This webinar answers 510k FAQs and you can register for free by just typing your name, email and a question in the form below.
When is this 510k FAQs webinar?
This webinar was recorded live on Friday, October 14, 2016, at Noon, EDT. It’s free to register as long as you ask a question. There were 14 questions originally submitted in advance for the live recording, but as new questions are submitted I will create blogs to answer your questions and add the questions to our 510k FAQs page.
Contents of 510k FAQs webinar
The webinar recording consists of 17 slides answering 14 unique questions about 510(k) submissions submitted during registration. Registrants will receive a link to download a recording of the webinar and additional questions can be asked at any time by sending me an email or scheduling a call on my contact us page.
Additional Resources for 510k submissions
If you would like additional training on 510k submissions or you would like to access Medical Device Academy’s templates, you can purchase all of our templates and 510k webinars on our 510k course webpage.
About Your Instructor
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at 802.281.4381 or by email.You can also follow him onGoogle+,LinkedIn,or Twitter.
The article shares lessons learned from implementing procedures for a new ISO 13485 quality system. This is the second in a series. The first month of procedure implementation was covered in a previous article titled, “How to implement a new ISO 13485 quality system plan in 2016.”
Typically, I recommend implementing a new ISO 13485 quality system over six months. Still, recently I a few clients have requested my assistance with implementing a quality management system within four months. In November, I wrote an article about implementing a new ISO 13485 quality system. That article described implementing procedures for the first month. Specifically, the implementation of the following procedures was covered:
SYS-027, Purchasing
SYS-001, Document Control
SYS-002, Record & Data Control
SYS-004, Training & Competency
SYS-011, Supplier Quality Management
SYS-008, Product Development
SYS-010, Risk Management
SYS-006, Change Control
These eight procedures are typically needed first. This article covers the implementation of the next set of procedures. During this month, I recommend conducting company-wide quality management system training for the ISO 13485 and 21 CFR 820.
Implementing Receiving Inspection Procedures
During the first month, procedures for purchasing components and services are implemented. As these products are shipped and received by your company, you need to create records of incoming inspection. It is not sufficient to merely have a log for receiving inspection. You need records of the results of the inspection. You may outsource the inspection activities, but receiving personnel must review the records of inspection for accuracy and completeness before moving product to your storage warehouse or production areas. Even if the inspection is 100% outsourced, it is still recommended to verify the inspection results independently on a sampling basis periodically. This should be a risk-based sampling that takes into account the importance of the item being inspected and the existence of in-process and final inspection activities that will identify potential nonconformities.
The most challenging part of this process typically is identifying inspection procedures and calibrated devices for inspection. Your company must find a balance between inspections performed by suppliers, incoming inspection, in-process inspection, and final inspection. Each of these process controls requires time and resources, but implementation should be risk-based and take into account the effectiveness of each inspection process–as determined by process validation. Sample sizes for inspection should also be risk-based.
Implementing Procedures for Identification and Traceability
The lot or a serial number of components must be identified throughout product realization–including incoming inspection, storage, production, final inspection, and shipping. In addition to determining what things are, you must also identify the status of each item throughout the product realization process. For example:
Is the product to be inspected or already inspected?
After the inspection, is product accepted or rejected?
Which production processes have been completed?
Is the product released for the final shipment?
The procedure for identification and traceability should be implemented immediately after the purchasing process, implemented during 1st month, because traceability requirements should be communicated to suppliers as part of supplier quality agreements and as part of each purchase order.
Initially, when this process is implemented, there is a tendency to complete forms for every step of the process and to distribute copies of the forms to communicate status. Completing forms and copying paperwork requires labor and adds no value. Therefore, learn manufacturing methods and visual indicators such as color-coding are recommended as best practices for identifying products and their status.
