DocMCP Knowledge Base

English

中文

English

中文

Appearance

Assessment and Decision Process for the Recognition of a Conformity Assessment Body Conducting Medical Device Regulatory Reviews

Document: IMDRF/GRRP WG/N66 FINAL:2024 (Edition 2)

Official Source

https://www.imdrf.org/documents/assessment-and-decision-process-recognition-conformity-assessment-body-conducting-medical-device-regulatory-reviews

Full Text

Assessment and Decision Process for the Recognition of a Conformity Assessment Body Conducting Medical Device Regulatory Reviews

Document Number: IMDRF/GRRP WG/N66 FINAL:2024 (Edition 2)

Source: https://www.imdrf.org/documents/assessment-and-decision-process-recognition-conformity-assessment-body-conducting-medical-device-regulatory-reviews

Final Document

IMDRF/GRRP WG/N66 FINAL:2024 (Edition 2)
Assessment and Decision Process for the Recognition of a Conformity Assessment Body Conducting Medical Device Regulatory Reviews
Authoring Group
IMDRF Good Regulatory Review Practices

Preface

© Copyright 2024 by the International Medical Device Regulators Forum.

This work is copyright. Subject to these Terms and Conditions, you may download, display, print, translate, modify and reproduce the whole or part of this work for your own personal use, for research, for educational purposes or, if you are part of an organisation, for internal use within your organisation, but only if you or your organisation do not use the reproduction for any commercial purpose and retain all disclaimer notices as part of that reproduction. If you use any part of this work, you must include the following acknowledgement (delete inapplicable):

“[Translated or adapted] from [insert name of publication], [year of publication], International Medical Device Regulators Forum, used with the permission of the International Medical Device Regulators Forum. The International Medical Device Regulators Forum is not responsible for the content or accuracy of this [adaption/translation].”

All other rights are reserved and you are not allowed to reproduce the whole or any part of this work in any way (electronic or otherwise) without first being given specific written permission from IMDRF to do so. Requests and inquiries concerning reproduction and rights are to be sent to the IMDRF Secretariat.

Incorporation of this document, in part or in whole, into another document, or its translation into languages other than English, does not convey or represent an endorsement of any kind by the IMDRF.

Jeffrey Shuren, IMDRF Chair

Contents

Introduction 5

1. Scope 7

2. References 8

3. Definitions 9

4. Overview 11

4.1. CAB Assessment Cycle 11

4.2. CAB Assessment Program 11

5. CAB Assessment Criteria and Overview 13

5.1. CAB Assessment Criteria 13

5.2. CAB Assessment Overview 13

6. CAB Assessment Deliverable 15

6.1. Communicating Nonconformities During an Assessment 15

6.2. Nonconformity Reporting 15

6.3. Grading Assessment Nonconformities 16

6.4. Final List of Nonconformities 18

6.5. Remediation Plan 18

6.6. Review of the Remediation Plan 19

6.7. Recommended Closure of Nonconformities 19

6.8. Assessment Report 20

7. Technical Review of Assessment Activities 21

8. Verification of Effectiveness of Corrections and Corrective Actions 22

9. Assessment Decision 23

9.1. Inputs to the Assessment Decision Process 23

9.2. Decision Criteria and Outcomes of the Assessment Decision Process 23

10. Communication Following Assessment Decision Process 28

10.1. Notification 28

10.2. Notification of Cessation of Recognition 28

11. Appeals Process 29

12. Publication of Recognition Decisions 30

Appendix 1 – Examples of Nonconformity Grades 31

Introduction

This is one document in a collection of documents produced by the International Medical Device Regulators Forum (IMDRF) intended to improve the efficiency and effectiveness of the regulatory review of medical devices, including in vitro diagnostic (IVD) medical devices.

IMDRF/GRRP WG/N47 (Essential Principles of Safety and Performance of Medical Devices and IVD Medical Devices) and IMDRF/GRRP WG/N52 (Principles of Labeling for Medical Devices and IVD Medical Devices) are complementary documents. These two documents are focused on the fundamental design, manufacturing, and labeling requirements for medical devices that, when met, provide assurance the device is safe and performs as intended, offers significant benefits to, among others, manufacturers, users, patients/consumers, and regulatory authorities.

IMDRF GRRP WG/N40 (Competence, Training, and Conduct Requirements for Regulatory Reviewers), IMDRF GRRP WG/N59 (Requirements for Medical Device Conformity Assessment Bodies for Regulatory Authority Recogn ition), and IMDRF/GRRP WG/N71 (Medical Device Regulatory Review Report: Guidance Regarding Information to be Included) are complementary documents. IMDRF/GRRP WG/N40 and IMDRF/GRRP WG/N59 are focused on requirements for Conformity Assessment Bodies (CABs) conducting regulatory review(s) of medical devices and IVD medical devices and individuals performing regulatory reviews and other related functions under their respective medical device legislation, regulations, and procedures required in their regulatory jurisdiction. IMDRF/GRRP WG/N71 expands upon section 7.5.2 of IMDRF/GRRP WG/N59 by articulating exactly the type of information a regulatory review report should include to address the requirements of section 7.7 of N59.

This document, IMDRF/GRRP WG/N66 (Assessment and Decision Process for the Recognition of a Conformity Assessment Body Conducting Medical Device Regulatory Reviews) is complementary to IMDRF/GRRP WG/N61 (Regulatory Authority Assessment Method for Recognition and Surveillance of Conformity Assessment Bodies Conducting Medical Device Regulatory Reviews) and IMDRF/GRRP WG/N63 (Competence and Training Requirements for Regulatory Authority Assessors of Conformity Assessment Bodies Conducting Medical Device Regulatory Reviews). Together these three documents are focused on how Regulatory Authorities will evaluate or “assess” a CAB’s compliance to the requirements in the IMDRF/GRRP/WG/N59 and IMDRF/GRRP WG/N40 documents.

Specifically, the purpose of this document, IMDRF/GRRP WG/N66, is to explain the assessment process and outcomes, including the method to “grade and manage” nonconformities resulting from a recognizing Regulatory Authority’s assessment of a CAB; and to document the decision process for recognizing a CAB or cessation of recognition. To prevent confusion between regulatory review activities performed by a CAB and the activities performed by medical device Regulatory Authority Assessors for CAB recognition and surveillance, in this document, the latter are designated as “assessments.”

This collection of IMDRF GRRP documents will provide the fundamental building blocks by providing a common set of requirements to be utilized by the Regulatory Authorities for the recognition and monitoring of entities that perform regulatory reviews and other related functions. It should be noted that in some jurisdictions the recognition process is called designation, notification, registration, determination, or accreditation.

IMDRF developed these GRRP documents to encourage and support global convergence of regulatory systems, where possible, seeking to strike a balance between the responsibilities of Regulatory Authorities to safeguard the health of their citizens as well as their obligations to avoid placing unnecessary burdens upon medical device CABs or the regulated industry. IMDRF Regulatory Authorities may add additional requirements beyond this document when their legislation requires such additions.

Scope

This document defines:

  • the process and lifecycle for recognizing, maintaining, or ceasing recognition of a CAB;
  • the process of managing, grading, and closure of assessment nonconformities issued to a CAB; and,
  • the outcomes of an initial, surveillance, or re-recognition assessment of a CAB.

