Blog

Author Archive

What is a MEDDEV?

The author defines what a MEDDEV is, recent updates, and information resources to learn more.

The most important part of my website is “Helpful Links.” These are the links that I use most in Regulatory Affairs. It started as an auditor’s toolbox, but now I am morphing it into a place to review updates to regulatory requirements and external standards. The MEDDEV’s are on the top of my list. These are the guidance documents written by Competent Authorities. Still, most of the Notified Bodies treat them as requirements and often write nonconformities against at least one of them: MEDDEV 2.12/1 – Medical Device Vigilance System.

Many companies rely on RSS feeds to keep them current on the latest external standards, but this doesn’t work for a MEDDEV. For MEDDEV’s, your best bet is to go to the source. Sure, you can hire a consultant that will try and keep you current. You can also wait until your NB auditor lets you know the hard way (i.e.,. – time to write another administrative CAPA).

For those of you who don’t know the source, it is my #1 “Helpful Link”:

http://ec.europa.eu/health/medical-devices/documents/guidelines/index_en.htm 

When asked how to keep current, my advice is to have a systematic process for checking various sources of external documents. At a minimum, you should be checking all of the possible sources just before each Management Review. This will give you something to include for the requirement in clause 5.6.2h) of the ISO 13485:2003 Standard. “More preferably,” as lawyers would say, check out the website link above at least once per month. For those of you that are completely out of touch, and those that just fell off the University hayride, the following explains why you can’t get away with saying:

“There haven’t been any new or revised regulatory requirements since the last Management Review.”

MEDDEV Updates

There were several updates to the MEDDEVs released as supporting documents for the M5 version of the MDD (93/42/EEC as modified by 2007/47/EC). Specifically, there were four in December 2009 and one in June 2010. Then there were two more MEDDEVs released in December 2010 related to clinical study requirements in Europe. In January 2012, another six MEDDEVs were released, and one more was released in March. Not all of these updates apply to every company, but every RA professional working on CE Marked products has been busy readying themselves to sleep at night.

I could spend some time here telling you a couple of sentences about each of these new MEDDEVs, but someone already did that for me:

http://www.eisnersafety.com/eu-medical-device-meddevs-guidance-docs-newly-rlsed-or-updated/#.T8Oml7Dy-So

One fellow blogger indicated that the MEDDEV 2.5/10, about Authorized Representatives (ARs), was disruptive:

http://medicaldeviceslegal.com/2012/02/09/new-meddev-on-authorised-representatives-everything-you-know-is-wrong/

I don’t agree with Erik Vollebregt about it being disruptive. Erik feels that we can all expect substantial revisions in the AR contracts, but I think the Germany AR’s I have worked with were already moving in this direction. Emergo has been a strong AR all along—with a distinctly more friendly Dutch style to their processes. In the end, I just don’t see Notified Bodies (NBs), making these contracts a priority initiative. I think we’ll see more auditors verifying that contracts are in place and current, but I don’t expect auditors to receive guidance on how to review contracts anytime soon.

The real changes will be in the smaller AR’s that are not European Association of Authorized Representatives (EAAR) members. The Competent Authorities (CAs) have been knocking on the door of various “wannabee” AR’s for a few years now. I think they have done an excellent job of shutting down illegitimate representatives, and the member companies of EAAR (http://www.eaarmed.org/) have done well in raising awareness. The next logical step was to provide some guidance so that there is more consistency among the ARs. I see this as just the beginning of the CA’s moving toward one approach.

Erik wrote another article about MEDDEV 2.12/2 on the subject of Post-Market Clinical Follow-up (PMCF):

http://medicaldeviceslegal.com/2012/01/17/new-eu-guidance-on-post-market-clinical-follow-up-studies-published-and-other-meddev-guidance-announced/

Erik just touched on this MEDDEV briefly, but if your company is a manufacturer of a Class III device that is CE Marked—YOU NEED TO READ THIS MEDDEV!

MEDDEV Whitepaper

As in all things post-market related, BSI has taken the lead by publishing an article that is almost as long as the original MEDDEV. This white paper was written by Dr. Hamish Forster, BSI’s Orthopedic & Dental Product Expert, and the document is called “The Post-Market Priority.” I think you can only obtain a copy of this white paper by requesting it from BSI online, but the customer service person that follows up is quite polite.

