Blog

Author Archive

12 Important Tasks for Implementing ISO 13485

%name 12 Important Tasks for Implementing ISO 13485By Guest Blogger, Brigid Glass

The author describes 12 important tasks (training, auditing, etc.), which should be included in your plan for successfully implementing ISO 13485.

For your ISO 13485 implementation project, use a planning tool that you are comfortable with (e.g., – a spreadsheet or project planning software). Your plan should include the following:

  1. Identification of each task
  2. Target dates for completion of each task
  3. Primary person responsible for each task
  4. Major milestones throughout the project

Regular progress reports to top management and implementation meetings with all process owners are recommended to track your progress to plan. Weekly meetings are also recommended so that no tasks can fall too far behind schedule. Be sure to invite top management to weekly meetings, and communicate the progress toward completion of each task to everyone within your company. The list below identifies 12 of the most important tasks that should be included in your plan.

12 Tasks to Consider for Implementing ISO 13485
  • 1. Select a certification body and schedule your certification audits (i.e., – Stage 1 and Stage 2). If you want to place devices on the market in the EU, Japan, or Canada, make sure your certification body meets the specific regulatory requirements for that market (http://bit.ly/Sept24FX).
  • 2. Establish a Quality Manual and at least 19 required procedures. If you have purchased a copy of the excellent Canadian CSA publication “Plus 13485” (http://bit.ly/13485Plus), this lists required procedures for you. There are a few extra procedures or work instructions needed to meet regulatory requirements (e.g., – training, mandatory problem reporting, and post-market surveillance).
  • 3. Document training on the procedures comprising the quality system. A signed form indicating that employees “read and understand” the procedures is not enough. Training records should include evidence of the effectiveness of training, and you should be able to demonstrate the competency of the people performing those procedures.
  • 4. You must complete at least one full quality system internal audit. The timing of your internal audit should be late enough in the quality plan that that most elements of your quality system have been implemented. However, you want to allow enough time to initiate CAPAs in response to internal audit findings before your Stage 1 audit. If your internal auditor(s) have been heavily involved in the implementation of the quality system, you may need to hire an external consultant to perform your first internal audit.
  • 5. You need to complete at least one management review, which can be done just before the Stage 1 audit. My preference, if there is time, is to have at least two management reviews. The first review might occur three months before the Stage 1 audit, just before you plan to perform an internal audit of the management processes. There may be limited data to review at that time, but this first review provides an opportunity to train top management on their roles and responsibilities during a management review.

The second management review must cover all the requirements identified in ISO 13485, Clause 5.6. The second management review is also your last chance to identify any gaps in your quality system, and initiate a CAPA or action items before your certification auditor arrives.

  • 6. Compliance with regulatory requirements must be a commitment stated in your company’s Quality Policy. Specific regulatory requirements should be traceable to a specific procedure(s).

If you are seeking ISO 13485 Certification as part of the Canadian Medical Device Conformity Assessment System (CMDCAS) or the CE Marking process, then these regulatory requirements will be specifically included in your certification audit.

  • 7. Systematically incorporate customer and regulatory requirements into the quality management system. For contract manufacturers, this is especially important, and the Supplier Quality Agreements your company executes are the best source of these customer requirements. If your company is a legal manufacturer (the company named on the product label), this task is probably addressed sufficiently in tasks #1 and 6.
  • 8. You need to implement a supplier quality management process. If you already have a strong supplier quality program, then this may be a small task involving a few changes to your procedure. If you don’t have much of a supplier program yet, then this may involve identifying your suppliers, ranking them all according to type and risk, qualifying or disqualifying them, and executing supplier quality agreements.

Note: If you need training on Supplier Quality Management, you might consider participating in Medical Device Academy’s October 4th training workshop (http://bit.ly/MDAWorkshops).

  • 9. If product design is within the scope of your QMS, which is typical of legal manufacturers, but not for contract manufacturers, then you must establish a design control procedure(s). Product development projects often operate in a timeframe that is longer than your implementation project, and you may need ISO 13485 certification as part of the regulatory approval process.

Therefore, the minimum expectation is to initiate at least one development project before the certification audits. For records of implementation, you should have a design project plan, an initial risk management plan, reviewed and approved design inputs for your first product, and conduct at least one design review.

  • 10. Document what your Certification Body expects (e.g., – notifying them of significant changes). These expectations are likely to be stated in your contract with the Certification Body.
  • 11. Appoint the management representative and a deputy. Ideally, this is formally documented with a letter of appointment signed by the CEO and the management representative. This letter should be maintained in the management representative’s personnel file, along with a copy of the job description explaining the job responsibilities of the management representative. This may also be achieved by identifying the management representative and a deputy in your company’s organization chart.
  • 12. After the certification audit, your last task should be to “Create Quality Plan #2”—another PDCA (http://bit.ly/PDCAcycle) loop through the system. The reason for a new quality plan is to implement improvements based upon what you learned while you were building the quality system for the initial certification audit.

If your company wants to achieve ISO 13485 certification, you may be interested in our 6-part, “Road to Certification – The Series” (http://bit.ly/roadmapiso) audiocasts beginning on August 28, 2013 (also available as a recording).

Posted in: ISO Certification

Leave a Comment (2) →

Implementing ISO 13485: Planning the Project

By Guest Blogger,  Brigid Glass %name Implementing ISO 13485: Planning the Project

Five reasons why ISO 13485 certification may take longer than you expect, as well as tips and planning advice to help avoid pitfalls, are provided.

