Filter posts by category

ISO 13485

This sub-category is dedicated to articles about the new version of ISO 13485:201x that is expected to be published at the end of this year or Q1 2016.

Time management to prevent work overload: Top 10 ideas

1 Comment / ISO 13485 / By

This article lists my top 10 ideas for time management to help prevent work overload–including suggestions for apps and other resources.

Handling Work Overload 1 Time management to prevent work overload: Top 10 ideas

I am a workaholic and I don’t recommend it–unless overweight, out of shape, friendless and divorce sounds like a great life plan. I work with regulatory affairs and quality assurance managers at every client, and 100% of them have insufficient resources. Expectations internally and externally never decrease. The saying used to be, “Do more with less.” Now it feels like we have one egg, one basket and we are expected to save the world.

Stop feeling sorry for yourself. Every department manager feels this pressure. If you don’t believe me, look around you. Everyone is popping 400mg of ibuprofen and stressed to their limit.

So what can you do to make things better?

That question is critical. It shows that internally you acknowledge that you can do something to make things better. I obviously don’t have all the answers, but I have found some tools in the past year that really made a magnificent difference in helping me with time management. 100% of these ideas were suggested by others that appear to be more at peace and happier than I was last year.

#1 Get some sleep

Two years ago I woke up after 3-4 hours of sleep every night. Last year I was almost up to 6 hours of sleep on a good night. Now I am consistently getting 6-8 hours of sleep, and once I slept for 9 hours. There are lots of suggestions for how to get more sleep, and I’ve tried them all. What works for me is: 1) no alcohol or coffee within 4 hours of bedtime, 2) melatonin just before bed, 3) exercise every day, 4) eating well, and 5) a habit of reading each night to calm myself and relax. I also use a white noise app on my phone.

#2 Budget your time management

You will never get everything done. It’s a fact. Just like money, you can always spend more. Instead, decide how much of your life you want to spend doing things. Don’t micromanage your time. Think of the big picture. There are 168 hours in a week, and >42 hours should be spent sleeping. 40-50 hours a week will be spent working. 5-10 hours per week will be spent getting to work. More than two-thirds of your life is spent sleeping and work-related–if you’re not a workaholic. Be very selfish of how you budget the remaining third of your life. I like to re-read habit #3 from Steven Covey’s book “7-Habits of Highly Effective People.” It will help you remember what’s important. Your priorities should be physical health, mental health and your family. If you devote an hour a day to each of those, you might have time left for eating, grooming and reading a book. Yes, you need vacations too!

#3 Minimize multitasking

Some people believe time management is managing multiple tasks at once, but it is actually less efficient to multitask. Picking something up, putting it down, picking it up again…didn’t you learn from your lean manufacturing training that motion, waiting and queue are all muda (i.e., waste). You need to start a task, finish that task and then start the next task. If you want more advice on this topic, try reading “Getting things done” by David Allen. This one was recommended to me by an uber-productive orthopaedic surgeon.

#4 Don’t forget to “sharpen the saw”

This is the seventh habit from Covey’s book. You should never stop improving. For example, entrepreneurs need to learn marketing. I don’t have time for an executive MBA to learn marketing. Instead, I teach myself every day while I’m working out. I have a bicycle on a trainer set-up in front of my TV. The TV is only connected to the internet. If I need a break, I watch Netflix while cycling. However, usually I’m listening to podcasts, watching YouTube videos about marketing and software tools or I’m reading books on my Kindle. I also purchase a lot of audiobooks that I listen to in the car while driving my children to rock climbing, soccer, plays and during my two-hour ride to and from the nearest airport. This is the only kind of multitasking I’m good at.

#5 Just say no.

You need to put first things first (i.e., habit #3). On a scale of 0-10, how important is it. Is it important to you, your boss, your spouse, your children or your best friend. If not, why are you wasting your precious time on it. Say no. If it’s a 9 or 10 to your spouse, say yes–even if it’s a 2 on your scale. If you have a time conflict with two items that are high on the scale, then you need to find a win-win (i.e., habit #4). This is why communication skills and empathic listening (i.e., habit #5) are the most important skills you will ever learn.

#6 Don’t read your emails “real-time”

You should have a plan for what you are going to do each day. Reading your emails throughout the day will result in reactive behavior that will always result in time management failure. Be proactive (i.e., habit #1). Read your emails just before lunch in a batch and just before you go home in a batch. You should also read “Getting things done” by David Allen. He has fantastic advice for how to process emails. This is an area I’m still working on, but I get 400+ emails a day and that doesn’t include spam, social media or promotions. You should also tell people you work with, “Call me or text me if it’s important.” Good advice for any client of mine. For example, you should probably text me if the FDA is coming on Monday and you need my help.

#7 Use productivity apps for time management

Microsoft seems to have a strangle hold on corporate America, but Outlook is a horrible tool for managing your tasks and time. You need something for personal time and personal tasks, because you have less time available for the things that are more important in your life (i.e., health, family and friends). If I empty the milk carton, I grab my phone and add milk to my “Out of Milk” app. I also use this app for planning what I need for trips, meetings and Christmas present ideas for the kids. Evernote is an uber-app. It organizes everything. Website links, blog ideas, business cards, photos, an address, directions, photos of the person I’m meeting and I use it for lists too (if I already have it open instead of Out of Milk). If you want to know how the most productive people in the world use apps like Evernote, John Lee Dumas includes apps like Evernote in every entrepreneur interview he does–1,303 podcasts and counting.