BSI’s leadership role in PMCF is not new, either. Gert Bos gave a presentation that highlighted the importance of PMCF back on March 31, 2010:

http://www.bsigroup.nl/upload/Presentatie%2031%20maart%20-%20Gert%20Bos.pdf

My advice for anyone that has a Class III device that is CE Marked is to read this MEDDEV a few times, Annex X 1.1c of the MDD, read the whitepaper, and review these presentations by Gert Bos. This will help you prepare for what is coming. For those of you that think you know something about PMCF and have justified why your company doesn’t need to do it, think again. You should review the 16 bullet points in the MEDDEV on pages 14 and 15 (17 bullets in the whitepaper, but one was just split into two parts). Identify how many of these points apply to your Class III device. The more points that apply to your product, the more extensive the NB’s will expect your PMCF plans to be.

 

Posted in: CE Marking

Leave a Comment (0) →

How to Write Design Control Procedures

The author has reviewed 100+ design control processes in his career, and this blog provides five steps to write design control procedures.

In my previous blog posting, I indicated six things that medical device companies can do to improve design controls. While the last posting focused on better design team leaders (WANTED: Design Team Needs Über-Leader), this posting focuses on writing stronger procedures. I shared some of my thoughts on how to write design control procedures just a few weeks ago, but my polls and LinkedIn Group discussions generated great feedback regarding how to write design control procedures.

No Need to Write Design Control Procedures

One of the people that responded to my poll commented that there was no option in the poll for “zero.” Design controls do not typically apply to contract manufacturers. These companies make what other companies design. Therefore, their Quality Manual will indicate that Clause 7.3 of the ISO 13485:2016 Standard is excluded. If this describes your company, sit back and enjoy the music.

1 Procedure Only

Another popular vote was “one.” If you only have one procedure for design controls, this meets the requirements. It might even be quite effective.

When I followed up with poll respondents, asking how many pages their procedures were, a few people suggested “one page.” These people are subscribing to the concept of using flow charts instead of text to define the design control process. I use the following diagram to describe the design process: The Waterfall Diagram!

waterfall diagram How to Write Design Control Procedures

From the US FDA Website.

I first saw this diagram in the first course I took on Design Controls. This is on the FDA website too. To make this diagram effective as a procedure, we might need to include some references, such as work instructions, forms, the US FDA guidance document for Design Controls, and Clause 7.3 of the ISO 13485:2016 Standard.

Many Design Control Procedures

The bulk of the remaining respondents indicated that their company has eight or more procedures related to design controls. If each of these procedures is short and specific to a single step in the Waterfall Diagram, this type of documentation structure works well. Unfortunately, many of these procedures are a bit longer.

If your company designs software, active implantable devices, or a variety of device types—it may be necessary to have more than one procedure just to address these more complex design challenges. If your company has eight lengthy procedures to design Class 1 devices that are all in the same device family, then the design process could lose some fat.

In a perfect world, everyone on the design team would be well-trained and experienced. Unfortunately, we all have to learn somehow. Therefore, to improve the effectiveness of the team, we write design control procedures for the team to follow. As an auditor and consultant, I have reviewed 100+ design control processes. One observation is that longer procedures are not followed consistently. Therefore, keep it short. Another observed is that well-designed forms help teams with compliance.

Therefore, if you want to re-write design control procedures, try the following steps:

  1. Use a flow chart or diagram to illustrate the overall process
  2. Keep work instructions and procedures short
  3. Spend more time revising and updating forms, instead of procedures
  4. Train the entire team on design controls and risk management
  5. Monitor and measure team effectiveness and implement corrective actions when needed

The following is a link to the guidance document on design controls from the US FDA website. In addition to the comments I made in this blog, please refer back to my earlier blog on how to write a procedure. You can also purchase Medical Device Academy’s design control procedure and forms.

Posted in: Design Control

Leave a Comment (0) →

Design Team – Needs a Superwoman Leader

mona superwoman Design Team   Needs a Superwoman Leader

“Mona Superwoman” by Teddy Royannez (France)

This blog discusses the reasons for a female design team leader and the qualities and skills that she should possess to get maximum results out of her team.

