Blog

What is an NB-MED?

The author defines what an NB-MED is, Team NB and their role, provide a regulatory update and some information sources.

Each time I review a list of external standards, I notice at least a few references that are out-of-date. Occasionally, I am surprised, and everything appears to be current, but it is almost impossible to stay current with all the external standards. The most demanding standards to maintain are those that are untracked. Untracked standards are difficult to keep current with because it requires manually checking each source to determine if a standard has been updated. One of these sources is Team NB.

Team NB

Team NB describes itself as the “European Association of Notified Bodies for Medical Devices.” Team NB is an organization comprised of Notified Bodies (NBs). These NBs create guidance documents to clarify the interpretation of regulations in the EU. Since NBs are generating the documents, rather than Competent Authorities (CAs), it is possible for Team NB to reach a consensus more quickly than CAs. Since these documents are guidance documents, the NB-MED documents are not enforceable or binding. However, in all likelihood, your NB will interpret ISO 13485 and the MDD (93/42/EEC as modified by 2007/47/EC) in accordance with these guidance documents.

The website link I provide in my “Helpful Links” page includes many links to important guidance documents. Among the recently updated NB-MED documents is NB-MED 2.5.2/rec 2. The “rec” is not the same as a revision. For example, rec two is “Reporting of design changes and changes of the quality system,” while rec 1 is “Subcontracting – QS related.” The link I have provided will land you directly on the list of NB-MED documents, and the right-hand column identifies the date the document was added to the list. Therefore, if you want to know about new and revised NB-MED documents, you merely need to read the documents that are identified as being added since your last visit.

NB-MED 2.4.2/rec 2

At this time, NB-MED 2.5.2/rec 2 is the only recent addition—and you should read it. Many companies struggle with design changes, and they don’t know if the change is significant or not. Revision 8 of this document includes helpful examples. I recommend reading this document carefully and then revising your own change notification procedure to match the document. If you don’t have a change notification procedure, your QMS auditor has been lazy. Don’t let them give you the excuse of “It’s just a sampling.” This document has been published for a long time, and the intent has not changed since 2008—just new examples to clarify the interpretations.

There is a posting from 1/14/11. This is an excellent list of all the NB-MED documents. I recommend printing this document and using it to compare against your current external standards list. There is a very recent posting from 2/7/12 that answers frequently asked questions about the implementation of EN 60601. If you don’t know what this is, you probably don’t have an active device.

On 3/27/12, there was a letter from Team NB indicating that they condemn Poly Implant Prothèse (PIP) for committing fraud (well duh). Who would endorse them?

Finally, on April 17, 2012, meeting minutes were posted from an April 5 meeting of Team NB. The NBs indicated that the medical device authorization system is excellent! This is not a surprise since any other response would be self-criticism and potentially career-limiting. The minutes also indicate that the Team wants as many of the members to endorse the “Code of Conduct” (CoC) that was recently drafted by the “Big 5” NBs. So far, the acceptance of this Code is limited, but the Competent Authorities have other plans.

Competent Authorities (CAs) are currently evaluating the NBs with regard to competency for handling Class III devices. In addition, there is a plan to revise the regulations in Europe (2014 is the guess). These changes will be major. The Team NB website could be a source of information about rapid changes in the next 12 months, but for now, it’s the quiet before the storm. The Great Consolidation of European Regulators is about to begin (or maybe all the NBs will endorse the CoC, and the CAs will forget about it).

 

Posted in: CE Marking

Leave a Comment (4) →

Process Approach to Auditing – 7 Steps to Training Auditors

The process approach to auditing is demonstrated using Turtle Diagrams as a tool instead of using traditional auditor checklists.

tutle diagram1 Process Approach to Auditing   7 Steps to Training Auditors

I have been reviewing trends for how people find my website, and a large number of you appear to be interested in my auditing schedules and other audit-related topics. Therefore, this week’s blog is dedicated to training auditors on the process approach.

First, the process approach is just a different way of organizing audits. Instead of auditing by clause, or by procedure, instead, you audit each process. Typical processes include:
  1. Design & Development
  2. Purchasing
  3. Incoming inspection
  4. Assembly
  5. Final Inspection
  6. Packaging
  7. Sterilization
  8. Customer Service
  9. Shipping
  10. Management Review
  11. CAPA
  12. Internal Auditing

Why the Process Approach is Recommended

First, the process approach identifies linkages between processes as inputs and outputs. Therefore, if there is a problem with communication between departments, the process approach will expose it. If only a procedural audit is performed, the lack of communication to the next process is often overlooked.

Second, the process approach is a more efficient way to cover all the clauses of the ISO Standard than auditing each clause (i.e.,– the element approach). My rationale for the claim of greater efficiency is simple: there are 19 required procedures in the ISO 13485 Standard, but there are only 12 processes identified above. The “missing” procedures are incorporated into each process audit.

