Artificial Intelligence and Machine Learning Workflow Driving Innovative Medical Device Development

Posted by on 9:37 am in BLOG, FDA Updates | 0 comments

Artificial Intelligence and Machine Learning Workflow Driving Innovative Medical Device Development

In 2011, Marc Andreessen, a venture capitalist, stated “Software is Eating the World”. Ten years later, software development has accelerated and expanded  industries that could not have been imagined a decade ago. Automated medical devices are central to this phenomenon and complex software programs with increasingly advanced algorithms are designed to operate with hardware in order to fulfill its intended use.  These innovative medical devices are adopting Artificial Intelligence and Machine learning (AI/ML) and Software as a Medical Device or SaMD, where software programs run one or multiple algorithms usually paired with a device or computer which is the main component of a device in the goal of treating, diagnosing, driving or informing clinical management regarding an illness or disease.

The typical regulatory framework assumes that once a medical device is approved (Class 3) or cleared (Class 2) by the FDA, that the configuration and performance of the device is consistent and that any significant software change will require a new regulatory submission as it changes the risk profile of the device. However, in the case of automated machine learning algorithms the power and key feature is that these AI/ML-based SaMD lies within the ability to constantly learn and adapt its algorithm based on new data and real-world experience. The FDA has realized that these adaptive AI/ML SaMD really do not fit within the normal paradigm of medical device regulation and instead a total product lifecycle (TPLC) approach that works within a rapid product improvement cycles as well as maintaining effective safeguards for the device.

The TPLC in summary is designed to allow for ongoing algorithm changes so long that they are implemented according to pre-specified performance objectives, follow defined algorithm change protocols, utilize a validation process that is committed to improving the performance, safety, and effectiveness of AI/ML software, and include real-world monitoring of performance. Figure 2 is a visual representation of the TPLC System.

Like all aspects of the FDA’s oversight, priority and focus is risk based, with two main areas of focus: 1) Significance of information provided by the SaMD to the healthcare decision and 2) State of healthcare situation or condition

The TPLC is based on set principles to ensure that AI/ML-based SaMD is as safe an effective as possible, they include:

  1. Establishing clear expectation on quality systems and good Machine Learning Practices (GMLP);
  2. Conduct premarket review for those SaMD that require premarket submission to demonstrate reasonable assurance of safety and effectiveness and establish clear expectations for manufacturers of AI/ML-based SaMD to continually manage patient risks throughout the lifecycle;
  3. Expect manufacturers to monitor the AI/ML device and incorporate a risk management approach and other approaches outlined in “Deciding When to Submit a 510(k) for a Software Change to an Existing Device” Guidance in development, validation, and execution of the algorithm changes (SaMD Pre-Specifications and Algorithm Change Protocol); and
  4. Enable increased transparency to users and FDA using postmarket real-world performance reporting for maintaining continued assurance of safety and effectiveness.

Devices that rely on AI/ML are expected to demonstrate analytical and clinical validation, as described in the SaMD: Clinical Evaluation guidance (Figure 3). The specific types of data necessary to assure safety and effectiveness during the premarket review, including study design, will depend on the function of the AI/ML, the risk it poses to users, and its intended use.

FDA’s main focus with this methodology is to ensure the definition and executing of proper change control through planning and coordination. The predetermined change control plan would include the types of anticipated modifications which include SaMD Pre-Specifications (SPS) which are based on the retraining and model update strategy, and the associated methodology. These are the anticipated modification to the “performance” or “Inputs” or changes related to the intended use of the device of the AI/ML-based SaMD. Essentially, this is what the manufacturer intends the algorithm to become as it learns.

Additionally, an Algorithm Change Protocol (ACP) needs to be in place as those changes are implemented to allow for change control that manages risks to patients. The ACP is a step-by-step delineation of the data and procedures to be followed so that the modification achieves its goals and the device remains safe and effective after the modification. On overview of an ACP is in Figure 4.

As mentioned earlier, regarding changes to the SaMD at the early development and initial reviews with the agency, but there is further work and diligence required once the SaMD has received marketing authorization from the FDA. Any further modifications, must go through the FDA’s software modifications guidance, to determine if the changes are outside of the agreed upon SPS and APC, or of the intended use changes with the modifications. In both these are true a new premarket review cycle would be necessary, if not then a revised SPS and APC and review with the agency would be the likely outcome.

In order to fully adopt a TPLC approach in the regulation of AI/ML-based SaMD, manufacturers must work to assure the safety and effectiveness of their software products by implementing appropriate mechanisms that support transparency and real-world performance monitoring. This could include programs that help explain the methodology of the algorithm by reverse engineering its decisions or real time data feeds displayed on a dashboard for visibility and further understanding by interested parties. Transparency about the function and modifications of medical devices is a key aspect of their safety. Transparency may include updates to FDA, device companies and collaborators of the manufacturer, and the public, such as clinicians, patients, and general users.


  1. Proposed Regulatory Framework for Modification to Artificial Intelligence/Machine Learning (AI/ML)- Based Software as a Medical Device (SaMD) – Discussion Paper and Request for Feedback. Food and Drug Administration.