Last November, Eucomed published a position paper titled, A new EU regulatory framework for medical devices: Six steps guaranteeing rapid access to safe medical technology while safeguarding innovation. While I have serious doubts that any government will ever be able to “guarantee” anything other than its own continued existence, I have an idea of how the industry can help.

The position paper identified six steps. Each of these steps has a comparable action that could be taken in every medical device company. My list of six steps is:

Only the best leaders have:

  1. Only one approach to design controls
  2. Stronger internal procedures
  3. Cross-pollination by independent reviewers
  4. Clear communication of project status to management
  5. Better project management skills

The most critical element to success is developing stronger design team leaders. Design teams are cross-functional teams that must comply with complex international regulations while simultaneously be creative and develop new products. This type of group is the most challenging type to manage. To be successful, design team leaders must be “Über-Leaders.”

Critical Design Team Leader Skills

The most critical skills are not technical skills but team leadership skills. The role of a design team leader is to ensure that everyone is contributing, without tromping on smaller personalities in the group. Unfortunately, there are more men in this role than women.

Why is this unfortunate? Because men have difficulty when it comes to listening (takes one to know one).

We need a leader that will be strong, but we also need someone that is in touch with the feelings of others and will use that skill to bring out the best of everyone on the team. This superwoman also needs to earn the respect of the male egos around the table. She needs to be an expert in ISO 14971, ISO 13485, Design Controls, Project Management, and managing meetings. Our beautiful heroine must also be a teacher because some of our team members will not know everything—even if they pretend to.

The Über-Leader will always remind the team that Safety & Efficacy are paramount. As team leaders, we must take the “high road” and do what’s right—even when it delays a project or fails to meet our boss’s unrealistic timetable. Superwoman must demand proof in the form of verification and validation data. It is never acceptable to go with an opinion.

She will remind us that compromise is the enemy, and we must be more creative to solve problems without taking shortcuts that jeopardize safety and efficacy. She will work harder on the project than anyone else on the team. She will keep us on schedule. She will whisper to get our attention, but she won’t be afraid to yell and kick our ass.

As Jim Croce says, “You don’t tug on Superman’s cape.” Superwoman is the only exception to this rule.

 

Posted in: Design Control

Leave a Comment (4) →

Design Input Requirements: 3 Common Errors

The author reviews three common errors related to design input requirements and uses examples to illustrate compliance.

I have been directly involved in dozens of design projects throughout my career, and during the past three years, I have audited 50+ Design Dossiers for CE Marking of Medical Devices. Throughout most of these design projects, I have noticed one common thread—a misunderstanding of design inputs.

ISO 13485 identifies design input requirements. These requirements are:

  1. Functional (7.3.2a)
  2. Performance (7.3.2a)
  3. Safety (7.3.2a)
  4. Statutory/Regulatory (7.3.2b)
  5. Previous and Similar Designs (7.3.2c)
  6. Essential Requirements (7.3.2d)
  7. Outputs of Risk Management (7.3.2e)
  8. Customer Requirements (7.2.1)
  9. Organizational Requirements (7.2.1)
Design Input Requirements: 3 Common Errors Reviewed

The most common error seems to be the failure to include the outputs of risk management. For those of you that have used design FMEA’s—that’s what the right-hand columns are for. When you identify suggested actions to mitigate risks with the current design, these actions should be translated into inputs for the “new and improved” model.

The second most common error seems to be a failure to consider regulatory requirements. There are two ways this mistake is frequently made: 1) Canadian MDR’s were not considered as design inputs for a device intended for Canadian medical device licensing, and 2) an applicable ISO Standard was not considered (i.e., – “State of the Art” is Essential Requirement 2 of the Medical Device Directive (MDD)).

The third most common error, and the one that drives me crazy, is a confusion of design outputs and design inputs. For example, an outer diameter of 2.3 +/- 0.05 mm is not a design input for a 7 French arterial catheter. This is a design output. The user need might be that the catheter must be small enough to fit inside the femoral artery and allow interventional radiologists to navigate to a specific location to administer therapy. Validation that the new design can do this is relatively straight forward to evaluate in a pre-clinical animal model or a clinical study. The question is, “What is the design input?”