#8 Block off time to get work done

Some people believe that time management only involves scheduling meetings. You schedule weekly meetings with your boss. You schedule lunch meetings. You should also block off some time for getting work done–without interruptions. You might try blocking off every day from 11:30-Noon for emails, Noon-1pm for a lunch and a walk and 4:30-5pm for emails. If you need to review complaints each day for the need to report as an adverse event, block off some time for that each day. My advice would be to devote time to reviewing CAPAs, complaints and MDRs every day. These are the most critical areas for FDA inspections and you can’t afford to let these tasks fall behind. If you have these tasks assigned to you, then you work on the most urgent task and get it done. Then you schedule the next step for that CAPA, complaint or MDR and go onto the next task you scheduled. If you manage these processes, then you should block off time for reviewing metrics and investigate the exceptions. If it seems like you never have enough time in your schedule for all the tasks, maybe you need to delegate some of those tasks to other departments or people in your department.

#9 Schedule shorter meetings

Not all meetings deserve 1 hour. Some things can be done in 15 minutes, 30 minutes or 45 minutes. Learn about good meeting etiquette, make an agenda and manage the meeting so it’s done on-time or early. Make sure you show up on-time and get it done on-time or early. If people leading meetings are poor at time management, do not let them lead the meeting.

#10 Schedule breaks too

Outlook will allow you to schedule back-to-back meetings from 7am to 7pm (or longer). That doesn’t mean that you should, and that is definitely not good time management. Time management needs to create windows of time where you can rest too. I drive a lot. In order to survive 50,000 miles of driving a year with a congenital spine defect (i.e., L5 fused to pelvis one one side), I need to take breaks and stretch. When I don’t do this I pay dearly. The same thing happens to me when I try to work 12 hours straight without a break. You will be more focused and productive if you take a break once and while.

Time management to prevent work overload: Top 10 ideas Read More »

How to write a quality system plan template (free download)

11 Comments / ISO 13485 / By

This article explains how to write a quality system plan template to revise and update your quality system for compliance with ISO 13485:2016. If you want to download our free template, there is a form to complete at the end of this article.

Screenshot 2015 11 19 at 5.52.44 PM How to write a quality system plan template (free download)

Templates are the key to writing a quality system plan

Plan, do check, and act (PDCA) is the mantra of the Deming disciples, but does anyone know what should be in your quality system plan template. Everyone focuses on the steps–the “What’s.” Unfortunately, people forget to include the other important pieces of an all-inclusive quality system plan. Why? When? Who? And How much?

The table in the template is an example of “What?” steps to perform, but it is specific to my procedures. You will need to revise the table to reference your procedures, and the changes you make will be specific to your quality system plan. The other sections of the template tell you what needs to be included in that section, but I did not provide examples for those sections.

Why should you create a quality system plan template?

The purpose section of the quality system plan answers the question of “Why?” You need to specify if the purpose of your quality system plan is compliance with new and revised regulatory requirements, preventing recurrence of quality issues, or maybe a faster development cycle. The purpose section of the plan also provides guidance with regard to the monitoring and measurement section of your quality system plan template.

When should you create a plan for quality system changes?

Most changes have deadlines. In the case of ISO 13485:2016, there will be a 3-year transition period. Still, most companies establish internal goals for early implementation by the end of the fiscal year or the end of a financial quarter. Some of the changes can be made in parallel, while other changes need to be sequential. Therefore, there may be specific milestones within your quality system plan that must be completed by specific dates. These dates define “When?” the steps in the quality system plan must be implemented.

Who should write your quality plan?

As my quality system plan template indicates, I recommend defining both individual process owners and teams of process owners where processes can be grouped together. For example, I typically group the following four processes together as part of “Good Documentation Practices (GDPs)”: 1) control of documents (SYS-001), 2) control of records (SYS-002), 3) training (SYS-004), and 4) change control (SYS-006). I cover all four processes in a webinar called “GDP 101.”

It is important to have one person that is accountable and has the authority to implement changes for each process, but only one person should be in control of each process. If you have four related procedures, then the team of four people will need to coordinate their efforts so that changes are implemented swiftly and accurately. For the overall quality system plan template, I recommend assigning a team leader for the team of four process owners described above. One of those people should be responsible for team leadership and writing the quality system plan template.

Monitoring implementation of your quality plan?

Monitoring the progress of your plan ensures the successful implementation of the plan. Sometimes things don’t work as planned, and corrections need to be made. Additional resources might be needed. The plan may have been too optimistic with regard to the implementation time required. I recommend assigning one person the task of retrieving team status reports from each of the teams and consolidating the team reports into an overall progress report.

Free download of ISO 13485:2016 quality system plan template

The sign-up form below will allow you to receive an email with the ISO 13485:2016 quality system plan template attached. This is a two-step process that will require you to confirm the sign-up.

If you have a suggestion for a different type of quality plan, please let us know.

How to write a quality system plan template (free download) Read More »

How to implement a new ISO 13485 quality system plan in 2016

3 Comments / ISO 13485 / By

This article is a case study that explains how to implement a new ISO 13485 quality system plan at an accelerated schedule of just four months. The quality system will also be compliant with 21 CFR 820.

QMS Implementation Plan How to implement a new ISO 13485 quality system plan in 2016

ISO 13485 quality system plan

Typically, I recommend implementing a new ISO 13485 quality system plan over a period of 6 months. The reason for this is that people can only read procedures and complete training at an individual pace. Since there are approximately 30 procedures required for a full-quality system, an implementation pace of one procedure per week allows a company to complete 90% of the reading and training in six months.

In October, a new client asked me for a proposal to implement a new ISO 13485 quality system plan. The proposed quality system plan indicated that the project would start in October and finish in March. The client accepted my proposal, but they asked me to help them implement the quality system plan in four months, as indicated in the table above. We just started the implementation of the quality system plan last week, and I have discovered some secrets that dramatically simplify the process.  This blog shares some of the lessons learned that help implement the quality system plan at this faster pace.