TPLC – Total Product Lifecycle

AI/ML– Artificial Intelligence and Machine learning

SaMD – Software as a Medical Device

SPS – SaMD Pre-Specifications

ACP – Algorithm Change Protocol

An Overview of FDA Inspections across Drugs, Biologics and Medical Devices

Posted by on 1:35 pm in BLOG, How-To | 0 comments

An Overview of FDA Inspections across Drugs, Biologics and Medical Devices

The Food and Drug Administration (FDA) primary responsibility is the enforcement of the Federal Food, Drug and Cosmetic (FD&C) Act that tasked the agency with protecting and promoting public health and authorized the “legality of an FDA inspection, conducted at a reasonable time, within reasonable limits, and in a reasonable manner, depends not on consent but on the validity of statutory authority.” (Compliance Policy Guide Sec 130.100) This means that FDA does not require consent to conduct an inspection and that any firm that registers with the FDA for the manufacture of either Drug, Biologics or Medical Devices will likely be subject to an inspection at some point. The U.S. Food and Drug Administration’s Office of Regulatory Affairs (ORA) is the lead office for all agency field activities. ORA inspects regulated products and manufacturers, conducts sample analyses of regulated products and reviews imported products offered for entry into the United States.  ORA operates on a risk-based approach, meaning they will prioritize their inspection schedules on those higher risk regulated products that may adversely affect public health, such as Pre-Market and Pre-Clearance inspections for Class III medical devices and Pre-Approval Inspections for sterile pharmaceuticals & biologics.  Lower risk products are most likely not inspected in a biannual frequency- due to the lack of resources:  See –

On January 31, 2020, Health and Human Services (HHS) issued a declaration of a public health emergency related to COVID-19 and mobilized the Operating Divisions of HHS. In addition, on March 13, 2020, the President declared a national emergency in response to the COVID-19 pandemic.

As a result,  FDA prioritized their focus on regulated products that will help address the COVID-19 crisis through the Emergency Use Authorization or EUA process (See EUA blog post) as well as other regulatory approvals and pathways that fast track effective COVID-19 solutions to the market. Because of this, as well as the fact that physical inspections are currently out of the question due to COVID transmissibility, as of March 18, 2020 FDA inspectors have postponed most foreign facility inspections and all domestic routine surveillance facility inspections. However, this does not mean that they will not resume and that any firm should loosen or forgo good manufacturing practices, FDA can and is still issuing warning letters and other enforcement actions such as disbarment, seizure or a recall and the outcomes can be severe and crippling to a business that receives them.

It is critical to understand that the types and methods of inspection differ whether a firm manufactures, imports or distributes pharmaceuticals, biologics or medical devices, in the next section will go into the unique differences of each.

There are 4 types of Drug Manufacturing Inspections:

The first type of pharmaceutical inspections is “Surveillance”  which are initial or routine biennial (every two years) inspections once a facility is up and running that cover actual conditions and practices, these can either be a full inspection which entails a verification of the four of the CGMP (Current Good Manufacturing Practices) systems (with Quality being mandatory) which are: Quality, Facilities & Equipment, Materials, Production, Packaging and Labeling and Laboratory Control Systems. The other Surveillance Inspection is an Abbreviated option which is only when a firm has a record of CGMP compliance and will cover usually two systems, one of which must be the Quality System.

Second is “Compliance” or “State of Control” which occur following a regulatory action taken and is usually a re-inspection to ensure compliance when significant changes in a firm’s personnel or operations have occurred, or if there is doubt about a firm’s GMP compliance. A firm is considered out of control if any one system is out of control. A system is out of control if the quality, identity, strength and purity of the products resulting from one or more system(s) cannot be adequately assured, this is indicated by documented CGMP deficiencies.

Third is “For Cause” which is a subset of compliance inspection which includes: follow-up compliance inspections to verify corrective actions after a regulatory action has been taken, or is regarding specific events or information such as field alert reports, industry complaints or a recall that bring into question the compliance of a facility or practice.

Last is the “Pre-approval” inspection which is required before any NDA is granted for a new drug. These inspections focus on Product development documentation, biologic/clinical batch manufacturing, the proposed manufacturing process, operational procedures, and batch records and the analytical method development.

The role and focus of these inspections are to examine system-wide controls that ensure manufacturing processes produce quality drugs and abide by CGMPs as per 501(a)(2)(B) of the FD&C Act, and if not, to provide input to firms to improve their compliance with regulations. If guidance is not followed then the agencies responsibility is to prevent adulterated products from entering the market and to act to protect public safety through legal or regulatory actions.

Biologics Manufacturers have a different set of inspections that include:

The compliance program of the Center for Biologics Evaluation and Research (CBER) provides two options for Biologics Manufacturers:  Level I or Level II inspections, both of which fulfill the biennial inspection requirement. Note that CBER-regulated biological drug products include fractionated blood and their recombinant analogues; antitoxins; allergenic products; vaccines; products of manipulated, cultured or expanded human cells, and gene therapy products that introduce genetic material into the body to replace faulty or missing genetic material.

 The Level I or Full inspection is meant to be a full evaluation of an establishment’s compliance with applicable CGMP requirements. They can apply in all of the following situations: Initial GMP inspection, firms that have a history of compliance problems, compliance follow-up inspections, for firms that are under a consent decree, permanent injunction, notice of intent to revoke, or after two previous inspections under the Level II option. The Level I option includes an in-depth audit of the three critical elements (procedures, training/personnel and records) in at least four of the systems, one of which must be the Quality System. Note that the Systems are similar to the systems inspected in the Drug inspection process, with the addition of the Donor Eligibility System, which includes the measures and controls that are related to determining the eligibility of a donor of allogeneic and family-related allogeneic HCT/P (Human Cells, Tissues, and Cellular and Tissue-Based Products (HCT/P’s) products, including donor screening and testing.

A Level II or Abbreviated Inspection is focused on surveillance CGMP inspection that covers two of the key systems and can include reviewing and substantial to the facilities, manufacturing process, equipment, or other license supplements since the last inspection. The Level II inspection includes an in-depth audit of the three critical elements (procedures, training/personnel and records) of the Quality System and one additional system, which is determined during work planning. In successive inspections coverage of additional systems will be rotated in, unless there are issues identified during the current or previous inspection.

CBER’s responsibility and role in these inspections is to ensure biological products are safe and effective, and follow FDA guidelines and other applicable laws and regulations including CGMPS. Biological drug products are subject to both the drug CGMPS (21 CFR Part 210 and 211) and the Biologics regulations (21 CFR Parts 600-680) and are held to any commitments of their FDA-approved biologics license application (BLA). In total these inspections are necessary to reduce the potential risk of adulterated or misbranded biological drug products reaching the marketplace.

