Blog

The Supplier Survey with a Twist

This blog suggests that your supplier survey form need be only one page to contain pertinent supplier data information.

I must admit, the first supplier survey I ever used was copied from another company, and we just changed the header. You might think this is entirely unethical, but get real. I have seen that same survey form during at least a dozen audits I have done over the past decade. I have also had to fill out that document.

You know the one…it’s Twenty-nine pages long and asks you a bunch of inane questions that nobody will care about.

Supplier Survey Suggestions

To fix the mess we have all created, I have a few simple suggestions:

  1. Don’t copy another supplier survey form. Make your own form instead
  2. Cut your survey down to ONE page
  3. Focus on collecting supplier information first
  4. Require suppliers to update this form at least annually, or when they change something
  5. Ask open-ended questions

Twenty-nine pages are insane. Who thought that was a great idea? I think the theory behind this approach is that we will screen out the inferior suppliers that don’t want our business in the first place. In reality, management delegates the completion of this form to a subordinate that they want to punish. I don’t think I need to explain the theory behind a one-page document.

You need supplier contact information, size of the facility, number of employees, shifts, website, software capability, etc. This is obvious information that you need to know about your supplier.

Make sure you give the supplier this form in MS Word format so that they can fill it in with minimal effort. Next year, when you want them to fill it out again, give them the original in MS Word format so that they can redline changes. This makes it easy to see what changed and reduces the effort required to update this annually. Why do you need a signature and date on this stupid form? I do not know. If you can think of a good reason, go ahead and make your supplier sign and date the form. If you can’t, don’t require a signature and date just because everyone else does.

You should have a supplier agreement that requires notification of changes. This should include significant changes to the QMS. Updating the supplier survey is a great way to do this—especially if the supplier can redline the previous version.

Closed-Ended and Open-Ended Questions

My last suggestion is probably the most valuable. Remember the difference between closed-ended and opened-ended questions. “Closed-ended” questions ask for a response of “Yes” or “No.” It makes it easier to complete 29 pages in less than a day, but it’s also easy to identify the answer that the customer wants to hear.

For those of you that have Canadian Medical Devices Conformity Assessment System (CMDCAS) certification, take a look at GD210 sometime. The back of this document has a checklist with clause-by-clause questions. 100% of these questions are “closed-ended.”  Here’s an example: For clause 5.6.2, the GD210 checklist asks, “Is a review of new or revised MDR part of the input to management review?” Examples of “open-ended” questions related to clause 5.6.2 would be:

When was your last Management Review?

  1. What were the new or revised regulatory requirements discussed in the last Management Review?
  2. Who was in attendance at the last Management Review?
  3. How many action items resulted from the last Management Review?

You should notice that not only are these three questions open-ended, but these are also all non-proprietary questions that a supplier should be willing to answer.

Posted in: Supplier Quality Management

Leave a Comment (3) →

Supplier Risk Management: Which Suppliers Should You Audit?

This blog presents a few thoughts on supplier risk management related to criteria in evaluating suppliers and determining which suppliers you should audit.

There are two criteria that are the most popular for the evaluation of suppliers:  1) the percentage of lots accepted and 2) the percentage of on-time delivery. Both of these metrics have potential limitations. For example, what if a good supplier ships only two shipments this year, and there is a problem with one delivery? The reverse is also possible. What if a poor supplier ships lots every week? Ten bad lots per year will result in an 80% quality rating.

On-time delivery has other issues, such as does purchasing update the due date in the MRP system when they ask suppliers to push out the delivery date due to soft sales volume? If a supplier expedites an order in half the standard turnaround time in their “best-effort” to meet your requested due date, should they receive a negative result for percentage on-time delivery if they are one week late?

The points above help identify the limitations of supplier metrics. In the end, if you have a critical supplier—there is no substitute for auditing them. Unfortunately, auditing costs money. So which suppliers should you visit?

