Quality Assurance in Biomedical Devices

🔺Dear engineers: From #Design to #Clinical #Use: How Does #IEC60601 Ensure the Safety of Medical Devices? This series is a recognized international set of standards that sets strict requirements for the design, manufacture and testing of electrical medical devices, with the aim of ensuring their fundamental safety and effective performance for both patients and caregivers. The series includes standards to specific types of devices to ensure that the safety requirements of each are met. The result is a comprehensive framework that spans a wide spectrum of medical devices – from simple devices such as IV pumps to very complex equipment 📍 Importance of IEC 60601: 🔺Protection of patients and caregivers: The standards prevent electric shocks or injuries even in conditions of malfunction or misuse. 🔺Reduce Serious Breakdowns: Compliance with IEC60601-1 reduces the likelihood of potentially life-threatening malfunctions (e.g. respirators or pacemakers). 🔺Electromagnetic Compatibility (EMC) Guarantee: It prevents electromagnetic interference between devices, ensuring that they work harmoniously in overcrowded hospital environments. 🔺A prerequisite for global marketing: IEC 60601 certification is a regulatory requirement in global markets; failure to obtain it prevents the device from entering the market. 🔺Proof of Quality and Reliability: Getting certified means that the device passes rigorous tests and boosts users' confidence. 📍 Stages of application of IEC60601 standards: 1️⃣ Design Stage: The application of the standard begins by defining the general requirements (IEC 60601-1) and the sub-standards specific to each device type. Early internal tests are conducted on the prototype to simulate formal certification exams, ensuring that they are passed the first time. 2️⃣ Manufacturing and Testing Stage: After the design is completed, manufacturers strictly apply IEC 60601 standards during manufacturing via routine tests that include electrical safety (e.g., current leakage, grounding, insulation). Simplified tests derived from IEC 62353 are used for final examination. A strict quality system also oversees the process to ensure that every device that leaves the factory is in line with standards before distribution or delivery to the health sector. 3️⃣ Phase of use in healthcare facilities (post-marketing): Upon receipt of the device, an acceptance test is conducted, including electrical safety and performance. Periodic tests are carried out according to the preventive maintenance schedule, with extensive testing after each substantial maintenance, to ensure continued compliance with IEC 60601 standards throughout the clinical operation of the device. Failure to comply with safety standards such as IEC 60601 is a very costly risk in the medical device industry. For example, according to data from the FDA , nearly 30 medical device recalls were recorded by August 2023, and the cost of a single recall could be as high as $600 million.

✅ FDA Finalizes Computer Software Assurance (CSA) Guidance FDA just finalized CSA for production & quality-system software—superseding Section 6 of the 2002 General Principles of Software Validation (GPSV). The final CSA reframes “validation” around risk, intended use, and least-burdensome evidence—not paperwork for its own sake. What’s different vs. 2002 GPSV (Section 6): - Shifts from document-heavy IQ/OQ/PQ checklists to risk-based assurance scaled to process risk if software misbehaves. - Centers on intended use (direct vs. supporting) to tailor rigor and records. - Embraces supplier evidence, unscripted testing, and continuous monitoring to maintain a validated state. What’s new/clarified vs. the 2022 CSA draft: - Clearer treatment of cloud (SaaS/PaaS/IaaS) and when it falls within production/quality records. - Explicit inclusion of automation, analytics, AI/ML tools, and bots used in production/quality. - Tighter expectations for software changes, “appropriate record” scope, and Part 11 touchpoints. - Notes alignment with QMSR/ISO 13485; core risk framework retained with expanded examples. What to do now: 1. Inventory software tied to production/quality; classify by intended use (direct vs. supporting). 2. Risk-rank based on potential impact to device safety/quality if it fails. 3. Right-size assurance (vendor evidence, unscripted tests, monitoring, and only as much scripted testing as risk warrants). 4. Right-size records to demonstrate fitness for intended use and a maintained validated state. 🔗 FDA Final Guidance (Sept 24, 2025): https://lnkd.in/g7mW2bRC #MedTech #Quality #CSV #CSA #QMSR #ISO13485 #Part11 #MedicalDevices

Just as routine stress tests help us understand our own health, medical technology goes through its own set of trials to earn its place in a clinical setting. An MRI, for example, faces a battery of stress tests: steel balls dropped on heated surfaces to check for cracks, robotic arms repeatedly plugging and unplugging connectors to make sure all signals work properly, patient tables loaded with hundreds of kilograms to measure strength and endurance, vibrating floors to test precision and quality. Our factory teams scrutinize every detail – and imagine every scenario – to ensure the device will meet the daily demands of patient care in any kind of environment. Safety, reliability, and quality are non-negotiable. We must be absolutely confident that our systems will perform not only on day one, but also when faced with unexpected and urgent situations. This trust is more than a technical requirement – it’s fundamental to healthcare. When clinicians know their technology can handle challenges, they can fully focus on their patients and on delivering care with comfort and hope. For patients, this assurance means peace of mind and being able to focus on the truly important task at hand: healing.