Types and Priorities of Medical Device Quality System Inspections

Medical devices inspections target manufacturers of Class II and Class III devices utilizing a risk-based methodology. The agency uses the risk-based model below to determine which firms to inspect and in what order to ensure they meet their internal FDA performance goals and allocate resources accordingly to ensure the highest level of safety across the industry.

  1. Pre-Market and Pre-Clearance inspections under MDUFMA (Inspections of manufacturers of devices with a pending PMA approval will be assigned under the PMA Compliance Program 7383.001)
  2. Manufacturers of Class III devices that have never been inspected
  1. Compliance Follow Up/For Cause Inspections
  2. Manufacturers of high-risk devices which can be identified by:
    1. Special Assignment from CDRH;
    2. Devices with a higher frequency of recalls and MDRs;
    3. Devices that are driven by software and those with rapidly evolving technological changes. Both of these types of devices are subject to rapid and potentially poorly controlled modifications that could affect their continued safety and efficacy; or,
    4. New devices that have not been manufactured and distributed for very long.
  3. Single Use Device Re-processors: Hospital re-processors and third-party re-processors.

Highest priority should be given to MDUFMA assignments and those Class III device manufacturers that have not been previously inspected. The high-risk device category noted in 4) above, lists suggestions to inspectors on how to identify firms for surveillance inspections based on a risk model. The Quality Systems regulation can be grouped into seven subsystems, with four being foundational to a firm’s quality system: Management Controls, Design Controls, Corrective and Preventative Actions (CAPA), and Production and Process Controls (P&PC). Medical Device Reporting (MDR), Corrections and Removals, and tracking requirements (where applicable) should be covered when covering the CAPA system. The three remaining subsystems are included across the quality management system and cover Facilities and Equipment Controls, Materials Controls and Document/Change Controls.

Medical Device Inspections have three levels of Inspections as well as two Special Inspections, however unlike the Biologics Levels of inspection, a level I medical device inspection is the abbreviated version, focusing on CAPA, Production and Process Controls or Design Controls. These Level I inspections may be used for routine surveillance and initial inspection of Class II medical devices manufacturers. Level II inspections are comprehensive inspections which cover all four major quality subsystems and are performed for all initial inspection of Class III device manufacturers and where possible higher risk Class II device manufacturers. Additionally, these Level II inspections are done for foreign inspections, or when an inspection, which started as Level I, reveal conditions or information that warrant a deeper inspection that Level I could not properly investigate.

Level III inspections are compliance follow-up to a Level I or Level II inspection and are to ensure that major deficiencies identified in prior inspections which are marked as Official Action Indicated (OAI) are resolved and addressed. The focus of the inspection is to ensure that adequate corrective actions to the problems identified in a prior inspection are addressed, if not then legal actions will be pursued for non-compliance. The first of the Special Inspection types is For Cause Inspections which are initiated from; results of a sample analysis, observations made during prior inspections, a recall or market withdrawal, a customer or employee complaint, adverse reaction report or suspicion of fraud. The second type is Risk Based Work Plan Inspections is a program developed by the agency to utilize science-based risk management to select and prioritize the facilities and medical devices to provide the most health promotion and protection to the public at the least cost. These work plan inspections are initiated at the request of CDRH based on their data analysis to make informed risk management decisions.

There are multiple objectives of these Medical Device inspections, first is to ensure compliance and proper implementation of Quality systems and to identify domestic or foreign manufacturers who are not in compliance with the Quality System Regulation. The second and third objectives are to identify manufacturers who are not reporting information to FDA in compliance with the Medical Device Reporting (MDR) and the Medical Device Tracking regulation. Fourth is to identify manufacturers and distributors who are not in compliance with the Corrections and Removals (CAR) regulation and bring them into compliance. The final objective of CDRH with these inspections is to identify and correct firms that are not in compliance with the Registration and Listing regulation and requirements.

Due to the nature and the complexity of managing and handling these site audits, as well as ensuring processes and procedures are adequate and running properly and covering all the systems based on the product, it is highly recommended to hire a third-party experienced auditor to conduct internal audits or gap analysis to provide critical feedback and recommendations before any FDA representatives arrive for inspection.

Here are the essentials for a successful FDA Inspection:

-Be Proactive in preparation and providing information and communication to FDA – Mitigate any FDA Issues immediately

-Facilities/Equipment/Systems need to be In Order

-Documents (SOP) and Records that are Compliant & Retrievable

-Demonstrate Firm is Operating in Control – produces finished drug products for which there is an adequate level of assurance of quality, strength, identity, and purity.

-SOP-Policy and Management of FDA Inspection

-Designate Right People for Handling Inspections

-Designated Inspection Work Space/Flow

If you or your firm has any regulatory needs or questions regarding a regulatory submission, mock inspections/audits or other issues please send us an email at for a rapid response and quote for the required services.


  1. Compliance Program Guidance Manual Chapter 56: Drug Quality Assurance – Drug Manufacturing Inspections Program 7356.002. Food and Drug Administration. Published October 31, 2017.
    1. Compliance Program Guidance Manual Chapter 45:Biological Drug Products Program 7345.848. Food and Drug Administration. Implemented October 1, 2010.
    1. Compliance Program Guidance Manual Inspection of Medical Device Manufacturers Program 7382.845. Food and Drug Administration. Implemented February 2, 2011.

New Medical Device Pathway: Safety and Performance Based Pathway

Posted by on 6:55 pm in BLOG, FDA Updates, News | 0 comments

New Medical Device Pathway: Safety and Performance Based Pathway

In late 2019, the FDA introduced a new Safety and Performance Based Pathway which can potentially speed up the preparation and review process for certain submitters of pre-market notification medical device submissions. This optional pathway was created by the FDA to assist with well understood device types, in which a submitter references device specific guidance’s detailing the appropriate testing standards, as well as defined performance criteria to demonstrate the device is as safe and effective as a legally marketed device.

