FDA

Feb 3 2014

Data Analysis of Medical Device FDA Form 483s Issued in FY2013

The author performed data analysis of medical device FDA Form 483s issued in FY2013. Was Design Controls, CAPA, or complaint handling the number one 483?

The FDA recently updated its webpage for “Inspections, Compliance, Enforcement, and Criminal Investigations” (http://bit.ly/FDA483s). The update was the addition of FY2013’s inspection observations (i.e., 483s). Medical Device Academy performed data analysis of the inspection observations report for FY2013. The high frequency of FDA Form 483s referencing CAPA and complaint handling was not a surprise, but the results of the Pareto analysis (http://bit.ly/ParetoChart) might surprise you.

Data without Categories Data Analysis of Medical Device FDA Form 483s Issued in FY2013 — Ranking of Individual Observation References

If you sort the raw data from the FDA, instead of categorizing the observations first, you see that 21 CFR 820.100(a) (i.e., the CAPA procedure requirement) is the most frequently referenced section. Complaint handling, 21 CFR 820.198(a), is the second most frequently referenced section. CAPA even gets the third spot on the table to the left, while the highest-ranking of an individual section for design controls [i.e., 21 CFR 820.30(i)] is eighth. The problem with this approach is that there 244 different sections to review, and it’s difficult to identify which process areas to focus on. Therefore, Medical Device Academy categorized the data by section first and then sorted the data.

The section of the CFR referenced categorized the data from FY2013. For example, there are 15 different sub-sections related to section 21 CFR 820.198. Therefore, all 15 were grouped under one category. The categorization of the data allowed us to reduce the number of observation references from 244 to 32. By doing this, it was clear that CAPA (11.75%) and complaint handling (10.65%) are more frequently referenced in FDA Form 483s than the next most frequent section—medical device reporting (6.24%). However, categorizing the data first shows that design controls (21 CFR 820.30) were referenced more frequently than any other category in FY2013.

You may also expect to see a large percentage of Form 483 observations issued against management responsibilities. However, section 820.20 (i.e., management responsibilities) ranks 13^th out of 32 categories (4.05% in the table below). We even considered that maybe FDA inspectors were issuing fewer 483s against section 820.20 in FY2013 than previous years. However, FY2012 also had slightly more than 4% of the FDA Form 483s issued against this category.

The frequency of 13.25% for design controls may surprise you. However, when all 15 of the different observation references for design controls are combined into one category, there is a total of 582 observations. For the sake of comparison, only 12.68% of the FDA 483 observations were related to design controls in FY2012. Therefore, inadequate implementation of design controls (http://bit.ly/Implementing820-30) remains the most frequently referenced observation.

If you are interested in downloading the Excel spreadsheet that we used to create the above chart and graph, please follow this link: http://bit.ly/Download-Pareto483s.

Preventive Actions

The Pareto analysis can also be used to focus your internal auditors or a mock-FDA inspection. For example, your next audit might start with a review of the CAPA process, since that is the second most frequent observation reference by FDA inspectors (http://bit.ly/CAPAMistakes). Next, you may want to audit complaint records and medical device reporting (http://bit.ly/outsourcing-complaints). These are the third and fourth most frequent observation references. Finally, after you have finished these three areas, you should select a product line that has not been recently inspected by the FDA and perform an audit of the Design History File (DHF): http://bit.ly/AuditDesign. The auditor should verify that all the changes made to the Device Master Record (DMR) have been documented and validated in accordance with your Design Controls procedure.

In addition to performing a mock-FDA inspection, you should also invest in training of employees in each of the four most critical areas:

Design Controls
CAPA
Complaint Handling
MDRs

Signing a training record to indicate that you read and understood a procedure does not meet the requirements for training personnel. You need to develop a training curriculum for each subject area with practical examples—not just bullet points copied from the QSR. In addition to reading and sharing the blogs that are referenced for each of the above areas, you might also consider reviewing the following blog about training effectiveness: http://bit.ly/TrainingExams.

If you are interested in training courses, Medical Device Academy has a library of pre-recorded webinars available: http://bit.ly/QA-RA-Webinars. We also have exams that can be used to verify training effectiveness after each webinar. Please let us know if you are looking for something specific because we develop new customized training webinars every month.