The “critical suppliers” is often the answer, but how do you decide who is critical? Well, …benchmarking is a good idea. For example, a Notified Body (NB) must audit “critical suppliers” that do not have ISO 13485 certification. They define “critical” as subcontractors that perform high-risk processes, such as contract sterilization, subcontractors that perform contract packaging and suppliers that manufacture finished devices. Health Canada even provides some guidance on the definition of critical subcontractors, and how the NB shall determine which “subies” need to be audited.

Internally, your supply chain and quality assurance team have to develop a list of suppliers that will be audited. In general, I recommend that all “critical” suppliers be audited at least once every three years (equal to the certification cycle). However, your auditing schedule is a plan that should have “wiggle room.”

For example, if you weren’t planning to visit an existing supplier until next year or the following year, and suddenly there is a new quality issue with that supplier, you may want to add a “for cause” audit of their facility to your supplier audit schedule. You might want to add suppliers near another supplier you were going to audit anyway to reduce travel costs.

Practically speaking, you might decide to audit your ten worst suppliers each year. This might be determined by qualitative, cross-functional rankings, rankings for nonconforming materials, or by the number of supplier corrective action requests. There is no “right” or “wrong” way to determine which suppliers should be audited. However, the best companies have strong supplier quality programs to reduce scrap and the need to perform inspections.

Posted in: Supplier Quality Management

Leave a Comment (0) →

Qualifying a Supplier That Doesn’t Have a Quality Management System

This blog proposes a simple solution for how to qualify a supplier that doesn’t have a quality management system.

You are ignoring the obvious question of why doesn’t a medical device supplier have a quality management system. If you are a contract manufacturer, you should ensure that you have a clause in your supplier qualification procedure that says you don’t need to qualify suppliers that are mandated by your customers. If your response to this suggestion is “Duh,” you haven’t conducted many supplier audits of contract manufacturers. As my buddy, Tim says, “You need to leave somewiggle room’ in your procedures.” This is also good advice for all 19 of your top-level procedures that get audited each year.

For the remaining suppliers you are considering to add to your Approved Supplier List (ASL), you need a SIMPLE set of criteria for how you qualified the supplier. Guess what that magical document should be? (Answer to be provided shortly)

Many companies use a supplier self-evaluation survey. I’m almost certain that I have bashed these nearly useless documents before, but if I failed to do this, …most of them are problematic. A one-page supplier information form seems more appropriate. No signature required! And please make it a Word document.

The supplier qualification procedure needs to be generic for all raw materials and services you purchase. The problem is that everything you purchase has different requirements. So instead of wasting your time with writing one procedure that has wiggle room for every single product or service, you will ever purchase, don’t even try. Instead, write a SIMPLE procedure. This procedure needs only to be one page long. It needs four requirements:

1)      New suppliers must complete a supplier information form and submit it to the company. This should be updated at least once every 12 months and whenever there is a change to the information provided (i.e., – notification of change).

2)      You need at least two people to approve the addition to the Quality Management System. This can be done on your ECO or DCO form for changing the ASL. If the supplier is customer-mandated, you need the customer’s approval and the purchasing managers. If the supplier is internally selected, you need at least purchasing and QA to approve it.

3)      You should have an objective criterion (probably more than one requirement) that is product/service-related for acceptance of the supplier. This criterion SHALL be under document control, and the revision shall be communicated to the supplier when orders are placed. See ISO 13485:2003, section 7.4.2 (Purchasing Information).

4)      Finally, you need a reference to your purchasing procedure (one of the required 19 documents) and your supplier re-evaluation procedure.

If you have not already guessed, the “magical” document is called a purchasing specification or raw material specification for raw material items. For capital equipment, you may require that a capital expenditure justification be completed instead of the purchasing specification. For a calibrated instrument, tool, or fixture, you may request that requirements of the instrument/tool/fixture are documented in the applicable procedure or work instruction. For example, for measurement of this cannula, a calibrated optical comparator is required with 20x magnification. Reference the inspection procedure or drawing, and you are done.

