Especially Regulation (EU) 2017/746 on in vitro diagnostic medical devices, which encompasses AI algorithms as part of biologics.

ICH Guidelines: Particularly ICH E6(R2), which provides a guideline for good clinical practice involving electronic data.

RA professionals must also take note of specific regulatory documents that outline expectations for vendor qualification and audit processes to ensure compliance:

• FDA Guidance on Software as a Medical Device (SaMD).
• EMA Clinical Trial Safety Reporting Guidelines.
• MHRA’s guidance on the regulation of medical devices in the UK, which covers AI considerations.

Documentation Requirements

Thorough documentation is critical for any vendor change involving AI applications. Professionals must prepare and maintain various documentation categories:

• Vendor Qualification Dossier: This should include vendor evaluation metrics, compliance with GxP, and risk management plans.
• Change Control Documentation: Detailed outlines of the reasons for the vendor change, anticipated impacts, and a comparative analysis of previous and current vendor capabilities.
• Validation and Verification Documentation: Include protocols for the validation of AI algorithms and models post-vendor change, ensuring that they continue to meet predefined performance criteria.
• Audit Reports: Document the results of audits conducted at the new vendor site, focusing on their AI infrastructure and data handling practices.

Review/Approval Flow

The review and approval flow related to significant vendor changes in AI models typically involves several key steps:

1. Risk Assessment: Conduct an in-depth risk assessment to identify and document potential impacts on data integrity, product quality, and compliance.
2. Impact Analysis: Analyze how the vendor change may influence existing quality systems and processes, particularly focusing on software validation and data handling capabilities.
3. Regulatory Submission: Depending on the significance of changes, determine whether to file as a variation or a new application. For instance, substantial alterations to algorithms might necessitate a new submission.
4. Vendor Audit: Conduct an initial audit of the new vendor’s AI capability to evaluate their compliance with GxP standards.
5. Ongoing Monitoring: Post-approval, set up a mechanism for continuous monitoring of the vendor’s AI systems and compliance status.

Common Deficiencies to Avoid

In dealing with vendor transitions, regulators often highlight specific deficiencies that organizations need to address proactively:

• Insufficient Documentation: Lack of comprehensive documentation to support vendor qualifications can lead to significant delays in approval. Ensure all documents are clear, coherent, and compiled in an accessible format.
• Inadequate Vendor Audits: Failures in conducting thorough supplier audits may result in compliance issues later. A robust audit program should cover aspects related to AI capability and data handling practices.
• Neglected Change Control Processes: Any changes to AI-related systems must follow a stringent change control process. Ensure that change notifications are sent to relevant stakeholders, including regulatory bodies, when necessary.
• Failure in Bridging Data Justification: When submitting a change, adequately justify the need for bridging data to fill any data gaps, particularly to assure that the new vendor’s systems perform equally or better than those previously used.

Regulatory-Specific Decision Points

As regulatory professionals navigate AI vendor qualification and audits, they face specific decision points that are critical for compliance:

Filing Types: Variation vs. New Application

If the vendor change incorporates major modifications to the employed AI algorithms or fundamentally alters the data handling process, it may necessitate a the filing of a new application. Conversely, if the change is minor, it could qualify under a variation application. Professionals should consider:

• The extent of deviations from previously validated systems.
• The potential impact on safety and efficacy.

Justifying Bridging Data

When significant changes occur, organizations may need to also submit bridging data. Providing a robust scientific rationale for the data makes a substantial difference in regulatory assessments. Key points include:

• Presenting pre-change and post-change validation results to demonstrate continuity in product quality.
• Articulating how the vendor change does not adversely affect the risk profile of the AI product.

Conclusion

Successfully managing major vendor changes within AI models and infrastructures necessitates meticulous attention to regulatory requirements, documentation standards, and continuous engagement across departments. By understanding the regulatory frameworks, streamlining documentation processes, and anticipating common deficiencies, regulatory professionals can facilitate smoother transitions and compliance with pertinent guidelines.

For further detailed information on applicable regulations relating to vendor changes and AI integration in quality systems, refer to official documents from regulatory authorities such as the FDA, EMA, and MHRA.