Data Analysis of Medical Device FDA Form 483s Issued in FY2013 Read More »

Jan 22 2014

4 Ways to Create Your Own FDA Medical Device Regulatory Updates

Leave a Comment / FDA / By Robert Packard / Creating your own FDA medical device regulatory updates, FDA medical device regulatory compliance, FDA medical device regulatory updates, medical device consultant, medical device consulting, medical device regulatory

Although FDA medical device regulations are centrally located in one place: http://bit.ly/FDA-homepage, this blog discusses four information areas you can monitor to create your own FDA medical device regulatory updates-(guidance docs, standards,), etc.

Guidance documents released (http://bit.ly/FDA-guidance),
Recognized standards (http://bit.ly/Recognized-Consensus-Standards),
Device classifications (http://bit.ly/ProductClassification), and
Total Product Lifecycle (TPLC) database (http://bit.ly/FDA-TPLC).

Guidance Documents

When you check the FDA website for the new draft and final guidance documents, the webpage to monitor is http://bit.ly/newFDAguidance. This page had already had four new guidance documents in 2014, and in October 2013, the FDA released an important update about the eCopy program for 510(k) submissions: http://bit.ly/FDA-eCopy.

Recognized Standards

The FDA has a separate database for all recognized consensus standards: http://bit.ly/Recognized-Consensus-Standards. This database is used to verify which Standards can be used for verification and validation testing of new devices, and the reference of any of these Standards in a device submission must also be accompanied by the completion of Form FDA 3654: http://bit.ly/Form-FDA-3654.

Device Classifications

Changes to device classifications and/or regulatory approval pathways are rare at the FDA, but you should periodically check the classification database to verify that there have been no changes. The most likely changes will be the addition or removal of recognized standards applicable to your devices. The database for looking up device classifications can be found at http://bit.ly/ProductClassification.

TPLC Database

For each 3-letter product classification code, there is a database that shows all the recent 510(k) submissions, all recalls, and summarizes all the medical device reports submitted for serious injuries and deaths. This database, http://bit.ly/FDA-TPLC, should be monitored to proactively identify problems that occurred with similar products before they happen to your product. Also, there may be voluntary reports from user facilities regarding your device that were not reported directly to your company. The possibility of voluntary reports makes this an important database to monitor weekly. Other resources include:

http://bit.ly/CDRH-news-updates – This is the page of the device division of the FDA (CDRH), where news and updates are posted. You may find it helpful to register for receiving the RSS feeds from this page so that you are informed of any updates as FDA posts them.
http://bit.ly/CDRH-Learn – This is the page where CDRH lists all of the online training courses for medical device manufacturers. This includes popular courses such as the “Pre-market Notification Process – 510(k)s” and “Medical Device Recalls.” This page also had four recent updates: 1) “Investigation Device Exemption Process – IDE,” updated on December 6, 2013; 2) “Device Establishment Registration and Listing,” updated on July 31, 2013; 3) “Global Initiatives,” updated on October 31, 2013; and 4) “Unique Device Identification (UDI) System,” updated on December 23, 2013.

Next Steps

Review each of the above streams of information from the US FDA on a scheduled basis as preparation for quarterly management reviews and determine any potential impact on your organization’s quality system and procedures. This gap analysis should be performed by someone familiar with the specific process(es) addressed by the regulations. The most likely actions to be taken are:

Initiate specific changes to existing procedures
Create new procedures, or
Initiate a quality plan for more substantial changes to your quality system

Management Review-Free Webinar Recording

If you need more help preparing for your management review, here’s a link to a free webinar I recorded: http://bit.ly/Clause5-6. You will also receive a management review slide deck, as well.

