Meredith P. Vanderbilt JD, RAC, CQA, MSE, BSE, Director of Consulting, Empirical04.22.24
Training programs are often job-specific in that design engineers learn about design controls and manufacturing engineers learn about process validation and revalidation requirements. It’s important to take a step back from the details of each group of activities and recognize the upper-level process is the same for product and process development. Neither a product nor process should be set to autopilot. Having, understanding, and using a complete lifecycle loop differentiates effective from ineffective development processes and companies. Any company with high market value or longevity created through quality products and services has mastered this total lifecycle looping process and instinctively uses it.
Thinking about what we want a product or process to accomplish is the easiest aspect of input identification. We want cell phones to place and receive calls, send and read messages, access the internet, control our bank and credit card accounts, and navigate unfamiliar paths on an interactive map. A medical device manufacturer wants a laser marking process to leave a permanent, legible, indelible identification mark on a component or device. These positive inputs are easy to identify for most project teams, as well as users.
Negative inputs are undesirable (“can’t have”)—we don’t want cell phones to permit unauthorized access to personal or private data. A medical device manufacturer doesn’t want the device marking to fade over time or impact the finished device’s strength. (Yes, marking location can impact strength!) How, when, and by whom are these negative inputs identified? Initially, brainstorming sessions involving multiple departments and stakeholders are conducted and these meetings should result in the first list of inputs. This is the beginning of the lifecycle, however. It’s through risk assessment, verification and validation, and feedback/complaint processes that additional negative inputs are often identified.
Risk assessment is a big topic for product and process development that will be considered in future articles and its importance cannot be overstated. Starting points are designed to stimulate ideas, including lists of common harms, FDA’s TPLC database for similar products, and regulatory or industry guidance documents. If any negative inputs are identified, those also become part of the risks to be assessed and, where possible, mitigated. Inputs should be updated to include previously unidentified risks or requirements that come to light in the risk assessment process.
At this point, we see where inputs feed into risk assessment and the reverse is also true.
Designs and processes go through a series of verification and validation activities that can include anything from inspection to testing, or even clinical trials. Execution and results of these activities potentially point to characteristics that may have been overlooked in the input and risk management phases. You might wonder if it’s possible to overlook potential positive and negative inputs throughout the work already accomplished; the answer is “absolutely.”
A simple example is one input might be the size of the drill should be laser-marked on the product. The risk assessment identifies the importance of the user knowing the drill size and determines the risk is mitigated by the design requirement that the size be marked on the part. During design validation activity, it’s noted the marking is in a location not clearly visible while the drill is used or selected by the surgical staff. During process validation activity, it’s observed that the final passivation process removes the laser marking from the drill. In both cases, it becomes obvious the positive input (direct marking of the size on the drill) wasn’t clear enough for either the product or process design and the input and risk documents require an update to provide that clarity.
Here, we see how verification and validation activities loop back to the input and risk assessment phases of development.
Feedback can include observations and opportunities for improvement from production, marketing, engineering, clients, customers, or quality. In the laser marking example, a surgical technician might mention it would be helpful if the caddy that holds the drill for sterilization and surgical use were marked with the drill size. This would eliminate the need for the tech to pick up each drill to find the size marked on the part. Although marking the caddies wasn’t part of the original design inputs, this feedback should be used to update input and risk assessment documents. The modified input might include a verification and validation activity (inspection and simulated use) after the change is implemented. Manufacturing personnel might provide valuable feedback about the need for fixturing or equipment that would facilitate consistent placement of the laser marking or that post-laser testing would reduce failures, which would loop back to process input and risk documentation.
Failures exist when a product or process doesn’t perform as designed or intended. If the laser marking fades from the drill after multiple steam sterilization cycles, the laser marking no longer serves the intended purpose of providing size information to the user. The input and risk documents should then be updated to include the requirement that the marking remain legible after multiple steam sterilization cycles and a validation activity would include testing this requirement.
Post-market surveillance activities include constant monitoring of feedback and failures and initiating these looped activities because every process and product deserves the attention needed for continuous improvement. Companies that see opportunities for improvement and use internal processes to take advantage of these opportunities differentiate themselves. These companies produce high-quality products, command greater market share, and earn higher valuations for investors.
The traceability matrix isn’t outlined as a requirement but it’s the most common method to track process and product development activities. The matrix serves as a pointer to applicable documents instead of a repository for the information related to the product or process. A simplified example of a traceability matrix for the physical marking of drills with the applicable sizes is shown in the table below.
The evolution of the laser marking input can easily be seen and understood through the revised traceability matrix, a document that lives throughout the lifecycle. Rev A of this input includes basic information gathered from original input meetings, and there’s a reference to the specific meeting or input source. Rev A of the input is simple, logical, and light on detail, as can be expected from brainstorming sessions. Also included in the matrix is a reference to the output, risk management file, and all verification and validation activities that have been or will be created based on the input. Rev B of the input was created based on observations (or failures) noted in validation activity completed on the final product and includes updated risk file and validation references. Rev C of the input was created based on a failure in the field that was fed back into the lifecycle process, as well as the additional verification activity applicable to the updated input.
While maintaining the traceability matrices for all systems is arduous, it’s an internal and audit resource. Internal personnel, especially new hires, can see the evolution of product and process characteristics and find references to applicable technical documentation. When future changes are made to the product or process, each document that requires review as part of the change can be easily identified and reviewed for potential update requirements.
When a facility inspection occurs, the auditor can easily ask for a specific document instead of a group of documents. The auditor might ask for “complaint 2024-01-060” instead of “all complaints related to drills,” limiting the audit’s scope and time. As an auditor, I breathe a silent sigh of relief when I see a well-developed and well-maintained traceability matrix because I know I’ll find the information I’m seeking quickly and easily. It’s also the first indication of the company culture related to continuous improvement and quality. It’s not unheard of for a well-maintained traceability matrix to cut at least one day off my planned facility audit schedule.
Nobody loves paperwork but understanding the updates to input, risk, validation, and verification documentation is a process that serves a crucial and specific purpose and can add meaning to the work. This looping process isn’t paper-pushing work; it brings value to the organization on multiple fronts.
Meredith P. Vanderbilt is an internationally known medical device regulatory affairs consultant unafraid to communicate directly and honestly with regulatory bodies and clients about strategies and submissions to provide compliant and high-quality devices to the market.
Thinking about what we want a product or process to accomplish is the easiest aspect of input identification. We want cell phones to place and receive calls, send and read messages, access the internet, control our bank and credit card accounts, and navigate unfamiliar paths on an interactive map. A medical device manufacturer wants a laser marking process to leave a permanent, legible, indelible identification mark on a component or device. These positive inputs are easy to identify for most project teams, as well as users.
Negative inputs are undesirable (“can’t have”)—we don’t want cell phones to permit unauthorized access to personal or private data. A medical device manufacturer doesn’t want the device marking to fade over time or impact the finished device’s strength. (Yes, marking location can impact strength!) How, when, and by whom are these negative inputs identified? Initially, brainstorming sessions involving multiple departments and stakeholders are conducted and these meetings should result in the first list of inputs. This is the beginning of the lifecycle, however. It’s through risk assessment, verification and validation, and feedback/complaint processes that additional negative inputs are often identified.
Risk assessment is a big topic for product and process development that will be considered in future articles and its importance cannot be overstated. Starting points are designed to stimulate ideas, including lists of common harms, FDA’s TPLC database for similar products, and regulatory or industry guidance documents. If any negative inputs are identified, those also become part of the risks to be assessed and, where possible, mitigated. Inputs should be updated to include previously unidentified risks or requirements that come to light in the risk assessment process.
At this point, we see where inputs feed into risk assessment and the reverse is also true.
Designs and processes go through a series of verification and validation activities that can include anything from inspection to testing, or even clinical trials. Execution and results of these activities potentially point to characteristics that may have been overlooked in the input and risk management phases. You might wonder if it’s possible to overlook potential positive and negative inputs throughout the work already accomplished; the answer is “absolutely.”
A simple example is one input might be the size of the drill should be laser-marked on the product. The risk assessment identifies the importance of the user knowing the drill size and determines the risk is mitigated by the design requirement that the size be marked on the part. During design validation activity, it’s noted the marking is in a location not clearly visible while the drill is used or selected by the surgical staff. During process validation activity, it’s observed that the final passivation process removes the laser marking from the drill. In both cases, it becomes obvious the positive input (direct marking of the size on the drill) wasn’t clear enough for either the product or process design and the input and risk documents require an update to provide that clarity.
Here, we see how verification and validation activities loop back to the input and risk assessment phases of development.
Feedback can include observations and opportunities for improvement from production, marketing, engineering, clients, customers, or quality. In the laser marking example, a surgical technician might mention it would be helpful if the caddy that holds the drill for sterilization and surgical use were marked with the drill size. This would eliminate the need for the tech to pick up each drill to find the size marked on the part. Although marking the caddies wasn’t part of the original design inputs, this feedback should be used to update input and risk assessment documents. The modified input might include a verification and validation activity (inspection and simulated use) after the change is implemented. Manufacturing personnel might provide valuable feedback about the need for fixturing or equipment that would facilitate consistent placement of the laser marking or that post-laser testing would reduce failures, which would loop back to process input and risk documentation.
Failures exist when a product or process doesn’t perform as designed or intended. If the laser marking fades from the drill after multiple steam sterilization cycles, the laser marking no longer serves the intended purpose of providing size information to the user. The input and risk documents should then be updated to include the requirement that the marking remain legible after multiple steam sterilization cycles and a validation activity would include testing this requirement.
Post-market surveillance activities include constant monitoring of feedback and failures and initiating these looped activities because every process and product deserves the attention needed for continuous improvement. Companies that see opportunities for improvement and use internal processes to take advantage of these opportunities differentiate themselves. These companies produce high-quality products, command greater market share, and earn higher valuations for investors.
The traceability matrix isn’t outlined as a requirement but it’s the most common method to track process and product development activities. The matrix serves as a pointer to applicable documents instead of a repository for the information related to the product or process. A simplified example of a traceability matrix for the physical marking of drills with the applicable sizes is shown in the table below.
The evolution of the laser marking input can easily be seen and understood through the revised traceability matrix, a document that lives throughout the lifecycle. Rev A of this input includes basic information gathered from original input meetings, and there’s a reference to the specific meeting or input source. Rev A of the input is simple, logical, and light on detail, as can be expected from brainstorming sessions. Also included in the matrix is a reference to the output, risk management file, and all verification and validation activities that have been or will be created based on the input. Rev B of the input was created based on observations (or failures) noted in validation activity completed on the final product and includes updated risk file and validation references. Rev C of the input was created based on a failure in the field that was fed back into the lifecycle process, as well as the additional verification activity applicable to the updated input.
While maintaining the traceability matrices for all systems is arduous, it’s an internal and audit resource. Internal personnel, especially new hires, can see the evolution of product and process characteristics and find references to applicable technical documentation. When future changes are made to the product or process, each document that requires review as part of the change can be easily identified and reviewed for potential update requirements.
When a facility inspection occurs, the auditor can easily ask for a specific document instead of a group of documents. The auditor might ask for “complaint 2024-01-060” instead of “all complaints related to drills,” limiting the audit’s scope and time. As an auditor, I breathe a silent sigh of relief when I see a well-developed and well-maintained traceability matrix because I know I’ll find the information I’m seeking quickly and easily. It’s also the first indication of the company culture related to continuous improvement and quality. It’s not unheard of for a well-maintained traceability matrix to cut at least one day off my planned facility audit schedule.
Nobody loves paperwork but understanding the updates to input, risk, validation, and verification documentation is a process that serves a crucial and specific purpose and can add meaning to the work. This looping process isn’t paper-pushing work; it brings value to the organization on multiple fronts.
Meredith P. Vanderbilt is an internationally known medical device regulatory affairs consultant unafraid to communicate directly and honestly with regulatory bodies and clients about strategies and submissions to provide compliant and high-quality devices to the market.