Design Input Examples

Design inputs are supposed to be objective criteria for verification that the design outputs are adequate. One example of a design input is that the catheter outer diameter must be no larger than a previous design that is an 8 French catheter. Another possible design input is that the catheter outer diameter must be less than a competitor product. In both examples, a simple measurement of the OD is all that is required to complete the verification. This also gives a design team much more freedom to develop novel products than a narrow specification of 23 +/- 0.05 mm allows for.

If you are developing a Class II medical device for a 510(k) submission to the FDA, special controls guidance documents will include design inputs. If you are developing a Class IIa, Class IIb, or Class III medical device for CE marking, there is probably an ISO Standard that lists functional, performance, and safety requirements for the device. Regulatory guidance documents and ISO Standards usually reference test methods and indicate acceptance criteria. When you have a test method and acceptance criteria defined, it is easier to write a verification protocol. Therefore, design teams should always strive to document design inputs that reference a test method and acceptance criteria. If this is not done, verification protocols are much more difficult to write.

In my earlier example, the outer diameter of 2.3 +/- 0.05 mm is a specification. Unfortunately, many companies would document this as an input and use the final drawing as the output. By making this mistake, “verification” is simply to measure the outer diameter to verify that it matches the drawing. This adds no value, and if the specifications are incorrect, the design team will not know about it.,

A true verification would include a protocol that identifies the “worst-case scenario,” and verifies that this still meets the design input requirements. Therefore, if the drawing indicates a dimensional tolerance of 2.3 +/- 0.05, the “worst-case” is 2.35 mm. The verification process is to measure either a previous version of the product or a competitor’s catheter. The smallest previous version or competitor catheter tested must be larger than the upper limit of the design output for the outer diameter of the new catheter.

Posted in: Design Control

Leave a Comment (3) →

Best In Class Process Validation Program

This blog reviews a best in class CNC machining process validation program. Our author writes, “In general, the best approach is a risk-based approach.”

The original question from a former client was: “What does a best in class CNC machining process validation program look like?” Although I intend to answer this question, I know a few other clients that have done a great job of this. Hopefully, they will add their own opinions as a comment. Therefore, I am expanding the scope of this question to validation in general.

Process Validation

The problem with validation is that you can always do a more thorough validation. Only in the cases of processes, such as sterilization, do we have ISO Standards that tell us what is required. Otherwise, we are usually the experts, and we have to use our judgment as to what is necessary. In general, the best approach is a risk-based approach.

For each design specification established for a component, we also need to identify what process risks are associated with failure to meet the specification. Most companies perform a process Failure Modes and Effects Analysis (pFMEA). This risk analysis has three quantitative components: 1) severity of the failure’s effect, 2) probability of occurrence, and 3) detectability. The first factor, severity, is based upon the intended use of the device and how that component failure impacts that use. Usually, it is important to have a medical professional involved in this portion of the estimation.

The second factor, probability, is typically quantified during process validation activities. One company I audited developed a ranking scale for the probability that was linked directly to the CpK of the process. Higher CpK values received lower scores because the process was less likely to result in an out-of-specification component. Another company I worked for used a six-point logarithmic scale (i.e., – 10e-6 = 1, 10e-5 = 2, 10e-4 = 3, 10e-3 = 4, 10e-2 = 5, and 10e-1 = 6). This logarithmic scale was based on sterilization validation, where a sterility assurance level of 10e-6 is considered “validated.”

The third factor, detectability, is best estimated by using a quantitative scale that is based upon a gauge R&R study or some other method of inspection method validation.

Most companies struggle with the determination of what is acceptable for design risk analysis. However, for process risk analysis, it is usually much easier to quantify the acceptable risk level.

Corrective Action

Once you have determined that a process is not acceptable at the current residual risk level, then you must take corrective actions to reduce the risk. The first step to achieve this should be to review the process flow. There are critical control points that can be identified in the process flow. One of those places is at the end of the process at the inspection step in the process.