For example, each process audit requires a review of records as input and outputs. Also, training records should be sampled for each employee interviewed during an audit. Finally, nonconforming materials can be identified and sampled at incoming inspection, in assembly processes, during final inspection, during packaging, and even during shipment. The tool that BSI uses to teach the process approach is the “Turtle Diagram.” The diagram above illustrates where the name came from.

Interviewing with the Process Approach

The first skill to teach a new auditor is the interview. Each process approach audit should begin with an interview of the process owner. The process owner and the name of the process are typically documented in the center of the turtle diagram. Next, most auditors will ask, “Do you have a procedure for ‘x process’?” This is a weak auditing technique because it is a “closed-ended” or yes/no. This type of question does little to help the auditor gather objective evidence. Therefore, I prefer to start with the question, “Could you please describe the process?” This should give you a general overview of the process if you are unfamiliar with it.

After getting a general overview, I like to ask the question: “How do you know how to start the process.” For example, inspectors know that there is material for incoming inspection because raw materials are in the quarantine area. I have seen visual systems, electronic and paper-based systems for notifying QC inspectors of product to inspect. If there is a record indicating that material needs to be inspected—that is the ideal scenario. A follow-up question is, “What are the outputs of the inspection process?” Once again, the auditor should be looking for paperwork. Sampling these records and other supporting records is how the process approach addresses Clause 4.2.4—control of records.

The next step of this approach is to “determine what resources are used by incoming inspection.” This includes gauges used for measurement, cleanliness of the work environment, etc. This portion of the process approach is where an auditor can review calibration, gowning procedures, and software validation. After “With What Resources,” the auditor then needs to identify all the incoming inspectors on all shifts. From this list, the auditor should select people to interview and follow-up with a request for training records.

The sixth step is to request procedures and forms. Many auditors believe that they need to read the procedure. However, if a company has long procedures, this could potentially waste valuable time. Instead, I like to ask the inspector to show me where I can find various regulatory requirements in the procedures. This approach has the added benefit of forcing the inspector to demonstrate they are trained in the procedures—a more effective assessment of competency than reviewing a training record.

Challenging Process Owners

The seventh and final step of the turtle diagram seems to challenge process owners the most. This is where the auditor should be looking for department Quality Objectives and assessing if the department objectives are linked with company quality objectives. Manufacturing often measures first pass yield and reject rates, but every process can be measured. If the process owner doesn’t measure performance, how does the process owner know that all the required work is getting done? The seventh step also is where the auditor can sample and review the monitoring and measurement of processes, and the trend analysis can be verified to be input into the CAPA process.

In my brief description of the process approach, I used the incoming inspection process. I typically choose this process for training new auditors because it is a process that is quite similar in almost every company, and it is easy to understand. More importantly, however, the incoming inspection process does an effective job of covering more clauses of the Standard than most audits. Therefore, new auditors get an appreciation for how almost all the clauses can be addressed in one process audit. If you are interested in learning more about Turtle Diagrams and the process approach to auditing, please register for our webinar on the process approach to auditing.

Posted in: ISO Auditing

Leave a Comment (4) →

Canadian Medical Device Regulations (CMDR): Identifying New Changes

The author reviews a few methods to identify changes to the Canadian Medical Device Regulations (CMDR), including using the “compare” function in MS Word.

One of the most frustrating things about the Canadian Medical Device Regulations (CMDR), SOR/98-282, is the difficulty in identifying what has changed since the previous revision. There is no detailed revision history indicating what changed. This is surprising to me because Canada was the first country to require ISO 13485 certification as a component of the regulatory approval process. Did the Therapeutic Products Directorate (TPD) overlook Clause 4.2.3?

Using MS Word to Compare CMDR Versions

Anyway, before I became an auditor, the way I determined what changed was to use the “compare” function in MS Word to compare the versions of the CMDR. The bottom of the first page indicates, “Current to May 14, 2012.” This is our revision date, and it seems to change every month. Then below this, the document says, “Last amended on December 16, 2011.” This tells us that the last time TPD made a change was in December. Nowhere does CMDR tell us what changed.

On the second page of the CMDR, there is a note at the bottom of the page that supposedly clarifies the revision history:

“This consolidation is current to May 14, 2012. The last amendments came into force on December 16, 2011. Any amendments that were not in force as of May 14, 2012, are set out at the end of this document under the heading ‘Amendments Not in Force’.”