For those of you that would like to keep your ASL shorter, which I recommend, if you don’t think you will be using the supplier more than once, you might want to give the buyer the option of documenting the purchasing specification on the purchasing requisition instead. This might be very helpful for those engineers that are doing R&D or validation work. For example, I need a bag of resin that meets the following raw material specifications—but we don’t currently use this material, and I’m not ready to submit one for approval. That’s why the engineer is ordering the bag of resin. She needs to test the material in the application and gather some preliminary data as justification for the new raw material specification.

There are 100’s of other ways to qualify your suppliers, and many of them work well if you follow your procedure. If your procedure is SIMPLE, your Monday’s will be better.

 

Posted in: Supplier Quality Management

Leave a Comment (0) →

Supplier Management: Who Should Be Conducting Supplier Audits in Your Company?

This blog reviews which a vital supplier management issue, which personnel should be conducting specific types of audits for the company.

Today, I would like to start by asking a question: Who does supplier audits at your company?

I believe that there are three primary purposes for conducting supplier audits:

1) “For cause” audit, where the auditor is investigating the root cause of a nonconformity

2) Qualification audit, where the auditor is assessing if the supplier should be added to the Approved Supplier List (ASL)

3) Re-evaluation audit, where the auditor is verifying that the supplier is maintaining proper production controls

The problem with these three audits is that most companies send the same people—regardless of the purpose. Usually, companies send a purchasing manager or a supplier qualify engineer to conduct supplier audits. Occasionally, the two will do a team audit. Resources for auditing suppliers are tight in most companies. Therefore, I do not recommend this “one size fits all” approach. Instead, I believe that each purpose should be matched up with a specific type of auditor.

“For cause” audits need a supplier quality engineer who has strong investigational skills and will be able to identify the root cause(s) of a nonconformity. The auditor should also be capable of training the supplier on how to respond effectively to a Supplier Corrective Action Request.

Qualification audits are ideal opportunities for a team approach. There are quality issues to consider, but there are also financial scheduling and capacity issues. A cross-functional team approach works best in this case. A team also reduces the potential for biased individuals making inappropriate recommendations.

Re-evaluation audits should not be conducted by purchasing or supplier quality engineers. The reason is that neither position is typically responsible for performing an incoming inspection. If you don’t perform inspections regularly, you may not be aware of all the problems to search for. Therefore, I recommend using QC inspectors for this activity. QC inspectors know precisely which quality issues have been found recently because the QC inspectors identify the defects during incoming inspection, in-process inspections, and during final inspections.

I don’t think that my approach to “For Cause” or Qualification audits is unusual. However, using QC inspectors to perform supplier audits is uncommon. There are two other reasons why I believe companies should consider this approach. First, inspectors would get a rare opportunity to go on a business trip and be reimbursed for the travel. For those employees that rarely travel, this can be an opportunity for recognition by management and a perk (i.e., – free meal, lodging, and travel). Second, supplier quality engineers could easily fill in for a QC inspector to become more familiar with parts and components, as well.

Posted in: Supplier Quality Management

Leave a Comment (3) →

Auditor Job Responsibilities: The Toughest Thing to Do

The author reveals his thoughts related to auditor job responsibilities and what the toughest thing to do is.

Today was my last day as an external resource for BSI,  and tomorrow will be my last day as an independent consultant. On March 1st, I begin a new job as Sr. Regulatory Affairs Manager for Delcath Systems, Inc. in Queensbury, NY. I am grateful to everyone that I had the pleasure of meeting during the past two-and-half years as a 3rd party auditor, instructor, and consultant. I have learned so much from you all. Your parting wishes were very kind and supportive. I sent out emails to as many of you as I could to notify you of this change. Instead of brief acknowledgment and “Good Luck!” I received genuine words of thanks and compliments that made me feel very lucky that we have had such an unusual relationship for an auditor and auditee—very much like cats and dogs that learn to live together in the same house.