Your company wants to achieve ISO 13485 certification. How are you going to get there? In a recent blog, I reviewed setting objectives for implementing an ISO 13485 certification project. Once you’re clear on those, then you’re ready to create your first quality plan. The basic elements of any strategy will be:

  • Task breakdown (which I will cover in a separate blog)
  • Timeline
  • Resources (skills and hours available)
Timeframes and Trade-offs of ISO 13485 Certification Planning 

The endpoint of planning for the certification project is the certification audit. The earlier you choose your registrar or Notified Body and book the audit, the more choice you will have regarding the date. This should be one of the earliest tasks in the task breakdown. To be able to do that, you need a timeframe as to when you will be ready for the certification audit. How long it takes to implement ISO 13485 and be ready for a certification audit depends upon your starting point and your available resources. If you have no QMS in place, it will take you longer than if you already have a strong, documented QMS that complies with 21 CFR Part 820.

It May Take More Work

If you already have ISO 9001:2008 certification, though you already have a structure in place, the upgrade to ISO 13485 is likely to take more work than you expect because:

  1. There are fewer procedures required by ISO 9001
  2. Most of your existing procedures will require revision
  3. Your employees will need training on the new procedures
  4. You will need time to generate records using new procedures
  5. You will need to complete a full quality system audit of the new procedures

Many companies also underestimate the required resources for ISO 13485 certification. If you have a knowledgeable consultant, and people available to write procedures, then ISO 13485 implementation will progress faster than an organization that has little expertise and little time available, so plan accordingly. Ideally, you will determine the length of time each task will take and decide on an endpoint for the project based on that information and available resources. This approach works well if you already have a well-documented, regulated QMS.

6 Months-Reasonable Timeframe?

Six months is my rule of thumb for the time needed to implement a quality system compliant with ISO 13485. If the implementation schedule is longer, organizational enthusiasm may wane. If the timeframe is shorter than six months, it’s difficult to complete all the required tasks. No matter how carefully you plan, you still need to write procedures, train personnel, and implement procedures, so there is adequate time to generate records. Six months is aggressive for most companies, but the objective of achieving certification in six months is reasonable.

You may find it interesting that in Rob Packard’s white paper on ISO 13485 implementation. He also recommends that you allocate six months of one Full-Time Equivalent (FTE). This is a reasonable starting point, but you may want to adjust your resource allocation up or down depending upon the level of experience within the implementation team. Experience has taught me that smaller organizations are more successful at building an effective quality system when effectiveness is achieved in reiterative steps (i.e., – revision 1, revision 2, etc.). This is also the basis of the Deming/Shewhart Plan-Do-Check-Act (PDCA) cycle (http://bit.ly/PDCAcycle). This is also what I meant in a recent blog (http://bit.ly/ImplementationObjectives), where I suggested that you should “throw perfectionism out the window.”

Your understanding of how the quality system links together will grow as you implement each process in your implementation plan. As knowledge grows, you may reconsider some of your procedures. Instead of delaying the certification process (i.e., – revision 1), you may want to implement improvements as a second revision to procedures after the Stage 2 certification audit (i.e., – revision 2). During your Stage 1 and Stage 2 certification audits, your understanding of how the standard is interpreted and audited will build. After you achieve the initial ISO 13485 certification, you will have a much greater understanding of how all the elements of the quality system need to work together. You will also understand what parts of your quality system are easy for an outsider to audit.

After the ISO 13485 Certification Audit

During the initial planning stage, you should also imagine your future state after the certification audit (http://bit.ly/Beginwiththeendinmind). Your boss may assume that once the audit has been and gone, then everything will settle back to “normal” again. The reality is that after you deal with any nonconformities, and you take off a few days like you promised your family, you will have a long list of improvement ideas waiting for you. You will also need to prepare for next year’s surveillance audit. Therefore, I recommend that you manage expectations by adding “Create Quality Plan #2” as the last step of your ISO 13485 certification plan. If your company wants to achieve ISO 13485 certification, you may be interested in our 6-part, “Road to Certification – The Series” (http://bit.ly/roadmapiso) beginning on August 28, 2013 (also available as a recording).

Posted in: ISO Certification

Leave a Comment (0) →

Implementing ISO 13485: Dealing with Delays

By Guest Blogger,  Brigid Glass

%name Implementing ISO 13485: Dealing with DelaysThe author provides tips, practical examples, and six steps to follow if your ISO 13485 implementation project falls behind schedule.

In the best-planned project, with plentiful, skilled resources and diligent monitoring, things can still go awry. We need to be watchful for signs of our plans falling behind schedule, and develop contingency plans to prevent delays.

Walk Around the Mountains

Identify major obstacles early and develop a plan to deal with them. The major obstacles are usually the tasks that take the longest—such as process validation. Specifically, name these tasks in your pitch to management for resources before you start. This approach will ensure that everyone is focused on the biggest challenges.

If your plan to climb over those mountains is failing, work out a route around them. Maybe your R&D Manager can’t yet accept that there will now be design controls. In this case, an alternate path might be to leave design controls for last purposely. If you write a concise procedure and release it as your last procedure, then you have a built-in excuse for why you have very few records to demonstrate an implementation of design controls. You will still need at least one design project plan and training records to demonstrate that the process is implemented.

If this plan is successful, your auditor will write in the report that “design controls are implemented, but there are limited records to demonstrate implementation at this time.” If this plan is unsuccessful, you will need to provide additional design control records before you can be recommended for ISO certification—typically within 90 days.

Another approach is to initiate a CAPA and implement some of the tasks after the audit. For example, you have more suppliers than you can audit before certification. In this case, qualify all your suppliers, and use a risk-based approach to help you prioritize which suppliers need to be audited first. In your plan, identify that you will start by auditing the three highest-risk suppliers. Lower risk suppliers can be scheduled for audits after certification.

Be Watchful

Keep a close eye on your project plan. One of the most critical factors for success is keeping the plan and progress against the plan in front of the key players and senior management. Do this in such a way that progress, or the lack of it, is very clearly visible. It’s a basic maxim of Quality that we act on what we measure.