The inspection step in the process flow affects the detectability of defects. For many automated processes, such as CNC machining, it is not reasonable to perform 100% inspection. Therefore, these processes require validation. Most engineers make the mistake of trying to validate every dimension that is machined. However, only some of the aspects result in device failures. These are the dimensions that are critical to validate. The best practice is to calculate the process capability for meeting each of these critical specifications (i.e., – CpK). A minimum threshold should be established for the CpK (refer back to the process risk analysis for ideas on linking CpK to risk acceptance). Any CpK values below the threshold require a more consistent process. These are the component specifications that should be the focus of process validation efforts.

During a process validation, it is often advisable to perform a Design Of Experiment (DOE) in order to quantify the effects of each process variable. Typically a DOE will evaluate the impact on CpK for each variable at a high, low, and middle value, while other variables are maintained at nominal values. Any variables that appear to have a significant impact on the CpK are candidates for performing an Operational Qualification (OQ). For a machining process, this could include spindle speeds, feed rates, and material hardness. If variation of the variable has little or no impact upon the CpK, then there is probably little benefit to the inclusion of this variable in an OQ.

The output of an OQ validation should be high and low limits for each process variable that will result in a “good” part. Performance Qualification (PQ) validation is the final step of process validation. In the PQ, most companies will conduct three repeat lots at nominal values for the variables. If the OQ is designed well, there is often little added value in the PQ. Therefore, the sample size is typically three lots of 10 samples each. If the OQ validation does not clearly identify safe operating limits for the variables, or the process has the marginal capability (i.e., – a low CpK), then the OQ should be repeated, and an additional DOE may be needed.

Information Resources

Here are a few information resources for those of you that are in “Deviceland”

  1. Guidelines for the Validation of Chemical Methods for the FDA Foods Program (3/22/2012) – http://www.fda.gov/downloads/ScienceResearch/FieldScience/UCM298730.pdf
  2. Process Validation: General Principles and Practices (January 2011) –  http://www.fda.gov/downloads/Drugs/…/Guidances/UCM070336.pdf
  3. Guidelines for the Validation of Analytical Methods for the Detection of Microbial Pathogens in Foods (9/8/2011) –  http://www.fda.gov/downloads/ScienceResearch/FieldScience/UCM273418.pdf
  4.  CPG Sec. 490.100 Process Validation Requirements for Drug Products and Active Pharmaceutical Ingredients Subject to Pre-Market Approval (3/12/2004) –  http://www.fda.gov/ICECI/ComplianceManuals/CompliancePolicyGuidanceManual/ucm074411.htm?utm_campaign=Google2&utm_source=fdaSearch&utm_medium=website&utm_term=validation&utm_content=3
  5. Q2 (R1) Validation of analytical procedures: text and methodology (June 1995)http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/general/general_content_000431.jsp&mid=WC0b01ac0580029593&jsenabled=true

Posted in: ISO Certification

Leave a Comment (0) →

The Vendor Audit Agenda: Where to Spend Your Time

This blog discusses the importance of reviewing previous quality issues and specific areas where the author likes to spend his time during a vendor audit.

When you attend a lead auditor course, the focus is on Quality System auditing. However, when you perform a supplier audit—the Quality System is not the focus. The focus of a supplier audit can fall into two primary categories: 1) qualifying the supplier, or 2) re-evaluating the supplier.

Suppliers are not required to have a registered Quality System or ISO 13485 certification. Therefore, many of the things that an auditor might learn about audit agendas in a lead auditor course just don’t apply. However, one thing always applies: reviewing previous quality issues. When I audit internal auditing and supplier auditing programs, I find that one of the most common mistakes is the failure to close-out previous nonconformities. Therefore, the second section of my audit report template is a review of prior audit findings. If you have no previous findings, ensure your audit report states that. If you are qualifying a new supplier, ensure that the new supplier doesn’t have the same problems you are having with current suppliers.

When you close the previous issues, there are two approaches. The first approach is to close previous issues at the beginning of the audit—immediately after the opening meeting. This is the most common strategy. The second approach is to close previous issues as you audit the applicable area. For example, if you have previous problems in the area of incoming inspection and maintenance records, it might make sense to close these findings when you audit these areas. The advantage of this second approach is that it ensures that the process owner is closing the previous finding and facilitates the sampling of additional records.