I have never seen a heading titled “Amendments Not in Force.” So here’s what I do:

  1. “Select All” from the current PDF version of the CMDR and another version before the last amendment date: December 16, 2011.
  2. I copy and paste the text from each document into a separate MS Word document.
  3. I save each document with a different date code.
  4. I use the “compare” function to identify the revisions that were made to the pre-December version.
  5. Then I pound my forehead against my desk because I just wasted 15 minutes to verify that the only changes made between August 8, 2011, and May 14, 2012, were as follows:
    • Date of revision throughout the document
    • Table of Provisions pagination was updated to reflect reformatting of Annex 3
    • Section 32.7 – changed wording from “may” to “shall,” and “giving” to “that gave”
    • Annex 3 was reformatted so that the English and French versions appear side-by-side instead of on page 61 & 62 sequentially

Assessing the Impact of Change

So…the next time a third-party auditor asks you for objective evidence that you have assessed the impact of changes to the CMDR, show them this blog posting. If they force you to document the impact analysis of the change of the word “may” to the word “shall” in Section 32.7, request a new auditor quickly. If they ask for documentation of the impact of the tense change in Section 32.7, also request a new auditor quickly.

On a far less amusing note, the following new and revised regulatory requirements occurred on the TPD website:

  1. On May 31, 2012, there was an announcement by HC indicating “Categorization of Therapeutic Products at the Device/Drug Interface.”
  2. On October 19, 2011, the electronic submission pilot for Class IV devices was expanded to Class III devices: “Notice – Guidance for Industry: Preparation of a Premarket Review Document in Electronic Format for a Class III and Class IV Medical Device Licence Application”; this revised guidance document includes a table for Class III applications based upon the STED guidance document from GHTF.

You can also type in “What’s New” into the search engine for the TPD website. The search results can be narrowed down to a year, and postings are typically no more frequent than monthly (eight in 2011; one in 2012).

You should also be aware of the third-party auditor report guidance document (GD211):Guidance on the Content of Quality Management System audit reports. This was released on June 8, 2011. You can also get training on this GD211 format at the US FDA website. The webinars are at the bottom of the list. 

If you are interested in learning more about the CMDR or CMDCAS, please join my LinkedIn CMDCAS Group.

CMDCAS Group Logo Canadian Medical Device Regulations (CMDR): Identifying New Changes

LinkedIn CMDCAS Group Logo

Posted in: Health Canada

Leave a Comment (0) →

FDA Approval Process: “Triage” for 510(k)

The Triage program for 510(k) submissions is reviewed. The goal of this FDA approval process program is to reduce review time from 90 to 30 days.

Thursday, Congress voted 96 to 1 for a bill to increase FDA user fees. The rationale is that the FDA needs more funding to be strong enough to properly regulate foods, drugs, and medical devices. One of the commitments linked with this new funding is to shorten the review of 510(k) submissions. To this end, OIVD has created a new program called “Triage.” The goal of this program is to accelerate the review of specific traditional 510(k) submissions to 30 days instead of 90 days.

In theory, this pilot program will help some companies get their 510(k) clearance letter faster, but simultaneously, the FDA will be able to concentrate resources on high-risk 510(k) submissions. This entire strategy seems to be the opposite of triage. Triage involves sorting sick patients into three categories:

1) Those who are likely to live, regardless of what care they receive

2) Those who are likely to die, regardless of what care they receive

3) Those for whom immediate care might make a positive difference in their outcome

If we apply the triage analogy to 510(k) submissions, we see three categories:

1)      510(k) submissions that are likely to be approved, regardless of how much time the FDA spends

2)      510(k) submissions that are likely to be rejected, regardless of how much time the FDA spends

3)      510(k) submissions whose approval or rejection is not apparent, but the FDA’s earlier involvement in the design and development process would substantially improve review time.

The FDA’s “triage” program is intended to demonstrate improvement in the time required to approve medical devices by sorting submissions into two groups: group #1 above and group # 2/3 from above. This will make the numbers look good, but the FDA should be spending even less time on #2 than it spends on the #1 category of submissions. The FDA should also get involved in group #3 submissions much earlier.

FDA Approval Process

The types of submissions that need more FDA reviewer time are devices that are higher in risk and where special controls guidance documents and or ISO Standards have not already been established for performance and safety testing criteria (i.e., – Category #3 above). In these cases, when a company tries to obtain some feedback from the FDA, they are asked to request a pre-IDE meeting. The company will not be necessarily performing a clinical trial, but this is the only vehicle the FDA has for justifying the time it spends providing feedback on proposed verification and validation testing plans. The FDA needs to develop a new model that is ideally suited for 510(k) products where guidance and Standards do not exist. This would also have the effect of reducing the number of “Not Substantially Equivalent” (NSE) letters the FDA issues.

If a company is developing a device that already has an applicable special controls document or ISO Standard, then the 510(k) pathway should be well-defined without the FDA’s help. Unfortunately, there is no easy mechanism for ensuring compliance with these external standards. This type of submission would benefit from software-controlled submissions and or pre-screening of submissions by third-party reviewers. The Turbo 510(k) software tool could lend itself to software-controlled submissions, but a proliferation of the Turbo 510(k) has been limited.

