VHP Sterilization is vaporized hydrogen peroxide sterilization. It is a low-temperature, gaseous sterilization method.
Your cart is empty
What is the VHP Sterilization Validation Procedure (SYS-054)?
VHP Sterilization is vaporized hydrogen peroxide sterilization. It is a low-temperature, gaseous sterilization method similar to EO Sterilization. The primary difference is that hydrogen peroxide is much safer. This procedure defines the process for validating this sterilization method in accordance with the international standard and FDA sterilization validation guidance.
SYS-054 VHP Sterilization Validation Procedure
VHP Sterilization is vaporized hydrogen peroxide sterilization. It is a low-temperature, gaseous sterilization method similar to EO Sterilization. The primary difference is that hydrogen peroxide is much safer. This procedure defines the process for validating this sterilization method in accordance with the international standard and FDA sterilization validation guidance.
Price: $299.00
Please note: This product will be delivered to the email address provided in the shopping cart transaction. After the transaction is verified, please check your email for the download.
When is the live webinar scheduled for this procedure bundle?
The live webinar was scheduled for Monday, October 7, 2024. If you purchased the procedure before October 7, you received login information to participate in the live webinar. The webinar was be hosted on Streamyard.com. If you were unable to participate in the live webinar, please send us your questions. You will be able to download the recording from the Dropbox folder after the live webinar and you can watch it as many times as needed.
What do you get when you purchase the VHP Sterilization Procedure?
To review a sample Medical Device Academy procedure click below:
About Your Instructor
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510k submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.258.1881 or by email. You can also follow him on YouTube, LinkedIn, or Instagram.
In this article, you will learn how to spend your time during a supplier audit. We’ll teach you what is important and what you can skip.
Which suppliers need a supplier audit?
Before you start scheduling supplier audits, you should first decide which suppliers you need to audit. You are required to use a risk-based approach for supplier quality management but have specific recommendations. We recommend that you create five risk-based supplier quality categories:
Critical suppliers
Crucial suppliers
Off-the-shelf component suppliers
Service providers
Consultants
Your critical suppliers are contract sterilizers, contract manufacturers, and contract packagers. Your crucial suppliers are suppliers manufacturing custom components or subassemblies. Off-the-shelf components speak for themselves, but examples of service providers include a company doing plating and other secondary processes. The last supplier category, but not the least, is the consultant category, such as the quality system auditors you hired to do an internal audit.
Which supplier categories require a supplier audit?
The FDA regulations don’t specifically require supplier audits. However, if an inspector finds any nonconformities among your purchased components, you will need to demonstrate how you have addressed the quality issues. If the corrective actions taken are not sufficient, you will need to conduct supplier audits as part of your corrective action plan or effectiveness check. Other countries have different expectations with regard to supplier auditing, but the most common supplier categories that you will be conducting a supplier audit of are “critical suppliers” and “crucial suppliers.” These two supplier categories are also the two supplier categories that you will need to make sure are prepared and willing to accommodate unannounced audits by Notified Bodies. Click on the image below if you would like to read the requirements for audits conducted by Notified Bodies.
What is the purpose of a supplier audit?
When you attend a lead auditor course, the focus is on quality system auditing. However, when you perform a supplier audit—the quality system is not the focus. The focus of a supplier audit can fall into two primary categories: 1) qualifying the supplier or 2) re-evaluating the supplier.
Suppliers are not required to have a registered quality system or ISO 13485 certification. Therefore, many of the things that an auditor might learn about audit agendas in a lead auditor course just don’t apply. However, one thing always applies: reviewing previous quality issues. When we audit internal auditing and supplier auditing programs, we find that one of the most common mistakes is the failure to close out previous nonconformities. Therefore, the second section of my audit report template is a review of prior audit findings. If you have no previous findings, ensure your audit report states that. If you are qualifying a new supplier, ensure that the new supplier doesn’t have the same problems you are having with current suppliers.
When you close the previous issues, there are two approaches. The first approach is to close previous issues at the beginning of the audit—immediately after the opening meeting. This is the most common strategy. The second approach is to close previous issues as you audit the applicable area. For example, if you have previous problems in the area of incoming inspection and maintenance records, it might make sense to close these findings when you audit these areas. The advantage of this second approach is that it ensures that the process owner is closing the previous finding and facilitates the sampling of additional records.
What has little value in the supplier audit agenda? Auditing the management review process has the least value because the supplier is not required to have a quality management system. In fact, subcontractor audits for BSI do not include management reviews, CAPAs, or internal audits—the three required areas for every quality system audit.
What are the most valuable areas to audit?
Incoming inspection, control of nonconforming materials, preservation of the product, production controls, training, and process validation are the areas we typically audit. We would like to start with the nonconforming material area and see which materials are on hold. Then, we would like to sample the incoming inspection records for those raw materials. Next, we want to see how the company is storing those raw materials—if they are accepted. We typically cover these three areas as one process approach audit. This also happens to be the process audit we like to use for training new auditors because the audit of incoming inspection results in numerous audit trails in the support process areas of document control, training, calibration, etc.
