Tag Archive for: Compliance & Regulation



Jama Software is always looking for news on our customers that would benefit and inform our industry partners. As such, we’ve curated a series of customer spotlight articles that we found insightful. In this blog post, we share a press release, sourced from Cision Distribution by PR Newswire, about one of our customers, magniX titled “magniX Powers First Point-To-Point Flight of an All-Electric Helicopter” – originally published on November 4, 2022.

magniX Powers First Point-To-Point Flight of an All-Electric Helicopter

Flight of Battery-Powered Robinson 44 Helicopter Accelerates Path to Sustainable Delivery of Life-Saving Organs

EVERETT, Wash., Nov. 4, 2022 /PRNewswire/ — magniX, a manufacturer of electric propulsion solutions for aviation, is pleased to have powered the first fully-electric helicopter flight between airfields, in partnership with Tier 1 Engineering. The modified electric Robinson 44 (eR44) helicopter powered with a magniX magni250 electric propulsion unit (EPU) made its historic journey from Jacqueline Cochran Regional Airport to Palm Springs International Airport, arriving on 29 October 2022 at 11:00am PST, in a flight that lasted approximately 20 minutes.


magniX Powers First Point-To-Point Flight of an All-Electric Helicopter

Tier 1 Engineering is developing the magniX-powered eR44 for Lung Biotechnology PBC, a subsidiary of United Therapeutics Corporation, a biotechnology company dedicated to addressing the severe shortage of transplantable organs in the U.S. The magniX EPU was retrofitted into the helicopter together with a battery system developed by Tier 1 Engineering, specialists in the design and development of electric aircraft. The eR44 is designed to deliver human and manufactured organs for transplant with zero carbon emissions at the point of use.

RELATED: magniX, Selects Jama Connect® for Its Ease of Use and Quick Deployment

“Building from our first flight of the eR44 helicopter last June, the successfully completed point-to-point flight takes us a step closer to the sustainable transport of life-saving organs,” said Nuno Taborda, CEO of magniX. “magniX is excited to be part of an initiative that will positively affect those in need of urgent medical care. This is only the start of the applications for electric helicopters, which have a bright future as low-cost, carbon-free, reliable alternatives to combustion engine models.”

magniX Celebrates Another Industry First

Since December 2019, magniX has also provided the technology to power a number of first flights, including that of Harbour Air’s “eBeaver”, a Cessna “eCaravan” and, most recently in September 2022, Eviation’s all-electric commuter aircraft, Alice. This point-to-point flight of an electric rotary aircraft represents the latest first for the industry-leading electric solutions company. Tier 1 Engineering is currently working with the FAA on the eR44 project to obtain a Supplemental Type Certificate (STC). Lung Biotechnology PBC plans to acquire a fleet of sustainable aircraft to transport transplant organs.

“We are committed to charting a new path forward for the zero-carbon delivery of life-saving organs,” said Dr. Martine Rothblatt, one of the helicopter’s pilots and CEO of United Therapeutics Corporation. “Saturday’s point-to-point flight proves that the technology necessary for our mission is already here, as we actively work with the FAA to certify the eR44 helicopter.”

RELATED: Eight Ways Requirements Management Software Will Save You Significant Money

“Together we achieved an incredible outcome for the world’s first airport-to-airport cross-country all-electric helicopter flight,” said Glen Dromgoole, President of Tier 1 Engineering. “magniX has again demonstrated the reliability and power of its electric propulsion units, and we’re proud to continue this journey to create sustainable options for organ donation and, ultimately, help save lives.”

About magniX

Headquartered in Everett, Washington State, U.S., magniX is dedicated to leading an era of environmentally-friendly and sustainable aviation. magniX has developed a family of flight-proven electric propulsion units (EPUs) and is fast maturing its energy storage systems (ESS) for commercial aviation. With high levels of reliability, unparalleled performance and operational practicality, magniX is leading the aviation industry into a sustainable future. magniX is a subsidiary of the Clermont Group, an international business group headquartered in Singapore. For further information, please visit www.magnix.aero.

FINN Partners for magniX
[email protected]



In this blog, we recap our press release on Jama Software® becoming the ONLY requirements management vendor that is SOC 2 Type 2 compliant on the application layer and data center offerings.

Jama Software® Receives SOC 2 Type 2 Attestation

Jama Software is the only vendor in the requirements management and traceability space that is SOC 2 Type 2 compliant both on the application layer and the data center offerings.

Jama Software®, the leading requirements management and traceability solution provider, has announced that it has completed its SOC 2 Type 2 audit, performed by KirkpatrickPrice. This attestation provides evidence that Jama Software has a strong commitment to security and to delivering high-quality services to its clients by demonstrating that they have the necessary internal controls and processes in place.

“The SOC 2 audit is based on the Trust Services Criteria. Jama Software delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Jama Software’s controls.”
Joseph Kirkpatrick, President, KirkpatrickPrice

A SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the American Institute of Certified Public Accountants (AICPA). During the audit, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Jama Software’s controls to meet the standards for these criteria

“We take great pride in being the first and only multi-tenant, pure-SaaS offering in our space. And now, with SOC 2 compliance, Jama Connect customers have additional validation and confidence that they are getting unparalleled best-in-class security, business continuity, and can further mitigate risks and scale with compliance.”
Marc Osofsky, Chief Executive Officer, Jama Software

Click below if you wish to learn more and start using Jama Connect:

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com.

About Jama Software

Jama Software is focused on maximizing innovation success. Numerous firsts for humanity in fields such as fuel cells, electrification, space, autonomous vehicles, surgical robotics, and more all rely on Jama Connect® to minimize the risk of product failure, delays, cost overruns, compliance gaps, defects, and rework. Jama Connect uniquely creates Live Traceability™ through siloed development, test, and risk activities to provide end-to-end compliance, risk mitigation, and process improvement. Our rapidly growing customer base of more than 12.5 million users across 30 countries spans the automotive, medical device, life sciences, semiconductor, aerospace & defense, industrial manufacturing, financial services, and insurance industries. Visit us at jamasoftware.com.

Read the entire press release here! Jama Software® Receives SOC 2 Type 2 Attestation

Jama Software is always looking for news on our customers that would benefit and inform our industry partners. As such, we’ve curated a series of customer spotlight articles that we found insightful. In this blog post, we share content, sourced from WIRED, about one of our customers, Illumina titled “The Era of Fast, Cheap Genome Sequencing Is Here” – originally published on September 29, 2022, by Emily Mullin.