ISO 13485 Implementation: If Your Project Falls Behind Schedule

If you find yourself lagging seriously behind in your project, the following steps will assist you in recovering sufficiently to still be able to attain certification.

  1. Enlist management support when you need it, especially if you need them to free up resources.
  2. Prioritize. Before the Stage 1 audit, ensure that those procedures which are required by ISO 13485 are released (there are 19). There’s always room for improvement, but leave some of it for the second revision, instead of delaying certification.
  3. Ensure that you have at least a few examples of all the required records. Your auditor will be unable to tick off his checklist if a record is absent. Make it easy for the auditor.
  4. If there is a sizeable gap that you won’t be able to close before certification (i.e., – you have a validation procedure, but validations have not been completed), write a CAPA outlining your action plan to address the gap. During the audit, act confidently when you are questioned about the gap. Many auditors will give you credit for identifying the problem yourself.
  5. Don’t panic. The worst the auditor can do is to identify a nonconformity you will have to address with a CAPA plan before you can be recommended for certification. At most, this will result in a delay of a few weeks.
  6. Throughout your certification preparations and during the certification audits, you will identify issues you may not have time to resolve before the certification process is complete. If you are planning to revise procedures and make other corrections, make sure you track these issues as CAPAs or with some other tool (e.g., – an action item list). You want to address each issue prior to the first surveillance audit (no more than 12 months from the date of the Stage 2 audit).

Best wishes for your project. Success is the result of good planning, good communication, and good monitoring.

This blog is part of a series of blogs that leads up to our Roadmap to Iso 13485 Certification Courses

Posted in: ISO Certification

Leave a Comment (0) →

Quality objectives for achieving your goals

This article, updated in 2020, describes two different approaches to establishing quality objectives to achieve your business goals.
BHAG JFK Quality objectives for achieving your goalsGoal setting and communicating a vision of the future is not just the responsibility of the company President. Every manager should be setting goals for the teams they manage, and you can set yourself apart from your peers by building a vision with clear benefits to employees, customers, and the bottom line. Establishing quality objectives, and monitoring the progress toward those objectives is one of the greatest tools you can use to achieve your business goals. There are two different approaches to setting quality objectives, and you should use both.

Two Types of Quality Objectives

The most popular type of quality objective is a visionary goal. The phrase that I think captures this idea is the “Big Hairy Audacious Goal” (BHAG). Jim Collins and Jerry Porras coined this phrase in Built to Last. Visionary goals are long-term quality objectives that will require many smaller, coordinated changes intended to “level up” your business.

The second type of quality objective is a short-term goal. Short-term goals are not nearly as “sexy,” but achieving short-term goals builds momentum and creates long-term habits that are crucial to success. The two books that capture this concept best are The Compound Effect by Darren Hardy and The Slight Edge by Jeff Olsen. Both books emphasize the importance of consistency and small improvements to achieve success. The secret to establishing short-term goals is to make sure that your short-term goals are aligned toward helping you achieve long-term goals.

In our quality system procedures, we include a section for monitoring, measurement, and data analysis. For every process in your quality system, you should have at least one defined quality metric that you consistently measure. Everyone involved in that process should be aware of the metric, and data analysis should be shared with everyone in the company. Some of those quality metrics will be more important than others, but everyone must expect to achieve the goals that are set. You can pick anything you want to measure for a process, but for the metric to be used as a quality objective, it must be measurable and consistent with your quality policy. I like to define measurable by saying, “You must be able to graph it.”

6 Steps to Achieving Big Hairy Audacious Goals (BHAG)

Not all quality objectives have to be small, dull, or easy. You are required to establish quality objectives. Both the QSR (21 CFR 820.20, management responsibility) and the ISO Standard (ISO 13485:2016, Clause 5.4.1, require that top management establish quality objectives. These objectives must also be reviewed during management reviews, and they should be established at all levels throughout your company. Some of these objectives will be small, but you should make at least one of your quality objectives big, exciting, and hard to achieve. If you want to set your first BHAG for your team, try following these six steps.

STEP 1: Involve your team in setting quality objectives

Weak managers dictate goals, but leaders get teams involved in the goal-setting process. Getting your team involved gives them ownership of the goal. If you’re unsure of how to get your team involved, you might try a brainstorming session. A good brainstorming session is relatively short (i.e., – < 1 hour). Everyone needs to understand the goal of the brainstorming session: to generate many ideas for a possible BHAG. Everyone needs to understand what a BHAG is. These examples might help:

  1. Reduce average monthly scrap by 80% with a Pareto Chart
  2. Reduce the average number of nonconforming material reports by 50%
  3. Increase the ratio of preventive actions to corrective actions to > 1.00

Finally, negative comments should not be tolerated. Bad, good, and silly ideas should all be encouraged because the purpose of brainstorming is to generate many ideas. After you have 100+ ideas, you and your team can schedule another meeting to select the best goal(s).

STEP 2: Predict the bottom-line impact of quality objectives

Top management’s perception of a BHAG will be directly proportional to the impact on the bottom line. If the impact is small, the “B” in BHAG is a “b.” You and your team should use the potential impact on the bottom line as the first selection criteria for picking the best BHAG from the brainstorming list. The accuracy of these estimates doesn’t matter initially. Still, once you choose the goal, you will need to verify the accuracy of the financial impact and define how that impact will be measured.

STEP 3: Look to the future, but focus on the next milestone

Picking a five and ten-year goals is appropriate for discussions with Human Resources about your career, but companies are measured on quarterly financials. Therefore, you will need to focus on the goals you can achieve in three to six quarters. The number of milestones you set should also be few, and you should focus on one at a time. If the goal is only three quarters away, you might have monthly targets, while longer projects need interim milestones.