Implementing CAPA Procedures
When a product is identified as nonconforming, corrective actions need to be implemented to prevent a recurrence. Procedures need to include the requirement for planning corrective actions, containing a nonconforming product, correcting nonconformities, and implementing actions to prevent any future nonconformities. These procedures also need to address negative trends to prevent nonconformities before the product is out of specification (i.e., preventive actions). Procedures also need to provide guidelines on how to verify the effectiveness of corrective and preventive actions. Initially, the actions implemented will be specific to a purchased product that is received and rejected. However, over time data analysis of process monitoring and internal auditing will identify additional corrective and preventive actions that are needed.
The effectiveness of CAPA processes, in general, requires three key elements:
In the CAPA training provided during the second month, the best practices for CAPA form design are covered. The training includes several methods for root causes analysis too. Finally, the training emphasizes using quantitative measurements to verify the effectiveness of corrective actions. It is recommended to identify the quantitative acceptance criteria for an effective corrective action before initiating actions to ensure that the actions planned are sufficient to prevent a recurrence.
Monitoring Your Procedure Implementation Process
As indicated in November’s article, I recommend using quantitative metrics to track the progress of procedure implementation. For example:
% of procedures implemented,
duration of document review and approval process, and
% of required training completed.
Implementing Procedures for ISO 13485:2016
If you already have a quality system in place, you are implementing procedures that are modified for ISO 13485:2016 compliance, some of the same lessons learned to apply. If you are interested in learning more about the changes required for compliance with the 2016 version of the standard, we recorded two live webinars on March 24, 2016.
This webinar provides an update on the New European Medical Device Regulations–including updates from the MedTech Summit I am attending this week in Brussels.
Learning About the New Medical Device Regulations
On May 25 the negotiators of the Dutch presidency of the Council and EU Parliament reached an agreement regarding the New European Medical Device Regulations. This MedTech Summit I am attending in Brussels is the first opportunity for the agreement to be discussed and presented at an International Conference. I am presenting at the conference on risk management and I will be chairperson of the presentation streams focusing on Post-Market Surveillance and Labeling. I will be gathering information and advice from Notified Bodies, Regulators and other industry experts at the event regarding the impact and preparation needed to comply with the new regulations.
Webinar Details for the New European Medical Device Regulations
Anyone purchasing this webinar will receive a recording of the webinar and a copy of the native slide deck for $129. There will be 24 slides during the 40-minute presentation. All deliveries of content will be sent via AWeber emails to confirmed subscribers.
Q&A
Please submit questions to me by email at rob@13485cert.com regarding the New European Medical Device Regulations. If you have company-specific questions, please send me a request to set-up a private call to discuss your specific issues.
New European Medical Device Regulations Webinar available for $129.00:
New European Medical Device Regulations
Access to a live webinar, native slide deck for this live webinar and a link to download a recording of the live webinar after the live event.
Rob Packard is a regulatory consultant with ~25 years experience in the medical device, pharmaceutical and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.281.4381 or email.You can also follow him onGoogle+,LinkedInor Twitter.
This webinar bundle teaches you to excel in the skill of managing a Material Review Board (MRB) in order to control nonconforming product.
On Thursday, May 19 we hosted a webinar on Control Nonconforming Product. For this webinar, we tried two new things:
We bundled the webinar with our new updated procedure for ISO 13485:2016 compliance.
We offferred two different times for participating in the webinar live: 7am EDT & 1pm EDT. Anyone purchasing this webinar / procedure bundle will receive a recording for both webinar time slots.
Typically webinars are sold on our website for $129 and procedures are sold for $299. This bundle is sold for $299. As always, you receive a copy of the native slide deck and a link for downloading the recording (2 recordings this time). You receive the procedure for control of nonconforming product (SYS-023) which has been updated to include requirements for ISO 13485:2016. You also receive the associated forms for this procedure:
FRM-008, Nonconforming Product Record (NCR)
LST-008, NCR Log
ISO 13485:2016 Requirements
On March 1, 2016 the 2016 version of ISO 13485 was released. The new version of the Standard now requires procedures for rework of nonconforming product in an effort to be harmonized further with US regulatory requirements.