Submitting a 510(k)

If a company does not submit a 510(k) with all the required elements of a guidance document, the submission should not be processed. Implementation of validated software tools for each 3-letter product code would prevent incomplete submissions. At the very least, companies should be required to provide a rationale for any sections of submission that are not applicable.

One example of a possible software solution is currently used by third-party auditors at BSI. BSI uses a software tool that will not allow the auditor to generate a final report unless all the required elements have been completed. The FDA could use the existing screening checklist and convert this into a similar “SmartForm.” If the submission does not have all the required elements of the checklist, the submission form could not be generated from the software. This forces the task of pre-screening reviews back upon the submitter with the aid of a validated software tool.

The most significant shortfall of the Triage program is the target product types. IVD devices are quite different from other device types. Each IVD has unique chemistry, and there are a limited number of Guidance documents for IVDs, and IVD submissions represent only 10-20% of all submissions. Orthopedic, cardiovascular, general/plastic surgery and radiology devices each represent more than 10% of the submissions, and collectively they represent half of the submissions. These types of devices also have both special controls documents and ISO Standards defining the design inputs for design verification. Therefore, these four device types would be a better choice for a pilot program to expedite reviews.

Posted in: 510(k)

Leave a Comment (1) →

What is a MEDDEV?

The author defines what a MEDDEV is, recent updates, and information resources to learn more.

The most important part of my website is “Helpful Links.” These are the links that I use most in Regulatory Affairs. It started as an auditor’s toolbox, but now I am morphing it into a place to review updates to regulatory requirements and external standards. The MEDDEV’s are on the top of my list. These are the guidance documents written by Competent Authorities. Still, most of the Notified Bodies treat them as requirements and often write nonconformities against at least one of them: MEDDEV 2.12/1 – Medical Device Vigilance System.

Many companies rely on RSS feeds to keep them current on the latest external standards, but this doesn’t work for a MEDDEV. For MEDDEV’s, your best bet is to go to the source. Sure, you can hire a consultant that will try and keep you current. You can also wait until your NB auditor lets you know the hard way (i.e.,. – time to write another administrative CAPA).

For those of you who don’t know the source, it is my #1 “Helpful Link”:

http://ec.europa.eu/health/medical-devices/documents/guidelines/index_en.htm 

When asked how to keep current, my advice is to have a systematic process for checking various sources of external documents. At a minimum, you should be checking all of the possible sources just before each Management Review. This will give you something to include for the requirement in clause 5.6.2h) of the ISO 13485:2003 Standard. “More preferably,” as lawyers would say, check out the website link above at least once per month. For those of you that are completely out of touch, and those that just fell off the University hayride, the following explains why you can’t get away with saying:

“There haven’t been any new or revised regulatory requirements since the last Management Review.”

MEDDEV Updates

There were several updates to the MEDDEVs released as supporting documents for the M5 version of the MDD (93/42/EEC as modified by 2007/47/EC). Specifically, there were four in December 2009 and one in June 2010. Then there were two more MEDDEVs released in December 2010 related to clinical study requirements in Europe. In January 2012, another six MEDDEVs were released, and one more was released in March. Not all of these updates apply to every company, but every RA professional working on CE Marked products has been busy readying themselves to sleep at night.

I could spend some time here telling you a couple of sentences about each of these new MEDDEVs, but someone already did that for me:

http://www.eisnersafety.com/eu-medical-device-meddevs-guidance-docs-newly-rlsed-or-updated/#.T8Oml7Dy-So

One fellow blogger indicated that the MEDDEV 2.5/10, about Authorized Representatives (ARs), was disruptive:

http://medicaldeviceslegal.com/2012/02/09/new-meddev-on-authorised-representatives-everything-you-know-is-wrong/

I don’t agree with Erik Vollebregt about it being disruptive. Erik feels that we can all expect substantial revisions in the AR contracts, but I think the Germany AR’s I have worked with were already moving in this direction. Emergo has been a strong AR all along—with a distinctly more friendly Dutch style to their processes. In the end, I just don’t see Notified Bodies (NBs), making these contracts a priority initiative. I think we’ll see more auditors verifying that contracts are in place and current, but I don’t expect auditors to receive guidance on how to review contracts anytime soon.

The real changes will be in the smaller AR’s that are not European Association of Authorized Representatives (EAAR) members. The Competent Authorities (CAs) have been knocking on the door of various “wannabee” AR’s for a few years now. I think they have done an excellent job of shutting down illegitimate representatives, and the member companies of EAAR (http://www.eaarmed.org/) have done well in raising awareness. The next logical step was to provide some guidance so that there is more consistency among the ARs. I see this as just the beginning of the CA’s moving toward one approach.