Under the approach expanded in the Safety and Performance Based Pathway guidance, a submitter could satisfy the requirement to compare its device with a legally marketed device by, among other things, demonstrating that the device’s performance meets established performance criteria. These performance criteria are derived from FDA-recognized consensus standards, FDA guidance’s, scientific literature, special controls and historical 510(k) submission data. In all 510(k) submissions performance data is critical to proving a state of substantial equivalence to a predicate device and is often the most time consuming and complicated part of crafting a premarket regulatory submission.

The concept of this new pathway is to create clearly defined guidance’s for well-known products that outline the requirements and acceptance standards so that the FDA receives the most accurate data to simplify the review and hopefully lead to an expedited determination. It is critical to understand that these are only for appropriate devices with the same product code and indications for use, for instance. Additionally, the guidance’s list devices that might be in the same family of products, but are excluded from the pathway for other determinations by the FDA.

As of August 2020,  FDA published two final guidance’s and four draft guidance’s for well-known products that meets the  criteria for the new medical device pathway.  FDA intends to publish more guidance’s  over time so that additional devices can be categorized into this format.

Currently, the two final guidance’s that identify performance criteria and testing methodologies for these device types:

The FDA issued four draft guidance’s identifying performance criteria and testing methodologies for the following device types. 

Once these guidance’s are finalized, submitters will have the option to use the safety and performance-based pathway for these device types.

It is important to note that the majority of the other aspects of the pathway are very similar to the current pre-market submissions; including the structure and headings of the submission, user fees remain the same as a 510(k) submission, standard review time is still 90 days and eCopies are still required.

The addition of the Safety and Performance Based Pathway is another step in the process of improving  the premarket medical device submission for both industry and regulators. If you or your firm has any regulatory needs or questions regarding regulatory submission, please send us an email at for a rapid response and quote for the required services.


  1. Safety and Performance Based Pathway. U.S. Food and Drug Administration. Published September 20, 2020.

2020 Over-the-Counter (OTC) Drug Monographs Reform Summary

Posted by on 12:13 pm in BLOG, FDA Updates | 0 comments

2020 Over-the-Counter (OTC) Drug Monographs Reform Summary

Updated: March 26, 2021 – FDA has stated that MDF facility fees will be $20,322, and CMO facility fees will be $13,548.

Over-the-Counter (OTC) drug monographs represent current regulatory standards for the marketing of non-prescription drug products not covered by new drug applications. These standards provide the marketing conditions for some OTC drug products including the active ingredients, labeling, and other general requirement

in the US, OTC drug medicines making up around 60% of all medicines (Prescription (Rx) and Non-Prescription). Developed in 1972, the OTC monograph system has been instrumental in lowering the cost of entry and standardizing requirements across different formulations, however progress in moving forward in adding and amending monographs has not kept up with expectations of the FDA or industry mostly due to an outdated, multi-layered rulemaking process. This caused a large OTC Monograph backlog in which product labels could take years to update.

As a response to this, included in the CARES Act, (implemented into law on March 27, 2020) is a major piece of federal legislation that amends the FD&C Act to modernize the OTC drug review and OTC monograph drug development process, essentially by removing the multi-step rulemaking with new administrative order process, among other changes.

This revision gives FDA the authority to issue an administrative order that adds, removes or changes Generally Recognized as Safe and Effective (GRASE) conditions for an OTC drug monograph.  In addition, the act establishes an expedited process to address safety issues. Another notable improvement is that  either the industry or the FDA can initiate the administrative order process, allowing for both sides to make suggestions to improve.

In addition to an overhaul of the process and in order to improve efficiency and scale resources, the CARES Act provides FDA with the authority to collect user fees dedicated to OTC monograph drug activities. These fees include facility fees and OTC Monograph Order Request (OMOR) fees. FDA also released Over-the-Counter Monograph User Fee (OMUFA)

Program Performance Goals and Procedures document, which specifies FDA and industry mutually agreed upon timelines for turnaround time, Public comment period, issuances of orders for OTC Monograph Order Requests (OMORS).

These OMORs are data packages with requests to change a monograph. The two-tier system is separated into essentially Tier One, which is for adding new ingredients, indications, combination, route of administration, dose or test methods to a monograph, while Tier two is about reordering information, nomenclature changes, or other more minor adjustments. The fees for a Tier One submission are set at $500,000 and a Tier two request is set at $100,000.  For OMUFA purposes, industry-paid fees will help fund a portion of FDA’s regulatory activities for OTC monograph drugs and FDA agreed to adhere to performance goals, including to review submissions within specific time frames. A table summarizing the established timelines by FDA is detailed below:

Industry Guidance

Resulting from this OTC drug monograph reform, there are some additional considerations. First, it is important to familiarize yourself with the new law, keeping in mind the current status of OTC monograph drugs that you have interest in. You can see the law in its entirety here.

The next step would be to review your facility registrations. Funding for OTC monograph reform comes primarily from fees paid based on facilities that manufacture or process OTC monograph drug products in finished dosage form. FDA has stated that MDF facility fees will be $20,322, and CMO facility fees will be $13,548. These fees are effective as of October 1, 2020, and will remain in effect through September 30, 2021.

Currently, active ingredients are classified in 3 categories:

  • Category I: generally recognized as safe and effective for the claimed therapeutic indication;
  • Category II: not generally recognized as safe and effective or unacceptable indications;
  • Category III: insufficient data available to permit final classification

Additionally, become familiar with the current regulatory status of active ingredients in your OTC monograph products.  Some ingredients, such as those with Category I status in a tentative final monograph, become final under the law, thus providing more certainty about generally recognized as safe and effective (GRASE) status. Others, such as those with Category II status, will now have a timeline for either market withdrawal or contacting FDA to discuss alternate plans. Still others, such as those with Category III status, will need to resubmit existing data or generate additional data when FDA issues a proposed administrative order to finalize their GRASE status. It is expected that in some cases, industry may work together to assemble data packages or to conduct additional research.

If you require further regulatory consultation or assistance, please reach out to us at with your needs and requirements and we will respond to you with a free quote as quickly as possible.


