Notified Body

Unannounced Audits

This article provides an update on the status of unannounced audits by Notified Bodies for CE Marking of medical devices.

unannounced audits Unannounced Audits

The EU Commission provided recommendations to Notified Bodies last Fall on how they should conduct three different kinds of audits: 1) product assessments, 2) quality system assessments, and 3) unannounced audits (http://bit.ly/Audit-Recommendations). The recommendations do not propose any changes to existing practices for product assessments (i.e., review of CE Marking applications) that are being conducted in accordance with the European Directives, or quality system assessments that are being conducted in accordance with ISO 17021. The recommendation does, however, propose new auditing practices specific to conducting unannounced audits (http://bit.ly/Unannounced-Audits).

The recommendation is addressed to the Member States, rather than Notified Bodies because the intent is for Competent Authorities in each member state to enforce these recommendations when they are reevaluating existing Notified Bodies for renewal. The intent is that the EU Commission and the Member States will use compliance with the “recommendation” for unannounced audits as one of the criteria for deciding which Notified Bodies would retain their status when the new European Medical Device Regulations were approved in 2015. Therefore, all of the Notified Bodies are scrambling to complete a number of unannounced audits before the end of 2014.

Who will be audited in 2014?

In 2014, the primary targets for unannounced audits will be manufacturers of high-risk, Class III devices. The prime targets for unannounced audits are unlikely to contract manufacturers, because Notified Bodies may not have access to all the technical documentation while they are auditing a contract manufacturer. I expect each of the Notified Bodies to plan at least one unannounced audit of a contract manufacturer for a Class III device that is outsourced. Still, I don’t expect this to be the focus of unannounced auditing activities in 2014.

It is already July, and only a handful of unannounced audits have been performed as “pilots.” Most of the Notified Bodies trained auditors on how to conduct unannounced audits in May or June during their annual auditor training. Therefore, we can expect a dramatic increase in the number of unannounced audits during the remaining months of 2014. If your firm has recently had CE Marking compliance issues with a Class III device, you should expect an auditor soon.

4 Ways unannounced audits are different

Unannounced audits differ from traditional quality system audits in four ways.

1. Unannounced audits are truly unannounced–with no warning at all. Even the US FDA inspectors have the courtesy to call on Friday to inform manufacturers of their intent to visit the following Monday or Tuesday. To ensure that auditors can conduct unannounced audits as planned, Notified Bodies are asking manufacturers to provide information about when production activities will be shut-down.

2. Unannounced audits will always be conducted by an auditing team with at least one person that is qualified to review the technical documentation (i.e., Technical File or Design Dossier) and compare it to the actual production activities. This is similar in some ways to how FDA inspectors review a Device Master Record (DMR) and then compare the DMR to production and process controls they observe in manufacturing. However, the technical experts from Notified Bodies typically have a minimum of five years experience similar designing devices, and a two-person team can spread your resources dangerously thin if you are a smaller company that is used to providing a guide for only one auditor or inspector.

3. Unannounced audits will involve more time spent by auditors in production areas, instead of reading documents in conference rooms. You can expect brief opening meetings because auditors need to review critical processes as quickly as possible. Specifically, the auditors are required to use a risk-based approach to select two of the following processes:

  • design controls
  • establishment of material specifications
  • purchasing control and incoming inspection
  • assembling
  • sterilization
  • batch-release
  • packaging
  • product quality control

If a company conducts sterilization on-site, I would expect this to be a likely prospect for sampling. However, the two areas I hope to be sampled most frequently are: 1) purchasing control & incoming inspection, and 2) batch-release. These two processes are expected to be sampled frequently because these processes facilitate ad hoc sampling and demonstration of testing. This is important because Notified Bodies are expected to observe product testing.

4. Unannounced audits will be conducted at suppliers when critical processes are outsourced. Therefore, if Class III device manufacturers outsource final inspection, packaging, and sterilization–the suppliers providing these services may be unannounced audit targets for multiple Notified Bodies. ISO 13485 certified suppliers have enjoyed a decade of little direct involvement by regulators, but unannounced audits are about to change this.