Control Nonconforming Product Webinar Bundle – $299
The first recording of this webinar was 50 minutes in duration, but there were no questions from the audience. The second recording of the presentation was 39 minutes and there were 9 minutes of answering questions submitted. Both recordings cover the exact same slides. The presentation explains how to control nonconforming product and successfully conduct rework. All deliveries of content will be sent via Aweber emails to confirmed subscribers. You can submit any additional questions by email after you have seen listened to the recordings.
Control Nonconforming Product Procedure / Forms
The previous version of the procedure / forms is described on this website, but the updated version of the procedure has been expanded to address revisions in ISO 13485:2016 specific to rework procedures. Subscribers to this webinar bundle receive free updates to this procedure in the future when changes and improvements are made.
Q&A
If you have company-specific questions, please send me a request to set-up a private call to discuss your specific issues.
Control Nonconforming Product Webinar Bundle available for $299.00:
SYS-023 - Control of Non-Conforming Product Procedure, Webinar & Exam Bundle
SYS-023, Control of Nonconforming Product Procedure/Forms; Become a Material Review Board (MRB) Ninja. Access to 2 live sessions (same content), native slide deck, updated procedure and exam with training certificate.
Rob Packard is a regulatory consultant with ~25 years experience in the medical device, pharmaceutical and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.281.4381 or email.You can also follow him onGoogle+,LinkedInor Twitter.
This webinar explains how to create a design history file (DHF) complaint with 21 CFR 820.30j and ISO 13485:2016, Clause 7.3.10.
Your cart is empty
This presentation includes specific documentation updates to comply with ISO 13485:2016 that was released on March 1, 2016 and how to integrate your design process with preparation of regulatory submissions such as a 510k or CE Marking submission.
Design History File (DHF) for 21 CFR 820.30j compliance
The most frequent category of FDA Form 483 inspection observation is design controls (i.e., 21 CFR 820.30). There are 10 different sections of the design controls requirement. Manufacturers that do not have design controls in place will frequently receive multiple observation findings during the same inspection–all related to design controls. The most common design control observations are:
A procedure for design and development has not been established in accordance with 21 CFR 820.30a
A procedure for design transfer has not been established in accordance with 21 CFR 820.30h
A procedure for design changes has not been established in accordance with 21 CFR 820.30i
A design history file (DHF) has not been established in accordance with 21 CFR 820.30j
If a manufacturer has no procedure for design controls, then the manufacturer could receive 4 different observations on FDA Form 483.
ISO 13485:2016 Requirements for Medical Device Files your Design History File (DHF)
On March 1, 2016, the 2016 version of ISO 13485 was released. The new version of the Standard now requires procedures for design transfer, design changes, and design and development files to be further harmonized with US regulatory requirements. Then, on February 2, 2024, the FDA released the QMSR–which goes into effect on February 2, 2026. The new QMSR does not include the term Design History File (DHF). Instead, the FDA is incorporating the requirements of ISO 13485 by reference. Specifically, that includes Clause 4.2.3 for Medical Device File. Therefore, this presentation was created to specifically identify changes needed to your design controls procedure in order to comply with ISO 13485:2016 and the QMSR.
When is the Design History File (DHF) Webinar?
This webinar will be hosted live on September 26, 2024 @ 10:30 a.m. ET. If you purchased the webinar before September 26, you will receive login information to participate in the live webinar. The webinar will be hosted on Streamyard.com. If you cannot participate in the live webinar, please send us your questions in advance so that we can be sure to address your questions in the live webinar. You will be able to download the recording from the Dropbox folder after the live webinar and you can watch it as many times as needed. You will receive:
a native slide deck for the webinar (30+ slides)
our combined design and risk management plan template (TMP-021)
a link to download a recording of the webinar (60+ minutes)
All content deliveries will be sent via AWeber emails to confirmed subscribers.
Do you have questions about design history files?
If you have any generic questions about creating a design history file or the new ISO 13485:2016 requirements for a design and development file, please email me at rob@fdaestar.com. I will use your questions as material for webinars and future blogs. During live webinars, you are only able to submit questions via the chat box. If you have company-specific questions, please send me a request to set up a private call to discuss your specific issues.
