The Three Biggest Changes in the Latest 510k Guidance

Leave a Comment / 510(k) / By
510k pmn The Three Biggest Changes in the Latest 510k GuidanceThis blog describes the three most prominent changes in the latest 510k guidance document released on July 28, 2014.

This recently issued guidance (http://bit.ly/Substantial-Equiv-Guidance) for evaluating Substantial Equivalence (SE) is well-written and informative, with well-chosen and written examples. For newbies to 510ks, this is the place to start. The guidance includes background information about the 510k process and links to other documents. If you are an experienced professional, this is a must-read insight into the FDA’s current approach. Use it to guide your strategy for your next submission and make it as easy as possible for the reviewer to reach a decision of SE for your device.


Change #1: 510k Flowchart

The 1986 flowchart guiding the decision of SE was updated and re-formatted to improve clarity. A substantial part of the guidance explains the thinking process that guides a reviewer at each decision step. If you are in the middle of preparing a submission, as I am, then the guidance provides an opportunity to review your work against current FDA thinking and training and adjust your submission to align with the FDA.


Change #2: Predicate Selection

Much has already been written about how this document may alter your selection of a predicate device. The FDA clarifies that split predicates (one for intended use equivalence, another for technological equivalence) have been ruled out. The FDA also recently released another guidance document to assist with performing a benefit/risk analysis (http://bit.ly/SE-Benefit-RIsk) when you are developing a device with a different technology than the predicate. The checklist below is intended to help you review your submission when you have already chosen an appropriate predicate.

  1. If you are using multiple predicates, have you stated which one is your primary predicate, the one that is most similar to your device? The FDA must find your device substantially equivalent to one other device.
  2. Are you using secondary predicates only when you are combining features, have more than one intended use, or have additional indications for use?
  3. Is the intended use the same as that for the predicates? Carefully compare your Intended use and the Indications for use with those of the predicates. Have you explained how they are the same if they are worded differently?
  4. Have you provided a rationale for your choice of predicates in a way that aligns with the guidance?
  5. Is your SE table organized such that the secondary predicates only support the additional indications for use?
  6. Has your predicate been involved in a design-related recall?
  7. Double-check the Indications for Use statement in your labeling. Regulations state that the same intended use must be determined against the labeling, not against what you say in the submission. Of course, what is in the submission should match the labeling.
  8. Have you included a copy of the labeling for the predicate device, e.g., the user manual?
  9. Does your Description section have sufficient information about the technical characteristics? The FDA is quite specific about what they want to see. Check your Description against the lists on page 19, and at (https://www.fda.gov/medical-devices/premarket-notification-510k/content-510k) and in any device-specific guidance.
  10. Does your SE table identify similarities and differences in technological characteristics in a structured way?
  11. Do you make it clear why each of the differences does not pose a significant safety or effectiveness concern?
  12. Clinical performance data. Do the examples in the guidance suggest that you might need clinical evidence after all?
  13. If you are using an animal study, does it comply with applicable parts of GLP regulation (https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm?cfrpart=58)? This was already flagged in the RTA checklist (https://www.fda.gov/regulatory-information/search-fda-guidance-documents/refuse-accept-policy-510ks). If the RTA reviewer can’t tick those boxes for question 39, your submission won’t make it through the review.

Change #3: 510k Summary Template

Eleven pages, a quarter of the guidance document, are devoted to the 510k Summary, which will be posted on the FDA website. The guidance states that “FDA intends to verify the accuracy and completeness of the information included in a 510(k) Summary.” Your reviewer will have been so instructed. There is no change to the regulatory requirements for the Summary, but anyone who has combed through these while searching for a predicate will know that many Statements are incomplete. 

The FDA states that its focus on the summary is in the interests of transparency, and it makes its point quite clearly in this guidance. As well as explaining each requirement, an example is provided. Therefore, I will use Appendix C as a template for my 510k Summary.

The Three Biggest Changes in the Latest 510k Guidance Read More »

Technical File Conversion – 5 gaps to avoid

1 Comment / 510(k) / By / , ,

Technical File conversion from a 510k submission is easy, but five elements are missing from a 510k that you will need to add.MDA techinical file blog Technical File Conversion 5 gaps to avoid

This blog, Technical File Conversion, offers practical courses of action to consider related to this topic. Below are five parts of a technical file you are likely to be missing in your 510k documents:

  1. Technical File Conversion Requires Clinical Evidence The FDA states that clinical data is unnecessary for most devices cleared by the 510k process. The MD Regulation (Annex II) requires a clinical evaluation to be performed and the evaluation report to be part of the technical file. Once formulated, the report becomes “clinical evidence” of the safety and performance of the medical device for demonstrating conformity with the relevant General Safety and Performance Requirements (GSPRs).

Here’s how to fill this gap using five steps offered by MEDDEV 2.7.1 Rev. 3:

  1. Identify the GSPRs requiring clinical support. (e.g., the device “shall not compromise the clinical condition or the safety of patients, or the safety and health of users” and “any risks which may be associated with their use constitute acceptable risks when weighed against the benefits to the patient.”
  2. Identify and “data pool” existing clinical data relevant to the device and its intended use. This should include any available post-marketing data on the same or similar device. But it may also comprise data from clinical trials or clinical use of a previous generation or even a substantially similar device. Finally, if you are utilizing standard methodologies in your device, it may be possible to use data showing conformity to recognized standards.
  3. Evaluate the data to determine if it’s suitable for establishing the safety and performance of your device. Even some generally unusable studies may produce relevant data. It is vital to perform this evaluation systematically. You might draw a chart listing the relevant ERs on the left and indicate the data source supporting or contradicting it to the right. The evaluation must objectively consider both positive and negative data.
  4. Generate any clinical data still needed. Consider methods other than a clinical trial for generating this missing data, e.g., “Data Pull” existing field data of the same or similar devices that may not yet have been ‘pulled’ through your PMS/RM Post-Production Infosystems. If data is unavailable, you may have no choice in generating it through a small-scale clinical trial. If so, keep it small, focused on the questions at hand, and statistically significant.
  5. “Bring all the clinical data together” to reach conclusions about your device’s clinical safety and performance. Essentially, conduct a benefit-risk analysis. Involve qualified team members: e.g., experts in medical conditions and device technology.

