What is a Gap Analysis?

2 Comments / Quality Management System / By Matthew Walker / Compliance Assessment, gap analysis, medical device quality systems, Quality Management System, quality system management, Regulatory compliance

This article describes what a gap analysis is in the context of managing your quality system when standards and regulations are updated.

Compliance Assessment Gap Analysis Picture 1024x683 What is a Gap Analysis? — Compliance Assessment/Gap Analysis

What is a Gap Analysis? An introductory look.

Well, that depends on the context. The dictionary definition is “A technique that businesses use to determine what steps need to be taken in order to move from its current state to its desired, future state. Also called need-gap analysis, needs analysis, and needs assessment.” (http://www.businessdictionary.com/definition/gap-analysis.html).

For the most part, this is correct, but we need to tweak it just a little bit to fit better into our regulatory affairs niche, specifically medical device manufacturers. A Gap Analysis for financial investment or an advertising firm will be very different than one for a medical device distributor. It might even be better served to be called a Compliance Assessment/Gap Analysis, but I am sure someone else has thought of that long before me.

For our purposes, the Gap Analysis is a formal comparative review of an internal process or procedure against a standard, good practice, law, regulation, etc. This blog article will be an introductory look into that process.

What are the two BIG goals of a Gap Analysis?

It sounds like a simple exercise, but the Gap Analysis or GA for short can have two very different but complementary functions. Rather than simply hunting for areas of non-compliance, the first goal is to find and demonstrate areas of compliance.

The second more obvious goal is to find the gaps between the process and the regulatory requirements they are being compared against.

Why is demonstrating compliance important?

Because this is a formal documented review, a Gap Analysis provides documentation in a traceable manner of meeting the requirements that have been laid out. That traceability is important because it allows anyone to read the report, see the requirement, and locate the area of the procedure that demonstrates conformity with that requirement.

The report itself is an objective tool, not something that is meant to be a witch hunt. The Gap Analysis will compare document contents. If you want to verify that the entire process is fully compliant, you will need to dig deeper and observe if the activities laid out within the procedure are being performed per the procedure instructions. It is possible to draft procedures that are compliant with text requirements but non-compliant in the manner that the actions are being performed and documented.

What about gaps?

The gaps, or areas of non-compliance highlight opportunities for improvement, if there are any. A Gap Assessment may not find any gaps and present a report that clearly and neatly outlines and explains how each regulatory requirement is being met.

If there are any gaps identified, that does not mean that there is cause for concern. This should be viewed instead as an opportunity for improvement. Standards and procedures change over time, and, naturally, procedures and processes will have to change with them.

The very act of the Gap Analysis shows that there is a documented effort towards continual improvement as long as the gaps are addressed.

Addressing the Gaps

The report is ideally the first and last step, and you have a wonderful piece of paper to show that someone checked, and all of the required areas are being met. However, this is not always the case. When there are gaps, they must be filled.

Addressing a gap should happen in a traceable manner, one that shows it was identified, acknowledged, and then how it was fixed. Something that might be addressed through a CAPA process, but that is a topic for a different time.

In Closing

The Compliance Assessment/Gap Analysis is a singular tool used in the overall maintenance of a quality system. Its actions and performance are similar to a simplified type of audit, but the Gap Analysis itself is not going to replace your regularly scheduled audit activities. However, it will help you monitor and keep your fingers on the overall pulse of your quality system. This is also especially helpful in situations where standards and regulations are updated, and your quality system needs to be evaluated and updated accordingly.

For more in-depth education in specialized areas of the assessment, look into our training on Technical File Auditing for MDR compliance against Regulation (EU) 2017/745 at the link below.

https://medicaldeviceacademy.com/technical-file-auditing/

Oct 7 2013

Procedure template for ISO ISO 13485:2016 quality systems

5 Comments / ISO Certification / By Robert Packard / documentation, procedure, QMS, Quality Management System, template

This 12-part procedure template for your medical device QMS can result in writing shorter, more effective documents that facilitate training.

Procedure Template

We all have a standard template for our quality system procedures. Typically, we begin with purpose, scope, and definitions. This 12-part procedure template for your medical device QMS can result in shorter, more effective documents that are easier to train personnel on.

1. Purpose. Often I read something like, “This purpose of this document is to describe the CAPA procedure.” That necessary information is the reason why we title procedures. A better statement of purpose would be, “The purpose of this procedure is to provide a process for identifying, preventing and eliminating the causes of an actual or potential nonconformity, and using risk management principles.” The second version gives readers a better indication of the purpose of the procedure.

2. Scope. This section should identify functions or situations that the procedure applies to, but it is even more critical to identify which situations the procedure does not apply to.