Design History File (DHF) Webinar available for $129.00:
Design History File (DHF) Webinar
On March 1, 2016, the 2016 version of ISO 13485 was released. The new version of the Standard now requires procedures for design transfer, design changes and design and development files in an effort to be harmonized further with US regulatory requirements. Then in February 2, 2024, the FDA released the QMSR–which goes into effect on February 2, 2026. The new QMSR does not include the term Design History File (DHF). Instead, the FDA is incorporating the requirements of ISO 13485 by reference. Specifically, that includes Clause 4.2.3 for Medical Device File. Therefore, this presentation was created to specifically identify changes needed to your design controls procedure in order to comply with ISO 13485:2016 and the QMSR.
Price: $129.00
Exam and Training Certificate available for $49.00:
Exam - Design History File
This is a 10 question quiz with multiple choice and fill in the blank questions. The completed quiz is to be submitted by email to Rob Packard as an MS Word document. Rob will provide a corrected exam with explanations for incorrect answers and a training effectiveness certificate for grades of 70% or higher.
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510k submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.281.4381 or by email. You can also follow him on YouTube, LinkedIn, or Twitter.
This article explains how to write a quality system plan template to revise and update your quality system for compliance with ISO 13485:2016. If you want to download our free template, there is a form to complete at the end of this article.
Templates are the key to writing a quality system plan
Plan, do check, and act (PDCA) is the mantra of the Deming disciples, but does anyone know what should be in your quality system plan template. Everyone focuses on the steps–the “What’s.” Unfortunately, people forget to include the other important pieces of an all-inclusive quality system plan. Why? When? Who? And How much?
The table in the template is an example of “What?” steps to perform, but it is specific to my procedures. You will need to revise the table to reference your procedures, and the changes you make will be specific to your quality system plan. The other sections of the template tell you what needs to be included in that section, but I did not provide examples for those sections.
Why should you create a quality system plan template?
The purpose section of the quality system plan answers the question of “Why?” You need to specify if the purpose of your quality system plan is compliance with new and revised regulatory requirements, preventing recurrence of quality issues, or maybe a faster development cycle. The purpose section of the plan also provides guidance with regard to the monitoring and measurement section of your quality system plan template.
When should you create a plan for quality system changes?
Most changes have deadlines. In the case of ISO 13485:2016, there will be a 3-year transition period. Still, most companies establish internal goals for early implementation by the end of the fiscal year or the end of a financial quarter. Some of the changes can be made in parallel, while other changes need to be sequential. Therefore, there may be specific milestones within your quality system plan that must be completed by specific dates. These dates define “When?” the steps in the quality system plan must be implemented.
Who should write your quality plan?
As my quality system plan template indicates, I recommend defining both individual process owners and teams of process owners where processes can be grouped together. For example, I typically group the following four processes together as part of “Good Documentation Practices (GDPs)”: 1) control of documents (SYS-001), 2) control of records (SYS-002), 3) training (SYS-004), and 4) change control (SYS-006). I cover all four processes in a webinar called “GDP 101.”
It is important to have one person that is accountable and has the authority to implement changes for each process, but only one person should be in control of each process. If you have four related procedures, then the team of four people will need to coordinate their efforts so that changes are implemented swiftly and accurately. For the overall quality system plan template, I recommend assigning a team leader for the team of four process owners described above. One of those people should be responsible for team leadership and writing the quality system plan template.
Monitoring implementation of your quality plan?
Monitoring the progress of your plan ensures the successful implementation of the plan. Sometimes things don’t work as planned, and corrections need to be made. Additional resources might be needed. The plan may have been too optimistic with regard to the implementation time required. I recommend assigning one person the task of retrieving team status reports from each of the teams and consolidating the team reports into an overall progress report.
Free download of ISO 13485:2016 quality system plan template
The sign-up form below will allow you to receive an email with the ISO 13485:2016 quality system plan template attached. This is a two-step process that will require you to confirm the sign-up.
If you have a suggestion for a different type of quality plan, please let us know.
Which countries require a CE Mark for medical devices?