STEP 4: Milestone momentum

Longer projects often become delayed because people will procrastinate, and teams will lose momentum. When you break your long-term goals into smaller chunks, everyone can focus on the next milestone and see the progress. Each piece should be a sound stage of the project, and completion of the stage must be clearly defined. To create momentum, you must achieve each milestone–always. The pattern of consistent milestone achievement builds confidence, and your team will gradually develop the habits needed to sustain your progress.

STEP 5: Assign the Skeptic to Report on Quality Objectives

A good statistician can make the numbers look any way you want, but skeptics in other departments (and within your team) will criticize your claims of success. One way to silence the skeptics on your team is to make them responsible for measuring and reporting the team’s progress. This approach ensures that progress reports are conservative and accurate, rather than inflated or unbelievable. Progress should also be reported publicly because public victories are something your team can be proud of.

STEP 6: Promise a Reward for Achieving Quality Objectives

Some managers believe that the reward for hard work should be a paycheck. That’s sort of like telling your children that they get to eat for doing something you’re proud of. Employees are not children, but you are responsible for developing them into more valuable employees so that they can be promoted. If there is no incentive, your team will not be engaged. Therefore, pick a reward that is proportional to the bottom-line impact. Five percent of the bottom-line impact is what I like to target, but you would be amazed at how effective a few small rewards at each milestone can be. If you have trouble getting management approval for rewards, remind your boss of the bottom-line impact and link the rewards closely to the impact.

Posted in: ISO Certification

Leave a Comment (1) →

Implementing the ISO 13485 Standard: Objectives

By Guest Blogger, Brigid Glass

The author discusses implementing the ISO 13485 standard, including seven questions to clarifying your objectives and six considerations in shaping your objectives.%name Implementing the ISO 13485 Standard: Objectives

Implementing ISO 13485 is such an enormous undertaking for an organization that it pays to approach the planning strategically to ensure that all objectives are met.  Often, some objectives are made explicit, and others are unspoken. It is worth taking the time to ensure that all objectives are clearly stated to achieve the outcomes you want. Begin with the end in mind. Then, ensure that you are taking the organization with you, and you are all headed to the same destination.

7 Questions to Clarify Your Objectives
  1. What are your regulatory drivers for ISO 13485 implementation? Are there dates associated with marketing plans that you need to take into account? Are there other regulatory requirements that need to be built into the QMS and the implementation plan, (e.g., incident reporting for Canada or a Technical File for CE marking?)
  2. What other regulatory requirements must you meet to get into international markets? ISO 13485 requires that you meet applicable regulations for each market, such as a training procedure to address 21 CFR 820.25, a post-market surveillance plan to address CE Marking requirements, and a Mandatory Problem Reporting Procedure for Canada.
  3. If you are a supplier to medical device manufacturers, what do your customers expect of your QMS? If they haven’t made this explicit already, ask them. Meeting their needs and their audits of your system may be as important to you as the certification audit.
  4. Do you want to achieve business improvements by implementing a QMS? If you include this in your stated objectives, and everyone “buys into” the program, then you will build procedures that deliver business improvements, rather than just being regulatory overhead.
  5. Do you have real buy-in from your CEO? You may have buy-in for certification, but if you don’t already have a regulated QMS, does she or he fully understand the cultural change that he or she must lead? If not, make this one of your unwritten objectives and keep it front of mind.
  6. Do you have organizational buy-in?  Ensure that it is clear who owns each process, and that those process owners have the ultimate responsibility for the compliance of their process and ownership of documentation that is created for those processes. Keep the project progress visible. Develop a communication plan with its objectives and targets, even if your organization is small.
  7. Do you want to align with other systems? If you already have a QMS, you will want to integrate ISO 13485 compliance with that. Do you also need to implement ISO 14971, the risk management standard? Since you are going to be doing this much work on your QMS, maybe you could take the opportunity to align it with your health and safety or environmental management systems.
Timeframes and Trade-offs

How long it takes to implement ISO 13485 will be covered in another blog soon.  Six months is a workable rule of thumb.

So what do you do if you don’t have that long, and have to meet a pressing deadline?  Or you don’t have the resources available to implement, as well as you want in the time available?  Compromises have to be made, and now it’s necessary to set short-term and long-term objectives.

6 Considerations in Shaping Your ISO 13485 Standard Implementation Objectives

If you are constrained from structuring the implementation project ideally, the following considerations below will assist you in shaping your objectives:

  1. Get a qualified consultant who understands your business. If you have a large company, find someone who spends more of their time working with corporates, and vice versa for a small company.
  2. Throw perfectionism out the window. The goal is not perfect procedures. The essence of a Quality System is documentation to explain the intent, records to capture reality, internal auditing, and monitoring to identify the gaps and CAPA to improve and maintain effectiveness. The Deming Plan-Do-Check-Act cycle assumes that you are never perfect.)
  3. Accept that you then have another round of work to do to improve procedures.
  4. Organizational buy-in is even more critical. Be very careful about setting expectations. Adjusting to the extra requirements of a regulated QMS is already tricky. In these circumstances, you may be asking people to live with procedures that are not as usable as they would like.
  5. Be especially careful to ensure that the auditor can tick off all the essential points, and find how you have fulfilled the requirements without hunting too hard. All the required procedures and records must be in place. It’s more important to address 100% of the requirements than to perfect 80% and skip the last 20%.
  6. Accept that there may be nonconformities that have to be dealt with after the certification audit. Set the organizational expectation around this and build time for it into your schedule. Ask your certification body early to tell you the timeframe for dealing with nonconformities.
Setting Expectations

Objectives need to be communicated clearly to everyone in the organization. For a project (and many other things in life),

Satisfaction (or Disappointment) = Actual Result – Expectation

The certification audit is not the end. You will still need people to align their effort into making the implementation succeed after the pressure and obvious deadline of the certification audit has passed.  Setting their expectations appropriately early in the project is essential to keeping their (and your) motivation going. This is especially important if you are building your QMS, short on time or resource, and therefore know that you need to do a lot of work in the year following certification to develop improved workable procedures and generate a recorded history of compliance.

