Medical Device Academy

Blog

HomeBlog

Qualifying a Supplier That Doesn’t Have a Quality Management System

Posted by on March 9, 2012

This blog proposes a simple solution for how to qualify a supplier that doesn’t have a quality management system.

You are ignoring the obvious question of why doesn’t a medical device supplier have a quality management system. If you are a contract manufacturer, you should ensure that you have a clause in your supplier qualification procedure that says you don’t need to qualify suppliers that are mandated by your customers. If your response to this suggestion is “Duh,” you haven’t conducted many supplier audits of contract manufacturers. As my buddy, Tim says, “You need to leave somewiggle room’ in your procedures.” This is also good advice for all 19 of your top-level procedures that get audited each year.

For the remaining suppliers you are considering to add to your Approved Supplier List (ASL), you need a SIMPLE set of criteria for how you qualified the supplier. Guess what that magical document should be? (Answer to be provided shortly)

Many companies use a supplier self-evaluation survey. I’m almost certain that I have bashed these nearly useless documents before, but if I failed to do this, …most of them are problematic. A one-page supplier information form seems more appropriate. No signature required! And please make it a Word document.

The supplier qualification procedure needs to be generic for all raw materials and services you purchase. The problem is that everything you purchase has different requirements. So instead of wasting your time with writing one procedure that has wiggle room for every single product or service, you will ever purchase, don’t even try. Instead, write a SIMPLE procedure. This procedure needs only to be one page long. It needs four requirements:

1)      New suppliers must complete a supplier information form and submit it to the company. This should be updated at least once every 12 months and whenever there is a change to the information provided (i.e., – notification of change).

2)      You need at least two people to approve the addition to the Quality Management System. This can be done on your ECO or DCO form for changing the ASL. If the supplier is customer-mandated, you need the customer’s approval and the purchasing managers. If the supplier is internally selected, you need at least purchasing and QA to approve it.

3)      You should have an objective criterion (probably more than one requirement) that is product/service-related for acceptance of the supplier. This criterion SHALL be under document control, and the revision shall be communicated to the supplier when orders are placed. See ISO 13485:2003, section 7.4.2 (Purchasing Information).

4)      Finally, you need a reference to your purchasing procedure (one of the required 19 documents) and your supplier re-evaluation procedure.

If you have not already guessed, the “magical” document is called a purchasing specification or raw material specification for raw material items. For capital equipment, you may require that a capital expenditure justification be completed instead of the purchasing specification. For a calibrated instrument, tool, or fixture, you may request that requirements of the instrument/tool/fixture are documented in the applicable procedure or work instruction. For example, for measurement of this cannula, a calibrated optical comparator is required with 20x magnification. Reference the inspection procedure or drawing, and you are done.

For those of you that would like to keep your ASL shorter, which I recommend, if you don’t think you will be using the supplier more than once, you might want to give the buyer the option of documenting the purchasing specification on the purchasing requisition instead. This might be very helpful for those engineers that are doing R&D or validation work. For example, I need a bag of resin that meets the following raw material specifications—but we don’t currently use this material, and I’m not ready to submit one for approval. That’s why the engineer is ordering the bag of resin. She needs to test the material in the application and gather some preliminary data as justification for the new raw material specification.

There are 100’s of other ways to qualify your suppliers, and many of them work well if you follow your procedure. If your procedure is SIMPLE, your Monday’s will be better.

 

Pin It

Tags: ,

Posted in: Supplier Quality Management

Leave a Comment (0) →

Supplier Management: Who Should Be Conducting Supplier Audits in Your Company?

Posted by on March 2, 2012

This blog reviews which a vital supplier management issue, which personnel should be conducting specific types of audits for the company.

Today, I would like to start by asking a question: Who does supplier audits at your company?

