IMDRF/SaMD WG/N23 FINAL: 2015
2 October 2015 Page 17 of 34
Corrections and corrective actions may be required when a process is not correctly
followed or the SaMD does not meet its specified requirements (i.e., when a
nonconforming process or product exists).
Nonconforming SaMD should be contained to prevent unintended use or delivery. The
detected nonconformity should be analyzed and actions taken to eliminate the detected
nonconformity (i.e., correction); and to identify and eliminate the cause(s) of the detected
nonconformity (i.e., corrective action) to prevent recurrence of the detected
nonconformity in the future. In some cases a potential nonconformity may be identified,
and actions such as safeguards and process changes can be taken, to prevent
nonconformities from occurring (i.e., preventive action).
Actions taken to address the cause of SaMD nonconformities, as well as actions taken to
eliminate potential SaMD nonconformities, should be verified/validated before SaMD
release and should be evaluated for effectiveness.
Lessons learned from the analysis of past projects, including the results from internal or
external audits of the SaMD lifecycle processes, can be used to improve the safety,
effectiveness, and performance of SaMD. The manufacturer should also have processes
in place for the collection of active and passive post market surveillance information in
order to make appropriate decisions relating to future releases.
After the product is in the market, it is important to maintain vigilance for vulnerability to
intentional and unintentional security threats as part of post market surveillance.
Example: Customer feedback is an important part of monitoring the performance to improve the
product over time. Both Magna and Parva are in the process of developing a new and improved
version of their SaMD. Magna has a dedicated department that works independently but in
conjunction with sales, marketing, and product development to formally survey its large
customer base to gain insights into product performance. In the case of Parva, the company
invites some of its early adopters and customers into an office to conduct a round-table
discussion to get to the same kind of feedback. Both companies also use embedded analytical
tools to gain insights into customer behavior with respect to their use of their respective products.
They also routinely review and evaluate customer complaints to identify trends and potential
areas for improvement. Based on the review of various sources of data, both Magna and Parva
redesigned their SaMD to address common issues identified by customer feedback, complaints,
and any new/updated clinical evidence.
The concepts presented in this section relate to clauses 7.2.3, 7.3.7, 7.5.1.1, 8.1, 8.2, 8.3, 8.4, and
8.5 in ISO 13485:2003.
Managing Outsourced Processes, Activities, and Products
An effective QMS system takes into account and ensures quality of SaMD when processes,
activities, or products are outsourced (i.e., are not completely conducted / made in-house).
An organization may choose to outsource different parts of its SaMD process, activities, or
product based on its in-house strengths and competencies. Similarly, an organization may
procure a commercial-off-the-shelf (COTS) product or another SaMD for integration into its
SaMD. In both of these instances, understanding, maintaining control, and managing the effect