3. References and Relationships. Reference documents that apply to the entire quality management system (e.g., – ISO 13485 and 21 CFR 820) only need to be listed in the Quality Manual. This reduces the need for future revisions to the procedures. I list here any procedure-specific external standard (e.g., – ISO 14971) in the applicable procedure. The relationship between procedures is more important than the references. Therefore, I prefer to use a simple flow diagram, with inputs and outputs, similar to the one below for a document control process.

4. Document Approval. Who must sign off on the procedure? Keep this list short. Ideally, just the primary process owner and Quality Manager (to ensure consistency and integrity across the quality management system).

5. Revision History. A brief listing of each revision and a brief description of what was changed in the procedure.

6. Responsibilities and Authorities. A listing of the main areas of responsibility for each role. Remember to include the title of managers who may be required to approve forms, or make key decisions.

7. Procedure. I prefer to create a detailed flowchart outlining each step of a process before writing the procedure. Each task box in the flowchart will include a reference number. If you organize the reference numbers in an outline format, then you can write the text of your procedure to match the flowchart—including the numbering of the flowchart task boxes.

8. Monitoring and Measurement. An explanation of how the process is monitored and measured, who does it, how often, format, method of communicating the analysis, and what process that analysis will be input into, e.g., Management Review.

9. Training/Retraining. Tabulated, which roles need to be trained in this procedure, and to what level? The example below is also from a Document Control procedure.

10. Risk Management. This section identifies risks associated with each procedure and how the procedure controls those risks. As well as complying with the requirement to apply risk management throughout product realization (i.e., Clause 7 of ISO 13485), including a section specific to risk management forces the author of the procedure to think of ways the process can fail and to develop ways to avoid failure. Risks can also be a starting point for training people on the procedure.

11. Records. Tabulated, form number and names, a brief description of its purpose, and a column for retention and location. This column also allows for reference to compilations if the record becomes part of, e.g., the Design History File, Device Master Record, or the Risk Management File.

12. Flowcharts. Step-by-step through the process, saying who performs the step when it isn’t apparent. I keep task shapes simple: rectangles for tasks, rounded rectangles for beginnings and endings, diamonds for decision boxes, and off-page reference symbols.

When the task needs supporting text, e.g., guidance or examples, put a number in the box and a corresponding number in the table in (7) above. Ideally, the flowcharts are placed in the document with the Notes table on the same page or the opposite page. In practice, I often put them at the end to simplify the layout. One of my clients loves her flowcharts and puts them on the front page.

Benefits of this Approach

Information is well structured and presented consistently across procedures, more so than can be achieved through narrative.

The flowchart is the primary means of documenting the procedure.
Tables provide details that are not clear in the flowchart.

The procedure structure described above facilitates a consistent training approach built around the document. Purpose and scope are presented first, and then the Risk section is presented to explain what is essential in the procedure and why. The flowchart, the table, and the formwork together describe each step of the procedure. Finally, a PowerPoint template can be used to guide process owners in developing their training.

And to make it even easier, you have already spelled out who needs to be trained and to what level.

Nov 10 2012

Quality Management System Information Sources

3 Comments / ISO Certification / By Robert Packard / Quality Management System

This blog reviews a number of quality management system information sources.

A blog follower from Jon Speer’s website, Creo Quality, recently sent me a message asking for information sources on Quality Management System (QMS) subject matter.

The single best guidance document on the implementation of a QMS system in accordance with ISO 13485 is “13485 Plus” (type in the words in quotes to the CSA Group search engine).

There are also a bunch of pocket guides you can purchase for either ISO 9001 or ISO 13485 to help you quickly access information you are having trouble remembering. One of my lead auditor students recommended one pocket guide in particular and she was kind enough to give me her copy.

There are some webinars out there that provide an overview of QMS Standards. Some are free and some have a modest fee. I’m not sure of the value for these basic overview webinars, but if you need to train a group, it’s a great solution. I know BSI has several webinars that are recorded for this purpose.

AAMI has an excellent course on the Quality System Regulations (QSR) which combines 21 CFR 820 and ISO 13485.

There are a number of blogs I recommend on my website.

You can try to identify a local mentor–either in your own company, or at your local ASQ Section.

You can join the following LinkedIn subgroup: Medical Device: QA/RA. You will need to become a member of the parent group (Medical Device Group)–if you are not already one of the 140,000+ members connected with Joe Hage. George Marcel and I manage this subgroup for Joe.

You can visit the Elsmar Cove website and participate in the discussions you find there. I wrote a blog about Elsmar Cove a while back (wow almost 2 years ago now).

The best way to learn this stuff is to do all of the above.