Blog

Archive for FDA

10 FDA Inspection Strategies that DON’T Work

If you were just notified of an FDA inspection and you don’t think you are ready, using tricks to hide your problems is a huge mistake. I have heard a few recommendations over the years for “secrets” to hide those problems. In this post, I share my favorite “secrets”–and why they DON’T work.

Here are my top 10 ways to make an FDA inspection worse:

10. Stalling when the investigator makes a request – This just irritates investigators. At best, the investigator will use the waiting time to identify additional documents to sample or to review the information you have provided more closely. At worst, the investigator will accuse the company of not cooperating with the inspection, and the investigator may return the following week with several more team members to help them. Whenever this occurred during a third-party audit that I conducted, I would move onto another area and interview someone. However, before I left the person that was slow to respond, I provided the person with a list of documents and records that I expected to be waiting for me upon my return. In extreme cases, I had to bluntly tell the management representative that I needed documentation more quickly. As an instructor, I teach auditors techniques for coping with this tactic.

9. Suggesting records for the investigator to sample – This is specifically forbidden in the case of third-party inspections and audits. The FDA has work instructions for identifying sample sizes, and samples are supposed to be selected randomly. In reality, samples are rarely random, and usually, the investigator is following a trail to a specific lot, part number, etc. When clients offered me samples, I tried to be polite and review the record they provided. However, I also would request several other records or follow a trail, as I have indicated above. Another approach I often use is to focus on high-risk items (i.e., – a risk-based approach to sampling). In general, you can expect the FDA investigators to sample more items than a registrar–and sample sizes are often statistically derived if the number of records is sufficiently large. When sample sizes are quite small, I recommend sampling 100% of the records since the previous inspection/audit. This is not always possible for third-party auditors, but internal auditors often can achieve this.

8. Outsourcing processes to subcontractorsThe FDA recently reinstated the requirement for contract manufacturers and contract sterilizers to be registered with the FDA by October 1, 2012. Therefore, hiding manufacturing problems from the FDA by outsourcing manufacturing is increasingly more difficult to do. In addition, the FDA focuses heavily on supplier controls and validation of outsourced processes. Therefore, an investigator will identify high-risk processes performed by subcontractors and request documentation of process validation by that supplier. If the company does not have the validation reports, this could quickly escalate to a 483, and possibly a visit to the subcontractor.

7. Trying to correct problems during the inspection – This is what I like to call the document creation department. At one company I worked for, we noticed a mistake across several of the procedures and made a change overnight between the first and second days of the audit. When the auditor asked for the procedures in the morning, he asked, “Is the ink dry yet?” The auditor then proceeded to request records that demonstrated compliance with the newly minted procedures. As you might have guessed, this resulted in several nonconformities. When clients attempt to correct problems found by an investigator, the investigator typically will respond with the following statement, “I applaud you for taking immediate action to contain and correct the problem. However, you still need to perform an investigation of the root cause and develop a corrective action plan to prevent a recurrence. To do this investigation properly may take several days.” I also teach auditors to memorize this phrase.

6. Writing a letter to file – When companies make minor design changes, one of the most common approaches is to “write a letter to file.” This phrase indicates that the design team is adding a memo to the Design History File (DHF) that justifies why design validation is not required or why regulatory notification/approval is not required. The FDA used to publish a decision tree to help companies make these decisions. In fact, such a decision tree is still part of the Canadian significant change document. The FDA recently withdrew a draft document that eliminated many perceived opportunities to utilize the “letter to file” approach. However, the FDA will still issue a 483 to a company if the investigator can identify a change that required validation that was not done, or a 510(k) that was not submitted for a design change. In fact, the FDA looks explicitly for these types of issues when an investigator is doing a “for cause” inspection after a recall or patient death.

5. Shut it down – Not running a production line that has problems is an ideal strategy for hiding problems. However, the FDA and auditors will simply be forced to spend more time sampling and reviewing records of the problematic production line. If you need to shut a line down, ensure everything is identified as nonconforming, and carefully segregate rejected product from good product. You should also use these problem lines as an opportunity to show off your investigation skills and your ability to initiate CAPAs. If you simply forgot to validate a piece of equipment, or do some maintenance, take your lumps and keep production running. If you are a contract manufacturer, never shut it down without notifying the customer. If you do not tell your customer, you will get a complaint related to on-time delivery and a 483.

4. Storing all records off-site – I first heard about this tactic during an auditor course I was co-teaching. During the course, we had many reasons why the company should be able to provide the records in a timely manner. However, I have experienced this first-hand as a third-party auditor. When this happens, I do three things: 1) increase my sampling of records that are available, 2) carefully review supplier controls and supplier evaluation of the storage facility (assuming it is outsourced), and 3) verify that the company has a systematic means for tracking the location (i.e., – pallet and box) for every record sent to storage. FDA investigators will simply move along to another record and follow-up on their earlier request with a second visit, or a request to send a copy of the document to them after the inspection.

3. Identifying information as confidential – A company can claim information is confidential and may not be shared with the public. Still, very little information is “confidential” concerning the FDA or Notified Bodies. Therefore, this strategy rarely works. In fact, this will enrage most FDA investigators. In training courses, I train auditors to ask the auditee to redact confidential information. For example, a CAPA log may have confidential information in the descriptions, but the trend data on opening and closing dates are never confidential.