I believe that there are three primary purposes for conducting supplier audits:

1) “For cause” audit, where the auditor is investigating the root cause of a nonconformity

2) Qualification audit, where the auditor is assessing if the supplier should be added to the Approved Supplier List (ASL)

3) Re-evaluation audit, where the auditor is verifying that the supplier is maintaining proper production controls

The problem with these three audits is that most companies send the same people—regardless of the purpose. Usually, companies send a purchasing manager or a supplier qualify engineer to conduct supplier audits. Occasionally, the two will do a team audit. Resources for auditing suppliers are tight in most companies. Therefore, I do not recommend this “one size fits all” approach. Instead, I believe that each purpose should be matched up with a specific type of auditor.

“For cause” audits need a supplier quality engineer who has strong investigational skills and will be able to identify the root cause(s) of a nonconformity. The auditor should also be capable of training the supplier on how to respond effectively to a Supplier Corrective Action Request.

Qualification audits are ideal opportunities for a team approach. There are quality issues to consider, but there are also financial scheduling and capacity issues. A cross-functional team approach works best in this case. A team also reduces the potential for biased individuals making inappropriate recommendations.

Re-evaluation audits should not be conducted by purchasing or supplier quality engineers. The reason is that neither position is typically responsible for performing an incoming inspection. If you don’t perform inspections regularly, you may not be aware of all the problems to search for. Therefore, I recommend using QC inspectors for this activity. QC inspectors know precisely which quality issues have been found recently because the QC inspectors identify the defects during incoming inspection, in-process inspections, and during final inspections.

I don’t think that my approach to “For Cause” or Qualification audits is unusual. However, using QC inspectors to perform supplier audits is uncommon. There are two other reasons why I believe companies should consider this approach. First, inspectors would get a rare opportunity to go on a business trip and be reimbursed for the travel. For those employees that rarely travel, this can be an opportunity for recognition by management and a perk (i.e., – free meal, lodging, and travel). Second, supplier quality engineers could easily fill in for a QC inspector to become more familiar with parts and components, as well.

Pin It

Tags:

Posted in: Supplier Quality Management

Leave a Comment (3) →

Auditor Job Responsibilities: The Toughest Thing to Do

Posted by on February 29, 2012

The author reveals his thoughts related to auditor job responsibilities and what the toughest thing to do is.

Today was my last day as an external resource for BSI,  and tomorrow will be my last day as an independent consultant. On March 1st, I begin a new job as Sr. Regulatory Affairs Manager for Delcath Systems, Inc. in Queensbury, NY. I am grateful to everyone that I had the pleasure of meeting during the past two-and-half years as a 3rd party auditor, instructor, and consultant. I have learned so much from you all. Your parting wishes were very kind and supportive. I sent out emails to as many of you as I could to notify you of this change. Instead of brief acknowledgment and “Good Luck!” I received genuine words of thanks and compliments that made me feel very lucky that we have had such an unusual relationship for an auditor and auditee—very much like cats and dogs that learn to live together in the same house.

One of you described the typical relationship with an auditor quite well, “Having an auditor come to your place is always a somehow stressful time. You are always afraid of failing somewhere.” This same person sent me an email last night saying, “I feel like you are one of my friends.” Another auditee walked by another team member and me a few weeks ago while we were waiting for a ride. Instead of avoiding eye contact and walking right on by, he stopped and thanked us for really helping to bring attention to areas that need improvement. This same gentleman had endured a tough interview by me, where I pointed out mistakes in drawings, procedures, and his own QC inspection of incoming raw materials. This person has the right attitude.

Auditor Job Responsibilities

As an auditor, we must come to a conclusion as to whether the evidence we collect demonstrates conformity or nonconformity. When we identify nonconformities, we must explain our findings. The toughest part of the job is how to “break the news.” If you do it well, the auditee will agree with you and thank you for helping to improve the quality system. If you do it poorly, the auditee will resent you and may even toss you out on your ear.

In my first-ever ISO certification audit, I was the auditee, and the auditor that interrogated our team was horrible. Not only did the auditor “break the news” poorly, but the conclusions were also wrong in several instances. To make matters worse, the CEO and the regulatory consultant I had hired were so upset with our auditor that I had to play referee just to keep them from killing the auditor. We received a recommendation for ISO 13485 certification at the end of that audit, but I learned a valuable lesson: “Always look at an audit as an opportunity to improve.” The worst that can happen is that the auditor will require you to implement corrective action. The best that can happen is that you will need to perform internal audits to identify opportunities for corrective actions on your own. Who cares who finds the opportunities to improve?

