Mark Shriner is the Strategic Sales Director for memoQ, leading the company’s market growth in the regulated industries. He has previously worked in several leadership roles in the localization industry including CEO Asia Pacific for CLS Communication.
Welcome to The Lab, where we take a look at what’s cooking in life sciences localization. This month, we are going to review some of the most important standards and regulations for translation buyers and vendors in the life sciences industry.
The International Standards Organization (ISO)
Kicked off in 1946 when delegates from 25 countries met in London to discuss the future of international standards, the ISO was officially founded in 1947 and is now headquartered in Geneva, Switzerland. As of 2022 the ISO has 167 member nations and has established over 24,000 standards.
With such a large number of standards spread across several industries, it can be confusing for companies to know which standards are most applicable to their specific situation and which certifications they should expect their vendors to have.
In life sciences translation, the three most relevant and important certifications are ISO 9001, ISO 13485, and ISO 17100. All three of these standards relate to quality, but they differ in how they provide guidance related to the delivery of translation services and whether they are a broad-based standard or one that is specifically targeted at medical device manufacturers and other service providers in the medical device space.
ISO 9001 has a set of criteria to establish a quality management system. Over 1 million companies in over 170 countries have achieved the ISO 9001 certification. It is a broad-based standard that is not specifically focused on life sciences or on translation services. It can be a useful standard for technology providers and for LSPs that don’t have a specific emphasis on life sciences translation.
As an example, memoQ has been certified with ISO 9001 because we want to ensure that the development of our translation management system (TMS) and CAT tool adheres to quality management best practices. By using the guidance provided by ISO 9001 as a foundation for all development activities, we can greatly reduce the likelihood of programming bugs or other quality-related issues.
According to Barbara Peralta, Director of Life Sciences Solutions at Acolad: “Having this (ISO 9001:2015) certification shows a serious and standardized approach to quality systems throughout the organization that includes executive-level commitment, documentation, and follow-through for all defined quality processes, proven effectivity of these processes, and continuous process improvement.”
For something more specifically focused on translation workflows, the ISO 17100 standard details the exact requirements for all aspects of the translation process that affect the quality and delivery of translation services. It includes guidance related to quotations; the creation of project-specific resources such a terminology databases; the selection of qualified linguists, review, and customer feedback processes; and more. If you are looking for a playbook on how to structure the workflows for an enterprise translation team, or for an LSP, ISO 17100 is the gold standard.
If your company is primarily focused on the translation of content related to medical devices, you may want to consider getting certified for ISO 13485. This certification specifies requirements for a quality management system for organizations involved in the production or sale of medical devices and related services. This includes the creation and translation of text for labels and instructions for use (IFU), as well as the translation of post-market surveillance reports.
Benefits of the ISO 13485 certification for LSPs include the exemption from supplier audits as medical device manufacturers are only required to conduct supplier audits if a supplier doesn’t have a recognized quality management system (QMS). And LSPs that have attained the IS013485 certification can request an exception that allows the use of machine translation (MT) which normally isn’t used in the translation in medical content.
However, if you are providing machine translation and post editing (PE) services at scale you may want to consider achieving the ISO 18587:2017 certification which covers best practices for human post-editing of machine translation output and describes the competencies needed for post-editors. This standard can be used by translation service providers (TSPs), customers of TSPs, and post-editors.
By achieving one or more of these ISO standards, you will be able to prove that your company can provide a quality service using a workflow that is transparent and traceable. This is becoming increasingly important, especially when vendors are selected via RFPs which typically require supporting documentation related to a company’s quality management system. You will also reduce the likelihood of errors, and by following best practices related to backups you, will mitigate damages from lost files or ransomware attacks.
The process for receiving an ISO certification varies slightly depending on the desired certification, but typically involves similar steps including learning the standard, deploying and documenting processes that align with the standard, having your documentation and processes reviewed by an accredited auditor, and correcting any issues identified by the auditor. Once you’ve completed these steps, the auditor will award you with the certification for the ISO certification you have qualified to receive.
This process can take anywhere from a couple of months to a year or longer depending on the certification you are seeking, the auditor you use, and your ability to close any gaps that are uncovered in your initial review. Upon receipt of the certification, you will need to pass regular reviews by an auditor for a three-year period.
HIPAA & CFR Part 11
While ISO certifications form a foundation of domain-specific standards and best practices, there are other industry- and region-specific regulations and guidelines that life sciences translation buyers and providers should be aware of and adhere to. For example, in the U.S. all companies that handle healthcare related information that relates to people are required to adhere to the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA prohibits the unauthorized sharing of medical records and personally identifiable information (PII) unless the patient has given consent. Likewise, HIPAA restricts how PII and medical records are stored, how they can be shared with third parties, and proactive steps an organization must undertake to insure the security of IT infrastructure and data.
For example, a hospital that is sending protected health information (PHI) to an LSP for translation would need consent forms from the involved patients allowing for the sharing of their PHI with the LSP or other data processors. Furthermore, both the hospital and the LSP would need to ensure that the PHI was encrypted both when in motion (being transmitted) and at rest (being stored). Both organizations would need to have regular security audits to discover any potential issues with their IT security posture, and the LSP would need privacy agreements in place with all external freelance or contract linguists and project managers.
Another U.S. regulation that life sciences translation providers need to be aware of is the Code of Federal Regulations (CFR) Part 11. CFR Part 11 provides guidelines on how electronic records and signatures can be used in a trustworthy manner by organizations in the U.S.
CFR Part 11 was established to ensure the authenticity, integrity, and confidentiality of electronic records and signatures. To be compliant, service providers are responsible to use the appropriate tools and technology for processing electronic records and signatures. Top priority is given to security controls that limit user access and privileges and prevent unauthorized access. Tools should enable the provision of a detailed audit trail for the transmission of all electronic records in the case of an audit or inspection by regulators.
According to Barbara Peralta at Acolad: “Compliance to 21 CFR part 11 is becoming increasingly important and a frequent requirement from our customers. This requirement covers electronic records, electronic signatures, and handwritten signatures. For example, most LSPs serving life science customers deliver translation certificates that are signed by the LSP and become a record of validation for the translations delivered. The signatures on the certificates of translation must be 21 CFR part 11 compliant.”
MDR & IVDR
Back on the other side of the Atlantic, medical device manufacturers and those creating and translating content related to medical devices that are being sold in the EU need to be compliant with the EU Medical Device Directive (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR).
The EU MDR took effect in 2017 with full implementation occurring in 2021. The regulation makes medical device manufacturers responsible for their products and the related content throughout the product’s life cycle. It also requires that items such as labels are translated into the language of country where the product will be marketed.
In addition to labels, the EU MDR requires that Instructions for Use (IFU) and all other content and documentation including patient guides are translated into the official language for all EU member countries where the device will be marketed. Additionally, translations must be easily understood by members of the general public and in alignment with readability standards for their specific target market. For example, the readability requirements are different for content that is being used to market devices to adults compared to content is aimed at marketing to children.
While MDR and IVDR cover different types of devices, the two regulations are similar in that they require the creation of readable translations in the official language of all EU member countries where a device will be marketed. One difference in the regulations is the use of symbols. Many of the symbols that can be under MDR covered labels are disallowed and aren’t relevant to devices covered by IVDR.
Coming full circle and returning to a previously discussed standard, it is common for device manufacturers for both MDR- and IVDR-covered devices to attain ISO 13485 certification which provides evidence that they have quality management system for medical devices and related services.
Next month in The Lab, we will introduce a variety of resources for translators of life sciences content.