Long Live Design Controls, Part II: A Systems Engineering Perspective In The QMSR Paradigm

By Jayet Moon and Arun Mathew

In the highly regulated field of medical device development, ensuring product safety and efficacy while maintaining compliance with regulatory standards is paramount. Central to this is the design process that is founded on design controls, which provides a systematic framework for translating user needs into tangible product features while effectively managing risks. Over the years, design controls have proven to be of paramount importance to the greater design assurance and product development process. In our last article, we discussed how the adoption of the Quality Management System Regulation (QMSR) has effectively superseded the explicit design controls CFRs and associated FDA guidance, but their essence lives on within the framework of ISO 13485:2016 Clause 7.3. This article aims to explore the risk management requirements per the QMSR and how to integrate the risk management process with the design control process.

Three prominent methodologies shape the common industry approaches to product development: the waterfall model, the V-model, and Agile. We will focus on the first two product development approaches as they are commonly employed in medical device development and offer a clear illustration of how risk management processes can be integrated in design control process. The third article in this series will discuss Agile.

The waterfall model, as outlined in the FDA’s Design Control Guidance for Medical Device Manufacturers, follows a structured, sequential path from requirements definition to maintenance. This approach has distinct linear phases, and each phase is completed before proceeding to the next, ensuring thorough documentation at every step of the development process and culminating in design validation that ensures that the medical device design meets the user needs.

In contrast to the sequential nature of the waterfall model, the V-model presents a parallel approach to testing and development. Introduced by Paul Rook in the 1980s, the V-model emphasizes the early involvement of testing activities, aligning them with each phase of development. This concurrent approach facilitates the timely detection of testing challenges and assists the team in effectively strategizing test protocols, resulting in accelerated product release and improved outcomes. Additionally, it allows for targeted verification of design inputs. While both models share similarities in their sequential progression, the V-model stands out for its integrated approach to verification and validation, which occurs concurrently with development phases. Furthermore, production process-related design transfer activities also can be plotted on an expanded version of this model. This is illustrated in Figure 1.

Figure 1. Click on image to enlarge.

The V-model also integrates risk management activities throughout the development process as shown in Figure 1. The V-model allows for concurrent updating of risk documents, as testing, verification, and validation outputs become available, including process qualifications and validations. By enabling the concurrent initiation of risk activities, this model facilitates early detection and implementation of mitigation measures in the design process, resulting in high-quality and safer products at lower costs due to reduced rework. Additionally, this approach ensures that the risk file remains a living document, better reflecting the evolving nature of risks and their mitigation measures.

For instance, in the design input stage, if new risk control measures are identified, they can be promptly incorporated into the design inputs, minimizing the need for product redesign. Similarly, if the design outputs are intended to verify the implementation of a specific control, the associated verification test will ascertain the effectiveness of that risk control measure. While both the waterfall model and the V process model have their respective strengths and weaknesses, the V process model stands out for its flexibility, early testing planning, and improved traceability.

The primary advantage of the V process model lies in its ability to identify and mitigate risks at an early stage, arguably surpassing the capabilities of the waterfall model. Risk management is a critical component of the design control process in both the waterfall model and the V-model. In the waterfall model, risk management activities typically occur sequentially, either during or following the completion of each phase. Preliminary hazard analysis (PHA) takes place after finalizing user needs, identifying potential hazards and associated risks. Design failure modes and effects analysis (dFMEA) occurs after design inputs are frozen, assessing potential failure modes and their effects on product safety. Use-related risk analysis is concomitantly done for better outputs of usability engineering. Process failure modes and effects analysis (pFMEA) precedes design transfer, ensuring that potential failure modes are addressed before production. The process culminates in user failure mode and effects analysis (uFMEA), which evaluates potential failure modes and control options from the user's perspective.

The adoption of a QMSR relies heavily on an integrated approach to design control and risk management. This is because the ISO 13485 clause 7.1 specifically mandates the documentation of one or more processes for risk management in product realization, while clause 7.3.3 subsection c) stipulates that any applicable output(s) of risk management must be considered as design input. This lays the foundation for a systems approach to risk management. The systems approach focuses on assessing the device’s life cycle in its totality so that the primary objectives of safety and effectiveness can be realized as effectively as possible. The V-model shown in Figure 1 aims to show this systems approach starting from user needs to design to process and all the way to benefit-risk analysis. Risk management is a key enabler of the systems approach and sine qua non of not only design control enablement but also product safety. Thus, its actions and deliverables are interwoven throughout the product life cycle.

Effective risk management and product development in the QMSR paradigm requires a thorough understanding of design controls and the methodologies that shape them even though QMSR does not call out design controls. While the waterfall model suggested in the FDA guidance offers a structured approach with thorough documentation, the V-model presents a compelling alternative, emphasizing early testing and risk mitigation. By leveraging these methodologies within the design control process, medical device manufacturers can navigate regulatory requirements with confidence, ensuring the delivery of safe and effective products to market. As the field continues to evolve, the principles of design controls will remain essential in safeguarding the health and well-being of patients worldwide.

About The Authors:

Jayet Moon earned a master’s degree in biomedical engineering from Drexel University in Philadelphia and is a Project Management Institute (PMI)-Certified Risk Management Professional (PMI-RMP). Jayet is also a Chartered Quality Professional in the UK (CQP-MCQI). He is also an Enterprise Risk Management Certified Professional (ERMCP) and a Risk Management Society (RIMS)-Certified Risk Management Professional (RIMS-CRMP). He is a Fellow of the International Institute of Risk & Safety Management. His new book, Foundations of Quality Risk Management, was recently released by ASQ Quality Press. He holds ASQ CQE, CQSP, and CQIA certifications.

Arun Mathew works in quality systems in R&D at AbbVie. He holds an executive MBA, M.Sc., in real time embedded systems, and a diploma in electronics. He has more than two decades of experience in the medical devices industry, drug product development, manufacturing, and regulatory affairs. He is a longtime member of the American Society for Quality and is a certified CQA Certified Quality Auditor and CQE Certified Quality Engineer. Previously, Mathew has worked at Fortune 500 companies such as Zimmer Biomet, Medtronic, and Baxter.

Editor's Note: The authors have recently published a new book through ASQ: Mastering Safety Risk Management For Medical And In Vitro Devices. You can find it here.