CE Marking is required for the EU Member States, but there are several countries outside the EU Member States that have adopted the requirements of the three device directives. The best list of applicable countries for medical devices is the contact list for competent authorities. There is also recognition of CE Certification by other countries around the world.
What is the “new approach” to product certification in Europe?
The “old approach” involved highly detailed technical requirements. The “new approach” provided more general requirements and standardization of requirements for safety and performance. The new approach resulted in the free movement of medical devices throughout the EU Member States.
These are the requirements for safety and performance specified in Annex I of the three medical device directions. These directives are divided into general requirements for all devices, and requirements regarding design and construction (MDD & AIMD), or design and manufacturing (IVDD). The Essential Principles outlined for Australia and in the GHTF guidance document are similar, with only a few minor differences.
The four-digit number is the Notified Body number. Click here for a link for a list of the Notified Bodies with each of the four-digit numbers. This database can also be used to identify which Notified Bodies can issue CE Certificates for each type of product.
No. ISO 13485 is the applicable Quality Management System Standard for medical devices—not ISO 9001. However, it is not required to be ISO 13485 certified. However, ISO 13485 is harmonized with the MDD, and therefore, compliance with the MDD is presumed.
If your company switches Notified Bodies, is the product with the previous CE Mark still valid?
Yes. Once devices have already been CE Marked, the CE Mark is valid. Any new product shall be labeled with the new Notified Body (NB) number. The “grey area” is the transition of labeling when labeling stock for the previous NB number is not used up. Both NB’s require a labeling transition plan from the manufacturer to outline when all inventory of the previous NB number is used up.
Article 11 of the MDD defines the various conformity assessment routes for devices. The options for routes to conformity are dependent upon the device classification. The various Annexes of the MDD involved are Annex II, III, IV, V, VI, and VII.
The Declaration of Conformity (DoC) is the manufacturer’s statement of conformity with a specific assessment process. This must be in accordance with Annex II, V, VI, or VII. The DoC must identify the products within a device family, legal manufacturer, conformity assessment process used, dates of validity, and the DoC must be signed.
How is medical device classification determined for CE Marking?
Annex IX defines the classification rules for Europe. There is also a MEDDEV guidance document published that helps to explain classification rules with examples.
How long does it take to get a CE Certificate for a medical device?
The shortest length of time that one of my clients has been able to achieve for a new CE Certificate is 14 weeks (start to a certificate in hand). The actual review time was only a few weeks, but the company also needed to achieve ISO 13485 Certification. More realistic timeframes for review are 12-16 weeks for high-risk devices. Still, most Notified Bodies offer options for expedited reviews or dedicated on-site review of Design Dossiers and Technical Files.
Are MEDDEVs required or optional for medical device CE Marking?
The MEDDEVs are guidance documents written by competent authorities—not law. However, MHRA has taken an active role in drafting many of these guidance documents, and the Notified Bodies under MHRA’s jurisdiction follow these guidance documents carefully. The MEDDEVs are now replaced by the MDCG Guidance Documents. Future CE Marking FAQs will focus on the MDR, IVDR, and MDCGs.
Are clinical studies required for CE Marking of medical devices?
No. Clinical Evaluations are required as Essential Requirement 6a in Annex I of the MDD. However, there are two routes to performing a clinical evaluation: 1) the literature route, and 2) pre-market clinical studies. In general, Class III devices and many Class IIb devices are expected to have some clinical study data. However, if the device performance is based upon equivalence to existing devices—PMCF Studies are expected to verify the performance of the device.
The Authorized Representative is the official correspondent for communication of complaints by users and patients in the EMEA, Switzerland, and Turkey. A distributor may perform this function if the distributor is physically located in the EU. The roles and responsibilities of authorized representatives are defined in a MEDDEV document from 2012.
Why do some companies have multiple CE Certificates for the same medical device?
A company will need at least two CE Certificates for all Class III devices and depending upon the conformity assessment procedure used. Class IIb devices may also require two CE Certificates. In the case where two certificates are required, the first Certificate is a CE Quality System Certificate, and the second Certificate is specific to the review of the Design Dossier for the product family. The second Certificate is either an Annex II.4 (Design Examination) Certificate, or an Annex III (Type Examination) Certificate.