The next area we visit is the production area. For this portion of the audit, we are doing a process audit of the production process. We usually request that we schedule the audit for a time when the production area is running the product(s) of interest. A process flow chart helps plan this portion of the audit, and we will often write some notes directly on a copy of the process flow chart.
We conclude the audit with follow-up trails in the areas of 1) document control (to ensure the supplier has the most current versions of all documentation “we” provided), 2) calibration (to ensure that all measurement devices used for inspection are calibrated), and 3) training (to ensure that all personnel working on “our” product are appropriately trained).
What are the advantages and disadvantages of skipping areas?
Since we do not have to spend time on quality system issues during a supplier audit, we spend more time sampling records in the other areas. Therefore, we might sample 5-10 records in each of the above areas instead of 3-4 records. If the number of samples available to sample is small, we may even sample 100% of the records. We also have a supplier auditor tool kit to help your supplier auditor team prepare.
Did you consider confidentiality and security issues during your supplier audit?
Historically, it has always been easy to identify a missing or out-of-date confidentiality agreement during audits, but do you include this in your internal and supplier audits? The new cybersecurity requirements that the FDA released in October 2023 certainly changed what companies need to provide in a 510(k) submission, and the latest FDA eSTAR template has a lot of specific documentation that companies need to include their 510(k). If you want to learn more about the 510(k) requirements, please visit our webpage for the cybersecurity work instruction and webinar.
How will this impact your supplier audit program?
Do you include cybersecurity questions in your supplier audits?
Do your supplier quality agreements address cybersecurity?
Do you have cybersecurity testing vendors added to your approved supplier list?
Is cybersecurity embedded in your post-market surveillance activities?
Do you and your supplier have a schedule for cybersecurity retesting?
In this FDA cybersecurity training webinar, you will learn how vulnerability testing and pentesting are done for your FDA 510k submission.
FDA Cybersecurity Testing
Today, the FDA released the new Final Cybersecurity Guidance. On Wednesday, September 27, 2023, @ 2 pm EDT, we hosted a live webinar with a cybersecurity testing firm, Red Sentry. Red Sentry provides automated vulnerability scanning services and manual pentest services for small companies. Usually, these services are extremely expensive and take months. Alex Thomas and Valentina Flores founded the company to provide cybersecurity testing services that are affordable for small companies and fast. Valentina is the CEO of the company, and she answered our live Q&A and gave a short presentation on cybersecurity testing. Valentina even provides examples of FDA cybersecurity testing for medical devices. If you want to watch the webinar, fill out the form below.
When is the FDA cybersecurity training webinar scheduled?
The webinar was hosted live on Wednesday, September 27, 2023, @ 2 pm EDT, but the YouTube recording is embedded below:
FDA Cybersecurity Requirements
If any of the following attributes apply to your medical device, then FDA cybersecurity requirements apply to your device and you will need to include cybersecurity data in your 510k submission:
Cloud communication
Network connection (active or not)
Wireless communication in any form
USB/serial ports/removable media
Software upgrades (this includes patches)
Medical Device Academy primarily works with medical device start-up companies that are developing their first product and need help obtaining 510k clearance for their device. The hottest trend in medical devices is adding wireless functionality to existing electromedical devices and developing software applications for sharing patient data with physicians (e.g. MDDS systems that are software as a medical device or SaMD). Some of our clients are not familiar with the standard for medical device software lifecycle management (i.e. IEC 62304), and almost 100% of our clients need help with documentation of cybersecurity risks and developing a plan for post-market management of cybersecurity for their devices.
Do you need procedures for Software Validation & Cybersecurity?
Two years ago we recorded a webinar on FDA cybersecurity requirements. If you register for tomorrow’s free webinar, you will also get the slide deck from the webinar presented by Bhoomika Joyappa and Matthew Walker two years ago. The webinar will cover four main topics and then we will address other topics during the Q&A portion at the end. The four main topics are:
Cybersecurity Risk Management
FDA Approach to Cybersecurity Risk Management (i.e. Threat Model)
AAMI TIR57 Approach to Cybersecurity Risk Management (i.e. NIST)
Cybersecurity Labeling
Cybersecurity Labeling Requirements
In the middle of the original webinar from 2021, Matthew Walker explained the cybersecurity labeling requirements. The cybersecurity labeling requirements have been enforced for the past two years, but the new Final guidance for cybersecurity expands the labeling requirements to include a Software Bill of Materials (SBOM). The FDA defines an SBOM as “A list of software components that includes but is not limited to commercial, open source, off-the-shelf, and custom software components.”
How to document FDA Cybersecurity requirements in the FDA eSTAR
On May 22, 2024, we recorded a webinar demonstrating how to complete the cybersecurity section of the FDA eSTAR for documentation of how your device meets the FDA cybersecurity requirements. You can watch this video by purchasing our 510k Course. The webinar was presented by Rob Packard. The webinar reviews the history of FDA guidance documents and discusses what’s new in the latest draft guidance. In the presentation, we also explained the overall process for cybersecurity risk management. This process flow is illustrated by the diagram provided below.