What has little value in the supplier audit agenda? Auditing the Management Review process has the least value because the supplier is not required to have a Quality Management System. In fact, subcontractor audits for BSI never include management reviews, CAPAs, or internal audits—the three required areas for every quality system audit.

Most Valuable Areas to Audit?

Incoming inspection, control of nonconforming materials, preservation of the product, production controls, training, and process validation are the areas I typically audit. I like to start in the nonconforming material area and see which materials are on hold. Then I like to sample the incoming inspection records for those raw materials. Next, I want to see how the company is storing those raw materials—if they are accepted. I typically cover these three areas as one process audit. This also happens to be the process audit I like to use for training new auditors, because of the audit of incoming inspection results in numerous audit trails in the support process areas of document control, training, calibration, etc.

The next area I will visit is the production area. For this portion of the audit, I am doing a process audit of the production process. I usually request that we schedule the audit for a time when the production area is running the product(s) of interest. A process flow chart helps plan this portion of the audit, and I will often write some notes directly on a copy of the process flow chart.

I conclude the audit with follow-up trails in the areas of 1) document control (to ensure the supplier has the most current versions of all documentation “we” provided), 2) calibration (to ensure that all measurement devices used for inspection are calibrated), and 3) training (to ensure that all personnel working on “our” product are appropriately trained).

Since I do not have to spend time on Quality System issues during a supplier audit, I spend more time sampling records in the other areas. Therefore, I might sample 5-10 records in each of the above areas instead of 3-4 records. If the number of samples available to sample is small, I may even sample 100% of the records.

Posted in: Supplier Quality Management

Leave a Comment (2) →

The Supplier Survey with a Twist

This blog suggests that your supplier survey form need be only one page to contain pertinent supplier data information.

I must admit, the first supplier survey I ever used was copied from another company, and we just changed the header. You might think this is entirely unethical, but get real. I have seen that same survey form during at least a dozen audits I have done over the past decade. I have also had to fill out that document.

You know the one…it’s Twenty-nine pages long and asks you a bunch of inane questions that nobody will care about.

Supplier Survey Suggestions

To fix the mess we have all created, I have a few simple suggestions:

  1. Don’t copy another supplier survey form. Make your own form instead
  2. Cut your survey down to ONE page
  3. Focus on collecting supplier information first
  4. Require suppliers to update this form at least annually, or when they change something
  5. Ask open-ended questions

Twenty-nine pages are insane. Who thought that was a great idea? I think the theory behind this approach is that we will screen out the inferior suppliers that don’t want our business in the first place. In reality, management delegates the completion of this form to a subordinate that they want to punish. I don’t think I need to explain the theory behind a one-page document.

You need supplier contact information, size of the facility, number of employees, shifts, website, software capability, etc. This is obvious information that you need to know about your supplier.

Make sure you give the supplier this form in MS Word format so that they can fill it in with minimal effort. Next year, when you want them to fill it out again, give them the original in MS Word format so that they can redline changes. This makes it easy to see what changed and reduces the effort required to update this annually. Why do you need a signature and date on this stupid form? I do not know. If you can think of a good reason, go ahead and make your supplier sign and date the form. If you can’t, don’t require a signature and date just because everyone else does.

You should have a supplier agreement that requires notification of changes. This should include significant changes to the QMS. Updating the supplier survey is a great way to do this—especially if the supplier can redline the previous version.

Closed-Ended and Open-Ended Questions

My last suggestion is probably the most valuable. Remember the difference between closed-ended and opened-ended questions. “Closed-ended” questions ask for a response of “Yes” or “No.” It makes it easier to complete 29 pages in less than a day, but it’s also easy to identify the answer that the customer wants to hear.

For those of you that have Canadian Medical Devices Conformity Assessment System (CMDCAS) certification, take a look at GD210 sometime. The back of this document has a checklist with clause-by-clause questions. 100% of these questions are “closed-ended.”  Here’s an example: For clause 5.6.2, the GD210 checklist asks, “Is a review of new or revised MDR part of the input to management review?” Examples of “open-ended” questions related to clause 5.6.2 would be:

When was your last Management Review?

  1. What were the new or revised regulatory requirements discussed in the last Management Review?
  2. Who was in attendance at the last Management Review?
  3. How many action items resulted from the last Management Review?