One of you described the typical relationship with an auditor quite well, “Having an auditor come to your place is always a somehow stressful time. You are always afraid of failing somewhere.” This same person sent me an email last night saying, “I feel like you are one of my friends.” Another auditee walked by another team member and me a few weeks ago while we were waiting for a ride. Instead of avoiding eye contact and walking right on by, he stopped and thanked us for really helping to bring attention to areas that need improvement. This same gentleman had endured a tough interview by me, where I pointed out mistakes in drawings, procedures, and his own QC inspection of incoming raw materials. This person has the right attitude.

Auditor Job Responsibilities

As an auditor, we must come to a conclusion as to whether the evidence we collect demonstrates conformity or nonconformity. When we identify nonconformities, we must explain our findings. The toughest part of the job is how to “break the news.” If you do it well, the auditee will agree with you and thank you for helping to improve the quality system. If you do it poorly, the auditee will resent you and may even toss you out on your ear.

In my first-ever ISO certification audit, I was the auditee, and the auditor that interrogated our team was horrible. Not only did the auditor “break the news” poorly, but the conclusions were also wrong in several instances. To make matters worse, the CEO and the regulatory consultant I had hired were so upset with our auditor that I had to play referee just to keep them from killing the auditor. We received a recommendation for ISO 13485 certification at the end of that audit, but I learned a valuable lesson: “Always look at an audit as an opportunity to improve.” The worst that can happen is that the auditor will require you to implement corrective action. The best that can happen is that you will need to perform internal audits to identify opportunities for corrective actions on your own. Who cares who finds the opportunities to improve?

Auditors and auditees maybe cats and dogs, but we should learn to help each other get better without getting upset or feeling anxious.

My third-party auditing days may be done, but I will continue to share my thoughts through this blog, and I hope you will share your feedback too.

Posted in: ISO Auditing

Leave a Comment (2) →

When to Initiate a Corrective And Preventative Action (CAPA)

This blog reviews the differences between corrective action and preventive action, and when to initiate corrective and preventive action.

I’ve completed almost 100 audits in the past two years, and I review the Corrective Action and Preventive Action (CAPA) process during every single audit. Surprisingly, this seems to be a process with more variation from company to the company than almost any other process I review. This also seems to be a major source of nonconformities. In the ISO 13485 Standard, clause 8.5.2 (Corrective Action) and clause 8.5.3 (Preventive Action) have almost identical requirements. Third-party auditors, however, emphasize that these are two separate clauses. We are purists. Although we acknowledge that companies may implement preventive actions as an extension of corrective action, we also expect to see examples of actions that are strictly preventive in nature.

Many companies seem to be confused, but it doesn’t need to be.  Just ask yourself one question. What is the source of this action?

If the answer is a complaint, audit nonconformity, or rejected components—then your actions are corrective.

If the answer is a negative trend that is still within specifications or an “Opportunity For Improvement” (OFI) identified by an auditor—then your actions are preventive.

Root Cause Investigation

If you are investigating the root cause of a complaint, people will sample additional records to estimate the frequency of the quality issue. I describe this as investigating the depth of a problem. The FDA emphasizes the need to review other product lines, or processes, to determine if a similar problem exists. I describe this as investigating the breadth of a problem. Most companies describe actions taken on other product lines and/or processes as “preventive actions.” This is not always accurate. If a problem is found elsewhere, actions taken are corrective. If potential problems are found elsewhere, actions taken are preventive. You could have both types of actions, but most people incorrectly identify corrective actions as preventive actions.

Another common mistake is to characterize corrections as corrective actions.

The most striking difference between companies seems to be the number of CAPAs they initiate. There are many reasons, but the primary reason is the failure to use a risk-based approach to CAPAs. Not every quality issue should result in the initiation of a formal CAPA. The first step is to investigate the root cause of a quality issue. The FDA requires that the root cause investigation is documented, but if you already have an open CAPA for the same root cause…

DO NOT OPEN A NEW CAPA!!!

If you do not have a CAPA open for the root cause that you identify, then what should you do?

I know this will shock everyone, but…it depends.