Outsourcing ISO 13485 quality system development

Not everyone has the skill and experience to write a quality system procedure. Still, if you have a good template, you understand quality systems–then you can write quality system procedures. Depending upon the length of the procedure, it may take four to eight hours of writing for each procedure. Therefore, an in-house quality manager needs to allocate one day per week if they plan to write all the procedures for their quality system in six months. For a four-month implementation of an ISO 13485 quality system plan, you need to allocate two days per week to writing.

Alternatively, you can outsource the writing of your quality system. However, someone must be responsible for “customizing” generic procedures to fit your company, or the procedures need to be written from scratch. A third and final option is to have a hybrid of in-house procedures and outsourced procedures. If your quality manager has limited time resources, then you can supplement the managers’ time with procedures that are purchased and customized to fit your template. If there are specific procedures that the quality manager needs help with, such as risk management, then you can also purchase just those procedures.

Continuous Improvement

One of the basic principles of quality management systems is “continuous improvement.” The continuous improvement cycle is also known as the “Deming Cycle.” There are four parts to the cycle:

  1. Plan
  2. Do
  3. Check
  4. Act

When you are developing an ISO 13485 quality system, the first step is to develop the quality system plan. I recommend the following guidelines for a quality system plan. First, plan to implement the quality system at a steady pace. Second, organize the implementation into small groups of related procedures.

In this case study, I have 29 procedures that we are implementing, and there are 11 recorded training webinars. During each of the four months, approximately the same number of procedures are implemented. Then I organized the small groups of procedures around the scheduled webinar training. For example, the month of November will have a total of 24 documents (i.e., eight procedures and 16 associated forms and lists) implemented, and there are four webinar trainings scheduled. Therefore, four procedures related to “Good Documentation Practices 101 will be implemented as a group under document change notice (DCN) 15-001. Two procedures associated with “Are your Suppliers Qualified? Prove it! will be implemented as a group under DCN 15-002. The remaining two procedures, design controls, and risk management, will be implemented as a group under DCN 15-003 with two related webinars on design controls and ISO 14971.

Document Change Notice (DCN)

The next step in the Deming Cycle is to “Do.” For the implementation of an ISO 13485 quality system plan, “doing” involves the creation of procedures, forms, and lists, but “doing” also involves the review and approval of these documents. The form we use to review and approve procedures is called a document change notice or DCN.

It’s been almost 20 years since I completed my first DCN. For anyone unfamiliar with the review and approval of new and revised documents, most quality systems document the review and approval of procedures and forms on a separate form. The reason for this is that when you make one change, it often affects several other documents and forms. Therefore, it is more efficient to list all the documents and forms that are affected by the change on one form. This results in fewer signatures for reviewers and approvers. Several of the companies that I have helped to implement an ISO 13485 quality system plan for failure to review and approve the documents and forms in a timely manner. I think there are two reasons for this:

  1. they haven’t been responsible for document control before, and
  2. they don’t want to have to create and maintain quality system records any sooner than required.

The first reason can be addressed quickly with training. The second reason, however, is flawed. It is essential to implement the procedures as soon as possible to begin creating quality system records that can be audited by an ISO 13485 certification auditor or by FDA inspectors for compliance with 21 CFR 820. I have struggled with this hesitation in the past, but for this project, I am completing DCNs for the initial release of all the procedures and forms. This ensures that all the procedures and forms will be reviewed and approved shortly after the webinar training is completed. Also, this gives my client multiple examples of DCNs to follow as they make revisions to the procedures and forms over time.

Quality Objectives & Data Analysis

The third step in the Deming Cycle is to “check.” I recommend using quantitative metrics to track progress toward your goal of completing the quality system implementation. For example, if you have 50 documents to review and approve, you can track the % complete by just multiplying each document that is approved by 2%. You can also track the implementation of documents separately by type. Every DCN you route for approval will take a certain number of days to complete. You might consider tracking the duration of DCN approval. As a benchmark, an efficient paper-based DCN process should average about four days from initiation to completion. I have seen average durations measured in months, but hopefully, your average duration of DCN approval will be measured in days. Another metric to consider is the % of required training that has been completed for the company, for each department, and for each employee. Regardless of which metrics you choose to evaluate your quality system implementation, you should pick some of these metrics as quality objectives (i.e., a requirement of ISO 13485, Clause 5.4.1). You should also analyze this data for positive and negative trends as required by ISO 13485, Clause 8.4.

Your first CAPAs

The fourth and final step in the Deming Cycle is to “act.” Acting involves taking corrective action(s) when your data analysis identifies processes that are not functioning as well as they should be. To achieve ISO 13485 certification, you will need some examples of corrective and preventive actions (CAPAs) that you have implemented. The steps you take in response to observed trends during data analysis are all potential CAPAs.

Download an ISO 13485 quality system plan

Later this week, I will be posting a follow-up blog that explains how to write an ISO 13485 quality system plan for establishing a new quality system. There will also be a link for downloading a free ISO 13485 quality system plan.

How to implement a new ISO 13485 quality system plan in 2016 Read More »

What is a Master Validation Plan and Do You Need One?

Leave a Comment / ISO 13485 / By

This article explains what a master validation plan is, when is it appropriate to have a master validation plan, and when you need one.

Process Validation Protocol What is a Master Validation Plan and Do You Need One?

Master Validation Plan

In the United States, there are two applicable regulations for medical device manufacturing process validation: 1) 21 CFR 820.75, and 2) ISO 13485, Clause 7.5.2. Neither the QSR regulation nor the ISO 13485, include any mention of a master validation plan. There is a requirement for product realization planning, and a master validation plan could be an essential part of that planning. However, master validation plans are not mentioned anywhere.