The Era of Fast, Cheap Genome Sequencing Is Here

Illumina just announced a machine that can crack genomes twice as fast as its current version—and drive the cost down to $200 a pop.

Illumina says its NovaSeq X machine will get the price of sequencing down to $200 per human genome. COURTESY OF ILLUMINA.

THE HUMAN GENOME is made of more than 6 billion letters, and each person has a unique configuration of As, Cs, Gs, and Ts—the molecular building blocks that make up DNA. Determining the sequence of all those letters used to take vast amounts of money, time, and effort. The Human Genome Project took 13 years and thousands of researchers. The final cost: $2.7 billion.

That 1990 project kicked off the age of genomics, helping scientists unravel genetic drivers of cancer and many inherited diseases while spurring the development of at-home DNA tests, among other advances. Next, researchers started sequencing more genomes: from animals, plants, bacteria, and viruses. Ten years ago, it cost about $10,000 for researchers to sequence a human genome. A few years ago, that fell to $1,000. Today, it’s about $600.

RELATED: Convergent Dental Selects Jama Connect® For Its Live Requirements Traceability

Now, sequencing is about to get even cheaper. At an industry event in San Diego today, genomics behemoth Illumina unveiled what it calls its fastest, most cost-efficient sequencing machines yet, the NovaSeq X series. The company, which controls around 80 percent of the DNA sequencing market globally, believes its new technology will slash the cost to just $200 per human genome while providing a readout at twice the speed. Francis deSouza, Illumina’s CEO, says the more powerful model will be able to sequence 20,000 genomes per year; its current machines can do about 7,500. Illumina will start selling the new machines today and ship them next year.

“As we look to the next decade, we believe we’re entering the era of genomic medicine going mainstream. To do that requires the next generation of sequencers,” deSouza says. “We need price points to keep coming down to make genomic medicine and genomic tests available much more broadly.”

Reagents and buffer cartridges. COURTESY OF ILLUMINA.

Sequencing has led to genetically targeted drugs, blood tests that can detect cancer early, and diagnoses for people with rare diseases who have long sought answers. We can also thank sequencing for the Covid-19 vaccines, which scientists started developing in January 2020 as soon as the first blueprint of the virus’s genome was produced. In research labs, the technology has become essential for better understanding pathogens and human evolution. But it still isn’t ubiquitous in medicine. That’s in part because of the price tag. While it costs around $600 for scientists to perform sequencing, clinical interpretation and genetic counseling can drive the price to a few thousand dollars for patients—and insurance doesn’t always cover it.

Another reason is that for healthy people, there’s not yet enough evidence of benefits to prove that genome sequencing will be worth the cost. Currently, the test is mostly limited to people with certain cancers or undiagnosed illnesses—although in two recent studies, around 12 to 15 percent of healthy people whose genomes were sequenced ended up having a genetic variation that showed they had an elevated risk of a treatable or preventable disease, indicating that sequencing may provide an early warning.

RELATED: Incorporating Risk Traceability into Manufacturing Production Software and Preparing for the Transition from CSV to CSA

For now, researchers—not patients—will likely benefit most from cheap sequencing. “We’ve been waiting for this for a long time,” says Stacey Gabriel, chief genomics officer at the Broad Institute of MIT and Harvard, of the new improvements. “With greatly reduced costs and greatly increased speed of sequencing, we can sequence way more samples.” Gabriel is not affiliated with Illumina, but the Broad Institute is something of an Illumina power user. The institute has 32 of the company’s existing machines and has sequenced more than 486,000 genomes since it was established in 2004.

Gabriel says there are a number of ways that researchers will be able to apply added sequencing power. One is to increase the diversity of genomic datasets, given that the vast majority of DNA data has come from people of European descent. That’s a problem for medicine, because different populations might have different disease-causing genetic variations that are more or less prevalent. “There’s really an incomplete picture and a hampered ability to translate and apply those learnings to the full population diversity in the world,” Gabriel says.

Another is to boost the size of genetic datasets. In the early 2000s, when the Broad Institute started a project to search for genes related to schizophrenia, researchers had 10,000 genomes from people with the condition, which didn’t yield many insights, Gabriel says. Now, they have amassed more than 150,000.

A lab technician loads a flow cell onto Illumina’s sequencer. COURTESY OF ILLUMINA

Comparing those genomes to those of people without schizophrenia has allowed investigators to uncover multiple genes that have a profound impact on a person’s risk of developing it. By being able to sequence more genomes faster and more cheaply, Gabriel says they’ll be able to find additional genes that have a more subtle effect on the condition. “Once you have bigger data, the signal becomes clearer,” she says.

“This is the kind of thing that shakes up everything you’re working on,” agrees Jeremy Schmutz, a faculty investigator at HudsonAlpha Institute for Biotechnology, of new sequencing technology. “This reduction in sequencing cost allows you to scale up and do more of those large research studies.” For Schmutz, who studies plants, cheaper sequencing will allow him to generate more reference genomes to better study how genetics influence a plant’s physical characteristics, or phenotype. Large genomic studies can help improve agriculture by accelerating the breeding of certain desirable crops, he says.

Illumina’s sequencers use a method called “sequencing by synthesis” to decipher DNA. This process first requires that DNA strands, which are usually in double-helix form, be split into single strands. The DNA is then broken into short fragments that are spread onto a flow cell—a glass surface about the size of a smartphone. When a flow cell is loaded into the sequencer, the machine attaches color-coded fluorescent tags to each base: A, C, G, and T. For instance, blue might correspond to the letter A. Each of the DNA fragments gets copied one base at a time, and a matching strand of DNA is gradually made, or synthesized. A laser scans the bases one by one while a camera records the color coding for each letter. The process is repeated until every fragment is sequenced.

For its latest machines, Illumina invented denser flow cells to increase data yield and new chemical reagents, which enable faster reads of bases. “The molecules in that sequencing chemistry are much stronger. They can resist heat, they can resist water, and because they’re so much tougher, we can subject them to more laser power and can scan them faster. That’s the heart of the engine that allows us to get so much more data faster and at lower costs,” says Alex Aravanis, Illumina’s chief technology officer.

That said, while the cost per genome is dropping, for now, the startup cost for a machine itself is steep. Illumina’s new system will cost around $1 million, about the same as its existing machines. The high price tag is a key reason they’re not yet common in smaller labs and hospitals, or in rural regions.