The image below gives you my basic philosophy.

death by capa When to Initiate a Corrective And Preventative Action (CAPA)

 

 

 

 

 

 

 

 

Most investigations document the estimated probability of occurrence of a quality issue. This is only half of the necessary risk analysis I describe below. Another aspect of an investigation is to document the severity of potential harm resulting from the quality issue. If customer satisfaction, safety, or efficacy are affected by a quality issue—the severity is big. Risk is the product of severity and probability of occurrence.

Estimated Risk-Initiating a Corrective And Preventive Action (CAPA)

If the estimated risk is low and the probability of occurrence is known, then alert limits and action limits can be statistically derived. These quality issues are candidates for continued trend analysis—although the alert limit or action limit may be modified in response to an investigation. If the trend analysis results in identifying events that require action, then that is the time when a formal CAPA should be opened. If the trend remains below your alert limit, then no formal CAPA is needed.

If the estimated risk is moderate or the probability of occurrence is unknown, then a formal CAPA should be considered. Ideally, you will be able to establish a baseline for the occurrence and demonstrate that frequency decreases upon the implementation of corrective actions. If you can demonstrate a significant drop in frequency, this verifies the effectiveness of actions taken. If you need statistics to show a difference, then your actions are not effective.

If the estimated risk is high, or there are multiple causes that require multiple corrective actions, a quality improvement plan may be more appropriate. There are two clauses in the Standard that apply. Clause 5.4.2 addresses the planning of changes to the Quality Management System. For example, if you correct problems with your incoming inspection process—this addresses 5.4.2. Clause 7.1 addresses the planning of product realization. For example, if you correct problems with a component specification where the incoming inspection process is not effective, this addresses 7.1. Depending upon the number of contributing causes and the complexity of implementing solutions, the plan could be longer or shorter. If it will take more than 90 days to implement corrective action, you might consider the following approach.

Step 1 – open a CAPA

Step 2 – identify the initiation of a quality plan as one of your corrective actions

Step 3 – close the CAPA when your quality plan is initiated (i.e., – documented and approved)

Step 4 –verify effectiveness by reviewing the progress of the quality plan in management reviews and other meeting forums…you can cross-reference the CAPA with the appropriate management review meeting minutes in your effectiveness section

If the corrective action required is the installation of new equipment and validating that equipment, the CAPA can be closed as soon as a validation plan is created. The effectiveness of the CAPA is verified when the validation protocol is successfully implemented and a positive conclusion is reached. The same approach also works for implementing software solutions to better manage processes. The basic strategy is to get the long-term improvement projects started with the CAPA system, but monitor the status of these projects outside the CAPA system.

Best practices would be the implementation of six-sigma projects with formal charters for each long-term improvement project.

NOTE: I believe in closing CAPAs when actions are implemented, and tracking the effectiveness checks for CAPAs as a separate quality system metric. If closure takes more than 90 days, the CAPA should probably be converted to a Quality Plan. This is NOT intended to be a “workaround” to give companies a way to extend CAPAs that are not making progress in a timely manner.

Posted in: CAPA

Leave a Comment (5) →

But What About FDA Regulations?

The author writes that when you are auditing, you should always read the FDA regulations again to ensure accuracy.  

I hear this question, or a question with similar wording, quite frequently when I am auditing. Typically, the question is in response to a better way to do something that seems simple and efficient. Most people seem to approach regulatory requirements with the approach of…let’s bury the regulator in paperwork. While it’s true that auditors expect a certain amount of paperwork with each regulatory requirement, they frequently accept a broader range of documentation than people realize (i.e., one page can be enough).

For example, a design control procedure could be a one-page flowchart that references forms and work instructions, or twelve separate documents, with a minimum length of ten pages and a maximum of forty pages per document. As long as the procedure has sufficient detail for personnel performing these tasks, and all the required elements are included, ISO clauses 7.3.1-7.3.7. An auditor should identify the process as conforming.

However, some people are FDA inspectors looking for NONCONFORMITY!

In the case of inspectors, it is critical to present your information in such a way that it is easy for the inspector to see how you meet the requirements of the regulations. One of the best ways to do that is to reference the requirements directly in your procedures.