 

This blog is part of a series of blogs that leads up to our Roadmap to Iso 13485 Certification Courses

Posted in: ISO Certification

Leave a Comment (0) →

Keeping Design Projects on Schedule: Using the CAPA Process

%name Keeping Design Projects on Schedule: Using the CAPA Process The author provides two steps to consider taking now and steps to take in the future that will help keep design projects on schedule using the CAPA process.

The ability to get new, high-quality products to market quickly is the most important core competency for a company to develop. What is your company doing to improve the performance of your design teams? If you have trouble answering the above question, you should consider performing a detailed internal audit of your design control process: http://bit.ly/AuditDesign.

The only significant change I would make to my recommendations from 2012 is to follow the GHTF guidance document for creating technical files using the STED format, instead of using NB-MED 2.5.1/Rec 5: http://bit.ly/GHTFSTEDGuidance. This approach to creating a technical file lends itself to meeting the Canadian Requirements for Medical Device Licensing, and this is the preferred format of Technical Files in Annex II of the proposed EU regulations.

At the end of the blog on how to audit design controls, Step 7 states that you should “Ask the process owner to identify some metrics or quality objectives they are using to monitor and improve the design and development process…If the process owner is tracking no metrics, you might review schedule compliance.” The two most common reasons why design projects are not able to keep pace with the design plan schedule are: 1) there are insufficient resources allocated for the project, and 2) the estimates of the duration for tasks in the schedule are too aggressive.

Step 1: Estimating the Duration of Tasks

Task duration is the easiest quality objective to track performance against. Whether you track design projects with an Excel spreadsheet or Microsoft Project, you can easily compare the actual duration of any project task with the estimated duration that was planned at the beginning of the project. It is important to measure the length of labor hours, rather than using the number of people because most design team members are multi-tasking. You can and should mine the data from previous design projects because this information is available now. As you go through historical data, you will also realize where there are weaknesses in how you capture data regarding labor hours.

Once you have the raw data, I recommend analyzing the data using % deviation and total hours. The % deviation will tell you which estimates were the least accurate, and the total hours will tell you which estimates have the most significant impact on the total project. Ideally, you will collect data from multiple projects, so that you can determine if the deviations are consistent from project-to-project.

This data analysis is important because the data analysis will help identify the root cause for inaccurate task duration estimates. You may also want to perform a Pareto Analysis of the data to prioritize which project tasks would benefit most from more accurate estimates. Once you have identified the root cause for inaccurate estimates, you can initiate Corrective And Preventive Actions (CAPA), where appropriate.

Step 2: Allocation of Resources

You may hear the phrase “Do more with less,” but I like to joke that design teams are expected to “Do everything with nothing.” If your design team is monitoring the accuracy of taking duration estimates for design projects, the accuracy of your project plans should improve. Your management team should also develop greater confidence in your teams’ ability to forecast product launch dates, thereby the estimates for resource needs. Managers frequently challenge you to achieve the impossible.

The most famous example of this is when Steve Jobs challenged Steve Wozniak to design the video game Breakout in just a few days. If you are the next Steve Jobs, and you have Woz on your team, keep aiming for the moon. If your team consists of mere mortals, you might need more resources. Your senior management may not have additional resources to provide, but it is critical to accurately estimate the resources needed for projects. If you can estimate accurately, you will have the following impact on your company:

  1. You will be able to estimate the amount of time to market that can be reduced by adding resources.
  2. You will be able to estimate the cost impact of unrealistic management timelines—instead of saying, “I can’t push it any faster, Captain.” (my favorite Star Trek quote).
Future Steps: Preventive Actions

In one of my previous postings (http://bit.ly/PASources), I stated, “The most fruitful source of preventive actions, however, is data analysis of process control monitoring.” If you are monitoring and measuring your design control process, you can use this approach to:

  • Identify preventive actions for your design process
  • Establish specifications for critical path tasks in each project
  • Calculate your design process capability for successful completion based upon historical data

The answer to the following question may help you identify your next design process improvement. How close are your estimates to achieving a Cpk > 1.33 for completing design verification protocols on-time? %name Keeping Design Projects on Schedule: Using the CAPA Process If you are interested in learning more about CAPA, please register for the Medical Device Academy’s CAPA Workshop on September 9 in Orlando, or on October 3 in San Diego. Click here to register for the event: http://bit.ly/MDAWorkshops.

Posted in: CAPA

Leave a Comment (2) →

How to perform a quantitative CAPA effectiveness check

This article review explains how to conduct a quantitative CAPA effectiveness check, and you will also learn three methods NOT recommended.

quantitative effectiveness check 1024x713 How to perform a quantitative CAPA effectiveness check

There are three methods NOT recommended for a CAPA effectiveness check:

  1. verifying the procedure was revised,
  2. verifying employees were retrained, and
  3. making sure mistakes don’t occur 3x in a row.

The best method is to establish quantitative criteria for effectiveness based upon data collected during the investigation of the root cause. The graph above is an example of objective evidence that preventive action was effective. The chart shows that the process capability (Cpk) was improved from 0.837 to 2.50 by changing a process set-point to adjust the mean of the dimension closer to the center of the specification range. This is typical of adjustments made during process validation and revalidation activities.

Incorrect Method 1: Verify the Procedure was Revised

When a nonconformity is identified during an ISO 13485 audit, the laziest way to “fix” the problem is to revise your procedure. Despite the fact that most FDA 483s identify inadequate procedures as the reason for observation, your procedures are seldom the problem. Your employees may not even be following the procedures. Repeatedly revising procedures may be part of the problem. If you must revise your procedures, please involve the people that use the procedures.