MDD – Master Validation Plan?

For companies that manufacture CE Marked products, the term validation appears in the MDD (93/42/EEC as modified by 2007/47/EC) a total of two times. Only one of those references is specific to process validation, but there is no mention of a master validation plan. The single mention of validation appears in Annex VII, and the reference is specific to the requirement for including a copy of the sterilization validation report in a technical product file.

CMDR – Master Validation Plan?

For companies that hold one or more Canadian Medical Device Licenses, “validation” appears in the Canadian Medical Devices Regulations (CMDR) a total of eight times (four times as part of the French translation). The first four references are part of the definition of validation, where the CMDR is referring to design validation. The remaining four references specifically mention the requirement for the inclusion of process validation and software validation in a medical device license application for Class IV devices. None of those references say of a master validation plan.

IQ/OQ/PQ Requirements?

Not only is there no mention of a requirement for master validation plans in any of the medical device regulations, but there is also no mention of installation qualification (IQ), operational qualification (OQ), or performance qualification (PQ). The only mention of validation protocol or report appears in 21 CFR 820.70 as it refers to using validation protocols for validation of software controlling automated equipment.

21 CFR 210 or 21 CFR 211 requirements?

The requirements for medical devices historically are derived from pharmaceutical regulations–which included the requirement for process validation. However, neither 21 CFR 210 nor 21 CFR 211 mention master validation plans (need to verify). They also don’t mention IQ/OQ/PQ requirements.

Where did the idea for Master Validation Plans Come From?

GHTF/SG3/N99-10:2004 is the guidance document that was created by the Global Harmonization Task Force’s Study Group 3 for guidance on process validation. The guidance even includes templates for a master validation plan, IQ, OQ, and PQ. The guidance indicates that the purpose of a master validation plan is to plan validation and revalidation activities. There are other planning documents that could be used instead. For example, design plans include process validation as part of the design transfer activities when a new product is being developed. Quality plans are used for facility expansions and construction of new facilities. Some companies even include validation and revalidation plans in their process validation procedure and/or sterilization validation procedure.

For companies that have equipment that requires validation, I like to use an equipment register that identifies calibration, preventive maintenance, validation, and revalidation requirements as part of the equipment register. This allows me to use one single document to manage all the planning of calibration, preventive maintenance, and validation. If there are no validation requirements, then the appropriate column of the equipment register will indicate “n/a.”

What is a Master Validation Plan?

A master validation plan (MVP) is simply a plan for your equipment and process validation activities. All the equipment, processes, and software requiring validation should be included in the MVP. The plan should reference the applicable protocol and report for each item in the plan. If there are revalidation requirements, the plan should indicate when the last validation was performed and what the frequency of revalidation should be. Ideally, similar equipment will use the same validation protocols that are controlled documents and pre-approved. Over time the number of reports referenced will increase, but the plan should only reference the most recent approved protocol(s).

Some companies include the rationale or triggers for revalidation in the plan–just as you would for a record retention table. However, other companies will include this detail in the validation protocol and/or in the process validation procedure. The rationale for revalidation only needs to be in one of three places, and duplication of the information just encourages errors and audit non-conformities.

Procedures & Templates

We also have a process validation procedure.

What is a Master Validation Plan and Do You Need One? Read More »

Validating Bioburden Limits

18 Comments / ISO 13485 / By / , ,

This article explains the process for setting and validating bioburden limits, and you will learn when investigations are needed. 

Last week, I was in Europe reviewing product specifications with a potential contract manufacturer for a medical device implant. Due to the raw materials that the contract manufacturer currently is using for a similar product, bioburden levels are higher than we can accept. The company uses an ISO Class 7 cleanroom for assembly and packaging, which is clean enough for these implants, but the molded components used for the assembly are not clean enough.

Validating Bioburden Limits Validating Bioburden Limits

The average bioburden is 220 CFU/device (i.e., colony-forming units/device), and the maximum observed bioburden exceeded 500 CFU/device. We want to use a lower dose range of gamma radiation to prevent the deterioration of bioabsorbable plastics, but a lower dose range requires that the average bioburden never exceed 100 CFU/device.

There are quite a few Clauses in ISO 13485 that differ from ISO 9001. One example is Clause 6.4–Work Environment. Subsection 6.4(b) states, “If work environment conditions can have an adverse effect on product quality, the organization shall establish documented requirements for the work environment conditions and documented procedures or work instructions to monitor and control these work environment conditions.” This is the applicable clause of ISO 13485 related to setting bioburden limits. Unfortunately, this vague requirement does not explain how to establish or validate bioburden limits.

Rule of Thumb for Setting Limits

One of my microbiologist friends recommends using the following “rule of thumb”: +2 sigma for alert limits and +3 sigma for action limits. This rule of thumb assumes that you are performing data analysis of bioburden and that you have calculated a “sigma” value for the standard deviation. There are a few problems with the “rule of thumb” approach.

First, this method assumes a normal distribution and a controlled process–which bioburden seldom is. Second, the cleanliness you need for your product and the cleanliness your controlled environment is capable of are not always appropriately matched. In my example, we need the finished device to have a bioburden of <100 CFU/device before gamma sterilization. Molded parts are essentially bioburden free due to the hot temperatures of the parts ejected from the mold. Unfortunately, molded components attract dust like a magnet. Therefore, how you handle and store molded parts is important to the bioburden of the molded parts.

Which factors affect bioburden?

For this example, we have three aspects critical to the final bioburden limit of the finished medical devices.

  1. How are the molded parts handled and stored?
  2. Are molded parts cleaned before assembly?
  3. What is the cleanliness of the work environment where the device is assembled?