For those that prefer finesse try to organize information following the regulations. For example, if I am writing a procedure for an ISO registration audit, I write the procedure to specifically address the ISO sub-clauses. I might even use a document control number like SOP-73 for my “Design and Development” procedure.

In my previous blog posting, http://bit.ly/AuditHours, I suggested a slight change to the scheduling of internal audits. To ensure this meets FDA requirements, the key is to READ THE REGULATIONS AGAIN. Concerning internal auditing, the applicable FDA regulation is 21 CFR 820.22:

“Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action (s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and reaudits shall be documented.”

The above requirement is quite vague concerning how many auditors and how many days must be spent auditing. These are the variables I suggested changing in my previous blog http://bit.ly/AuditHours. The FDA regulation 21 CFR 820.22 is specific, however, with regard to documenting the “reaudit” of any deficiencies found during an audit. This prescriptive requirement can be met by reviewing previous audit findings of all audits with the audit program manager during the audit preparation process. The audit program manager can facilitate the assignment of which auditor will reaudit each discovery. This may require a few more minutes of audit preparation, but this should not measurably impact the overall time allocated to an audit.

I do this out of habit when I am performing internal audits on behalf of clients, but if I am auditing the internal audit process of a client—now I’ll remember to point out this additional requirement that is specific to the FDA and not included in the ISO Standard. This is why we should always READ THE REGULATIONS AGAIN.

 

Posted in: FDA

Leave a Comment (0) →

Improving Your ISO Internal Auditing Schedule

 

The author provides tips on how to improve the efficiency and effectiveness of your internal auditing schedule.%name Improving Your ISO Internal Auditing Schedule

Each week I audit a different company, or I teach a group of students how to audit. In the courses I teach, I use a slide that gives an example of an internal auditing schedule (see the example above). On the surface, this example seems like a good audit schedule. There are 12 auditors performing two audits each year. If each auditor spends a day auditing, and another day writing the report, the combined resources equal 48 days (~$20,000) allocated to auditing, and each person spends less than two percent of their work year auditing.

Unfortunately, I have learned that the quality of auditing is directly related to how much time you spend auditing. Therefore, I recommend using fewer auditors. There is no perfect number, but “less is more.” My example also has another fundamental weakness. The internal auditing schedule does not take full advantage of the process approach to auditing. Instead of performing an independent audit of document control and training, these two clauses/procedures should be incorporated into every audit. The same is true of maintenance and calibration. Wherever maintenance and calibration are relevant, these clauses should be investigated as part of auditing that area.

For example, when the incoming inspection process is audited, it only makes sense to look for evidence of calibration for any devices used to perform measurements in that area. For a second example…when the production area is being audited, it only makes sense to audit maintenance of production equipment too.

If the concept of process auditing is fully implemented, the following ISO 13485 clauses can easily be audited in the regular course of reviewing other processes: 4.2.1), Quality System Documentation, 4.2.3), Document Control, 4.2.4), Record Control, 5.3), Quality Policy, 5.4.1), Quality Objectives, 6.2.2), Training, 6.3), Maintenance, 6.4), Work Environment, 7.1), Planning of Product Realization & Risk Management, 7.6), Calibration, 8.2.3), Monitoring & Measurement of Processes, 8.5.2), Corrective Action, and 8.5.3) Preventive Action. This strategy reduces the number of audits needed by more than half.

Internal Auditing: Upstream/Downstream Examples

Another way to embrace the process approach to auditing is to assign auditors to processes that are upstream or downstream in the product realization process from their own area. For example, Manufacturing can audit Customer Service to understand better how customer requirements are confirmed during the order confirmation process. This is an example of auditing upstream because Manufacturing receives the orders from Customer Service—often indirectly through an MRP system. Using this approach allows someone from Manufacturing to identify opportunities for miscommunication between the two departments. If Regulatory Affairs audits the engineering process, this is an example of auditing downstream. Regulatory Affairs is often defining the requirements for the Technical Files and Design History Files that Engineering creates. If someone from Regulatory Affairs audits these processes, the auditor will realize what aspects of technical documentation are poorly understood by Engineering, and quickly identify retraining opportunities.

