The Role of the PRRC Part 1

Hello reader, and welcome to the next installment of the Comply Guru Blog series about the role of the Person Responsible for Regulatory Compliance (PRRC)

For the next few weeks, the focus is going to be on key takeaways from the webinars that Comply Guru have run to date, starting with the Role of the Person Responsible for Regulatory Compliance (PRRC).  This was a webinar run at the end of 2023 and proved to be a very popular subject for our followers.

During the webinar the current status of the PRRC was discussed, along with how organizations could look at implementing their PRRC into their organizations and Quality Management System (QMS), whether the PRRC is internal or external to the organization, and ways to approve the approach.

Did you miss the webinar? Here is a link if you want to watch the Role of the PRRC Webinar for free on our website.

One area of particular interest with the attendees was how they could anticipate the Notified Bodies approach to assessing the role of the PRRC and some key areas were discussed.

It was great to be able to give insight on where most of the non-conformities were being observed when the role of the PRRC was being assessed, and hopefully facilitate the attendees to perhaps take that information back into their own organizations to see where they could potentially make some improvements or changes to avoid the same pitfalls when it comes to their own pursuit of CE marking under the EU MDR 2017/745 and EU IVDR 2017/746.

Current Status of the PRRC

The requirement for a PRRC is currently not in place for MDD and legacy devices.

For organizations that are transitioning and have an MDD device or a legacy device, a PRRC is not required.  The PRRC is currently not mandated for these MDD and legacy devices because there is no equivalent position in the MDD that aligns with the requirement of the PRRC, which was introduced as a new role under the MDR.

However, it is very important to bear in mind that if organizations are in that transitional phase, it’s hard to imagine not having a PRRC when you consider the requirements of Article 10(9) of the MDR “The General Obligations of The Manufacturer” to have a Quality Management System in place that aligns with the requirement of the MDR.

So even from a preparatory point of view, given the caveats that were introduced with the extension of the timelines to have a QMS that’s compliant with the MDR in place by May 2024, it is important to start implementing the PRRC now even for those MDD and legacy devices.

Of course, that differs for brand new devices that have never been on the market before. So, obviously, a device that is a new MDR device will require a PRRC immediately.  If an organization has a brand-new device that has never been placed on the EU market before the requirement for a PRRC is immediate.

Implementing the PRRC into the QMS

When we look at the PRRC and the QMS, the need to be proactive in implementing the PRRC must be considered, along with the process-based approach in the Quality Management System.

The PRRC, whether internal or external, performs a functional role within the organization, so they should be integrated adequately and appropriately into the organization’s QMS, while also looking at the risks involved.  Some of the key areas to explore in the QMS when integrating the PRRC are the appointment letter, the job description, and making sure the PRRC is referenced in the organizational chart and the Quality Manual.

EUDAMED will also need to be updated with the Primary PRRC and any Secondary or Back-up PRRCs.  These are the basic things that we are all pretty much aware of on how to introduce your PRRC to your system.

I use the word “introduce” because there’s a little bit of a difference between “introducing” and “implementing” the role of the PRRC effectively into an organizations QMS.

Current Procedures for the PRRC

When one considers the role of the PRRC and what they’re responsible for, the next piece on integrating the PRRC into the QMS and the organization is to see where they fit within the documents of the quality management system. These are the procedures or documents that will, when executed, provide the records that you have adequately implemented the role of the PRRC.

Procedures for final product release should be reviewed because there is a requirement on the part of the PRRC to check that your devices have been manufactured as per the requirement of the QMS they were manufactured under and that the devices are in conformity/compliance with that QMS.

Other documents to consider include management review, internal audits and other QMS surveillance activities because your PRRC is going to become part of these activities.

The procedures around technical documentation will require revision as the PRRC is responsible for ensuring that the technical documentation is drawn up and kept up to date along with the Declaration of Conformity. Organizations should also be looking at your design and development procedures as well for input by the PRRC.

Another interesting area that is often times overlooked, is the Design and Development Transfer phase, especially where it is the case that Design and Development has been outsourced.  Given the requirements that the PRRC must ensure that the device has been made as per the requirements of the QMS, they should check the Design and Development documents before transfer to manufacturing to ensure that the device will be ramped up correctly and made in compliance with the QMS.

