PRRC Requirements for Small Manufacturers: MDCG Guidance Explained

Under the EU Medical Device Regulation (MDR 2017/745), manufacturers must designate at least one Person Responsible for Regulatory Compliance (PRRC). This role is critical for ensuring that devices meet regulatory standards throughout their lifecycle. While larger organizations may have an in-house PRRC, many small and micro-enterprises leverage external 'PRRC as a Service' providers to fulfill this requirement. However, selecting the right provider goes far beyond simply verifying a diploma or a CV. Effective due diligence requires a deep-dive into the provider's operational procedures, their integration with the manufacturer's Quality Management System (QMS), and the contractual framework that governs the relationship. For a small manufacturer, the external PRRC is not just a name on a form but a vital extension of their compliance function. Therefore, it is essential to ask probing questions that reveal how a provider translates the legal requirements of MDR Article 15 into a tangible, auditable, and effective service. *** ### Key Points * **Go Beyond Qualifications:** Due diligence must probe the provider's operational reality. Ask for their Standard Operating Procedures (SOPs) on how they execute their PRRC duties, not just their qualifications. * **Demand Documented Availability:** The "continuous and permanent" availability required by the MDR must be contractually defined and operationally documented. Request to see procedures for ensuring coverage, including backup plans and communication logs. * **Scrutinize the Conformity Check Process:** A qualified PRRC service must have a documented, risk-based sampling strategy for reviewing technical documentation and device records. This process should be tailored to the risk class and complexity of the manufacturer's devices. * **Ensure Active PMS & Vigilance Involvement:** The provider's role should be proactive, not passive. The service agreement must detail their active participation in PMS data analysis, trend reporting, and vigilance reportability decisions, with clear records of this interaction. * **The Service Agreement is a QMS Document:** The contract should clearly delineate liability, define communication pathways and response times, and address potential conflicts of interest. This agreement is a key document that will be scrutinized during a Notified Body audit. * **Confirm QMS Integration and Auditability:** All PRRC activities must be auditable. The provider must be able to supply objective evidence (e.g., review checklists, meeting minutes, signed reports) demonstrating their fulfillment of duties within the manufacturer's QMS. *** ### ## Understanding the PRRC Responsibilities Under MDR Article 15 Before selecting a provider, it is crucial to understand the specific responsibilities outlined in the regulation. The PRRC is legally responsible for ensuring that: 1. The conformity of the devices is appropriately checked in accordance with the QMS before a device is released. 2. The technical documentation and the EU declaration of conformity are drawn up and kept up-to-date. 3. The post-market surveillance (PMS) obligations are complied with. 4. The reporting obligations (vigilance) are fulfilled. 5. For investigational devices, a statement is issued confirming the device conforms to the general safety and performance requirements. An external PRRC service must demonstrate how they have operationalized each of these duties in a way that can be integrated into your specific QMS. ### ## Due Diligence Deep Dive: Key Questions to Ask Providers Moving beyond a surface-level review of qualifications requires asking specific, operational questions. A manufacturer should structure their evaluation around the core duties of the PRRC. #### ### 1. Assessing 'Continuous and Permanent' Availability The MDR requires the PRRC to be "continuously and permanently at the manufacturer's disposal." This is a frequent point of scrutiny for Notified Bodies. **Critical Questions to Ask:** * "Can you provide your internal procedure that defines and documents how you ensure 'continuous and permanent' availability for your clients?" * "What is your documented process for handling PRRC absence (e.g., vacation, illness)? Who is the designated, equally qualified backup, and how is the handover documented?" * "What service-level agreement (SLA) do you offer for response times to routine inquiries versus urgent matters, such as a potential vigilance event?" * "What records or logs do you provide to us, the manufacturer, that we can present to a Notified Body to demonstrate your availability?" A robust provider should be able to supply a clear policy, name a qualified backup, and contractually commit to specific response times. They should also provide regular reports or have an accessible log of communications that serves as objective evidence. #### ### 2. Evaluating the Device Conformity Check Process The PRRC must check the conformity of devices before release. This cannot be a rubber-stamp exercise; it must be a documented, risk-based process. **Critical Questions to Ask:** * "What is your documented sampling strategy for reviewing technical documentation, batch records, or device history records? How is this strategy justified