medical device udi compliance in the cloud
TRANSCRIPT
www.kpit.comwww.usdm.com
Medical Device UDICloud Solution
© KPIT Technologies Limited
Introductions
Jay CrowleyVice President of UDI
Services and Solutions at USDM Life Sciences
John Danese VP and Senior Director of Life Sciences Strategy at
KPIT
Deepak GuptaGlobal Practice Director & Chief Architect, Oracle
MDM Practice at KPIT
Jim MacDonnell Vice President at USDM
Life Sciences
© KPIT Technologies Limited
Agenda
Current state of Unique Device Identification in the Medical Device industry
The KPIT UDI Cloud Solution
Validating SaaS
Discussion
© KPIT Technologies Limited
UDI Current StateFDA’s 2013 UDI Final Rule
© KPIT Technologies Limited
US FDA’s UDI System Regulation
2013 Final rule (from 2007 FDAAA 2012 FDASIA)• Requires nearly all medical devices (as defined in the
US) to be UDI compliant. • Requires use of UDI in manufacturer’s other regulatory
systems – e.g., recalls, complaints, adverse event reporting.
• Multiple steps and phased Implementation
First Step – Labels and Device Packages:• Assign Device Identifiers (DIs) to all devices (labels) and
their higher levels of packaging – based on chosen Issuing Agency (GS1, HIBCC, ICCBBA)
• Standardize date format(s)• Apply UDI (DI + applicable Production Identifier(s)) to
label and packages – in both AIDC and HRI (plain text)
© KPIT Technologies Limited
US FDA’s UDI System Regulation
The Medical Device Label:Device Identifier (Device XYZ123)Production Identifier (Lot #ABC)Expiration date (YYYY-MM-DD)
Manufacturer(Labeler)
Web based tool (name/PW)
HL7 SPL (direct, ERP, PLM)
3rd Parties (GDSN, Reed)
BusinessRules
FDA’s GUDID
For each Device Identifier
CommercialDistribution
FDA Managed
Public User Interface
Second Step – GUDID Data1. Identify, collect, transform, normalize,
and verify source data2. Store in extensible solution3. Submit manually or use of an
electronic tool through ESG4. Manage as updates (e.g., new 510ks)
and changes (new GMDN PT) are made to the device
© KPIT Technologies Limited
US FDA’s UDI System Regulation
Third Step – Direct MarkingAny device that is subject to the UDI label requirement – must ALSO have a “permanent marking” providing the UDI if:• The device is intended to be used more than
once• Intended to be reprocessed before each use
Example Technology Solutions:• Direct Part Marking• “Permanent” label• Tags• RFID• Exception built-in to rule; noted in
design history file • Has implications for GUDID
Any device that is subject to the UDI label requirement – must ALSO have a
“permanent marking” providing the UDI
© KPIT Technologies Limited
US FDA’s UDI System Regulation
Fourth Step – Implement Quality System and Conforming Amendments• Develop new SOPs/WIs• Use of barcode verification• Updates and changes to current processes and
systems• Any necessary validation activities• Training• Use of UDI in these systems and processes
• Part 803: Medical Device Reporting
• Part 806: Corrections And Removals
• Part 810: Medical Device Recall• Part 814: Premarket Approvals• Part 820: Quality System
Regulation• Part 821: Medical Device
Tracking • Part 822: Postmarket
Surveillance
© KPIT Technologies Limited
US FDA’s UDI System RegulationFourth Step – Implementation• September 24 of:• 2014: label/package and GUDID for class III and PHS Act licensed devices• 2015: label/package, GUDID and DM for class II/I implants and life-
supporting/sustaining devices• 2016: label/package and GUDID for the rest of class II devices• 2016: Non-sterile implants – UDI at the point of implantation• 2016: DM for class III devices• 2018: label/package and GUDID for class I devices• 2018: DM for class II devices• 2020: DM for class I devices
© KPIT Technologies Limited
KPIT UDI Cloud Solution
© KPIT Technologies Limited
Digital Transformation is driving the need for higher quality data on the 3rd Platform
The 3rd Platform is the new core of IT market growth• Distributing data across cloud silos and devices• Social media distribution of positive and negative
sentiment• The network perimeter has disappeared
By the end of 2017, two-thirds of Global 2000 enterprises will have a digital transformation at the core of their strategy• Innovation accelerators will rely on high quality
data for success
Data is at the core of digital transformation. Data without integrity won’t be able to support digital transformation initiatives.
