GxP-Blog

Efficient Actions: With Adequate UDI Strategy and Cloud-Based Approach

Dr. Thomas Karlewski, Chemgineering
Patrick Pfau, p36

Regulatory authorities are setting a new standard for product safety in medical technology with the introduction of EUDAMED and other databases for collecting and publishing expanded medical device data. This leads to an unavoidable additional expense for data processing and distribution of medical technology products by medical product manufacturers. In addition, it requires the manufacturer to evaluate the implementation effort involved and to identify an efficient solution for the timely implementation of the requirements.

The need for monetary and human resources is increasing significantly as the demands on IT solutions become more and more complex. Traditional IT solutions may not be practical in the given circumstances. Therefore, it is important to critically evaluate, from one’s own point, the future viability of the currently used (software) solution for supplying the GUDID database to the FDA, in view of the additional data requirements of EUDAMED and other specific requirements of other countries.

It is known that within the next five years UDI databases will be introduced for most of the world's markets. Currently, the publication of the introduction guidelines for Europe / EUDAMED, China / CFDA and South Korea is pending. Other countries and regulatory authorities are expected to follow with country-specific requirements. The essence of the UDI requirements for the data elements to be transmitted is currently being determined by the UDI Guidance document published by the IMDRF (International Medical Device Regulators Forum) in December 2013.

The authorities of the respective markets have country-specific requirements for the data exchange procedure from the respective local database to their public database. For example, the EUDAMED database requires for certain free-text fields that a translated language version be stored in the database for each market in which the product is introduced. In addition, there are differences in key information: while in the FDA GUDID database only the Primary DI (e.g., GTIN) leads, the EU also introduces the concept of the basic UDI-DI. This identification number can in turn be assigned to several UDI Dis.

These differences mean additional maintenance costs regarding data maintenance, data storage and data exchange, and create new technical requirements that must be incorporated into existing solutions, in order to be able to deliver data to regulatory authorities other than the FDA.

The requirements that are sometimes published with extremely tight implementation deadlines, or changes by the regulatory authorities, aggravate the situation and require timely action. For medical products manufacturers, it is therefore essential to track, evaluate and implement new changed requirements by a regulatory authority - e.g. the FDA - with the use of many human resources and this is a necessary practice. As the number of UDI databases to be delivered increases, also the internal coordination efforts and the need for human resources required for the timely implementation of emerging requirements increases proportionally.

In order to meet the legal deadlines (EUDAMED 2021), it makes sense to make early decisions, select the appropriate software solution to support internal resources, and proactively respond to new requirements. The current IT solutions are considerably utilized for different data models, changed data validation rules and new data exchange processes. Resource requirements and needs in the expert departments (Quality / Regulatory Affairs in particular) and internal IT will continue to increase. In addition, the reporting costs increase for verifying which data was maintained, released and reported to which regulatory authority, when and by whom. Depending on the solution used, any change in the UDI process by a regulatory authority can imply a correspondingly large regression test for all UDI processes of the various regulatory authorities present in the IT system.

Due to the often poor planning of the necessary resources, due to the dependency on external specifications, the increasing support costs and the increased testing requirements for emerging changes, a so-called "Managed Cloud Service" by p36 provides the solution for the internal data maintenance and supply of the UDI data pools. Here it is important that a cloud solution can communicate as easily and securely as possible with existing ERP systems. This will ensure that existing data can continue to be used and the existing process can be integrated. With a subscription-based model for cloud solutions, the monetary side is much easier to plan, with a lower budget for support of the application and, in implementation projects in particular, for connecting other regulating authorities.

The operator of the cloud solution has to ensure that the current requirements of the regulatory authorities are mapped in the system. This does not hinder manufacturers from exceeding compliance deadlines or delayed market introductions. The cloud solution is deployed in a cloud operator's data center and offers the benefit of an independent development and maintenance cycle.