Now sum it up in a report.

  1. General Safety and Performance Requirements Checklist – This central component of the technical file is based on Annex I of the MDR and IVD, respectively. There is no such review in a 510k.

Develop a checklist based on the principles in GHTF N68:2012 containing all of the following columns for each ER:

  • Applicable? – y/n; Is the requirement applicable? If not, why.
  • The method used to demonstrate conformity –harmonized standard, Common Specification (CS), etc…?
  • Specific Standards or CS applied.
  • Evidence of conformity  
  • The controlled document/s demonstrating fulfillment of the ER.
  1. Technical File Conversion Requirest Post-Market Surveillance– The FDA requires PMS activities only if it is mandated due to safety concerns and for Class III or devices with Humanitarian Device Exemptions (HDEs). A PMS plan must then be submitted. Manufacturers may not yet have formulated such a plan.

No worries. If you perform your RM activities in compliance with ISO 14971, you will have an RMP or separate system, including a plan for observations, assessment, and action (ISO 14971:2019 § ten). Reference this in your technical file. What about the PMCF report?  Well, if you’ve performed post-market surveillance, develop one. OTechnical File conversion from a 510k submission is easy, but five elements are missing from a 510k that you will need to add. Otherwise, see the next item below.

  1. Technical File Conversion includes a risk management report

While not required by the FDA in your 510k submission, you most likely have fulfilled this ISO 14971 requirement. Reference it in your technical file. Ensure you also confirm in the report that appropriate methods are in place to obtain production and post-production information. If detailed enough, you can also reference the report as a PMCF report.

  1. Risk class/applicable classification rule (based on Annex VII of the MDR) – FDA defines Classes I through III, which are not parallel to Classes 1, IIa, IIb, or III in the EU MDR.

Using either of the latter systems, identify the relevant rule, and classify your device—document in your technical file.

If you have finished your 510k technical file conversion, you might want to perform a technical file audit before submission to your notified body.

Technical File Conversion – 5 gaps to avoid Read More »

Nonconforming Materials Disposition

4 Comments / ISO Certification / By / , , , , ,

Nonconforming materials disposition can be simplified into four categories: scrap, return to supplier, rework, and use as is.

Sorting Disposition of Scrap Nonconforming Materials Disposition

Nonconforming materials disposition

In our previous blog, we focused on requirements to identify and segregate non-conforming materials. Once nonconformities are labeled and locked in your quarantine cage, what do you do next? The next step in the process of determining nonconforming materials disposition. The most common dispositions are:

  • Scrap
  • Return to Supplier (RTS)
  • Rework
  • Use As Is (UAI)

Some companies also have dispositions of sort and repair. The sort is not a disposition and often creates confusion for anyone auditing records of nonconforming materials. Sorting is the process that you must perform when a lot of material fails to meet acceptance criteria. Still, some of the individual units within the lot meet the acceptance criteria. In this scenario, the following sequence of events is recommended.

Sorting nonconforming materials

First, the lot is segregated from a conforming product, and an NCR number is assigned. Next, the lot is 100% inspected for the defect, and the results of the inspection are recorded on the inspection record. It is important to record the specific number of non-conforming units on the NCR record–not the total amount inspected. The final step is to release a conforming product back into the production process or warehouse, and the Material Review Board (MRB) will disposition the units identified as non-conforming.

If identifying a non-conforming product requires an inspection method that is not typically performed, then the inspection plan needs to be corrected, or a corrective action plan is needed. New and unforeseen defects may indicate a process change, a change in the raw materials, or inadequate training of personnel at your company or your supplier. An investigation of the root cause is needed, and it is recommended to consider documenting this investigation as an internal CAPA or a Supplier Corrective Action Request (SCAR).

Material Review Board (MRB) determines the nonconforming materials disposition

Most companies have a “Material Review Board” (MRB) that is responsible for making the decision related to the disposition of non-conforming material. Typically, the MRB will be scheduled once per week to review the most recent nonconformities. The board usually consists of a cross-functional team, such as:

  • Quality Assurance
  • Research & Development
  • Manufacturing
  • Supply Chain
  • Regulatory

The reason for a cross-functional team is to review the potential adverse effects of rework and potential risks associated with a UAI disposition. If rework is required, the cross-functional team will typically have the necessary expertise to create a rework instruction and to review and approve that rework instruction–including any additional inspections that may be required beyond the standard inspection work instructions.

Scrap

If the material is going to be scrapped, there is no risk to patients or users. Therefore, the entire MRB team should not be required to scrap products. Because there may be a cost associated with a scrap of non-conforming products, it is recommended that someone from accounting and a quality assurance representative approve scrap dispositions. Other departments should be notified of scrap, but a trend analysis of all non-conforming products should be reviewed by each department and by top management during management reviews. Auditors and FDA inspectors, specifically, will be looking for evidence of statistical analysis of non-conforming material trends and the implementation of appropriate corrective actions.

Return to Supplier (RTS)

Returning non-conforming material to the supplier that produced it is the most common disposition, but the trend of RTS should continuously be improving. If the trend of RTS is not improving, your supplier qualification process or your supplier control may be inadequate. The best way to ensure that the trend is improving is to initiate a SCAR. Some companies automatically wait until they have a trend of non-conforming material before initiating a SCAR. However, if you wait until a defect occurs twice, you are doubling the number of nonconformities for that root cause. If you wait until a defect occurs three times, you are tripling the non-conformities. For this disposition, there also does not need to be approval from the entire MRB. Typically, only someone from the supply chain management and quality assurance are needed to return non-conforming products to a supplier.