4 Ways to Create Your Own FDA Medical Device Regulatory Updates Read More »

Sep 25 2013

8 success tips for the first 30 minutes of an FDA inspection

1 Comment / FDA / By Robert Packard / FDA, FDA inspection

The author presents an 8 item action plan and discussion for getting your FDA inspection off to a good start, beginning when the FDA enters your facility. When an FDA inspector arrives at the reception desk of your facility, the last thing that you want is a Keystone Kops scenario with people running around in a panic and keeping the inspector waiting. This is your first opportunity to make a professional impression, and you never want to give an inspector the impression that you have something to hide. What happens during the first 30 minutes of arrival is critical. While medical device inspections are often announced several days in advance, there is no obligation for the Agency to do so. Therefore, your team needs training and a plan. This training should involve more than just reading the Quality System Inspection Technique (QSIT) manual (http://bit.ly/QSITManual), and conducting a mock FDA inspection. Last year, Rob Packard wrote a blog about “10 FDA Inspection Strategies that Don’t Work” (http://bit.ly/QSITmistakes), but the following activities need to be executed in the first 30 minutes to ensure your next inspection starts smoothly.

The FDA Inspection: 8 Immediate Actions to Take

1. Receptionist-Personnel Contacts (Time Zero)

I once witnessed a receptionist sarcastically comment to an inspector that people must be thrilled when they walk in the door. That was not a great start to the inspection. Ensure that your receptionist and additional personnel who may sit at the desk are trained, understand what to do, and know-how to behave when an FDA inspector(s) arrives. This exercise should not cause panic. You need a simple work instruction located at the reception desk and a list of key staff members to contact immediately. The head of the Quality department, or Management Representative, is usually the first call.

2. Have Chain of Command in Place (Time = 1 minute)

DO NOT keep the inspector waiting in the lobby. Have a communication chain in place to ensure that other appropriate personnel is available in the event that the first point of contact cannot be reached. It is reasonable to ask the inspector to return at a later date ONLY if all individuals with the technical expertise to participate in the inspection are not on-site, or are out of the country. The agent will decide whether to honor this request, but the expectation is that there is always someone with whom they can work with. Never make this request to put off the inevitable.

3. Ask To See Inspector Credentials (Time = 2 minutes)

Ask to see the inspector’s credentials, and ensure that you give them more than a cursory glance. This is important to avoid allowing an imposter posing as an Agency employee from gaining access to your business. While a rare occurrence, it has been known to happen. Some investigators are officers of the Public Health Service and may be in uniform. However, even these officers are not required to wear a uniform for all visits. Note: Section 5.1.1.2 of the FDA Investigations Operations Manual (http://bit.ly/FDAIOM) instructs inspectors to provide their credentials to top management, but copying of official credentials is not allowed.

4. Escort Inspector to Inspection Room (Time = 5 minutes)

Make sure that you can have the inspector escorted to a suitable room with the respective hosts within five minutes of arrival. This will involve ensuring that it is clearly understood by all administrative staff and key management that any other meeting may need to be curtailed, or moved immediately to another location to provide an appropriate space for the inspection. Providing substandard accommodations, such as a very cold or warm room, is not a good strategy for shortening the inspection time, and is a ploy easily recognized by the Agency, though not appreciated. Note: Rob Packard taught an audio seminar earlier this year, where the use of inspection war rooms was covered in more detail—including a diagram with a proposed layout for the room (http://bit.ly/FDAInspectionSeminar).

5. Ready the FDA Inspection War Room (Time = 10 minutes)

Immediately after your inspection room is identified, you need to prepare your backroom or “war room.” This room should be located near the inspection room and set up at a moment’s notice with staff who can expertly execute their respective roles. You will need a mode of communication between the inspection and war rooms, runners to retrieve documents and records in the shortest time possible, as well as a technical individual to review these documents to ensure that they are appropriate and accurate before being provided to the inspector. This room should be ready within ten minutes of arrival.

6. Ensure You Have Emergency Supplies & Copies (Time = 15 minutes)

Your war room will need supplies. You should have a mobile cart equipped with inspection supplies ready and waiting at all times. Suggestions for the contents of your war room cart include a laptop, projector, staplers, staples, pens, blank folders, a label maker, and a stamp for “uncontrolled copies.” Your supplies need to make it to the war room within 15 minutes of arrival.