Do you have any CE marking FAQs?
If you have a medical device that you need to obtain CE marking approval for, please contact Rob Packard by phone at +1.802.281.4381 or email. You can also follow him on Google+, LinkedIn, or Twitter.
This article explains what a master validation plan is, when is it appropriate to have a master validation plan, and when you need one.
Master Validation Plan
In the United States, there are two applicable regulations for medical device manufacturing process validation: 1) 21 CFR 820.75, and 2) ISO 13485, Clause 7.5.2. Neither the QSR regulation nor the ISO 13485, include any mention of a master validation plan. There is a requirement for product realization planning, and a master validation plan could be an essential part of that planning. However, master validation plans are not mentioned anywhere.
MDD – Master Validation Plan?
For companies that manufacture CE Marked products, the term validation appears in the MDD (93/42/EEC as modified by 2007/47/EC) a total of two times. Only one of those references is specific to process validation, but there is no mention of a master validation plan. The single mention of validation appears in Annex VII, and the reference is specific to the requirement for including a copy of the sterilization validation report in a technical product file.
CMDR – Master Validation Plan?
For companies that hold one or more Canadian Medical Device Licenses, “validation” appears in the Canadian Medical Devices Regulations (CMDR) a total of eight times (four times as part of the French translation). The first four references are part of the definition of validation, where the CMDR is referring to design validation. The remaining four references specifically mention the requirement for the inclusion of process validation and software validation in a medical device license application for Class IV devices. None of those references say of a master validation plan.
IQ/OQ/PQ Requirements?
Not only is there no mention of a requirement for master validation plans in any of the medical device regulations, but there is also no mention of installation qualification (IQ), operational qualification (OQ), or performance qualification (PQ). The only mention of validation protocol or report appears in 21 CFR 820.70 as it refers to using validation protocols for validation of software controlling automated equipment.
21 CFR 210 or 21 CFR 211 requirements?
The requirements for medical devices historically are derived from pharmaceutical regulations–which included the requirement for process validation. However, neither 21 CFR 210 nor 21 CFR 211 mention master validation plans (need to verify). They also don’t mention IQ/OQ/PQ requirements.
Where did the idea for Master Validation Plans Come From?
GHTF/SG3/N99-10:2004 is the guidance document that was created by the Global Harmonization Task Force’s Study Group 3 for guidance on process validation. The guidance even includes templates for a master validation plan, IQ, OQ, and PQ. The guidance indicates that the purpose of a master validation plan is to plan validation and revalidation activities. There are other planning documents that could be used instead. For example, design plans include process validation as part of the design transfer activities when a new product is being developed. Quality plans are used for facility expansions and construction of new facilities. Some companies even include validation and revalidation plans in their process validation procedure and/or sterilization validation procedure.
For companies that have equipment that requires validation, I like to use an equipment register that identifies calibration, preventive maintenance, validation, and revalidation requirements as part of the equipment register. This allows me to use one single document to manage all the planning of calibration, preventive maintenance, and validation. If there are no validation requirements, then the appropriate column of the equipment register will indicate “n/a.”
What is a Master Validation Plan?
A master validation plan (MVP) is simply a plan for your equipment and process validation activities. All the equipment, processes, and software requiring validation should be included in the MVP. The plan should reference the applicable protocol and report for each item in the plan. If there are revalidation requirements, the plan should indicate when the last validation was performed and what the frequency of revalidation should be. Ideally, similar equipment will use the same validation protocols that are controlled documents and pre-approved. Over time the number of reports referenced will increase, but the plan should only reference the most recent approved protocol(s).
Some companies include the rationale or triggers for revalidation in the plan–just as you would for a record retention table. However, other companies will include this detail in the validation protocol and/or in the process validation procedure. The rationale for revalidation only needs to be in one of three places, and duplication of the information just encourages errors and audit non-conformities.