In addition to the advantages mentioned, the corresponding requirements for validation must be taken into account when introducing a new (cloud) solution. Therefore, it is essential that the “managed service” not only includes the operation of the cloud solution, but also actively supports the medical product manufacturer in introducing the solution. This provides regulatory protection for the process landscape (see, for example, ISO/TR 80002-2: 2017-06, AAMI TIR 36: 2007). Also, in the further operation (e.g. when connecting another regulatory authority) support in the field of process validation must be offered. Cloud solutions are increasingly being used in the regulated environment, so that you can get rid of most of the above-mentioned problems by switching to a managed UDI platform as a cloud solution.

5 Years of UDI. And many more countries are starting. Only the following is still not clear: which authority demands what, when and how? And how can you keep up with your processes?

Main points of pressure:

• When will the Implementation Guides be published?
• There are different requirements and tight deadlines by different authorities.
• There is the danger, due to constant changes, that one will miss something.
• More costs and efforts are required, due to more interfaces, updates and maintenance and development.
• How do you ensure compliance during the entire operation?

You need a dynamic solution!

For example: a cloud-based UDI solution from p36

• A cloud-based Managed UDI-Platform allows a faster and simpler implementation of regulatory requirements through the provider.
• New interfaces are managed through the platform operator.
• Your data remains your data. The provider supports you with the mapping in the respective data model of the authority.
• Your processes remain your processes. Your existing processes are linked to the UDI processes of the cloud platform.
• Changes in requirements are implemented and clients are proactively informed.

The introduction of a cloud solution in the regulated environment must be well planned. Together with the solution provider, the requirements are analyzed, actual and target processes are drawn up and a concrete implementation plan is derived.

The Concept

What must be considered when implementing a cloud solution?

Analysis of requirements

• What are your key requirements?

• What framework requirements must be observed?

Process definition

• How have master data been managed so far and how will they be managed in the future?

• Will the existing processes interact with the UDI Platform?

Planning the Introduction

• What organizational changes are becoming necessary?

• What technical requirements must be implemented?

Planning the Validation

• Is your Validation Masterplan cloud-ready?

• Which documents / SOPs must be adjusted?

The introduction has a technical / organizational and a technical level. Through a best practice approach, the necessary steps on both levels succeed with ease.

The Implementation

Connect the worlds and adjust the solution to your needs.

Connecting Landscapes

• Connect your existing ERP systems with the cloud solution.

Configuration of the platform

• Configure workflows, user management and surfaces according to your desires.

Definition of Data Sources

• Use your existing master data also in the cloud solution in order to reduce additional work.

Training

• Take your employees from the technical units and in IT/Support with you on the trip to the cloud.

For the introduction of the software solution a validation package is defined:

• The general qualification and validation concept

• The results of the software and provider qualification

• Proposals for qualified operation / use of the solution in customer environment

A CSV approach adapted to the UDI solution and to the specific requirements of the medical device industry, in order to:

• Introduce and operate an UDI solution in compliance with regulations,

• Be able to meet requirements in Europe and overseas,

• Operate the UDI solution and feel confident about audits and reviews.

The Package includes:

• Supplier-Audit and preliminary test of the software development

• URS model

• Validation plan

• Risk Analysis

• Trace Matrix

• Test templates for installation evidence, functional evidence and acceptance tests

• Ready-made reports for installation, functional test and acceptance test

• Examples for User SOPs (Administration, Change Control, Data Security, Disaster Recovery, SLA Monitoring)

Additional Options are e. g.

• Validation trainings

• Expanded CSV Support, e. g. for tests, in risk analysis

• Creation of specific SOPs

• CSV Support for Updates and Retests

Processes, Data and Surfaces:

• Modern, browser-based user interface with adaptive user guidance
• User Interface Editor based on data models of regulatory authorities
• Data derivation from existing master data
• On-the-fly data validation
• Freely configurable workflows for approval processes
• Comprehensive reporting
• Visualization of the process chain
• Exportable for Audit Reporting

Operation:

• Operation in the Cloud with standard connections to your on-premise landscape
• Software-as-a-Service: ongoing maintenance, care and provision of necessary updates by the software supplier
• 2-system landscape for productive environment and quality assurance
• Data storage in a secured cloud environment
• Integration in your existing ERP processes (e.g. SAP)