Another is that they also require experts to run the machines and process the data. But Illumina’s sequencers are completely automated and produce a report comparing each sample against a reference genome. Aravanis says this automation could democratize sequencing, so that facilities without large teams of scientists and engineers can run the machines with few resources.

RELATED: The Benefits of Jama Connect Datasheet

Illumina isn’t the only company promising cheaper, faster sequencing. While the San Diego-based company currently dominates the marketplace, some of the patents protecting its technology expire this year, opening the door for more competition. Ultima Genomics of Newark, California, emerged from stealth mode earlier this year promising a $100 genome with its new sequencing machine, which it will begin selling in 2023. Meanwhile, a Chinese company, MGI, began selling its sequencers in the United States this summer. Element Biosciences and Singular Genomics, both based in San Diego, have also developed smaller, benchtop sequencing machines that could shake up the marketplace.

Ultima’s machine design has replaced the traditional flow cell with a round silicon wafer just under seven inches in diameter. Josh Lauer, the company’s chief commercial officer, says the disc is cheaper to manufacture and has a bigger surface area than a flow cell, allowing more DNA to be read at once. Because the disc rotates like a record under a camera instead of moving back and forth like flow cells do, Lauer says it requires smaller volumes of reagents and speeds up imaging. “We think this will enable scientists and clinicians to do more breadth, depth and frequency of genome sequencing,” he says. “Instead of just looking at tiny parts of the genome, we want to look at the whole genome.”

Ultima Genomics’ sequencing machine. PHOTOGRAPH: ULTIMA

Ultima’s machine isn’t widely available yet, and the company hasn’t released the price, though Lauer says it will be comparable to other sequencers on the market.

The increased competition could be a boon to the genomics field, but research is often slow to translate to health improvements in real people. It will likely take time before patients see a direct benefit from cheaper sequencing. “We’re at the very, very beginning,” deSouza says.


FDA Updates to the Medical Device Cybersecurity Guidance

With an increase in connected medical devices, cybersecurity has become a hot topic for regulatory agencies. In the last few years, cybersecurity incidents have impacted medical devices and hospital networks disrupting the delivery of medical care and potentially putting patients at risk. Cybersecurity is the process of preventing unauthorized access, modification, misuse, denial of use, or simply the unauthorized use of information that is stored, accessed, or transferred from a product to an external recipient.

The focus on cybersecurity has led to several cybersecurity related guidance documents being published in the last few years. These guidance documents can be used by manufacturers to ensure that they are addressing cybersecurity in a way that meets the expectation of regulatory agencies. Some of the most important guidance documents available include:

The FDA originally released the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices guidance in 2014, which was a total of nine pages long and covered the elements of a cybersecurity process and the core functions of a cybersecurity framework (Identify, Protect, Detect, Respond, and Recover). The April 2022 update to the guidance is forty-nine pages and addresses cybersecurity as part of both the Quality Management System (QMS) and the Total Product Lifecycle (TPLC). According to the FDA, the changes in the guidance are intended to further emphasize the importance of ensuring that devices are designed securely and to be capable of mitigating emerging cybersecurity risks throughout the TPLC, as well as more clearly outline the FDA’s recommendations for premarket submission information to address cybersecurity concerns.

RELATED: 5 FBI Recommendations for Medical Device Cybersecurity

Keeping in mind that the changes to the guidance were to ensure that cybersecurity is addressed as part of the TPLC and the QMS, the following specific requirements have been added to the cybersecurity guidance:

  • The guidance attempts to ensure that manufacturers are doing everything needed to design devices that are secured. The FDA now requires manufacturers to implement development processes that account for and address cybersecurity risks as part of design controls (21 CFR 820.30). This includes identification of security risks, the design requirements for how the risks will be controlled, and evidence that the controls are effective.
  • The FDA recommends the implementation and adoption of a Secure Product Development Framework (SPDF) to address cybersecurity throughout the TPLC. An SPDF is a set of processes that reduce the number and severity of vulnerabilities in products throughout the device lifecycle; using an SPDF is one approach to help ensure that QSR requirements are met.
  • The guidance includes requirements for labeling to provide information pertaining to the device’s cybersecurity controls, potential risks, and other relevant information
  • The guidance requires a Security Risk Management Process (at an organizational level) to identify, assess and control security risks. The process for performing security risk management should be a distinct process from performing safety risk management as described in ISO 14971:2019. FDA recommends that manufacturers establish a security risk management process that encompasses design controls (21 CFR 820.30), validation of production processes (21 CFR 820.70), and corrective and preventive actions (21 CFR 820.100) to ensure both safety and security risks are adequately addressed. The Safety Risk Management process and the Security Risk Management Process, although separate, must be integrated, so that Security risks that can result in patient harm, once identified, can be evaluated and assessed for risk acceptability using the Safety Risk Management process. When a security risk or control measure could have a possible impact on patient safety or medical device effectiveness, then it should be included in the product risk assessment. Likewise, any risk control that could have an impact on security should be included in the security risk assessment.
  • FDA recommends that threat modeling be performed throughout the design process to inform and support the risk analysis activities.
  • The guidance requires that Cybersecurity risks posed by third party software components must be addressed and evidence be included in the Design History File.
  • The guidance recommends the use of a Software Bill of Materials (SBOM) and specifies the information required to be contained in the SBOM, or as part of the documentation.
  • The guidance specifies requirements for a Security Risk Management Plan and a Security Risk Management Report.
  • The guidance requires vulnerability testing and penetration testing, along with verification of effectiveness of security controls.
  • The guidance specifies a requirement for a Vulnerability Communication Plan, since cybersecurity risks evolve as technology evolves throughout a device’s TPLC, FDA recommends that manufacturers establish a plan for how they will identify and communicate vulnerabilities that are identified after releasing the device. The Vulnerability Communication Plan should also address periodic security testing.

RELATED: MDIC, HSCC Team Up to Establish Medical Device Security Benchmarks

In summary, the new FDA cybersecurity guidance raises the bar on how FDA expects industry to address cybersecurity throughout the TPLC and imposes requirements for additional deliverables, testing, and labeling.


Jama Software is always on the lookout for news on our customers that would benefit and inform our industry partners. As such, we’ve curated a series of customer spotlight articles that we found insightful. In this blog post, we share content, sourced from Mass Device, about one of our customers, Surgalign titled “FDA Clears Surgalign’s Cortera Spinal Fixation System” – which was originally published on August 24, 2022, by Sean Whooley.