Auditors and auditees maybe cats and dogs, but we should learn to help each other get better without getting upset or feeling anxious.

My third-party auditing days may be done, but I will continue to share my thoughts through this blog, and I hope you will share your feedback too.

Pin It

Tags: ,

Posted in: ISO Auditing

Leave a Comment (2) →

When to Initiate a Corrective And Preventative Action (CAPA)

Posted by on June 15, 2011

This blog reviews the differences between corrective action and preventive action, and when to initiate corrective and preventive action.

I’ve completed almost 100 audits in the past two years, and I review the Corrective Action and Preventive Action (CAPA) process during every single audit. Surprisingly, this seems to be a process with more variation from company to the company than almost any other process I review. This also seems to be a major source of nonconformities. In the ISO 13485 Standard, clause 8.5.2 (Corrective Action) and clause 8.5.3 (Preventive Action) have almost identical requirements. Third-party auditors, however, emphasize that these are two separate clauses. We are purists. Although we acknowledge that companies may implement preventive actions as an extension of corrective action, we also expect to see examples of actions that are strictly preventive in nature.

Many companies seem to be confused, but it doesn’t need to be.  Just ask yourself one question. What is the source of this action?

If the answer is a complaint, audit nonconformity, or rejected components—then your actions are corrective.

If the answer is a negative trend that is still within specifications or an “Opportunity For Improvement” (OFI) identified by an auditor—then your actions are preventive.

Root Cause Investigation

If you are investigating the root cause of a complaint, people will sample additional records to estimate the frequency of the quality issue. I describe this as investigating the depth of a problem. The FDA emphasizes the need to review other product lines, or processes, to determine if a similar problem exists. I describe this as investigating the breadth of a problem. Most companies describe actions taken on other product lines and/or processes as “preventive actions.” This is not always accurate. If a problem is found elsewhere, actions taken are corrective. If potential problems are found elsewhere, actions taken are preventive. You could have both types of actions, but most people incorrectly identify corrective actions as preventive actions.

Another common mistake is to characterize corrections as corrective actions.

The most striking difference between companies seems to be the number of CAPAs they initiate. There are many reasons, but the primary reason is the failure to use a risk-based approach to CAPAs. Not every quality issue should result in the initiation of a formal CAPA. The first step is to investigate the root cause of a quality issue. The FDA requires that the root cause investigation is documented, but if you already have an open CAPA for the same root cause…

DO NOT OPEN A NEW CAPA!!!

If you do not have a CAPA open for the root cause that you identify, then what should you do?

I know this will shock everyone, but…it depends.

The image below gives you my basic philosophy.

death by capa When to Initiate a Corrective And Preventative Action (CAPA)

 

 

 

 

 

 

 

 

Most investigations document the estimated probability of occurrence of a quality issue. This is only half of the necessary risk analysis I describe below. Another aspect of an investigation is to document the severity of potential harm resulting from the quality issue. If customer satisfaction, safety, or efficacy are affected by a quality issue—the severity is big. Risk is the product of severity and probability of occurrence.

Estimated Risk-Initiating a Corrective And Preventive Action (CAPA)

If the estimated risk is low and the probability of occurrence is known, then alert limits and action limits can be statistically derived. These quality issues are candidates for continued trend analysis—although the alert limit or action limit may be modified in response to an investigation. If the trend analysis results in identifying events that require action, then that is the time when a formal CAPA should be opened. If the trend remains below your alert limit, then no formal CAPA is needed.

If the estimated risk is moderate or the probability of occurrence is unknown, then a formal CAPA should be considered. Ideally, you will be able to establish a baseline for the occurrence and demonstrate that frequency decreases upon the implementation of corrective actions. If you can demonstrate a significant drop in frequency, this verifies the effectiveness of actions taken. If you need statistics to show a difference, then your actions are not effective.

