Roszdravnadzor, the Russian regulating authority in the sphere of medical devices, has published a recently adopted regulation on state supervision and control. The document prescribes the way the regulating authority should perform its functions when supervising the activities undertaken by medical device manufacturers and other parties involved in operations with medical devices. In particular, the document describes in detail the actions the authority may take, and the respective procedures to be followed.

Selective Control 

According to the regulation, selective control could be performed either on a regular or an ad hoc basis. The actions to be performed in the course of a selective control could include the following ones:

  • Inspection,
  • Requesting written clarifications,
  • Requesting documents,
  • Collecting samples,
  • Examination,
  • Trials. 

It is also important to mention that samples should be collected only in case there is no other way to assess compliance with the applicable regulatory requirements. Should it be the case, sample collection should be performed in the presence of a representative of an entity subject to control, and video recording should be conducted as well. The examination should be undertaken in the laboratories operated by the respective expert organizations. The results of such examination should be provided to the entity subject to control within 24 hours from the moment they will be received by the regulating authority. The latter could decide to initiate sample collection to ensure that medical devices in question comply with any applicable requirements for safety and/or quality. 

The decision to conduct a selective control adopted by the regulating authority should contain the following details:

  • Name of the authority and type of state control activity to be performed,
  • Name and position of an official authorized to conduct the selective control,
  • Name of a legal person subject to control, as well as information about its location and actually address of manufacturing facilities,
  • State registration number of the entity subject to control,
  • Mandatory requirements, compliance with which would be assessed,
  • Information about the medical devices to be collected as samples,
  • The date the activities should be performed,
  • Information about the photo- and video-recording in the course of regulatory actions,
  • Information about approval of a Public prosecutor, or about notifying a Public prosecutor. 


Class I Software Medical Devices 

Class I is the lowest class under the applicable classification system and applies to the devices with the lowest risk associated thereto. Hence, the applicable regulatory controls are quite low as well. In the case of software-based medical devices, this class applies for the devices that are:

  • Intended to monitor the state or progression of a disease;
  • Providing information that does not indicate if an individual may be in danger;
  • Associated with a low public health risk. 

Class IIa Software Medical Devices 

This category applies to medical devices associated with medium risk. An example provided by the TGA describes diabetes diagnosis software that is intended to be used by a healthcare professional. Thus, such a product is a Class IIa medical device as the device provides information to a relevant health professional to inform the diagnosis of a serious disease. This category also covers risk prediction software, as well as the tools that record data from a patient monitor or images directly from an MRI scanner (provided that such software does not impact the operations of a scanner itself). 

Class IIb Software Medical Devices 

This category applies to medical devices associated with medium-high risk. For instance, such classification should be applied to a product that is intended to analyze a cardiac MRI in order to provide information used in making diagnoses of related diseases. As in the previous example, the software is intended to provide information to healthcare professionals only. As described in the guidance, Class IIb applies to medical software that is intended by the manufacturer (the software developer) to provide information to a relevant health professional to inform the diagnosis of a serious disease. Other examples of Class IIb products include tools intended to be used to diagnose an acute arterial occlusion due to the severity of potential consequences of this disease if the necessary treatment is not applied. This category also covers software products that are intended to provide recommendations for treatment or intervention on the basis of input data (e.g., a coronary angiogram). As in the previous cases, such software should be used only by healthcare professionals. Consequently, a Class IIb software-based medical device is the one that is intended to:

  • Recommend a treatment or intervention to a relevant health professional for the purposes of making a decision about the treatment or intervention; and 
  • Be used in cases when the absence of a treatment or a treatment itself could result in severe health deterioration or other adverse consequences. 

The same classification applies to wearable devices intended to collect and analyze data for screening for serious heart diseases, as well as questionnaire apps intended to analyze the information provided by a patient and provide a diagnostic output. 

Controlled Procurement

Another type of activity the authority may undertake to assess compliance with the applicable regulatory requirements is a controlled procurement. The main purpose of this activity is to verify whether the entity in question is involved in distributing falsified, counterfeit, or low-quality medical devices. It is important to mention that in contrast to the activities described previously, the controlled procurement should be performed without notifying the entity subject to control in advance. In the course of a controlled procurement, representatives of the regulating authorities purchase medical devices and request documentation related to the products. It is also allowed to perform a controlled procurement without face-to-face contact – for instance, it could be performed online. Upon completion of purchase (apart from cases when it is performed online), a responsible person notifies about controlled procurement and demonstrates his/her ID together with the respective resolution of the authority. After this, medical devices purchased should be returned.


Inspection Visit 

To collect additional information reasonably necessary to verify compliance with existing regulatory requirements, the authority may also perform inspection visits. The activities covered by an inspection visit include the following ones:

  • Inspection,
  • Questioning,
  • Requesting written explanations, 
  • Requesting documents which, according to the applicable legislation and respective regulatory requirements on record-keeping, should be available to be presented upon request. 


Safety Monitoring 

The activities described previously constitute separate actions usually performed regularly or in case of reasonable suspicion of existing non-compliance or violation committed by an entity involved in operations with medical devices. Apart from them, to ensure continuous oversight, the authority also performs safety monitoring, which stands for continuous analysis of information regarding activities related to medical devices deriving from:

  • Other authorities (in the course of information exchange),
  • Controlled entities (mandatory information disclosure and notification),
  • State and local registers,
  • Claims related to medical devices placed on the market. 

Should in the course of safety monitoring the authorization identity the cases when the harm has been caused by a medical device, or there is a risk that such harm would be caused, or there are information on or reasonable suspicion on violation of the applicable legislation, the authority may decide to perform additional control activities as previously described. 


Sample Collection and Examination 

As it was mentioned before, the authority is entitled to collect samples of medical devices placed on the market to assess their safety, quality, and effectiveness. Sample collection could be performed as a part of the selective control described above. The sample collection procedure should be duly documented. 

To assess whether the medical device in question meets any applicable regulatory requirements set forth for this type of product, various examinations and trials could be performed, including technical, toxicological examination, or clinical trials. These activities should be performed by expert organizations within the structure of the regulating authority. The initial assessment would be in respect of compliance with the respective technical documentation provided by the manufacturer, or with the applicable safety standards. Depending on the type of examination, it could be performed either in the premises of the entity subject to control, in the laboratory. The time necessary to complete an examination depends on the complexity of the medical device in question and examination to be performed, and thus should be agreed upon by the authority and expert organization on a case-by-case basis. Under the general rule, the overall time should not exceed 20 business days from the date an expert organization has received samples of medical devices. In exceptional cases, this term could be extended for additional 30 days. 

Upon completion of an assessment, an expert organization provides a conclusion indicating the issues creating additional risks for patients or healthcare professionals, as well as whether the device in question is a counterfeit product. After this, all medical device samples that were not used in the course of examination should be returned to the entity subject to control. 

It is explicitly stated that any operations with medical device samples should be performed strictly by the respective technical documentation and instructions for use provided by their manufacturer. 

In summary, the present regulation sets forth the rules and requirements about the activities the regulating authority may undertake to ensure continuous compliance with the applicable requirements. The document describes in detail the way the control procedures should be performed and also highlights the most important aspects to be considered. 



How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.