practices to various stakeholders of the medical devices sector. Between January and April 2023, the IMDRF has published five technical documents addressing cybersecurity, regulatory review reports, personalised medical devices, and post-market surveillance.

Principles and Practices for medical device cybersecurity

In April 2023, the IMDRF published two documents on the cybersecurity of medical devices. The Guidance Principles and Practices for the Cybersecurity of Legacy Medical Devices provides stakeholders with suggestions on how to maintain cybersecurity of legacy medical devices. In particular, the document offers support by:

  • Explaining legacy medical device cybersecurity within the context of the TPLC Framework (Development, Support, Limited Support, and End of Support);
  • Providing recommendations for Master Data Management (MDM) and healthcare professionals (HCPs) in communication, risk management, and transfer of responsibility to the HCP;
  • Providing recommendations on compensating controls after End of Support;
  • Presenting implementation considerations for MDMs and HCPs for existing legacy devices developed prior to the TPLC Framework.

In a second publication on cybersecurity, the Forum addresses the software bill of materials (SBOM) concept in the United States. The document Principles and Practices for Software Bill of Materials for Medical Device Cybersecurity gives:

  • Recommendations for medical device manufacturers in SBOM generation, management, and distribution;
  • Recommendations to healthcare providers on SBOM ingestion and management;
  • Examples on SBOM use for risk management, vulnerability management, and incident response.

Regulatory Review Report

In February 2017, the Forum published Medical Device Regulatory Review Report: Guidance Regarding Information to be Included. The content of the regulatory review report should present the following topics:

  • Regulatory Review Chapter, with information on the review scope, the Conformity Assessment Body (CAB), and other regulatory submission information;
  • Regional Administrative Chapter, including, among others, a cover letter on the type of regulatory submission, Quality Management System, Free Sales Certificate, statements, certifications, and Declarations of Conformity as well as letters of reference and authorisation;
  • Submission Context Chapter, which provides a summary of certifications for premarket submission, device description, Indications for Use, intended use and contraindications, global market history, and any other submission context information
    provided in the regulatory submission;
  • Non-Clinical Evidence Chapter, with risk management, Essential Principles (EP) Checklist, standards and guidance, non-clinical studies, non-clinical bibliography, and expiration period/shelf life and packaging validation studies;
  • Clinical Evidence Chapter, including clinical evidence summary, informed consent information, investigator sites and Investigator Review Board (IRB) contact information;
  • Labelling and Promotional Material Chapter, with labels, Instructions for Use (IFUs), e-labelling, physician labelling, patient labelling, technical and operators manual, patient file stickers, cards and implant registration cards, and product brochures;
  • Quality Management System Procedures and Quality Management System Device-Specific Chapter Information.

Personalized medical devices: harmonisation for verification and validation

In April 2023, the Forum published Personalized Medical Devices – Production Verification and Validation. This document provides guidance on harmonisation for verification and validation of a patient-matched medical device and a medical device production system (MDPS).

Generally, a personalised medical device is a medical device intended for a particular individual, including custom-made, patient-matched, and adaptable medical devices.

Verification and validation aspects of specified design envelope

Manufacturers of a patient-matched medical device should test production units under real or simulated conditions of use in order to establish the characteristics and limits of that specific design. Specifically, in the design and development activities, manufacturers of such devices should provide:

  • Device description, range of user needs and intended uses;
  • Design envelope schema;
  • Based on whether it is an implantable or non-implantable medical device, worst-case device designs in the technical documentation, supported by clinical data in case of implantable devices;
  • Imaging data for patient-matching;
  • Design verification and validation activities;
  • Clinical evidence requirements and labelling requirements.
Verification and validation aspects of medical device production systems (MDPS)

A medical device production system (MDPS) is given by the resultant medical device and the medical device production process (MDPP) elements. Raw materials, main production and post-processing equipment, software and digital files, and operating instructions define a resultant medical device.

For the verification and validation of an MDPS, the IMDRF Guidance provides general principles to follow:

  • MDPS description;
  • Key considerations in MDPS design development;
  • Risk management plan for MDPS;
  • User facility requirements, competence, training, and human factors validation;
  • Clinical evidence requirements and labelling requirements.

Post-market surveillance reports

Finally, in April 2023, the IMDRF published a guidance document on Medical Devices: Post Market Surveillance National Competent Authority Report Exchange Criteria and Report Form. After providing an overview of the criteria and procedures to follow, the guidance suggests the use of the National Competent Authority Report (NCAR) Form.

The document provides a template of the form (Annex I) as well as instructions on how to complete it.

MDlaw Library includes all latest IMDRF documents.

Leave a Reply

Your email address will not be published.