Q&A about cybersecurity
During the live FDA cybersecurity training webinar, we will answer your questions. We will be converting this into an FAQ document and sending that as a follow-up to the original content. If you have company-specific questions, please use our Calendly app to schedule a call. If you are purchasing this webinar now, you can still submit questions by email. You can also use our Suggestion Portal.
Important note about the delivery of this training webinar
The FDA cybersecurity training webinar will be delivered to you via email. You need to confirm an email subscription before an invitation will be sent. Despite our efforts to AWeber to our SPF Record, the emails from AWeber may be in your spam folder.
Additional FDA cybersecurity resources
For devices that are powered and/or have software, you will need to perform software validation in accordance with IEC 62304 ed 1.1 (2015). IEC 62304 makes no mention of “cybersecurity”, but there is another standard that is specific to the cybersecurity of medical devices and it is recognized by the FDA. The FDA has also published two guidance documents that are specific to cybersecurity and a new discussion paper:
Bhoomika Joyappa joined Medical Device Academy in April 2021. She is now a Sr. Regulatory Consultant at our company. She has a Master’s Degree in Biomedical/Medical Engineering from The City University of New York. Prior to joining Medical Device Academy she worked as a regulatory affairs intern and completed a training program in regulatory affairs at Duke University School of Medicine. She also has previous experience as a SAS programmer and technical writer for Huawei. She is passionate about regulatory affairs, and she is making an immediate positive contribution to our clients by already completing her first few 510k submissions and developing cybersecurity checklists for our clients to help with cybersecurity documentation required by the FDA. She can be reached via email.
This will be the 4th edition of our design controls training webinar with new content to modernize your design and development process.
Your cart is empty
Design Controls Training
Design controls are the #1 cause of FDA 483s. In this design controls training, you will learn how to avoid an FDA 483 inspection observation. Design controls are 1 of 4 major quality subsystems that the FDA will review during a QSIT level II inspection, and design controls are one of the biggest challenges for companies developing a medical device for the first time. Design controls also apply to any Class 1 device that has software (e.g., MDDS and other software as a medical device or SaMD).
If you sign up now, you can get live access to the design controls training
This design controls training was recorded on Wednesday, August 14, 2024. It was recorded in two parts (~90 minutes each), and the presentation included 44 slides.
Cost is $129 (AND INCLUDES NATIVE SLIDE POWERPOINT PRESENTATION FILES):
Design Controls Training Webinar - Updated for 2024
This will be the 4th edition of this webinar that we originally created in 2014. The focus of this webinar is to coach companies that are implementing design controls for the first time. Our goal is to make the process simple and straightforward. The latest addition to this webinar will focus on providing examples of how to complete the design control documentation. You will learn how to use these design forms as a development tool to keep your project on schedule.
Price: $129.00
Exam and Training Certificate available for $49.00:
This is a 10 question quiz with multiple choice and fill in the blank questions. The completed quiz is to be submitted by email to Rob Packard as an MS Word document. Rob will provide a corrected exam with explanations for incorrect answers and a training effectiveness certificate for grades of 70% or higher.
Price: $49.00
What is covered in design controls training?
Our instructor, Rob Packardof Medical Device Academy, reviews basic concepts and requirements of each design phase of the design process from design plan approval through commercial launch approval, including:
Design planning
Design inputs
Design outputs
Design verification
Design validation
Design reviews and more.
Phase/Gate Approach
You will learn how large companies manage product design-related projects (5-6 hard gates) and keep them on schedule. The lifecycle loop (i.e., post-market surveillance, clinical evaluation, and risk analysis) is illustrated below. This post-market surveillance loop illustrates that design and risk management documentation need to be updated continuously and the post-market surveillance is an input to the design control process.
Numerous diagrams are utilized throughout the presentation. Another diagram used in the design controls training shows you how to implement risk management throughout the design process.
The problem with the industry standard approach to the design control process is that it is only meant as a regulatory paperwork exercise. To be an efficient and effective process, design controls need to include documentation that you will actually use. Therefore, in this design controls training you will learn how to add small details that transform ordinary design documents into development tools that you depend upon.
Design Plan
Design plans need to be created earlier and updated often. Project managers don’t like to revise their paperwork, because it takes time. However, the purpose of the design plan is to keep your design team on schedule so that the project is not delayed. Therefore, time spent maintaining your design plan reduces delays and team miscommunications. If you have any team members who are working on their first design project, you should identify that this project will be on-the-job design controls training for them. They will also need risk management training. If you are not sure of a start date or the duration of a task in your plan, then you should have a follow-up action item to clarify the dates and durations. Our webinar will provide several examples.