If the estimated risk is high, or there are multiple causes that require multiple corrective actions, a quality improvement plan may be more appropriate. There are two clauses in the Standard that apply. Clause 5.4.2 addresses the planning of changes to the Quality Management System. For example, if you correct problems with your incoming inspection process—this addresses 5.4.2. Clause 7.1 addresses the planning of product realization. For example, if you correct problems with a component specification where the incoming inspection process is not effective, this addresses 7.1. Depending upon the number of contributing causes and the complexity of implementing solutions, the plan could be longer or shorter. If it will take more than 90 days to implement corrective action, you might consider the following approach.

Step 1 – open a CAPA

Step 2 – identify the initiation of a quality plan as one of your corrective actions

Step 3 – close the CAPA when your quality plan is initiated (i.e., – documented and approved)

Step 4 –verify effectiveness by reviewing the progress of the quality plan in management reviews and other meeting forums…you can cross-reference the CAPA with the appropriate management review meeting minutes in your effectiveness section

If the corrective action required is the installation of new equipment and validating that equipment, the CAPA can be closed as soon as a validation plan is created. The effectiveness of the CAPA is verified when the validation protocol is successfully implemented and a positive conclusion is reached. The same approach also works for implementing software solutions to better manage processes. The basic strategy is to get the long-term improvement projects started with the CAPA system, but monitor the status of these projects outside the CAPA system.

Best practices would be the implementation of six-sigma projects with formal charters for each long-term improvement project.

NOTE: I believe in closing CAPAs when actions are implemented, and tracking the effectiveness checks for CAPAs as a separate quality system metric. If closure takes more than 90 days, the CAPA should probably be converted to a Quality Plan. This is NOT intended to be a “workaround” to give companies a way to extend CAPAs that are not making progress in a timely manner.

Pin It

Tags: ,

Posted in: CAPA

Leave a Comment (6) →

But What About FDA Regulations?

Posted by on June 1, 2011

The author writes that when you are auditing, you should always read the FDA regulations again to ensure accuracy.  

I hear this question, or a question with similar wording, quite frequently when I am auditing. Typically, the question is in response to a better way to do something that seems simple and efficient. Most people seem to approach regulatory requirements with the approach of…let’s bury the regulator in paperwork. While it’s true that auditors expect a certain amount of paperwork with each regulatory requirement, they frequently accept a broader range of documentation than people realize (i.e., one page can be enough).

For example, a design control procedure could be a one-page flowchart that references forms and work instructions, or twelve separate documents, with a minimum length of ten pages and a maximum of forty pages per document. As long as the procedure has sufficient detail for personnel performing these tasks, and all the required elements are included, ISO clauses 7.3.1-7.3.7. An auditor should identify the process as conforming.

However, some people are FDA inspectors looking for NONCONFORMITY!

In the case of inspectors, it is critical to present your information in such a way that it is easy for the inspector to see how you meet the requirements of the regulations. One of the best ways to do that is to reference the requirements directly in your procedures.

For those that prefer finesse try to organize information following the regulations. For example, if I am writing a procedure for an ISO registration audit, I write the procedure to specifically address the ISO sub-clauses. I might even use a document control number like SOP-73 for my “Design and Development” procedure.

In my previous blog posting, http://bit.ly/AuditHours, I suggested a slight change to the scheduling of internal audits. To ensure this meets FDA requirements, the key is to READ THE REGULATIONS AGAIN. Concerning internal auditing, the applicable FDA regulation is 21 CFR 820.22:

“Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action (s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and reaudits shall be documented.”

The above requirement is quite vague concerning how many auditors and how many days must be spent auditing. These are the variables I suggested changing in my previous blog http://bit.ly/AuditHours. The FDA regulation 21 CFR 820.22 is specific, however, with regard to documenting the “reaudit” of any deficiencies found during an audit. This prescriptive requirement can be met by reviewing previous audit findings of all audits with the audit program manager during the audit preparation process. The audit program manager can facilitate the assignment of which auditor will reaudit each discovery. This may require a few more minutes of audit preparation, but this should not measurably impact the overall time allocated to an audit.