Note: You should not always wait until there is a “trend” to request supplier corrective action.

Rework

Almost every auditor looks for a specific phrase in the procedure for Control of Nonconforming Material: “The MRB will review and document the potential adverse effects of rework.” Most companies are doing this, but the procedures often do not specifically state this requirement, and rework instructions are often missing any specific inspection instructions that have been added to reduce risks associated with the rework process. Repeating the normal inspection criteria is seldom adequate for reworked product because the rework process typically results in different defects.

Another phrase that auditors and inspectors are looking for is the requirement to document the rework instructions and to have the instructions reviewed and approved by the same functions that reviewed and approved the normal production process. This requirement is often not specifically stated in the procedure, and FDA 483 inspection observations are commonly issued for this oversight.

Use As Is (UAI)

The UAI disposition should be rare. When I see a large number of NCRs with a disposition of UAI, I expect one of two reasons for this situation. First, the NCRs are for cosmetic defects where the acceptance criteria are too subjective and inspectors need clear guidelines regarding acceptable blemishes and unacceptable nonconformities. The visual inspection guides used during solder joint inspection for printed circuit boards are an excellent example of best practices for clearly defining visual inspection criteria. Personally, I prefer to use a digital camera to take pictures of representative “good” and “bad” parts. Then I create a visual inspection chart with a green, smiley face for “good” and a red, frowny face for “bad.” The best inspection charts identify the proper inspection equipment and quantitative acceptance criteria with pictures and symbols instead of words.

The second reason for a larger percentage of UAI dispositions is that the product specifications exceed the design inputs. For example, if a threaded rod needs to be at least 1” long, but 1.25” long is acceptable, then you should not approve a drawing with a specification of 1.00” +/- 0.05”. Often, the legend of drawings will define a default tolerance that is unnecessary. A more appropriate specification would be 1.13” +/- 0.12”. No matter how much work it is to specifically define tolerances for each dimension on a drawing, the work required to do this at the time of initial drawing approval is much less than the work required to justify a UAI disposition. FDA inspectors will consider a UAI disposition as a potentially adulterated or misbranded product, and a formal Health Hazard Evaluation (HHE) may be required to justify the reason why the product is not recalled.

Regardless of the disposition of the product, the decision for disposition should be a streamlined process that is not delayed unnecessarily. In order to ensure that your non-conforming material dispositions are effective and processed in a timely manner, our next blog in the series about control of non-conforming materials will focus on process interactions, monitoring and measuring of non-conforming product and when to initiate a CAPA or SCAR to prevent more NCRs.

Nonconforming Materials Disposition Read More »

What is the mdsap pilot?

1 Comment / MDSAP / By / , , ,

This article explains what is the MDSAP pilot, and how is the pilot program likely to impact medical device manufacturers.

robs mdsap logo What is the mdsap pilot?

The acronym “MDSAP” stands for “medical device single audit program.” This is a three-year pilot program that began on January 1, 2014. Regulatory bodies are attempting to use a single regulatory audit to meet the requirements for all countries. The MDSAP pilot is one of the direct results of medical device regulatory bodies forming the new International Medical Device Regulators Forum (IMDRF) organization (http://bit.ly/imdrf).

The FDA’s Kim Trautman is the working group chairperson for IMDRF. There is a limited amount of information on the IMDRF webpage (http://bit.ly/imdrf-mdsap), but you can find more information on the US FDA website (http://bit.ly/MDSAP). Four countries are currently participating in the MDSAP pilot:

Japan is an official observer for the program, with the participation of both their device agency (http://bit.ly/Japan-MHLW) and pharmaceutical agency (http://bit.ly/Japan-PMDA). China and Europe are also represented in the mdsap working group at the IMDRF.

Currently, there are 15 recognized registrars for the CMDCAS (http://bit.ly/CMDCAS-webinar) program for medical device companies that want to obtain a medical device license in Canada. Health Canada plans to participate in the mdsap pilot for three years, and then the MDSAP program will become a mandatory replacement for the CMDCAS certification program in 2017.

How will auditors approach MDSAP audits?

The current CMDCAS audit program benefits significantly from Health Canada’s alignment of the Canadian Medical Device Regulations (CMDR) with the ISO 13485 Standard used by third-party auditors. The tool that Health Canada uses to ensure that auditors are consistent is the GD210 audit checklist (http://bit.ly/GD210Guidance). The MDSAP will need to harmonize the regulations of Canada, Australia, Brazil, and the USA. This may seem like an impossible task, but Notified Bodies and consultants have been using multi-national regulatory comparison checklists for years to ensure that all the applicable regulations are covered during audits.

Auditors currently relying primarily upon audit checklists should quickly adapt to the MDSAP with longer lists. However, those third-party auditors that are now using the process approach will need to study the comparison checklists being developed carefully. The process approach will still be the best approach for auditing. Still, auditors will need to be familiar with a larger number of requirements for step in the population of their turtle diagrams (http://bit.ly/Process-Approach).

I recommend looking at what aerospace and automotive auditors do. Auditees are expected to create and maintain process flow charts for each process, but the auditors will also compare previous versions they created in past audits. This makes the process much more efficient–except the first time they create the diagrams.

How will MDSAP audits be different?

The biggest difference between the current CMDCAS audits and the MDSAP will be the duration of audits. SGS indicated on its website (http://bit.ly/MDSAP-SGS) that manufacturers should expect these audits to be 35-100% longer in duration. The typical ISO 13485 audit might be two days, and CMDCAS might add no additional time or as much as a half-day to the duration. However, the MDSAP program will require gathering objective evidence for Australian, Brazilian, and U.S. regulations. Even if this only added a half-day for each country, the combined effect would be four days instead of two and one-half days.