7. Ready the Frequently Requested Documents (Time = 25 minutes)

Don’t wait for the inspector to tell you which documents are invariably requested at the outset of any inspection. This includes, but is not limited to, the organizational chart, an index of all procedures, CAPA log, and your nonconformance logs for medical devices—all dating back to the last inspection. This doesn’t mean that you should offer these documents to the inspector. You want to prepare these before they are requested so that they can be provided quickly, but you should keep the copies in the war room until the inspector requests each document and record. Copies of these records and documents should be stamped and ready within 25 minutes of arrival.

8. Relax (Time = 30 minutes)

It sounds as though this process is a race against time. It is not. No one engaging with the inspector should be running in and out of the room, gasping for breath, or sweating profusely from the effort. Keeping the inspector waiting can be perceived as a stall tactic, perhaps arousing suspicion that you are creating records “on the fly” in the war room (definitely not a strategy that I recommend), or that you are having difficulty locating the requested documents, and are not in control of your Quality Management System (QMS). The most important aspect is to manage your QMS so that you are always ready for an inspection at a moment’s notice. If you prepare in advance, you shouldn’t need to do anything more than ask if the inspector would like coffee before the inspection begins.

Please Connect With Medical Device Academy on Social Media

8 success tips for the first 30 minutes of an FDA inspection Read More »

Aug 15 2013

How to Utilize CAPA Training To Avoid FDA 483 Citations

1 Comment / CAPA, FDA / By Robert Packard / CAPA, CAPA training, FDA 483

The author discusses how formal CAPA training can help solve the four most common CAPA deficiencies and help avoid FDA 483 citations.

Corrective And Preventive Action (CAPA) is considered to be one of the most critical processes in a Quality Management System (QMS). CAPAs prevent nonconformities from recurring, as well as identify potential problems that may occur within the QMS.

Both the Code of Federal Regulations (21 CFR 820.100) and the ISO 13485 Standard (8.5.2 and 8.5.3, respectively) include similar requirements for establishing and maintaining a compliant CAPA process. The concept seems pretty straightforward, right?

Then why do so many companies struggle with this process and go into panic mode during FDA inspections and Notified Body audits?

CAPA process deficiencies have long been the number one Good Manufacturing Practice (GMP) violation cited in FDA Warning Letters. Therefore, providing trained experts to teach the CAPA process is well worth the investment to provide your employees with the expertise needed to implement a sustainable, effective, and compliant process. Support from top management is a must for success.

7 Reasons Why There is LIttle Support for the CAPA Process

Managers view CAPA as a necessary evil and apply minimum effort and resources to complete the required paperwork.
All complaints, audit findings, shop floor nonconformities, etc., go straight into the CAPA system, resulting in what is known as “Death by CAPA.” There are hundreds of CAPAs to be dealt with, but the CAPAs languish and quickly become a mountain of overdue records.
The lack of ability to conduct effective root cause analysis results in, at best, a band-aid solution, and recurrence of the same issues time and again.
There is no risk-based or prioritization process that provides a triage for determining when a CAPA is appropriate, and how to classify its criticality.
CAPA forms are either too restrictive, such as using “yes/no” questions, thereby stemming the creative flow of process thinking or, too open-ended, leaving the CAPA owner with little guidance for getting to the exact root cause.
Trending and metrics that would highlight quality issues before they become complaints are lacking, so most CAPAs are last-minute reactions to a crisis, instead of proactive improvement projects.
Senior management has not allocated sufficient time and resources to CAPA owners to develop expertise, and clearly do not understand the nuances of FDA compliance, the ISO Standard, and the responsibilities of CAPA ownership.

Consequences of an Ineffective CAPA System: FDA 483 Citations Are Possible

FDA 483 observations, Warning Letters, and loss of your ISO 13485 certification are possible consequences of failing to manage your CAPA process. Imagine explaining to your customers why you lost your certification, and why they should keep you as a trusted supplier. That is not a conversation you want to have.

A weak CAPA process allows nonconformities to recur, results in manufacturing downtime, requires to rework, and ends with the scrapping of product or lost customers. The consequences of a weak CAPA process negatively impact your company’s financial strategy and goals.

To prevent an increase in the cost of poor quality, your business cannot remain static. You need to improve and adopt best practices. Your CAPA process is a systematic way to make those improvements happen.

Characteristics of an Effective CAPA system?