How will unannounced audits change in the future?

In 2015 and beyond, unannounced audits will be conducted at contract manufacturers and manufacturers. Unannounced audits will also be conducted for all risk classifications of devices–unless the device does not have Notified Body involvement (i.e., Class I, non-sterile, and non-measuring devices). The number of unannounced audits will also increase, because Notified Bodies are required to conduct an unannounced audit for each client at least once during three years–and more frequently for high-risk, Class III devices.

What should be done to prepare?

Preparation for unannounced audits should be very similar to your preparation for FDA inspections (http://bit.ly/FDA-Inspection-Webinar). Still, you will now need to evaluate your suppliers more rigorously to ensure they are also prepared for unannounced audits. The FDA rarely visits suppliers, and they are not allowed to review supplier auditing records. Notified Bodies will not have these restrictions. You will need to demonstrate a good balance between incoming inspection activities and other types of supplier controls. If your incoming inspection activities consist primarily of reviewing paperwork, then you need to balance this with supplier auditing (http://bit.ly/Supplier-Audits) and monitoring of in-process and final inspection nonconformities caused by supplier quality problems.

If you are interested in learning more about unannounced audits by Notified Bodies, please click on this link to pre-register for our webinar recording on the topic: http://bit.ly/unannounced-audits-webinar. Pre-registration pricing is $79, compared to our normal webinar price of $129. The pre-registration period ends on July 18.

Unannounced Audits Read More »

CE marking 4 digit number for medical devices

fourdigitquestion CE marking 4 digit number for medical devicesThis article explains the purpose and use of a CE marking four-digit number for medical devices, minimum size requirements, and other considerations. 

CE marking a four-digit number

The CE marking four-digit number that is displayed next to the CE mark on some medical devices is the Notified Body (NB) number. If there is no CE marking four-digit number, this means that the medical device is a Class I device that does not require NB involvement (i.e., self-declaration). If the device is a Class I device, and there is an NB number next to the CE mark, then the device either has a measuring function or is sterile.

Requirements for CE marking a four-digit number

The Medical Device Directive is divided into Articles and Annexes. Section 1 of Article 16 indicates that the European Commission is responsible for the assignment of NB numbers. In Article 17, ¨CE Marking,¨ it states: ¨[The CE] shall be accompanied by the identification number of the notified body responsible for the implementation of the procedures set out in Annexes II, IV, V, and VI.¨ Annex XII defines the minimum size (i.e., 5 mm) of the CE. The requirements for the size of the NB identification number is not included in Annex XII, but NBs interpret the requirements for size as half the height of the ¨CE.¨

Companies are responsible for reproducing the CE Mark on their labeling and the product–including the 4-digit number. However, if the space available on the product is too small to allow a 5 mm ¨CE,¨, then the company is not required to reproduce it on the product. Instead, it is sufficient to reproduce the CE Mark on product labeling and the Instructions For Use (IFU). One source of the artwork for the ¨C¨ and ¨E¨ is the Europa website.

If an NB number is required, usually, there are a couple of different orientations that are allowed by the NB. Most NBs specify that the NB number shall be to the right or beneath the “C” and “E.” However, most NBs have specific instructions available for the reproduction of the CE Mark and the proper orientation of their NB number. Often, the NB will also provide artwork for downloading that includes the NB number in one or more orientation.

Product Failure Investigations

Identification of the NB may not seem important; however, the NB number can help caregivers to identify the NB that approved CE Marking of a product when there is an investigation of product failures with an unknown manufacturer. In that case, the NB will then share this information with the appropriate manufacturer to facilitate an investigation. The NB number is also used to differentiate when the oversight by one NB stops, and a new one begins, after transferring from one NB to another.

If someone wants to know which NB is associated with each NB number, the EU Commission operates the NANDO information system as a database, allowing you to search each of the 60+ NBs by CE marking 4 digit number. The database also allows searching by country, annex/article, product, and horizontal technical competence.