2. The FDA is not allowed to look at those records – Although this statement is technically true for internal audit reports and management reviews, the FDA always says that they can access this information through the CAPA system. What the FDA means is that there should always be evidence of CAPAs from internal audits and management reviews. If there is not, then this will quickly become a 483. Another person I met tells the story that when they agreed to share the management review records with the investigator, the inspector rarely issued a 483. When they refused to share the management review with the FDA, the inspection went quite badly from that point forth. I don’t agree with being vindictive, but it happens.

1. Show me where that is required – This is just silly. Investigators and auditors are trained on the regulations, while you are educated on your procedures. Spend your time and effort, figuring out how your procedures meet the regulations in some way. Challenging the investigator excites the investigator. We all like a challenge–and we rarely lose. One auditee tried this approach with me in front of their CEO. This experience allowed me to show off that I had memorized the clause in question–and the corresponding guidance document sections. I think the CEO realized quickly that the management representative was not qualified.

My final advice is to do your best to help the investigator do their job, and treat every 483 as “just an opportunity to improve.” Just ensure you submit a response in 14 days, or you will receive a Warning Letter too!

Posted in: FDA

Leave a Comment (4) →

The UDI: FDA Requirement

The UDI is an FDA requirement. The author reviews how the UDI will enable faster and more accurate product recalls and medical device reporting.

Unique Device Identifiers (UDIs) are nothing new. MASH tents in the military use 2-D barcoding to track the use of instruments in mobile operating rooms in the field. Just imagine how hard it is to count forceps and vascular clamps during a wave of shelling from a nearby front. That’s just one way UDI’s can be used to benefit patients and healthcare providers. Click here for the proposed rule. I am positive that some companies, and their lobbyists, will fight the latest regulations from the FDA regarding labeling requirements. However, this makes even more sense than electronic medical records. UDIs will enable faster and more accurate product recalls and MDRs. Click here for more information (I have copied the example provided by the FDA).

%name The UDI: FDA Requirement

This is the unique device identifier example provided by the US FDA.

If you are trying to recall a product, the last thing you want is to continue to send out letters three and four times to medical facilities that have no idea when or if your product was used. They want to close out these requests for information quickly too. UDIs present a solution for assuring correct and complete responses by hospitals the first time.

How UDI Helps with Recalls
  • Locating devices in inventory
  • Locating product in distribution centers
  • Identifying product after it is removed from the outer box
  • Tracking product to each patient
How UDI Helps with MDRs

If you’ve been in the business long enough, you have seen more than one complaint about a product that you don’t even make. When this happens, the company is obligated to open an investigation to ensure the complaint gets recorded in the complaint files. The proposed rule includes the identification of the manufacturer. Therefore, 100% of the complaints should go to the correct company. Also, the company should always receive a lot number—something that almost never occurs. What do you think about UDIs? Has your company already taken steps to implement UDIs?

Posted in: FDA

Leave a Comment (3) →

But What About FDA Regulations?

The author writes that when you are auditing, you should always read the FDA regulations again to ensure accuracy.  

I hear this question, or a question with similar wording, quite frequently when I am auditing. Typically, the question is in response to a better way to do something that seems simple and efficient. Most people seem to approach regulatory requirements with the approach of…let’s bury the regulator in paperwork. While it’s true that auditors expect a certain amount of paperwork with each regulatory requirement, they frequently accept a broader range of documentation than people realize (i.e., one page can be enough).

For example, a design control procedure could be a one-page flowchart that references forms and work instructions, or twelve separate documents, with a minimum length of ten pages and a maximum of forty pages per document. As long as the procedure has sufficient detail for personnel performing these tasks, and all the required elements are included, ISO clauses 7.3.1-7.3.7. An auditor should identify the process as conforming.

However, some people are FDA inspectors looking for NONCONFORMITY!

In the case of inspectors, it is critical to present your information in such a way that it is easy for the inspector to see how you meet the requirements of the regulations. One of the best ways to do that is to reference the requirements directly in your procedures.

For those that prefer finesse try to organize information following the regulations. For example, if I am writing a procedure for an ISO registration audit, I write the procedure to specifically address the ISO sub-clauses. I might even use a document control number like SOP-73 for my “Design and Development” procedure.

In my previous blog posting, http://bit.ly/AuditHours, I suggested a slight change to the scheduling of internal audits. To ensure this meets FDA requirements, the key is to READ THE REGULATIONS AGAIN. Concerning internal auditing, the applicable FDA regulation is 21 CFR 820.22:

“Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action (s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and reaudits shall be documented.”

The above requirement is quite vague concerning how many auditors and how many days must be spent auditing. These are the variables I suggested changing in my previous blog http://bit.ly/AuditHours. The FDA regulation 21 CFR 820.22 is specific, however, with regard to documenting the “reaudit” of any deficiencies found during an audit. This prescriptive requirement can be met by reviewing previous audit findings of all audits with the audit program manager during the audit preparation process. The audit program manager can facilitate the assignment of which auditor will reaudit each discovery. This may require a few more minutes of audit preparation, but this should not measurably impact the overall time allocated to an audit.

I do this out of habit when I am performing internal audits on behalf of clients, but if I am auditing the internal audit process of a client—now I’ll remember to point out this additional requirement that is specific to the FDA and not included in the ISO Standard. This is why we should always READ THE REGULATIONS AGAIN.

 

Posted in: FDA

Leave a Comment (0) →
Page 4 of 4 1234