IDC Perspective
© KPIT Technologies Limited
Web siteEBS Salesforce
FutureApp
MainFrame
P R O D C
U T PU TU
T
Up to 70% of PRODUCT data is
buried in documents and reports in
various functional silos, if it exists in electronic format, at
all.
SAP JDE
RepairsSpreadsheet
Legacy
To this….
P R O D U C T
Single Source of Truth for Product Data
Escape from this….Data Availability and Quality are Big Challenges for UDI Programs
© KPIT Technologies Limited
Scattered and Inconsistent Product DataNot Just a Data Problem…A Business Process Problem
ERPTransformatio
nMigration Upgrades
GovernmentCompliance
and RiskManagement
Omni ChannelCommerce
Product Distribution
TimelyResponse
to CustomerQueries
Planning and
ForecastingReports
CustomerSatisfaction
andRetention
New Product Launches
© KPIT Technologies Limited
Why Adopt an MDM Approach vs. Outsourcing
14
Single System of Truth for UDI-Related DataImproved Data Quality and GovernanceRevenue Generation & Customer
Retention Global Compliance Ready
Single system of truth for managing UDI attributes
Clearly defined accountability of respective departments on entering required UDI information
Governance to ensure UDI Data completeness
Maintain compliance with mergers & acquisitions
Leverage enterprise data quality solutions
Automated data classification & mapping
Maintain multiple DI x-refs: Catalog, DI, GTIN, HIBCC, etc.
Auditability to track UDI attribute changes
Automate UDI data enrichment rules across the enterprise
Single-source for e-commerce to improve up-sell and cross-sell opportunity visibility
Enable differentiated product service offerings
Maximize first-time right product deliveries
Accelerate new product introductions
Scalable to handle future changes for UDI attribution and validation
Flexible to incorporate multiple future global data requirements
Store multiple format (language) UDI attributes
21 CFR Part 11 compliant
IT Agility Accelerate new
IT projects Quickly
understand change implications on BOMs
Audit Logs for UDI Compliance
© KPIT Technologies Limited
Extra
ct
Cleanse Consolidate Categorize CommunicateProduct Data
Inte
grat
ion
Serv
ices
Any ProductData Sources
Legacy
Integration
Services
Product Master Data Cloud
KPIT UDI Cloud Solution
Cleanse & Synchronize
Single Source of Truth
Zero Technology Overhead
Built for Purpose Open and Extensible Labeling
Data Pools
Regulatory
E-Commerce
© KPIT Technologies Limited
Extra
ct
KPIT
iLin
k
Any ProductData Sources
Legacy
KPIT iLink
OracleProduct Data Hub Cloud
KPIT UDI Cloud Solution
KPIT P-DaaS
Single Source of Truth
Zero Technology Overhead
Built for Purpose Open and Extensible
Cleanse Consolidate Categorize CommunicateProduct Data
Labeling
Data Pools
Regulatory
E-Commerce
© KPIT Technologies Limited
Path to Cloud – Deployment Recommendations
Consolidation StyleItem Creation/ Maintenance to continue in SourcesProduct Hub Cloud for Consolidation and Enrichment
Centralized Style Item Creation/ Maintenance in Product Hub ERP is one of the consumers of Clean data
Phase 1
Phase 2
© KPIT Technologies Limited
KPIT UDI Solution - Rapid Implementation Model
Project Planning
Discovery and Design
Demo Based Requirement Gathering
Fusion Cloud Environment- Access
Build and CRP
Import Metadata/ Item Data Using KPIT Accelerators
Setup- Apply UDI Pre-Built Template
Configure NIR, Workflows, Rules
Configure Imports and Publish
Data Cleansing and Conversion
iLink Integrate to ERPs/FDA
Testing and CRP
Fine Tuning Setup
Go-Live
UAT
Production Deployment
Go- LiveGather Product Data
Gather Product Metadata
Gather UDI enrichment Workflows
© KPIT Technologies Limited
This is the Right Strategic Solution IF You…
• Are a Class I device manufacturer that needs to get UDI compliant
• Are a Class III or Class II device manufacturer that has a tactical solution in place, but now are looking for a long-term solution that delivers ROI
• Are looking for a platform approach to support needs beyond FDA UDI compliance – e.g. UK NHS Procurement GS1 compliance and GDSN data sync mandate
• Are limited in your ability to drive customer engagement initiatives by device master data scattered across multiple ERP, PLM, CRM and other systems
© KPIT Technologies Limited
USDM Cloud Servicesfor KPIT & Oracle
Validating in the Cloud
© KPIT Technologies Limited
1. 21 CFR Part 11? Compliance?
