You are here: Home / Archives for ISO 13485

The FDA Can’t See That

February 4, 2013 By Leave a Comment

Rob Packard comes through again with another guest post. I think the topic is timely and pertinent, mainly because I have several clients who either recently completed or soon will conduct Management Review. Rob is a Regulatory Affairs and Quality Management System expert whose specialty is helping companies with regulatory submission of a Design Dossiers for CE Marking of high-risk Class III medical devices. You can read more of Rob’s work at QC is Dead and RA Review blogs. 

When I meet with a new consulting client, the phrase I dread hearing is “the FDA can’t see that.” It is true that the FDA is not supposed to review the content of internal audit reports and management reviews in order to encourage companies to use these tools to address quality problems without having to worry about the FDA beating them with their own reports.

The problem with this mentality is that it fails every time. The FDA can get to issues in your management reviews and your internal audits by asking, “Can I please see all the CAPAs resulting from internal audits and management reviews.”

One client I spoke with said that they purposely don’t open any CAPAs from internal audits or management reviews for that reason. I was in complete shock, but I managed to keep my poker face and asked the client, “So what do you think the FDA will do when you say that you don’t have any CAPAs resulting from internal audits or management reviews?”

Christine Park wrote a recent blog posting (http://bit.ly/FDATarget2013) about management responsibility being the “FDA’s NEW Inspection Target.”Most companies are subjected to a Level 2, QSIT inspection on a biannual basis. During these comprehensive inspections the inspector reviews the four major subsystems: 1) management controls, 2) design controls, 3) CAPA, and 4) production and process controls. The FDA will ask open-ended questions to determine the effectiveness of the QMS. If the inspector is not going to look at the actual meeting minutes from the management review, you can expect them to look at the following obvious targets:

  1. “May I see your procedure for Management Reviews?”
  2. “May I please have a copy of your organization chart?”
  3. “Could I see the agenda and attendees list from your last management review?”

The inspector could also ask for copies of inputs that are identified in the Management Review procedure, such as: “Could I have a copy of the most recent scrap trend analysis for production?” or “What is your threshold for taking corrective actions for rejects found in receiving inspection?”

One Quality Manager told me a fascinating story about his local inspector. During the visit two years before, the inspector requested a copy of the management review. The Quality Manager showed him the cover page that indicated the agenda and the attendees. The Quality Manager refused to let the inspector see the rest of the meeting minutes. The inspector then proceeded to conduct a brutal 3-day inspection where a myriad of 483’s were written.

Twelve months later the inspector returned to perform a “Compliance Follow-up.” This time when the inspector asked to see the management review, the Quality Manager agreed to let the inspector see the entire meeting minutes. From that point onward, each time the inspector got close to identifying a new 483’s the inspector would stop following the audit trail at the last moment before the nonconformity was identified. The Quality Manager said it was almost like the inspector was showing him that he could find all kind of problems to write-up if he wanted to, but he was taking it easy on the company because the Quality Manager was being cooperative.

My personal philosophy is to create a QMS that is open for review by any customer, auditor and even the FDA. No matter what they find, it’s just another opportunity to improve. This has worked well for me, but you need to follow a few basic rules when writing audit reports and management review meeting minutes:

  1. DO NOT write anything inflammatory or opinionated in your documents. My motto is, “Stick to the facts Jack (or Jill).”
  2. I ask other people in the management team to read and review the meeting minutes before they are finalized. The variety of perspectives in top management helps to make sure that the final document is well written and clear—especially to FDA inspectors.
  3. I structure the documents as per a standard template that is a controlled document. This ensures that each report or management review was conducted as per the procedure. In fact, I typically reference the applicable clauses and sub-clauses throughout the document. For example, I will reference ISO 13485:2003, Section 5.6.2h) for the slide titled “New and Revised Regulatory Requirements.” I put the reference next to the slide title just to make it clear what requirement this slide is addressing.
  4. If there is an area that I covered, but there was nothing to discuss, I write “There was no further discussion on this topic.”
  5. If there is an area that I did not cover, I make sure I do the following:
    1. write a justification for not covering the area,
    2. indicate the last time the area was covered (and the result at that time), and
    3. document when the area will be covered in future.