Design Inputs
Many design teams confuse design inputs with design outputs. The design output is a drawing and/or specification. The design input defines the verification testing that needs to be done and the testing acceptance criteria. Unfortunately, we routinely find that design inputs are documented as a simplified version of the design outputs (e.g., the reusable battery is the input and a specific model of battery is the output). In this design controls training, you will learn a completely different approach using a new development tool. The tool is a form, but this form is designed to help you–not the FDA.
Design Outputs
Engineers love spreadsheets. We even tried to put all of the information you need for a design project in one spreadsheet, but there isn’t enough space in a spreadsheet cell to include all of the information needed. Now we use that spreadsheet as a traceability matrix only. This is an update to your design control procedure (SYS-008) and the design controls training webinar. Design outputs are drawings and specifications. In addition to the design outputs, you will need to generate the bulk of your risk management file, usability engineering file, and your software documentation during the development phase. The development phase ends when you have a “Design Freeze” (i.e., you approve your final design outputs).
Design Verification
Design verification is the testing we do to confirm that the design inputs have been met. Design verification testing is often the most expensive part of the design controls process unless animal studies or human clinical studies are required. The changes we made to design inputs in this design controls training are intended to make design verification progress much faster and without mistakes. Design verification involves creating, reviewing, and approving testing protocols. You have to keep records of the testing results, and then you generate testing reports. Even if you are outsourcing the verification testing, you still need to review and approve the protocols, and you should review the reports to ensure that the necessary information is included. The FDA will require GLP studies for biocompatibility testing because the biocompatibility tests involve small animal testing. During the webinar, we will emphasize the most recent change in required testing from the FDA, and you will learn which tasks are likely to be critical path items that require advanced planning.
Design Validation
Design validation demonstrates that your device can perform the intended use. This typically involves simulated use in a benchtop model, computer analysis (e.g., finite element analysis), cadaver testing, and clinical studies. The human factors process concludes with summative human factors testing. That testing can be considered verification or validation, but the documentation will be attached as non-clinical benchtop performance testing in the FDA eSTAR. The human factors testing can also be done in parallel with human clinical studies using the same subjects. The primary focus of validation testing is demonstrating safety and performance for the intended use, but for FDA 510k submissions you must also demonstrate equivalence to a predicate device. Equivalence may involve side-by-side comparison testing, and you will need to justify your statistical sample size and acceptance criteria for validation testing because there may not be a recognized standard or guidance specifying these requirements.
Software & Cybersecurity Updates for 2023
Software validation requirements were updated by the FDA on June 14, 2023. The applicable changes impact the classification of software and the risk management documentation required for submission. In addition, we expect the FDA to release the final guidance for cybersecurity before the end of September. The new cybersecurity requirements also impact the design plans for any company that is submitting to the FDA.
Updates Regarding Human Factors & Usability Engineering for 2024
We recorded an updated our usability webinar and released a usability procedure (SYS-048). After listening carefully to the webinar and reading through the usability procedure, we updated our combined design/risk management plan to specify formative testing during phase 3 and summative (validation) testing during phase 4 of the design process. You can always modify your own design plans to include this requirement or provide a rationale for why it is not needed for your project. However, my goal was to help explain the value of formative testing and its role relative to summative testing. Minor changes were also made to match the design procedure (SYS-008).
We will also include the impact of the December 2022 draft guidance on Human Factors Engineering. If you are interested in purchasing our usability procedure and template for summative (validation) usability testing, please visit our newest webpage for the usability procedure (SYS-048). Our usability webinar is also available.
Effectiveness of your design controls training and the design control process
At the end of each phase/gate, there is a design review and you should be identifying problems that were encountered and initiate corrective actions when needed. We will conclude our design controls training with recommendations for your review of the design control process. At the end of your design project, during the final design review, you should conduct a more thorough review of the design process to verify that all planned design activities were completed. Any weaknesses in the design process should be evaluated for the need to make changes to your design control procedure and forms, but you may also identify future improvements for design inputs, drawings, specifications, or design review meetings. You should also be scheduling an internal audit of the design control process, and an internal audit of the risk management file after the project is completed to make sure that the design history file (DHF) meets regulatory requirements and the requirements of your own procedure.
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510k submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.258.1881 or by email. You can also follow him on YouTube, LinkedIn, or Twitter.
This is a 4-part webinar series that will be conducted live on July 5, 13, 19, and 26 (2023) via Zoom. The second webinar was rescheduled from 12th to 13th due to a scheduling conflict. This FDA PreSTAR tutorial will be free to anyone that already purchased our 510(k) course. If you find this webinar series helpful, you can upgrade to our 510(k) course series and we will credit you for this purchase.
Price: $299.00
We published a comprehensive blog about the FDA pre-submission process, but if you want the ultimate access to our FDA pre-submission templates that you need to attach to your FDA PreSTAR, this is the perfect training webinar for you. Everyone asks us for examples, so in this webinar series, we will be showing you how to complete the entire FDA PreSTAR for three different devices (these will be updated for v1.1 as well):
Clinical Thermometer (FLL)
Drug Wound Dressing (FRO)
OTC Pregnancy Test (LCX)
The PreSTAR tutorial was originally recorded in 2023, but now we are updating the PreSTAR tutorial series for v1.1. The PreSTAR template has changed very little since the initial beta version, but our team has submitted over 100 pre-submissions with the PreSTAR template, and we refined our process. The most significant change to the template was enabling the PDF template and resource for 513(g) submissions. That is covered in a different webinar–also included in our 510(k) Course.
