Conjoined Squares of Decisions

Often when asking a question related to a regulated industry, especially for Medical Devices, the answer you will get is, “well … it depends.”  This answer is not helpful but can often be the correct answer.  This is because Medical Devices come in many different shapes and sizes, and hence the answer is never going to be the same for all types of Medical Devices.  The answer varies dramatically from Software as a Medical Devices (SaMD) to orthopedic implants.  And that makes sense, as you should not treat an iPhone app the same way you treat a hip replacement.

But the most correct answer is going to depend on the product, the compliance, the company, and the risk.

When answering questions like this, there are generally two types of answers.  The first is “what do you have to do to be compliant,” and the second is “what should you do.”

The first answer is the easy answer.  You look at the regulations or the standards and you can get an answer.  But there are generally two types of compliance answers:

• Just do the bare minimum to be compliant

• Do everything to make sure that you are compliant

Sure, some regulations/standards may not be straightforward, but generally providing an answer that is complaint is not too difficult. It may not be the right answer, or the best answer, but it will be a complaint answer.

Then the second answer of “what you should do” will take the business needs into consideration as well.  This can have a lot of factors but will often encapsulate the aspects the business is worried about, and I will generally categorize those as business risks.  Those types of business risk answers are:

• Just do whatever is cheapest or quickest to market

• Do whatever it costs to make sure that it works

You can take these two types of answers and categorize where it falls related to compliance and business risk.  Compliance risk is related to a finding from the FDA, notified body or other regulatory agencies. Business risk is generally related to money, either spending money, extending a timeline or potential lost revenue. Compliance risks can become business risks, but to prevent this discussion from getting overly complex, we will ignore it.  I’ve made a handy chart, the Conjoined Squares of Decisions, to help lay it out:

As a simple example, we will examine the question, “Should we do Design Verification Testing, or provide rationale?” I’ll lay out 4 potential choices that align with each numbered square.

1. Execute verification testing on a cheap product with a large sample size.  In this case the compliance risk is low since you are doing physical testing with high reliability.  The business risk is low too since the product is not expensive.  Though if the testing could take a while, that could potentially increase the business risk.

2. Don’t do any testing and just provide a rationale on why the product meets its design input requirements.  The compliance risk is high here since you won’t have data to support your verification, while the business risk is low since you won’t have to spend any time or money on testing.

3. Execute verification testing on expensive product with a large sample size.  In this case the compliance risk is low since you are doing physical testing with high reliability.  However, the business risk is high since you are going to have to spend a lot of money and time on the testing.  If the testing fails, then that money will be wasted and will lead to a project delay.

4. Execute testing on an expensive product with a small sample size.  In this case the compliance risk is high since the sample size is not large enough to make the data robust, and may not even be considered verification testing. This could also involve performing testing on a novel product with no accepted standards.  The business risk is also high since you will have to spend time and money on the tested products.  This is the square that you want to stay away from.

Ideally you want to be in Square 1 all the time.  You can venture into Squares 2 and 3, but you really want to stay away from Square 4.  Nothing good happens in Square 4.

Once you have an idea of where you are on the Conjoined Squares of Decisions, the next step is to get into the nuance of the question and answer.  I can’t talk about nuance without specific examples, which I will do in subsequent posts. I will provide some scenarios and discussions to get into all those fun details.  If you have any specific scenarios you want me to review, put them in the comments below!

Reference: The title of this post “Conjoined Squares of Decisions” is referencing the “Conjoined Triangles of Success” from the TV show Silicon Valley.