You can continue to listen to the advice of consultants that think of creative ways to hide things from the FDA or you can follow the above advice. If you follow my advice, then you can spend the rest of your time working on the CAPAs for each area where you identified a weakness—instead of spending your time trying to hide your problems.

If you are interested in learning more about preparing for FDA inspections, and how to respond to FDA 483’s or warning letters, please email Rob Packard (rob@13485cert.com). He will be hosting a 2-day course on this course in two different cities (Denver and Vancouver) on July 25/26 and July 29/30 respectively. The speakers for that course will be ex-FDA inspectors Lori Carr and Steve Yost.

Filed Under: All, Ask CQ, Quality System Tagged With: , , , , ,

Medical Device Project Management – The Phases

September 19, 2012 By Leave a Comment

Managing medical device product development projects requires a sound, defined process. We are currently working with several clients on defining and improving their medical device project management processes.

Here are the project phases we recommend:

  • Planning - To identify scope of the project; define user needs and corresponding design inputs
  • Design & Development - To establish product design and detailed specifications; to identify design outputs and verification methods
  • Design Verification - To demonstrate the product meets the design inputs
  • Design Validation - To demonstrate the product meets the user needs
  • Market Release - To launch product into manufacturing and marketplace

We developed a procedure / process that address FDA Design Controls and ISO 13485 Design & Development requirements and have been able to use this as a baseline that we are able to tweak for our clients.

Yes, we believe medical device project management to be our sweet spot. Yes, we believe we can help you with your medical device product development challenges.

Here are a couple other previous posts on medical device project management:

How to Succeed with Medical Device Product Devleopment

Rules for Medical Device Project Management

Filed Under: All, Ask CQ, Catalyst, Medical Device - General, Project Management, Project Phases Tagged With: , , , ,

Bootstrapping a Quality System – Advice for Medical Device Startups

September 11, 2012 By Leave a Comment

Within the past few weeks, we’ve been approached by a few early stage medical device startups requesting assistance. One of the common needs of these potential clients is a FDA / ISO compliant quality system. I’ve been asked to quote a build-from-scratch quality system. I’ve also had to educate a couple others on what a quality system is and why they should even care. I suspect some quality purists would tell these startups that it is absolutely essential to implement a fully compliant quality system ASAP.

I, however, do not agree. Especially for an early stage startup. Why not?

Hiring a resource to draft and implement quality system procedures is overhead. More times than not, the capital spent establishing a FDA / ISO quality system for a very early stage startup is not the best way to spend valuable and usually limited dollars.

Don’t misunderstand me. Yes, a compliant quality system is ABSOLUTELY necessary to have in place prior to going to market. But in the world of medical device startups, this could be a very long time. In the world of medical device startups, very few quality system elements are even meaningful during the fragile product development process.

Instead, I advise my startup friends to bootstrap their quality system. In other words, build the parts and pieces as you go and as you need them. And for a startup, there are likely only a few pieces that essential during medical device product development.

In my opinion, the critical quality system components during development are:

  • Design Control / Design & Development
  • Risk Management
  • Supplier Controls (because most startups rely on a fair amount of outsourcing)
  • Document Control / Record Management

Once the startup approaches the stage of regulatory submissions, additional elements of a quality system become more pertinent. But until then, keep the quality system bare bones. Bootstrap it and build it as you go.

Filed Under: All, Ask CQ, Medical Device - General, Quality System, Risk Management, start-up Tagged With: , , , , , , ,

Medical Device Resources Updated

September 10, 2012 By Leave a Comment

Recently, we created a few new webpages to provide references and useful information pertaining to medical devices. We make an effort to keep these pages up to date every couple weeks. Just letting you know the following pages have just been updated with fresh content for your reading pleasure:

Medical Device News

Regulatory

Tips for Startups

Events

Filed Under: All, Medical Device - General Tagged With: , , , , ,

Medical Device FDA Inspections versus Notified Body – Is There A Difference?

