Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
      • Deprecated
      • Templates
      • Specific procedures
        • SP-012-002 Cybersecurity and Transparency Requirements
        • SP-012-003 Predetermined Change Control Plan
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity
    • GP-025 Corporate Governance
    • GP-026 Product requirements for US market
    • GP-027 Product requirements for UK market
    • GP-028 Product requirements for the Brazilian market
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
  • Records
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • GP-012 Design, Redesign and Development
  • Specific procedures
  • SP-012-003 Predetermined Change Control Plan

SP-012-003 Predetermined Change Control Plan

Purpose​

This document outlines the process for managing changes to software as a medical device under a Predetermined Change Control Plan (PCCP). The objective is to ensure compliance with regulatory requirements, including those set forth by the FDA and the AI Act.

Scope​

This procedure applies to all predetermined changes impacting the design, development, and deployment of the software within the Quality Management System (QMS).

Definitions​

  • QMS: Quality Management System
  • PCCP: Predetermined Change Control Plan
  • AI: Artificial Intelligence
  • SaMD: Software as Medical Device

Responsibilities​

JD-004​

Ensure the PCCP is compliant with regulatory requirements and verify that design changes are executed in accordance with the established PCCP.

JD-005​

Propose design changes to be integrated in the PCCP, analyse risks associated with the proposed changes and document the verification and validation method and the change implementation strategy.

JD-003​

Review and approve proposed design changes to be integrated in the PCCP.

Inputs​

  • FDA Guidance: FDA-2022-D-2628 - Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence-Enabled Device Software Functions.
  • AI Act: Regulation (EU) 2024/1689, Annex IV - Artificial Intelligence Act.

Outputs​

  • A validated and compliant PCCP (T-012-020 Predetermined Change Control Plan).
  • Effective implementation of approved design changes.

Development​

A Predetermined Change Control Plan (PCCP) is a proactive tool for managing post-market design changes. It enables the implementation of pre-approved changes without requiring re-certification, streamlining the post-market change process.

Changes eligible for inclusion in the PCCP must be specific, verifiable, and must not alter the device's intended use. Such changes must be documented in a record following the template T-012-020 Predetermined change control plan.

Examples of changes eligible to be included in the PCCP are:

  • improvements to analytical and clinical performance resulting from re-training the AI model based on new data within the intended use population from the same type and range of input signal
  • changes to data type specifications to include new sources of the same input signal type
  • changes related to new types of inputs
  • updates related to available, compatible software or hardware and device interoperability
  • addition of a specific subpopulation within the originally indicated population based on retraining on a larger data set for that subpopulation that was not previously available

PCCP structure​

The information to be included in the PCCP are a detailed description of the proposed changes, evaluation of the impact of the proposed changes in terms of risks, description of the testing protocols which should include performance metrics, acceptance criteria, details about the steps for the proper implementation of the proposed changes, description of how the device's performance will be monitored post-implementation to verify the success of changes.

Further details on the PCCP structure are provided in the following sections.

Description of modifications​

The Description of modifications section in a Predetermined Change Control Plan (PCCP) identifies the specific planned changes.

Thsi section shall provide a detailed list of modifications together with their rationale and an in-depth description.

For each identified changes, we shall also specify whether the changes will be implemented automatically, manually or a combination, and the expected update frequency (e.g. annually).

Modification protocols​

This section of the Predetermined Change Control Plan (PCCP) outlines methods to develop, validate, and implement modifications to ensure device safety and effectiveness. It shall include the following key components:

  • Data management practices: this includes details on data collection, annotation, curation, storage, and use; assurance of isolated training, tuning, and test datasets to prevent overfitting and bias; use of diverse datasets representative of the device's intended use population and clinical scenarios; processes for maintaining up-to-date, unbiased, and high-quality data
  • Re-training practices: this includes identification of processing steps subject to change and methods for re-training; justification for architecture modifications; triggers for re-training
  • Performance evaluation protocols: this includes verification and validation processes; acceptance criteria; study designs, performance metrics and statistical analysis plan; assurance that modifications maintain or improve device specifications
  • Update procedures: this includes the description of automatic and/or manual update processes and communication plans; plans for user notification, training (if applicable) and updates to device labeling; integration of post-market surveillance and real-world monitoring

A key point is to ensure traceability between the modifications described in the Description of modifications section of the PCCP and the information provided in the Modification protocol section.

Impact assessment​

This last section of the Predetermined Change Control Plan (PCCP) evaluates the benefits, risks, and mitigations associated with implementing modifications to the device.

Key components include:

  • Comparison of versions: evaluate the device with each modification individually against the unmodified device
  • Benefit-risk analysis: discuss benefits, risks (including harm and unintended bias), and risk mitigations for each modification
  • Verification and validation assurance: confirm that proposed verification and validation activities maintain safety and effectiveness
  • Interdependence of modifications: assess how implementing one modification affects others
  • Cumulative impact: analyse the combined effects of all modifications on the device
  • Overall functionality: assess the impact of the planned modifications on the overall functionality of the device

Associated documents​

  • T-012-020 Predetermined Change Control Plan

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
SP-012-002 Cybersecurity and Transparency Requirements
Next
GP-013 Risk management
  • Purpose
  • Scope
  • Definitions
  • Responsibilities
    • JD-004
    • JD-005
    • JD-003
  • Inputs
  • Outputs
  • Development
    • PCCP structure
      • Description of modifications
      • Modification protocols
      • Impact assessment
  • Associated documents
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)