I do this out of habit when I am performing internal audits on behalf of clients, but if I am auditing the internal audit process of a client—now I’ll remember to point out this additional requirement that is specific to the FDA and not included in the ISO Standard. This is why we should always READ THE REGULATIONS AGAIN.

 

Pin It

Tags: ,

Posted in: FDA

Leave a Comment (0) →

Improving Your ISO Internal Auditing Schedule

Posted by on May 27, 2011

 

The author provides tips on how to improve the efficiency and effectiveness of your internal auditing schedule.%name Improving Your ISO Internal Auditing Schedule

Each week I audit a different company, or I teach a group of students how to audit. In the courses I teach, I use a slide that gives an example of an internal auditing schedule (see the example above). On the surface, this example seems like a good audit schedule. There are 12 auditors performing two audits each year. If each auditor spends a day auditing, and another day writing the report, the combined resources equal 48 days (~$20,000) allocated to auditing, and each person spends less than two percent of their work year auditing.

Unfortunately, I have learned that the quality of auditing is directly related to how much time you spend auditing. Therefore, I recommend using fewer auditors. There is no perfect number, but “less is more.” My example also has another fundamental weakness. The internal auditing schedule does not take full advantage of the process approach to auditing. Instead of performing an independent audit of document control and training, these two clauses/procedures should be incorporated into every audit. The same is true of maintenance and calibration. Wherever maintenance and calibration are relevant, these clauses should be investigated as part of auditing that area.

For example, when the incoming inspection process is audited, it only makes sense to look for evidence of calibration for any devices used to perform measurements in that area. For a second example…when the production area is being audited, it only makes sense to audit maintenance of production equipment too.

If the concept of process auditing is fully implemented, the following ISO 13485 clauses can easily be audited in the regular course of reviewing other processes: 4.2.1), Quality System Documentation, 4.2.3), Document Control, 4.2.4), Record Control, 5.3), Quality Policy, 5.4.1), Quality Objectives, 6.2.2), Training, 6.3), Maintenance, 6.4), Work Environment, 7.1), Planning of Product Realization & Risk Management, 7.6), Calibration, 8.2.3), Monitoring & Measurement of Processes, 8.5.2), Corrective Action, and 8.5.3) Preventive Action. This strategy reduces the number of audits needed by more than half.

Internal Auditing: Upstream/Downstream Examples

Another way to embrace the process approach to auditing is to assign auditors to processes that are upstream or downstream in the product realization process from their own area. For example, Manufacturing can audit Customer Service to understand better how customer requirements are confirmed during the order confirmation process. This is an example of auditing upstream because Manufacturing receives the orders from Customer Service—often indirectly through an MRP system. Using this approach allows someone from Manufacturing to identify opportunities for miscommunication between the two departments. If Regulatory Affairs audits the engineering process, this is an example of auditing downstream. Regulatory Affairs is often defining the requirements for the Technical Files and Design History Files that Engineering creates. If someone from Regulatory Affairs audits these processes, the auditor will realize what aspects of technical documentation are poorly understood by Engineering, and quickly identify retraining opportunities.

One final aspect of the example internal auditing schedule that I think can be improved is the practice of auditing the same process twice per year. This practice doesn’t seem to work very well for a few reasons. First, it requires that an auditor prepare for an audit twice per year and write two reports, instead of one. This doubles the number of time auditors spends in preparation and follow-up activities associated with an audit. Second, increasing the number of audits naturally shortens the duration of each audit. It is more difficult for auditors to cover all the applicable clauses in a shorter audit because it takes time to locate records and pursue follow-up trails. Longer audits, covering more clauses, make it easier for the auditor to switch to a different clause while they are waiting for information. Third, if an area is audited every six months, it is often difficult to implement corrective actions and produce evidence of effectiveness before the area is due for auditing again.