Incorrect Method 2: Verify Employees were Retrained

During your last surveillance audit, you may have revised the procedure, but your auditor noticed that there were no retraining records for employees that were performing the revised procedure. One interviewee was unable to identify where the new inspection step could be found in the revised procedure. It’s too bad the interviewee didn’t notice the bold and underlined text indicating recent revisions. Your auditor wonders how effective your retraining process is.

Incorrect Method 3: No Mistakes 3x in a Row

Last month a manufacturing engineer was assigned to perform an effectiveness check related to corrective actions implemented in the incoming inspection process. The procedure was revised to clarify the proper procedure for a statistical sampling of rolls of plastic film as a corrective action. The engineer sampled the three most recent lots of the same plastic film that was incorrectly sampled in the past. All three lots were correctly sampled in accordance with the revised procedure. The engineer reported that the corrective actions implemented were effective. However, you have two new nonconformities on your desk from manufacturing related to incorrect sampling procedures during an incoming inspection of other raw materials. Now you wonder if the incoming inspection procedure was the real root cause.

Corrective actions that are actually effective

Instead of adding something to your procedures each time someone makes a mistake, you might want to think about how you can simplify and streamline your procedures with fewer words. You can say things more clearly with pictures and flow charts instead of hundreds of words. Training effectiveness can be verified with exams that ensure employees “read and understand” your revised procedures. Finally, when you identify a nonconformity with one product, you need to ensure that you consider how similar mistakes might occur with similar products. Maybe you need a process for incoming inspection that doesn’t rely upon someone reading procedures.

You need to be objective to perform an effectiveness check

The biggest weakness of the auditing process is that it relies heavily upon the subjective opinion of an auditor. This is why auditors are supposed to audit against objective audit criteria in an international standard. The need for objectivity is also why there are guidance documents to clarify a consistent interpretation of those standards. Therefore, when you perform an effectiveness check, you also need objectivity. The best way to ensure objectivity is to establish documented criteria for effectiveness prior to finalizing your corrective action plan. Ideally, that will be in the form of a prospective process validation protocol with quantitative acceptance criteria.

How to ensure objectivity

The single best way to ensure objectivity when you are performing a CAPA effectiveness check is to define the post-implementation goal in terms of a quantitative quality objective. Ideally, you can graph the quality metric using historical data and current data. If you need statistical analysis to see a difference between pre- and post-implementation of the CAPA, then your CAPA was not effective. If your graph looks like a miracle happened and the metric changed almost overnight, and timing corresponds to the date your corrective action(s) was implemented, then your CAPA was effective.

How to set a quality objective for you CAPA effectiveness check

Some people have trouble with using a quantitative approach in performing effectiveness checks because some things are harder to measure than others. However, you can measure anything. For example, you can even measure employees forgetting to initial and date changes to quality records. This can be done by identifying critical control points where quality records are reviewed, and documentation errors are measured. You can measure by the employee, by form, by month, etc. The key to monitoring and measuring a process is to answer the following questions:

  1. Who will measure it?
  2. What will be measured?
  3. Where will it be measured?
  4. When will it be measured?
  5. How will it be measured?
  6. How will measurements be analyzed?
  7. Who will data analysis be communicated to?

When to Perform a CAPA Effectiveness Check

Many companies set arbitrary deadlines for performing an effectiveness check (e.g., – between 30 and 60 days of implementation of corrective actions). Some companies use a risk-based approach to their CAPA process, and the urgency of effectiveness checks may be a function of risk. I recommend a completely different approach. Instead of using an arbitrary or risk-based approach, I recommend monitoring your new quality metric to estimate how long it will take to reach your new quality objective.
%name How to perform a quantitative CAPA effectiveness check

If you are interested in learning more about CAPA, click here to register for Medical Device Academy’s Risk-Based CAPA webinar.

Posted in: CAPA

Leave a Comment (16) →

Where to Locate Preventive Action Sources

%name Where to Locate Preventive Action Sources

The author discusses why preventive action is important in developing a sustainable and robust quality system and where to locate preventive action sources.

Most ISO auditors and FDA inspectors view CAPA as one of the most important processes in your quality system. Still, the approach to preventive actions is distinctly different between the ISO Quality System Standards (i.e., – ISO 9001 and ISO 13485) and FDA regulations (i.e., – 21 CFR 820.100). Throughout the FDA QSR, corrective action and preventive action are always found together, while in the ISO Standards, preventive action is a separate clause (i.e., – Clause 8.5.3). The wording of the two clauses is nearly identical, but ISO certification auditors tend to be purists. Therefore, your ISO certification auditor will expect you to have at least some examples of CAPAs that are 100% preventive. Many auditors will issue a nonconformity if you have no examples that are 100% preventive.

Why is Preventive Action Important?

While I was conducting certification audits, I noticed that the better quality systems tended to have several examples of preventive actions. There were a few companies that had more preventive actions than corrective actions, and the quality systems at those companies happened to be much stronger in general—not just their CAPA process. Is this a coincidence?

No, the CAPA process is how you correct and prevent quality problems. In order to find preventive actions, you have to develop your other quality system processes. These companies have strategically chosen to create their quality systems to a higher level of performance because they know that preventing quality problems results will cost substantially less than waiting until problems occur, and then fixing those problems. These companies often talk about the “Cost of Quality,” and when you tour their facility, you see quality objectives being communicated to everyone.

I have only had a couple of clients in the past decade that argued about the importance of preventive actions, but most clients ask me, “Where can we find more?”

Guidance Documents

As a certification auditor, I was not allowed to “consult,” but was able to mention guidance documents that might help. Therefore, the number one guidance document I recommend is 13485 Plus (a document sold by the Canadian Standards Association – http://bit.ly/ShopCSA).