FDA Clears Surgalign’s Cortera Spinal Fixation System

Surgalign (Nasdaq:SRGA) has announced that it received FDA 510(k) clearance for its Cortera spinal fixation system.

Deerfield, Illinois-based Surgalign said in a news release that the new flagship Cortera product represents a key product portfolio piece. Surgalign officials see Cotera driving the company’s future growth. It could ensure market gains in the posterior fixation market.

“The Cortera system is a testament to the spine engineering talent and expertise we’ve assembled in very short order, as we moved from zero engineers in the United States following the RTI divestiture two years ago, to approximately 30 today,” said Terry Rich, president and CEO of Surgalign. “Thanks to our team and incredible surgeon partners, we progressed from company inception to FDA 510(k) clearance with a very polished system in approximately 16 months. We are excited with the prospects the Cortera system brings to Surgalign, and those around the world who rely on our technology to drive better patient outcomes.”

RELATED: Convergent Dental Selects Jama Connect® For Its Live Requirements Traceability

More about Cotera

Cortera, a 5.5/6mm rod pedicle screw system, offers both open and minimally invasive surgery (MIS) modules, plus a feature-rich screw design with a comparatively low profile and newly designed locking mechanism.

Surgalign designed Cortera to maximize adoption in the spine market, both today and in the future with evolving techniques and technologies. The company added that Cortera demonstrates the ways in which spinal implants will be deployed with technologies like its own HOLO Portal surgical guidance platform.

The company plans to integrate Cortera with HOLO Portal to create what it labeled “an unrivaled user experience for pedicle screw navigation.” Surgalign also has plans for additional implants and instruments to add to the system over the next few years to expand applications into a majority of posterior fixation spinal procedures.

RELATED: Jama Connect® and FDA 21 CFR Part 11

Surgalign will offer Cortera in a limited market release, which it expects to positively contribute to its 2022 fourth-quarter results and in the coming years.

“The system is hands down the most precise, elegant and comprehensive screw that currently exists in my opinion,” said Dr. Jeremy Smith, chief of spine, Hoag Orthopedic Institute. “I find the system has an evolved sophistication that provides a high-quality user experience and enhanced clinical performance in challenging pathologies.”

Are you a Jama Software customer looking to fill open positions at your organization with prospects who have Jama Connect experience? We’d love to help! Tag us on LinkedIn (@jamasoftware) with your job posting and we’ll share it!



This is part 2 of a two-part blog series covering our whitepaper, “The New EU In Vitro Diagnostic Regulation: What’s Changing and What You Need to Know” written by Vincent Balgos, Medial Solution Manager at Jama Software. In this paper, Vincent discusses the In Vitro Diagnostic Regulation (IVDR), developed by the EU Commission (CE), which was created to replace the previous In Vitro Diagnostic Directive (IVDD).

Part 1 of this blog series is available HERE. To read the whitepaper in its entirety, download it HERE.

The New EU In Vitro Diagnostic Regulation (IVDR): What’s Changing and What You Need to Know

The IVDR Overview

With more than 150 pages of regulations, there were many changes to strengthen and grow the path to IVDs marketed and distributed in the EU. The IVDR provides a more comprehensive approach to regulating devices as it encompasses the entire product lifecycle: from initial concept to design and manufacturing, to continual on-market support along maintaining good documentation practices. For the purpose of this paper,
only a few selected topics will be covered in detail with some additional insights from an industry perspective.

Related: Download the Full IVDR Regulation Here

High Level Overview of the IVDR and Key Facts:

Who is impacted?

Medical companies that develop IVD’s marketed to the European Union, and its population. This includes non-EU-based companies that have products in the EU region.

What is impacted?

In-Vitro Diagnostics (IVDs) products and accessories that are used to perform tests on various sample types to help diagnose a condition, detect infections, or monitor drug responses.

When is it happening?

Date of Application: May 26, 2022, where only IVDR applications will be accepted by NB. A two-year window period afterwards to allow companies to transition their IVDD to IVDR certification. By May 2025, all IVDD certificates will be voided, with IVDR covering all placed IVDs in market.

What countries are impacted?

European Union and the United Kingdom specifically, but companies from around the world who have products in the UK or EU are also required to conform.

Why are things changing?

To improve the safety and quality of IVDs in the EU market.

Discuss on Key Topics

Changes to Classifications

A key significant change of the new regulation is how IVD’s are classified. Similar to the previous directive, a risk-based approach (with respects to public and patient) is used to classify IVDs under the new IVDR framework. There are four main classes as listed in the table below, established by seven classifications rules defined in Annex VIII of IVDR.

While there may be nuances to the rules set, these four categories broadly cover the majority of the IVD spectrum. This new classification schema only allows Class A devices to be self-certified by manufacturers, whereas Class B, C, and D require more assessment and certification by notified bodies.

As in similar regulatory pathways, device classification is significant in determining the overall requirements, as the higher the IVD risks, the more onerous the regulatory requirements, and the higher the involvement with an external Notified Body. For example, a new HIV Test would be categorized as Class D, which would require the highest number of internal activities during design, development, on-market support, and associated documentation. This would also require the highest amount of interaction, assessment, and certification from the Notified Body. Furthermore, specific regulations such Post-Market Surveillance, Quality Management System elements, and annual updates to reports are required for higher risk class (C and D) devices.

Based on general research from industry subject matter experts, it was estimated that only 20% required Notified Body certification under the previous IVDD, while 80% did not require certification. With the new classification schema and requirements under IVDR, that ratio has flipped where it is expected that the majority of IVD’s (80%) will now need some Notified Body involvement. This new shift (in engaging Notified Bodies and the new requirement) is significant in many ways as it not only impacts the manufacturers, but also the Notified Bodies as demand for their engagement has risen exponentially. There are some concerns about the current Notified Body capacity, so it is encouraged to start engaging with a Notified Body proactively, as the backlog to engage could be longer than anticipated.

IVDR Chart

Related: The Impact of ISO 26262 on Automotive Development

No Grandfathering Clauses

For certified IVD’s that are currently on-market classified under the IVDD guidance, reclassification to the IVDR categories and recertification to meet the IVDR is required for continual sale and distribution to EU market. Under the IVDR, there are no grandfathering clauses to allow the IVDD devices to remain on market after May 2025. Considering there are many IVD’s in use, the EU established a five-year timeline to allow manufacturers to transition to IVDR. See the timeline below for more details.

