Wednesday, January 07, 2004
Yesterday, I attended an all day presentation by Ed Kimmelman and John Gagliardi on the relationship between the US Quality System Regulation (21 CFR Part 820) for medical devices and ISO 13485, the international standard being adopted by most of the rest of the world. Because many US medical device manufacturers also export to international markets, it is important to comply with the international standard as well. Fortunately, as Ed and John point out, there is a very large degree of consistency between the US regulation and the international standard. Yet John and Ed pointed out where there are important differences, where the ISO standard goes beyond the US regulation, and vice versa.
Why is this relevant to enterprise systems? Because when conducting software validation it will be increasingly important to include the ISO standards as well as the US regulations as a source of regulatory requirements. That's my interest in this subject.
Today, I attended a workshop by Andrew Snow, from HEI, Inc., on risk management. Although Andrew's emphasis was primarily on analyzing and managing risks in medical device design and development, many of the same concepts are applicable when implementing and validating enterprise systems for intended use in medical device manufacturing. Too often, companies treat all features and functions of enterprise systems as equally important, when from a risk profile, there are enormous differences that should be reflected in the validation plan for each part of the system. For more critical areas, risk analysis tools such as fault tree analysis and failure modes and effects analysis (FMEA) can be useful in analyzing and managing such risks.
Down on the exposition floor, visitor traffic seemed to be picking up today, according to several exhibitors I spoke to.