This article provides practical advice for how to deal with records the FDA is not allowed to request during an inspection and FDA inspector tactics specific to 21 CFR 820.180 – exceptions. When I meet with a new consulting client, the phrase I dread hearing is “the FDA can’t see that.” Indeed, the FDA is not supposed to review the content of internal audit reports, supplier audit reports, and management reviews to encourage companies to use these tools to address quality problems without having to worry about the FDA beating them with their reports. This policy is officially stated in subsection C of 21 CFR 820.180–exceptions:
21 CFR 820.180 – Exceptions
“[21 CFR 820.180 – exceptions] does not apply to the reports required by 820.20(c) Management review, 820.22 Quality audits, and supplier audit reports used to meet the requirements of 820.50(a) Evaluation of suppliers, contractors, and consultants, but does apply to procedures established under these provisions. Upon request of a designated employee of FDA, an employee in management with executive responsibility shall certify in writing that the management reviews and quality audits required under this part, and supplier audits where applicable, have been performed and documented, the dates on which they were performed and that any required corrective action has been undertaken.”
The Problem with Hiding Records
The problem with the mentality of hiding things from the FDA is that it fails every time. The FDA can get to issues in your management reviews and your internal audits by asking, “Can I please see all the CAPAs resulting from audits and management reviews.” One client I spoke with said that they purposely don’t open any CAPAs from audits or management reviews for that reason. I was in complete shock, but I managed to keep my poker face and asked the client, “So what do you think the FDA will do when you say that you don’t have any CAPAs resulting from audits or management reviews?” Management responsibility is a frequent FDA inspection target. Most companies are subjected to a Level 2, QSIT inspection on a biannual basis. During these comprehensive inspections, the inspector reviews the four major subsystems: 1) management controls, 2) design controls, 3) CAPA, and 4) production and process controls. The FDA will ask open-ended questions to determine the effectiveness of the QMS. If the inspector is not going to look at the actual meeting minutes from the management review, you can expect them to look at the following apparent targets:
“May I see your procedure for Management Reviews?”
“May I please have a copy of your organization chart?”
“Could I see the agenda and attendees list from your last management review?”
The inspector could also ask for copies of inputs that are identified in the Management Review procedure, such as: “Could I have a copy of the most recent scrap trend analysis for production?” or “What is your threshold for taking corrective actions for rejects found in receiving inspection?” One Quality Manager told me a fascinating story about his local inspector. During a previous inspection, the inspector requested a copy of the management review. The Quality Manager showed him the cover page that indicated the agenda and the attendees. The Quality Manager refused to let the inspector see the rest of the meeting minutes. The inspector then proceeded to conduct a brutal 3-day inspection where a myriad of 483’s was written. Twelve months later, the inspector returned to perform a “Compliance Follow-up.” This time when the inspector asked to see the management review, the Quality Manager agreed to let the inspector see the entire meeting minutes. From that point onward, each time the inspector got close to identifying a new 483’s, the inspector would stop following the audit trail at the last moment before the nonconformity was identified. The Quality Manager said it was almost like the inspector was showing him that he could find all kinds of problems to write-up if he wanted to. Still, he was taking it easy on the company because the Quality Manager was cooperative. My philosophy is to create a QMS that is open for review by any customer, auditor, and even the FDA. No matter what they find, it’s just another opportunity to improve. This has worked well for me, but you need to follow a few basic rules when writing audit reports and management review meeting minutes.
Rules for Writing Audit Reports & Management Reviews
DO NOT write anything inflammatory or opinionated in your documents. My motto is, “Stick to the facts, Jack (or Jill).”
I ask other people in the management team to read and review the meeting minutes before they are finalized. The variety of perspectives in top management helps to make sure that the final document is well written and clear—especially to FDA inspectors.
I structure the documents as per a standard template that is a controlled document. This ensures that each report or management review was conducted as per the procedure. I typically reference the applicable clauses and sub-clauses throughout the document. For example, I will reference ISO 13485:2003, Section 5.6.2h) for the slide titled “New and Revised Regulatory Requirements.” I put the reference next to the slide title just to make it clear what requirement this slide is addressing.