The cleanliness of the molding environment matters, but parts can fall into a container that keeps the parts clean. It also matters how molding machine operators handle the parts. Gloves should be used, and typically the container the parts are in will be placed in an outer bag for storage. It is possible to clean molded parts with ultrasonic cleaning before assembly, but if the parts are kept clean after molding, this is unnecessary.

For your assembly operation, you need an environment with suitable cleanliness. Sometimes a controlled environment is sufficient. Other times a certified cleanroom is more appropriate. In either case, it is important to control the bioburden in the assembly area to a level that meets the needs of the most critical product assembled in that area. Cleanroom procedures, the design of the cleanroom, and your cleaning/sterilization processes should match the needs of the product. Fortunately, cleanroom procedures and bioburden limits for cleanrooms are well established in ISO 14644-1 (e.g., for an ISO Class 7 cleanroom, particles ≥ 0.5 microns must be fewer than 352,000). If you have devices of different types in the same manufacturing area, you must plan according to the most critical needs.

Validating Bioburden Limits

After establishing your bioburden limits, you need to validate these limits. Once again, cleanroom validation has established ISO Standards to follow. The more challenging validation is a validation of the bioburden of parts and the final assembly. It’s important to validate the component levels first to reduce the variability of inputs to the final assembly process. Typically the first step is to perform data analysis of other molded parts produced in the same molding area by the same operators. If this data meets your needs for cleanliness, then further measures for controlling bioburden may not be needed. However, if you need to reduce bioburden (i.e., bioburden failure), you might consider measuring parts at critical control points. The goal is to identify where the bioburden is being introduced. This analysis is typical of the type of root cause investigation performed when bioburden increases for unexplained reasons.

Once the sources of bioburden are identified and quantified, process controls should be implemented to reduce bioburden. Gloves, double-bagging of product, and keeping containers covered during the molding operation are typical risk controls that may be implemented. To validate the effectiveness of these measures, you should write a bioburden validation protocol that evaluates each of the following aspects:

  1. lot variability of component bioburden
  2. operator variability for assembly
  3. variability in the cleanliness of the assembly area
  4. number of operators in the assembly area
  5. duration of the manufacturing lots

After you have validated the bioburden limits for the components, then the same process should be conducted for the final assembly of the product. A sampling of bioburden after transfer to the assembly area and before assembly begins should be done. This is important because often, improper storage of components and/or failure to remove and clean outer packaging will contaminate the parts and your assembly area.

process validation webinar Validating Bioburden LimitsIf you are interested in learning more about process validation, please download the process validation webinar. We also published a blog on sterilization and shelf-life validation for 510k submissions.

Validating Bioburden Limits Read More »

Good Documentation Practices (GDP 101) Webinar

Leave a Comment / ISO 13485 / By

good documetnation practice GDP101 300x261 Good Documentation Practices (GDP 101) Webinar
No White Out!

Medical Device Academy released a new webinar this week for training companies on good documentation practices.

Have you ever wondered where the FDA regulation is that says, “…shall not use white-out to correct quality system records.”

Don’t bother looking, because you won’t find it. You also won’t find any regulations against the use of red pens, highlighters, pencils, or markers. You can’t even find a guidance document that tells you not to put a single line through mistakes, initial and date it.

The applicable regulation is 21 CFR 820.180, but the regulation doesn’t specifically say these things. Instead, the regulation states: “Records shall be legible and shall be stored to minimize deterioration and to prevent loss.” The ISO 13485 Standard is not much different. It states that you must establish a procedure that will “Define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.”

Over time medical device companies have developed some standard approaches to meet the requirements for Document Control, Control of Records, and Training. These are the three core processes that I call “good documentation practices.” If you need training or you need tools for training employees, click on the link below to purchase our new webinar on good documentation practices.

http://robertpackard.wpengine.com/good-documentation-practices-webinar/

The webpage also includes an exam for training people on good documentation practices. The exam serves as a useful check for the training, but we recommend that process owners monitor these processes–especially if the process is manual. For example, QC inspectors will complete inspection records and file the record as a quality system record. The QC supervisor, or process owner, should periodically review these records for completeness and accuracy. If the supervisor notices an error, the supervisor should notify the inspector and have them correct the mistake. The supervisor should also track how many times each error is made and specifically where errors are occurring. The collection of this data gives the supervisor trend data to help them identify which forms need to be updated to prevent mistakes and which employees require retraining. This data also provides evidence of competency for each employee concerning good documentation practices.

After you have completed the training, you might also be interested in downloading our procedures for Document Control, Control of Records and Training:

http://robertpackard.wpengine.com/standard-operating-procedures-medical-device-academy/

Good Documentation Practices (GDP 101) Webinar Read More »

How to reconcile the conflict between ISO 13485 and ISO 9001

3 Comments / ISO 13485 / By / , , , ,

This blog explains how to reconcile the conflict between ISO 13485 and ISO 9001, and discusses whether you should maintain dual certification.

how to reconcile diverging standards How to reconcile the conflict between ISO 13485 and ISO 9001

What is the conflict between ISO 13485 and ISO 9001?

The previous version of ISO 13485 was released in 2003. That standard was written following the same format and structure as the overall quality system standard at the time (i.e., ISO 9001:2000). In 2008, there was an update to the ISO 9001 standard, but the changes were minor, only clarified a few points, and the periodic review of ISO 13485 in 2008 determined there was not a need to update 13485 at that time. Unfortunately, the proposed structure of the ISO 9001 standard was radically different, and this forces companies with dual certification to reconcile the conflict between ISO 13485 and ISO 9001.

On December 1-5, 2014, the working group for the revision of ISO 13485 (i.e., TC 210 WG1), met at AAMI’s Standards week to review the comments and prepare a first Draft International Standard (DIS). We should have some updates on the progress of the DIS later in December, but hopefully, the news will not be delayed in publication until 2016. The following is a summary of the status before last that meeting.

