Rob Packard comes through again with another guest post. I think the topic is timely and pertinent, mainly because I have several clients who either recently completed or soon will conduct Management Review. Rob is a Regulatory Affairs and Quality Management System expert whose specialty is helping companies with regulatory submission of a Design Dossiers for CE Marking of high-risk Class III medical devices. You can read more of Rob’s work at QC is Dead and RA Review blogs.
When I meet with a new consulting client, the phrase I dread hearing is “the FDA can’t see that.” It is true that the FDA is not supposed to review the content of internal audit reports and management reviews in order to encourage companies to use these tools to address quality problems without having to worry about the FDA beating them with their own reports.
The problem with this mentality is that it fails every time. The FDA can get to issues in your management reviews and your internal audits by asking, “Can I please see all the CAPAs resulting from internal audits and management reviews.”
One client I spoke with said that they purposely don’t open any CAPAs from internal audits or management reviews for that reason. I was in complete shock, but I managed to keep my poker face and asked the client, “So what do you think the FDA will do when you say that you don’t have any CAPAs resulting from internal audits or management reviews?”
Christine Park wrote a recent blog posting (http://bit.ly/FDATarget2013) about management responsibility being the “FDA’s NEW Inspection Target.”Most companies are subjected to a Level 2, QSIT inspection on a biannual basis. During these comprehensive inspections the inspector reviews the four major subsystems: 1) management controls, 2) design controls, 3) CAPA, and 4) production and process controls. The FDA will ask open-ended questions to determine the effectiveness of the QMS. If the inspector is not going to look at the actual meeting minutes from the management review, you can expect them to look at the following obvious targets:
- “May I see your procedure for Management Reviews?”
- “May I please have a copy of your organization chart?”
- “Could I see the agenda and attendees list from your last management review?”
The inspector could also ask for copies of inputs that are identified in the Management Review procedure, such as: “Could I have a copy of the most recent scrap trend analysis for production?” or “What is your threshold for taking corrective actions for rejects found in receiving inspection?”
One Quality Manager told me a fascinating story about his local inspector. During the visit two years before, the inspector requested a copy of the management review. The Quality Manager showed him the cover page that indicated the agenda and the attendees. The Quality Manager refused to let the inspector see the rest of the meeting minutes. The inspector then proceeded to conduct a brutal 3-day inspection where a myriad of 483’s were written.
Twelve months later the inspector returned to perform a “Compliance Follow-up.” This time when the inspector asked to see the management review, the Quality Manager agreed to let the inspector see the entire meeting minutes. From that point onward, each time the inspector got close to identifying a new 483’s the inspector would stop following the audit trail at the last moment before the nonconformity was identified. The Quality Manager said it was almost like the inspector was showing him that he could find all kind of problems to write-up if he wanted to, but he was taking it easy on the company because the Quality Manager was being cooperative.
My personal philosophy is to create a QMS that is open for review by any customer, auditor and even the FDA. No matter what they find, it’s just another opportunity to improve. This has worked well for me, but you need to follow a few basic rules when writing audit reports and management review meeting minutes:
- DO NOT write anything inflammatory or opinionated in your documents. My motto is, “Stick to the facts Jack (or Jill).”
- I ask other people in the management team to read and review the meeting minutes before they are finalized. The variety of perspectives in top management helps to make sure that the final document is well written and clear—especially to FDA inspectors.
- I structure the documents as per a standard template that is a controlled document. This ensures that each report or management review was conducted as per the procedure. In fact, I typically reference the applicable clauses and sub-clauses throughout the document. For example, I will reference ISO 13485:2003, Section 5.6.2h) for the slide titled “New and Revised Regulatory Requirements.” I put the reference next to the slide title just to make it clear what requirement this slide is addressing.
- If there is an area that I covered, but there was nothing to discuss, I write “There was no further discussion on this topic.”
- If there is an area that I did not cover, I make sure I do the following:
- write a justification for not covering the area,
- indicate the last time the area was covered (and the result at that time), and
- document when the area will be covered in future.
You can continue to listen to the advice of consultants that think of creative ways to hide things from the FDA or you can follow the above advice. If you follow my advice, then you can spend the rest of your time working on the CAPAs for each area where you identified a weakness—instead of spending your time trying to hide your problems.
If you are interested in learning more about preparing for FDA inspections, and how to respond to FDA 483’s or warning letters, please email Rob Packard (firstname.lastname@example.org). He will be hosting a 2-day course on this course in two different cities (Denver and Vancouver) on July 25/26 and July 29/30 respectively. The speakers for that course will be ex-FDA inspectors Lori Carr and Steve Yost.