Inherent in the decision to use any medical device is the belief that it will perform as intended and that it will provide a therapeutic benefit while posing minimal risk to the user. Our belief in the safety and efficacy of devices is rooted in the rigorous regulatory review processes required to approve new devices. Manufacturing systems should be able to mass-produce products that deliver the same quality and efficacy of the approved product.

Think about the types of medical devices used and how people rely on them. Devices like these are used in the millions every day, with each reliant on the demonstrable, repeatable quality and durability of the manufacturing processes that produce them:

The trust of regulators and consumers in manufactured medical devices is primarily based on accumulated data that demonstrate the consistency and repeatability of manufacturing processes. This is why data integrity—the primary focus at the center of FDA's Code of Federal Regulations (CFR) Title 21 Part 11—is so important. To strengthen the foundation of trust, data must be entirely authentic, free of the threat of manipulation or fear of loss, so that the people, processes, and organizations whose work is reflected in the data can be trusted or held accountable. 

Because defects of any medical device can directly affect human health, FDA and other global regulators demand that each medical device being manufactured is uniquely traceable, again by way of data whose integrity is unquestioned. This increased demand for traceability applies to all forms of data such as data that provides a complete audit trail and data that can trace finished devices—by lot or individually—to their component parts and manufacturing activities/operations, right down to the day, time, and operator in charge.

Along with data integrity comes data security. The need for increased data security is reflected by our reliance on digital transformation in factories, homes, and products, plus the constant threat or risk of data corruption, theft, or loss. Thus, it is also essential that high-integrity data be safeguarded not only during its creation and storage but also through features that limit access and ensure complete, secure data transfer from the point of manufacture to remote global locations for use by corporate systems or global regulators.

Addressing these twin challenges—data integrity and data security—required Emerson’s software development team to take a fundamentally new view of the position and role of automated ultrasonic welding equipment. We determined that in order to meet data security and integrity challenges, our software upgrades would have to provide security features modeled on those of typical “front-line” IT equipment—computers and servers exposed directly to the internet. Historically, welding equipment, like other manufacturing tools, has not had data integrity and security safeguards in place.

Addressing these two concerns is at the core of our recent product strategy, which included two major software upgrades to Emerson’s Branson GSX-E1 ultrasonic welding platform. The first upgrade makes Branson GSX-E1 welders capable of supporting 21 CFR Part 11 standards for data integrity, which includes validating users for system security and creates audit trails for the identification of manipulated data as well as the ability to satisfy FDA traceability requirements. The second major software upgrade provides encryption technology that ensures the integrity of data transfers from welders on the manufacturing floor to local or remote enterprise quality management systems. Additionally, the welder is capable of authenticating who is requesting data. This ensures that the data is coming from a reliable source (the welder) and that the welder is not sending data to an unidentified fraudulent attacker.

It is up to medical device companies to demonstrate and validate achievement of 21 CFR Part 11 compliance, and the capabilities provided in this software upgrade enable users to ensure integrity of their data, complete and unchanged, from every welder on the manufacturing floor.

The first of the two software upgrades provides four essential components that make systems 21 CFR Part 11 capable:

The second software upgrade, complementary to the first, provides secure data transfer to ensure the total integrity of data, complete and unchanged, from any Branson GSX-E1 welder on the manufacturing floor to another secure customer system using an Emerson-engineered Web Services capability.

Above: Emerson's upgrade offers secure data transfer with an authentication key.

Web Services offers secure data access and transfer capability and closely resembles the security used for online bank transactions. A remote user such as a remote manufacturing software server or quality management system seeking weld data must first follow standard Secure Sockets Layer (SSL) server/client encryption negotiation to establish a secure connection with the welder containing the data. Then, that remote server must also utilize a unique authentication key, uploaded previously to both systems, to gain access and initiate data transfer. In addition, this secure data-transfer capability also delivers Industry 4.0/industrial internet of things (IIOT) capabilities while supporting everything from secure system software upgrades to remote data analysis and remote system troubleshooting and diagnostics.  

Above: The upgrade offers flexible data export.

Together, the two major upgrades offer GSX-E1 customers the capability to comply with the latest FDA security mandates and also provide them a leg up in meeting the postponed European Union (EU) Medical Device Regulation (MDR) standards, which are expected to demand similar security measures.

In addition, it is believed that approximately 80% of the data-collection, -retention, -integrity, and -security capabilities required by medical device manufacturers will match with the needs of global electronics and automotive manufacturers. Although these manufacturers do not face the regulatory requirements of medical device makers, they do demand essentially similar, high-integrity manufacturing data to ensure production efficiency, validate product quality, and enable product traceability for longer-term service and support.