References

  • IMDRF/GRRP WG/N40:2024 Competence, Training, and Conduct Requirements for Regulatory Reviewers
  • IMDRF/GRRP WG/N47:2024 Essential Principles of Safety and Performance of Medical Devices and IVD Medical Devices
  • IMDRF/Standards WG/N51:2018 Optimizing Standards for Regulatory Use
  • IMDRF/GRRP WG/N52:2024 Principles of Labelling for Medical Devices and IVD Medical Devices
  • IMDRF/GRRP WG/N59:2024 Requirements for Medical Device Conformity Assessment Bodies for Regulatory Authority Recognition
  • IMDRF/GRRP WG/N61:2024 – Regulatory Authority Assessment Method for Recognition and Surveillance of Conformity Assessment Bodies Conducting Medical Device Regulatory Reviews
  • IMDRF/GRRP WG/N63:2024 - Competence and Training Requirements for Regulatory Authority Assessors of Conformity Assessment Bodies Conducting Medical Device Regulatory Reviews
  • IMDRF/GRRP WG/N71: 2024 Medical Device Regulatory Review Report: Guidance Regarding Information to be Included
  • GHTF/SG1/N78:2012 Principles of Conformity Assessment for Medical Devices.
  • GHTF/SG1/N46:2008 Principles of Conformity Assessment of In Vitro Diagnostic (IVD) Medical Devices.
  • GHTF/SG1/N71:2012 Definition of the Terms 'Medical Device' and 'In Vitro Diagnostic (IVD) Medical Device.'
  • GHTF/SG1/N077:2012 Principles of Medical Device Classification
  • GHTF/SG1/N045:2007 Principles of In Vitro Diagnostic (IVD) Medical Device Classification
  • ISO/IEC 17000:2020**–** Conformity assessment – Vocabulary and general principles
  • ISO/IEC 17011:2017 Conformity assessment - General requirements for accreditation bodies accrediting conformity assessment bodies
  • ISO/IEC 17065:2012 Conformity assessment — Requirements for bodies certifying products, processes and services
  • ISO/IEC 17067:2013 Conformity assessment -- Fundamentals of product certification and guidelines for product certification schemes
  • ISO 9000:2015 – Quality Management Systems – Fundamentals and Vocabulary
  • ISO 9001:2015 – Quality Management Systems — Requirements
  • ISO 13485:2016 – Medical Devices – Quality Management Systems – Requirements for Regulatory Purposes

Definitions

Assessment : A systematic, independent, and documented process for obtaining assessment evidence and evaluating it objectively to determine the extent to which assessment criteria are fulfilled. (IMDRF/GRRP WG/N63:2024)

Assessor: An employee of a Regulatory Authority with the demonstrated personal attributes and competence to conduct an assessment of a Conformity Assessment Body. (IMDRF/GRRP WG/N61:2024)

Competence: Ability to apply knowledge and skills to achieve intended results.

(ISO 9000:2015, Clause 3.10.4)

Conformity Assessment Body (CAB): A body other than a Regulatory Authority engaged in determining whether the relevant requirements in technical regulations or standards are fulfilled. (IMDRF/GRRP WG/N40:2024)

Medical device: Any instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material or other similar or related article, intended by the manufacturer to be used, alone or in combination, for human beings, for one or more of the specific medical purpose(s) of:

  • diagnosis, prevention, monitoring, treatment or alleviation of disease,
  • diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury,
  • investigation, replacement, modification, or support of the anatomy, or of a physiologi­cal process,
  • supporting or sustaining life,
  • control of conception,
  • cleaning, disinfection, or sterilization of medical devices,
  • providing information by means of in vitro examination of specimens derived from the human body;

and does not achieve its primary intended action by pharmacological, immunological, or metabolic means, in or on the human body, but which may be assisted in its intended function by such means.

NOTE 1: Products which may be considered to be medical devices in some jurisdictions but not in others include:

  • disinfection substances,
  • aids for persons with disabilities,
  • devices incorporating animal and/or human tissues,
  • devices for in-vitro fertilization or assisted reproduction technologies.

(Modified from GHTF/SG1/N71:2012)

NOTE 2: For clarification purposes, in certain regulatory jurisdictions, devices for cosmetic/aesthetic purposes are also considered medical devices.

NOTE 3: For clarification purposes, in certain regulatory jurisdictions, the commerce of devices incorporating human tissues is not allowed.

Nonconformity: A non-fulfillment of a requirement. (ISO 9000:2015)

Quality Management System : A QMS comprises activities by which the organization identifies its objectives and determines the processes and resources required to achieve desired results. The QMS manages the interacting processes and resources required to provide value and realize results for relevant interested parties. The QMS enables top management to optimize the use of resources considering the long and short term consequences of their decision. A QMS provides the means to identify actions to address intended and unintended consequences in providing products and services. (ISO 9000:2015, Clause 2.2)

Regulatory Authority: A government body or other entity that exercises a legal right to control the use or sale of medical devices within its jurisdiction, and that may take enforcement action to ensure that medical products marketed within its jurisdiction comply with legal requirements. (GHTF/SG1/N78:2012)

Regulatory Review: A review of a medical device that is conducted to assess conformity with regional regulations or standards.

NOTE 1: A regulatory review is performed by Regulatory Reviewer(s), and on occasion, the Regulatory Authority and/or recognized Conformity Assessment Body may consult with Technical Expert(s) to assist in specific aspects of the regulatory review process.

NOTE 2: Depending on the complexity of the medical device, it may be necessary for a team of Regulatory Reviewer(s) and/or Technical Expert(s) to conduct the regulatory review to ensure all required competencies are addressed.

NOTE 3: A regulatory review consists of an assessment of documentation and/or evaluation/testing of physical medical devices and includes the recommendation and associated decision-making processes. The scope of the review is dependent on the Regulatory Authority’s requirements. (IMDRF/GRRP WG/N40:2024)

Regulatory Reviewer: An individual from a recognized CAB responsible for routinely performing regulatory reviews of medical devices. This may include for example, premarket reviewers, product specialists, etc. (Modified from IMDRF/GRRP WG/N40:2024)

Technical Documentation : The documented evidence, normally an output of the quality management system, that demonstrates compliance of a device to the Essential Principles of Safety and Performance of Medical Devices. (GHTF/SG1/N78:2012 and GHTF/SG1/N46:2008)

Technical Expert: For the purposes of this document, a Technical Expert is an individual who is consulted on an ad hoc basis to provide specific technical knowledge or expertise to the regulatory review process. This may include an individual employed by the Regulatory Authority or their recognized CAB or external to these organizations, as permitted by the Regulatory Authority.

NOTE 1:__ Areas of expertise could include, for example, clinical, design, manufacturing, etc.

(IMDRF/GRRP WG/N40:2024)

Overview

CAB Assessment Cycle

As discussed in IMDRF/GRRP WG/N61, for a CAB conducting regulatory reviews for the regulated medical device sector, the Assessment Program should follow a 3- or 4-year cycle. A 4-year cycle is illustrated in Figure 1.

Figure 1 - 4-Year CAB Assessment Cycle

The Assessment Cycle includes an Initial Assessment, annual Surveillance Assessments, and a Re-Recognition Assessment.

CAB Assessment Program

Figure 2 identifies the different assessment activities within each aspect of the CAB Assessment Program, as discussed in IMDRF/GRRP WG/N61.

It is important to note that additional Special Assessments performed on-site or remotely may also be necessary as described in IMDRF/GRRP WG/N61 (see Clause 4.3.9).

A written request for extending or reducing the scope of recognition may be submitted by the CAB at any time within the assessment cycle. Prior to the end of the recognition cycle,**** the CAB may need to submit a new application for re-recognition depending upon the requirements of the recognizing Regulatory Authority(s). Any desired change of scope of recognition can be included within the re-recognition application.

Assessment Program

Initial

Assessment

Re-Recognition Assessment

Application Review

Stage 1 Assessment IncludingDocumentation Review

Stage 2 On-Site Assessment(Head Office)

On-Site Assessments of Critical Locations

Regulatory Review Assessment (RRA)

Regulatory Review Assessment (RRA)

On-Site Assessments of Critical Locations

Surveillance On-Site Assessment(Head Office)

Stage 1 Assessment IncludingDocumentation Review for Changes

Re-Recognition On-Site Assessment(Head Office)

On-Site Assessments of Critical Locations

Regulatory Review Assessment (RRA)

Assessments

Assessment Activities

Surveillance

Assessment

Figure 2 - CAB Assessment Program with Assessment Activities through the Assessment Cycle

CAB Assessment Criteria and Overview

CAB Assessment Criteria

The recognizing Regulatory Authority(s) will assess the CAB through the various assessment activities against the assessment criteria. The CAB assessment criteria are:

  • IMDRF/GRRP WG/N59 – “Requirements for Regulatory Authority Recognition of Conformity Assessment Bodies Conducting Medical Device Regulatory Reviews” (Note: ISO/IEC 17065:2012 is incorporated as a normative reference except for the exceptions listed in N59 Clauses 4.1, 4.6, 7.4, 7.6, 7.7, and 7.9);
  • IMDRF/GRRP WG/N40 – “Competence and Training Requirements for Regulatory Reviewers”; and
  • Any particular additional regulatory requirements issued by the recognizing Regulatory Authority(s).