Revision History of the PreSTAR template:
PreSTAR v1.1 (2024-06-26): Modified the categorization of Application/Submission types. Updated list of Standards. Updated FAQ. Fixed minor bugs and typos.
Update 1.0 (2024-03-29) from version 0.3: 513(g) submission content was enabled. The inclusion of more than 10 standards will no longer cause an Import to run very slowly. An attachment counter was added in the Verification section. A workaround was added to allow the proper display of an eSTAR in Adobe Acrobat Pro when it was prepared with PDF-XChange Editor and formatted text was copied to a textbox. The FAQ was updated. The list of standards, list of regulations, and list of product codes were updated. Other minor bugs were fixed and minor changes were implemented.
Update 0.3 (2023-12-06) from version 0.2: Standard recognition number can now be used to autopopulate standard information. Updated Software guidance document link. Updated list of medical device product codes. Updated FAQ. Fixed minor bugs.
Update 0.2 (2023-08-14) from version 0.1: Addition of PCCP submission topic category. Minor text changes.
Updated 0.1 (2023-06-06): Initial beta release.
Outline for the Ultimate FDA pre-submission webinar series
Registrants will receive a confirmation email because we deliver content and notification of updates through AWeber as an email subscription. After confirmation, you will receive login information for the four live Zoom webinars. Each of the four webinars will be approximately 45 minutes in duration, and the training content is organized as follows:
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.258.1881 or by email. You can also follow him on YouTube, LinkedIn, or Twitter.
Medical Device Academy is planning to relaunch our lead auditor training course as an on-demand webinar series in Q1 2025
Why is Lead-Auditor Training Online?
Medical Device Academy’s lead auditor training course was previously offered as an on-site, live training course for private companies. Post-pandemic, everyone wants to learn from home. We also see many more companies choosing to conduct quality system audits remotely. Since Medical Device Academy’s entire team already works 100% remotely, there is no other auditing team that is more experienced at conducting remote audits with Zoom. The instructors also developed three previous lead auditor courses. The estimated time to complete the online course is ~24 hours (i.e., three days)–not including the final exam (~2 hours).
When will the online Lead-Auditor training launch? and how much will it cost?
The three-day online lead auditor course will be available in Q1 2025, but we don’t have a launch date yet. The course will be released as six separate modules. Each module is estimated to be ~4 hours in duration (i.e., a half-day). Each module will be concluded with a quiz to verify training effectiveness. The modules will be priced at $300/each, and the final exam will cost $200. More details about the course and each module will be provided over the next three months. Once final, the course will cost $2,000/person.
Does Medical Device Academy also offer on-site training?
We also offer on-site lead auditor training. The on-site training is also three days in length. We conduct six short quizzes throughout the course to make sure participants understand the material covered before we move on to the next training segment. At the end of the course all participants are provided with a final take-home written exam. The cost of the on-site lead-auditor training is $3,500/day plus travel. If you want a quote for the on-site auditing course or an audit quote, please contact Lindsey Walker.
Lindsey Walker, Director of Sales
Lindsey Walker studied at Castleton University, way back when it was just a little old Castleton State College in Castleton, Vermont, where she received her BS in Business Marketing. She also studied at North Country Community College, where she received her Certificate in Practical Nursing. Besides preparing proposals and sending out invoices, Lindsey was recently promoted to Director of Sales. In this new position, she is responsible for managing the sales team, coordinating introductory calls with our clients, creating proposals, and managing our new billing clerk. Lindsey loves cars, but when she is not behind the wheel of one, you can find her on a pottery wheel.
This on-line lead auditor training course includes:
Audit Preparation & Planning (1st & 2nd party)
How to Conduct Opening & Closing Meetings
Interviewing Techniques
Audit Note Taking (remote and on-site methods)
Videos demonstrating best practices and mistakes
Examples of records to audit
Approaches to Quality System Auditing
Auditor Selection & Ongoing Training
Audit Team Management
Audit Program Planning
How to Eliminate the Need for Checklists
Tutorial on writing nonconformities
Tutorial and report writing
Audit Follow-up
Stories, anecdotes, and case studies
How do we evaluate training effectiveness for lead auditors:
Medical Device Academy has invested in a new training platform called LearnDash. There are five short quizzes and a final exam administered via LearnDash. The quizzes are automatically graded by LearnDash, while the final exam is graded automatically by LearnDash except for the section for writing non-conformities that is graded manually by one of the instructors. Quizzes and the final exam are “open book and notes.” The Lead Auditor Training Certificates are issued automatically via LearnDash.