At first glance, this may seem to be a burden, but this should be a relief. Currently, manufacturers might have a CMDCAS audit every year, an FDA inspection every other year, and they are still waiting for an ANVISA inspection so that they can launch a product in Brazil. Instead of a worst-case scenario of three audits/inspections in one year, the MDSAP program will enable companies to schedule a single audit to address each major market at one time. When Japanese and Europeans adopt the MDSAP as well, then companies will realize an even greater overall reduction in the number of audit days each year.

How important will the MDSAP pilot be?

Historically, Health Canada is the only country that made ISO 13485 certification mandatory. However, making ISO 13485 certification mandatory essentially made ISO 13485 a global prerequisite for medical device manufacturers–which has not happened with ISO 9001 certification. Health Canada indicated that it intends to make the MDSAP program mandatory at the end of the 3-year pilot. If Health Canada makes MDSAP audits mandatory, MDSAP may become the new defector auditing standard globally.

In addition to the impact of Health Canada, Brazil has agreed to accept the MDSAP audits instead of initial audits by ANVISA. The current backlog of ANVISA audits more than a year, and companies have resorted to filing lawsuits against ANVISA to get to the “top of the list.” Therefore, all of the companies on the waiting list are likely to jump at the opportunity to participate in the MDSAP pilot.

Let me know if you want to understand specifics about the MDSAP program. Please submit your suggestions for future blogs to our suggestion portal.

What is the mdsap pilot? Read More »

UDI Implementation-Why You Need to Begin Today

2 Comments / Unique Device Identification (UDI) / By / , , , , ,

udi UDI Implementation Why You Need to Begin Today

In this blog, “UDI Implementation-Why You Need to Begin Today,” the author provides reasons why you should begin your implementation today and the benefits of doing so.

I have taken you through what UDI is, what you need to do to meet its compliance dates, and in the last few blogs, written about the steps you need to take to implement UDI in your organization. With the September 24, 2014 deadline looming, labelers of Class III devices and stand-alone software should be well on their way with implementation. But what about you who label implantable, life-sustaining, life-supporting (9/24/15 deadline), Class II (9/24/16 deadline), or Class I (9/24/18 deadline) devices? Should you wait or begin now?

UDI – Good Business Sense

There are many reasons why implementing UDI makes very good business sense. Two overriding reasons are increased revenues and lower costs. The healthcare industry has been using Automated Identification and Data Capture (AIDC) technology for a number of years. FDA has required since 2004, drug manufacturers use barcodes (NDC number) on their  labels. Now, they require device manufacturers (labelers) use Unique Device Identifiers (UDI) on their medical device labels. 

Hospitals and Group Purchasing Organizations (GPOs) have been at the forefront of persuading many medical device manufacturers to adopt UI for the devices they label. GPOs are now at the point of mandating manufacturers to implement UI to continue and/or obtain contracts to sell their devices to GPO hospital members. Even with that significant pressure, many manufacturers have resisted implementing UI. Of course, now, they will have no choice.

UDI Implementation-Why You Need to Begin Today

Manufacturers who have implemented UI have seen increased revenues and decreased costs. Their hospital/GPO customers view them as “easy-to-do” business with, resulting not only in an increase of sales of contracted devices but also of non-contracted devices. Hospitals must implement systems to reduce their costs. UDI is such a system. It will permit hospitals to manage their inventories better, reducing or eliminating product duplication, as well as realizing improved inventory tracking.

The use of product barcodes will allow hospitals to charge patients more accurately for the devices they use while hospitalized. Manufacturers have also been able to increase the speed to market for a new device compliant with UI, and by adding it to their existing GPO contracts. This can increase the new device’s exposure to the market very quickly.

Becton Dickinson Implementation

The March 2011 Edition of Healthcare Purchasing News published an article by Karen Conway that describes Becton, Dickinson, and Company (BD) Resource Optimization and Innovation (ROi) experiences implementing UI (GS1’s Global Trade Identification Number). Dennis Black (BD) and Alex Zimmerman (ROi) describe the positive impact implementing UI had on their businesses.  They were able to document a 30% reduction in accounts payable days outstanding. Other findings included:

  • 73% reduction in errors on customer orders
  • fewer stock-outs
  • greater process efficiency
  • fewer calls to customer service
  • better charge compliance

All are excellent reasons to start UDI implementation now.

Regulatory Affairs will also benefit from implementing UDIs. Improving the recall process will help reduce costs through easier tracking of which customers to contact, versus what is typically a very arduous and time-consuming process today. Starting now will also allow you to control the pace of the required changes to your organization, and collect data needed to submit to GUDID. This regulation will put your organization under a tremendous amount of pressure without having to deal with the crisis of a short implementation window.

The most common mistake I have seen organizations make is poor planning around UDI implementation. They significantly underestimate the amount of time it will take to implement UDI, the amount of change that will occur within the organization to be compliant, and being able to manage the ongoing requirements of UDI. These issues are compounded for multi-site organizations, where project planning is critical. 

Earlier in this blog, I mentioned hospitals using barcodes to charge fees for devices used by patients. This information will be added to the patient’s electronic health record. From there, this information will work its way into large population databases, such as claim data. Manufacturers will ultimately be able to use this claim data to identify new potential intended uses for products, and thereby expand their target markets.

Implementing UDI now makes good business sense. Why wait and put your organization in jeopardy?

UDI Implementation-Why You Need to Begin Today Read More »

Auditing Nonconforming Materials: 21 CFR 820.90 Compliance

3 Comments / ISO Auditing / By / , , ,

This blog, “Auditing Nonconforming Materials: 21 CFR 820.90 Compliance” focuses explicitly on the identification and segregation of nonconforming materials. 

