FDA expands MDIC quality pilot to non-compliant manufacturers

Dive Brief:

FDA awarded $2.8 million to the Medical Device Innovation Consortium to expand a voluntary quality improvement pilot program to include manufacturing facilities not compliant with quality system regulations, MDIC said Monday.
The effort will examine whether using a process to evaluate execution of a quality system rather than compliance results in faster improvement at sites determined to be out of compliance.
The funding also will support work on threat modeling for medical device cybersecurity.

Dive Insight:

MDIC is a collaboration founded in 2012 between FDA and industry to advance medical device regulatory science through the development of tools and processes to improve evaluation of product safety, quality and effectiveness.

Many of the largest medical device makers, including Abbott, BD, Boston Scientific, Johnson & Johnson and Medtronic, are participants. Other members include the National Institutes of Health, CMS, the Centers for Disease Control and Prevention, nonprofits and patient groups.

The quality pilot initiative is now available for manufacturers compliant with FDA quality system regulations. Companies use a framework that measures their ability to produce high-quality devices and boost patient safety with a focus on continuous improvement.

Companies accepted can be removed from routine FDA inspection plans and have their performance independently monitored. For participants that complete a quality maturity assessment, FDA adjusts engagement activities and PMA submission requirements. In the longer term, the maturity model could become an alternative to the traditional FDA inspection, MDIC said.

Now, FDA wants to build on the success of the quality pilot to see whether it can also help non-compliant companies make improvements to product quality and return to compliance.

The effort will incorporate the internationally recognized ISO 13485 quality system standard and study use of manufacturing best practices from non-medical device sectors, including the consumer electronics, aerospace and automotive industries.

Non-compliant participants in the pilot will not receive any of the regulatory incentives offered to compliant companies, Jon Hunt, MDIC vice president for clinical science and technology, told MedTech Dive. The CMMI Institute will conduct a Medical Device Discovery Appraisal Program as part of the initiative, and non-compliant companies would be able to incorporate the appraisal in their remediation plans.

As for the cybersecurity side of the award, threat modeling will address risks to the total product life cycle, from supply chain and design to production and deployment of a device. FDA premarket and postmarket guidance recommends manufacturers perform threat modeling analyses for each of their devices. MDIC said it plans to conduct boot camps on threat modeling best practices for device stakeholders.

MDIC also will develop a threat modeling playbook for device cybersecurity that will catalog resources for device manufacturers, Hunt said. MITRE and Shostack & Associates will be partners in the cybersecurity project, he said.