13485 Plus includes all Clauses of the 13485 Standard, including text from ISO 14969—an international guidance document for the implementation of ISO 13485. In section 8.5.3 of the guidance document, you will find the following list of preventive action sources:

  1. The purchased product rejected on receipt
  2. Evidence that previous decisions affecting product conformity were false
  3. Products requiring rework
  4. In-process problems, wastage levels
  5. Final inspection failures
  6. Customer feedback,
  7. Warranty claims,
  8. Process measurements,
  9. Statistical process control documents,
  10. Identification of results that are out-of-trend, but not out-of-specification,
  11. Difficulties with suppliers,
  12. Service reports, and
  13. Need for concessions.
Practical Experience

In addition to the sources listed in guidance documents, there are three other sources that I like to recommend consulting clients. One source is your internal audit process. Auditors verify the conformity of processes, but internal auditors should also look for processes that are inefficient and need improvement. When auditors are performing a process audit, some process owners have difficulty identifying process metrics that are being tracked for each process. Auditors should be trained to follow the audit trail when process monitoring is absent because processes that are not already measured usually have more room for improvement than processes currently being measured.

Another source of preventive actions is the Total Product Lifecycle Database on the FDA website (http://bit.ly/FDATPLC). Every three-letter product code has a corresponding database report that you can use to identify product malfunctions and adverse events associated with competitor products. Learning from the mistakes of your competitors and implementing appropriate preventive actions internally is a great way to avoid the need for corrective actions—especially for design malfunctions.

The most fruitful source of preventive actions, however, is data analysis of process control monitoring. This source can identify negative trends within your company’s manufacturing process and suppliers’ processes. Catching a negative trend before products and components are nonconforming reduces the number of corrective actions needed, the cost of scrap or rework, and eliminates delays that result in customer complaints.

Setting a CAPA Quality Objective

As your company begins to develop additional sources of preventive actions, you may want to consider establishing a Quality Objective for your CAPA process. The most common Quality Objectives for a CAPA process are:

  1. Initiate at least one new preventive action per quarter
  2. Close all CAPAs within 90 days
  3. Reduce the average aging of CAPAs to <45 days

However, I would like to suggest another possible Quality Objective:

  1. Increase the ratio of preventive actions to corrective actions to > 1.00

To be successful in achieving this Quality Objective, you will need to increase your preventive actions and decrease the number of corrective actions. The reduction of corrective actions indicates that you are identifying potential problems before corrective action is required. In contrast, the increase in preventive actions indicates that your process for identifying potential problems is becoming more effective.

%name Where to Locate Preventive Action Sources

If you are interested in learning more about preventive action, please register for the Medical Device Academy’s CAPA Workshop on September 9 in Orlando, or on October 3 in San Diego. Click here to register for the event: http://bit.ly/MDAWorkshops.

Posted in: CAPA

Leave a Comment (3) →

Root cause analysis – Learn 4 tools

The author describes four tools (Five Why Analysis, Is/Is Not Analysis, Fishbone Diagram, and Pareto Analysis) and how each one can help conduct effective root cause analysis.

Quality problems are like weeds. If you don’t pull them out by the root, they grow right back.

Training on the 4 Tools

Most companies are doomed to repeat their mistakes because the root cause of their mistakes is not fixed. Why don’t companies fix their mistakes? Because the people responsible for the corrective actions (CAPA), were not adequately trained on root cause analysis. Adequate training on root cause analysis requires three things:

  1. Courage to admit that your process is broken
  2. Learning more than one tool for analyzing problems
  3. Practicing the use of root cause analysis tools

If your auditor identifies a nonconformity and you disagree with the finding, then you should not accept the finding and state your case. If an inspector rejects a part, and you believe the part is acceptable, then you should allow the part to be used “as is.” In both of these cases, however, you need to be very careful. Sometimes the problem is that “acceptable” is not as well-defined as we thought. I recommend pausing a moment and reflecting on what your auditors and inspectors are saying and doing. You may realize that you caused the problem.

Once you have accepted that there is a problem, you need to learn how to analyze the problem. There are five root cause analysis tools that I recommend:

Root Cause Analysis Tool # 1 – 5 Why Analysis

A “Five Why Analysis” is not just five questions that begin with the word “why.” Taiichi Ohno is credited with institutionalizing the “Five Why Analysis” at Toyota as a tool to drill down to the root cause of a problem by asking why five times. I have read about this, used this tool, and taught this concept to students, but I learned of a critical instruction that I was missing when I read Toyota Under Fire.

In that book, Jeff Liker makes the following statement, “Toyota Business Practices dictates using the ‘Five Whys’ to get to the root cause of a problem, not the ‘Five Whos’ to find a fire the guilty party.” At the end of the book, there are lessons learned from Toyota’s experience. Lesson 2 says, “There is no value to the Five Whys if you stop when you find a problem that is outside of your control.” If your company is going to use this tool, it is important that the responsible person is the one performing the five why analysis, and asks why they didn’t take into account forces that are out of their control.

5 why analysis for root cause analysis 1024x700 Root cause analysis   Learn 4 tools

Root Cause Analysis Tool # 2 – Is/Is Not Analysis

The next tool was presented to me at an AAMI course that I attended on CAPA. One of the instructors was from Pathwise, and he explained the “Pathwise Process” to us for problem-solving. A few years later, I learned that this tool is called the “Is/Is Not Analysis.” This tool is intended to be used when you are having trouble identifying the source of a problem. This method involves asking where the problem is occurring as a potential clue to the reason for the problem. For example, if the problem only occurs on one machine, you can rule out a lot of possible factors and focus on the few that are machine-specific.

The reverse approach is also used to help identify the cause. You can ask where the problem is not occurring. This approach may also lead you to possible solutions to your problem. For example, if the problem never occurs on the first or second shift, you should focus on the processes and the people that work on the third shift to locate the cause. The “Is/Is Not Analysis” is seldom used alone, but it may be the first step toward locating the cause of a quality problem.