The most dangerous myth in MedTech? That quality is solely QA’s job. That belief costs companies millions. Think about it: • Remediation • Delayed launches • Damaged reputations The impact is real. Quality is not a department. It is a shared responsibility across product development, operations, leadership, and every function that touches the patient. But here’s the nuance I’ve learned after more than 25 years in biotech, pharmaceuticals, and medical devices: Shared responsibility does not erase individual roles. It clarifies them. Here is how quality ownership should actually be distributed across an organization: 1. What a QA Manager is truly responsible for: • Building and maintaining the QMS • Preparing for FDA, ISO, MDR, IVDR, and MDSAP audits • Leading CAPA management and long-term effectiveness • Overseeing documentation and change control • Ensuring compliance with all regulatory requirements 2. Where companies consistently go wrong: • Expecting QA to catch every defect or oversight • Asking QA to write technical procedures for other departments • Isolating risk management within QA instead of placing it with departmental or process experts • Pushing last-minute compliance cleanups onto QA • Treating quality as the “police” instead of a strategic partner 3. What requires real cross-functional partnership: • Partnering with engineering on strong design controls • Closing CAPAs by fixing systemic issues • Monitoring post-market performance • Improving supplier quality with shared ownership • Helping teams use documentation for safety and consistency QA managers cannot and should not function as quality superheroes. You need an entire organization of quality champions. Here are questions that every team should think about: • Who actually owns design controls? • Is QA guiding or just cleaning up? • Has anyone outside QA had recent compliance training? • Are we fixing root causes or patching symptoms? • Do non-QA teams see how their choices affect audits and patients? Shifting from “quality is their job” to “quality is our job” takes discipline, but the payoff is undeniable: • Higher team alignment • Safer, more reliable products • Stronger relationships with regulators • Faster readiness for certification and market entry The results speak for themselves when quality becomes part of the culture, not just the checklist. P.S. If you asked me how to explain to a CEO that QA is not a document-writing silo, I’d say this: Quality protects the patient, the brand, and the business. Its value comes from partnership, not paperwork. As someone who has spent decades in biotech and MedTech quality and compliance, I continue to help teams strengthen this mindset. I’m also opening new training sessions on ISO certification, internal auditing, and compliance fundamentals for cross-functional teams, ensuring compliance with ISO, FDA, and any other applicable requirements. Let me know if you’d like the details.

There is a disturbing but understandable temptation in testing practices in medical device companies for design verification, design validation, and process validation (including calibration). Only record acceptable results, and if the test result is unacceptable, either leave the results field blank, rewrite the test so it passes, or re-execute the test until it passes and only record the passing result. No one wants critical tests to fail, creating a quality record of the failure that then needs to be addressed through a design or process change, test protocol change and re-execution, and/or equipment replacement and requalification. In addition to having to explain these results during inspections, firms have to deal with the inevitable project delays that impact device availability and company revenue. At the risk of sounding insensitive, that's just too bad. I've managed my own companies through these temptations personally during my time in industry, and I've helped multiple client companies deal with unwanted churn during design verification, design validation, and process validation. As a Quality Leader, part of your duty is to protect the company from regulatory compliance violations that put at risk the company's ability to operate freely and distribute their product without undue oversight from regulators. Everything gets recorded, and the design controls and production & process controls processes are built to handle both passing and failing tests through impact analysis and subsequent changes and retesting. Shortcuts taken in the rush to ship just aren't worth the potential for adverse events in the field and/or regulators determining that your QMS is ineffective and your records unreliable. Meridian Bioscience learned this lesson the hard way in a 22 December 2025 Warning Letter published today by FDA: "Your calibration verification procedure 65055, allows exclusion of up to (b)(4) of test results when they exceed the reportable range. This procedure includes instructions for operators to "leave blank" any "High" results and exclude "obvious outliers or contaminated samples," and if remaining data fails bias specification, it allows (b)(4) calibration adjustments." This Warning Letter also included a rare requirement for three 3rd party audits that must be reported to FDA, with the Agency mandating the dates for these audits. There was much more to the issues found by FDA than just the one noted above, but it's a valuable warning to companies with procedures like this in place. Take the hit, protect the company (from itself if necessary), and reflect the complete story in your quality records. https://lnkd.in/gcUtDX55