Reference Materials Needed:
Students will also need access to a copy of the following documents:
The online lead auditor training course is self-paced, 100% virtual, and available on demand. The course requires prior knowledge of ISO 13485:2016, but Medical Device Academy has ISO 13485:2016 training webinar available on-demand as well.
Your Lead Auditor Course Instructors:
Rob Packard
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at 802.258.1881 or by email. You can also follow him on YouTube, LinkedIn, or Twitter.
Matthew Walker
Matthew came to us with a regulatory background that focused on OSHA and NFPA regulations when he was a Firefighter/EMT. Since we kidnapped him from his other career, he now works in Medical Device Quality Management Systems, Technical/Medical Writing, and is a Lead Auditor. Matthew has updated all of our procedures for He is currently a student in Champlain College’s Cyber Forensics and Digital Investigations program, and we are proud to say that he is also a member of both the Golden Keys and Phi Theta Kappa Honor Societies! Matthew participates as a member of our audit team and has a passion for risk management and human factors engineering. Always the mad scientist, Matthew pairs his professional life in regulatory affairs with hobbies in the culinary arts as he also holds a Butchers/Meat Cutters certificate from Vermont Technical College. He can be reached by email. You can also follow him on LinkedIn or YouTube.
This procedure case study describes an error-proof method for procedure review and approval of quality system procedures.
My first training in procedure review
The first time I was formally trained on how to conduct a procedure review was during a lead auditor course. I thought the topic of procedure review seemed out of place, but as I audited more companies, I realized that missing regulatory requirements in a procedure are quite common. Regardless of who reviews a procedure, or how many times it is reviewed, something is always missed. Unfortunately, a desktop audit of procedures is not an effective corrective action or verification method. Auditing procedures is an ineffective method for reviewing procedures because audits are limited by sampling.
A better approach to procedure review than auditing
Instead of random sampling, a systematic review of 100% of regulatory requirements is needed to ensure that none of the regulatory requirements are accidentally omitted. Systematically reviewing regulatory requirements for each country your company is selling in is tedious at best. You need a tool to make the reviewing process error-proof and straightforward. You also need each procedure reviewer to have a defined function to eliminate the duplication of work.
Procedure reviewer and approver roles
There are 3-5 reviewers of procedures in most companies. Some companies make the mistake of having as many as 8-10 reviewers of procedures, but more is not better. There are four primary roles for procedure review, but you could have as few as two people approving most procedures:
process owner (must review and approve)
quality management (must review and approve)
regulatory (must review, but optional approver)
independent (optional review, but not an approver)
You are not required to have all four of these reviewer roles, but including these four roles in your document control process is a best practice. Differentiating between reviewers and approvers should also be considered in your document control procedure. The only documents we recommend top management be a reviewer and approver of are:
Quality Policy
Risk Management Policy
Quality Manual
Management Review Procedure
The reason for top management reviewing these four documents is because top management has a regulatory responsibility related to each of these documents.
Process owner role
The process owner is the owner of the procedure for that process. Therefore, the process owner needs to approve that procedure. It would make no sense to own a process without the ability to approve changes. The process owner may also be the procedure author, but we don’t recommend it. Editing someone else’s work is more effective than editing your own work. Instead, we recommend that the process owner delegate the responsibility for writing and updating procedures to a subordinate who performs the procedure. Then, the process owner is responsible for reviewing and approving the procedure.
Quality management role
The quality management person needs responsibility for reviewing and approving all procedures because this person is responsible for the entire quality system. They need to make sure the procedure is accurate in the context of the entire quality system. The quality management person is the best person to review interactions with other processes. For example, the management review process has twelve required inputs (i.e., ISO 13485, Clause 5.6.2A-L). Each of those inputs comes from another process and procedure. It is essential to ensure that if you are reviewing the complaint handling procedure, somewhere in that procedure, it should state that the monitoring and measuring of complaint trends should be input into the management review process.
Regulatory role
Usually, the regulatory person is responsible for verifying that a procedure meets 100% of the regulatory requirements. This person should verify that the scope of the procedure identifies the relevant markets. If there are references to documents of external origin, the regulatory person should verify that these references are accurate. The best way to do this is by performing a gap analysis. Sometimes the quality management role and the regulatory role are combined in a small company, but larger companies will keep these roles separate. Just because the regulatory person performs a gap analysis as a reviewer, that doesn’t automatically translate to the need for approval of the procedure. We recommend making the decision on whether a regulatory person should approve a procedure based on whether the procedure has specific regulatory requirements (e.g., annual registration or regulatory reporting).
Independent reviewer role
Finally, the independent reviewer is looking for two things:
Does the procedure make sense–to someone who performs the procedure (if that person was not the author); and to an external auditor, such as a certification body (internal auditors can fill this role)?
Are there typos, spelling, or grammar mistakes?
The independent reviewer does not need to be a manager. It needs to be someone who writes well. Editing is tedious, but apparent mistakes in spelling or grammar prompt auditors to review procedures more carefully. If available, we recommend asking an internal auditor to be the independent reviewer. Depending upon the experience of the independent reviewer with regard to performing a gap analysis, the person with regulatory responsibility may delegate the task of gap analysis to independent reviewers. This role can also be satisfied by a consultant with technical writing ability. Medical Device Academy’s resident expert at this is Matthew Walker.