IVDR TransitionalSince IVDR’s announcement in 2017, many companies and SME’s (including this author) started to update
their internal procedures, adjust development and documentation activities, and hire additional resources
in response to the impending changes. In addition, remediations to current devices’ Design History Files
(DHFs) to align with regulations were also underway. These include adding additional testing for new
requirements such as performance studies, clinical evaluations, etc. These activities may be significant,
and a major resource pull from other ongoing projects. Therefore, it’s critical to acknowledge that the new
IVDR regulations impact not only future but current IVDs on the market as well.

Related: Medical Device: Reduce Project Risk in the Product Development Process

One Person Responsible for Regulatory Compliance

Under Article 15, a new IVDR requirement is that manufacturers are required to have a regulatory compliance expert in their organization to be responsible for the compliance of the in-vitro diagnostics regulations. This person must be a qualified regulatory expert with previous demonstrated qualification such as 1) formal certification from approved regulatory body and/or 2) minimum of four years of industry experience as a regulatory affairs professional in the IVD field. This role (new for some organizations) provides general regulatory affairs guidance, interpretation of regulations to internal teams, and helps facilitate discussions with Notified Bodies, regulatory agencies, and EU Competent Authorities.

Establishing Risk Management

While not a new requirement to IVD practices, Annex I Chapter I of the IVDR has multiple languages referring to and establishing risk management practices. This further substantiates the EU focus on a riskbased approach when developing devices and encourages many best practices that Jama Software® has seen many of our IVD customers follow.

This new language includes the following requirements:

  • To establish, implement, document, and maintain a risk management system.
  • To enforce continuous and iterative risk management process with regular updates to the risk files throughout the device lifecycle, especially after the product has been launched to market.
  • To reduce risks as far as possible without adversely affecting the benefit-risk ratio and inclusion of this analysis in technical files submission. This includes risks related to use errors of the device.
  • To consider design accommodations to assure that characteristics of safety and performance are maintained during the transport and storage of the product, and for the expected lifetime of the product.
  • To minimize all known and foreseeable risks and be acceptable when weighed against the potential benefits.

This updated language continues the industry practice of risk management that is further established in ISO 14971 “Medical Devices – Application of Risk management to Medical Devices” and TR 24971 “Medical Devices – Guidance on the application of ISO 14971.” Based on the reasons why the IVDR came into fruition (PIP accidents), it can be surmised that an organization’s risk management process will be under significant scrutiny by the Notified Body. Therefore, Risk Management Procedures have been a focal point of update for organizations to strengthen risk practices and ensure compliance. Remediation of risk files may also be warranted for devices currently on the market, or soon to be on the market in the EU.

Based on this author’s experience, this risk activity alone requires significant time and resources to accomplish. Considering some risk files could have significate number of documents (plans, evaluations, reports) with details that require comprehensive review from many stakeholders, this is an effort that needs formal organization support to successfully comply with the IVDR and its compliance timeline. Therefore, it is recommended to prioritize
appropriately and revisit the Risk Management section, and other impacted areas of the IVDR as soon as possible.

Related: Whitepaper: Application of Risk Analysis Techniques in Jama Connect® to Satisfy ISO 14971

General IVDR Guidance for Medical Device Companies

Based on discussions with various IVD customers, general research, and internal experience, we recommend the following guidance:

  • Determine the new IVDR classification for each of your devices on market, or plan to be launched in the EU, and their associated requirements. Consult with Regulatory affairs to proactively affirm
    classification with a notified body.
  • Review and remediate procedures and documents to include new IVDR regulation languages and requirements. Based on your organization’s level of compliance, this could be a significant activity so
    may need management support.
  • Identify the accredited regulatory affairs expert in your organization that will be responsible to drive the activities to comply with the IVDR regulations. This may include updating general regulatory
    procedures, product development processes, and for existing technical documentation.
  • Review and update risk management procedures to include new requirements such as regular updates of the risk files, incorporate use-risk scenarios, and ensuring the benefit-risk comply with
    new language.

As with many types of changes in regulations, these have substantial impact on how organizations and their teams operate in the design, development, and manufacturing documentation of IVDs. It is encouraged to proactively review these new regulations as it may require significant time and resource to adapt to continue developing IVD’s for the European market.

Jama Software is not an accredited regulatory subject matter expert, so these are general guidance and insights from working with many IVD customers, general research, and some internal experience. It is suggested to work with a certified Regulatory Affairs consultant for formal recommendations for your organization.

1. https://www.bsigroup.com/meddev/LocalFiles/en-IN/Technologies/BSI-md-ivd-diagnostic-directive-guide-brochure-UK-EN.pdf
2. https://ec.europa.eu/growth/single-market/ce-marking_en

Accelerate Innovation in Medical Device Development While Adhering to Industry Regulations

With the new IVDR, it is expected that manufacturers will need to shift to a more regimented process of developing, manufacturing, and managing IVD’s. Similar to other regulatory pathways, good requirements management is the best practice in ensuring compliance with regulations, reducing risk, and launching safe and effective products.

Jama Connect® for Medical Device Development helps medical device teams reduce the effort required to achieve regulatory compliance throughout the development process. With this solution, medical device teams can manage design controls for device requirements and related risks, simplifying regulatory submissions and audit preparations while accelerating time to market. Jama Connect creates a digital thread for systems engineering and
ensures Live Traceability™ and alignment across the product development lifecycle to seamlessly connect development solutions and facilitate product success.

Related: Learn What’s Included in Jama Connect’s Medical Device Development Solution

Vincent Balgos currently leads the Medical Solution at Jama Software. Prior to joining Jama Software, he worked in the medical device / IVD industry for over 17 years with roles in systems engineering, product development and project management. Vincent has successful history in launching new products to the global regulated market, and is experienced in product development, risk management, quality systems, and medical device regulations.

Part 1 of this blog series is available HERE. To read the whitepaper in its entirety, download it HERE.

In Vitro Diagnostic Regulation (IVDR)

This is part 1 of a two-part blog series covering our whitepaper, “The New EU In Vitro Diagnostic Regulation: What’s Changing and What You Need to Know” written by Vincent Balgos, Medial Solution Manager at Jama Software. In this paper, Vincent discusses the In Vitro Diagnostic Regulation (IVDR), developed by the EU Commission (CE), which was created to replace the previous In Vitro Diagnostic Directive (IVDD).