Guidance and best practice documents should not be considered assessment criteria, unless specifically incorporated into the recognizing Regulatory Authority(s)’s particular regulatory requirements. Particular regulatory requirements may include requirements on such topics as:

  • regulatory review process or technique;
  • regulatory review time frames;
  • limits on the type of regulatory reviews able to be completed by CABs, versus regulatory reviews that need to be completed by the Regulatory Authority;
  • the need for a quality management system audit of certain medical device manufacturer facilities as part of the regulatory review process;
  • regulatory review report requirements; or
  • certification document requirements.

Other than the criteria listed above, no other criteria hold any particular relevance to the IMDRF CAB Assessment Program or recognition process, unless such requirements have been explicitly incorporated into the IMDRF GRRP WG documents or recognizing Regulatory Authority(s) particular regulatory requirements.

CAB Assessment Overview

Figure 3 provides a general overview of the CAB’s application, assessment program/activities, and the recognition decision related processes including an appeals process.

The recognizing Regulatory Authority(s) must ensure that the threat of self-review is minimized as further described in this document (see Clauses 7.0 and 9.1).

Figure 3 - CAB Assessment and Recognition Decision-Related Processes

  • Per IMDRF/GRRP WG/N61 Clause 4.3.2, CABs are initially authorized to perform regulatory reviews after the recognizing Regulatory Authority completes Stage 1 and 2 assessments of the head office and critical locations, and any significant nonconformities identified during these assessments have been addressed.

Decisions can be one of the following**😗* Initial recognition with scope; Maintenance of recognition; Extension or restriction of scope; Re-recognition with scope maintained, restricted or extended; Cessation of recognition; or No recognition.

CAB Assessment Deliverable

Communicating Nonconformities During an Assessment

The Regulatory Authority(s) will identify any nonconformities against any element of the assessment criteria (see 5.1) that are observed during assessments of CABs, and verify the effectiveness of any corrections and corrective actions taken to address nonconformities identified in previous assessments.

The CAB should be invited to discuss potential nonconformities as part of the daily wrap-up meetings between the CAB and the recognizing Regulatory Authority(s)’s assessment team during the assessment performed on-site or remotely at the Head Office and Critical Location(s), or after the Regulatory Review Assessment (RRA). Comments on nonconformities enable the CAB to indicate its agreement on any nonconformity, to contest part or all of the nonconformity, or to provide additional clarification on the extent or significance of nonconformity.

Nonconformity Reporting

In order for the significance of CAB’s nonconformities to be characterized utilizing the assessment nonconformity grading system described in this document, it is essential that the reporting of a nonconformity uses clear, factual, and precise language. The nonconformity must enable any reader, not just individuals involved in the assessment, to comprehend the actual non-fulfillment that was detected during the assessment.

Each statement of nonconformity should:

  1. identify the specific requirement that has not been met or adequately fulfilled. The statement must:
  • document the source of the requirement from the assessment criterion; or
  • where multiple requirements from the assessment criterion documents are related or the observed nonconformity may apply to more than one requirement, document at a minimum the most relevant clauses of the assessment criterion documents to sufficiently demonstrate the impact of the nonconformity on all relevant requirement areas. Where appropriate, related clauses from additional assessment criterion documents may be included.
  1. state how the specific requirement was not fulfilled. The statement should:
  • be clear and concise;
  • use the words of the unsatisfied assessment criterion; and
  • be self-explanatory and related to the issue, not just be a restatement of the assessment evidence or used in lieu of assessment evidence.
  1. be supported by objective evidence. The statement should:
  • identify the extent of evidence (e.g. number of records);
  • state what exactly was found or not found, with an example(s); and
  • identify the location or basis (source document) for the evidence (e.g. in a record, procedure, interview, or visual observation).

Nonconformities that are specific to elements listed in IMDRF/GRRP WG/N40 or N59 may be raised under the relevant clauses of these documents. Nonconformities identified against particular regulatory requirements not specifically mentioned in IMDRF/GRRP WG/N40 or N59 may be raised under IMDRF/GRRP WG/N59 Clauses 5.1.2 (current regulatory review practices and knowledge of medical device technologies), 7.2.2 (regulatory review reports and certification documents), or other relevant clauses of that document. Note that ISO 17065:2012 is normatively referenced in IMDRF/GRRP WG/N59.

Multiple instances of non-fulfillment of any single requirement should be combined into a single nonconformity unless the instances originate or relate to different aspects of a clause.

Where a clause of an assessment criteria document includes several distinct requirements, the non-fulfilment of multiple distinct requirements within a clause may be recorded as separate nonconformities.

When a nonconformity was already identified by the CAB, for example during an internal audit, prior to the recognizing Regulatory Authority(s)’s assessment, the assessors should refrain from documenting and grading a new nonconformity if all of the following conditions are present:

  • the identified nonconformity is recorded by the CAB;
  • the remediation action plan described in Clause 6.5 of this document, including correction and corrective action, as necessary, is appropriate;
  • the specified timeline for implementing the planned remediation actions is respected and consistent with the significance of the nonconformity and the nature of the planned remediation actions; and
  • the CAB has a process to assess the effectiveness of the remediation actions implemented.

In these cases, the assessors shall note this information in the report to document that these conditions are present, and to enable future verification of implementation and effectiveness.

If there is evidence during the following assessment that any of the CAB’s corrective action plans have not been fully implemented or are not effective, a nonconformity should be raised against the overall corrective action processes required by the CAB’s management system (see Clause 8.0 of IMDRF/GRRP WG/N61).

Grading Assessment Nonconformities

The grade of a nonconformity may be used by the recognizing Regulatory Authority for two purposes:

  • to identify possible actions a recognizing Regulatory Authority(s) will take with regards to a CAB’s recognition status. See Clause 9 for a description of how nonconformity grading is used to support the categorization of the assessment outcomes; and
  • to assist in prioritizing the order in which nonconformities must be addressed.

A nonconformity should be given one of four grades. Grade 1 is the lowest level of severity and Grade 4 the highest.

If there is a recurrence of nonconformity of Grades 1, 2 or 3, the grade is escalated by one after the first such recurrence. The Regulatory Authority can choose to further escalate the grade after subsequent recurrences if they believe such escalation is warranted. A nonconformity is considered recurring if a nonconformity against the same clause or regulatory requirement was also identified during either of the previous two assessments that evaluated this clause or requirement (see Figure 1).

The guiding principles for grading assessment nonconformities are the following:

  • All nonconformities cited against ISO/IEC 17065:2012 will start as a minimum Grade 1
  • All nonconformities cited against IMDRF/GRRP WG/N59 and N40 will start as a minimum Grade 2. (N59 and N40 contain regulatory requirements)
  • Assessors may elevate any minimum grade to a Grade 2, 3, or 4 if in their assessment they believe the grading rules below are met
  • If there is a recurrence of nonconformity of grade 1, 2 or 3 then the grade is escalated by one
  • Scoring of nonconformities that apply to more than one requirement should be based on the assessor’s judgment of the impact of the nonconformity and on the other scoring considerations in this document

If the assessor lowers the assigned grade with respect to the above guiding principles, the assessor must document the rationale in the assessment report. The table in Appendix 1 is a list of examples for guidance purposes of how assessment nonconformities could be graded under the scheme described in this document.

Grade 1

A Grade 1 nonconformity:

  • a nonconformity that is unlikely to have a direct impact on the CAB’s ability to routinely operate an effective, ethical, impartial and competent organization that produces acceptable regulatory review conclusions, regulatory review reports, and certification documents.