August 31, 2012 By Leave a Comment

Had you asked me this question a year or so ago, I would have answered “You bet!” Actually, my answer is still “You bet!” but with a twist. A year ago, I would have offered that FDA inspections are much more stressful and involved. Today, I’m not so sure. Based on recent experiences, I might even suggest that a Notified Body inspection is more stressful than FDA. Of course this assumes that you don’t have product issues and FDA is not conducting a for-cause inspection. Also, keep in mind that FDA inspectors are law enforcement. Yes, they carry a badge.

So why would I suggest that a Notified Body inspection is more stressful? Last summer, a client was subject to a FDA inspection. I was brought in just a day or two before the FDA inspector was scheduled. When the FDA inspector arrived, the inspection went fairly smoothly. There were some observations noted but no real surprises. Upon conclusion of the inspection, the company received a handful of 483 observations. Again, nothing too significant. No major issues. Within a month or so, we were able address all the issues and successfully complete the observations.

Fast forward about 9 months later with the same client. Their ISO 13485 certification was due for renewal. The notified body came in for an audit. We believed we were prepared and ready. The recent FDA inspection gave us quite a bit of confidence. That confidence was quickly shot down. The auditor had a different style–much more passive aggressive. He also seemed to be proving a point, although I’m not exactly sure what the point was. The level of detail, the depth of documentation reviewed, the strong opinions were all very surprising to me. I have been on both sides of a QS audit many times throughout my career. While I acknowledge the client had plenty of shortcomings and opportunities for improvement, it really seemed this auditor was trying to make some kind of example. Upon the conclusion, we received nearly 20 findings and deficiencies. Some were relatively simple to address. Others would take months. And the company worked diligently to resolve and correct the issues. Within a couple months, we believed we were on the right path. And literally during the week that the ISO certification was to expire, the auditor had issues with many of our corrective actions. We were forced into firefighting mode. Sometimes it’s okay to fight fires. But this felt like we were catering solely to an auditors opinion and preferences. Eventually, all issues were addressed and recertification was issued.

I realize inspectors and auditors have opinions. I realize they see many, many ways to do things–some good, some not so good. And I realize the more the auditors like how you do things may make this process easier. But through these experiences, I found the FDA inspector was much more tolerant and open to different ways of doing things. The FDA inspector seemed more interested in the actual documentation and records rather than making too much fuss about the process. The notified body auditor was kind of the opposite. He was more concerned with the process and interjected his opinions and influence. Not that he didn’t care about the records, he just didn’t seem to put as much weight in them.

On a related note, I noticed that Rob Packard recently wrote a post “FDA Inspection Strategies that DON’T Work”. It’s a great read, especially for anyone preparing for FDA and/or notified body inspections.

Filed Under: All, Ask CQ, Medical Device - General, Quality System Tagged With: , , , , ,

Can A Wiki Work for Medical Device Quality System?

August 23, 2012 By Leave a Comment

My friend, Bob Packard recently wrote a blog post titled “Burn the Binders and Get a Wiki”, suggesting that a wiki could be a platform for a company’s quality management system. The idea is not his and references articles and work done by Geometrica. Here are links to a few articles posted on Geometrica:

Using a Wiki for Document Control

Using a Wiki to Implement a QMS

Sample QMS Wiki Organization

I’ll admit, I’m still trying to wrap my head around this concept. Yes, I understand that a wiki is a collaborative space. But as I read this, the question I’m trying to answer is this: Can a wiki work for a medical device quality system? Also, could a wiki have other applications within a medical device company? Would this platform be accepted by FDA and other regulatory bodies? Can it be validated?

Filed Under: All, Ask CQ, Medical Device - General, Quality System Tagged With: , , ,

What If Your Medical Device DHF Needs Work?