You should notice that not only are these three questions open-ended, but these are also all non-proprietary questions that a supplier should be willing to answer.

Posted in: Supplier Quality Management

Leave a Comment (3) →

Supplier Risk Management: Which Suppliers Should You Audit?

This blog presents a few thoughts on supplier risk management related to criteria in evaluating suppliers and determining which suppliers you should audit.

There are two criteria that are the most popular for the evaluation of suppliers:  1) the percentage of lots accepted and 2) the percentage of on-time delivery. Both of these metrics have potential limitations. For example, what if a good supplier ships only two shipments this year, and there is a problem with one delivery? The reverse is also possible. What if a poor supplier ships lots every week? Ten bad lots per year will result in an 80% quality rating.

On-time delivery has other issues, such as does purchasing update the due date in the MRP system when they ask suppliers to push out the delivery date due to soft sales volume? If a supplier expedites an order in half the standard turnaround time in their “best-effort” to meet your requested due date, should they receive a negative result for percentage on-time delivery if they are one week late?

The points above help identify the limitations of supplier metrics. In the end, if you have a critical supplier—there is no substitute for auditing them. Unfortunately, auditing costs money. So which suppliers should you visit?

The “critical suppliers” is often the answer, but how do you decide who is critical? Well, …benchmarking is a good idea. For example, a Notified Body (NB) must audit “critical suppliers” that do not have ISO 13485 certification. They define “critical” as subcontractors that perform high-risk processes, such as contract sterilization, subcontractors that perform contract packaging and suppliers that manufacture finished devices. Health Canada even provides some guidance on the definition of critical subcontractors, and how the NB shall determine which “subies” need to be audited.

Internally, your supply chain and quality assurance team have to develop a list of suppliers that will be audited. In general, I recommend that all “critical” suppliers be audited at least once every three years (equal to the certification cycle). However, your auditing schedule is a plan that should have “wiggle room.”

For example, if you weren’t planning to visit an existing supplier until next year or the following year, and suddenly there is a new quality issue with that supplier, you may want to add a “for cause” audit of their facility to your supplier audit schedule. You might want to add suppliers near another supplier you were going to audit anyway to reduce travel costs.

Practically speaking, you might decide to audit your ten worst suppliers each year. This might be determined by qualitative, cross-functional rankings, rankings for nonconforming materials, or by the number of supplier corrective action requests. There is no “right” or “wrong” way to determine which suppliers should be audited. However, the best companies have strong supplier quality programs to reduce scrap and the need to perform inspections.

Posted in: Supplier Quality Management

Leave a Comment (0) →

Qualifying a Supplier That Doesn’t Have a Quality Management System

This blog proposes a simple solution for how to qualify a supplier that doesn’t have a quality management system.

You are ignoring the obvious question of why doesn’t a medical device supplier have a quality management system. If you are a contract manufacturer, you should ensure that you have a clause in your supplier qualification procedure that says you don’t need to qualify suppliers that are mandated by your customers. If your response to this suggestion is “Duh,” you haven’t conducted many supplier audits of contract manufacturers. As my buddy, Tim says, “You need to leave somewiggle room’ in your procedures.” This is also good advice for all 19 of your top-level procedures that get audited each year.

For the remaining suppliers you are considering to add to your Approved Supplier List (ASL), you need a SIMPLE set of criteria for how you qualified the supplier. Guess what that magical document should be? (Answer to be provided shortly)

Many companies use a supplier self-evaluation survey. I’m almost certain that I have bashed these nearly useless documents before, but if I failed to do this, …most of them are problematic. A one-page supplier information form seems more appropriate. No signature required! And please make it a Word document.

The supplier qualification procedure needs to be generic for all raw materials and services you purchase. The problem is that everything you purchase has different requirements. So instead of wasting your time with writing one procedure that has wiggle room for every single product or service, you will ever purchase, don’t even try. Instead, write a SIMPLE procedure. This procedure needs only to be one page long. It needs four requirements:

1)      New suppliers must complete a supplier information form and submit it to the company. This should be updated at least once every 12 months and whenever there is a change to the information provided (i.e., – notification of change).