Grade 2

A Grade 2 nonconformity:

  • a nonconformity that is likely to have a direct impact on the CAB’s ability to routinely operate an effective, ethical, impartial and competent organization that produces acceptable regulatory review conclusions, regulatory review reports, and certification documents; and is unlikely to allow deficiencies in medical device design, evaluation, and labeling that have a direct impact on the safety and performance of the medical device, as determined from the manufacturer’s technical documentation.
  • a recurrence of a Grade 1 nonconformity.

Grade 3

A Grade 3 nonconformity:

  • a nonconformity that is likely to have a direct impact on the CAB’s ability to routinely operate an effective, ethical, impartial and competent organization that produces acceptable regulatory review conclusions, regulatory review reports, and certification documents; and is likely to allow deficiencies in medical device design, evaluation, and labeling that have a direct impact on the safety and performance of the medical device, as determined from the manufacturer’s technical documentation.
  • when a CAB operates outside of the recognized and designated scope.
  • a recurrence of a Grade 2 nonconformity.

Grade 4

A Grade 4 nonconformity:

  • evidence involving possible fraud, misrepresentation or falsification of evidence of conformity per IMDRF/GRRP WG/N59 Clause 4.1.
  • a recurrence of a Grade 3 nonconformity.

Final List of Nonconformities

At the conclusion of any assessment activity, the recognizing Regulatory Authority(s) will issue a final list of any nonconformities to the CAB that have been graded according to the grading system described in 6.3.

The CAB may contest the validity of a nonconformity issued as a result of an assessment through the recognizing Regulatory Authority(s) complaint or appeal process. A rationale for the complaint or appeal must be provided including supporting evidence. Until the complaint or appeal is resolved, the nonconformity must be addressed in the remediation plan.

Remediation Plan

The CAB shall respond to nonconformities issued by the recognizing Regulatory Authority(s) assessors by providing a documented remediation plan which includes:

  • investigation and cause analysis of the nonconformity(s) to date;
  • correction plan to control or limit the effects of the nonconformity, as appropriate; and
  • corrective action plan to prevent the re-occurrence of the nonconformity, including plans for systemic corrective actions and verification of effectiveness, as appropriate.

The documented remediation plan must be submitted within 15 working days from the day the nonconformity(s) was issued. Priority shall be given to any nonconformity graded as a 3 or 4. Upon request and with sufficient justification, additional time may be granted by the recognizing Regulatory Authority for responses to Grade 1 or 2 nonconformities.

The CAB shall subsequently provide the recognizing Regulatory Authority(s) with evidence of implementation of correction and corrective actions for any nonconformities graded 3 or 4, according to the timeline confirmed by the recognizing Regulatory Authority(s) as an outcome of the review of the remediation plan. Any nonconformities graded 1 or 2 will be followed up on the next Assessment. In some regulatory jurisdictions, the Regulatory Authority may request that the CAB provide evidence of implementation of correction and corrective actions for all nonconformities prior to recognition.

Review of the Remediation Plan

The recognizing Regulatory Authority(s)’s assessment team shall review the CAB’s remediation plan and determine if it is acceptable, in terms of: cause of nonconformity, actions identified, and the timeline for implementation of those actions. This review shall be documented.

If deemed necessary, the recognizing Regulatory Authority(s) may alternative remediation activities or other specific actions if the actions in the submitted remediation plan are not deemed adequate, or require adjustments to the time limits specified in the plan to provide evidence of its implementation and effectiveness.

The recognizing Regulatory Authority(s) assessment team shall recommend closure of the nonconformity only when the following criteria are met:

  • for all nonconformities, the remediation plan, including the investigation and cause analysis, has been deemed acceptable; and
  • for nonconformities graded 3 or 4, the recognizing Regulatory Authority(s) has verified the evidence that the actions have been implemented as planned and are effective in addressing the identified issue (see Clause 8.0).

Verification of acceptable implementation of the remediation plan can be performed:

  • by the assessment team as a documentation review; or
  • in accordance with the assessment team’s recommendation for follow-up during a Special On-Site Assessment, Special Remote Assessment, an additional Regulatory Review Assessment, or during the next On-Site Assessment.

A recommendation for closure of the nonconformity means that the assessment team is satisfied that information on the remediation of the nonconformity is sufficient to perform the Technical Review of Assessment Activities (see Clause 7.0). It does not prevent the recognizing Regulatory Authority(s) from re-assessing the topic and, in the light of additional information collected or observed, issuing a new nonconformity on the topic.

Assessment Report

Every assessment activity shall result in an assessment report. The type of assessment activity will dictate the assessment report format. The assessment report may be composed of multiple documents.

The assessment report shall include at a minimum the following information:

  • the assessment plan, including the identification of the assessment team, assessment date(s), and essential information about the CAB;
  • the type (e.g., initial, surveillance, re-recognition), scope (e.g., the types of medical devices to be covered by the assessment, the site(s) to be assessed) and objectives of the assessment;
  • the requested or approved scope of recognition;
  • the identification of the assessment criteria;
  • a narrative or summary of each process(s) assessed;
  • any nonconformities, their grade, and any corrections or corrective action(s) taken during the assessment;
  • the respective evaluation of any remediation; and
  • the assessment conclusions and recommended outcome.

The assessment team will recommend to the Technical Review of Assessment Activities process:

  • closure of any nonconformities;
  • continued follow-up of nonconformities;
  • scope restriction of the recognition; or
  • not to recognize, or cease recognition, due to the inability of the CAB to satisfactorily remediate nonconformities.

Technical Review of Assessment Activities

The Technical Review of Assessment Activities process includes gathering the outcomes of the assessment activity, the verification of the completion of the individual assessment activities, and finally generation of a written recommendation for Assessment Decision (see Clause 5.2). Documentation of the Technical Review of Assessment Activities should include, at a minimum, the rationale supporting the recommendation along with identification of the supporting evidence.

The Technical Review of Assessment Activities process must be conducted by an independent person, or a panel/committee led by an independent person, who is separate from the assessment team(s). The assessment team(s) may contribute in such a panel/committee.

The Technical Review of Assessment Activities shall include:

  • verification that any written nonconformities comply with the requirements in Clause 6.2;
  • verification that the grading of nonconformity(s) complies with the requirements in Clause 6.3;
  • verification that the remediation plans for Grade 1 or Grade 2 nonconformity(s) comply with the requirements of Clause 6.5 and 6.6;
  • verification of the implementation of the remediation plans for Grade 3 and Grade 4 nonconformity(s) (where Grade 4 nonconformities are the result of recurrence) and that they comply with the requirements of Clause 6.5 and 6.6;
  • any recommendation(s) where there is evidence of possible fraud, misrepresentation or falsification of evidence resulting in a Grade 4 nonconformity;
  • verification and evaluation of the assessment report(s);
  • if applicable, the outcomes of any complaint or appeal from the CAB on a particular nonconformity; and
  • decision on closure of any nonconformity (see Clause 6.7), and any appropriate follow-up which may include Special Remote Assessment or Special On-site Assessment.

The recognizing Regulatory Authority shall inform the CAB of any necessary follow-up actions.

Verification of Effectiveness of Corrections and Corrective Actions

As part of the Technical Review of Assessment Activities, the recognizing Regulatory Authority can decide that additional assessment activities are needed to verify the effectiveness of any corrections and corrective actions. These activities can include:

  • a documentation review by the assessment team;
  • a Special On-Site Assessment, a Special Remote Assessment, or additional Regulatory Review Assessment; or
  • assessment as part of the next On-Site Assessment.

Assessment Decision

Inputs to the Assessment Decision Process

The outputs of the Technical Review of Assessment Activities process are made available as an input to the individuals or panel/committee making the Assessment Decision on the status of the CAB.

The Assessment Decision process must be conducted by an independent person, or a panel/committee led by an independent person, who is separate from the Assessment activities. The Assessment Decision process may be performed by the same individual or panel/committee as the Technical Review of Assessment Activities process or by an independent panel/committee.