Easy to follow the procedure
Defined CAPA inputs
Risk assessment and prioritization
Root-cause investigation tools
A well-defined action plan
Metrics to track progress
Communication of information and status
Effectiveness checks
Management support and escalation

What to Expect from Formal CAPA Training

Death by Powerpoint is not training. Effective CAPA training requires hands-on participation in working through root-cause analysis with an expert. One of the best training tools is case studies based upon recent 483 observations. A CAPA training course should teach you how to:

Accurately identify the cause of problems
Prioritize your corrective and preventive actions using a risk-based approach
Implement an appropriate corrective and/or preventive action, and
Verify the effectiveness of your actions

CAPA training should teach you how to reduce the length and number of investigations. Training will also help you master current problem-solving methodologies to identify true root causes, utilizing facts, instead of guesswork or opinion. The proper identification of the exact root cause of a problem is critical because otherwise, your CAPA plan will fail to fix real problems.

Not all formal training needs to be in-person. Face-to-face training can be supplemented with more cost-effective training of concepts using webinars and recorded presentations. Interactive training is needed to supplement this training so that students can practice what they learn.

How Training Solves Common CAPA Deficiencies

The four most common CAPA deficiencies are:

Inadequate procedures
Incomplete investigations
Overdue actions, and
Failure to perform an effectiveness check

Each of these deficiencies is addressed directly by CAPA training. Formal CAPA training reviews each of the requirements for your CAPA process, and trainers will often share samples of CAPA procedures, and CAPA forms that they wrote and found to be effective. Learning multiple root cause investigation techniques, and practicing them using the case study technique, ensure that CAPAs are thoroughly investigated, rather than identifying superficial symptoms.

CAPA metrics are introduced during training to ensure that the CAPA process owner knows best practices for monitoring and analyzing the process. Finally, CAPA training includes specific examples of what is and what is not, a proper technique for performing an effectiveness check.

Results After Formal CAPA Training

The best reason for making formal CAPA training available to the people responsible for CAPAs are the results you will experience after the training. For example:

Elimination of hundreds of overdue CAPAs
Reduction in nonconformities, scrap, rework and customer complaints
Lower overall costs associated with quality problems
Better FDA inspection and Notified Body outcomes, and
Safer products for your customer

If you are interested in learning more about CAPA, click here to register for Medical Device Academy’s Risk-Based CAPA webinar.

How to Utilize CAPA Training To Avoid FDA 483 Citations Read More »

Sep 11 2012

How to request FDA Device Classification information – 513(g) Alternative

1 Comment / FDA / By Robert Packard / Device Classification, FDA

This blog provides a five-step process on how to request FDA device classification information. A screenshot of the FDA website for each step is included.

If your company is currently registering with the US FDA, you are probably reviewing the guidance document this month for the FY2013 user fees. On pages six and seven, there is a table of these fees, but you might have overlooked 513(g). Section 513(g) is a provision in the law that allows companies to request device classification information from the FDA.

For example, if your company was developing a new product, and you were having difficulty identifying the regulatory pathway, 513(g) is your friend. In my opinion, these fees are modest: $5,061 = Standard Fee, and $2,530 = Small Business Fee (updated for FY 2022). Most consultants will charge at least ten hours of consulting to identify the regulatory pathway for a company. I would charge quite a bit less because it takes me a lot less than ten hours. I still think the FDA’s pricing is a good deal because getting information directly from the source is always more valuable than an “expert.”

The US FDA has published a guidance document explaining the process for 513(g) requests. This guidance document was released on April 6, 2012 (updated in 2019). The guidance explains what information companies need to provide in order to submit a 513(g) request. The guidance also has a fantastic list of FDA resources on page five. These are the very same resources that the “experts” use—including yours truly.

Just as any good lawyer tries to avoid asking questions that they don’t already know the answer to, I recommend that you first try using these resources yourself. Once you think you know the answer, your request for classification information will be easier to organize.

Here’s how I would proceed to request FDA device classification information:

Step 1 – Are there similar devices on the market?

Identify another device similar to yours. If you can’t do this, you need serious help. You need a similar device that is already sold on the market to use as a predicate device. If you cannot identify a predicate, then you can’t use the 510(k) process—or you don’t know your competition. Either way, there are challenges to overcome. For example, if you are trying to launch a new topical adhesive made from cyanoacrylate—”Dermabond” might be the first predicate device that comes to mind.