Identification and Segregation 3 Auditing Nonconforming Materials: 21 CFR 820.90 Compliance

Nonconforming material is not a “bad” thing in and of itself. A total lack of nonconformities is conspicuous. There are three critical aspects to verify when you audit nonconforming materials:

  1. nonconforming materials are identified and segregated
  2. disposition of nonconforming materials is appropriate
  3. feedback from the nonconforming material process interacts with other processes 

Identification & Segregation

Failure to adequately control nonconforming materials is one of the top 10 reasons why companies receive FDA 483s (http://bit.ly/FY2013-483-Data-Analysis). There is no requirement for locked cages in a Standard or 21 CFR 820 (http://bit.ly/21CFR820-90), but you must identify nonconforming materials and keep them segregated from conforming product. How you identify the nonconforming material is also up to your discretion. I do not recommend anything that is colored green because people associate the color green with a product that is accepted and released. In contrast, anything red is typically associated with danger, caution, or rejected. I prefer to keep things simple. Therefore, a red sticker, red tag, or placing a part in a red bin usually works.

I believe in eliminating duplication of work whenever possible. Therefore, I think it’s silly when a procedure requires you to document information on a red sticker or tag that is also on a Nonconforming Material Record (NCR). Every NCR must have traceability to the physical product, and marking the number of the NCR on the red sticker or tag is a simple way to accomplish this. (i.e., NCR # 32).

If you have a barcoding system, you eliminate the possibility of misreading an NCR number, but it’s overkill. Another silly requirement is to attach a hard copy of the nonconforming material record to the box containing the nonconforming product. Every time you revise the NCR, you won’t remove the original and attach a new copy to the box. Furthermore, many auditors just look for a box of products in the quarantine area that is missing a hard copy of the nonconforming material record.

My preference is to have red stickers or tags placed on a nonconforming product at the location it is found and then placed into a red bin. At least once a day, or whenever you perform a “line clearance”, I recommend that the contents of the red bins are moved to a centralized location for nonconformities.

At that location, there should be a log and a computer to either print out a new NCR or to enter information into an electronic record. This centralized location should be visible to the production manager or the quality manager from their desk. The person delivering the nonconformity should complete the next entry in the log and record the number on the sticker or tag. Then, the NCR should be completed with the required information. The NCR should then be delivered to the manager’s desk in a red bin.

Some people argue that you need a large area to store the nonconforming product in the warehouse–in case you have a large quantity of nonconforming product. I disagree. If you have a great deal of nonconforming material (i.e., your red bins are filling rapidly), then you need to stop production and get the situation resolved immediately. This is why you have a CAPA process.

If your inspectors are finding nonconforming product at incoming inspection, this means your supplier shipped nonconforming material. Don’t tolerate nonconforming material from suppliers. Reject nonconforming material and make your suppliers initiate corrective actions.

If the problem is with:

  • Your inspection method, you need to validate your inspection method (i.e., gage R&R studies).
  • Your inspection device, quarantine it, and get another calibrated device.
  • Your specification, fix it now.

Every other type of problem found during an incoming inspection should result in a buyer, or another person responsible for supplier quality management, contacting the supplier ASAP. Ideally, you want all incoming rejected product to be returned the same day it is received. 

How to Audit Identification and Segregation

When I’m auditing this process, I look first for proper identification and segregation. There are three places where auditors need to ask and observe how nonconforming material is identified and segregated: 1) incoming inspection, 2) in-process inspection, and 3) final release (http://bit.ly/21CFR820-80). It is also critical that auditors verify that nonconforming materials are removed from production areas at the end of each lot as part of the line clearance procedure. If this is not done, then there is a risk of losing traceability to the lot.

Auditors should ask how nonconforming material is identified and then verify that the procedure states this. Searching for deviations from the procedure is easy if the procedure was not well written, but these are audit findings of little value. Quality Managers should address this issue when they write the procedure. What is far more important is to verify that everyone is segregating nonconforming material immediately.

  • Red bins are your “friend” and they belong on the floor.
  • Yellow typically indicates that something is waiting to be inspected.
  • Green typically means that something passed inspection and has been accepted.

Auditors should look for situations where multiple parts are in the process of being inspected at the same time. Unless inspection is automated and involves a fixture, I don’t recommend allowing an inspector to inspect more than one part at a time.

As an auditor, once I have verified that the product is adequately identified and segregated, then I look to see how nonconformities are dispositioned. That is the subject of a future blog. If you have a quarantine area that is bursting with rejected components and incorrectly built products, you need to read our next blog (http://bit.ly/MDA-Blog) about the control of nonconforming materials.

Auditing Nonconforming Materials: 21 CFR 820.90 Compliance Read More »

5 Proven Audit Approaches

Leave a Comment / ISO Auditing / By / , , , ,

This article, Medical Device Academy-5 Proven Audit Approaches, reviews how our clients benefit from our tried and true audit principles.  

5 benefits internal audits 5 Proven Audit Approaches

1. Process Approach 

I am an advocate for using turtle diagrams (i.e., the process approach) for auditing instead of audit checklists. Beyond the noticeable visual differences between audit checklists and turtle diagrams, these two tools result in very different types of observations. An auditor using a checklist typically starts with a regulatory requirement, and then the auditor samples records to verify if the records meet the requirement. Once this verification has been successful, it is unlikely that the process will have a problem in the future.

Turtle diagrams and the process approach focus on the inputs and outputs of a process–instead of specific regulatory requirements. For example, when an auditor uses the element approach to auditing, the auditor will sample one or more process validations from a master validation plan to ensure compliance with 21 CFR 820.75. However, step four of the process approach includes sampling process validation for each audited process. If there is a lack of process validation for any process, the auditor will identify the gap. Step four also involves verifying the calibration of devices used in the process and maintenance of any equipment. Therefore, the process approach is sampling requirements for process validation, calibration of measurement devices, and preventive maintenance for each process–instead of once for each regulatory element. 

