While the word “design” often suggests a creative, trial-and-error process, design, as it applies to medical devices, must be a well-controlled, thoroughly documented process. Design controls are addressed by CFR 21 Part 820, which describes the regulatory requirements for all medical devices sold in the U.S. In order to further clarify its expectations, the FDA has also issued a Guidance on the topic, which is regularly reviewed but has mostly remained stable since 1997.
Design Controls: Why Do They Matter?
Design controls are defined as a systematic assessment of design throughout the device development process. Digging into adjacent expectations reveals that this goes beyond product design alone: it also encompasses product verification and validation test design, human factors design, cybersecurity design, and manufacturing process design.
The goal of design controls is to assure regulators, auditors, and other stakeholders (including, in some circumstances, healthcare providers and patients) that the device released to manufacturing correctly accomplishes its intended function. Properly implemented, design controls provide windows into the development process, proving that the right design choices are being made at the right time and when design mistakes are made, they are discovered and corrected at the appropriate point in the design process.
Design controls are also a requirement to obtain FDA approval for a medical device. The final output of the design control process is called the design history file (DHF), which is required as part of the pre-submission checklist before the FDA will even consider a device for approval. So while design controls make sense in any manufacturing situation because they help minimize business risk to budgets and schedules, they are non-negotiable for medical device development.
The FDA guidance on medical device design controls identifies the following control elements:
- History File
The design control process applies to new designs as well as changes to existing plans. It is well-documented that many companies have a disproportionately large number of flaws in their change management processes compared to the initial development process. Design controls are critical throughout the life of the product. Without a change management process that is just as robust as the original design control process, design changes can introduce fatal flaws into any aspect of the product, from basic functionality to security, to human factors.
The design control process should be regularly attended by risk management throughout development. Every change to an accepted design requires new risk analyses and risk mitigations. Though risk management is a complete topic in its own right, it cannot be separated from design controls.
Finally, do not lose sight of the fact that every step in the design process must be fully documented, and the resulting records (also known as “artifacts”) must be adequately controlled. The adage to remember is, “If you didn’t document it, you didn’t do it.” The most thorough design review possible has zero benefit if it is not documented.
With these notes in mind, our next blog post will move on to the individual components of design review.