Erik wrote another article about MEDDEV 2.12/2 on the subject of Post-Market Clinical Follow-up (PMCF):

http://medicaldeviceslegal.com/2012/01/17/new-eu-guidance-on-post-market-clinical-follow-up-studies-published-and-other-meddev-guidance-announced/

Erik just touched on this MEDDEV briefly, but if your company is a manufacturer of a Class III device that is CE Marked—YOU NEED TO READ THIS MEDDEV!

MEDDEV Whitepaper

As in all things post-market related, BSI has taken the lead by publishing an article that is almost as long as the original MEDDEV. This white paper was written by Dr. Hamish Forster, BSI’s Orthopedic & Dental Product Expert, and the document is called “The Post-Market Priority.” I think you can only obtain a copy of this white paper by requesting it from BSI online, but the customer service person that follows up is quite polite.

BSI’s leadership role in PMCF is not new, either. Gert Bos gave a presentation that highlighted the importance of PMCF back on March 31, 2010:

http://www.bsigroup.nl/upload/Presentatie%2031%20maart%20-%20Gert%20Bos.pdf

My advice for anyone that has a Class III device that is CE Marked is to read this MEDDEV a few times, Annex X 1.1c of the MDD, read the whitepaper, and review these presentations by Gert Bos. This will help you prepare for what is coming. For those of you that think you know something about PMCF and have justified why your company doesn’t need to do it, think again. You should review the 16 bullet points in the MEDDEV on pages 14 and 15 (17 bullets in the whitepaper, but one was just split into two parts). Identify how many of these points apply to your Class III device. The more points that apply to your product, the more extensive the NB’s will expect your PMCF plans to be.

 

Posted in: CE Marking

Leave a Comment (0) →

How to Write Design Control Procedures

The author has reviewed 100+ design control processes in his career, and this blog provides five steps to write design control procedures.

In my previous blog posting, I indicated six things that medical device companies can do to improve design controls. While the last posting focused on better design team leaders (WANTED: Design Team Needs Über-Leader), this posting focuses on writing stronger procedures. I shared some of my thoughts on how to write design control procedures just a few weeks ago, but my polls and LinkedIn Group discussions generated great feedback regarding how to write design control procedures.

No Need to Write Design Control Procedures

One of the people that responded to my poll commented that there was no option in the poll for “zero.” Design controls do not typically apply to contract manufacturers. These companies make what other companies design. Therefore, their Quality Manual will indicate that Clause 7.3 of the ISO 13485:2016 Standard is excluded. If this describes your company, sit back and enjoy the music.

1 Procedure Only

Another popular vote was “one.” If you only have one procedure for design controls, this meets the requirements. It might even be quite effective.

When I followed up with poll respondents, asking how many pages their procedures were, a few people suggested “one page.” These people are subscribing to the concept of using flow charts instead of text to define the design control process. I use the following diagram to describe the design process: The Waterfall Diagram!

waterfall diagram How to Write Design Control Procedures

From the US FDA Website.

I first saw this diagram in the first course I took on Design Controls. This is on the FDA website too. To make this diagram effective as a procedure, we might need to include some references, such as work instructions, forms, the US FDA guidance document for Design Controls, and Clause 7.3 of the ISO 13485:2016 Standard.

Many Design Control Procedures

The bulk of the remaining respondents indicated that their company has eight or more procedures related to design controls. If each of these procedures is short and specific to a single step in the Waterfall Diagram, this type of documentation structure works well. Unfortunately, many of these procedures are a bit longer.

If your company designs software, active implantable devices, or a variety of device types—it may be necessary to have more than one procedure just to address these more complex design challenges. If your company has eight lengthy procedures to design Class 1 devices that are all in the same device family, then the design process could lose some fat.

In a perfect world, everyone on the design team would be well-trained and experienced. Unfortunately, we all have to learn somehow. Therefore, to improve the effectiveness of the team, we write design control procedures for the team to follow. As an auditor and consultant, I have reviewed 100+ design control processes. One observation is that longer procedures are not followed consistently. Therefore, keep it short. Another observed is that well-designed forms help teams with compliance.

Therefore, if you want to re-write design control procedures, try the following steps:

  1. Use a flow chart or diagram to illustrate the overall process
  2. Keep work instructions and procedures short
  3. Spend more time revising and updating forms, instead of procedures
  4. Train the entire team on design controls and risk management
  5. Monitor and measure team effectiveness and implement corrective actions when needed

The following is a link to the guidance document on design controls from the US FDA website. In addition to the comments I made in this blog, please refer back to my earlier blog on how to write a procedure. You can also purchase Medical Device Academy’s design control procedure and forms.