Procedure case study – The most common auditor findings
The two most common reasons for audit findings are:
the procedure is not being followed, and
a regulatory requirement is missing from your procedure.
Not following the procedure
The first problem is the most common reason for audit nonconformity, as companies include requirements in the procedure that are not regulatory requirements. Auditors look for objective requirements to audit. Therefore, if you include objective requirements in your procedure an auditor is more likely to select those requirements to sample than subjective requirements–even if the requirement is not a regulatory requirement. This is one of the reasons we recommend having processing owners review and edit procedures. If you purchase a procedure, it’s important for the person who will be performing the procedure to carefully review the procedure to ensure it matches how they intend to perform that process. If it’s a manufacturing procedure, we recommend training personnel with a draft procedure and handing out red pens. That also dramatically reduces complaints from the people who do the work.
Regulatory requirements missing
For regulatory requirements, your regulatory reviewer needs to create a checklist that includes 100% of the requirements for that procedure. This approach is called a gap analysis. The model for gap analysis documentation we like to follow is the General Safety and Performance Requirement (GSPR) Checklist used for technical documentation (i.e., for CE Marking). There are 23 GSPRs in the MDR and 20 GSPRs in the IVDR. Most of the GSPR requirements have multiple subparts. The regulatory person who completes the GSPR Checklist must indicate the following information next to the applicable requirement in the checklist table:
yes, the requirement applicable or justification if it’s not applicable
a reference to any applicable standards
a cross-reference to the record where evidence of meeting the requirement can be found (e.g., the risk management file)
Regulatory personnel can revise this approach slightly by doing the following for the review of procedures:
yes, the requirement applicable or justification if it’s not applicable
a reference to the applicable specific sub-clause in a Standard or a regulation
a cross-reference to the subsection of the procedure where evidence of meeting the requirement can be found (e.g., section 5.1 of the SYS-003)
Procedure Case Study of the Management Review Procedure (SYS-003)
In Medical Device Academy’s Management Review Procedure, Section 8 is the “procedure section.” Sub-section 8.3 of the procedure lists all the required inputs for a Management Review meeting. Next to each input, we included a cross-reference to the sub-clause in ISO 13485:2016 for the Management Review input.
There is also a requirement in ISO 13485:2016 for conducting Management Reviews at scheduled intervals. This requirement is met by sub-section 8.1 of the Management Review procedure. We used the same approach to identify and cross-reference to this requirement.
Teaching auditors by performing your own procedure case study
Now, when we teach our Lead Auditor Course, we ask attendees to split into small groups to review a procedure–one procedure for each group. In one of the companies where we did this, each of the four teams found a regulatory requirement that was missing from the procedures they were reviewing. All four procedures the teams selected were already reviewed, approved, and currently in use at the time of the auditor training. The four teams created their own procedure case study to demonstrate the importance of reviewing procedures for regulatory requirements.
This unannounced audit training webinar will provide proven tips and advice to help prepare your company for your next notified body audit.
Your cart is empty
What will the unannounced audit training webinar cover?
If you are CE Marking your product for the first time, you may be surprised to learn that Notified Bodies are required to conduct unannounced audits of manufacturers and contract manufacturers. Therefore, you may want to use this unannounced audit training webinar as a tool for preparing your company and your suppliers for their first unannounced audit. In addition, you may want to consider sharing a link to this webpage if one of your suppliers is surprised that this is a requirement for contract manufacturers. Below is a list of what is covered in this webinar:
What is an unannounced audit?
What is the frequency?
Focus on unannounced audits
Who will perform audits?
Processes to be sampled
Items needed for preparation
Definitions and much more!
If you are interested in learning more about unannounced audits by Notified Bodies, please click on the link below to purchase the webinar.
Notified Body Unannounced Audit: A Roadmap for Successful Preparation
In this webinar, you will learn about unannounced audits conducted by Notified Bodies and the frequency of unannounced audits. You will learn what Notified Body auditors are trained to focus on during unannounced audits and which processes will be sampled.
Price: $64.50
What else will you need in preparation for unannounced audits?
In addition to training to prepare your company and your suppliers for unannounced audits, you will also need to have a completed supplier quality agreement that authorizes your Notified Body to conduct unannounced audits of your suppliers. If you don’t already have a supplier quality agreement with your suppliers, you might want to consider purchasing our Supplier Quality Management Procedure (SYS-011). You should also create a supplier audit schedule that prioritizes your “critical suppliers” and “crucial suppliers” that Notified Bodies will be targeting for unannounced audits.
Who will be audited during unannounced audits?
“In 2014, the primary targets for unannounced audits will be manufacturers of high-risk, Class III devices. The primary targets for unannounced audits are unlikely contract manufacturers, because Notified Bodies may not have access to all the technical documentation while they are auditing a contract manufacturer. I expect each of the Notified Bodies to plan at least one unannounced audit of a contract manufacturer for a Class III device that is outsourced, but I don’t expect this to be the focus of unannounced auditing activities in 2014.”