I can’t provide a generic internal auditing schedule that will work for every company or even show how all the clauses will be addressed in one table. I can, however, provide an example of an improved schedule that illustrates the above concepts. This example (see below) uses four auditors instead of 12, and the number of days planned for each audit is two days instead of one. The preparation and reporting time is still one day per audit. Therefore the combined resources equal 24 days (~$10,000) allocated to auditing, and each person spends two and one-half percent of their work year auditing. My intention is not to create the perfect plan, but to give audit program managers some new ideas for more efficient utilization of resources. I hope this helps, and please share your own ideas as comments to this posting.

%name Improving Your ISO Internal Auditing Schedule

Pin It

Tags: , ,

Posted in: ISO Auditing

Leave a Comment (7) →

Learning Pyramid – 4 Levels of Learning

Posted by on April 2, 2011

The author discusses the four levels of learning in the Learning Pyramid, and the lessons learned when he taught an ISO 14971 Risk Management course.%name Learning Pyramid 4 Levels of Learning

I am in Canada, it’s almost midnight, and my client has me thinking so hard that I can’t sleep. I am here to teach the company’s Canadian facility about ISO 14971:2007—the ISO Standard for Risk Management of medical devices.

Most of the companies that request this training are doing so for one of two reasons: 1) several of their design engineers know almost nothing about risk management, or 2) they have several design engineers that are quite knowledgeable concerning risk management, but these engineers have not maintained their credentials, and their last risk management training was related to the 2000 version of the Standard. This company falls into the second category.

I always tell students that I learn something by teaching each course. From this company, however, I have learned so much. This company has forced me to re-read the Standard several times and reflect on the nuances of almost every single phrase. I have learned more about this Standard in one month than I learned in the 3.5 years since I first took the course I am now teaching. 

The four levels of the Learning Pyramid

I have developed a model for learning that explains this phenomenon. I call this model the “Learning Pyramid.” At the base of the pyramid, there are “Newbies.”

This is the first of four levels. At the base, students read policies and procedures with the hope of understanding.

In the second level of the pyramid, the student is now asked to watch someone else demonstrate proper procedures. One of my former colleagues has a saying that explains the purpose of this process well, “A picture tells a thousand words, but a demonstration is like a thousand pictures.” This is what our children call “sharing time,” but everyone over 40 remembers this as “show and tell.”

In the third level of the pyramid, the student is now asked to perform the tasks they are learning. This is described as “doing,” but in my auditing courses, I refer to this process as “shadowing.” Trainees will first read the procedures for Internal Auditing (level 1). Next, trainees will shadow the trainer during an audit as a demonstration of the proper technique (level 2). During subsequent audits, the trainees will audit, and the trainer will shadow the trainee (level 3). During this “doing” phase, the trainer must watch, listen, and wait for what I call the “Teachable Moment.” This is a moment when the trainee makes a mistake, and you can use this mistake as an opportunity to demonstrate a difficult subject.

Finally, in the fourth level of the Learning Pyramid, we now allow the trainee to become a trainer. This is where I am at—so I thought. I am an instructor, but I am still learning. I am learning what I don’t know.

Teaching forces you back to the bottom of the Learning Pyramid

The next step in the learning process is to return to the first level. I am re-reading the Standard and procedures until I understand the nuances that I was unaware of. Then, I will search for examples in the real world that demonstrate these complex concepts I am learning. After searching for examples, I will test my knowledge by attempting to apply the newly acquired knowledge to a 510(k) or CE Marking project for a medical device client. Finally, I will be prepared to teach again.

This reiterative process reminds me of the game Chutes and Ladders, but one key difference is that we never really reach the level of “Guru.” We continue to improve, but never reach our goal of perfection…For further inspiration, try reading “Toyota Under Fire.”

Pin It

Tags: ,

Posted in: Education, ISO 14971:2019 (Risk Management)

Leave a Comment (5) →

Effective Management Skills for Managers

Posted by on January 21, 2011

This blog reviews some practical management skills that managers should possess.

Are you frustrated?

Sometimes we hear phrases like: “Well, that’s just an ISO requirement.” This apparent lack of support by top management is what frustrates every Management Representative in the world.