One final aspect of the example internal auditing schedule that I think can be improved is the practice of auditing the same process twice per year. This practice doesn’t seem to work very well for a few reasons. First, it requires that an auditor prepare for an audit twice per year and write two reports, instead of one. This doubles the number of time auditors spends in preparation and follow-up activities associated with an audit. Second, increasing the number of audits naturally shortens the duration of each audit. It is more difficult for auditors to cover all the applicable clauses in a shorter audit because it takes time to locate records and pursue follow-up trails. Longer audits, covering more clauses, make it easier for the auditor to switch to a different clause while they are waiting for information. Third, if an area is audited every six months, it is often difficult to implement corrective actions and produce evidence of effectiveness before the area is due for auditing again.

I can’t provide a generic internal auditing schedule that will work for every company or even show how all the clauses will be addressed in one table. I can, however, provide an example of an improved schedule that illustrates the above concepts. This example (see below) uses four auditors instead of 12, and the number of days planned for each audit is two days instead of one. The preparation and reporting time is still one day per audit. Therefore the combined resources equal 24 days (~$10,000) allocated to auditing, and each person spends two and one-half percent of their work year auditing. My intention is not to create the perfect plan, but to give audit program managers some new ideas for more efficient utilization of resources. I hope this helps, and please share your own ideas as comments to this posting.

%name Improving Your ISO Internal Auditing Schedule

Posted in: ISO Auditing

Leave a Comment (6) →

Learning Pyramid – 4 Levels of Learning

The author discusses the four levels of learning in the Learning Pyramid, and the lessons learned when he taught an ISO 14971 Risk Management course.%name Learning Pyramid   4 Levels of Learning

I am in Canada, it’s almost midnight, and my client has me thinking so hard that I can’t sleep. I am here to teach the company’s Canadian facility about ISO 14971:2007—the ISO Standard for Risk Management of medical devices.

Most of the companies that request this training are doing so for one of two reasons: 1) several of their design engineers know almost nothing about risk management, or 2) they have several design engineers that are quite knowledgeable concerning risk management, but these engineers have not maintained their credentials, and their last risk management training was related to the 2000 version of the Standard. This company falls into the second category.

I always tell students that I learn something by teaching each course. From this company, however, I have learned so much. This company has forced me to re-read the Standard several times and reflect on the nuances of almost every single phrase. I have learned more about this Standard in one month than I learned in the 3.5 years since I first took the course I am now teaching. 

The four levels of the Learning Pyramid

I have developed a model for learning that explains this phenomenon. I call this model the “Learning Pyramid.” At the base of the pyramid, there are “Newbies.”

This is the first of four levels. At the base, students read policies and procedures with the hope of understanding.

In the second level of the pyramid, the student is now asked to watch someone else demonstrate proper procedures. One of my former colleagues has a saying that explains the purpose of this process well, “A picture tells a thousand words, but a demonstration is like a thousand pictures.” This is what our children call “sharing time,” but everyone over 40 remembers this as “show and tell.”

In the third level of the pyramid, the student is now asked to perform the tasks they are learning. This is described as “doing,” but in my auditing courses, I refer to this process as “shadowing.” Trainees will first read the procedures for Internal Auditing (level 1). Next, trainees will shadow the trainer during an audit as a demonstration of the proper technique (level 2). During subsequent audits, the trainees will audit, and the trainer will shadow the trainee (level 3). During this “doing” phase, the trainer must watch, listen, and wait for what I call the “Teachable Moment.” This is a moment when the trainee makes a mistake, and you can use this mistake as an opportunity to demonstrate a difficult subject.

Finally, in the fourth level of the Learning Pyramid, we now allow the trainee to become a trainer. This is where I am at—so I thought. I am an instructor, but I am still learning. I am learning what I don’t know.