Step 2 – Search the Registration Database for FDA Device Classification

Use the registration and listing database on the FDA website to find the company that manufacturers the device. The link for this is #4 on my helpful links page (updated). This link also will provide you with connections to the classification database—which you can use to find the classification for any device. However, the registration and listing database is less likely to lead you astray. When I type “Dermabond” into the field for the proprietary device name, I get a list of five different product listings.

Step 3 – Select one of the competitor links to identify the FDA Device Classification

Clicking on any one of these five will take you to a listing page for the corresponding company. On that page, you will find the three-letter product code that identifies the device classification and the applicable regulations for that device.

Step 4 – Your found the FDA Device Classification

Clicking on the three-letter product code (i.e., – “MPN” in our Dermabond example) takes you to the Product Classification page. This is where you will find that Dermabond, and other tissue adhesives, are Class II devices that require a 510(k) submission. Also, the Product Classification page identifies an applicable guidance document to follow for design verification and validation testing. This is also called the “Special Controls Document.”

Step 5 – TheTPLC Report lists all the recent 510(k) submissions

Click on the “TPLC Product Code Report” link. This link will provide you with a report of all the 510(k) ‘s recently granted to your competitors, problems customers have experienced with their products, and recalls for the past five years. This is extremely valuable information as a design input—as well as competitive information for your marketing team.

tplc total product life cycle report for mpn How to request FDA Device Classification information 513(g) Alternative — TPLC Report for Product Code “MPN” – Topical Adhesive

How to request FDA Device Classification information – 513(g) Alternative Read More »

Aug 30 2012

10 FDA Inspection Strategies that DON’T Work

4 Comments / FDA / By Robert Packard / FDA inspection

If you were just notified of an FDA inspection and you don’t think you are ready, using tricks to hide your problems is a huge mistake. I have heard a few recommendations over the years for “secrets” to hide those problems. In this post, I share my favorite “secrets”–and why they DON’T work.

Here are my top 10 ways to make an FDA inspection worse:

10. Stalling when the investigator makes a request – This just irritates investigators. At best, the investigator will use the waiting time to identify additional documents to sample or to review the information you have provided more closely. At worst, the investigator will accuse the company of not cooperating with the inspection, and the investigator may return the following week with several more team members to help them. Whenever this occurred during a third-party audit that I conducted, I would move onto another area and interview someone. However, before I left the person that was slow to respond, I provided the person with a list of documents and records that I expected to be waiting for me upon my return. In extreme cases, I had to bluntly tell the management representative that I needed documentation more quickly. As an instructor, I teach auditors techniques for coping with this tactic.

9. Suggesting records for the investigator to sample – This is specifically forbidden in the case of third-party inspections and audits. The FDA has work instructions for identifying sample sizes, and samples are supposed to be selected randomly. In reality, samples are rarely random, and usually, the investigator is following a trail to a specific lot, part number, etc. When clients offered me samples, I tried to be polite and review the record they provided. However, I also would request several other records or follow a trail, as I have indicated above. Another approach I often use is to focus on high-risk items (i.e., – a risk-based approach to sampling). In general, you can expect the FDA investigators to sample more items than a registrar–and sample sizes are often statistically derived if the number of records is sufficiently large. When sample sizes are quite small, I recommend sampling 100% of the records since the previous inspection/audit. This is not always possible for third-party auditors, but internal auditors often can achieve this.

8. Outsourcing processes to subcontractors – The FDA recently reinstated the requirement for contract manufacturers and contract sterilizers to be registered with the FDA by October 1, 2012. Therefore, hiding manufacturing problems from the FDA by outsourcing manufacturing is increasingly more difficult to do. In addition, the FDA focuses heavily on supplier controls and validation of outsourced processes. Therefore, an investigator will identify high-risk processes performed by subcontractors and request documentation of process validation by that supplier. If the company does not have the validation reports, this could quickly escalate to a 483, and possibly a visit to the subcontractor.