Updated ISO 13485 and ISO 9001 Standards Being Released

In 2015, there will be a new international version of ISO 9001 released. This new version will have dramatic changes to the standard–including the addition of a new section on risk management and the adoption of the new High-Level Structure (HLS) changing from 9 sections to 11. The ISO 13485 standard is also anticipated to have a new international version released in 2015, but the ISO 13485 standard will maintain the current HLS with nine sections. The timing of the ISO 9001:2015 release and the ISO 13485:2015 release will likely be around the same time (Correction: the ISO 13485:2016 standard was released in February 2016). Both standards are expected to have a three-year transition period for implementation. The combination of the three-year transition and lessened requirements in the new version of ISO 9001 for a structured quality manual should allow most manufacturers to wait until the ISO 13485 release before they begin drafting a quality plan for compliance with the new standards. Some of my clients have already indicated that they may drop their ISO 9001 certification when it expires, instead of changing their quality system to comply with the ISO 9001:2015 requirements. However, my clients will not have the ability to allow their ISO 13485 certification to lapse. Will Health Canada be updating GD210 and continue to require ISO 13485 certification for medical device licensing? What should companies do?

Update on the reconciliation of ISO 13485:2016 and ISO 9001:2015 on May 29, 2020:

  • GD210 was never updated, and instead, it was replaced by MDSAP
  • ISO 13485:2016 certification, under the MDSAP program, is required for Canadian Medical Device Licensing
  • Many device companies have dropped the ISO 9001 certification.

Recommendations

From the experience of preparing for the ISO 13485:2016 and ISO 9001:2015 releases, I learned that obtaining draft versions of the standards before publication is invaluable. I was able to use the drafts to help prepare quality plans for the transition. Second, companies need to train their management teams and auditors on the differences between the current and the new standards to enable a gap analysis to be completed. Any manager that is responsible for a procedure required by the current version of a standard should receive training specific to the changes to understand how they will meet the requirements for documented information. Most companies will need to improve their risk management competency (which was updated again in December 2019). I recommend that companies begin drafting their quality plans and enter discussions with their certification body for quality system changes as early as possible. I also recommend that medical device companies maintain a quality manual structure that follows the ISO 13485:2016 standard rather than the ISO 9001:2015 standard. Following ISO 13485:2016 will help everyone locate information faster.

There is also specific text in the introduction of ISO 9001:2015 that states it is not the intent of the standard to imply the need to align your quality management system to the clause structure of the standard. Companies that maintain ISO 9001 certification should consider including cross-references between the two standards in their quality manual.

Historical Note

There are also European National (EN) versions of each standard (e.g., EN ISO 13485:2012). The EN versions are harmonized with the EU directives, but the content of the body or normative sections of the standards are identical. Historically, the differences were explained in Annex ZA, which was the last Annex in the EN version of the standard. In 2009 the harmonization annex for ISO 14971 (i.e., the medical device risk management standard) was split into three parts to match up with the three directives for medical devices (i.e., the MDD, AIMD, and IVDD). The new annexes (i.e., ZA, ZB, and ZC) were moved to the front of the EN version of the standard. The changes to ISO 14971 consisted of a correction and the change to Annex ZA. In 2012, there were new harmonization annexes created for ISO 13485 to follow the same format that was used for the EN ISO 14971 annexes. It is expected that these “zed” annexes will be released with a new EN version of the standard shortly after the international standard is published.

How to reconcile the conflict between ISO 13485 and ISO 9001 Read More »

Medical Device Validation Document Resources

1 Comment / ISO 13485 / By / ,

This blog provides a list of medical device validation resources and explains how to create your resource list.

medical device academy valdiation resources Medical Device Validation Document Resources

The first step to understanding how to conduct successful validations are always to read and re-read the requirements of the documents below:

  • 21 CFR 820.30(g)
  • 21 CFR 820.75
  • ISO 13485, Clause 7.3
  • ISO 13485, Clause 7.5.2

Unfortunately, we sometimes need to consult a reference guide that explains aspects of the requirements.

Max Sherman (http://bit.ly/MaxSherman) is finishing a new handbook on design and process validation that will be published through RAPS. The following is a list of resources for the process and design validation that I am submitting for publication in the book. Many of these resources are free, and these are the resources I use to learn and teach principles of validation.

  1. GHTF/SG3/N99-10:2004 – Process Validation Guidance (http://bit.ly/N99-10)
  2. ISO 14969 – ISO Guidance document for ISO 13485 (http://bit.ly/iso14969)
  3. 13485 Plus – CSA Guidance document for ISO 13485 (http://bit.ly/13485Plus)
  4. AAMI The Quality System Compendium: Bundled Set of Textbook & CD (http://bit.ly/AAMI-Store)
  5. The preamble to the QSR (http://bit.ly/QSR-preamble)
  6. ICH Q2: Validation of Analytical Procedures: Text and Methodology (http://bit.ly/Q2-Analytical-Validation)
  7. FDA Guidance for Part 11: Electronic Records (http://bit.ly/Part11Guidance)
  8. FDA Guidance for Software Validation (http://bit.ly/FDA-Software-Validation)
  9. FAQs about Implementation of IEC 62304:2006 (http://bit.ly/Team-NB-IEC62304)

In addition to these resources, you may also need additional resources for design validation. Here are some examples of design validation resources I use in my design controls training “tool kit:”

  1. http://bit.ly/do-it-by-design
  2. http://bit.ly/DesignControlGuidance

As regulatory affairs professional, it is critical to maintain a list of the most current standards and an organized list of links to those standards. I used to keep a list of favorites in my web browser for this purpose, but my database now exceeds the utility of “favorites.” Now, I use my webpage for this purpose. You can do this yourself by creating a free WordPress blog, and having one of the webpages to the blog be specifically to maintain a list of applicable Standards. Here’s a link to my webpage that I share: http://bit.ly/RA-Resources

 

Medical Device Validation Document Resources Read More »

Nonconforming Materials Disposition

4 Comments / ISO 13485 / By / , , , , ,

Nonconforming materials disposition can be simplified into four categories: scrap, return to supplier, rework, and use as is.