  1. Over-The-Counter Monograph User Fee Program (OMUFA) U.S. Food and Drug Administration. Last Updated June 4, 2020.
  2. Federal Register March 3 2021 – OMUFA

How to Register a Hand Sanitizer Product in the US

Posted by on 3:23 pm in BLOG, How-To | 1 comment

How to Register a Hand Sanitizer Product in the US

Due to the COVID-19 pandemic, world-wide demand has soared for hand sanitizer and anti-viral products. Below, we outline five basic steps for domestic and foreign manufacturers or domestic distributors who want to get their drug product into the US market but never dealt with the FDA’s electronic drug registration and listing. The scope of products includes: Rx (Prescription Drugs) and OTC (Over the counter) – ex. Hand Sanitizer, API’s (active pharmaceutical ingredients) and homeopathic, herbal and dietary supplements.

Who is responsible to for Drug registration and Drug listing?  The manufacturer is primarily responsible; however, the Drug importer and/or distributor also has the responsibility for Drug registration.

The five process steps for Drug registration and Drug listing :

  1. Does your firm have a Duns & Bradstreet (DnB) number (or DUNS number)? If no- go to where you can initiate the registration  for free if located in the US and not time restricted.  Obtaining a DUNS number for a foreign firm may take time.
  2. Next step, register with FDA for a Labeler code for your product. FDA assigns the first five digit of an NDC code. This is a two-step process: 1) – first request labeler code from FDA, 2) and second register the file with FDA, but is a near similar process and takes 24 hours to populate into databases. The NDC code requires both a Product code, or the next 3 digits and the last two digits at end is the package code which are both assigned by the manufacturer.

Example: NDC 12345-123-01 {Labeler Code-Product Code-Package Code}

  • After the Labeling and NDC code is prepared, next your firm must register its Manufacturing Facility (Establishment Registration). It is important to note, that the information provided must match Duns and Bradstreet which includes the DUNS #, address, point of contact, etc.
  • Register your Drug Product through an SPL submission, which contains the Content of Labeling and Drug Facts, the label images (text-selectable pdf) as well as the metadata of the drug listing data elements. Further information and the current registry can be found in the FDA NDC directory ( and Drug listing information through DailyMed: (
  • Each year you must remember to re-certify or delist the listing if no longer in use.

If you require further regulatory consultation or assistance, please reach out to us at with your needs and requirements and we will respond to you with a free quote as quickly as possible.

FDA Issues Emergency Use Authorization (EUA) for Face Masks/Respirators to Expedite Importation into U.S

Posted by on 6:02 pm in BLOG, News | 0 comments

FDA Issues Emergency Use Authorization (EUA) for Face Masks/Respirators to Expedite Importation into U.S

Due to the novel coronavirus/SARS-CoV-2/COVID-19 rapid infection rate, as well the viruses ability to create asymptomatic carriers, resulting in major societal disruptions and shutdowns have occurred throughout the world, but nowhere has this pandemic hit hardest than within the health care systems, hospitals and clinics. Due to the enormous surge of critical care, there is a massive demand and shortage of Personal Protective Equipment (PPE) including surgical and medical gowns, masks, respirators and other critical ventilator equipment. Due to the high number of infections, the need is especially acute in the United States. This is a result of both limited and aged government stockpiles, limited supplies at the manufacturing facilities due to “Just in time” manufacturing, as well as the shutdown of Asian manufacturers during the pandemic. Conversely, during the beginning of the infection in Wuhan, the Chinese government purchased over two billion surgical masks from countries around the world1.   But as soon as China and parts of Asia had managed to slow the spread and lower their curve around mid-March, the United States quickly became the new epicenter, moving the focus of the pandemic and causing skyrocketing demand in the U.S.

Due to the enormous demand of PPE in the US and in order to increase the supply of PPE, FDA initiated an Emergency Use Authorizations (EUA) and FDA Guidance’s to help companies address to the rapidly changing environment. One FDA guidance, “Enforcement Policy for Face Masks and Respirators During the Coronavirus Disease (COVID-19) Public Health Emergency” was issued on April 2, 2020 and accompanies this post.

First it is important to note, that this policy is intended to remain in effect only for the duration of the public health emergency related to COVID-19 declared by the Department of Health and Human Services (HHS) with the goal of helping to expand the availability of general use face masks for use by the general public, and of filtering face-piece respirators (including N95 respirators) for use by health care professionals in healthcare settings. 2

FDA regulates masks according to their intended us. In order to better distinguish the different types of face masks, the table below from the guidance includes along with the description the corresponding Code of Federal Regulation (CFR) and product code:

Additionally, it is important to recognize that there are two categories or classes of face masks and respirators, those that are non-medical and those intended for medical and surgical use. I will outline what the differences are for the two classes in terms of what this recent guidance outlines.

Starting with the Non-medical Face masks and N95 Respirators, used for general purposes like in commercial and industrial areas, the EUA notes that to avoid import issues it would be advisable to notify FDA prior to importing at: and necessary for non-medical N95 Respirators as well. Along with this recommendation certain product labeling requirements and specific claims must be met to ensure the products are cleared to be sold in the US market.

Regarding the Medical Masks portion of the guidance, which include Face masks/shields, Surgical masks and Surgical N95 Respirators, FDA has opened an email account:  to work with new entrants who wish to import products into the US for all medical products. It is important to also follow the specific product labeling and testing requirements depending on the product and claims made. It is critical that all labeling and files be translated into English and the intended use be clearly stated.

If you require further regulatory consultation or assistance, please reach out to us at with your needs and requirements and we will respond to you with a free quote as quickly as possible.


1. China stockpiled 2 billion face masks and 25m medical items. Written April 2, 2020.

2. “Enforcement Policy for Face Masks and Respirators During the Coronavirus Disease (COVID-19) Public Health Emergency.” U.S. Food and Drug Administration. Issued April 2, 2020.