If your company is selecting an NB, you can search the product and technical competency categories to identify which NBs are able to issue CE certificates for your product. There are ten possible technical competencies to use as search criteria. For example, if your company manufactures absorbable sutures (i.e., competency, MDS 7009), there are only 32 NBs (shrinking every day) that have the technical competence to assess your Design Dossier for conformity with the MDD.

If your company is developing porcine-based collagen implants (i.e., competency, MDS 7010), then there are only 24 NBs (shrinking every day) able to issue a Design Examination Certificate for CE Marking. If your company needs additional guidance on how to select an NB, you might consider reading a blog on certification body selection.

CE marking 4 digit number for medical devices Read More »

A 6 Step Approach if You Disagree With a Notified Body Auditor

The author’s first certification audit experience is discussed, and we review six different approaches to take if you disagree with a notified body auditor.

My first certification audit ever didn’t go so well. The reason it didn’t go well is that the auditor wrote nonconformities that my boss and our regulatory consultant didn’t agree with. At the time, I was too inexperienced to know how to handle it. My boss and the consultant, however, totally lost it. I’ve never seen veins that big in someone’s forehead–even in cartoons.

I asked them both to leave the room because I was afraid to “push back” on the auditor. Many Management Representatives feel the same way that I did during that initial certification audit. The best way to summarize our concerns is with the following picture:

kodiak A 6 Step Approach if You Disagree With a Notified Body Auditor

Recently another LinkedIn group member emailed me to say that they have seen several auditors for registrars identifying nonconformities that represented their own personal opinions rather than specific requirements of the Standard. For example, there is a requirement to assign management responsibilities and document it, but there is no requirement to have an organization chart.

Another common mistake is when auditors insist that a company must create a turtle diagram for every single process. I support the use of turtle diagrams 100%, but the only requirement in the Standard is to use the process approach–not turtle diagrams specifically.

My favorite is my own personal mistake. I wrote a nonconformity for not having a process for implant registration cards for a company that was planning to ship a high-risk implant product to Canada. There is a requirement for implant registry cards, but I forgot that Canada defines “implants” in this case as only a very short list of implant devices–not implants in general.

Auditors are human. These are audit findings–not a jail sentence. Everyone needs to remember that the worst that can happen is that you receive a nonconformity. If the auditor finds a nonconformity, then you need to develop a CAPA plan. If the auditor finds nothing, you still need to do your own internal audits to identify nonconformities and continuously improve processes.

What Should You Do When an Auditor is Wrong?

I recommend that you “push back,” but you need to know-how. Many consultants suggest saying, “Can you show me in the Standard where it says I have to do that?” That’s just like poking a bear. If you do it once, it’s annoying. If you do it multiple times, an auditor might just eat you.

One Management Representative did that to me after I had taken the time to review the requirements with him. I responded by holding the ISO 13485 Standard in front of him and reciting clause 7.3.2. He responded by saying, “Well, that’s up for interpretation.” I offered to recite the ISO 14969 guidance document for him, but his boss told him to shut up.

This certainly wasn’t the only time a client pushed back during a registration audit, but other clients have had the sense to argue about things they understood.

One of the clients I audited said that he would change the topic to the auditor’s favorite sports team. That’s one approach. I’m sure that more than one client has taken the approach of asking me to explain where they can learn about best practices. I’m sure that they were somewhat successful. Another approach is to slide the lunch menu in front of them; I have only met one auditor that would not be distracted by a lunch menu.

6 Step Approach When You Disagree With an Auditor

1. Shut-up and look it up (before you open your mouth, grab the applicable external Standard and locate the information you are looking for).

2. If you are still convinced that the auditor is wrong, then tell that you are having trouble finding the requirement. Show them where you are looking, and then ask them to help you find the requirement.

3. If the auditor can’t show you where you are wrong, or it appears that the auditor is interpreting the Standard as they see fit, then focus on asking the auditor for guidance on what they will be looking for in your CAPA plan.

