13
Apr
2023

Predetermined Change Control Plan

,
, ,
0
Predetermined Change Control Plan

The US FDA has a continuous challenge trying to ensure that regulations keep up with advancements in technology.  As with any new technology, manufacturers try and make the existing regulations applicable, while FDA assesses whether or not existing regulations are appropriate for the new technology.  This involves FDA collecting data to inform whether new and/or creative pathways should be developed and tested to better support the new technology safely coming to market so that patients can benefit. A great example of this is Software as a Medical Device (SaMD).

While most people have now heard or used the term SaMD, this was not always the case.  SaMD was first introduced in 2013 by the International Medical Device Regulators Forum (IMDRF), a club for regulators world-wide to share ideas and promote harmonization, when they started a working group spearheaded by FDA to address challenges regulators were experiencing in the regulation of software which met the definition of a medical device.  Of course, software in and as a medical device existed before 2013, but it wasn’t until FDA identified trends in recalls related to software that highlighted the risks around its use in and as medical devices, that FDA decided to work towards the new and creative pathways for software regulation.  This initial work resulted in the Pre-Cert program Pilot Program which launched in 2017 (This pilot program was subsequently completed in 2022.).

It was during this time that Artificial Intelligence and Machine Learning (AI/ML) were becoming hot topics, as more medical devices began utilizing AI/ML- based training.

In April of 2019, FDA published a discussion paper, Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SAMD) that shared FDA’s thinking on regulation of products that can learn in real-time while in commercialization.  And if these software products are learning, their performance is likely changing.  Of course that leads to the obvious questions:

How will the manufacturer of a continuously learning ML-based product monitor to identify performance changes?

How can the manufacturer control, or course correct, for something that is already “live”?

Predetermined Change Control Plan

The proposal in the discussion paper described controls for which manufacturers could provide clear documentation and planning of limited changes to be included in the submission to FDA. The discussion paper proposes several types of documents to describe these controls however, the Predetermined Change Control Plan (PCCP) is the breakout star of the discussion paper.

Since the release of the discussion paper, we have observed industry leveraging the thoughts and ideas that FDA shared in regard to the PCCP.  A well-documented and thought out PCCP, when reviewed as part of your regulatory submission, can provide flexibility for making certain pre-authorized product changes without a new 510(k) or PMA submission.  While changes to indications or intended use cannot be included in a PCCP, consider these types of modifications:

  • Modifications related to quantitative measures of AI/ML software function performance specifications.
  • Modifications related to device inputs to the AI/ML software functions.
  • Limited modifications related to the device use and performance within (e.g., within a specific subpopulation).

FDA issued a new draft guidance this week specifically addressing PCCP content, Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence/Machine Learning (AI/ML)-Enabled Device Software Functions, that is a progression on their thinking in regards to pre-market submissions of AI/ML-enabled devices.

The new guidance provides boundaries as to what should be considered when you are thinking through pre-specifying changes.  At a high level, these include:

  1. A detailed description of the specific, planned device modification(s).
  2. A Modification Protocol that describes the methodology to develop, validate, and implement the modification(s) ensuring the device continues to be safe and effective for the applicable patient populations. Things to consider:
    1. Data management practices.
    2. Re-training / Tuning practices.
    3. Performance evaluation.
    4. Necessary updates to internal procedures.
    5. Communication and transparency to users.
    6. Monitoring plans.
  3. An Impact Assessment to describe the risk/benefit of the planned modification(s) and risk mitigation(s).

If yours is a new product, without a lot of market data, it may be challenging to know prior to commercialization what types of changes to the product you will need or want to make.   But if this is an activity of interest, it is strongly suggested to collaborate with FDA through presubmission (Q-Sub) meetings regarding a proposed PCCP prior to submission.

FDA has a webinar that you can watch for more information.  We would be delighted to have a conversation with you regarding PCCPs and even assistance with creation of a plan specific to your product.  You can contact us via the form below or email me directly at Windi@SoftwareCPR.com.

Related post:  IMDRF Safety/Performance of Medical Devices/IVDs

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offering: Dec 3, 4, & 5, 2024 – 12:00 pm to 5:00 pm CET

Register Now

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.