The recognizing Regulatory Authority(s) shall initiate the Assessment Decision process for the following situations:

  • Initial Recognition, Re-recognition, or Extension of Scope : All planned assessment activities are completed and the Technical Review of Assessment Activities has accepted all of the CAB’s remediation plans and activities
  • Restriction of Scope : The outcome of an assessment activity includes information suggesting that the recognized CAB no longer meets the minimum expected level of compliance for their full scope of recognition, or the recognized CAB has requested a reduction of their scope of recognition
  • Safety Issue : The outcome of an assessment activity includes information on a public health threat
  • Fraud/Misrepresentation/Falsification of Evidence Confirmed by the Technical Review of Assessment Activities : The outcome of an assessment activity includes evidence of fraud, misrepresentation or falsification of evidence[1] or there is evidence that the legal entity has been found guilty of an offense against national laws or regulations related to medical devices or relating to any fraudulent or dishonest practices.[2]

In cases of potential cessation of recognition, a recommendation from the Technical Review of Assessment Activities process is to be immediately submitted to the individual or the panel/committee undertaking the Assessment Decision process.

Decision Criteria and Outcomes of the Assessment Decision Process

Recognizing Regulatory Authority(s) shall use the criteria below to make their decision on the recognition status of CABs. The decisions include:

  • Initial recognition with scope
  • Maintenance of recognition
  • Extension or restriction of scope
  • Re-recognition with scope maintained, restricted or extended
  • Cessation of recognition
  • No recognition

The recognition decision may include additional conditions imposed by the recognizing Regulatory Authority(s). If any additional conditions are imposed, the maintenance of the recognition is subject to the CAB fulfilling all the requirements identified in the condition.

Decision Following Initial Assessment Activities (See Figure 2)

Recognition: The applicant is granted recognition for a specified scope when:

  • The Technical Review of Assessment Activities process found that any nonconformities (Grade 1, 2, 3) for all Initial Assessment Activities were brought to closure (see 6.7).

The applicant is recognized as a CAB for the duration of the assessment cycle and may:

  • undertake all regulatory review activities within the scope of the application; or
  • undertake regulatory review activities within a restricted scope of the application.

The CAB may request to vary the scope of their recognition application (extend or restrict) at any time. The recognizing Regulatory Authority(s) may grant recognition for the new scope after it has performed relevant Assessment Activities in order to assess the new scope, and when any nonconformities (Grade 1, 2, or 3) are brought to closure (see 6.7).

Refusal: The applicant is refused recognition when:

  • the application process has been terminated by the assessment team(s) before completion of the Initial Assessment Activities due to the inability of the CAB to satisfactorily comply with regulatory requirements;
  • the Technical Review of Assessment Activities process found the remediation plan(s) inadequate and unable to bring closure (see Clause 6.7) for any nonconformities (Grade 1, 2, 3 or 4) after the conclusion of the Assessment Process which included communication between the assessment team(s) and the CAB; or
  • there is evidence of fraud, misrepresentation or falsification of evidence (Grade 4).

The applicant is not to be recognized as a CAB and may not perform regulatory reviews under the recognition program. A new application from the same CAB is required if the applicant is to be reconsidered. With a written justification, a recognizing Regulatory Authority(s) may specify a timeframe within which a re-application will not be accepted.

Decision Following a Surveillance Assessment (See Figure 2)

Maintenance of Recognition: The CAB’s recognition is maintained when the Technical Review of Assessment Activities process found any nonconformities (Grade 1, 2, 3 or a Grade 4 issued due to recurrence) identified as part of the Surveillance Assessment Activities were brought to closure (see Clause 6.7).

The recognized CAB may continue to undertake all regulatory review activities within the scope of the application.

The recognizing Regulatory Authority(s) may add or vary any conditions on the existing recognition decision.

Extension of Scope of Recognition: The recognizing Regulatory Authority(s) may extend the scope of recognition for the CAB through a Surveillance Assessment (either per the regular assessment schedule or via a Special Surveillance Assessment), if the CAB has requested such an extension and the recognizing Regulatory Authority(s) has performed relevant Assessment Activities in order to assess the new scope. In this case, the scope of recognition will be extended if the Technical Review of Assessment Activities process found that any nonconformities (Grade 1, 2, or 3) identified as part of the Surveillance Assessment Activities were brought to closure (see Clause 6.7). If the Assessment Decision Process approves the amended scope, the expiry date of the initial or re-recognition decision is not changed.

Restricted Scope: The recognizing Regulatory Authority(s) may decide to restrict specific elements of the scope of recognition, either:

  • in response to a request from the CAB; or
  • after the Assessment Process has been exhausted and as an alternative to ceasing recognition, when the Technical Review of Assessment Activities process concludes that the CAB can no longer satisfy the requirements for recognition in relation to those specific elements.

Cease Recognition : The recognition is withdrawn when:

  • the CAB can no longer satisfy the requirements for recognition; or
  • there is evidence of fraud, misrepresentation or falsification of evidence (Grade 4).

A CAB no longer satisfies the requirements for recognition when, after the Assessment Process has been exhausted, the Technical Review of Assessment Activities process concludes that:

  • the remediation plan of any repeat nonconformity graded 3 or 4 is inadequate; or
  • the implementation of remediation for any first-time nonconformity graded 2 or 3 proves to be ineffective and the CAB is unable, or unwilling, to develop and implement effective remediation.

A decision to change the recognition status of a CAB may potentially affect a large number of manufacturers whose medical devices have undergone regulatory review by the CAB. In this event, the recognizing Regulatory Authority(s) may need to consider individual or collective transitional arrangements to ensure existing or potential public health risks are mitigated.

Decision Following a Re-recognition Assessment (See Figure 2)

Re-Recognition: The recognition remains valid and is renewed for the duration of the next recognition cycle. The CAB’s recognition is renewed when the Technical Review of Assessment Activities process found that any nonconformities (Grade 1, 2, 3 or a Grade 4 issued due to recurrence) for all Initial Assessment Activities were brought to closure (see Clause 6.7).

The recognized CAB may continue to undertake all regulatory review activities within the scope of the application.

Extension of Scope of Recognition: The recognizing Regulatory Authority(s) may extend the scope of recognition for the CAB, if the CAB has requested such an extension and the recognizing Regulatory Authority(s) has performed relevant Assessment Activities in order to assess the new scope. In this case, the scope of recognition will be extended if the Technical Review of Assessment Activities process found that any nonconformities (Grade 1, 2, or 3) identified as part of the Assessment Activities were brought to closure (see Clause 6.7) for all relevant Assessment Activities. If the Assessment Decision Process approves the amended scope, the expiry date of the re-recognition decision is not changed.

Restricted Scope: The recognizing Regulatory Authority(s) may decide to restrict specific elements of the scope of recognition, either:

  • in response to a request from the CAB; or
  • after the Assessment Process has been exhausted and as an alternative to ceasing recognition, when the Technical Review of Assessment Activities process concludes that the CAB can no longer satisfy the requirements for recognition in relation to those specific elements.

Cease Recognition : The recognition is withdrawn when:

  • the CAB can no longer satisfy the requirements for recognition; or
  • there is evidence of fraud, misrepresentation or falsification of evidence (Grade 4).

A CAB no longer satisfies the requirements for recognition when, after the Assessment Process has been exhausted, the Technical Review of Assessment Activities process concludes that:

  • the remediation plan of any repeat nonconformity graded 3 or 4 is inadequate; or
  • the implementation of remediation for any first-time nonconformity graded 2 or 3 proves to be ineffective and the CAB is unable, or unwilling, to develop and implement effective remediation.

A decision to change the recognition status of a CAB may potentially affect a large number of manufacturers whose medical devices have undergone regulatory review by the CAB. In this event, the recognizing Regulatory Authority(s) may need to consider individual or collective transitional arrangements to ensure existing or potential public health risks are mitigated.

Decision Following a Special Assessment

Clause 4.3.9 of IMDRF/GRRP WG/N61 provides some examples of situations when a Special Remote Assessment or Special On-Site Assessment may be warranted. The need for, and the type of, decision following a Special Assessment depends on the scope and objectives of this assessment. For example, if a Special On-Site Assessment is performed in response to a complaint regarding the CAB’s activities, potential decisions resulting from this assessment could include restriction in scope of recognition or complete cessation of recognition.

