What is the difference between a strategy and a plan?

The European regulatory requirement for a strategy for regulatory compliance sparks discussion

The previous blog on the strategy for regulatory compliance has prompted discussion and further thought. Four questions are addressed below.

How does the requirement to have a strategy for regulatory compliance fit into the requirements of EN ISO 13485:2016 for planning activities? EN ISO 13485 doesn’t talk about strategies -  in the Introduction it says that establishing a quality management system is a strategic decision of the organization but nowhere in the requirements is strategy or strategies mentioned. ISO 13485 talks about planning - the activity that generates plans or planned arrangements. The terms plan, plans, planned or planning occur 35 times in the requirements of EN ISO 13485, excluding use in the titles of a number of sections. This is not surprising as ISO 13485, and ISO 9001, are based on implementing a Plan-Do-Check-Act (PDCA) cycle. Therefore, incorporating the strategy for regulatory compliance into an ISO 13485 QMS, is worth considering as being an output of Quality Planning.

Should the strategy/plan for regulatory compliance be linked to the organisation's sales & marketing plan?  There certainly needs to be a connection between the strategy for regulatory compliance with market presence or expansion intentions. Applicable regulatory requirements for existing and new markets need to be determined and linked with commercial activities.  Additionally, it is worth considering how the strategy for regulatory compliance can be kept up to date with commercial decisions and information gathered throughout the lifecycle of the device.

Is it expected that the strategy for regulatory compliance is a separate document? There isn’t a requirement to create a new, separate document. However, the strategy for regulatory compliance is closely connected with quality planning for transition to ISO 13485:2016, as the strategy is an applicable regulatory requirement for the EU MDR. The content of the strategy is also a key element in EU MDR transition planning. Furthermore, you need to consider how this strategy is linked to the scope of your organization’s QMS in the Quality Manual. Given all these interrelations, one option is to consolidate the strategy in one place and cross-reference to it when needed, rather than splitting it in a number of places with the potential for inconsistency or conflict. While this option creates an additional document that needs to be controlled within the QMS, it prevents proliferation and complexity in many separate documents, each of which has to be established, implemented and maintained separately. Also, it could make demonstrating conformance straightforward.

How does the strategy/plan for regulatory compliance link with the requirements in EN ISO 13485 for risk management and risk-based thinking? When you incorporate your strategy for regulatory compliance as part of your QMS, the ISO 13485 requirement to 'apply a risk based approach to the control of the appropriate processes needed for the quality management system' should be considered. Given that EN ISO 13485 indicates that risk is considered to include risk to meeting applicable regulatory requirements, this could be an important consideration.

Preparing your strategy for regulatory compliance is key to effective transition to the European medical devices regulations. BSI’s free white papers and Compliance Navigator can help you.

Author: Eamonn Hoxey, of E V Hoxey Ltd, UK, is a writer, trainer and consultant on a range of life science areas including regulatory compliance, quality management, sterility assurance and standards development.