Manufacturers struggle with how to meet new regulatory requirements with their legacy devices. Often companies go back to their documentation in an attempt to provide the documentation necessary to support regulatory compliance, only to find that the information is missing. In this situation, manufacturers may have people on staff who are able to talk the auditor through what they have done, and how it supports compliance with the regulations; however, from a regulatory perspective undocumented actions aren’t auditable. For companies to try to recreate information or create new information is often a massive effort.
Manufacturers facing remediation as a result of new regulations may find that their processes are not designed to provide the evolving level of sophistication expected. Compliance has been historically a check-the-box exercise. While this documentation may have satisfied regulators in the past, newer regulations are increasingly demanding a more complex level of interaction of both organizational functions and processes that may now operate as stand-alone entities.
Production and post-production data review is one example of a process that can, and should, provide feedback from a variety of areas and result in improved products, processes and services. As risk management becomes more mature and ingrained within the organizational processes, the expectation is that companies will look at the data and try to improve the product safety and effectiveness, taking appropriate actions. Because many manufacturers are still working to implement risk management throughout their product development processes, there is still a lot of infrastructure-related work to pull production and post-production data and use it across the organization to facilitate proactive risk management, rather than strictly compliance. As a result, some companies may have to retrospectively create new structures and processes.