There was a question posted on the Elsmar Cove website on January 10, 2011. In just ten days, there have been 153 postings in response to the original question. As I read through the various postings, I saw several comments about a lack of support from top management.

A little over a decade ago, I was still learning how to supervise people. In an effort to educate myself further, I read a book (sorry I can’t be sure which book anymore). In this book, the boss gave an employee a card with a picture of a baseball bat on it. The instructions provided with this magical card were to use it only when the boss failed to pay attention, and the employee had something important to tell him.

As managers, we assume the impressive title, along with the awesome responsibility. Managers are responsible for leading others. Subordinates are not the “others” I am referring too. The “others” are peers. If you cannot persuade your peers to support you, then you will fail as a manager. The Quality Department cannot fix all the problems. My philosophy is that Quality is responsible for recommending improvements, training people, and helping to implement. We assign corrective actions, but we should be assigning them to the process owner (i.e., – Manager) that is responsible for the area where the problems were created.

Effective Management Skills

If you need help persuading the unenlightened, try picking a project that is critical to the success of the stubborn one. If you can show someone that is currently a detractor how they can apply the Quality principles to help solve their problems, then you will have a convert. Converts become strong supporters. If the stubborn one happens to be at the top, figure out what the CEO’s initiatives are. Initiatives are easy to identify; they talk about it at least twenty times a week. Try showing the CEO how their actions can become Quality Objectives. Show them with graphs. Show up with solutions to their problem. Use the CAPA process as a framework. Show them how the management TEAM can fix it.

If nothing seems to be working, you can always try reviewing some FDA MedWatch reports too–just to scare your boss.

Pin It

Tags: ,

Posted in: ISO Certification

Leave a Comment (0) →

7 Steps to Effective Auditor Training

Posted by on January 7, 2011

A five-day lead auditor course is never enough. Effective auditor training must include practical feedback from an experienced auditor.

Recently, a client asked me to create a training course on how to train operators. I could have taught the operators myself, but there were so many people that needed training, that we felt it would be more cost-effective to train the trainers. Usually, I have multiple presentations archived that I can draw upon, but this time I had nothing. I had never trained engineers on how to be trainers before—at least not formally. I thought about what kinds of problems other quality managers have had in training internal auditors, and how I have helped the auditors improve. The one theme I recognized was that effective auditor training needs to include practical feedback from an experienced auditor.

How do you audit the auditing process?

Most quality managers are experienced and have little trouble planning an audit schedule. The next step is to conduct the audit. The problem is that there is very little objective oversight of the auditing process. The ISO 13485 standard for medical devices requires that “Auditors shall not audit their own work.” Therefore, most companies will opt for one of two solutions for auditing the internal audit process: 1) hire a consultant, or 2) ask the Director of Regulatory Affairs to audit the internal auditing process.

Both of the above strategies for auditing the internal audit process meet the requirements of ISO 13485, but neither approach helps to improve an internal auditor’s performance. I have interviewed hundreds of audit program managers over the years, and the most common feedback audit program managers give is “change the wording of this finding” or “you forgot to close this previous finding.” This type of feedback is related to the report writing phase of the audit process. I rarely hear program managers explain how they help auditors improve at the other parts of the process.

When auditors are first being trained, we typically provide examples of best practices for audit preparation, checklists, interviewing techniques, AND reports. After the auditors have been “shadowed” by the program manager for an arbitrary three times, the auditors are now miraculously “trained.” Let’s see if I can draw an analogy that will make my point…

That kind of sounds like watching your 16-year-old drive the family car three times and then giving them a license. I guess that’s why my new Ford Festiva was severely dented on all four sides within six months. You may think my father was a Saint, but I think he might have totaled his tenth car by age 18. At least I contained the damage to one vehicle.