Root Cause Analysis Tool # 3 – Fishbone Diagram

fishbone Root cause analysis   Learn 4 tools

This name comes from the shape of the diagram. Other names for this diagram are the “Cause and Effect” or “Ishikawa” diagram. If a problem is occurring in low frequency and has always existed, this might not be your first tool. However, I typically start with this tool when I am doing an investigation of nonconforming product—especially when rejects suddenly appear.

If you are baffled about the cause of a problem, brainstorming the possible causes in a group sometimes works. However, I like to organize and categorize the ideas from a brainstorming session into the “6Ms” of the Fishbone Diagram.

Root Cause Analysis Tool # 4 – Pareto Analysis

The fourth root cause analysis tool is the Pareto Analysis named after Antoine Pareto. This tool is also a philosophy that was the subject of a book called The 80/20 Principle: The Secret to Achieving More with Less. The Pareto Analysis is used to organize a large number of nonconformities and prioritize the quality problems based upon the frequency of occurrence. The Pareto Chart presents each challenge in descending order from the highest rate to the lowest frequency. After you perform your Pareto Analysis, you should open a CAPA for the #1 problem, and then open a CAPA for the #2 problem. If you get to #3, consider yourself lucky to have the time and resources for it. We have an example of a Pareto Chart in our article on FDA 483 inspection observations from 2013.

Additional Training Resources

If you are interested in learning more about root cause analysis and practicing these techniques, please register for the Medical Device Academy’s Risk-Based CAPA training.

Posted in: CAPA

Leave a Comment (15) →

A3 Reports – The Missing Link to Effective CAPA Process Management

A3 Workbook A3 Reports – The Missing Link to Effective CAPA Process ManagementYour CAPA process is the most important process in your Quality System for two reasons. First, CAPA is the tool you use to fix quality problems. Second, your CAPA process is guaranteed to be an area of interest for your next FDA inspector.

If CAPA is so important, why do companies still have inefficient CAPA processes?

When auditors review a CAPA process, some of them start by reading the procedure. When FDA writes a 483 observation about CAPA processes, the wording begins with “Procedures for corrective and preventive action have not been adequately established. Specifically…”. The approach of auditors and inspectors seems to suggest that your procedure is the key to an effective CAPA process, but your procedures are not the reason for the success or failure of processes.

Processes are effective when the management of the processes is effective. If a CAPA falls behind schedule, writing a justification for an extension is a process “solution.” A real solution is managing the process better. Management needs to monitor the progress of CAPAs regularly, should prioritize resources to ensure that CAPAs are completed on time, and needs to make decisions on which actions should be taken to prevent recurrence of quality problems. Therefore, you need to spend more time developing a method of managing CAPAs than you spend developing the CAPA process itself.

What is an A3 Report?

An A3 report is a tool that is ideally suited for managing CAPAs. “A3” refers to the size of the paper used (i.e., – approximately 11”x17”). An A3 report is a one-sided, single piece of paper that is used to build consensus among company management when you are making an important decision. The initial draft of the A3 report is distributed to each of the affected departments to ensure that all possible inputs to a quality problem are received. By encouraging 360-degree feedback for a proposed solution to a quality problem, you will ensure that the CAPA you develop addresses the issue completely.

In addition to encouraging 360-degree feedback, an A3 report includes an analysis of the problem, identification of the cause, proposed actions that require management decision, a section for documenting actions taken, and a follow-up section for management to review at specific milestones during the implementation plan. Including all of this information in one page forces CAPA owners to summarize information for management, and the standardized format makes it easier for managers to locate the information they want.

Here’s how these sections would be used for managing CAPAs.

Analysis of the Problem

This section is identical to the section of a traditional CAPA record, where the investigation of the problem is documented. This is where tools such as 5 Why analysis, Pareto charts, and Fishbone Diagrams would be used to illustrate the analysis of the problem. This section may change a great deal during the 360-degree review of the A3 report.

Root Cause or Potential Cause

In this section, there should be a concise statement of the root cause for corrective action plans or the potential cause(s) for preventive action plans. During the initial review of the A3 report, management may ask the person or team assigned to the CAPA to investigate the problem in greater depth or investigate other possible sources of information if the analysis appears to be inadequate. Management should also ensure that the causes are within the control of the company to correct or prevent. Identifying a cause that is outside the control of the company is just placing blame.

Proposed Actions

This section is similar to a typical CAPA plan, but the section includes the reason(s) why the proposed actions are recommended. The reasons why actions are proposed is important during the process of management reviewing the initial A3 report and approving the recommended actions. The best practice is to phrase the reasons in terms of quantitative results that will be achieved because this will provide a framework for metrics during follow-up by management.

Actions Taken

This section of the A3 report is updated throughout the implementation of the project. By comparing this section with proposed actions, management can monitor the status of each task included in the CAPA plan.

Follow-up

This section of the A3 report identifies how management will monitor the implementation of actions and when. The initial A3 report identifies what management will be monitoring, how it will be monitored, and at what milestones. Ideally, the monitoring includes quantitative metrics that demonstrate the effectiveness of the CAPA. During the implementation of the CAPA plan, actual metrics will be recorded in this section, and any adjustments that management makes are recorded here.

If you are interested in learning more about A3 reports, you can learn more from Daniel Matthews at http://bit.ly/A3Workbook.

You can also learn more about improving your CAPA process by attending one of the workshops on CAPA: September 9 in Orlando or October 3 in San Diego. Each workshop is one day, and early bird pricing is $249 per day if you register before August 1. Click Here to learn more: http://bit.ly/12AxxQ0

Posted in: CAPA

Leave a Comment (0) →
Page 20 of 26 «...101819202122...»