Validation? These are critical to each of us.
2. Is Life Sciences ready for Cloud Apps supporting regulated functions – YESIt is no longer if; it is when!
3. How are these addressed on a Cloud project – specifically by Oracle, KPIT and USDM.
4. How KPIT's UDI Cloud Solution meets FDA compliance regulations and is “validation ready”
5. Most importantly how does KPIT and USDM mitigate the risks with prescribed rollouts of new functionality in a multi-tenant environment.
Cloud Validation
© KPIT Technologies Limited
The USDM Life Sciences Cloud Practice helps life sciences companies assess, implement, develop, and support
compliant cloud computing solutions.
• Cloud Application Implementation and Development• Mobile
• Integration • Cloud Strategy for Life Sciences• Data Migration
• Security and Data Integrity Solutions
• Training and User Adoption
• Communities and Self Service • Field Service• UDI
USDM Cloud Development Practice
© KPIT Technologies Limited
USDM Cloud Development Practice
• When it comes to an application that affects patient health and safety, companies must have that application’s infrastructure, features, and processes rigorously tested and documented as mandated by the FDA. We must have “documented evidence that the system does what the users need, and will continue to do so.”
• 21CFR (Code of Federal Regulations) Part 11(electronic records and eSig), Part 803 (reporting), and Part 820 (quality systems)
• When it comes to Oracle and the KPIT Cloud Solution releases, new features in areas such as security and reporting must be tested and documented.
• Oracle, KPIT and USDM facilitate validation to the extent accepted within Industry Best Practice – “only the end user (client company) can validate an application.” KPIT and USDM Life Sciences supports clients to this end.
© KPIT Technologies Limited
VALIDATION
CloudUDI
© KPIT Technologies Limited
Why the VAP is business critical?• Reduces validation costs by 50% or
more• Accelerates validation execution• Specific to Oracle• Pre-load test scripts (IQ/OP/PQ)• Maintain validation in the Cloud
The USDM Oracle VAP includes:
Vendor Audit
Part 11 Assessment
Validation Plan
Administration and
Maintenance SOP
High Level Risk
Assessment
System Requirement
s Specification
IQ/OQ/PQProtocol and Test Scripts
Traceability Matrix
Final Validation
Report
USDM VAP (qualification package – updated validation and verification
protocols per release)
USDM Validation Accelerator PacksApplication specific, standardized approachFully Integrates with the SDLCProvides sensible framework for ongoing validationAssure acceptable levels of compliance (based on
GAMP5)Minimize the cost of total compliance ownership
USDM Validation Accelerator Packs
© KPIT Technologies Limited
USDM Cloud Validation
• Phase 1 – Plan• Phase 2 – Requirements
– USDM Validation resource begins validation plan and SRS
• Phase 3 – Design– Design Specification– Validation analyst creates framework
for config spec/IQ protocol• Phase 4 – Build
– Complete config spec– Creating OQ protocol
• Phase 5 – Test– Move from dev to QA– IQ execution and approval– OQ execution and approval– PQ execution and approval
• Phase 6 – Deploy– Move of QA to Production– Production IQ execution and
approval– Summary Report to release
system• Phase 7 – Maintain and
Support
USDM Life Sciences validation process is integrated in KPIT’s Onboarding, Configuration and Turn-over to Production Methodology
© KPIT Technologies Limited
• GAMP® 5 recommended practice - preparing and leveraging supplier’s activities to enhance your own quality practices and project methodologies.