Teaching forces you back to the bottom of the Learning Pyramid

The next step in the learning process is to return to the first level. I am re-reading the Standard and procedures until I understand the nuances that I was unaware of. Then, I will search for examples in the real world that demonstrate these complex concepts I am learning. After searching for examples, I will test my knowledge by attempting to apply the newly acquired knowledge to a 510(k) or CE Marking project for a medical device client. Finally, I will be prepared to teach again.

This reiterative process reminds me of the game Chutes and Ladders, but one key difference is that we never really reach the level of “Guru.” We continue to improve, but never reach our goal of perfection…For further inspiration, try reading “Toyota Under Fire.”

Posted in: Education, ISO 14971:2019 (Risk Management)

Leave a Comment (5) →

How to Write A Procedure: 6 Secrets to Improve Effectiveness

The author, an experienced trainer, shares six secrets for how to write a procedure and improves its effectiveness.

During a CAPA course I taught earlier today, one of the attendees asked if I have a course on “How to Write Better Procedures.” Unfortunately, the only material I could offer was material from a course I taught on Training the Trainer.” That training course focused on visual communication. There are several books related to Lean Manufacturing that explain indepth how to use visual communication to replace text (i.e., – “a picture says a thousand words”). During my ride home, however, I thought of a few other ideas that might help anyone that is in the process of writing or re-writing a procedure.

1. Develop a standardized format for procedures. If you have a procedure for writing procedures, ensure you allow the flexibility to deviate from the standardized format. The Standard does require that procedures have a “mandatory” format. Referring to the standardized formatting as “suggested formatting” will avoid unnecessary nonconformities.

2. Avoid making unnecessary references to other external standards. If you are writing a procedure on risk management—it makes sense to reference ISO 14971. It does not make sense to reference all the other risk analysis standards, unless you are specifically using them to perform risk analysis. Included in this category would be references to other regulatory requirements, such as 21 CFR 820 or Part 1 of the Canadian MDR. Companies can claim compliance with other requirements in the Quality Manual instead. What should be referenced in a document is any related procedures or forms.

3. Avoid including the revision of a Standard. This is just another opportunity for unnecessary nonconformities. If you don’t specify the revision, then an auditor can only assume that the most current revision of the Standard is implied. If changes to a Standard are minor, no changes to a procedure may be warranted and a revision to the procedure can be avoided—assuming that the revision of the Standard is not specified. Some argue that you should include the revision and update the reference to document that the procedure was reviewed to determine if changes were warranted. This is unnecessary. A review of procedures, where the decision is made for “no change,” can easily be documented in the Management Review under the category of “New and Revised Regulatory Requirements.”

4. Indicate the process owner and training requirements associated with each procedure. By doing this, it is easier to define who is responsible for reviewing and revising procedures—as well as who is assigned CAPAs if there are findings related to the process in question.

For the training requirements, the process owner should specify who needs to be trained on the process. Why? They know the procedure best. If there is a “grey area,” this should be resolved with the department manager for the job function in question. In addition, retraining requirements should be specified. By this, I mean that it is a good idea to indicate if retraining is required when a procedure has been revised. If the revision is minor, training should only be required for people that have not been trained to a previous revision.

5. Adopt the Plan-Do-Check-Act (PDCA) model for the structure of procedures. For the “Plan” portion, the procedure should explain how to prepare to do something. This planning activity can apply to anything from planning to perform an audit to planning to inspect incoming raw materials. The “Do” portion is what most people refer to as the “Procedure” section. The “Check” portion of the procedure is a great place to specify the monitoring and measurement requirements for the process (see Section 8.1 of the Standard). Finally, the “Act” portion of the procedure should indicate what to do when target metrics are not met. For example, what should be done when an alert limit is reached? What should be done when an action limit is reached?

6. Include revision history. It’s extremely helpful to know which Engineering Change Order (ECO) approved the document revision, why the changes were made, the nature of changes, whether there is a related corrective action and when the change was made.

 

Posted in: ISO Certification

Leave a Comment (1) →
Page 28 of 29 «...10202526272829