2. Where Audits are Conducted

Most auditors spend an extraordinary amount of time in conference rooms. If I can audit your records in a conference room, I can also audit your records from my office in Vermont. Remote auditing eliminates the cost of travel. More than half of your quality system records can be effectively audited remotely. Therefore, when any auditor on our team visits your facility, they want to spend more time seeing you demonstrate production processes and interview people instead of reviewing records in your conference room. This is the only effective method to audit production and process controls, one of the four primary quality system processes the FDA focuses on during Level 2, comprehensive QSIT inspections. 

3. Read Less and Listen More

Most auditors like to start with a procedure and then look for compliance with the procedure. We begin with an interview with the process owner or someone performing a step in the process. Then we ask for a demonstration, and records and procedures last. I coach new auditors to ask people they are interviewing to show them where a requirement can be found in their procedure. This has several hidden benefits. First, auditors don’t have to spend much time hunting for a requirement because the auditee will find it for the auditor. Second, the auditor will quickly learn how familiar the auditee is with the specific procedure. Finally, if the company is not following a procedure, the auditee is unlikely to be able to locate the requirement in its procedure. 

4. Start at the End with Problems

Most people prefer to follow a process from beginning to end. More specifically, the opening is step one of a procedure, and the end is a product and paperwork resulting from the process. Since most products and paperwork are done correctly, we seldom find anything wrong with a process if we start at the beginning. Alternatively, we can begin at the end of a process with a cage of nonconforming material or a log sheet of complaints. Then we can work our way back to the beginning of the process, and hopefully, we will see what went wrong in the process during our investigation. Therefore, my internal audit agenda often begins with a tour of the facility that will arrive at the location where a quarantined product is stored. Then, I worked my way back through the process to incoming inspection, the purchasing process, and finally, the design controls process, where specifications were initially created. Using this approach often results in discovering problematic processes that can potentially cause other problems beyond the one example we found in the quarantine area. 

5. Focus on Effectiveness Checks

The last sub-clause of ISO 13485:2016, Clause 8.5.2, is specific to the requirement for verifying the effectiveness of corrective actions. This is not the same as verifying implementation. If an internal audit identifies no maintenance records, you might attempt to prevent recurrence by creating a procedure that requires maintenance records. A copy of the procedure, records of procedure review, and approval and training records are evidence of implementing the corrective action.

Effectiveness verification requires more (https://medicaldeviceacademy.com/capa-effectiveness-check/). You need to go back and verify that maintenance records are being created and maintained. Therefore, whenever we write an audit finding, we also review potential corrective actions with the client and suggest possible effectiveness checks to ensure corrective actions work.

If your company needs help with internal auditing and would like a quote, please email Matthew Walker. We are also teaching a lead auditor course in partnership with AAMI, which will start in the fall of 2020.

5 Proven Audit Approaches Read More »

How to Audit Your Labeling Process for 21 CFR 820 Compliance

Leave a Comment / ISO Auditing / By / , , , , ,

This article reviews how to audit your labeling process for 21 CFR 820 compliance with the six requirements of section 820.120.

audit labeling How to Audit Your Labeling Process for 21 CFR 820 ComplianceThe most common cause of recalls is labeling errors. Therefore, one of the best ways to avoid a recall is to perform a thorough audit of your labeling process. Unfortunately, most auditors receive no specific training related to labeling. The primary reason for the lack of labeling-specific training is because most auditor training focuses on ISO certification requirements.

ISO 13485 Requirements for the Labeling Process

ISO 13485 only requires the following labeling requirements: “The organization shall plan and carry out production and service provision under controlled conditions. Controlled conditions shall include, as applicable…g) the implementation of defined operations for labeling and packaging.” ISO 14969 is the guidance document for ISO 13485, and the guidance includes additional recommendations for control of the labeling process to prevent errors. Unfortunately, auditors are trained to audit for compliance with regulations, while guidance documents are neglected almost entirely. ISO labeling requirements are vague. Therefore, auditors need to focus on the six requirements of 21 CFR 820.120–the section of the FDA QSR specific to labeling. Labeling process flowchart1 How to Audit Your Labeling Process for 21 CFR 820 Compliance Most auditors are taught to develop a regulatory checklist to verify requirements. However, the process approach to auditing is a more effective approach to identify ways that the labeling process can break down. Below examples of how the two approaches differ are provided for each of the six requirements:

1. Labeling Procedure

Most auditors, and FDA inspectors, request a copy of a labeling procedure to verify compliance with the first requirement. In their notes, they record the document number and revision of the procedure. The auditor may also review the procedure to ensure that the procedure includes each of the other five regulatory requirements listed below. The process approach to auditing also verifies compliance with the requirement for a procedure. Still, auditors using the process approach ask the process owner to describe the process, and the process description provided is compared with the procedure.

I also teach auditors to ask the process owner to identify where in the procedure, each requirement can be found. This eliminates the need to spend valuable audit time reviewing a procedure and forces the process owner to demonstrate their familiarity with the procedure.

2. Label Integrity

A lack of labeling integrity is seldom raised as an observation by auditors, unless labels are falling off of the product, or if the label content is illegible. During hundreds of audits, I have never noticed a label falling off the product, but I have seen customer complaints about labels falling off. Another way to assess if there is a problem with labeling integrity is to ask how the labeling specifications were established, verified, and validated. The user environment is frequently the determining factor for labeling specifications. For example,

  • Does the label need to be waterproof?
  • Is the print likely to be exposed to abrasion that could rub off the ink?
  • Are the storage conditions likely to include high heat and humidity that could cause the adhesive to fail? 

This type of approach links the labeling of products to customer focus and design inputs.