Posted in: Design Control

Leave a Comment (0) →

Design Team – Needs a Superwoman Leader

mona superwoman Design Team   Needs a Superwoman Leader

“Mona Superwoman” by Teddy Royannez (France)

This blog discusses the reasons for a female design team leader and the qualities and skills that she should possess to get maximum results out of her team.

Last November, Eucomed published a position paper titled, A new EU regulatory framework for medical devices: Six steps guaranteeing rapid access to safe medical technology while safeguarding innovation. While I have serious doubts that any government will ever be able to “guarantee” anything other than its own continued existence, I have an idea of how the industry can help.

The position paper identified six steps. Each of these steps has a comparable action that could be taken in every medical device company. My list of six steps is:

Only the best leaders have:

  1. Only one approach to design controls
  2. Stronger internal procedures
  3. Cross-pollination by independent reviewers
  4. Clear communication of project status to management
  5. Better project management skills

The most critical element to success is developing stronger design team leaders. Design teams are cross-functional teams that must comply with complex international regulations while simultaneously be creative and develop new products. This type of group is the most challenging type to manage. To be successful, design team leaders must be “Über-Leaders.”

Critical Design Team Leader Skills

The most critical skills are not technical skills but team leadership skills. The role of a design team leader is to ensure that everyone is contributing, without tromping on smaller personalities in the group. Unfortunately, there are more men in this role than women.

Why is this unfortunate? Because men have difficulty when it comes to listening (takes one to know one).

We need a leader that will be strong, but we also need someone that is in touch with the feelings of others and will use that skill to bring out the best of everyone on the team. This superwoman also needs to earn the respect of the male egos around the table. She needs to be an expert in ISO 14971, ISO 13485, Design Controls, Project Management, and managing meetings. Our beautiful heroine must also be a teacher because some of our team members will not know everything—even if they pretend to.

The Über-Leader will always remind the team that Safety & Efficacy are paramount. As team leaders, we must take the “high road” and do what’s right—even when it delays a project or fails to meet our boss’s unrealistic timetable. Superwoman must demand proof in the form of verification and validation data. It is never acceptable to go with an opinion.

She will remind us that compromise is the enemy, and we must be more creative to solve problems without taking shortcuts that jeopardize safety and efficacy. She will work harder on the project than anyone else on the team. She will keep us on schedule. She will whisper to get our attention, but she won’t be afraid to yell and kick our ass.

As Jim Croce says, “You don’t tug on Superman’s cape.” Superwoman is the only exception to this rule.

 

Posted in: Design Control

Leave a Comment (4) →

Design Input Requirements: 3 Common Errors

The author reviews three common errors related to design input requirements and uses examples to illustrate compliance.

I have been directly involved in dozens of design projects throughout my career, and during the past three years, I have audited 50+ Design Dossiers for CE Marking of Medical Devices. Throughout most of these design projects, I have noticed one common thread—a misunderstanding of design inputs.

ISO 13485 identifies design input requirements. These requirements are:

  1. Functional (7.3.2a)
  2. Performance (7.3.2a)
  3. Safety (7.3.2a)
  4. Statutory/Regulatory (7.3.2b)
  5. Previous and Similar Designs (7.3.2c)
  6. Essential Requirements (7.3.2d)
  7. Outputs of Risk Management (7.3.2e)
  8. Customer Requirements (7.2.1)
  9. Organizational Requirements (7.2.1)
Design Input Requirements: 3 Common Errors Reviewed

The most common error seems to be the failure to include the outputs of risk management. For those of you that have used design FMEA’s—that’s what the right-hand columns are for. When you identify suggested actions to mitigate risks with the current design, these actions should be translated into inputs for the “new and improved” model.

The second most common error seems to be a failure to consider regulatory requirements. There are two ways this mistake is frequently made: 1) Canadian MDR’s were not considered as design inputs for a device intended for Canadian medical device licensing, and 2) an applicable ISO Standard was not considered (i.e., – “State of the Art” is Essential Requirement 2 of the Medical Device Directive (MDD)).

The third most common error, and the one that drives me crazy, is a confusion of design outputs and design inputs. For example, an outer diameter of 2.3 +/- 0.05 mm is not a design input for a 7 French arterial catheter. This is a design output. The user need might be that the catheter must be small enough to fit inside the femoral artery and allow interventional radiologists to navigate to a specific location to administer therapy. Validation that the new design can do this is relatively straight forward to evaluate in a pre-clinical animal model or a clinical study. The question is, “What is the design input?”

Design Input Examples

Design inputs are supposed to be objective criteria for verification that the design outputs are adequate. One example of a design input is that the catheter outer diameter must be no larger than a previous design that is an 8 French catheter. Another possible design input is that the catheter outer diameter must be less than a competitor product. In both examples, a simple measurement of the OD is all that is required to complete the verification. This also gives a design team much more freedom to develop novel products than a narrow specification of 23 +/- 0.05 mm allows for.