Organizations need to be looking at the PRRC from the point of view of Post Market Surveillance procedures, incident reporting and field safety correction actions, corrective actions, vigilance procedures, and of course investigational devices. The PRRC have a role to play in regard to that part of the business if there are investigational devices.

Looking at the current procedures in organizations, there really is a wide scope of where the PRRC can fit into those documents that already make up the Quality Management System.

But what about new Procedures?

New Procedures and the QMS

Ideally, organizations should have established and implemented a procedure on how they will implement the PRRC, how will your PRRC be onboarded and what that activity will look like in the organization for the PRRC.

For example, if organizations have a PRRC who has gained their qualifications outside of the EU.

How are organizations going to make provisions for that within the onboarding process? How are they going to check for the equivalency of those qualifications as they align with the European equivalent?

A PRRC may have gotten their qualifications outside the EU. Organizations need to make sure that the qualifications are accepted and equivalent in any of the member states. This is where organizations may be looking at new procedures in the Quality Management System.

The definition of the requirements and how organizations will localize the PRRC to the specific site is important because it should be noted that implementing your PRRC is not a cookie cutter procedure.

It is going to look different for each organization.

For example, is your organization going to have one PRRC? Are they going to have two or even more PRRCs depending on the size of the organization?

Organizations needs to have a process in place where you’re mapping the areas of responsibility, even in the case of a singular PRRC, or multiple PRRCs.  Organizations should also consider the plan to be put in place where they only have one PRRC implemented and that PRRC should become unavailable.

Appointment Letter

Organizations should have a letter of appointment for the PRRC that is signed by the PRRC, and the organization and organizations should remember there is a legal framework around this position.

If one considers the alternative or the equivalent of a PRRC in other industries, and you look at the responsible person in the cosmetics industry and the QP in the Pharma industry, which are also legally mandated roles they will also have something similar for their roles.  It is no different for the PRRC. Organizations are putting appointment letters in place.

The appointment letter is kept on file with the competence records for the PRRC.

Generally, appointment letters will document what the PRRC’s defined responsibilities are especially in the case of multiple PRRCs, the letter will define exactly what each PRRC is responsible for.

In some cases, the appointment letter also includes the evidence of conformance to the legal requirement in relation to the qualification and/or experience to take on the role of the PRRC.  Objective evidence should also be available that supports the legal framework of qualifications that is required to carry the role of the PRRC.

Management Review

One of the other areas that the PRRC is being integrated is in Management Review.  Organizations are including the PRRC as an input to Management Review for a couple of reasons.  Some organizations only have management review once a year, and as we all know, a lot can happen in twelve months in this industry.

If organizations only conduct Management Review once a year, it’s always very handy to include the role of the PRRC into Management Review because it will allow for a periodic review of the PRRC, and they’re continued adequacy and appropriateness for the role. There may be turnover, or organizations may have experienced gaps in the role of the PRRC throughout the year which can be reviewed, with any actions to be taken documented as an output from Management Review.

Nonconformities 

A survey conducted identified that the number one cause of nonconformities in auditing the role of the PRRC was down to qualifications and that they were either not recorded or that they were not available on the day of the assessment.  Another area cited was in the case of the backup PRRC, and their qualifications not being made available on the day.

Other non-conformances identified related to the responsibilities of the PRRCs not being clearly defined. Of the PRRCs, and especially in the case of multiple PRRCs, organizations had not defined each and delegated the responsibilities and recorded them adequately.

The next non-conformity was regarding the PRRC backup and the fact that there was none. They didn’t have a backup PRRC, and they didn’t have any provisions in place for, a backup PRRC.

This highlights the importance of recognizing the legal framework of qualifications that exists to perform the role of the PRRC.  Importantly, if experience is being cited as qualification, the regulatory experience must be EU related, and qualifications gained outside the EU must be checked for equivalence.

This is not where the story ends for the Role of the PRRC, come back next week for Part 2, where we will delve further into the topic of the PRRC and its impact on the industry.