Chapter 11: FDA Unique Device Identification Verification and Validation
166 Regulatory Affairs Professionals Society (RAPS)
• Verifying the data gathered, including
GMDN Preferred Term codes
• Identifying the parties (titles) responsible for
collected data signoff
• Outlining all the steps needed to gather
required data
• The process to be used to upload the data
into GUDID, including how the data will
be controlled and verified or validated
• Documenting any changes to the original
plan and
• Managing changes to the device or its data
attributes.
If a company has multiple labeler sites, plans will
need to be developed for each site. It is neces-
sary to determine who will verify or validate the
attribute data from each site and whether the
corporate location will be in the V&V flow and
have signoff responsibilities. Attribute spread-
sheets, if used, need to be controlled during the
entire process, and the control method used
needs to be documented.
UDI Implementation Process:
Construct and Enact
During the implementation, construction, and
enactment phase, medical device labelers will
need to:
• Compose, establish, administer, and verify or
validate software system changes
• Rehearse connectivity with GUDID and
validate that all systems are functioning
correctly and
• Create or revise SOPs as needed and con-
duct process validations.
Software Changes
The FDA’s QSR under 21 CFR Part 820.70(i)
defines “automated processes” as such: “When
computer systems or automated data processing
systems are used as part of production or the
quality system, the manufacturer shall validate
computer software for its intended use according
to an established protocol. All software changes
shall be validated before approval and issuance.
These validation activities and results shall be
documented.6
Labelers should familiarize themselves with
the requirements of 21 CFR Part 11 and its cor-
responding guidance, Part 11 electronic records
electronic signatures—scope and application,8
which further delineates a tightened scope and
describes the requirements for which compliance
is most important.
Two requirements are needed for Part 11 to
be applicable:
• Records whose maintenance is mandatory
(under predicate rules—that is, the UDI
rule) or submitted to the FDA
• Records kept in electronic format rather
than paper
The FDA says in its rule that the UDI must be
included in several quality management sys-
tem areas, such as complaint handling, labeling,
device history records, and servicing systems (see
the GHTF document, Quality management
systems—process validation guidance). Many
manufacturers have changed their complaint-han-
dling systems from paper-based to software-based.
These systems would be validated under 21 CFR
Part 820.70(i). The UDI rule requires chang-
ing the software to include a device’s UDI, so it
“shall be validated before approval and issuance.”
Likewise, DHRs should store UDI or universal
product code (UPC) and other required data
elements, which, if electronic, again will require
software validation. And because UDI require-
ments call for changes to information printed on
a device’s label, modifications to the software that
provides changeable data to the label printer also
will need to be validated.
Further, each label needs to be inspected per
21 CFR Part 820.120(b), “Labeling inspection”:
“Labeling shall not be released for storage or use
until a designated individual(s) has examined the
labeling for accuracy including, where applica-
ble, the correct [UDI or UPC], expiration date,
control number, storage instructions, handling
instructions, and any additional processing
instructions. The release, including the date and
signature of the individual(s) performing the
examination, shall be documented in the DHR.”6
166 Regulatory Affairs Professionals Society (RAPS)
• Verifying the data gathered, including
GMDN Preferred Term codes
• Identifying the parties (titles) responsible for
collected data signoff
• Outlining all the steps needed to gather
required data
• The process to be used to upload the data
into GUDID, including how the data will
be controlled and verified or validated
• Documenting any changes to the original
plan and
• Managing changes to the device or its data
attributes.
If a company has multiple labeler sites, plans will
need to be developed for each site. It is neces-
sary to determine who will verify or validate the
attribute data from each site and whether the
corporate location will be in the V&V flow and
have signoff responsibilities. Attribute spread-
sheets, if used, need to be controlled during the
entire process, and the control method used
needs to be documented.
UDI Implementation Process:
Construct and Enact
During the implementation, construction, and
enactment phase, medical device labelers will
need to:
• Compose, establish, administer, and verify or
validate software system changes
• Rehearse connectivity with GUDID and
validate that all systems are functioning
correctly and
• Create or revise SOPs as needed and con-
duct process validations.
Software Changes
The FDA’s QSR under 21 CFR Part 820.70(i)
defines “automated processes” as such: “When
computer systems or automated data processing
systems are used as part of production or the
quality system, the manufacturer shall validate
computer software for its intended use according
to an established protocol. All software changes
shall be validated before approval and issuance.
These validation activities and results shall be
documented.6
Labelers should familiarize themselves with
the requirements of 21 CFR Part 11 and its cor-
responding guidance, Part 11 electronic records
electronic signatures—scope and application,8
which further delineates a tightened scope and
describes the requirements for which compliance
is most important.
Two requirements are needed for Part 11 to
be applicable:
• Records whose maintenance is mandatory
(under predicate rules—that is, the UDI
rule) or submitted to the FDA
• Records kept in electronic format rather
than paper
The FDA says in its rule that the UDI must be
included in several quality management sys-
tem areas, such as complaint handling, labeling,
device history records, and servicing systems (see
the GHTF document, Quality management
systems—process validation guidance). Many
manufacturers have changed their complaint-han-
dling systems from paper-based to software-based.
These systems would be validated under 21 CFR
Part 820.70(i). The UDI rule requires chang-
ing the software to include a device’s UDI, so it
“shall be validated before approval and issuance.”
Likewise, DHRs should store UDI or universal
product code (UPC) and other required data
elements, which, if electronic, again will require
software validation. And because UDI require-
ments call for changes to information printed on
a device’s label, modifications to the software that
provides changeable data to the label printer also
will need to be validated.
Further, each label needs to be inspected per
21 CFR Part 820.120(b), “Labeling inspection”:
“Labeling shall not be released for storage or use
until a designated individual(s) has examined the
labeling for accuracy including, where applica-
ble, the correct [UDI or UPC], expiration date,
control number, storage instructions, handling
instructions, and any additional processing
instructions. The release, including the date and
signature of the individual(s) performing the
examination, shall be documented in the DHR.”6