BLOG HOME

  • Design Control and Risk Management

June 6, 2023

Design controls are a frequent citation in 483 observations and warning letters from the U.S. Food and Drug Administration (FDA). In fact, the agency has noted a large proportion of past recalls that could have been prevented with design controls.

FDA guidance also makes an explicit link between design control and risk management, highlighting the essential role of both in product development.

Below we explore the basics of design controls, and how to ensure FDA compliance by linking them in the quality management system (QMS).

Watch a free webinar on Document Management Best Practices for Life Sciences

What Are Design Controls?

Design controls are FDA-mandated quality procedures to ensure that medical devices meet user needs, intended uses, and specified requirements. Design controls help identify issues earlier in the product development process, so they can be corrected prior to production. They also enhance visibility throughout the design process, reducing costs and increasing productivity while facilitating better communication among the teams involved.

FDA Design Control Requirements

Part of FDA’s Quality System Regulation (QSR) 21 CFR Part 820.30 lays out design control requirements for medical device manufacturers. The requirements cover all class III and class II devices, with the majority of class I devices exempt.

Design controls that medical device manufacturers must document include:

  • Design and development plan: The design and development plan defines activities, responsibilities, and timelines, including how teams will work together. This must be continuously updated and reviewed as development evolves.
  • Design inputs: Design inputs are the physical and performance requirements of a device, based on documented user needs and intended use.
  • Design outputs: Design outputs represent the results of the design process, with measurable acceptance criteria defined. This step defines the outputs that are critical for the correct functioning of the device.
  • Design review: Design review takes place at each step to evaluate adequacy of design requirements and capability of design to meet requirements.
  • Design verification: Design verification confirms with objective evidence (such as test reports) that the design output meets input requirements. In other words, verification shows that you made the product correctly.
  • Design validation: Design validation demonstrates with objective evidence that the device specifications conform to user needs and the intended use. Compared with verification, validation shows that you made the correct product.
  • Design transfer: This step ensures that device design gets transferred correctly into product specifications.
  • Design changes: Here the focus is on establishing procedures for managing design changes before they are implemented.
  • Design history file (DHF): The DHF represents a master record of the device’s development history, also demonstrating all design controls, providing evidence that the device’s design phase follows the approved design plan, and that the device serves the user needs for which it is developed.
  • Device master record (DMR): The DMR includes all of the information needed to manufacture the designed product. It consists of design requirements, production process information, and includes any equipment details as necessary, as well as acceptance criteria.
  • Device history record (DHR): The DHR represents the production process of the device, and must demonstrate the fulfillment of the DMR. It is important that the DHR is maintained for each lot of a given device.

The traditional waterfall diagram below shows how design controls influence the product development process. Reviews take place at each step, with documentation updated as changes occur.

Design Controls and Risk Management

CFR Part 820.30(g) states that “design validation shall include software validation and risk analysis, where appropriate.” While it’s the only requirement that references risk analysis, FDA guidance is clear that risk management begins with design inputs.

While some companies treat them as standalone processes, design controls and risk management go hand in hand. A robust design control process incorporates risk management at multiple points in the product development lifecycle. That’s because as a device’s design evolves, you may identify new risks requiring additional controls. It’s easier—and less expensive—to manage risks earlier in development, compared with adding new components or controls later.

ISO 14971 defines the risk management process as having four core components:

  1. Risk analysis: Here manufacturers identify hazards and estimate risk for each hazardous situation.
  2. Risk evaluation: This step involves determining whether the quantified risk is acceptable or unacceptable.
  3. Risk control: Risk control involves determining your options, adding new controls, and measuring residual risk, including those that arise from controls.
  4. Production and post-production activities: This step involves collecting data and taking further action as needed, feeding the information back into step one.

Complying with Design Control and Risk Requirements

Complying with FDA design control requirements involves creating, managing, and routing for review a large volume of documentation. Multiply this across a company’s entire product line, and the necessity for a digital quality management system (QMS) becomes clear. In the context of design controls, a QMS provides:

  • A centralized repository for creating, managing, and tracking documents across the product development lifecycle
  • Effective version control to prevent errors that arise from using outdated documents
  • The ability to route documents for review efficiently to accelerate the design process
  • Simplified preparation for audits and regulatory submissions

More than just document control tools, however, manufacturers need a way to incorporate risk into the design control process. When evaluating QMS solutions, companies should look for software that lets them tie risk into any step of the process.

For example, let’s say you decide to make a change to an existing device to improve its performance. Within the QMS, you should be able to launch a failure mode and effects analysis (FMEA) to gauge potential risks associated with the change. The FMEA would then be documented within your design controls repository, including the DHF.

Conclusion

Design controls provide a structured method for ensuring that medical devices are safe and effective. To comply with FDA regulations, manufacturers must create and maintain a wide variety of documentation throughout the product development lifecycle.

Note that design control isn’t a one-and-done process that ends once design is transferred to production. Instead, manufacturers should use design control for any changes to a device, whether in response to complaints or for performance improvement. An automated QMS helps maintain design controls as living documents while integrating risk management at vital steps in the process.

Download a free brochure on An Automated Process for EU MIR Submissions

About the Author

Stephanie Ojeda is Director of Product Management for the Life Sciences industry at AssurX. Stephanie brings more than 15 years of leading quality assurance functions in a variety of industries, including pharmaceutical, biotech, medical device, food & beverage, and manufacturing.