If you are developing a Class II medical device for a 510(k) submission to the FDA, special controls guidance documents will include design inputs. If you are developing a Class IIa, Class IIb, or Class III medical device for CE marking, there is probably an ISO Standard that lists functional, performance, and safety requirements for the device. Regulatory guidance documents and ISO Standards usually reference test methods and indicate acceptance criteria. When you have a test method and acceptance criteria defined, it is easier to write a verification protocol. Therefore, design teams should always strive to document design inputs that reference a test method and acceptance criteria. If this is not done, verification protocols are much more difficult to write.

In my earlier example, the outer diameter of 2.3 +/- 0.05 mm is a specification. Unfortunately, many companies would document this as an input and use the final drawing as the output. By making this mistake, “verification” is simply to measure the outer diameter to verify that it matches the drawing. This adds no value, and if the specifications are incorrect, the design team will not know about it.,

A true verification would include a protocol that identifies the “worst-case scenario,” and verifies that this still meets the design input requirements. Therefore, if the drawing indicates a dimensional tolerance of 2.3 +/- 0.05, the “worst-case” is 2.35 mm. The verification process is to measure either a previous version of the product or a competitor’s catheter. The smallest previous version or competitor catheter tested must be larger than the upper limit of the design output for the outer diameter of the new catheter.

Posted in: Design Control

Leave a Comment (3) →

Best In Class Process Validation Program

This blog reviews a best in class CNC machining process validation program. Our author writes, “In general, the best approach is a risk-based approach.”

The original question from a former client was: “What does a best in class CNC machining process validation program look like?” Although I intend to answer this question, I know a few other clients that have done a great job of this. Hopefully, they will add their own opinions as a comment. Therefore, I am expanding the scope of this question to validation in general.

Process Validation

The problem with validation is that you can always do a more thorough validation. Only in the cases of processes, such as sterilization, do we have ISO Standards that tell us what is required. Otherwise, we are usually the experts, and we have to use our judgment as to what is necessary. In general, the best approach is a risk-based approach.

For each design specification established for a component, we also need to identify what process risks are associated with failure to meet the specification. Most companies perform a process Failure Modes and Effects Analysis (pFMEA). This risk analysis has three quantitative components: 1) severity of the failure’s effect, 2) probability of occurrence, and 3) detectability. The first factor, severity, is based upon the intended use of the device and how that component failure impacts that use. Usually, it is important to have a medical professional involved in this portion of the estimation.

The second factor, probability, is typically quantified during process validation activities. One company I audited developed a ranking scale for the probability that was linked directly to the CpK of the process. Higher CpK values received lower scores because the process was less likely to result in an out-of-specification component. Another company I worked for used a six-point logarithmic scale (i.e., – 10e-6 = 1, 10e-5 = 2, 10e-4 = 3, 10e-3 = 4, 10e-2 = 5, and 10e-1 = 6). This logarithmic scale was based on sterilization validation, where a sterility assurance level of 10e-6 is considered “validated.”

The third factor, detectability, is best estimated by using a quantitative scale that is based upon a gauge R&R study or some other method of inspection method validation.

Most companies struggle with the determination of what is acceptable for design risk analysis. However, for process risk analysis, it is usually much easier to quantify the acceptable risk level.

Corrective Action

Once you have determined that a process is not acceptable at the current residual risk level, then you must take corrective actions to reduce the risk. The first step to achieve this should be to review the process flow. There are critical control points that can be identified in the process flow. One of those places is at the end of the process at the inspection step in the process.

The inspection step in the process flow affects the detectability of defects. For many automated processes, such as CNC machining, it is not reasonable to perform 100% inspection. Therefore, these processes require validation. Most engineers make the mistake of trying to validate every dimension that is machined. However, only some of the aspects result in device failures. These are the dimensions that are critical to validate. The best practice is to calculate the process capability for meeting each of these critical specifications (i.e., – CpK). A minimum threshold should be established for the CpK (refer back to the process risk analysis for ideas on linking CpK to risk acceptance). Any CpK values below the threshold require a more consistent process. These are the component specifications that should be the focus of process validation efforts.

During a process validation, it is often advisable to perform a Design Of Experiment (DOE) in order to quantify the effects of each process variable. Typically a DOE will evaluate the impact on CpK for each variable at a high, low, and middle value, while other variables are maintained at nominal values. Any variables that appear to have a significant impact on the CpK are candidates for performing an Operational Qualification (OQ). For a machining process, this could include spindle speeds, feed rates, and material hardness. If variation of the variable has little or no impact upon the CpK, then there is probably little benefit to the inclusion of this variable in an OQ.

