Regulatory Services

If you are looking for an optimal regulatory pathway to bring your medical device to the market, this service provides input on the initial device classification according to classification rules in different jurisdictions (EU, UK, USA, etc.) based on the device’s intended purpose, lists the possible regulatory pathway options and summarizes the necessary steps needed both from the quality management systems and technical documentation point of view.

If you are looking to define what steps need to be done in order to reach compliance with the appropriate new or revised standard or regulation, this service involves a formal document review and a systematic identification of gaps in the manufacturer’s current documentation compared against the given standard/regulation (ISO 13485, MDR, IVDR, FDA QSR, IEC 62304, ISO 14971, ISO/IEC 27001, etc.).

Acquiring certification for your Medical Device is an exciting journey where patient safety is your guidance for classification. For low-risk devices, it is not needed to involve a Notified Body. However, still, you must draw up documentation to prove you comply with EU Medical Device Regulations. We have taken this path several times from the initial assessment of the classification (CE-mark), Notified Body communication, establishing the Technical Documentation, Risk Assessment, providing test protocols and plans for Usability Engineering Testing.

Whether you have a Medical Device or In Vitro Diagnostic product in development, or you want to secure a CE-marked product under the old directives (MDD/IVD) to Medical Device Regulation (MDR) or In Vitro Diagnostic Medical Device (IVDR), we can help you.

When you want to place medical devices or applications on the market, you must develop and implement a Quality Management System (QMS) in accordance with ISO 13485 and additional requirements set to such QMS from th e medical device regulations (e.g. MDR, IVDR).   

We provide full regulatory support related to development and implementation of all QMS processes including certification from a Notified Body. Our services include appropriate QMS trainings of all your employees. QMS certification is mandatory when you place medical products as CE-class IIa or higher on the market.

Management Representative (MR): If you want to ensure ISO 13485 compliance (clause 5.2.2) but do not have the resources or competencies internally, this service involves providing an outsourced Management Representative (MR) role on your organizational chart.

Person Responsible for Regulatory Compliance (PRRC): When you have placed a Medical Device or Software as Medical Device (SaMD) on the EU-market, you must appoint a person within your organisation as a Person Responsible for Regulatory Compliance (PRRC). The PRRC obligations are laid down in MDR (EU) 2017/745, Art. 15. If you don't have the resources or compentencies present in your organisation we can provide you with such person acting as your PRRC on your organizational chart.

Quality Assurance (QA)/Regulatory Affairs (RA): If you are in need of various regulatory support in specific projects or just want to outsource the role of such Quality Assurance and/or Regulatory Affairs person, we can assist you. This service covers both periodic regulatory support and constant involvement in the case of an outsourced role.

With GPPR (EU) 2016/679 for storing and handling of patient's health data, the data privacy of the individual patient must comply. Also, with the AI Act (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI), cybersecurity has become important for medical device manufacturers. An Information Security Management System accreditation (ISO/IEC 27001) is not mandatory for medical device manufacturers. But an Information Security Management System can ensure that you have overview surveillance of your compliance to GDPR, the AI Act and other cybersecurity measures as part of ISO/IEC 81001-5-1*. Your customers will sooner or later set this as a requirement for purchasing your provision of products and services.

We can assist you in implementing ISO/IEC 27001 as an integrated part of your Quality Management System according to ISO 13485. You don't need two management systems. so, if you are looking to develop or implement an Information Security Management System according to ISO/IEC 27001, our services involve support as well as consultation with all matters in this area.

*ISO/IEC 81001-5-1: Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle

If you aim to bring your device to the market (acquire the CE mark in the EU or get FDA approval/clearance in the USA), one of the most important steps is the technical documentation. This service includes support in structuring and drawing it up for the purposes of ensuring compliance with the desired regulation (MDR/IVDR, UK MDR, FDA, etc.). As this process can very often include involvement from external parties such as test houses and notification bodies (in the EU), this service includes support in these interactions, too.

If your software is considered as medical software, and you want it to be compliant with all the applicable standards in the medical device industry, this service includes providing support in all regulatory aspects: software lifecycle processes according to IEC 62304, safety requirements according to IEC 82304 and security requirements according to IEC 81001.

If you are looking to: get acquainted with basic requirements of certain standards or regulations learn more about the requirements of specific standard/regulation sections, resolve practical challenges of certain processes through workshops, gain more knowledge about a dedicated topic through an individual customized training session, attend a seminar or webinar in case of a larger groups of participants or attend an externally certified training course in cooperation with a certified training provider, this service provides it all. Upon agreement with the client, these sessions can be delivered as either awareness training or sessions with formal evaluation. With many years of experience, a lot of sessions organized over the years and a number of qualified trainers, you can be sure that you are in the right place when it comes to increasing competence.

If you need resources to check your QM system internally, need resources to conduct regular audits of your critical supplier(s), or just need support during certification audits, this service involves both conducting internal and supplier audits on behalf of the client, as well as providing support during internal, supplier and external audits on the client’s side. All of these audits are available as both on site and remote options, depending on the agreement with the client.

If you are a non-EU manufacturer of medical devices (UK, Switzerland, Turkey, other non-EU European countries, USA, Canada, Asia, South America, etc.) wishing to place your device on the EU market, you must appoint a company that will serve as your Authorised Representative. The roles and responsibilities of the company undertaking the authorised representative role are defined in MDR/IVDR and briefly encompass everything that is needed to ensure that the device meets all regulatory, safety and performance requirements imposed in these regulations. Also, if you are a manufacturer wishing to place an MDR/IVDR-compliant device on the EU market but internally have no resources that meet the requirements for the mandatory role of the PRRC (Person Responsible for Regulatory Compliance), this service enables outsourcing this role, as well. The regulations define the necessary requirements for this role in terms of qualification and experience and list all of the obligations this role has to meet.