7 Steps to Effective Auditor Training

The key to training auditors to audit is consistent follow-up over a long period of time (1-2 years depending upon the frequency of audits). I recommend following the same training process that accredited auditors must complete. I have adapted that process and developed seven (7) specific recommendations:

  1. Have a new auditor observe a few audits before they are allowed to participate (make sure they take notes and explain what you are doing and why, as you conduct audits they are observing)
  2. Have new auditors join as team members for 10-20 audits, before they are allowed to act as a lead auditor
  3. Have new lead auditors conduct team audits with another qualified lead auditor for 10-20 audits before you allow them to conduct an audit alone
  4. Shadow new auditors for 100% of their first audit and gradually observe less with each subsequent audit; try to plan the shadowing into your audit agenda
  5. Review the notes of new auditors periodically throughout the audit to provide suggestions for improvement and identify missing information
  6. Have new lead auditors submit a draft audit agenda to you before sending it to the supplier or department manager
  7. Have new lead auditors rehearse their first few opening and closing meetings with you in private before conducting the opening and closing meeting (make sure they have an opening/closing meeting checklist to help them)

About the Author

Rob Packard 150x150 7 Steps to Effective Auditor TrainingRobert Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.258.1881 or email. You can also follow him on Google+LinkedIn or Twitter.

Pin It

Tags: , ,

Posted in: ISO Auditing

Leave a Comment (0) →

Elsmar Cove – Wikipedia for QA Professionals

Posted by on January 2, 2011

The author discusses The Elsmar Cove Forum as a great information resource on best practices and trends for Quality Assurance professionals.

Most of the people reading my blog are probably aware of a website called Elsmar Cove, but I think most people visit this site only when they need a quick answer to a question. It’s sort of like Wikipedia for Quality Assurance. Marc Smith is the creator of Elsmar Cove, http://elsmar.com/, and the forum just had its 15th anniversary. This is a no-frills website that has fantastic content and very little advertising. People from all over the world (~18,000 active participants) are contributing daily to this forum, and many of the contributors are Quality and Regulatory experts. I like to use the site to keep up on best practices and trends in Quality. It also allows me to learn from other types of Quality Systems, such as AS9100, TS16949, and ISO14001.

Someone I used to work with had a saying he learned from his first boss: “A picture tells a thousand words, but a demonstration is better than a thousand pictures.” Therefore, I thought I would try to demonstrate the power of Elsmar Cove by researching best practices in supplier evaluation.

Step 1: The first thing you do is to visit the site.

Step 2: Type “supplier evaluation” into the Google™ custom search. This will produce hundreds of links within the Elsmar Cove Forum related to supplier evaluation.

Step 3: Skim the search results to find the entry or entries you are looking for. These search results include a supplier evaluation survey that you can download and adapt to your own company. If you need a quick solution, this is fast and free.

Another approach is to limit your search to Forum discussion threads. You can do this by going to the Forum Discussion page: http://elsmar.com/Forums/index.php.

If you click on the toolbar link for “search,” a pop-up window will appear. If you type “supplier evaluation” in this search bar, you will see 531 results presented in reverse chronological order. Below are a couple of threads that I thought were particularly good:

Benchmarking Supplier Certification Programs

http://elsmar.com/Forums/showthread.php?t=42595&highlight=supplier+evaluation

Service Supplier Rating where objective pass/fail data is not available

http://elsmar.com/Forums/showthread.php?t=44412&highlight=supplier+evaluation

Choosing Supplier Evaluation Methods – Determining what a Critical Supplier is

http://elsmar.com/Forums/showthread.php?t=10951&highlight=supplier+evaluation

Supplier Approval for Distributors of Equipment

http://elsmar.com/Forums/showthread.php?t=43508&highlight=supplier+evaluation

Second-party audits – Supplier audits or product audits?

http://elsmar.com/Forums/showthread.php?t=30966&highlight=supplier+evaluation

How you do Receiving Inspection for Chemicals?

http://elsmar.com/Forums/showthread.php?t=44951&highlight=supplier+evaluation

Supplier Evaluation Responsibility

http://elsmar.com/Forums/showthread.php?t=43756&highlight=supplier+evaluation

I hope you find Elsmar Cove to be a useful information resource.

Pin It

Tags: ,

Posted in: ISO Certification

Leave a Comment (2) →
Page 29 of 29 «...10202526272829