3. Labeling Process Inspection

The inspection of labeling is more than a visual examination. A thorough inspection requires a systematic review of the label content to ensure that the label information matches the requirements for the specific production lot. The requirements specify verification of:

  • correct expiration date
  • control number
  • storage instructions
  • handling instructions

There is also a requirement to document the date of inspection and the person that performed the inspection. An auditor can verify that the labeling inspection is being performed by reviewing records of the inspection, but you will rarely find an inspection record where the label is nonconforming. If you follow the process, you might ask the process owner where nonconforming labeling is recorded. The nonconforming material records should be an output of every inspection process. Auditors should also ask for metrics regarding a process. The frequency of labeling mix-ups and labeling errors identified during an inspection is an important metric that can be used as an indicator of weaknesses in labeling operations.

4. Labeling Storage

Most auditors will verify that labels are stored in a location to prevent deterioration or damage, but the highest risk is the mix-up of labels. Therefore, it is crucial to control the location of labels so that the incorrect labels cannot be accidentally distributed to the wrong manufacturing line. 

In 21 CFR 820.150, there is also a requirement to establish “procedures that describe the methods for authorizing receipt from and dispatch to storage areas and stock rooms.” Therefore, as an auditor, you might consider asking the process owner what the input to the labeling distribution process is (e.g., a work order) and which distribution records are created during the process. A labeling requisition and/or “pick list” from production planning is often used as an input to the labeling process, while the distribution of labeling to manufacturing usually requires a log entry for distribution from a stockroom, or assignment of a lot number to the batch of labels that must be entered in a log.

5. Labeling Process

It is insufficient to review DHRs for the labeling process. When you interview the process owner, you should determine who is responsible for creating and inspecting labels. Then, I coach auditors to go and view labeling operations at the source. By interviewing operators and asking them to demonstrate entry of variable data for labels and printing of labels, you can answer each of the following questions without even asking:

  • Is validated software is being used?
  • Are label templates protected from inadvertent changes?
  • How do operators ensure that labels from different lots are not mixed up?

Interviewing inspectors can determine if calibrated tools are being used to verify labeling dimensions and the proper placement of labels. You should also observe how inspectors ensure that variable data is correct.

6. Control Number

Most auditors will sample DHR records to verify that lot control numbers are recorded for each batch of products. However, when an auditor is focusing on records, the auditor is unlikely to identify any aspects of label handling that could result in mix-ups. To ensure that processing and segregation of different lots are adequate, an auditor has to observe line clearance procedures and to verify that each lot of labels is identified with regard to the lot number, quantity, and the released status if the identification information about the label is separated from the physical labels, the potential for labeling mix-ups increases.

One final aspect of labeling and control numbers to consider is the impact of new UDI regulations. Labeling will need to indicate the date of manufacture and expiration of the product. This information needs to be incorporated into the variable content of labels. Therefore, if labels are pre-printed, it may be necessary to reprint labels when the date of manufacture changes. This additional requirement is likely to force companies into on-demand printing of labels and automated software control systems. Auditors can verify the successful implementation of labeling process changes by auditing for compliance with the revised procedures.

UDI states that production identifiers (PI) consist of Manufacturing Date, Expiration Date, Lot/Batch Number, Serial Number. The rule also states that if a labeler does not use any of the listed PI, they do not need to have it on their labels. This will most likely apply to Class I device labelers only as Class II, and III labelers usually have one or more of the PI on their labels. Due to the variable nature of the PI, many labelers are adding in-line label verifiers to make sure their labels are readable by scanners.

How to Audit Your Labeling Process for 21 CFR 820 Compliance Read More »

Obtaining an FDA Certificate to Foreign Government for Medical Devices

3 Comments / FDA / By / , , ,

certificate to foreign gov Obtaining an FDA Certificate to Foreign Government for Medical DevicesThis article explains how to obtain an FDA Certificate to Foreign Government when you are trying to submit an application for registration of a medical device to a regulatory body outside the United States (e.g., COFEPRIS approval for exports to Mexico).

What is an FDA Certificate to Foreign Government?

If you have a medical device that is registered and listed with the US FDA, then you can obtain a Certificate to Foreign Government from the US FDA. A Certificate to Foreign Government is a certificate issued by the US FDA verifying that your company may legally export the device, and the device may be distributed in the United States. Regulatory bodies in some countries request a “Certificate of Free Sale.” Still, these are issued by the US FDA for foods, while the agency issues Certificates to Foreign Governments for medical devices. The name of the certificate is not the same for all countries, and regulators use the terminology most familiar to their country. The US FDA has more information about the different types of certificates on the following FDA webpage: http://bit.ly/FDA-Export-Certificates.

How do you obtain a Certificate to Foreign Government?

The following page on the FDA website answers common questions about exporting medical devices. http://bit.ly/Exporting-Medical-Devices. One of the most common requirements of foreign registrations is providing a Certificate to Foreign Government. If your product is currently registered and listed with the US FDA, you are managing your registration and listing using an FDA Unified Registration and Listings System (FURLS) account (http://bit.ly/registration-listing-blog). Through this account, you can access the new CDRH Export Certification and Tracking System (CECATS). CECATS allows manufacturers to request export documents, including Certificates to Foreign Governments, online versus paper submissions. CECATS reduces certificate processing time and will enable you to validate firm-specific data in real-time. You can also obtain a status update for your certificate request. If you have additional questions about CECATS or export certificates, the FDA also created an Exporting FAQs page: http://bit.ly/Exporting-FAQs.

How much does a Certificate to Foreign Government Cost?

Certificates to Foreign Government are product specific and cost $175 for the original certificate. Each additional copy (official copies from the FDA are usually required) costs $15 per copy. Up to 50 pages (including the certificate, manufacturer page, and attachment pages) may be submitted for the same product. Each time an increment of 50 pages is exceeded, an additional fee of $175 will be charged.

If the original is three pages long and you request an original and ten copies (33 total pages), then your charge will be $175 for the original and $150 for the ten copies–a combined total of $325. However, an original and 20 copies (63 pages) would exceed the 50-page limit, and you would be charged $175 for the first original and $225 for the first 15 copies. You would then be charged $175 for a second original and another $60 for four more copies.