-Notified Body Unannounced Audits Have Begun
About the Instructor
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.258.1881 or by email. You can also follow him on YouTube, LinkedIn, or Twitter.
This supplier auditing tool kit consists of forms and templates for use during the preparation and execution of supplier audits.
Your cart is empty
What’s included in the supplier auditing tool kit?
supplier auditing report template
template for taking notes during an audit
template for clause traceability tracking
template for a supplier audit agenda
turtle diagrams for each of the processes identified in the supplier audit agenda
Supplier auditing webinar and took kit bundle – 299.00
Webinar, Supplier Auditing Tool Kit and Exam Bundle
Planning Annual Audit Schedule Webinar; Supplier Auditing Tool Kit and Audit Planning Exam Bundle includes: 1) native slide deck, 2) recording of webinar, 3) supplier auditing report template, 4) template for taking notes during an audit, 5) template for clause traceability tracking, 6) template for a supplier audit agenda, 7) turtle diagrams for each of the processes identified in the supplier audit agenda, and 8) an exam specific to planning audit schedules.
Price: $299.00
Please note: The supplier audit tool kit will be delivered to the email address provided in the shopping cart transaction. After the transaction is verified, please check your email for the download of a zip file containing the five documents. The tool kit includes the above templates, a recording of the webinar presentation, the native PowerPoint slide deck, and an exam to verify training effectiveness.
Supplier quality management resources to supplement our tool kit
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.258.1881 or by email. You can also follow him on YouTube, LinkedIn, or Twitter.
The Medical Device Reporting (MDR) procedure and webinar bundle will teach you to determine if a complaint requires reporting to the US FDA.
Your cart is empty
When is the Medical Device Reporting (MDR) Webinar?
Since medical device reporting is one of the most common FDA 483 inspection observations, we created this procedure and webinar bundle to help your complaint handling unit comply with 21 CFR 803. This webinar was hosted as a live webinar on June 9, 2016, but we are updating it, and it will be hosted live on December 14, 2023. Anyone purchasing this webinar/procedure bundle will receive a link for downloading the recordings and an invitation to the live webinar if they register before December 14, 2023.
Medical Device Reporting (MDR) Procedure and Webinar Bundle available for $299.00:
SYS-029 - MDR Procedure, Webinar & Exam Bundle
Get the training you need on eMDRs to avoid an FDA 483 for failure to comply with 21 CFR 803. You will receive the reporting procedure, future updates to the procedure, a complaint log template, supporting documentation from the US FDA, a quiz to assess training effectiveness, and a training certificate. Additional training certificates are $49/each.
Price: $299.00
The following is a list of documents included in the bundle:
The procedure does not include instructions for creating an electronic submissions gateway (ESG). The ESG work instructions are sold separately (i.e., WI-003), and the ESG work instructions will be updated during 2024 as the FDA releases the ESG NextGen. The webinar explains how to make medical device reporting decisions and how to establish an electronic submissions gateway (ESG) in order to submit MDRs to the FDA. All deliveries of content will be sent via Aweber emails to confirmed subscribers.
Medical Device Reporting is a Huge Problem
In FY 2015, there were 294 FDA Form 483 inspection observations specific to compliance with 21 CFR 803 (i.e., Medical Device Reporting). Failure to make MDR determinations correctly and in a timely manner also results in a very large percentage of the Warning Letters issued by the FDA to US and Foreign manufacturers. Experienced medical device manufacturers know that they need personnel to be trained on how to make reporting decisions correctly. In fact, foreign firms invest the most in this type of training because if a foreign firm receives two Warning Letters they will have products placed on automatic import detention for the next 18-24 months while they wait for the FDA to return for a Level 3 inspection to close the Warning Letter.
Medical Device Reporting Webinar Bundle
Typically, webinars are sold on our website for $129, and procedures are sold for $299. This bundle will be sold for $299. As always, you will receive a copy of the native slide deck and a link for downloading the recording. You will receive the procedure for Medical Device Reporting (SYS-029), updated to include requirements for ISO 13485:2016 and eMDR Submissions to the FDA. No forms are associated with this procedure because you must submit eMDRs using an electronic submissions gateway. However, you will receive a copy of our complaint log (LST-011) that will help you monitor the reporting decisions to ensure that the complaint handling process and reporting decisions are processed consistently and efficiently. Reporting on this data is a new requirement for management reviews in ISO 13485:2016.
Q&A
If you have any general questions about Medical Device Reporting or the eMDR requirement in 21 CFR 803, please email me at rob@fdaestar.com. I will use your questions as material for webinars and future blogs. During live webinars, you are only able to submit questions via the chatbox. If you have company-specific questions, please send me a request to set up a private call to discuss your specific issues.
Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.258.1881 or by email. You can also follow him on YouTube, LinkedIn, or Twitter.