August 9, 2012 By Leave a Comment

Of course, this is somewhat of a loaded question. There are lots of different scenarios and situations to consider regarding medical device design controls compliance. Let’s start with a brief overview:

  • FDA Design Controls are addressed in 21 CFR 820.30. ISO 13485 covers medical device design and development in section 7.3. Fortunately, both FDA and ISO are VERY similar with respect to medical device product development expectations.
  • DHF is the FDA abbreviation for a Design History File.
  • ISO 13485 and EU Medical Device Directive (MDD) do not use the term DHF per se. Rather, design and development documentation and records must be maintained.
  • DHF is not a regulatory submission. A DHF is a compilation of Design Control records.
  • It is possible to establish a medical device product development process that complies with FDA Design Controls and ISO 13485 Design & Development.

Okay, any one of the bullet points above could be expanded and the subject of an entire blog post or two. For now, let’s just agree to use the term DHF to describe a repository of medical device product development records.

Simply put, if you DHF needs work, you must fix it. It’s important, though, to take into consideration where the product is in its lifecycle, in my opinion. Here are some “rules” I would suggest:

  • First, analyze your medical device product development procedures, processes, work instructions, forms, etc. Do these comply with FDA and ISO? If not, fix them first.
  • If your product is still in development and has not been transferred to production, then fix the DHF now. Don’t wait until after the product is launched, suggesting you will do it later. If you don’t fix it now, you probably won’t do it later until required because of a FDA inspection or ISO audit.
  • If your product is in production, assess the DHF gaps and issues. Analyze the risks associated with the gaps from both a business and regulatory compliance perspective. Document the gap analysis results. Document the risk-based decisions. Identify an action plan (and maybe even open a CAPA) to address the issues.

In my opinion, plugging the gaps in a DHF after the fact can sometimes be challenging. For example, if a DHF is missing a Design & Development Plan and the product is already in the marketplace, then there’s not much that can be done to fix this. But you should definitely document your finding in a memo, audit report, etc. And you might consider opening a CAPA to ensure it doesn’t happen again.

But there are some contents of a DHF that you should mitigate if found missing. For example:

  • If you failed to adequatley demonstrate the design outputs meet the design inputs, identify what additional design verification activities are required.
  • If you failed to adequately demonstrate the product meets the user needs, identify how you can address design validation through end-user experience. Of course it is important to realize that these activities are retrospective. While this is NOT a best practice, identifying and mitigating short-comings is still a recommended practice.
  • If you did not document risk management activities per ISO 14971, then you should create these records (again, make sure you have also reviewed risk management procedures).

I cannot stress enough the importance of documenting your rational throughout this process. While you may not always make the right decisions in the eyes of regulators regarding missing DHF contents, ignoring it altogether is a BAD thing. Fall on your sword and assess the short-comings using risk-based approaches.

Filed Under: All, Ask CQ, Design Control, Medical Device - General Tagged With: , , , ,

Why Do Small Medical Device Companies Overburden Themselves with Wordy Procedures?

July 20, 2012 By Leave a Comment

During the past few months, CQ has been working with a number of small medical device companies. While the products these companies produce are vastly different, they all have similarities in their culture and day-to-day business practices. And of these commonalities, the one that is most glaring to me pertains to the Quality System.

First, I should qualify that I prefer a descriptive meaningful picture instead of pages and pages of words.

Apparently, though–at least from my recent experiences, small medical device companies prefer lots of wordy procedures. In my opinion, my small medical device clients are overburdening themselves because of their QS. Yes, I know they need to address the FDA / ISO QS requirements. However, I’m kind of confused why they chose to waste so many words on paper to do so.

I suspect the reason is pretty simple. Many of the procedures I’ve been reviewing are more or less a regurgitation of FDA and ISO terminology. The company puts their “unique” spin on things, adding their lexicon and specific terminology. And while their procedures may in fact be in compliance with the regulations, I know there is a huge disconnect. I know they are NOT in compliance because they don’t always follow the words written in their procedures.

I know there is a better way to document QS procedures–especially for the small medical device company. My simple advice is this: map the processes and create a pretty, easy to follow flow chart.

Filed Under: All, Ask CQ, Medical Device - General, Strategy vs. Tactics Tagged With: , , , , , , ,

Quality & Regulatory Resources In High Demand for Medical Device Industry

July 17, 2012 By Leave a Comment

The trend recently has involved at least one phone call or email per week from a medical device company requesting help–either full-time or consulting–in the areas of quality and regulatory. And the requests are coming from all types of medical device companies.