Special Assessments should not replace any of the regular Surveillance or Re-Recognition assessments within the assessment cycle. If the scope of recognition changes as a result of a Special Assessment, the Assessment Program still follows the same cycle and does not begin a new one.

Communication Following Assessment Decision Process

Notification

The recognizing Regulatory Authority shall notify the CAB of the decision made on their recognition status. In the case of an adverse decision, the recognizing Regulatory Authority(s) must include in the notification the rationale for the decision. The CAB may appeal the decision through the Appeals Process (see Clause 11.0).

Notification of Cessation of Recognition

When a previously recognized CAB no longer satisfies the requirements for recognition, the notification of the decision will provide details for the cessation of recognition, including the date it becomes effective in the absence of an appeal, and will outline the Appeal provisions. Once the notice to cease recognition is received, the CAB may not:

  • accept any new applications, including transfers from manufacturers from another CAB;
  • perform a regulatory review for any manufacturer whose application has already been accepted; or
  • extend the scope of a manufacturer’s marketing certification.

In cases where a public health issue is involved, the Appeals Process may be adjusted to very short time frames that are commensurate to the risk. Some recognizing Regulatory Authority(s) may impose other urgent actions in these cases. These actions would be detailed in a notification of cessation of recognition.

The cessation of recognition becomes effective either:

  • in the absence of an appeal, on the date identified in the notification; or
  • immediately after the appeals process confirms the decision to cease recognition.

When the cessation of recognition becomes effective, the CAB shall not perform any regulatory reviews.

After the decision to cease recognition is confirmed, the CAB is required to submit a new application if they wish to be reconsidered for recognition.

Appeals Process

CABs may appeal a decision within a timeframe defined by the recognizing Regulatory Authority(s).

The recognizing Regulatory Authority(s) shall establish procedures to receive and address appeals submitted by CABs. The procedures shall take into account any policy, general legal requirements or practices applicable to appeals in their jurisdiction.

Appeal procedures shall provide that, upon receipt of the appeal, the recognizing Regulatory Authority(s) shall as a minimum:

  • acknowledge receipt of the appeal;
  • review the decision;
  • decide on the validity of the appeal;
  • inform the CAB of the final decision(s) of the recognizing Regulatory Authority(s);
  • take follow-up action where required; and
  • maintain records of all appeals, final decisions and follow-up actions.

Publication of Recognition Decisions

The recognizing Regulatory Authority shall maintain publicly available information about the current recognition status, and changes to the recognition status, of CABs. This information shall be updated regularly. The information shall include the following for each recognized CAB:

  • name and address of the CAB; and
  • scope of recognition.

If the recognizing Regulatory Authority(s) decide to cease recognition of the CAB, the change of status shall be published only after the cessation of recognition becomes effective.

Appendix 1 – Examples of Nonconformity Grades

The table in this appendix provides examples of grades for nonconformities against the clauses of IMDRF/GRRP WG documents N59 and N40, and ISO/IEC 17065:2012. It is meant for guidance purposes only, situations and objective evidence will dictate the grade according to the procedures and criteria in this document.

The Table lists clauses from IMDRF GRRP WG documents N59 and**** N40 and the Standard ISO/IEC 17065:2012. The line items in the table are brief statements to capture the general intent of the particular clauses. The user shall refer to the full text of these three foundation documents when utilizing this table.