🧩 Technical Standards every MedTech professionals should know! Whether you're dealing with a Class I device, Class III or building an AI-based SaMD, aligning with the right standards is critical for regulatory success and product quality. But where do you start? Which ones are essential for your compliance? Of course, specific standards depend on device type, intended use, and market. But today I decided to share those standards that form the foundation of regulatory expectations across the industry. 👇 Here's a selection of technical standards every MedTech or regulatory team should be aware of, with recent updates and what’s coming!   🛡️ 𝗚𝗲𝗻𝗲𝗿𝗮𝗹 𝘀𝗮𝗳𝗲𝘁𝘆 𝗮𝗻𝗱 𝗾𝘂𝗮𝗹𝗶𝘁𝘆 📌 ISO 13485 Medical Devices - Quality Management Systems 📌 ISO 14971 Medical Devices - Risk Management 📌 IEC 62366-1 Medical Devices - Usability Engineering 📌 ISO 10993 series Biological Evaluation for Medical Devices 📌 IEC 60601 Series Electrical Safety Requirements 📌 ISO 15223-1 Medical Devices - Labelling 💻 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲, 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗮𝗻𝗱 𝗔𝗜 📌 IEC 62304 Software Life Cycle Processes 📌 ISO 27001 Information Security Management Systems 📌 ISO 42001 Information technology - Artificial intelligence - Management system 🧪 𝗖𝗹𝗶𝗻𝗶𝗰𝗮𝗹 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻, 𝗖𝗹𝗶𝗻𝗶𝗰𝗮𝗹 𝗣𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 𝗦𝘁𝘂𝗱𝗶𝗲𝘀 📌 ISO 14155 Medical Devices - Clinical Investigations 📌 ISO 20916 IVDs – Clinical performance studies 📣📣 What’s New: 📘 ISO 14155:2026 → Clinical investigation of medical devices for human subjects — Good clinical practice → Edition 4, 2026 published in March. 📘 ISO 10993-7:2026 → Biological evaluation of medical devices Part 7: Ethylene oxide sterilization residuals → Edition 3, 2026 just published. 📘 ISO 20417:2026 → Medical devices - Information to be supplied by the manufacturer → 2026 Edition published, and 2021 officially withdrawn. 📣 What’s Coming: 📘 ISO 18969 → A new standard for clinical evaluation of medical devices → Under development, now in Draft International Standard (DIS) stage. ⚠️ Staying up to date and monitor standards stage is not just good practice, it's essential to ensure compliance as expectations evolve.   New versions may change what's acceptable in risk management, testing, documentation, and more. This is why, on the MedBoard platform regulatory intelligence is not just about regulations and guidance. 👉 Real-time monitoring includes standards updates, adoptions, and country recognitions. So teams can stay informed, all in one place.   💬 Which of these do you use most?   #MedBoard #MedTech #MedicalDevices #RegulatoryAffairs #QualityManagement #RiskManagement  #ClinicalEvaluation #Compliance #ISO13485 #ISO14971 #MDSW #ClinicalAffairs #PostMarketSurveillance

Just validate the software!  Sounds simple but at a medical device company there are many types of software that need to be validated and the rules and requirements are different for each type. I put together this diagram of the “software landscape” to help people understand what type of software they’re working with. The diagram shows all the categories and sub-categories of software at a medical device company with examples of each type. First, we divide the landscape into product software and “non-product software.” Product software, if it’s regulated, falls under FDA design control regulations and international standards for medical device development such as IEC 62304. Product software includes all the software you develop plus any third party software included in your product. Within the regulated product software category there are three sub-categories based on the safety risk of the software (classes A / B / C per the IEC 62304 medical software standard). The fourth category “Enforcement Discretion” refers to low risk applications that are technically regulated by FDA but for which FDA has decided not to enforce regulations. On the non-product software side different regulations and standards apply and therefore different requirements for validation and documentation. There are three main sub-categories of non-product software: software used in manufacturing, software used in product development, and software used in the quality system. These can vary considerably in complexity and risk profile, including everything from an Excel spreadsheet to a software test script to a very complex PLM system. The testing and documentation required for validation of non-product software depends very much on the risks associated with them and their complexity (i.e. a one-size-fits-all approach to validation will either over-validate or under-validate the wide variety of non-product software). My recommendation is to follow the FDA guidance for “Computer Software Assurance for Production and Quality System Software” and the international guidance ISO/TR 80002-2:2017 “Validation of software for medical device quality systems.” See links in the comments below. Do you have any tips for managing the variety of regulated software at a medical device company? What has worked well (or badly) at your company? #medicaldevices #medicalsoftware #samd