We will share the link to part 2 when it publishes. In the meantime, you can download the eBook HERE.

The New EU In Vitro Diagnostic Regulation (IVDR): What’s Changing and What You Need to Know

Learn more about how IVDR differs from IVDD, key takeaways from the new regulation, and guidance for how to adapt.

Disclaimer: The IVDR regulation is broad and requires focused review and interpretation by each organization — so by no means is this paper intended to be all-exclusive, as it will only discuss select topics.

Jama Software® is not an accredited regulatory body, so these are general discussions and insights from our experience working with many IVD customers, general research, and some internal subject matter expertise. It is suggested to work with a certified Regulatory Affairs consultant (a new IVDR regulation) to obtain formal recommendations for your organization.

If you’re looking for guidance on who to work with when it comes to regulatory compliance, TÜV SÜD has provided certification and testing services for manufacturers and suppliers of medical devices and in vitro diagnostics for over 30 years.

They combine expert medical product testing knowledge with a global network of internationally accredited laboratories and facilities, providing you with a one-stop solution. In fact, Jama Connect® is certified through TÜV SÜD as a software tool for development of medical devices according to IEC 62304. 


In May of 2022 a paradigm shift emerged in how In-Vitro Diagnostics (IVD’s) will be developed, managed, and regulated in the European Union (EU). The EU Commission (CE) has developed new regulations named the In Vitro Diagnostic Regulation (IVDR) to replace the previous In Vitro Diagnostic Directive (IVDD). The main goal of the IVDR is to improve upon the quality, safety, and reliability of IVD’s within the European market. This will change the current status quo as IVDR has been predicted to have a significant impact in medical device organizations with IVD sale and business operations.

In this whitepaper, we will provide an overview of the new regulation, discuss some specific topics, and offer considerations for organizations as they adapt to this new paradigm.

Related: The Impact of ISO 26262 on Automotive Development

Overview of the IVDR and The Significant Impact on EU

Figure 1. CE Mark

Prior to the IVDR, the In-Vitro Diagnostics Directive (IVDD) was the governing regulation for devices placed in Europe. Officially adopted in 1997, the IVDD established the regulatory requirements for CE Marking approval for in vitro diagnostics¹. In order to sell and market IVD’s in the European Union, manufacturers need to show compliance with the essential requirements prior to marking the product with the CE label. The CE mark allows for legal distribution
of the IVD within the European Economic Area (EEA)². The CE mark indicates conformity across many different types of products and is based on compliance with specific European regulations based on the product type. See example marking to the left.

For medical devices and IVDs, compliance to the EU Medical Device Directive (MDD) and the EU IVDD was required to obtain CE marking, respectively.

Related: Medical Device: Reduce Project Risk in the Product Development Process

IVDD Overview:

  • IVDD was established in 1997 by the EU for trade within the EEA with 27 EU members plus Iceland, Liechtenstein, and Norway. 
  • IVDD applies to all Reagents, Calibrators, Kit, Instrument, Equipment, Systems used for in vitro diagnostics purposes in the EEA, regardless of origin of design and manufacturing.
  • IVDD is 43 pages providing general requirements. You can read the full document here.
  • Essential Requirements included requirements for design, production, labeling, and the instructions for use (IFU). Some specific requirements included the diagnostic’s analytical sensitivity and specificity, accuracy, repeatability, and reproducibility.
  • There are four general categories that are based on level of risk to public health and/or patient.
    • Annex II List A – Highest risk which require notified body review including HxV’s such as HIV, HBV, HCV
    • Annex II List B – Moderate Risk including IVD’s such as HLA, Glucose monitoring
    • Self-Test – Examples include pregnancy home tests, and cholesterol
    • General – No notified body required as OEM can ‘self-declare’ conformity

Key factors such as the device classification, risk level to patients/public, etc. would determine the manufacturer’s level of approach to developing, manufacturing, and documenting the IVD. A common industry practice for launching an IVD to the global market was that organizations would first launch their products in the EU, and then to broader markets. Due to less rigidity of the IVDD when compared to other countries, it was easier, faster, and more economical for companies to launch there first. The involvement of an external notified body was also less rigid, so many organizations tended to follow the least resistant pathway to market, with many following the ‘self-declaration’/ self-certification pathway. Learnings from the EU launch (e.g., clinical studies) could then be leveraged when then submitting to the more rigid regulatory pathways such as the U.S. Food and Drug Administration (FDA).

This common approach enabled organizations to get new products to the market faster through the regulatory pathway. In the author’s experience, this approach was practiced on many of the IVD’s developed throughout their career in multiple diagnostic applications. The general regulatory roadmap was to have initial launches in EU markets and then proceed with FDA pathway. This provided additional time to work on FDA submission activities since the level of rigidity and documentation was expected to be much higher. However, with the IVDR enforcement now in full effect, it is expected to have a tectonic shift in how manufacturers develop IVDs.

Related: Webinar: Understanding Integrated Risk Management for Medical Device

Compelling Events for Change

As seen with many types of general regulations, changes are commonly in response to mass incidents, generally with negative impact resulting in patient injury and sometimes even death. The US FDA has seen their regulations shift in reaction to mass incidents including the Therac-25 (radiation therapy) and Dalkon Shield (intrauterine device). The accidents led to significant legislative changes to prevent recurrences and improve industry practices to ensure ‘safe and effective’ products.

The emergence of IVDR follows a similar path, where there were European several high-profile events that led to the regulation update. The most notable was the Poly Implant
Prosthesis (PIP) breast implant scandal (based in France) that impacted many patients with high incidents of ruptured implants with unapproved industrial silicone filling. You can read more about the incident here, and the subsequent
clinical recommendations here.

This event led to significant updates to the medical device space with the culmination of the EU Medical Device Regulation published in 2017. Following the MDR initiative, the incumbent IVDD was also overhauled into the new IVDR paradigm which entered into force on May 26, 2017

Stay tuned for Part 2 of this blog series. To read the whitepaper in its entirety, download it HERE.


Jama Software is always on the lookout for news on our customers that would benefit and inform our industry partners. As such, we’ve curated a series of customer spotlight articles that we found insightful. In this blog post, we share content, sourced from InsideEVs, about one of our customers, Rimac Nevera titled “Rimac Nevera Receives US Homologation And Green Light For Deliveries” – which was originally published on July 12, 2022, by Mark Kane.