Section ISO/IEC 17065:2012IMDRF/GRRP WG/N59IMDRF/GRRP WG/N40Title or Intent of the clauseGrade 3Grade 2Grade 1
4General requirements
4.1Legal and contractual matters
4.1.1Legal responsibilityX
4.1.2**Certification agreement
** (Note IMDRF exception to ISO/IEC 17065:2012)
4.1.2.1Legally enforceable agreementsX
4.1.2.2Agreement conditions, including client responsibilitiesX
4.1.3Use of license, certificates and marks of conformity
4.1.3.1Control over use of indications of certification statusX
4.1.3.2Actions required for incorrect or misleading use of certification scheme or certification status informationX
4.1.1 (IMDRF N59)Organizational structure, ownership and legal or natural persons exercising control over the CABX
4.1.2 (IMDRF N59)If part of a larger organization; activities, structure, governance and relationship with CABX
4.1.3 (IMDRF N59)If CAB owns (whole or part) other entities; activities, structure, governance and relationship with CABX
4.1.4**(IMDRF N59)**Legally enforceable arrangements with manufacturers to allow RAs to assess CAB regulatory review activitiesX
4.1.5 (IMDRF N59)Legally enforceable arrangements with manufacturers allowing RAs to share infoX
4.1.6 (IMDRF N59)Agreement specifying responsibilities of RA and CAB, and authority of RAX
4.2Management of impartiality
4.2.1Impartiality of certification activitiesX
4.2.2Certification body responsibility for impartiality of certification activitiesX
4.2.3Identification of potential risks to impartialityX
4.2.4Elimination or minimization of identified risks to impartialityX
4.2.5Top management commitment to impartialityX
4.2.6Avoidance of certification activities that may pose a conflict of interestX
4.2.7Activities of separate legal entities related to the certification body do not compromise impartialityX
4.2.8Separation of certification management and review personnel from activities conducted by separate legal entitiesX
4.2.9Separation of certification body activities from activities of other consultanciesX
4.2.10Ensuring no conflict of interest of personnel with prior consultancy activities.X
4.2.11Response to any threats to impartiality.X
4.2.12Personnel, internal and external, and committees, shall act impartially.X
4.2.1 (IMDRF N59)Financial and organizational independence from manufacturersX
4.2.2 (IMDRF N59)Organization structured to safeguard independence, objectivity, and impartiality of its activities. Documentation of any investigation, outcome and resolution.X
4.2.3 (IMDRF N59)Top-level management and responsible personnel not involved in manufacturer’s processesX
4.2.4 (IMDRF N59)Documentation of personnel formerly involved in device consulting and general conflict of interest mitigationX
4.2.5 (IMDRF N59)Three years between consultancy services and assignment of tasks related to serviced companiesX
4.2.6 (IMDRF N59)Not advertising, committing to, guaranteeing or implying outcome of regulatory reviews based on financial or other inducementX
4.2.7 (IMDRF N59)If CAB is part of a larger organization, impartiality requirements apply to the whole organizationX
4.3Liability and financing
4.3.1Adequate arrangements to cover possible liabilitiesX
4.3.2Financial stability and resources required for operationsX
4.3.1 (IMDRF N59)Liability insuranceX
4.4Non-discriminatory conditions
4.4.1Policies and procedures shall be non-discriminatory or impede accessX
4.4.2Services accessible to all applicants within scope of operationsX
4.4.3Access to certification process shall not depend on client size or group membership. Outcome shall not depend on number of certifications issuedX
4.4.4Activities limited to scope of certificationX
4.5Confidentiality
4.5.1Responsibility for management of certification-related information, including provision of confidentialityX
4.5.2Notification of client when confidential information is releasedX
4.5.3Confidential treatment of client-related information when not received from clientX
4.5.1 (IMDRF N59)Documented procedures, equipment, and facilities to ensure confidentiality of regulatory review-related informationX
4.5.2 (IMDRF N59)Non-disclosure of regulatory review-related informationX
4.6Publicly available information Availability of information related to certification scheme, financial support and fees charged for services, rights and duties of applicants and clients, and complaint and appeals processesX
4.6.1 (IMDRF N59)(Exception to ISO/IEC 17065) CAB disclosure of marketing certification status upon request in jurisdictions where CAB issues final decisionX
4.6.2 (IMDRF N59)Public availability of information in ISO/IEC 17065:2012 Clause 4.6, not just upon requestX
4.6.3 (IMDRF N59)Public availability of regulatory review processes, impartiality policy, and management systemsX
4.6.4 (IMDRF N59)Compliance with RA requirements for public provision of information on certified medical devicesX
5Structural requirements
5.1Organizational structure and top management
5.1.1Activities structured and managed to safeguard impartialityX
5.1.2Organizational structure, including duties, responsibilities and authorities for personnel and committees; and relationships to any other parts of the organizationX
5.1.3Management authority and responsibilityX
5.1.4Rules for committeesX
5.1.1 (IMDRF N59)ISO/IEC 17065:2012 Clause 5.1.3(d) and (e) applies to certification activities/requirements established by RAsX
5.1.2**(IMDRF N59)**Personnel are current in practices and knowledge in relation to medical device technologies and regulatory requirementsX
5.1.3**(IMDRF N59)**Organizational capacity including management, administrative support, and infrastructure to undertake all contracted activitiesX
5.1.4 (IMDRF N59)Participation in regulatory coordination group activitiesX
5.1.5 (IMDRF N59)Consideration of relevant guidance and best practice documentsX
5.1.6 (IMDRF N59)Adopt and adhere to a code of conduct Violations to the code of conduct must be investigated and appropriate action takenX
5.1.7**(IMDRF N59)**Procedures for independent review of workX
6.0**(IMDRF N40)**Commitment to, and annual reaffirmation of, a Code of Conduct. Arrangements to manage perceived, actual, or potential conflicts of interest and breaches of confidentialityX
5.2Mechanism for safeguarding impartiality
5.2.1Establishment of mechanism for safeguarding impartialityX
5.2.2Documented composition of mechanism and access to necessary informationX
5.2.3Ability of mechanism to take independent actionX
5.2.4Inclusion of key interests in mechanismX
6Resource requirements
6.1Certification body personnel
6.1.1General
6.1.1.1Employment and use of sufficient number of personnelX
6.1.1.2Competence of personnelX
6.1.1.3Maintenance of confidential information by personnelX
6.1.1 (IMDRF N59)Regulatory reviewer competence requirements specified in IMDRF GRRP WG N40 documentX
6.1.2 (IMDRF N59)Understanding of duties, responsibilities, and authoritiesX
6.1.3 (IMDRF N59)Management has processes for the selection and training of competent regulatory reviewers.X
6.1.4 (IMDRF N59)Process to achieve and demonstrate effective regulatory reviewsX
6.1.5**(IMDRF N59)**Demonstration of competency regarding CAB review processes and certification requirements, and access to relevant procedures and instructionsX
6.1.6**(IMDRF N59)**Provision of trainingX
6.1.7**(IMDRF N59)**Competence of final regulatory reviewerX
6.1.8**(IMDRF N59)**Personnel identifying competence requirements or performing final review shall have appropriate knowledge and expertiseX
6.1.2Management of competence for personnel involved in the certification process
6.1.2.1Procedures for management of competencies of personnelX
6.1.2.2Personnel recordsX
6.1.9**(IMDRF N59)**Access to medical device knowledge and experienceX
6.1.10**(IMDRF N59)**Management have appropriate knowledge and processes for the selection of competent regulatory reviewersX
6.1.11**(IMDRF N59)**Senior management member having responsibility for medical device regulatory reviewsX
6.1.12**(IMDRF N59)**Professional integrity and technical competenceX
6.1.13**(IMDRF N59)**Adherence of regulatory reviewers and staff to Code of ConductX
5.0**(IMDRF N40)**Processes and procedures for selecting, training, approving, and assigning regulatory personnel. Responsibility to collect and maintain evidence demonstrating fulfillment of specified competency requirementsX
7.0**(IMDRF N40)**Determination of applicable foundational, functional, and technical competencies for regulatory reviewers, and establishment of methods for evaluating and fulfilling these competenciesX
8.0**(IMDRF N40)**Educational requirements for regulatory reviewers and technical experts, typically including a university degree and for, technical experts, additional education in area of expertiseX
9.0**(IMDRF N40)**Definition of experience requirements for regulatory review personnelX
10.0**(IMDRF N40)**Training requirements for regulatory review personnel, including initial training, maintenance training, and continued professional developmentX
11.0**(IMDRF N40)**Competence evaluation for regulatory reviewers, including methods of evaluation and evaluation criteriaX
12.0**(IMDRF N40)**Establishment of criteria for evaluating the ability of a regulatory reviewer to perform independently, and recording evidence demonstrating this abilityX
13.0**(IMDRF N40)**Maintenance of current and accurate records regarding competency evaluation and managementX
14.0**(IMDRF N40)**Remediation plan for bringing regulatory reviewers back into compliance with competency maintenance, including maintenance of recordsX
6.1.3Contract for personnelX
6.1.14**(IMDRF N59)**Contract declaring potential conflicts of interestX
6.2Resources for evaluation
6.2.1Internal resources shall meet requirements of relevant international standardsX
6.2.1**(IMDRF N59)**Additional requirements for CAB personnelX
6.2.2External resources (outsourcing)
6.2.2.1Outsourcing only to bodies that meet requirements of relevant international standardsX
6.2.2.2Ensure confidence in activities outsourced to non-independent bodiesX
6.2.2.3Legally binding contract between certification body and service providersX
6.2.2.4Certification body responsibilities when outsourcing activitiesX
6.2.2**(IMDRF N59)**Additional requirements for external personnelX
6.2.3**(IMDRF N59)**Competence requirements for external organizationsX
6.2.4**(IMDRF N59)**CAB competence to verify appropriateness of activities performed by external organizationsX
6.2.5**(IMDRF N59)**Documentation of arrangements between CAB and external organizationsX
6.2.6**(IMDRF N59)**Direct CAB assessment of external organizations regarding competence and assessment requirementsX
6.2.7**(IMDRF N59)**External resources cannot perform certification recommendations or decisionsX
7Process requirements
7.1General
7.1.1Operation of certification scheme(s)X
7.1.2Evaluation criteria in standards and other normative documentsX
7.1.3Formulation and availability of explanations of application of normative documentsX
7.1.1**(IMDRF N59)**Procedures covering regulatory review and certification processX
7.2Application Necessary information to complete the certification processX
7.3Application review (CAB Screening)
7.3.1Initial review of application informationX
7.3.2Identification of requests outside the certification body’s experienceX
7.3.3Competence, capability and documentation for certification activities identified as part of Clause 7.3.2X
7.3.4Declining to undertake certification activities outside the certification body’s competence or capabilityX
7.3.5Certification body references to existing certificationsX
7.3.1**(IMDRF N59)**Screening of regulatory submission for essential and relevant informationX
7.3.2**(IMDRF N59)**Review competence and familiarity with relevant regulations, standards, and guidelinesX
7.4Evaluation (Note IMDRF exception to ISO/IEC 17065:2012)
7.4.1Plan for evaluation activitiesX
7.4.2Assignment of internal resource personnelX
7.4.3Availability of all necessary information and documentationX
7.4.4Internal and external resources follow evaluation plan for their respective activities. Evaluation per certification scheme requirementsX
7.4.5Reliance only on evaluation results completed prior to applicationX
7.4.6Client informed of all nonconformitiesX
7.4.7Information to client regarding additional evaluation tasks needed to address nonconformitiesX
7.4.8Evaluation process applies to additional evaluation tasksX
7.4.9Documentation of all evaluation activities prior to reviewX
7.4.1**(IMDRF N59)**Evaluation of regulatory submission per RA requirementsX
7.4.2**(IMDRF N59)**Technical documentation supports proposed medical device classificationX
7.4.3**(IMDRF N59)**Technical documentation supports the proposed intended useX
7.4.4**(IMDRF N59)**Any audit results support the regulatory submissionX
7.5Review (CAB Recommendation)
7.5.1Assignment of review personnel not involved in evaluation processX
7.5.2Documentation of review recommendationX
7.5.1**(IMDRF N59)**QMS/GMP certification if neededX
7.5.2**(IMDRF N59)**Documentation of recommendation in regulatory review reportX
7.5.3**(IMDRF N59)**Reporting safety-related information in regulatory submission to RA within 5 daysX
7.6Certification decision (Note IMDRF exception to ISO/IEC 17065:2012)
7.6.1Certification body responsibility for certification decisionsX
7.6.2Assignment of certification decision personnel not involved in evaluation processX
7.6.3Certification decision personnel employed by certification body or under organizational controlX
7.6.4Certification body organizational controlX
7.6.5Requirements for personnel under organizational controlX
7.6.6Client notification of certification decision and decision reasonsX
7.6.1**(IMDRF N59)**Sufficient and reliable evidence to support decisionX
7.7Certification documentation (Note IMDRF exception to ISO/IEC 17065:2012)
7.7.1Provision of certification documentation to clientX
7.7.2Inclusion of signature or other certification body authorization on documentationX
7.7.3Certification documentation issued after or concurrent with certification decision, fulfillment of certification requirements, and certification agreementX
7.7.1**(IMDRF N59)**Report to RA of certification decision and documentationX
7.7.2**(IMDRF N59)**Certificates and regulatory review reports meet RA requirementsX
7.7.3**(IMDRF N59)**Report and certificate documentation requirementsX
7.8Directory of certified products Certification body maintains information on certified productsX
7.8.1**(IMDRF N59)**Directory of certified products made available to RAX
7.9Surveillance – This section does not apply to CAB program
7.10Changes affecting certification
7.10.1Communication of certification scheme changes to clientsX
7.10.2Consideration of other changes affecting certification and their impactX
7.10.3Actions to implement changes affecting certification include evaluation, review, decision, or issuance of revised certification documentationX
7.10.1**(IMDRF N59)**Revision to CAB certification process to reflect regulatory changesX
7.11Termination, reduction, suspension, or withdrawal of certification
7.11.1Action when nonconformity with certification requirements is identifiedX
7.11.2Evaluation, review, or certification decision actions must follow relevant requirementsX
7.11.3Appropriate actions when certification is terminated, suspended, withdrawn, or reducedX
7.11.4Assignment of competent personnel to communicate actions needed to restore certification after suspensionX
7.11.5Evaluation, review, or certification decision actions to resolve suspension must follow relevant requirementsX
7.11.6Appropriate actions after reinstatement of certification after suspensionX
7.11.1**(IMDRF N59)**RA notified when CAB recommends certification termination, reduction, suspension, or withdrawalX
7.12Records
7.12.1Retention of records demonstrating fulfillment of certification process requirementsX
7.12.2Confidentiality of recordsX
7.12.3Record retention time framesX
7.12.1**(IMDRF N59)**Maintenance of appropriate records in addition to ISO/IEC 17065:2012 requirementsX
7.12.2**(IMDRF N59)**Retention of records per RA-specified time frameX
7.13Complaints and appeals
7.13.1Documented processes related to complaints and appeals, including recording and trackingX
7.13.2Confirmation that complaint or appeal relates to activities for which certification body is responsibleX
7.13.3Acknowledgement of receipt of complaint or appealX
7.13.4Gathering and verifying information to make decision on complaint or appealX
7.13.5Complaint or appeal decision not made by personnel involved in related certification activitiesX
7.13.6Non-involvement of personnel with prior related consultancy activitiesX
7.13.7Formal notice of complaint outcome to complainantX
7.13.8Formal notice of appeal outcome to appellantX
7.13.9Certification body takes any subsequent action needed to resolve complaint or appealX
7.13.1**(IMDRF N59)**Notifying RAs of complaints indicating safety or performance issue or public health riskX
7.13.2**(IMDRF N59)**Appeals handled by CAB, and any changes to final review decision communicated to RA. RA may have process for further appealsX
8Management system requirements
8.1Options
8.1.1Certification bodies establish and maintain a management system following either Option A (Clause 8.2) or Option B (8.3)X
8.1.2Components of a management system under Option AX
8.1.3Management system that meets ISO 9001 requirements satisfies Option BX
8.1.1**(IMDRF N59)**CAB shall establish management system appropriate for the scale of its reviews and the applicable regulatory requirementsX
8.1.2**(IMDRF N59)**Retention of records related to N59 for no less than 15 yearsX
8.1.3**(IMDRF N59)**Measurement, monitoring, and analysis of their review programX
8.1.4**(IMDRF N59)**Internal audits covering CAB structure and activitiesX
8.2General management system documentation (Option A)
8.2.1Establishment, documentation, and maintenance of policies and objectives for fulfillment of ISO/IEC 17065:2012 and the certification schemeX
8.2.2Evidence of commitment to development, implementation, and effectiveness of management systemX
8.2.3Appointment of management member with responsibility for management system processes, procedures, and performanceX
8.2.4Documentation, processes, systems, records related to ISO/IEC 17065:2012 linked to management system documentationX
8.2.5Access of certification personnel to relevant management system documentationX
8.3Control of documents (Option A)
8.3.1Establishment of document control proceduresX
8.3.2Procedures define controls for document approval, review/update, version control, availability, legibility/ease of identification, distribution control for externally generated documents, and control of obsolete documentsX
8.4Control of records (Option A)
8.4.1Establishment of record control proceduresX
8.4.2Establishment of record retention procedures, including appropriate accessX
8.5Management review (Option A)
8.5.1General
8.5.1.1Establishment of procedures for management system reviewX
8.5.1.2Establishment of record retention procedures, including appropriate accessX
8.5.2Inputs to management reviewX
8.5.3Outputs from management reviewX
8.6Internal audits (Option A)
8.6.1Establishment of procedures for internal auditsX
8.6.2Planning of audit programX
8.6.3Processes regarding timing of internal auditsX
8.6.4Personnel performing audits should be competent, not audit their own work, and be informed of audit outcomes. Timely and appropriate actions should be taken, including identification of opportunities for improvementX
8.7Corrective actions (Option A)
8.7.1Establishment of procedures for identification and management of nonconformitiesX
8.7.2Actions should be taken to eliminate causes of nonconformitiesX
8.7.3Appropriate actions should be takenX
8.7.4Requirements for corrective action proceduresX
8.8Preventive actions (Option A)
8.8.1Establishment of procedures for taking preventive actions to eliminate causes of potential nonconformitiesX
8.8.2Preventive actions appropriate to impactX
8.8.3Requirements for corrective action proceduresX
9.0**(IMDRF N59)**Information Requirements
9.1**(IMDRF N59)**Information Exchange Between the CAB and Recognizing Regulatory Authority(s)
9.1.1**(IMDRF N59)**CAB designation of function responsible for information exchange with RAsX
9.1.2**(IMDRF N59)**CAB to inform RAs within 5 days after becoming aware of fraudulent activities or counterfeit productsX
9.1.3**(IMDRF N59)**CAB to provide information regarding granting and refusal of certificationX
9.1.4**(IMDRF N59)**CAB to notify RAs within 5 days of decisions to terminate, reduce, suspend, reinstate, or withdraw marketing certification, along with rationaleX
9.1.5**(IMDRF N59)**CAB to notify RAs within 5 days of changes potentially affecting fulfillment of recognition requirementsX