How to fight the coronavirus SARS-CoV-2 and its disease, COVID-19 – Michael Lin, PhD-MD

Posted by on 9:38 am in BLOG, News | 0 comments

How to fight the coronavirus SARS-CoV-2 and its disease, COVID-19 – Michael Lin, PhD-MD

A very informative and detailed overview of the SARS-CoV-2 or novel Coronavirus from a Stanford Doctor, Michael Lin, as well as a bonus recipe at end for making hand sanitizer.

Links referenced in Slides

CBD – To Be or Not to Be a Drug? Predicting the Impending FDA Regulations on Cannabis.

Posted by on 1:43 pm in BLOG | 0 comments

CBD – To Be or Not to Be a Drug? Predicting the Impending FDA Regulations on Cannabis.

This blog post was written following a ReedTech webinar (dated 11.7.2019) which focused on helping companies understand how to navigate the state of Cannabidiol (CBD) regulatory environment. This post is for informative purposes only and to provide guidance to minimize risks when labeling, promoting and selling cannabis-derived products in the US.

To date, FDA has approved only one CBD drug product developed by GW Pharmaceuticals Inc called Epidiolex, that treats two rare, severe forms of epilepsy. Currently, FDA mandates it illegal to market any food or dietary supplement containing CBD.  The FDA has reviewed only limited safety data regarding CBD, and the data that exists points to real risks that need to be considered before taking any CBD containing product. [1] Examples of these illegal combination products include: CBD-infused coffee, beer, and pet food.  If health claims are made on the internet for any CBD products, FDA will consider it a new drug and the sponsor must follow an extensive regulatory process to develop and commercialize the CBD drug product in the US.

Before the 2018 Farm Bill was signed and implemented, both cannabis and hemp were treated as Class 1 illegal controlled substances under federal law. The 2018 Farm Bill ended the Hemp and CBD prohibition that had existed for decades and opened the door for CBD products and industrial hemp to compete on the US market across a wide range of products.

The key was how this bill defined the difference between cannabis and hemp, which relies on the psychoactive ingredient THC (or lack thereof). Any Hemp plant can only have a maximum concentration of .3% THC on a dry weight basis, ensuring no psychoactive properties can be transmitted in its use. Instead, hemp and CBD can be used for topicals, body care, construction, food, clothing and much more. Whereas Cannabis is characterized and valued for its high THC content (5-30%) and is for medical and recreational use depending on the state’s laws permitting its purchase, while remaining an illegal substance federally.

With the recent legalization of Hemp and CBD comes great opportunities as well as risks, and because of the complexity of the product and variety of intended uses there are many regulators and governmental stakeholders with overlapping and crossing authority. These include: The Department of Health and Human Services (HHS), the FDA, the DEA, the FTC, the USDA, State Governments as well as Congress and the rest of the Federal Government.

Because of the nature of the United States federal and state laws, there is a great variety of laws regarding both cannabis and hemp across the country. The resulting spectrum of what’s legal and allowed varies widely with different conditions and state regulations, leading to situations where a state such as Colorado or Alabama has permitted CBD to be included in foods or dietary supplements, going against the guidance of the FDA.

However, this has not slowed consumer acceptance, with the CBD Topicals market rising 180% in 2019 [2]. Market Research from New Frontier Data, projects a $2.5Billion Dollar market for CBD related products by 2022, and around $15-20 Billion in expected US CBD sales in next 5-8 years. [4] Another indicator of the size of the market is that a search on Amazon shows over 30,000 CBD listings. To compound the issue of this flood of products, a Penn State Perelman school of Medicine study from 2017 found that 70% of online CBD cannabis extracts were mislabeled. [3]

This post will focus on the clear guidance and what has been defined by the FDA already and what can be inferred moving forward. As mentioned earlier, CBD (whether from marijuana or hemp) may not be sold as or in a dietary supplement or food in the United States. CBD in cosmetics/topical products is not restricted by FDA’s guidance on dietary supplements and food (but still subject to DEA restrictions); however, FDA has also not specifically allowed CBD/hemp in cosmetics. In addition, any unapproved CBD products have not been evaluated by the FDA to determine what the proper dosage is, cumulative exposure, how the compound could interact with other drugs or foods, or whether they have dangerous side effects or other safety concerns. The takeaway is that until the CBD industry receives an FDA pathway or official guidance, no medical claims can be made without an approved NDA drug application.

Some examples of the egregious claim’s companies are making (and have been sent warning letters for) include:

“shown to be effective in treating Parkinson’s disease”, “linked to the effective treatment of Alzheimer’s disease”, “a natural alternative to pharmaceutical-grade treatments for depression and anxiety”, “reduce the severity of opioid related withdrawal”, “counteract the growth and spread of cancer cells”, “CBD oil may improve depression, anxiety and PTSD”, “CBD may reduce risk of diabetes”.

Clearly these claims are unproven and false advertising, with companies using this period of undefined regulations and massive industry growth to take advantage of unsuspecting consumers. If a company claims to be curing or preventing, the product is a drug and must go through clinical testing, and regulatory approval to prove that it is safe and effective. If your product is a Dietary Supplement and you want to list the product, first, confirm with the Regulatory Counsel, follow FDA Dietary Supplement guidelines and then to list submit an electronic Structured Product Labeling (SPL) file either through the FDA online portal or through ReedTech. [5]

Managing Risk:

If you are firm in or planning on entering the CBD market in retail locations or online, be aware of the many risks which include: FDA/FTC Warning Letters that results in closer monitoring and will remain on the public record forever, Product Seizure, FTC Investigations/Consumer Litigation, as well as Industry reputation loss.

As a best practice in all businesses, have a strategy and plan in place, be proactive in terms of regulatory and legal compliance, not reactive. This includes following FDA Regulations, putting in place agreements with contract manufacturer (if applicable), ensuring quality ingredients and having a process for reviewing all products, claims and social media marketing. Furthermore, it is prudent to determine your companies’ level of risk with marketing CBD products now as well concurrently building up documentation to substantiate claims, dosages and ingredients.