As a consulting firm providing solutions in quality and regulatory, I’m a little excited about this trend. But this also has me a little concerned, mainly because I want to understand why the sudden surge.

Are companies suddenly struggling with FDA regulations and ISO requirements? Are companies expanding into new markets requiring expertise from seasoned experts? Are companies losing resources? I honestly don’t know the answers. But I can tell you it has been difficult to find people to fill the requests.

If you have quality and/or regulatory experience or know someone who does, please contact us: 765 315 2736, info@creoquality.com.

Filed Under: All, Connect Tagged With: , , ,

Designing A Medical Device Quality System Using Process Approach

July 9, 2012 By Leave a Comment

Creo Quality has worked with a variety of medical device clients–from the very early stage startup to the multi-billion dollar multi-nationals. We’ve seen a variety of quality systems. And surprisingly, very few of the quality systems of our clients truly seem to work. Why?

Most companies take a clause-by-clause approach. Meaning, if FDA / ISO has a regulation / clause for a particular item (e.g. document control), the company writes a procedure around this particular item. This approach is repeated for every regulation / clause until all have been addressed in procedure form. And then the result is clunky and cumbersome and does NOT flow well. Also, the result often does a very poor job of really describing how the company does stuff.

Is there a better way? You bet. And my new “friend” from LinkedIn, Rob Packard recently wrote a blog post about it on his blog QC Is Dead (Rob also has another blog RA Review). The blog post is “How to Train an Auditor on the Process Approach”. Nevermind if you’re not an auditor. In fact, it doesn’t matter if you are an auditor or not. And in my opinion, it doesn’t matter if you have an established quality system or not. Reviewing your processes is important. Designing your quality system around your processes is important.

I realize it may be difficult for you to scrap your established quality system and restart. But sometimes, this is a healthy cleansing exercise. Your quality system must mimic what you do as best as possible. I have a couple clients right now where it would be easier to start with a blank sheet rather than try to add and adjust their current approach. But changing old habits is hard.

Keep this in mind, though. Almost any auditor who will be reviewing your processes and procedures will be doing so using the process approach. If your quality system has a flow following a process approach, the auditing (both external and internal) process should flow much more smoothly.

For startups, this is CRUCIAL! You are starting with a blank sheet with respect to a quality system. Build this around processes. And keep in mind, you don’t have to build all processes in the beginning. Bootstrap your quality system. In other words, build it as needed. Rob provides a pretty comprehensive list of processes:

  1. Design & Development
  2. Purchasing
  3. Incoming inspection
  4. Assembly
  5. Final Inspection
  6. Packaging
  7. Sterilization
  8. Customer Service
  9. Shipping
  10. Management Review
  11. CAPA
  12. Internal Auditing

If you are an early stage company, you probably only need to focus on Design & Development (I would throw in Document Control, Risk Management, and Supplier related processes if outsourcing to 3rd parties).

Filed Under: All, Ask CQ, Medical Device - General Tagged With: , , , , ,

Are You Afraid of FDA?

August 31, 2010 By Leave a Comment

Should you be?

Many companies fear FDA. Some probably should because business practices, documentation and records, and compliance are not up to snuff.

Many years ago, the company where I worked was preparing for ISO auditors (not really like FDA inspectors but kind of) to come in for recertification. I speculated that the office chatter was probably similar to Paul Revere’s midnight ride: “The auditors are coming. The auditors are coming!” Several of my colleagues would remind me of this several days ahead of time. This was puzzling to me. I responded by asking why wouldn’t we act / do the same things whether auditors were present or not.

And it’s true. If you are afraid of the FDA (or ISO), you probably have one of two reasons for this fear:

  1. You know your company is out of compliance.
  2. You don’t know what you don’t know.

In either case, I would encourage you to seek help to remove your fears. Find a company, consultant, or resource to come in to help (hint).

Or you can roll the dice and wait for a FDA inspection and take your chances.

Enhanced by Zemanta
Filed Under: All, Strategy vs. Tactics Tagged With: , , ,