Sorting Disposition of Scrap Nonconforming Materials Disposition

Nonconforming materials disposition

In our previous blog, we focused on requirements to identify and segregate non-conforming materials. Once nonconformities are labeled and locked in your quarantine cage, what do you do next? The next step in the process of determining nonconforming materials disposition. The most common dispositions are:

  • Scrap
  • Return to Supplier (RTS)
  • Rework
  • Use As Is (UAI)

Some companies also have dispositions of sort and repair. The sort is not a disposition and often creates confusion for anyone auditing records of nonconforming materials. Sorting is the process that you must perform when a lot of material fails to meet acceptance criteria. Still, some of the individual units within the lot meet the acceptance criteria. In this scenario, the following sequence of events is recommended.

Sorting nonconforming materials

First, the lot is segregated from a conforming product, and an NCR number is assigned. Next, the lot is 100% inspected for the defect, and the results of the inspection are recorded on the inspection record. It is important to record the specific number of non-conforming units on the NCR record–not the total amount inspected. The final step is to release a conforming product back into the production process or warehouse, and the Material Review Board (MRB) will disposition the units identified as non-conforming.

If identifying a non-conforming product requires an inspection method that is not typically performed, then the inspection plan needs to be corrected, or a corrective action plan is needed. New and unforeseen defects may indicate a process change, a change in the raw materials, or inadequate training of personnel at your company or your supplier. An investigation of the root cause is needed, and it is recommended to consider documenting this investigation as an internal CAPA or a Supplier Corrective Action Request (SCAR).

Material Review Board (MRB) determines the nonconforming materials disposition

Most companies have a “Material Review Board” (MRB) that is responsible for making the decision related to the disposition of non-conforming material. Typically, the MRB will be scheduled once per week to review the most recent nonconformities. The board usually consists of a cross-functional team, such as:

  • Quality Assurance
  • Research & Development
  • Manufacturing
  • Supply Chain
  • Regulatory

The reason for a cross-functional team is to review the potential adverse effects of rework and potential risks associated with a UAI disposition. If rework is required, the cross-functional team will typically have the necessary expertise to create a rework instruction and to review and approve that rework instruction–including any additional inspections that may be required beyond the standard inspection work instructions.

Scrap

If the material is going to be scrapped, there is no risk to patients or users. Therefore, the entire MRB team should not be required to scrap products. Because there may be a cost associated with a scrap of non-conforming products, it is recommended that someone from accounting and a quality assurance representative approve scrap dispositions. Other departments should be notified of scrap, but a trend analysis of all non-conforming products should be reviewed by each department and by top management during management reviews. Auditors and FDA inspectors, specifically, will be looking for evidence of statistical analysis of non-conforming material trends and the implementation of appropriate corrective actions.

Return to Supplier (RTS)

Returning non-conforming material to the supplier that produced it is the most common disposition, but the trend of RTS should continuously be improving. If the trend of RTS is not improving, your supplier qualification process or your supplier control may be inadequate. The best way to ensure that the trend is improving is to initiate a SCAR. Some companies automatically wait until they have a trend of non-conforming material before initiating a SCAR. However, if you wait until a defect occurs twice, you are doubling the number of nonconformities for that root cause. If you wait until a defect occurs three times, you are tripling the non-conformities. For this disposition, there also does not need to be approval from the entire MRB. Typically, only someone from the supply chain management and quality assurance are needed to return non-conforming products to a supplier.

Note: You should not always wait until there is a “trend” to request supplier corrective action.

Rework

Almost every auditor looks for a specific phrase in the procedure for Control of Nonconforming Material: “The MRB will review and document the potential adverse effects of rework.” Most companies are doing this, but the procedures often do not specifically state this requirement, and rework instructions are often missing any specific inspection instructions that have been added to reduce risks associated with the rework process. Repeating the normal inspection criteria is seldom adequate for reworked product because the rework process typically results in different defects.

Another phrase that auditors and inspectors are looking for is the requirement to document the rework instructions and to have the instructions reviewed and approved by the same functions that reviewed and approved the normal production process. This requirement is often not specifically stated in the procedure, and FDA 483 inspection observations are commonly issued for this oversight.

Use As Is (UAI)

The UAI disposition should be rare. When I see a large number of NCRs with a disposition of UAI, I expect one of two reasons for this situation. First, the NCRs are for cosmetic defects where the acceptance criteria are too subjective and inspectors need clear guidelines regarding acceptable blemishes and unacceptable nonconformities. The visual inspection guides used during solder joint inspection for printed circuit boards are an excellent example of best practices for clearly defining visual inspection criteria. Personally, I prefer to use a digital camera to take pictures of representative “good” and “bad” parts. Then I create a visual inspection chart with a green, smiley face for “good” and a red, frowny face for “bad.” The best inspection charts identify the proper inspection equipment and quantitative acceptance criteria with pictures and symbols instead of words.