In conclusion, with some understanding and planning the Hemp and CBD market remains a promising one as long as regulations are followed and due diligence performed. However, there are  gaps that need to be addressed on the regulatory side that would greatly improve the situation, these include a new dietary ingredient pathway – FDA could require a new dietary ingredient notification for CBD (proven safety, GMP), as well as the potential that FDA or Congress could issue regulation or legislation to allow CBD in foods and dietary supplements.


  1. FDA Regulation of Cannabis and Cannabis-Derived Products, Including Cannabidiol (CBD). U.S. Food & Drug Administration. U.S. Food & Drug Administration. Updated 15 January 2020.
  2. CBD Summit 2019 – From Seed to Shelf: The Supply Side Story. Informa LLC. Presented by Claire Morton Reynolds.
  3. Labeling Accuracy of Cannabidiol Extracts Sold Online. JAMA Network. University of Pennsylvania Perelman School of Medicine, Veterans Affairs San Diego Health Care System, RTI international, Americans for Safe Access, Palo Alto University, John Hopkins University School of Medicine, Baltimore, Maryland. Research Letter Published 7 November 2017.
  4. Cannabis Companies Beginning to Ante Up for Bets on Hemp. Blog. Written 19 February 2019 by Chris Hudock.
  5. ReedTech webinar. ReedTech Webinar Presentation on CBD.

Part 11 compliance is critical, Firms need to be aware of compliance with using the Cloud

Posted by on 10:15 pm in BLOG | 0 comments

Part 11 compliance is critical, Firms need to be aware of compliance with using the Cloud

21 CFR Part 11 – Electronic Records

Part 11 of the Code of Federal Regulations applies to drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions in regards to electronic record keeping. [1] It requires that they implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing the electronic data that FDA predicate rules require them to maintain. A predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. [2]

Broad sections of the regulation have been challenged as “very expensive and for some applications almost impractical”, [3] and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. In practice, the requirements on access controls are the only part routinely enforced. The “predicate rules”, that required organizations to keep records in the first place, are still in effect. If electronic records are illegible, inaccessible, or corrupted, manufacturers are still subject to those requirements.

When it comes down to the real situation either firms have authoritative “hard copies” of all required records, or they have all files on an electronic system. Depending on which of the two sources has all required documents, it will be deemed the authoritative source. Firms should be careful to make a claim that the “hard copy” of required records is the authoritative document. For the “hard copy” produced from electronic source to be the authoritative document, it must be a complete and accurate copy of the electronic source. The manufacturer must use the hard copy (rather than electronic versions stored in the system) of the records for regulated activities. The current technical architecture of computer systems increasingly makes the Part 11, Electronic Records; Electronic Signatures — Scope and Application for the complete and accurate copy requirement extremely high.

Which leads us to Private Cloud Systems…

Cloud Systems can be 21 CFR Part 11 compliant, cost effectively deployed to meet accelerated timelines, more secure than in-house deployments, and can assure potential investors/acquirers of the integrity of your firm’s data. These goals can be achieved by creating a qualified private cloud in an agreement with a cloud vendor.

The cloud Software as a service (SaaS) business is a fast-growing and evolving market with multiple options and prices that can get expensive quickly if not managed properly. Please be aware, there are no “out of the box” (free or discounted) cloud solutions will be 21 CFR Part 11 compliant. Below are some of the critical components to ensure that your system is compliant:

  1. Open and Closed system differentiation – need to define what is inside network or intranet (which needs to be encrypted and protected as such), and what is outside the intranet and available to share on global internet.
  2. Cloud systems are rigorously validated –just like an on-premise software validation, a cloud validation is mandatory and includes many stages:
    • The creation of a Validation Plan
    • The User Requirements Specification (URS) describes the business needs for what users require from the system.
    • Then follows the System Configuration Specification (SCS) and Software Design Specification (SDS), which needs to be exhaustively documented.
    • Once the frameworks have all been developed and validated, then the System Build can begin, as the system develops it must go through iteration of the IQ > OQ > PQ cycle
  • Installation Qualification (IQ): Verifies the installation of the software in the selected environments and its documentation.
  • Operational Qualification (OQ): Verifies that the software will function according to its operational specifications in the selected environment.
  • Performance Qualification (PQ): Verifies that the software consistently performs to the specification for its day to day use (routine).
  • Validation Report: Summarizes the executed validation process, documents any deviations and their remediation, and acts as a final sign off on the validation of the system.
  • By leveraging a regulated cloud, the cloud software can conduct all validation steps (including IQ and OQ), leaving only the PQ to the customer. [4]
  1. Open for inspection – All Validated Cloud SOPs and non-customer-specific documentation are fully auditable, as is the host’s data center.

Risks & Costs to consider:

Of course, no solution is without problems and learning experiences, setting up a cloud system can become more complicated in real world situations with multiple cloud environments, different data sources, internal and acquired content and well as security challenges and other integration issues. In addition, any firm will need to expect large expenditures to make a cloud system a reality. Below is an estimation of costs for a medium sized firm employing about 50-200 to run and maintain a cloud system (these figures might vary greatly from real costs and depend on vendor and solutions purchased):

Required ComponentEstimated Annual Cost
Personnel$200 – 300,000
Hardware/Infrastructure$100 – 150,000
Backup & Support$15 – 20,000
Apps & Software Licenses$15 – 30,000
Est. Total Price Range:$330,000 – 500,000

However, given the other option which is on premise software database, these costs can be doubled or tripled for a couple reasons. First, there is the constant need to upgrade and replace old hardware, usually faster than it depreciates and at greater cost than the cloud vendors. Second, there is much more technical and personnel experience required, greatly increasing costs and having to compete with the likes of Google and Amazon for cloud engineers and other talent. Another reason is scalability and flexibility, as cloud solutions can scale or decrease depending on the businesses data volume and demand. For an on-premise software solution, a firm would have to purchase more high cost equipment to expand capacity and size, instead of a cloud data provider renting out a few more instances in their data center for the firm.