7. Trying to correct problems during the inspection – This is what I like to call the document creation department. At one company I worked for, we noticed a mistake across several of the procedures and made a change overnight between the first and second days of the audit. When the auditor asked for the procedures in the morning, he asked, “Is the ink dry yet?” The auditor then proceeded to request records that demonstrated compliance with the newly minted procedures. As you might have guessed, this resulted in several nonconformities. When clients attempt to correct problems found by an investigator, the investigator typically will respond with the following statement, “I applaud you for taking immediate action to contain and correct the problem. However, you still need to perform an investigation of the root cause and develop a corrective action plan to prevent a recurrence. To do this investigation properly may take several days.” I also teach auditors to memorize this phrase.

6. Writing a letter to file – When companies make minor design changes, one of the most common approaches is to “write a letter to file.” This phrase indicates that the design team is adding a memo to the Design History File (DHF) that justifies why design validation is not required or why regulatory notification/approval is not required. The FDA used to publish a decision tree to help companies make these decisions. In fact, such a decision tree is still part of the Canadian significant change document. The FDA recently withdrew a draft document that eliminated many perceived opportunities to utilize the “letter to file” approach. However, the FDA will still issue a 483 to a company if the investigator can identify a change that required validation that was not done, or a 510(k) that was not submitted for a design change. In fact, the FDA looks explicitly for these types of issues when an investigator is doing a “for cause” inspection after a recall or patient death.

5. Shut it down – Not running a production line that has problems is an ideal strategy for hiding problems. However, the FDA and auditors will simply be forced to spend more time sampling and reviewing records of the problematic production line. If you need to shut a line down, ensure everything is identified as nonconforming, and carefully segregate rejected product from good product. You should also use these problem lines as an opportunity to show off your investigation skills and your ability to initiate CAPAs. If you simply forgot to validate a piece of equipment, or do some maintenance, take your lumps and keep production running. If you are a contract manufacturer, never shut it down without notifying the customer. If you do not tell your customer, you will get a complaint related to on-time delivery and a 483.

4. Storing all records off-site – I first heard about this tactic during an auditor course I was co-teaching. During the course, we had many reasons why the company should be able to provide the records in a timely manner. However, I have experienced this first-hand as a third-party auditor. When this happens, I do three things: 1) increase my sampling of records that are available, 2) carefully review supplier controls and supplier evaluation of the storage facility (assuming it is outsourced), and 3) verify that the company has a systematic means for tracking the location (i.e., – pallet and box) for every record sent to storage. FDA investigators will simply move along to another record and follow-up on their earlier request with a second visit, or a request to send a copy of the document to them after the inspection.

3. Identifying information as confidential – A company can claim information is confidential and may not be shared with the public. Still, very little information is “confidential” concerning the FDA or Notified Bodies. Therefore, this strategy rarely works. In fact, this will enrage most FDA investigators. In training courses, I train auditors to ask the auditee to redact confidential information. For example, a CAPA log may have confidential information in the descriptions, but the trend data on opening and closing dates are never confidential.

2. The FDA is not allowed to look at those records – Although this statement is technically true for internal audit reports and management reviews, the FDA always says that they can access this information through the CAPA system. What the FDA means is that there should always be evidence of CAPAs from internal audits and management reviews. If there is not, then this will quickly become a 483. Another person I met tells the story that when they agreed to share the management review records with the investigator, the inspector rarely issued a 483. When they refused to share the management review with the FDA, the inspection went quite badly from that point forth. I don’t agree with being vindictive, but it happens.

1. Show me where that is required – This is just silly. Investigators and auditors are trained on the regulations, while you are educated on your procedures. Spend your time and effort, figuring out how your procedures meet the regulations in some way. Challenging the investigator excites the investigator. We all like a challenge–and we rarely lose. One auditee tried this approach with me in front of their CEO. This experience allowed me to show off that I had memorized the clause in question–and the corresponding guidance document sections. I think the CEO realized quickly that the management representative was not qualified.

My final advice is to do your best to help the investigator do their job, and treat every 483 as “just an opportunity to improve.” Just ensure you submit a response in 14 days, or you will receive a Warning Letter too!

10 FDA Inspection Strategies that DON’T Work Read More »