and documented?" * "How do you tailor this sampling plan to the risk class of our devices? For example, what would be the difference in your review approach for our Class IIa SaMD versus a Class IIb implantable device?" * "What specific checklists or forms do you use to document your conformity checks? Can we review a template?" * "How are the results of your checks formally communicated back to our quality team, and how are any non-conformances managed and documented?" The provider should have a clear, risk-based methodology. For a lower-risk device like a Class IIa SaMD, their review might focus on software validation records and PMS data. For a higher-risk Class IIb implant, the focus would shift to batch records, sterilization data, and material traceability. #### ### 3. Verifying Active Participation in PMS and Vigilance The PRRC's role in post-market activities is proactive. They must be an active participant in analyzing data and making critical reporting decisions. **Critical Questions to Ask:** * "How do you integrate with our PMS process? Will you be a formal attendee in our periodic PMS review meetings?" * "What is your procedure for reviewing PMS data and contributing to the analysis of trends? How is your input formally documented (e.g., in meeting minutes, signed reports)?" * "In the event of a potential adverse event, what is your documented process for collaborating with our team on the incident reportability decision? What is your defined response time?" * "How do you stay informed about changes to our devices or QMS to ensure your oversight remains relevant?" The provider should be contractually obligated to participate in key quality meetings. Their role, responsibilities, and the documentation of their input should be clearly defined in the service agreement and reflected in the manufacturer's own QMS procedures. #### ### 4. Scrutinizing the Service Agreement and QMS Integration The service agreement is more than a commercial contract; it is a critical quality agreement that defines the operational reality of the PRRC relationship. **Key Elements to Look For:** * **Delineation of Liability:** The agreement must be clear about the provider's liability in the event of non-compliance stemming from their duties. * **Conflict of Interest:** How does the provider manage potential conflicts of interest, especially if they serve multiple clients in the same device space? This policy should be documented. * **Communication Pathways:** The contract must define official channels, key contacts, and escalation procedures for both routine and urgent matters. * **Auditability:** The agreement should explicitly state that all activities performed by the PRRC are subject to audit by the manufacturer and their Notified Body, and that the provider will supply all necessary documentation. * **Integration Clause:** The agreement should state how the PRRC's documented procedures will be referenced or integrated into the manufacturer's QMS. ### ## Finding and Comparing PRRC as a Service Providers When evaluating external PRRC services, manufacturers should create a checklist based on the deep-dive questions above. It is essential to compare providers not just on price, but on the robustness and transparency of their operational processes. Key factors to consider when comparing providers include: * **Device-Specific Experience:** Does the provider have experience with your specific device type (e.g., SaMD, implants, IVDs) and risk class? * **QMS Integration:** How easily can their processes be integrated with your existing QMS? Do they provide clear templates and guidance for this? * **Audit Support:** What level of support do they provide during a Notified Body audit? Is it included in the standard fee? * **Transparency:** Are they willing to share their SOPs, checklists, and documentation templates during the evaluation process? Finding the right partner is critical for compliance and risk management. Using a directory of vetted professionals can streamline the search and help you connect with qualified candidates who understand the demands of the role. To find qualified vetted providers [click here](https://cruxi.ai/regulatory-directories/prrc_service) and request quotes for free. ### ## Key EU MDR and MDCG References When establishing a relationship with a PRRC provider, it is helpful to be familiar with the core regulatory source material. Manufacturers should reference these documents to ensure their internal procedures and service agreements are fully compliant. * **EU Medical Device Regulation (2017/745):** Article 15 is the primary source, defining the role, responsibilities, and qualification requirements for the PRRC. * **MDCG 2019-7:** This guidance provides detailed interpretation and clarification on the requirements of Article 15, including practical explanations for manufacturers and PRRCs. Sponsors should always refer to the latest versions of these documents available on the European Commission's website. *** This article is for general educational purposes only and is not legal, medical, or regulatory advice. For device-specific questions, sponsors should consult qualified experts and consider engaging FDA via the Q-Submission program. --- *This answer was AI-assisted and reviewed for accuracy by Lo H. Khamis.*