Welcome to the RS blog! We will be adding information on a weekly basis every Thursday morning. Each month will have a pre-set topic of discussion. But as other topics come up, we will add posts throughout the week. This will also be the place we show new white papers or informational sheets, so keep us bookmarked for the latest information!

If there is a topic you are interested in, or would like discussed, please send it to us through the “Ask a consultant” form. We would be happy to discuss any topic of interest.

We look forward to having a conversation! Talk to you soon.

online slots best payout


Hello!  Welcome to our new weekly questions post.  We take all the questions asked from the week and choose the top ones to answer here as a summary for you.  This week we have 3.  Lets get started…

Q:  What are the differences between ISO13485:2003 and ISO13485:2016?

A:  For those new to ISO13485, the structure and organization is the same.  For those with a current ISO13485 certificate, there are quite a few changes.  Some are small and some are large.


  • New requirement for the company to document its role under the regulatory requirements that are applicable
  • Risk based approach is applied past the design process
  • Tighter control of external documents
  • Stronger emphasis on Management Repsonsibility
  • User training needs required to be documented


  • Many sections now have a requirement for a documented procedure
  • Training procedure must address how to achieve and maintain competence of personnel
  • Infrastructure and Work Environment needs are required to be documented
  • Tighter controls on suppliers and purchasing

Q: What are the regulatory requirements for a Class I device?

A: Each regulatory agency has their own requirements. Our answer here is focusing on the top regulatory areas, US, EU and Canada.

US – FDA classification is dependent upon the individual device.  Researching the device category in the Code of Federal Regulations will show the FDA’s current opinion.  That being said, many Class I devices are considered low risk and the only requirements are cGMP Quality Systems and annual establishment registration with device listing.

EU – Class I devices are usually self certification for CE Marking.  This means that a Technical File is required to be created, but it is not certified or reviewed by a notified body.

CANADA – Canadian classification is similar the US.  There are classifications for product categories, but many are noted as Class I.  Class I devices are not required to have a license, but their establishments are required to be registered.

Q:  What suppliers need to be on the approved suppliers list?  How would I do a supplier evaluation on FedEx?

A:  Only suppliers who have a direct impact on the product are required to be evaluated and listed.  If FedEx is just providing a standard delivery service, then they would not be considered as having an impact on the product.  If FedEx is shipping products guaranteed overnight (due to product expiration dating) or shipping in climate control (due to packaging requirements) then it would have a direct impact on the product and need to be evaluated.  When we are writing quality systems, we write in the procedure that all suppliers are assessed and a justification for non-inclusion is documented if they do not have a direct impact.  This shows traceability and at a minimum that consideration was made for inclusion on the approved suppliers list.

This week had some wonderful questions and we look forward to answering more of them next Thursday.  If you would like to submit a questions, you can reach us directly, or post it to social media.

See you next Thursday!

best casino app android

best online pokies app

Risk is an interesting topic in any company.  Historically, we have seen two styles:

  1. We do not have time to waste on 14971 activities.  It is so cumbersome and confusing!  We do the minimum in order to (barely) meet the requirements.

  2. We incorporate risk activities from the time a product begins design.  This continues through to post-market surveillance.

As you can see, these are on opposite sides of the spectrum.  But I bet you can recognize your company in one of them!

When one digs a little deeper into each of the styles, another interesting pattern comes out.

Style #1 is a company that generally does not understand the regulation and therefore cannot respect the regulation enough to follow it.  They do the minimum which almost always equates to a simple FMEA chart.  And sometimes this chart is only one page long.  These companies have had this mentality for so long, that it is an uphill battle to even start the education of risk, let alone implement it.

Style #2 usually comes from the mouth of RA/QA management.  They understand that the regulations are not optional and have educated themselves and their company on the process.  Within this style are two more possibilities.  A) The RA/QA management understands, but stands alone within the company.  They have to fight tooth and nail to get people to support their risk activities.  B) Upper management fully understands and supports the risk process and educates employees on the importance.  Style 2B is a rarity in any industry, but such a breath of fresh air when encountered!

Both of these styles are historic and understandable considering the hit or miss inspection techniques by government auditors/inspectors.  When the government reviews risk files, they used to accept the FMEA chart and move on without question.  This was the expectation so most companies did what was expected.