2)      You need at least two people to approve the addition to the Quality Management System. This can be done on your ECO or DCO form for changing the ASL. If the supplier is customer-mandated, you need the customer’s approval and the purchasing managers. If the supplier is internally selected, you need at least purchasing and QA to approve it.

3)      You should have an objective criterion (probably more than one requirement) that is product/service-related for acceptance of the supplier. This criterion SHALL be under document control, and the revision shall be communicated to the supplier when orders are placed. See ISO 13485:2003, section 7.4.2 (Purchasing Information).

4)      Finally, you need a reference to your purchasing procedure (one of the required 19 documents) and your supplier re-evaluation procedure.

If you have not already guessed, the “magical” document is called a purchasing specification or raw material specification for raw material items. For capital equipment, you may require that a capital expenditure justification be completed instead of the purchasing specification. For a calibrated instrument, tool, or fixture, you may request that requirements of the instrument/tool/fixture are documented in the applicable procedure or work instruction. For example, for measurement of this cannula, a calibrated optical comparator is required with 20x magnification. Reference the inspection procedure or drawing, and you are done.

For those of you that would like to keep your ASL shorter, which I recommend, if you don’t think you will be using the supplier more than once, you might want to give the buyer the option of documenting the purchasing specification on the purchasing requisition instead. This might be very helpful for those engineers that are doing R&D or validation work. For example, I need a bag of resin that meets the following raw material specifications—but we don’t currently use this material, and I’m not ready to submit one for approval. That’s why the engineer is ordering the bag of resin. She needs to test the material in the application and gather some preliminary data as justification for the new raw material specification.

There are 100’s of other ways to qualify your suppliers, and many of them work well if you follow your procedure. If your procedure is SIMPLE, your Monday’s will be better.

 

Posted in: Supplier Quality Management

Leave a Comment (0) →

Supplier Management: Who Should Be Conducting Supplier Audits in Your Company?

This blog reviews which a vital supplier management issue, which personnel should be conducting specific types of audits for the company.

Today, I would like to start by asking a question: Who does supplier audits at your company?

I believe that there are three primary purposes for conducting supplier audits:

1) “For cause” audit, where the auditor is investigating the root cause of a nonconformity

2) Qualification audit, where the auditor is assessing if the supplier should be added to the Approved Supplier List (ASL)

3) Re-evaluation audit, where the auditor is verifying that the supplier is maintaining proper production controls

The problem with these three audits is that most companies send the same people—regardless of the purpose. Usually, companies send a purchasing manager or a supplier qualify engineer to conduct supplier audits. Occasionally, the two will do a team audit. Resources for auditing suppliers are tight in most companies. Therefore, I do not recommend this “one size fits all” approach. Instead, I believe that each purpose should be matched up with a specific type of auditor.

“For cause” audits need a supplier quality engineer who has strong investigational skills and will be able to identify the root cause(s) of a nonconformity. The auditor should also be capable of training the supplier on how to respond effectively to a Supplier Corrective Action Request.

Qualification audits are ideal opportunities for a team approach. There are quality issues to consider, but there are also financial scheduling and capacity issues. A cross-functional team approach works best in this case. A team also reduces the potential for biased individuals making inappropriate recommendations.

Re-evaluation audits should not be conducted by purchasing or supplier quality engineers. The reason is that neither position is typically responsible for performing an incoming inspection. If you don’t perform inspections regularly, you may not be aware of all the problems to search for. Therefore, I recommend using QC inspectors for this activity. QC inspectors know precisely which quality issues have been found recently because the QC inspectors identify the defects during incoming inspection, in-process inspections, and during final inspections.

I don’t think that my approach to “For Cause” or Qualification audits is unusual. However, using QC inspectors to perform supplier audits is uncommon. There are two other reasons why I believe companies should consider this approach. First, inspectors would get a rare opportunity to go on a business trip and be reimbursed for the travel. For those employees that rarely travel, this can be an opportunity for recognition by management and a perk (i.e., – free meal, lodging, and travel). Second, supplier quality engineers could easily fill in for a QC inspector to become more familiar with parts and components, as well.

Posted in: Supplier Quality Management

Leave a Comment (3) →
Page 24 of 25 «...10202122232425