4. If the CAPA plan the auditor is looking for is something you think is a good idea, then shut up and implement the improvements. If the CAPA plan is not acceptable to you, then you should ask what the process is for the resolution of disputes.

5. No matter what, don’t start an argument with the registrar. They enjoy it. They like a challenge and resent people with less experience criticizing them.

6. If you still disagree with your auditor, then you should ask if the auditor can explain the process for appealing findings and follow that process.

A 6 Step Approach if You Disagree With a Notified Body Auditor Read More »

What is an NB-MED?

The author defines what an NB-MED is, Team NB and their role, provide a regulatory update and some information sources.

Each time I review a list of external standards, I notice at least a few references that are out-of-date. Occasionally, I am surprised, and everything appears to be current, but it is almost impossible to stay current with all the external standards. The most demanding standards to maintain are those that are untracked. Untracked standards are difficult to keep current with because it requires manually checking each source to determine if a standard has been updated. One of these sources is Team NB.

Team NB

Team NB describes itself as the “European Association of Notified Bodies for Medical Devices.” Team NB is an organization comprised of Notified Bodies (NBs). These NBs create guidance documents to clarify the interpretation of regulations in the EU. Since NBs are generating the documents, rather than Competent Authorities (CAs), it is possible for Team NB to reach a consensus more quickly than CAs. Since these documents are guidance documents, the NB-MED documents are not enforceable or binding. However, in all likelihood, your NB will interpret ISO 13485 and the MDD (93/42/EEC as modified by 2007/47/EC) in accordance with these guidance documents.

The website link I provide in my “Helpful Links” page includes many links to important guidance documents. Among the recently updated NB-MED documents is NB-MED 2.5.2/rec 2. The “rec” is not the same as a revision. For example, rec two is “Reporting of design changes and changes of the quality system,” while rec 1 is “Subcontracting – QS related.” The link I have provided will land you directly on the list of NB-MED documents, and the right-hand column identifies the date the document was added to the list. Therefore, if you want to know about new and revised NB-MED documents, you merely need to read the documents that are identified as being added since your last visit.

NB-MED 2.4.2/rec 2

At this time, NB-MED 2.5.2/rec 2 is the only recent addition—and you should read it. Many companies struggle with design changes, and they don’t know if the change is significant or not. Revision 8 of this document includes helpful examples. I recommend reading this document carefully and then revising your own change notification procedure to match the document. If you don’t have a change notification procedure, your QMS auditor has been lazy. Don’t let them give you the excuse of “It’s just a sampling.” This document has been published for a long time, and the intent has not changed since 2008—just new examples to clarify the interpretations.

There is a posting from 1/14/11. This is an excellent list of all the NB-MED documents. I recommend printing this document and using it to compare against your current external standards list. There is a very recent posting from 2/7/12 that answers frequently asked questions about the implementation of EN 60601. If you don’t know what this is, you probably don’t have an active device.

On 3/27/12, there was a letter from Team NB indicating that they condemn Poly Implant Prothèse (PIP) for committing fraud (well duh). Who would endorse them?

Finally, on April 17, 2012, meeting minutes were posted from an April 5 meeting of Team NB. The NBs indicated that the medical device authorization system is excellent! This is not a surprise since any other response would be self-criticism and potentially career-limiting. The minutes also indicate that the Team wants as many of the members to endorse the “Code of Conduct” (CoC) that was recently drafted by the “Big 5” NBs. So far, the acceptance of this Code is limited, but the Competent Authorities have other plans.

Competent Authorities (CAs) are currently evaluating the NBs with regard to competency for handling Class III devices. In addition, there is a plan to revise the regulations in Europe (2014 is the guess). These changes will be major. The Team NB website could be a source of information about rapid changes in the next 12 months, but for now, it’s the quiet before the storm. The Great Consolidation of European Regulators is about to begin (or maybe all the NBs will endorse the CoC, and the CAs will forget about it).

 

What is an NB-MED? Read More »

Scroll to Top