Don’t wait until the last minute to request Certificates to Foreign Governments. I recommend ordering 5-10 copies when you first register a product in the FURLS database, instead of waiting until you need it. The same is true of other types of certificates, such as CE Marking certificates from your Notified Body.

Obtaining an FDA Certificate to Foreign Government for Medical Devices Read More »

Unannounced Audits

3 Comments / CE Marking / By / , ,

This article provides an update on the status of unannounced audits by Notified Bodies for CE Marking of medical devices.

unannounced audits Unannounced Audits

The EU Commission provided recommendations to Notified Bodies last Fall on how they should conduct three different kinds of audits: 1) product assessments, 2) quality system assessments, and 3) unannounced audits (http://bit.ly/Audit-Recommendations). The recommendations do not propose any changes to existing practices for product assessments (i.e., review of CE Marking applications) that are being conducted in accordance with the European Directives, or quality system assessments that are being conducted in accordance with ISO 17021. The recommendation does, however, propose new auditing practices specific to conducting unannounced audits (http://bit.ly/Unannounced-Audits).

The recommendation is addressed to the Member States, rather than Notified Bodies because the intent is for Competent Authorities in each member state to enforce these recommendations when they are reevaluating existing Notified Bodies for renewal. The intent is that the EU Commission and the Member States will use compliance with the “recommendation” for unannounced audits as one of the criteria for deciding which Notified Bodies would retain their status when the new European Medical Device Regulations were approved in 2015. Therefore, all of the Notified Bodies are scrambling to complete a number of unannounced audits before the end of 2014.

Who will be audited in 2014?

In 2014, the primary targets for unannounced audits will be manufacturers of high-risk, Class III devices. The prime targets for unannounced audits are unlikely to contract manufacturers, because Notified Bodies may not have access to all the technical documentation while they are auditing a contract manufacturer. I expect each of the Notified Bodies to plan at least one unannounced audit of a contract manufacturer for a Class III device that is outsourced. Still, I don’t expect this to be the focus of unannounced auditing activities in 2014.

It is already July, and only a handful of unannounced audits have been performed as “pilots.” Most of the Notified Bodies trained auditors on how to conduct unannounced audits in May or June during their annual auditor training. Therefore, we can expect a dramatic increase in the number of unannounced audits during the remaining months of 2014. If your firm has recently had CE Marking compliance issues with a Class III device, you should expect an auditor soon.

4 Ways unannounced audits are different

Unannounced audits differ from traditional quality system audits in four ways.

1. Unannounced audits are truly unannounced–with no warning at all. Even the US FDA inspectors have the courtesy to call on Friday to inform manufacturers of their intent to visit the following Monday or Tuesday. To ensure that auditors can conduct unannounced audits as planned, Notified Bodies are asking manufacturers to provide information about when production activities will be shut-down.

2. Unannounced audits will always be conducted by an auditing team with at least one person that is qualified to review the technical documentation (i.e., Technical File or Design Dossier) and compare it to the actual production activities. This is similar in some ways to how FDA inspectors review a Device Master Record (DMR) and then compare the DMR to production and process controls they observe in manufacturing. However, the technical experts from Notified Bodies typically have a minimum of five years experience similar designing devices, and a two-person team can spread your resources dangerously thin if you are a smaller company that is used to providing a guide for only one auditor or inspector.

3. Unannounced audits will involve more time spent by auditors in production areas, instead of reading documents in conference rooms. You can expect brief opening meetings because auditors need to review critical processes as quickly as possible. Specifically, the auditors are required to use a risk-based approach to select two of the following processes:

  • design controls
  • establishment of material specifications
  • purchasing control and incoming inspection
  • assembling
  • sterilization
  • batch-release
  • packaging
  • product quality control

If a company conducts sterilization on-site, I would expect this to be a likely prospect for sampling. However, the two areas I hope to be sampled most frequently are: 1) purchasing control & incoming inspection, and 2) batch-release. These two processes are expected to be sampled frequently because these processes facilitate ad hoc sampling and demonstration of testing. This is important because Notified Bodies are expected to observe product testing.

4. Unannounced audits will be conducted at suppliers when critical processes are outsourced. Therefore, if Class III device manufacturers outsource final inspection, packaging, and sterilization–the suppliers providing these services may be unannounced audit targets for multiple Notified Bodies. ISO 13485 certified suppliers have enjoyed a decade of little direct involvement by regulators, but unannounced audits are about to change this.

How will unannounced audits change in the future?

In 2015 and beyond, unannounced audits will be conducted at contract manufacturers and manufacturers. Unannounced audits will also be conducted for all risk classifications of devices–unless the device does not have Notified Body involvement (i.e., Class I, non-sterile, and non-measuring devices). The number of unannounced audits will also increase, because Notified Bodies are required to conduct an unannounced audit for each client at least once during three years–and more frequently for high-risk, Class III devices.

What should be done to prepare?

Preparation for unannounced audits should be very similar to your preparation for FDA inspections (http://bit.ly/FDA-Inspection-Webinar). Still, you will now need to evaluate your suppliers more rigorously to ensure they are also prepared for unannounced audits. The FDA rarely visits suppliers, and they are not allowed to review supplier auditing records. Notified Bodies will not have these restrictions. You will need to demonstrate a good balance between incoming inspection activities and other types of supplier controls. If your incoming inspection activities consist primarily of reviewing paperwork, then you need to balance this with supplier auditing (http://bit.ly/Supplier-Audits) and monitoring of in-process and final inspection nonconformities caused by supplier quality problems.

If you are interested in learning more about unannounced audits by Notified Bodies, please click on this link to pre-register for our webinar recording on the topic: http://bit.ly/unannounced-audits-webinar. Pre-registration pricing is $79, compared to our normal webinar price of $129. The pre-registration period ends on July 18.

Unannounced Audits Read More »

Scroll to Top