Calling it safe because it passed one test 10 years ago is like saying: ‘𝘐 𝘵𝘳𝘶𝘴𝘵 𝘩𝘪𝘮, 𝘩𝘦 𝘸𝘢𝘴 𝘯𝘪𝘤𝘦 𝘰𝘯 𝘰𝘶𝘳 𝘧𝘪𝘳𝘴𝘵 𝘥𝘢𝘵𝘦.’ We all know how that logic usually ends. Yet in medical devices, I still see safety arguments built on: • certificates older than some team members • material data sheets that haven’t survived a process change • test reports that were valid then but are blindly reused now 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐞𝐬, 𝐝𝐚𝐭𝐚 𝐬𝐡𝐞𝐞𝐭𝐬, 𝐚𝐧𝐝 𝐭𝐞𝐬𝐭 𝐫𝐞𝐬𝐮𝐥𝐭𝐬 𝐡𝐚𝐯𝐞 𝐚 𝐬𝐡𝐞𝐥𝐟 𝐥𝐢𝐟𝐞. Not because they were wrong, but because context changes. And safety is always context-dependent: • manufacturing changes • suppliers change • specifications drift • standards evolve • post-market data accumulates (or screams quietly) Biocompatibility isn’t about having data. It’s about asking, repeatedly and honestly: 👉 Is this data still relevant? 👉 Does it still represent this device, today? 👉 What gaps exist between “what we have” and “what we now know”? That’s why revisiting data, performing gap analysis, and re-interpreting evidence is not bureaucracy, it’s risk management. Because “he was nice once” is not a long-term safety strategy. And neither is a 10-year-old report. • • • • • • • • • • • • • • • • • • • • • • • • • • • • Biocompatibility is often where uncertainty meets responsibility and good decisions rely on: ✔ solid scientific rationale ✔ smart use of available data I’m Marina Daineko, specializing in biological evaluation for medical devices. Let’s connect and exchange insights on making science-driven safety decisions.

Are you curious about how to create safe and effective artificial intelligence and machine learning (AI/ML) devices? Let's demystify the essential guiding principles outlined by the U.S. FDA, Health Canada | Santé Canada, and the United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA) for Good Machine Learning Practice (GMLP). These principles aim to ensure the development of safe, effective, and high-quality medical devices. 1. Multi-Disciplinary Expertise Drives Success: Throughout the lifecycle of a product, it's crucial to integrate expertise from diverse fields. This ensures a deep understanding of how a model fits into clinical workflows, its benefits, and potential patient risks. 2. Prioritize Good Software Engineering and Security Practices: The foundation of model design lies in solid software engineering practices, coupled with robust data quality assurance, management, and cybersecurity measures. 3.Representative Data is Key: When collecting clinical study data, it's imperative to ensure it accurately represents the intended patient population. This means capturing relevant characteristics and ensuring an adequate sample size for meaningful insights. 4.Independence of Training and Test Data: To prevent bias, training and test datasets should be independent. While the FDA permits multiple uses of training data, it's crucial to justify each use to avoid inadvertently training on test data. 5. Utilize Best Available Reference Datasets: Developing reference datasets based on accepted methods ensures the collection of clinically relevant and well-characterized data, understanding their limitations. 6. Tailor Model Design to Data and Intended Use: Designing the model should align with available data and intended device usage. Human factors and interpretability should be prioritized, focusing on the performance of the Human-AI team. 7. Test Under Clinically Relevant Conditions: Rigorous testing plans should be in place to assess device performance under conditions reflecting real-world usage, independent of training data. 8. Provide Clear Information to Users: Users should have access to clear, relevant information tailored to their needs, including the product’s intended use, performance characteristics, data insights, limitations, and user interface interpretation. 9. Monitor Deployed Models for Performance: Deployed models should be continuously monitored in real-world scenarios to ensure safety and performance. Additionally, managing risks such as overfitting, bias, or dataset drift is crucial for sustained efficacy. These principles provide a robust framework for the development of AI/ML-driven medical devices, emphasizing safety, efficacy, and transparency. For further insights, dive into the full paper from FDA, MHRA, and Health Canada. #AI #MachineLearning #HealthTech #MedicalDevices #FDA #MHRA #HealthCanada