If there is an area that I covered, but there was nothing to discuss, I write, “There was no further discussion on this topic.”
If there is an area that I did not cover, I make sure I do the following:
write a justification for not covering the area,
indicate the last time the area was covered (and the result at that time), and
document when the area will be covered in the future.
You can continue to listen to the advice of consultants that think of creative ways to hide things from the FDA, or you can follow the above advice. If you follow my advice, then you can spend the rest of your time working on the CAPAs for each area where you identified a weakness—instead of spending your time trying to hide your problems. If you need help preparing for an FDA inspection or responding to FDA 483 inspection observations or warning letters, please email Rob Packard. We have two people on our team that used to work for the agency.
This article explains the roles and responsibilities of a European Authorized Representative for CE Marking of medical devices. The article also provides advice on selecting and changing the European Authorized Representative.
European Authorized Representatives are the legal representative of non-European manufacturers for medical devices sold in Europe. If a company already has offices located in Europe, an Authorized Representative is not needed. However, if you don’t have offices in Europe, you must have a legal agreement with an Authorized Representative that is physically located in Europe to be your primary contact for receipt of customer complaints. The Authorized Representative can also act as your liaison between the Competent Authority in Europe and your company.
Why your distributor is not the right choice
Many manufacturers located outside of Europe choose their distributor as an Authorized Representative. Distributors often want to do this, because then their name is required to appear by law on the labeling and the IFU. Unfortunately, your distributor has a conflict of interest. The distributor does not want adverse event reporting, recalls, or even complaints. Therefore, can you be sure that the distributor will notify you immediately of all potential complaints?
In January 2012, the European Commission released a guidance document explaining the roles and responsibilities of European Authorized Representatives: MEDDEV 2.5/10. Distributors rarely have the regulatory expertise to act as an Authorized Representative.
Competent Authorities occasionally audit Authorized Representatives to ensure that the legal requirements are being met. When this happens, clients often ask me to recommend a European Authorized Representative to switch to.
Primary Responsibilities
The EU Authorized Representative has two primary responsibilities:
Complaint handling
Registration of CE Marked devices
The complaint handling function is the reason why the name and address of the European Authorized Representative must appear on the product labeling and IFU. Your distributor may still become aware of potential complaints, and therefore, distributors should still be trained on the importance of forwarding any potential complaints to your company immediately. The registration function is critical for Class I devices that are non-sterile and do not have a measuring function, because those devices do not have a Notified Body involved. It is often valuable to have an Authorized Representative located in one of the Member States where you intend to sell a larger percentage of the product because the labeling will include a physical address in that Member State.
Other ways an Authorized Representative Can Help
Some manufacturers complain that they are paying $3,000-$5,000 each year for a competent authority to do very little. However, Authorized Representatives are required to review your procedures before CE Marking, and anytime you notify them of an update. This additional review of procedures is equivalent to hiring a consultant to review your procedures.
European Authorized Representatives can be helpful at other times too. For example, if your company and your Notified Body do not agree on the classification of a device, the Authorized Representative may be able to assist you in the same way that an experienced regulatory consultant can. If you receive communication from a Competent Authority, the Authorized Representative can act as your liaison. Most important of all, the Authorized Representative can help you determine when complaints require vigilance reporting and provide support if a recall or advisory notice must be initiated.
How to Select an Authorized Representative
I recommend a three-step approach to selecting your Authorized Representative. First, visit the EAARMED website. One of the 15 members of this association should be your starting point because these are the most experienced Authorized Representatives. Next, you should determine which of the 15 members is located in a country that matches the country you intend to sell in. For example, if 100% of your sales are through a distributor located in Italy, Donawa would be a better choice than a German Authorized Representative. Finally, you should obtain quotes and interview more than one Authorized Representative. You want to make sure that the Authorized Representative is responsive and easy to communicate with. It’s surprising how much we learn about responsiveness and communication during the quoting process.
If you need any additional help preparing for the CE Marking product in Europe, please email Rob Packard.