Medical device manufacturers use various distribution strategies to market their products. In addition to direct sales and the use of sales partners (distributors), medical devices are also sold to third parties who then sell them under their own name and brand, thereby becoming the manufacturers of the medical devices from a regulatory perspective.
Until now, the appeal of the third sales channel, known as the OEM/PLM (original equipment manufacturer / private label manufacturer) approach, had been that the third party (PLM) – and subsequently its notified body – could refer to the certificates of the original manufacturer (OEM) in the course of the conformity assessment procedure according to Article 11, paragraph 7 of Directive 93/42/EEC concerning medical devices (MDD), as this made it possible to demonstrate that the fundamental requirements in accordance with Annex I MDD had been met without being in possession of the underlying evidence of the technical documentation. In Germany, the coordination group of the notified bodies (EK-Med) under the auspices of the Central Authority of the Länder for Health Protection with regard to Medicinal Products and Medical Devices (Zentralstelle der Länder für Gesundheitsschutz bei Arzneimitteln und Medizinprodukten – ZLG) has published Directive 3.9 B 16, in which the requirements for the certification of OEM products are described for different case constellations.
Within the scope of the new MDR, the previous Article 11, paragraph 7 MDD and the corresponding possibility of referring to the certificates of the notified body of the original manufacturer in the third party’s or product’s conformity assessment will no longer apply from 26 May 2020. The third party will be responsible for the conformity assessment. To verify the validity of the assessment, its notified body will usually want to see the complete technical documentation, including the previously “closed part” containing all trade secrets of the original manufacturer. Though associated with considerably more effort for the third party (PLM), it generally does not represent a problem as long as the original manufacturer is prepared to release all documents directly for evaluation by the PLM. However, both parties risk losing business if the original manufacturer is not prepared to give the third party full access to this technical documentation – which will probably be the case.
Diapharm now offers a flexible solution to this tricky legal problem in the form of its new Trustee Assessment Service.
Thanks to the Trustee Assessment Service, also known as Escrow Service, the original manufacturer of a medical device no longer has to provide the third party with the corresponding technical documentation (the development and manufacturing documentation) or the parts of such documentation that contain trade secrets. Instead, a trustee approved by both parties as knowledgeable and trustworthy in the matter is entrusted with the conformity assessment and management of the technical documentation.
On the one hand, the trustee takes over the technical review of the documentation as part of the conformity assessment for the third party, allowing it to prove with legal certainty that the fundamental safety and performance requirements in accordance with the MDR have been met. On the other hand, the trustee – acting on behalf of the original manufacturer – ensures that nobody but the relevant competent authority and notified body has access to the documents.
The regulatory foundation for this trustee service is provided by the MDR itself, with the trustee assuming the role of a conformity assessment body according to Article 2, paragraph 41, which states that the conformity assessment body is “a body that performs third-party conformity assessment activities including calibration, testing, certification and inspection”.
This term is not exclusively reserved for notified bodies, as indicated by the separate definition of the term according to Article 2, paragraph 42 MDR: “Notified body means a conformity assessment body designated in accordance with this Regulation.” The notified bodies therefore have the exclusive right to issue annex certificates in accordance with MDR and to thereby carry out inspections in the general regulatory interest. However, that does not prohibit other conformity assessment bodies from providing expert assessment and the verification of compliance with certain general safety and performance requirements in accordance with Annex I MDR on behalf of a manufacturer, nor does it prevent them from confirming to the manufacturer (in this case the third party) by means of an assessment report, assessment certificate or similar documentation that a specific requirement in accordance with Annex I MDR has been fulfilled.
A test laboratory that carries out biocompatibility tests in accordance with ISO 10993, for example, or a microbiological laboratory that conducts sterility tests both do exactly what has been described above. The signed reports from such testing laboratories are usually sufficient to demonstrate compliance with the relevant general safety and performance requirements. Until now, no one has expected raw data or photos of the incubation plates to be stored as part of the technical documentation as proof of sterility. The respective laboratories need to have been qualified by the medical device manufacturer to undertake such testing in accordance with the appropriate standards and are subject to regular supplier evaluation. They therefore constitute suppliers of the manufacturer, which in turn makes it possible for them to be audited by the notified bodies.
The same then also applies to the trustee who performs conformity assessment activities for the manufacturer. The trustee constitutes a supplier to be qualified by the manufacturer that possesses the necessary product expertise, based on which it assesses the original manufacturer’s “closed part” and confirms to the manufacturer by means of an assessment report and a certificate of compliance (CoC) that all MDR requirements have been implemented in accordance with the regulations. Responsibilities and the delimitation of responsibilities are governed contractually between the manufacturer and the trustee. It is also of particular importance that the trustee enter into a contractual agreement with the original manufacturer as well in order to ensure that any product changes are included in the manufacturer’s technical documentation.
The legality of the trustee model is also demonstrated by the introduction of a person responsible for regulatory compliance. According to Article 15, paragraph 2 MDR, microenterprises and small enterprises are not obliged to have a person responsible for regulatory compliance in their organisation but must ensure that they have permanent access to one. According to Article 14, paragraph 3a MDR, the compliance officer is responsible, among other things, for ensuring that “the conformity of the devices is appropriately checked” and, in accordance with Article 14, paragraph 3b MDR, that “the technical documentation and the EU declaration of conformity are drawn up and kept up-to-date”. These articles therefore also allow an external body to be commissioned to evaluate facts which are the manufacturer’s own responsibility.
Both the trustee and the external compliance officer are suppliers who, similar to a contract manufacturer, are ultimately attributable to the manufacturer themselves. Consequently, the services provided by these persons must also be regarded as having been provided by the manufacturer itself.
In addition to the expertise to perform the relevant assessment, the trustee must also have a qualified document management system (DMS) in place to enable it to evaluate and assess the technical documentation at all times and to make it available to the manufacturer’s notified body and the competent authority at short notice. Ideally, this DMS is a validated electronic web-based system that offers several advantages:
All of the MDR requirements regarding the conformity assessment and monitoring processes are thereby fulfilled, although the manufacturer still has no access to the documents.
Diapharm has been operating as a legal manufacturer on behalf of its customers based on its own ISO 13485 certification since 2005 and has implemented all necessary processes for assuming manufacturer responsibility. In addition, Diapharm has also had ISO 13485 certification for assuming responsibility as an EU authorized representative (EC Rep) for manufacturers based outside Europe since March 2019.
Product development, conformity assessment procedures and market monitoring are standard processes for Diapharm and have been adapted to the MDR.
Moreover, Diapharm has a qualified and validated IT solution that enables secure, logged access to precisely those documents that the competent authorities and notified bodies need to view – and no one else. To ensure this, Diapharm provides an IT platform that is both validated and CFR Part 11 compliant with regard to electronic signatures.
Thanks to the Diapharm service as a conformity assessment body, manufacturers can easily ensure that the technical documentation for all their medical devices are made available in their entirety to the notified body and the responsible authority – even without knowing the trade secrets of the original manufacturer (OEM).
Please contact us directly if you would like more details about the new Escrow/Trustee Assessment Service for medical devices.