Roszdravnadzor, the Russian regulating authority in the sphere of medical devices, has published a regulation on state control (supervision) over the circulation of medical devices. The document sets forth the rules and requirements in the sphere of state supervision and also describes the particular procedures to be followed by the regulating authority.


Performing State Supervision 

According to the document, planned control (supervision) actions should be undertaken by the regulating authority by the appropriate plan to be approved with a Public Prosecutor for the upcoming year in advance. To collect evidence, authorized representatives of the regulating authority are entitled to take photos, as well as to conduct audio- and video-recording when undertaking any of the following activities:

  • Control procurement,
  • On-site inspection,
  • Inspection visit,
  • Selective control. 

Such a recording should be undertaken with the use of official equipment, and also should be duly documented, while the recordings should be attached to the general documents related to the activity (e.g., inspection). In the case of photographing, at least 2 photos should be taken to illustrate the violation. Audio- and video recording should be uninterrupted and contain the indication of the date, place, and time of the activity at the beginning and the end of the recording. The recording itself should demonstrate the violation of the applicable regulatory requirements and highlight the most important aspects associated thereto. 

As it is further described in the regulation, the list of activities the authority could undertake in the course of performing state control (supervision) includes the following ones: 

  • Documentary check;
  • On-site inspection;
  • Selective control;
  • Control procurement;
  • Inspection visit;
  • Supervision on compliance with mandatory requirements (safety monitoring). 

Based on the information collected in the course of the activities listed hereinabove, the authority will take respective decisions as prescribed by the applicable legislation. 


Class I Software Medical Devices 

Class I is the lowest class under the applicable classification system and applies to the devices with the lowest risk associated thereto. Hence, the applicable regulatory controls are quite low as well. In the case of software-based medical devices, this class applies for the devices that are:

  • Intended to monitor the state or progression of a disease;
  • Providing information that does not indicate if an individual may be in danger;
  • Associated with a low public health risk. 

Class IIa Software Medical Devices 

This category applies to medical devices associated with medium risk. An example provided by the TGA describes diabetes diagnosis software that is intended to be used by a healthcare professional. Thus, such a product is a Class IIa medical device as the device provides information to a relevant health professional to inform the diagnosis of a serious disease. This category also covers risk prediction software, as well as the tools that record data from a patient monitor or images directly from an MRI scanner (provided that such software does not impact the operations of a scanner itself). 

Class IIb Software Medical Devices 

This category applies to medical devices associated with medium-high risk. For instance, such classification should be applied to a product that is intended to analyze a cardiac MRI in order to provide information used in making diagnoses of related diseases. As in the previous example, the software is intended to provide information to healthcare professionals only. As described in the guidance, Class IIb applies to medical software that is intended by the manufacturer (the software developer) to provide information to a relevant health professional to inform the diagnosis of a serious disease. Other examples of Class IIb products include tools intended to be used to diagnose an acute arterial occlusion due to the severity of potential consequences of this disease if the necessary treatment is not applied. This category also covers software products that are intended to provide recommendations for treatment or intervention on the basis of input data (e.g., a coronary angiogram). As in the previous cases, such software should be used only by healthcare professionals. Consequently, a Class IIb software-based medical device is the one that is intended to:

  • Recommend a treatment or intervention to a relevant health professional for the purposes of making a decision about the treatment or intervention; and 
  • Be used in cases when the absence of a treatment or a treatment itself could result in severe health deterioration or other adverse consequences. 

The same classification applies to wearable devices intended to collect and analyze data for screening for serious heart diseases, as well as questionnaire apps intended to analyze the information provided by a patient and provide a diagnostic output. 

Documentary Check 

In the course of a documentary check, the authority may request written explanations of additional documents, or conduct an examination. Such a check is conducted without visiting the premises of a manufacturer in question. It is important to mention that the latter should be duly informed about the activities to be undertaken by the device of a respective notice on conducting a documentary check. The details to be checked in the course of a documentary check are the ones contained in the respective documentation kept by the entity subject to surveillance. When commencing a documentary check, the authority will start with reviewing the documents it already has, as well as the documents provided by other authorities in the course of internal cooperation. Should additional information be required to complete the check, the authority is entitled to require additional documents to be provided by a medical device manufacturer. In case of such a request, a manufacturer should provide the documents requested no later than 10 business days from the date the respective request has been received. It is important to mention that the documents requested by the authority could be provided in electronic form, duly signed with an electronic signature. Furthermore, the authority is not allowed to require notarised copies to be provided, unless it is explicitly required under the applicable legislation. Should the authority identify any discrepancies or errors, the entity subject to control would be required to provide written clarifications within 10 days from the date it was requested by the authority. At the same time, controlled entities are allowed to provide additional documentation confirming the accuracy of the information contained in the documents provided before. 


On-site Inspection 

By the applicable regulatory requirements, the overall term of an on-site inspection should not exceed 10 business days. Concerning a single small enterprise, the whole interaction should not exceed 50 hours. In the case of larger entities conducting their activity in different regions, this term should be determined separately on a case-by-case basis. Under the general rule, the entity subject to inspection should be notified by the authority 24 hours in advance before the inspection will be commenced. 

Upon arrival, the representatives of the regulating authority should present their official IDs together with the respective resolution of a regulating authority to conduct an on-site inspection. The information to be provided at this stage should also include the goals of and grounds for the on-site inspection, type and scope of activities to be undertaken, the experts and expert organizations involved, as well as terms and timelines for the inspection. 

Should the authority identify that the activities undertaken by the entity subject to inspection could pose risk to patients or healthcare professionals, it will be entitled to take additional measures reasonably necessary to mitigate the risks and prevent harm that could be potentially caused. 

In the course of an on-site inspection, the following actions could be performed:

  • Inspection,
  • Questioning,
  • Collecting written clarifications,
  • Requesting documents, 
  • Collecting samples,
  • Examination,
  • Trials. 

Sample collection should be undertaken by authorized representatives of the regulating authority in the presence of representatives of an entity subject to inspection and should be duly documented. The number of samples to be collected should depend on the nature of the objects in question and examinations to be performed. The regulation explicitly states it is probed to collect samples from the devices that are already in use, in case such collection would adversely impact the operations of the overall system and its safety. Furthermore, the instructions communicated by the manufacturer about transportation and the use of a medical device should be strictly followed at all stages of the examinations. The scope of examination to be undertaken should be agreed upon between the regulating authority and the expert organization engaged. Should it appear to be impossible to transport a sample to an expert organization, an expert should be provided with free and uninterrupted access to the sample, while all the conditions necessary to carry out examination should be created. 

In summary, the regulation described herein outlines the main activities the regulating authority is entitled to undertake when performing its functions in the sphere of state control (supervision) over the circulation of medical devices. The document prescribes the way the authority should act in the course of different activities, such as on-site inspections or documentary checks, and also indicates the rights and responsibilities of all the parties involved as set forth under the applicable legislation. 


How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.