The second reason for a larger percentage of UAI dispositions is that the product specifications exceed the design inputs. For example, if a threaded rod needs to be at least 1” long, but 1.25” long is acceptable, then you should not approve a drawing with a specification of 1.00” +/- 0.05”. Often, the legend of drawings will define a default tolerance that is unnecessary. A more appropriate specification would be 1.13” +/- 0.12”. No matter how much work it is to specifically define tolerances for each dimension on a drawing, the work required to do this at the time of initial drawing approval is much less than the work required to justify a UAI disposition. FDA inspectors will consider a UAI disposition as a potentially adulterated or misbranded product, and a formal Health Hazard Evaluation (HHE) may be required to justify the reason why the product is not recalled.

Regardless of the disposition of the product, the decision for disposition should be a streamlined process that is not delayed unnecessarily. In order to ensure that your non-conforming material dispositions are effective and processed in a timely manner, our next blog in the series about control of non-conforming materials will focus on process interactions, monitoring and measuring of non-conforming product and when to initiate a CAPA or SCAR to prevent more NCRs.

Nonconforming Materials Disposition Read More »

Stage 2 audit preparation for ISO 13485 certification – Part 2

1 Comment / ISO 13485 / By / , ,

In this article, you will learn what ISO 13485 stage 2 audit preparation you should complete specific to training records and practice interviews.
ISO Stage 2 Cert Stage 2 audit preparation for ISO 13485 certification Part 2Stage 2 Audit Preparation

If you aren’t sure what ISO 13485 is, please visit our two-part training webinar series. During your Stage 1 ISO 13485 Certification audit, the auditor verifies that your company has all 28 procedures required in ISO 13485:2016. During the Stage 2 audit preparation, however, the auditor will be reviewing training records for each employee. A training matrix is one of the best tools for verifying that your training records are completed. First, you create a table of all 28 required procedures in Excel (this is your far left column). Across the top of the table, you need to list each of the employees in your organization. This would be difficult for a large organization, but most companies seeking initial ISO 13485 certification have less than 20 employees. In your training matrix, you need to identify which procedures each employee must be trained on. This is one of the most common ways to identify training requirements, and color-coding the matrix works is helpful.

Once you have defined your training requirements, review and approve this document as a controlled document that you will maintain as the company grows. However, as the company grows, you may convert specific names to job functions. Once the training requirements matrix is reviewed and approved, you should enter the date that training was completed for each employee. This is a more effective check than the “checkbox” approach, and it enables you to verify that everyone was trained since the last revision of any procedure. Now, you have a summary document to prove that 100% of your employees have current training on each of the 28 required procedures.

Interview employees as part of your Stage 2 audit preparation

During the Stage 2 audit, any of the employees could be interviewed by the auditor. As part of your Stage 2 audit preparation, you should interview each employee on your training matrix by asking them the following open-ended questions:

  1. Can you show me where I can find the company’s quality policy?
  2. Please explain how the quality policy is relevant to your job.
  3. Can you show me a copy of the training procedure?
  4. What quality objectives do you or your department monitor?

The first question is typical of auditors. You don’t have to have the policy memorized, but every employee should know where to find it. My favorite location is the back of employee ID badges, but the quality policy needs to be updated periodically. If everyone has the policy on their ID badge, you might consider handing out updated stickers with the revised quality policy when you hand out paychecks. The second question is related to the first, and it verifies that each person understands the importance of their job function as it relates to quality.

The third question is a test to ensure every employee can locate procedures. Don’t help them, because the auditor won’t. After each employee answers the question, make sure you explain the correct answer concerning where the most current version of every procedure is. Redlined copies in a drawer do not exist. The person should also have read each procedure in their training matrix so that they can answer a question. It’s ok to say “I don’t remember,” but they shouldn’t guess.

The fourth question verifies that top management has established quality objectives for all functions and at all levels within the company. Every manager should have at least one quality objective they are tracking, and progress toward the quality objective should be visibly communicated to everyone in the department. Employees, especially managers, should also be aware of where quality objectives for the company as a whole are posted. Ideally, each employee will know how their job function contributes to one or more of these objectives.

Stage 2 audit preparation – How to handle “stage fright”

Anyone can get nervous when they are being interviewed by an auditor–even the most experienced managers. In particular, a large entourage of observers following an auditor can make the situation worse. Therefore, you should anticipate this and discuss this with every employee in your company when you are doing practice interviews. Tell them this is normal, and it’s ok to be nervous. Remind them to take a deep breath to settle their nerves. Assure employees that they will not get in trouble for being nervous, and the company will not fail and audit just because someone has difficulty answering a question. At worst, you will need to initiate a CAPA and do some more training. The best-case scenario for a certification audit is that you will need to initiate a CAPA and do some more training. Either way, the outcome is the same. 

Congratulations on your successful Stage 2 audit preparation

Do not stress everyone out the day before your Stage 2 certification audit. You had six months to prepare, and everyone worked hard to help prepare the company. Now is the time to celebrate with your family. Everyone should go home on time and get a good night’s rest. Positive attitudes and relaxation are as crucial as all the work that has been completed. I learned this lesson the hard way during my first ISO 13485 Certification in 2004. We received certification, but I don’t recommend letting your boss turn purple with rage during the audit–it might be career-limiting.

I have only made the mistake of staying up late the night before on one other occasion–and the client was not recommended for certification at the end of the Stage 2 audit. Fortunately, the auditor was able to schedule a follow-up audit within a few weeks, and we were able to address all the open issues at that time. The client received their ISO 13485 certificate and CE Certificate within three months of starting the project, and the certificates were just in time for an important trade show in Germany.

Additional training resources to prepare for ISO 13485:2016 certification

If you are interested in learning more about ISO Certification, please download Medical Device Academy’s whitepaper and watch our six-part webinar training certification course for ISO 13485:2016 certification preparation.

Stage 2 audit preparation for ISO 13485 certification – Part 2 Read More »

Scroll to Top