Rimac Nevera Receives US Homologation and Green Light For Deliveries

According to CARB, it has 287.28 miles (462 km) of UDDS range.

Rimac Nevera is one step closer to the US market launch, as the all-electric supercar received US homologation (on top of EU, secured earlier).

The company’s founder Mate Rimac shared info via Facebook, with screenshots of EPA and California Air Resources Board (CARB) documents, confirming certification of the Rimac Nevera.

“Last documents for US homologation arrived as well (EPA & CARB). Nevera is now EU and US homologated and ready for delivery.”

The CARB document includes the range value of the Rimac Nevera under Urban Dynamometer Driving Schedule (UDDS) test cycle, which at 287.28 miles (462 km) is interestingly lower than anticipated for a car with a 120 kWh battery.

RELATED: Accelerating the Future of Automotive with Rimac Automobili and Jama Connect

For reference, the WLTP range in Europe was targeted at up to 550 km (342 miles). We are curious what the EPA range will be, especially since it’s often below UDDS.

Anyway, the Croatian manufacturer is already completing the first cars for customers. According to Mate Rimac, the Nevara #002 (out of 150 planned) is on pre-delivery testing on roads around Zagreb, Croatia.

“Also, Production Car #002 is on pre-delivery testing on roads around Zagreb today. But not up to us to show pictures – that will be done by the customers when they want to. Probably coming in a couple of weeks…”

The Rimac Nevara is the quickest production electric car so far, but the spectacular performance (including “destruction” of the Tesla Model S Plaid at a drag strip) comes at a cost of around €2 million ($2 million).

RELATED: Ensuring Safety and Security for Automotive Development

Rimac Nevera specs:

  • 287.28 miles (462 km) of UDDS range
    up to 550 km (342 miles) of WLTP range (preliminary)
  • 120 kWh battery; liquid cooled
    800V system voltage (maximum 730 V)
    Lithium Manganese Nickel chemistry
    Cell format: cylindrical 2170
    number of cells: 6,960
  • Acceleration
    0-60 mph (96.5 km/h) in 1.85 seconds (*high-friction surface, one foot roll-out)
    0-100 km/h (62 mph) in 1.97 seconds (*high-friction surface, one foot roll-out)
    0-300 km/h (186 mph) in 9.3 seconds (high-friction surface, one foot roll-out)
    1/4 mile (402 m) time in 8.6 seconds
  • DragTimes’ run: 8.582 seconds at 167.51 mph (269.5 km/h)
  • Top Speed of 412 km/h (258 mph)
  • All-Wheel Drive
  • System output of 1,408 kW (or 1.4 MW; 1,914 hp) and 2,360 Nm
    four independent surface-mounted, carbon-sleeve, permanent-magnet electric motors
    four independent inverters and gearboxes
  • Rimac’s intelligent All Wheel Torque Vectoring system (R-AWTV)
    front motors: 250 kW (340 hp) and 280 Nm each, combined with two single speed gearboxes (two independent gearboxes – one at each outer end of the axle)
    rear motors: 450 kW (612 hp) and 900 Nm each, combined with double single speed gearbox (two gearboxes in one housing between the motors)
  • AC charging (on-board): 22 kW three-phase
  • DC fast charging: up to 500 kW (0-80% SOC in 22 minutes, using ultra-fast charger)
  • Length 4750 mm; Width 1986 mm; Height 1208 mm; Wheelbase 2745 mm
  • Weight of 2,150 kg
  • Tires: Michelin Pilot Sport 4S (Front 275/35 R20; Rear 315/35 R20)

Product Team

A product team and an engineering team could be viewed as two sides of the same product development coin. So, ask yourself, “Who only uses half a coin?” It’d be like using just one side of your brain.

In a perfect product development world, communications are seamless, specifications are clear, and product and engineering teams work without friction. Except, we live in the real world where life is messy, responsibilities overlap, specifications change, and the way teams interact can introduce friction.

In the rush of product development, it’s important to establish boundaries for each team while also working as a unit and develop processes to head off trouble before it begins. This only gets more complicated with bigger and more technical projects.

The Product Team

Before the first line of code is written, someone needs to own the product and fully understand what’s being built and why.

It’s the product team that should understand the why, inside and out. From ideas that turn into research that guides specifications to conversations with customers, the product team is lining up the rubber ducks in neat little rows so engineers can focus on the technical problems. What do the ducks look like? How do they sound when squeezed? And what do users want?

Product teams tend to dream big, but they must also manage expectations and align goals with those of the overall business. That’s why it’s a good idea to get an engineering lead involved early in the planning process to build cross-team cohesion.

For example, if you’re building the next great blogging platform, maybe your commenting mechanism is the “killer feature” and the engineering team needs to focus on issues like authentication and moderation tools. How much of the apple can we bite off at a time? Such questions circle back to product team responsibilities like the business goals and strategy. Prioritization is the byproduct of open talks between teams to determine what is needed and what can be delivered on time.

It’s also worth noting that tension between teams is a natural and healthy aspect of working cross-functionally. Each team has its own set of internal goals, but those must align with overall strategic goals for the company (or product).

The product manager serves as the CEO for whatever is being built. If he or she asks for the moon, there must also be the understanding of the challenges that await.

We’ve probably all been in a meeting where something ambitious is proposed and the engineering team rolls their eyes, thinking, “If we could build that we’d all be zillionaires.” The balance here is one of awareness.

Technical teams need to be just as ambitious as their product counterparts, and that means understanding a little bit of each other’s worlds to know what’s feasible and what will cause deadlines to crash.


RELATED: A Guide to Good Systems Engineering Practices: The Basics and Beyond

The Engineering Team

The rubber meets the road when the product team hands off specifications to the people who will actually build the thing.

Engineering is the technical team of developers and managers who write the code and create the front end, so the clearer the guidance they get upfront, the better. That doesn’t mean micromanaging from the product team, but it does mean regular check-ins to increase buy-in, build cohesion, and avoid surprises.

Going back to our blogging platform example, let’s say there are some whiz-bang features on the front end that will dazzle users. A product manager might tell engineering to focus on those features. If the product team has done its job, the tech leads can accurately inform them how long it will take to implement the features.

However, they could just as easily warn the product team that there are backend issues to tackle to enable those frontend goodies. There’s no way to have one without the other, and this is another area where the tension comes in, as timelines might have to be readjusted.