If a firm has the need to migrate or create an electronic record system to comply with 21 CFR Part 11 and understands the risks and costs, it is usually the best course of action to research and look into right solution for your firms needs. Some firms to explore for potential storage solutions may include: Box, DropBox, Google Cloud, RegDocs365 or AWS Cloud.


  1. “CFR – Code of Federal Regulations Title 21”. U.S. Food & Drug Administration. U.S. Food & Drug Administration. Retrieved 15 September 2016.
  2. ^“Food and Drug Administration CFR Title 21 Part 11”. U.S. Food & Drug Administration. U.S. Food & Drug Administration.  Retrieved 15 September 2016.
  3. ^“Part 11, Electronic Records; Electronic Signatures — Scope and Application”. U.S Food & Drug Administration. U.S Food & Drug Administration. Retrieved 15 September 2016.
  4. ^” “. Blog. Written 16 January 2013 by Steve Harper.

Enterprise Risk Strategy and Emerging Technologies to address critical needs

Posted by on 5:33 pm in BLOG | 0 comments

Enterprise Risk Strategy and Emerging Technologies to address critical needs

On July 31, 2019 I had the opportunity to listen into a PricewaterhouseCoopers (PwC) webinar hosted by SDRAN discussing how to build a risk strategy utilizing emerging technologies such as Artificial Intelligence, Blockchain and IOT to improve quality, strengthen compliance and controls such as adverse event controls, reporting and reduce non-conformances.

As technology has advanced, the amount of data being produced by corporations is enormous and at best only a small fraction (PwC estimates .5%) is currently analyzed leaving a huge opportunity for anyone willing to invest in these emerging technologies. A more data driven focused approach can assist in accuracy, completeness and timeliness of reporting and compliance.

Underlying the point of adoption of emerging technologies in large firms, PwC conducted a survey of 7,300 respondents in 123 territories with the majority of respondents being senior executives. The results showed that continuous monitoring of network and email for security is showing the greatest adoption at 40% of respondents utilizing the tech. Anomaly detection, proactive detection of threats and data dashboards all have around 30% adoption and are a critical component of an analytics focused company. The leading edge is using data scientists and AI (with 17% and 11% adoption respectively) to use big data to solve ranges of issues to combat fraud, advance automation projects and streamline operations and workflows.

PwC’s 2018 Global Economic Crime and Fraud Survey was completed by 7,228 respondents from 123 territories. Of the total number of respondents, 52% were senior executives of their respective organizations, 42% represented publicly-listed companies and 55% represented organizations with more than 1,000 employees.

The three main areas of focus that are ready for enterprise adoption now are: Artificial Intelligence (defined as a collection of “smart” technologies and algorithms that are aware of and can learn from their environment to assist /augment human decision making), Blockchain (immutable, publicly distributed ledger) and IOT or Internet of Things (“Devices utilize embedded technology to communicate, record, and interact with the external environment using the internet as a means of communication”), with a synchronicity or convergence of these technologies allowing for benefits to rise while negating some of the downsides as well as the potential for true disruption.

Side note: In the mid-term (3-5 yrs.) 3D printing and robotics are coming up for wide scale enterprise use, followed by nanotechnology and quantum computing in the next 5-10+ yrs.

By demonstrating some case studies and best practices, it made these topics more relevant and realistic for those looking to adopt these strategies. Some examples of how adoption of these three emerging technologies is and could play out around the areas of Risk and Regulatory Affairs:

Registration and License Tracking can benefit from securing data sharing to guarantee patient data privacy through securing the credentialing process using an immutable anonymous ledger or blockchain.

Regulatory Intelligence and Complaint processing could benefit from Unstructured data mining using NLP (natural language processing) and using risk algorithms to determine fraud.

Regulatory Submissions and Clinical Trial Data Analysis could benefit from machine learning algorithms, using NLP as well as well using automated scripts in the cloud or on servers to reduce manual inputs and better manipulate, pull, label and organize data across an IT system.

Case Study 1 [Blockchain Application]: Blockchain can transform and vastly simplify the gathering and capturing of transaction detail across systems, allowing for a complete record to be stored on the blockchain and automating appropriate access and audits of the data to appropriate entities (i.e. Regulatory entities and payers)

Post Marker Regulatory Change Management could become more efficient and benefit in reduced manual processes using AI algorithms and cloud synchronization across IOT devices.

Adverse Event Reporting has many different sources (Mobile texts, Email, information in excels, dashboard or internal tools, etc.) and can all be merged using cloud hosted data source to ingest the data into a separate database for processing. There the data is read through NLP nodes to identify and label key entities. Finally, the data is interpreted with machine learning and rules-based models perform interpretation and then sent back to the appropriate workflow across the IT system. All the while, the entire process is being tracked and monitored by humans through a detailed user interface.

Case Study 2 [AI Application]: Example of funneling data sources to a centralized Machine learning algorithm to enable more automated adverse event reporting

Centralizing and streamlining Health Data to create virtual consultations and analysis. One further application which currently is being led by IOT devices such as the Apple Watch, is tracking, monitoring and packaging health data progression over time to be sent to physicians. A case study provided was where PwC partnered with iBData to create a single process for capturing and transmitting IBD progress in a way that is easy for the patient and informative for the clinician. This resulted in Clinicians being able to compile a comprehensive patient profile and develop a targeted treatment plan with standardized updates on a patient’s symptoms.

Case Study 3 [IOT Application]: Using Apple Watch to track IBD and then turn the data into useful dashboard for both clinicians and patients

The speakers did caveat this with the fact that biases are inherent in AI designed systems by the programmers and inputs, so best to be as objective with data as possible and conduct data audits and set clear baselines and review all model outputs. Other suggestions include setting clear validation tests for the model with real and created inputs. Furthermore, to really make these technologies work cohesively they need to constantly be a work culture of testing and looking at data, defines clear objectives of models and improve the model to get closer to answers that meet the objective as well as ensure it is reverse engineerable and explainable/auditable.

Background art source:

%d bloggers like this: