Margaret Corduff covers the fast-approaching implementation of the EU 2017 / 745 & EU 2017 / 746 in May 2020 and how Odyssey VC can help.
May 2020: EU Medical Device Regulations (MDR) (EU) 2017 / 745 & In-vitro Diagnostics Regulation (IVDR) (EU) 2017 / 746
One big change with the implementation of EU 2017 / 745 & EU 2017/746 concerns the classification of medical device software (& Rule 11). This classification is based on intended use and impact of the software; it requires input from technical experts knowledgeable of the device. Odyssey VC can offer services / assistance regarding the classification of medical device software (& Rule 11) and the qualification of software within scope of these MDR & IVDR regulations.
Preparation of data flow maps will help with the classification decision output, in particular re. Rule 11. Odyssey VC can assist with the preparation of data flow maps to clearly show where the data goes and what it is used for. In relation to Rule 11, the decision re: classification is based on the significance of the information (data) that the software provides into the healthcare decision, i.e. the decision making process may be easier to follow if you can visually see where the data goes, what systems it interfaces with and what users can access it (and therefore what decisions may come as a result).
- Data flow maps are also a required deliverable for CS validation and will feed into the required data integrity assessment of the software.
Software qualification is a core service that Odyssey VC routinely provides to clients, including life science companies and software developers / IT companies. Some companies we work with have no prior experience working within / providing to the life science sector, so we assist (or solely execute) the applicable qualification & then implement operational processes to ensure compliance with regard to the ongoing computer systems lifecycle.
- The GAMP Lifecycle methodology applies to all software, throughout its lifecycle and at Odyssey VC, we have the processes, procedures and deliverable templates in place to assist implement this requirement. Our procedures are also designed in line with EU (& FDA) requirements on computerised systems.
- One point to note regarding qualification is that while “the operating systems or virtual environments do not impact the qualification criteria,” it should be noted that the operating system / virtual environment must sit on qualified infrastructure and it is up to the user to verify this. Again, this is something that Odyssey VC can assist with. Some users may overlook, however it is essential that it is considered. Whichever solution is used, it is essential that the on-premise storage solution or cloud architecture used is qualified and confirmed to be secure, and that the user of the software application has verified this (taking the word of the cloud provider will not be sufficient for the regulators).
The advance of the EU MDR (EU) 2017 / 745 & IVDR (EU) 2017 /746 provide a challenge to applicable device manufacturers and software developers. However, with the support of Odyssey VC a robust decision-making process can be put in place for classification and the resulting qualification approach can be defined.
Adapted from Issue #1 of the Compliant Cloud Newsletter, released April 2020. Click here to subscribe to our newsletter and receive the latest reg updates.