When teams understand that they’re on the same side, everyone can take a step back to see the full map and make sure they’re headed to the same destination. It’s also where teams who understand each other excel.

Product must comprehend the engineering team’s needs, and engineering must grasp the importance of the product planning that came before. Maybe it’s a matter of a few sprints to see where the marquee feature is in a week. Or perhaps a lower-priority feature that really puts a kink in the line just needs to be delayed.

Either way, the only solution is to drop the egos and hash things out in realistic terms. Again, if product has done the job, both teams should be like looking at the release like a big X on a treasure map and walking there together.

RELATED: The Complete Guide to the Systems Engineering Body of Knowledge (SEBoK)

One Team

If all of this sounds familiar, you’re not alone. Everyone in these teams is working under a number of different dynamics.

It could be that product feels it has defined everything so thoroughly that the engineering team can take the ball to the goal after a simple handoff. Of course, that is rarely the case.

More likely, there’s a stream of reviews to comb through and see how things are advancing (which, if you’re using the right solutions, can be handled faster and with less meetings) while moving the goalposts when one side reports a change in the variables.

So, what do you do? Learn to function as one team while respecting each other’s territory. After all, you’re all headed to the same goal. Even if your organization compartmentalizes each side, find a way to cross the streams. For many, the move from Waterfall development to Agile created a more efficient, functional model for developers, and a variation on that theme can serve you here as well.

First, create a great set of fundamentals with your product team by bringing in engineers as early in the planning stages as possible. Ask what’s feasible and go to lunch and dream about unlimited budgets. Integrate the engineering team as best you can, because their insight will save squabbling down the road. Then create specifications that are realistic.

Next, empower each side of the table with respect. Product may want the moon tomorrow and engineering will explain how much lift is needed to get there, so friction is inevitable. In the big picture though, both sides are arguing for the same goal, so keep that front-of-mind and allow room for either side to concede territory as needed. Conflict is normal and necessary, but if one side is utterly powerless and is continuously overrun, the “team” notion falls apart and the idea of collaboration breaks down.

If both teams are aligned, truly listening and making necessary adjustments, there’s no reason even large, complex projects can’t be finished on time and on budget. It takes work, especially if an organization is averse to cross-functional teamwork.

The payoff, though, is happier, more productive teams who share in the product’s success. It’s up to both sides to come to the table ready to cooperate.

Does that mean having certain boundaries? Yes! It’s unlikely the engineering team has done the market research to say whether a feature is desired by users. And it’s equally unlikely that the product team will accept a major delay for technical implementation if it was in the original specification.

Each side has a job to do, but the key is understanding that everyone is marching under the same umbrella in the end. That’s why it’s important to play the role you’re in while listening and accepting the experience and knowledge of the entire team.

This is part one of a two-part series. Part two is available here.

FDA Inspection

FDA inspections can be daunting, especially for an organization that is expecting its first one. In part one of a two-blog series, here are five best practices to prepare your organization for success:

1: Understand why the FDA will perform an inspection

The first step in preparing for a successful FDA inspection is understanding why your facility and Quality System (QS) are being inspected. Whether it’s a pre-approval inspection, a biennial audit, or for‑cause, knowing where the FDA will be focusing will help you focus on how to prepare.

2: Learn what an FDA Investigation is like

Another key understanding is that an FDA inspection is not just another audit. The inspection is not the same as an ISO 13485 certification audit, internal audit, or supplier audit. While not all FDA investigators are identical, in general, FDA inspections are much more rigorous and intense in nature.

Thus, educating yourself and your organization on what to expect during an FDA inspection is important. Many resources are available at the FDA’s website, including guides for medical device manufacturers and their Quality System Inspection Technique (QSIT). Another aspect to know is an inspection will assess compliance to 21 CFR 820 (the Quality System), as well as other parts, including 803 (MDR), 821 (Tracking), 806 (Corrections and Removals), and 807 (Registration and Listing).

RELATED POST: The Rapid Rise of Digital Health Technology: Challenges and Keys to Success

3: Identify Subject Matter Experts (SMEs) for processes and devices

Identify subject matter experts (SMEs) for QS processes and devices. These individuals should be knowledgeable with the subject matter, as well as able to communicate well with the investigator. While your organization’s records should speak for themselves, having an individual who can guide an investigator as necessary makes the inspection run more smoothly and efficiently.

4: Perform an assessment and address gaps

For an organization preparing for its first FDA inspection, review your Quality System procedures and records, with increased attention to the areas relevant to the anticipated focus of the inspection.

Many organizations also design their Quality Systems for ISO 13485 compliance, and while ISO 13485 and the FDA Quality Systems Regulations (QSR) are similar, there are some differences. Note, the FDA has indicated that harmonizing and modernizing the Quality System Regulation (QSR) with ISO 13485 is an active initiative. Until then, ensure your Quality System covers all aspects required by the FDA. One available tool that maps the FDA 21 CFR to ISO 13485:2016 is AAMI TIR102:2019.

Also audit your recent Quality Systems records for 2 reasons, 1) identify any issues for compliance to your organization’s procedures, and 2) familiarize yourself with any issues so they can be reviewed clearly by the SME if those topics come up in the investigation.  Use a reputable auditor that is familiar with FDA inspections and how investigators are trained. Involve your SMEs so they are prepared as well.

Records to review include those associated with the particular device of focus. For example, in a Pre-Market Approval (PMA) inspection, ensure an SME can walk an investigator through the Design History File of the device to demonstrate the design controls were adequately met. Before the FDA arrives is a good time to ensure that there is evidence that all design inputs are verified and all user needs and all intended uses have been validated.

Ensure that your firm is registered and that your device listings are up to date.

RELATED POST: Complying with FDA Design Control Requirements Using Requirements Management Principles

5: Perform mock inspection(s)

Mock inspections serve a number of purposes when preparing for an FDA inspection. They allow individuals that may be involved, including SMEs, an opportunity to practice, can identify areas of concern that can be addressed before the FDA arrives, and give your organization an opportunity to practice the logistics of hosting an FDA inspection.

Again, use an experienced auditor familiar with FDA inspections and the mindset of FDA investigators. 

As with any large endeavor, preparation is key. These best practices provide you with the path and resources to educate and prepare your organization for an FDA inspection.

Visit part two of this blog series for best practices and tips regarding the logistics of running a smooth and efficient inspection.