Best Practices

Navigating Medical Device Compliance: 6 Key Tips

Medical Device ComplianceMedical device development is inherently complex, with numerous ever-evolving regulatory statutes to comply with and especially high stakes for ensuring the ultimate safety of the product. In fact:  

  • Medical device recalls rose 50% in 2019, demonstrating the growing complexity of devices and their points of failure, as well as active regulatory enforcement.  
  • Class I recalls, the most serious type, having a “reasonable probability” of the affected device causing harm, have surged at an even higher rate. 
  • Devices like software-driven pacemakers illustrate the tradeoff between more complex hardware and more extensive risks requiring mitigation. 

Indeed, the growing centrality of software to modern medical devices is a particularly notable challenge for manufacturers in this context.  

Not only do software-driven devices require a particular and extensive approach to risk and requirements management, but they also create pressure to accelerate time to market due to an increasingly competitive market. New entrants into the medical device space have used software design to rapidly differentiate their products and compete with incumbents, as the FDA’s 2018 Class II de novo clearance for EKG-equipped Apple Watches shows. 

Bringing medical devices to market quickly while preserving their quality and complying with regulations is a balancing act, albeit one that can be executed successfully with the right requirements management platform. Medical device compliance is achievable via a coherent, well-documented product lifecycle and real-time collaboration, both of which require efficient processes. 

Based on our work with hundreds of medical device developers, we’ve compiled this guide to navigating the complexity of medical device compliance. Let’s dive into six tips for improving your development practices.

Tip 1: Use a Tool That’s Already Aligned with Industry Standards

ISO 14971:2019 and ISO 13485:2016 both include detailed guidance on how to manage medical risk and quality management processes as part of the product lifecycle process. However, it can be difficult to know how to even start adhering to them under an requirements management (RM) methodology rooted in Microsoft Word or Excel. Teams can struggle to capture and export all of the necessary data to prove end-to-end traceability and pass audits.  

Instead of reinventing the wheel for standards adherence for each project, take advantage of the standard frameworks in a platform like Jama Connect for Medical Device Development. These save precious setup time and keep development aligned with key industry regulations such as ISO 14971:2019, 21 CFR 820.30, and ISO 13485:2019.  

Tip 2: Migrate Away from Document-Based Workflows

Medical devices take an average of three to seven years to reach market. During that time, they will require many tests that must be traced back to requirements, plus the requirements themselves will frequently change in response to stakeholder feedback. Add in the risk inherent in complicated medical device creation, and it’s a recipe for trouble without a modern, structured platform in place. 

To keep pace with the complexity of medical device development, document-based workflows must be left behind. Circulating lengthy, discrete documents via email doesn’t scale to modern projects, nor is it the most efficient means of gathering and synthesizing feedback from remote engineering teams. A dedicated RM platform that offers a single source of truth makes medical device compliance processes much more straightforward.


RELATED: Your Guide to Selecting a Medical Device Development Platform


Tip 3: Upgrade Your Approach to Traceability

Traceability is central to medical device development, as it is the only systematic way to demonstrate that design inputs are being met and verified as part of the design control process. Inadequate traceability can lead to errors when done manually, also making it difficult to produce audit documentation, manage change, and prove medical device compliance.   

Beginning in the 2010s, software became a leading cause of medical device recalls. Accordingly, in order to avoid medical device recalls or worse, traceability must be sufficiently advanced to: 

  • Link high-level requirements to sub-system requirements across the development lifecycle 
  • Provide traceabililty between all requirements and tests in one system, ensuring requirements are verified and validated 
  • Produce necessary documentation for audits and regulatory standards 
  • Eliminate the need to manually rebuild traceability  

By having an automated way to show the impact of change on requirements rather than a spreadsheet, it significantly reduces the amount of manual effort needed to look at siloed data and where changes may be needed.  

Tip 4: Create a Detailed Audit Trail

 Another benefit of traceability is the ability to create a detailed audit trail demonstrating why something was built the way it was, at what time, and by whom. These audit trails are required for medical device development but can be nearly impossible to produce effectively if done so too late in the development process or with manual tools. 

Real-time reporting and baselining are necessary for accurately tracking changes to information within a system. Make sure your RM platform can provide this type of “living” documentation of the development process, with all changes accurately captured as they happen. Plus, look for export functionality for sending data easily to other systems of record like a quality management system (QMS) if necessary.    

Tip 5: Prioritize Secure Management ofElectronicSignatures and Records

The FDA’s 21 CFR Part 11 defines criteria for how electronic signatures and records can be used as equivalent to paper records.  In order to meet this regulation’s very high bar for proof of electronic record and signature compliance, the proper access controls and security mechanisms need to be in place, such as: 

  • Authentication of users via unique usernames and passwords 
  • Limitations on who has the authority to create an electronic signature 
  • Full details on when the signature was created, what it means, and who authorized it 
  • Options for accurately and safely exporting the data in it for other systems or formats 

In Jama Connect, we consider reviews the electronic record, which the FDA defines as “any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.” Reviews in Jama Connect adhere to the requirements for closed systems and include electronic signatures and the requirements for linking between signatures and records.

Tip 6: Perform Risk Analysis Early and Continuously

Waiting until the later stages of development to perform risk analyses will complicate medical device compliance and uncertainty in the product development process. More specifically, it will slow down the entire project due to the need to gather documentation from multiple sources, make any necessary late-stage changes (for example, in response to missing traceability between requirements and risks), and ensure test results reflect the latest updates to risks. 

Jama Connect allows for risk analysis aligned to industry standards like ISO 14971:2019, treating risk management as an integral part of the product lifecycle process. Your organization can standardize and integrate your risk analysis, evaluation, and management processes in our platform to create a single source of truth for everything risk related. 


To see more information specific to the medical device development industry, we’ve compiled a handy list of valuable resources for you!

SEE MORE RESOURCES