The output of an OQ validation should be high and low limits for each process variable that will result in a “good” part. Performance Qualification (PQ) validation is the final step of process validation. In the PQ, most companies will conduct three repeat lots at nominal values for the variables. If the OQ is designed well, there is often little added value in the PQ. Therefore, the sample size is typically three lots of 10 samples each. If the OQ validation does not clearly identify safe operating limits for the variables, or the process has the marginal capability (i.e., – a low CpK), then the OQ should be repeated, and an additional DOE may be needed.

Information Resources

Here are a few information resources for those of you that are in “Deviceland”

  1. Guidelines for the Validation of Chemical Methods for the FDA Foods Program (3/22/2012) – http://www.fda.gov/downloads/ScienceResearch/FieldScience/UCM298730.pdf
  2. Process Validation: General Principles and Practices (January 2011) –  http://www.fda.gov/downloads/Drugs/…/Guidances/UCM070336.pdf
  3. Guidelines for the Validation of Analytical Methods for the Detection of Microbial Pathogens in Foods (9/8/2011) –  http://www.fda.gov/downloads/ScienceResearch/FieldScience/UCM273418.pdf
  4.  CPG Sec. 490.100 Process Validation Requirements for Drug Products and Active Pharmaceutical Ingredients Subject to Pre-Market Approval (3/12/2004) –  http://www.fda.gov/ICECI/ComplianceManuals/CompliancePolicyGuidanceManual/ucm074411.htm?utm_campaign=Google2&utm_source=fdaSearch&utm_medium=website&utm_term=validation&utm_content=3
  5. Q2 (R1) Validation of analytical procedures: text and methodology (June 1995)http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/general/general_content_000431.jsp&mid=WC0b01ac0580029593&jsenabled=true

Posted in: ISO Certification

Leave a Comment (0) →

The Vendor Audit Agenda: Where to Spend Your Time

This blog discusses the importance of reviewing previous quality issues and specific areas where the author likes to spend his time during a vendor audit.

When you attend a lead auditor course, the focus is on Quality System auditing. However, when you perform a supplier audit—the Quality System is not the focus. The focus of a supplier audit can fall into two primary categories: 1) qualifying the supplier, or 2) re-evaluating the supplier.

Suppliers are not required to have a registered Quality System or ISO 13485 certification. Therefore, many of the things that an auditor might learn about audit agendas in a lead auditor course just don’t apply. However, one thing always applies: reviewing previous quality issues. When I audit internal auditing and supplier auditing programs, I find that one of the most common mistakes is the failure to close-out previous nonconformities. Therefore, the second section of my audit report template is a review of prior audit findings. If you have no previous findings, ensure your audit report states that. If you are qualifying a new supplier, ensure that the new supplier doesn’t have the same problems you are having with current suppliers.

When you close the previous issues, there are two approaches. The first approach is to close previous issues at the beginning of the audit—immediately after the opening meeting. This is the most common strategy. The second approach is to close previous issues as you audit the applicable area. For example, if you have previous problems in the area of incoming inspection and maintenance records, it might make sense to close these findings when you audit these areas. The advantage of this second approach is that it ensures that the process owner is closing the previous finding and facilitates the sampling of additional records.

What has little value in the supplier audit agenda? Auditing the Management Review process has the least value because the supplier is not required to have a Quality Management System. In fact, subcontractor audits for BSI never include management reviews, CAPAs, or internal audits—the three required areas for every quality system audit.

Most Valuable Areas to Audit?

Incoming inspection, control of nonconforming materials, preservation of the product, production controls, training, and process validation are the areas I typically audit. I like to start in the nonconforming material area and see which materials are on hold. Then I like to sample the incoming inspection records for those raw materials. Next, I want to see how the company is storing those raw materials—if they are accepted. I typically cover these three areas as one process audit. This also happens to be the process audit I like to use for training new auditors, because of the audit of incoming inspection results in numerous audit trails in the support process areas of document control, training, calibration, etc.

The next area I will visit is the production area. For this portion of the audit, I am doing a process audit of the production process. I usually request that we schedule the audit for a time when the production area is running the product(s) of interest. A process flow chart helps plan this portion of the audit, and I will often write some notes directly on a copy of the process flow chart.

I conclude the audit with follow-up trails in the areas of 1) document control (to ensure the supplier has the most current versions of all documentation “we” provided), 2) calibration (to ensure that all measurement devices used for inspection are calibrated), and 3) training (to ensure that all personnel working on “our” product are appropriately trained).

Since I do not have to spend time on Quality System issues during a supplier audit, I spend more time sampling records in the other areas. Therefore, I might sample 5-10 records in each of the above areas instead of 3-4 records. If the number of samples available to sample is small, I may even sample 100% of the records.

Posted in: Supplier Quality Management

Leave a Comment (2) →
Page 27 of 29 «...10202526272829