Then In 2007 when ISO 14971 was updated, the standard reflected a stronger documentation of the entire risk process.  But surprisingly enough, many government auditors/inspectors took quite a few years to catch up.  They still were fine with the basic FMEA chart.

But then things slowly started to change…

We started to notice government auditors/inspectors that were starting to use the 2007 version of the standard.  And many companies were caught off guard, not having sufficient files.

So everyone began to scramble and create these 14971 compliant risk files.  Yes, I said entire risk FILES.  When the standard is followed, it will generate an entire file for each device or device category.  And the file is a living document to be updated.  The management of the risk file is like management of the design file – continual updating when new information is brought in.

Back to the 2 styles.

What both styles should understand is that creation of a risk file is a value added activity.

  • If risk is incorporated early in design, then design flaws are caught before retooling and expensive processes need to be edited
  • If risk is incorporated during manufacturing, then manufacturing processes will be done to reduce defects and therefore lowering cost per unit to produce
  • If risk is incorporated during post-market activities, then device failure trends will be caught prior to patient involvement or recall activities are necessary

All of these activities are adding value by cutting potential expensive mistakes anywhere in the process.

Yes, creation of a new risk file when the product has already been established is a headache.  We all understand and have been there.  ISO 14971 is a well written guidance document and when read cover to cover, can provide a blueprint on how to create the risk file.

Of course, if you still need help, Regulatory Specialists is here to assist.  We have everything you need, from procedures to work instructions to the forms.  Even if you need it done quickly and completely, please give us a call.  We can walk you through the process.

Week 2 – Areas to Audit

Welcome to Week 2 of our 52 Weeks to RA/QA Clarity!  The first 4 weeks are devoted to Internal Quality Audits, with last week’s discussion focusing on the audit schedule.  This week we shift to what areas to audit as part of the schedule.

The standards do not provide guidance, but only generically state (FDA 21CFR820.22):

“Assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system.”

Many companies are unclear as to how the FDA expects this requirement to be met.  Once your scheduling is planned (and documented), the next step is to figure out what sections to group together.   People are always surprised when I tell them that grouping is not dependent upon the schedule.  You can perform audits on a weekly basis or on a annual basis.  The grouping should follow a simple pattern.

Audit patterns are determined on two inputs:

  1. Government Auditors are trained to follow the product through the system.
  2. The flow of product from raw material receipt through final product delivery to customer.

Both of these follow the same pattern.  This is because it ensures that all areas of the company and product are audited.  Each company (and product for that matter) will have unique steps in the process.  The bonus for using this pattern is that it can be applied to any company and any product and any process:

  • Supplier Audits
  • Outsourced Activity Audits
  • Internal Quality Audits

Lets get down to work!  The goal is to make the audit process as simple as possible.  Here is the pattern:

  1. Quality Manual
  2. Suppliers
  3. Raw materials
  4. Manufacturing
  5. Nonconforming Product
  6. Organizational Chart
  7. Employee records
  8. Design Master File
  9. Device Master Record
  10. Packaging
  11. Labeling
  12. Sterilization
  13. Shipping
  14. Distribution Records
  15. Communications with customers
  16. Complaints
  17. CAPA
  18. Communications with Regulatory Bodies

While going through the pattern, view the base procedures, work instructions and forms.  Then that will inform you on what documentation to expect within the system.

Now, time for more detail!

Quality Manual

The purpose of the Quality Manual is to verify that the top management ensures that an adequate and effective quality management system has been established and maintained.


A supplier is a supplier delivering materials, components, or services that may influence the safety and performance of the product.

The purpose of auditing the purchasing control subsystem is to verify that the manufacturer’s processes ensure that products, components, materials and services provided by suppliers, (including contractors and consultants) are in conformity.

Raw materials

The purpose of auditing the raw materials delivered from the supplier is to ensure that products ordered are the exact ones delivered.


The purpose of auditing the production and process control subsystem (including testing, infrastructure, facilities and equipment) is to verify that the manufacturer’s production and process controls are able to ensure that products will meet specifications.

Nonconforming Product

Verify that controls are in place to prevent distribution of nonconforming products.


The purpose of auditing Quality Management System activities associated with the development, procurement and/or use of software is to ensure the software meets its user needs, intended uses and specified requirements.

Note: Software includes: (1) software embedded within a medical device; (2) software that is a stand-alone medical device; (3) software used to control quality management system processes.