• As can be seen below, are key concepts of the guidance.
USDM Cloud Validation: Helping the App Vendor
© KPIT Technologies Limited
Compliant Cloud Systems…
There are 3 stages in the selection, establishment and maintenance of compliant Cloud Systems…Number 1 – Supplier Responsibility for Infrastructure – Selecting the right supplier is key
o Establish a robust, meaningful SLA – people, process, technologyo Perform annual Vendor Audits - Infrastructure qualification, system
administration, backup and recovery processes, system redundancies, security policies, encryption policies, communications processes
© KPIT Technologies Limited
Number 2 – Functional Qualification and Validation o Perform Risk Based Validation…o Continue to leverage your Supplier Activity - Leverage the established supplier
processes to eliminate the need to re-do any qualification on “Low Risk” itemso Validate remaining requirements - according to inherent risk following an approved
Risk Management and Testing Strategy.
Compliant Cloud Systems…
© KPIT Technologies Limited
Compliant Cloud Systems…
Number 3 – Maintaining the Compliant Stateo Maintaining a compliant state – in a constant state of flux
o Cloud Vendors/Third Party Providers/Internal analysis of releases o Analyze each set of release notes – functional updates, service packs, bug fixeso Determine the risk relevance (GxP function, risk, items effected/potentially
effected)o Mitigate risk – new testing/regression testing
© KPIT Technologies Limited
USDM’s Validation Accelerator Pack –
Verifies Core Configuration and
Scheduled Release Notes
Valid
atio
n Pl
an fo
r Cor
e Sy
stem
(b
asel
ine
confi
gura
tion)
Core System Requirements
Verification activities (IQ/OQ)
VerifiesCore System Validation
Summary Report
Administration and Maintenance SOP’s
Core System Change Control
Oracle KPIT Solution “Core” Platform
Release NotesCore System Baseline ConfigurationOracle Deliverable –
Part of Customer Validation Package
USDM Cloud Compliance Practice – Platform/Core
© KPIT Technologies Limited
Valid
atio
n Pl
an -
Cust
omer
Spe
cific
Confi
gura
tion
and
Cust
omiza
tion
Customer Functional
Requirements
Verification activities
(IQ/OQ/PQ)Verifies
Customer Validation Summary Report
Administration and Maintenance SOP’s
Customer Configuration Management and Change Control
Customer Specific System Elements
System/Functionality Released
Customer Specific Configuration/Customization
Functional Risk
Assessment
Customer Deliverable – part of Customer
Validation Package
USDM Cloud Compliance Practice – Customer Specific
© KPIT Technologies Limited
Why USDM and KPIT?
Strong Life Sciences domain expertise
Experience with a Life Sciences company’s current systems, processes, and challenges
A integrated “validation” approach to Oracle and the KPIT Cloud Solutions
Existing Oracle and UDI Validation Accelerator Packs (VAPs)
© KPIT Technologies Limited
Questions
Technologies for a better world
Thank you
© KPIT Technologies Limited
User Requirements Specification Functional Design Specification
Technical Design Specification Configuration
Settings
Audit Plan
Performance Qualification ( PQ) Operational Qualification (OQ) Installation Qualification (IQ) Maintenance QualificationTraceability Matrix
Validation Deliverables:• Project Plan• Quality Plan• Documentation Lifecycle• Configuration Management• Change Control
• Incident Management / Disaster Recovery• SOPs and Training Records• Operation Support Plans and Procedures• Testing Strategy, Plans, Results• Audit Plans and Results
Initiation to Build Transition to Production
The “V” Diagram
Deliverables typically provided by customer/userDeliverables a SaaS provider may provideDeliverables SI, Validation Partner may provide
Components for Pharma, Biotech, Medical Device Computer Validation
05/03/202333