Disclaimer

© Copyright 2024 by the International Medical Device Regulators Forum.

This work is copyright. Subject to these Terms and Conditions, you may download, display, print, translate, modify and reproduce the whole or part of this work for your own personal use, for research, for educational purposes or, if you are part of an organisation, for internal use within your organisation, but only if you or your organisation do not use the reproduction for any commercial purpose and retain all disclaimer notices as part of that reproduction. If you use any part of this work, you must include the following acknowledgement (delete inapplicable):

“[Translated or adapted] from [insert name of publication], [year of publication], International Medical Device Regulators Forum, used with the permission of the International Medical Device Regulators Forum. The International Medical Device Regulators Forum is not responsible for the content or accuracy of this [adaption/translation].”

All other rights are reserved, and you are not allowed to reproduce the whole or any part of this work in any way (electronic or otherwise) without first being given specific written permission from IMDRF to do so. Requests and inquiries concerning reproduction and rights are to be sent to the IMDRF Secretariat.

Incorporation of this document, in part or in whole, into another document, or its translation into languages other than English, does not convey or represent an endorsement of any kind by the IMDRF.

Please visit our website for more details.

www.imdrf.org

  1. Such evidence may also need to be forwarded to legal authorities for verification and/or for potential additional legal action. ↑

  2. See IMDRF/GRRP WG/N59 Clause 4.1 ↑

Content licensed under CC BY 4.0

Copyright © 2026 RASAAS