Organizational Chart

Review the manufacturer’s organizational structure and related documents to verify that they include provisions for responsibilities, authorities (e.g., management representative), resources, competencies and training.

Management Review

Verify that management reviews are being conducted and that they include a review of the suitability and effectiveness of the quality management system.

Employee records

The purpose of auditing employee records is to ensure an appropriate background of experience and training for the associated job description.

Design Master File

The purpose of auditing the design and development subsystem is to verify that the design and development process is controlled to ensure that medical devices meet user needs, intended uses and specified requirements.

Device Master Record

The purpose of auditing the Product Documentation Subsystem is to verify that the manufacturer’s documentation ensures that products meet customer and regulatory requirements.


The purpose of auditing the sterilization process (including testing, infrastructure, facilities and equipment) is to verify that the processes are appropriate to produce sterile products.

Distribution Records

The purpose of auditing distribution records is to ensure that product ordered by customers was delivered.  Also to ensure that product delivered meets regulatory requirements.

Communications with Customers

The purpose of auditing customer related processes subsystem is to verify that customer related processes ensure that requirements including regulatory requirements are addressed by the quality management system.


Confirm that customer feedback is analyzed in the product realization process and used to re-evaluate the risk assessment and, where necessary, adjust the risk management activities.


The purpose of auditing the CAPA subsystem (including reporting/tracking) is to verify that manufacturer’s processes ensure that information is collected and analyzed to identify actual and potential product and quality problems, and that these are investigated, and appropriate and effective corrective and preventive actions are taken.

Communications with Regulatory Bodies

Verify that medical device reporting is done according to the applicable regulatory requirements.

By following the flow of product, from raw material receipt through final product delivery to customer, the auditor ensures all aspects of the system have been viewed.  This ensures the system meets regulatory requirements as well as determining the effectiveness of the system.

As an added bonus this week, we have included a copy of our INTERNAL AUDIT CHECKLIST.

Please feel free to ask us any questions in our Facebook group 52 Weeks to RA/QA Clarity.  We look forward to continuing the conversation!


Week 1 – Internal Audit Schedules

Welcome to week 1 of RA/QA Clarity!  The next 4 weeks will have a focus on Internal Audits.  Internal Audits are the biggest area of confusion and stress for everyone managing a quality system.  Throughout the thousands of companies we have worked with, the question we hear repeated is always:

How am I supposed to schedule my internal audits?  The regulations require that they only be conducted.  What is meant by this vague statement?


Both the FDA QSR (Quality System Regulation) and ISO13485 are purposely vague on the quality audit requirements.  I know this is not the response you are looking for!  But keep in mind that various companies, from tongue depressors to mechanical heart implants, all have to follow the same regulations.  There are a multitude of companies that have their own interpretation and need for internal quality audits.  Therefore, the regulations cannot be too specific, it would not work for everyone.

This vagueness works in your favor!  The expectation is that each company will take the regulations and apply it to their business practices.  There is no “right” way to do internal quality audits.

That being said, when we go into companies to assist with their quality system, one of the first things analyzed is internal quality audits.  This is because this is a section notorious for being over written within the system.  Many managers simply ask me:

I have inherited this quality system and do not know how to streamline it.  I just cannot keep up with this procedure!


Remember above, where we discussed the vagueness of the regulations?  This is where it becomes a benefit.  Since there is no specific requirement, you can easily establish the minimum – CONDUCT QUALITY AUDITS.  Period.  Its that simple.

What does this simplicity mean in terms of how the regulations are interpreted by government bodies?

Government bodies performing inspections (FDA) or audits (ISO13485) all have been trained on what to look for and how to write companies up on non-conformities.  They interpret the internal quality audit regulations on the following points:

  1. Is there a procedure discussing internal quality audits?
  2. Are internal quality audits conducted per the procedure?
  3. Are internal quality audits conducted once a year at a minimum?
  4. Do individuals audit their own work?
  5. Are corrective actions taken based upon internal quality audit findings?

#3 is the focus of this blog post.  Look at that!  Only once a year?  And that does not mean you can do one on December 31 and the next on January 1!  Please make sure they are about 12 months apart.

There is no requirement or expectation to have them quarterly, or to group departments together, or to have some crazy system to perform an internal quality audit every month.

Simplify the internal quality audit process and do it one time a year.  You can do it in one day for small virtual companies, or over a full week for large companies that span several locations.  Doing it this way will serve several important points:

  • Keep the company focused on the process and not the inconvenience.
  • Give the ability for everyone to have it on their schedule and prepare adequately.
  • Allow for easier scheduling with Executive Management to review the findings.
  • Not be a burden on your RA/QA task list by getting it done and having the ability to move onto other quality system management tasks.
  • Most important – Meet the regulations.

WEEK 1 ACTION ITEM – Take an honest, hard look at your internal quality audit procedure and schedule.  Make the changes to simplify and clarify.  Follow the schedule and know that you are meeting the regulations while simplifying your system and at the same time cleaning up your RA/QA task list.

Have any questions about the process?  Join us in the 52 Weeks to RA/QA Clarity Facebook group!  Post your questions any time.  We look forward to continuing the conversation.

Simplicity and Clarity

Happy Monday to you all!  I hope you had a wonderful weekend, and a productive start to your week.

We at Regulatory Specialists have been busy these past few months creating a couple of amazing new programs for you.  It all begins with the 52 Weeks to RA/QA Clarity program.  The best part is that it is 52 weeks of unparalleled support – for FREE!

Since 1989, we have worked with thousands of clients.  From Mom and Pop companies starting in their garages, all the way through multi-national conglomerates.  Across these multitudes of clients and business styles, many of them have similar RA/QA stressors:

  • My task list is too much to tackle.
  • I am required to follow complicated government regulations.
  • There is not enough time in the day to maintain my quality system.
  • The quality system was written by several people and is out of control.
  • I just don’t know where to start!

Do these sound familiar?  We all have experienced these thoughts at some time or another.

It is time for a solution!  Join us in the 52 Weeks to RA/QA Clarity!

Whether you are a start up company or running a multi-national conglomerate, 52 Weeks to RA/QA Clarity offers high-impact educational resources that have helped businesses to streamline their quality system and bring clarity to daily task lists within the first month.  We offer you unparalleled support you will find anywhere.

Get started TODAY so you can enjoy a streamlined quality system and a manageable task list that brings clarity to your RA/QA day on a daily basis.

If you are serious about streamlining and clarifying your quality system, if you are looking for ONE THING you can do to ensure that you stay focused and on-track to reach your goal, then this is the program for you.

What to expect:

  1. 12 different focuses of topic – A new topic every 4 weeks
  2. Blog post on one aspect of the topic every week, posted on Mondays
  3. Educational webinar every 4 weeks
    • to discuss the topic in more detail
    • bring the past 4 weeks together
  4. Private Facebook group to ask questions on the current topic

Are you ready to get started?

  1. Head over to Facebook and Like  Regulatory Specialists, Inc.
  2. Join our private Facebook group 52 Weeks to RA/QA Clarity

We thank you for joining us for the next 52 weeks!  This will be a fun and focused program!


Off-Label Promotions Approved by FDA but with limits

There has been a lot of discussion about the new FDA guidance document draft “Good Reprint Practices for the Distribution of Medical Journal Articles and Medical or Scientific Reference Publications on Unapproved New Uses of Approved Drugs and Approved or Cleared Medical Devices.” The question we hear most is about usage of the document. Continue reading

Social Media Marketing in the eyes of the FDA

The FDA expects device manufacturers to promote both benefit and risk information in every social media post. This includes the 140 character limit of Twitter! They expand this requirement to sponsor links and social media ads. In the eyes of the FDA, if you cannot follow the recommendations, then manufacturers should “reconsider using the platform.” The reality is that only low risk products will be able to follow the guidance. In addition to the character limitations, the FDA is recommending including a link to a website subpage that is dedicated exclusively to risk information. Continue reading

Risk Minimization for Home Use Devices

The FDA has recognized that medical devices are moving from the professional realm into the home use arena. Their new final guidance was released to address home use of medical devices through adequate design. The elements of design discussed include environmental considerations, temperature, storage, travel, international use, user considerations, human factors as well as labeling. Minimization of risk is the overarching theme of the entire document, and the FDA requests that home usage of devices be taken into consideration when submitting a premarket submission. This is a good guidance document for all medical device manufacturers, even if the device is not used in the home market. It can be used while doing risk determination to make sure that all areas are covered in the design documentation and subsequent risk documentation. Continue reading