Blog

Posts Tagged Quality Management System

What is a Gap Analysis?

This article describes what a gap analysis is in the context of managing your quality system when standards and regulations are updated.

Compliance Assessment Gap Analysis Picture 1024x683 What is a Gap Analysis?
Compliance Assessment/Gap Analysis

What is a Gap Analysis? An introductory look.

Well, that depends on the context. The dictionary definition is “A technique that businesses use to determine what steps need to be taken in order to move from its current state to its desired, future state. Also called need-gap analysis, needs analysis, and needs assessment.” (http://www.businessdictionary.com/definition/gap-analysis.html). 

For the most part, this is correct, but we need to tweak it just a little bit to fit better into our regulatory affairs niche, specifically medical device manufacturers. A Gap Analysis for financial investment or an advertising firm will be very different than one for a medical device distributor. It might even be better served to be called a Compliance Assessment/Gap Analysis, but I am sure someone else has thought of that long before me.

For our purposes, the Gap Analysis is a formal comparative review of an internal process or procedure against a standard, good practice, law, regulation, etc. This blog article will be an introductory look into that process.

What are the two BIG goals of a Gap Analysis?

It sounds like a simple exercise, but the Gap Analysis or GA for short can have two very different but complementary functions. Rather than simply hunting for areas of non-compliance, the first goal is to find and demonstrate areas of compliance. 

The second more obvious goal is to find the gaps between the process and the regulatory requirements they are being compared against. 

Why is demonstrating compliance important?

Because this is a formal documented review, a Gap Analysis provides documentation in a traceable manner of meeting the requirements that have been laid out. That traceability is important because it allows anyone to read the report, see the requirement, and locate the area of the procedure that demonstrates conformity with that requirement. 

The report itself is an objective tool, not something that is meant to be a witch hunt. The Gap Analysis will compare document contents. If you want to verify that the entire process is fully compliant, you will need to dig deeper and observe if the activities laid out within the procedure are being performed per the procedure instructions. It is possible to draft procedures that are compliant with text requirements but non-compliant in the manner that the actions are being performed and documented.

What about gaps?

The gaps, or areas of non-compliance highlight opportunities for improvement, if there are any. A Gap Assessment may not find any gaps and present a report that clearly and neatly outlines and explains how each regulatory requirement is being met. 

If there are any gaps identified, that does not mean that there is cause for concern. This should be viewed instead as an opportunity for improvement. Standards and procedures change over time, and, naturally, procedures and processes will have to change with them.

The very act of the Gap Analysis shows that there is a documented effort towards continual improvement as long as the gaps are addressed. 

Addressing the Gaps

The report is ideally the first and last step, and you have a wonderful piece of paper to show that someone checked, and all of the required areas are being met. However, this is not always the case. When there are gaps, they must be filled.

Addressing a gap should happen in a traceable manner, one that shows it was identified, acknowledged, and then how it was fixed. Something that might be addressed through a CAPA process, but that is a topic for a different time. 

In Closing

The Compliance Assessment/Gap Analysis is a singular tool used in the overall maintenance of a quality system. Its actions and performance are similar to a simplified type of audit, but the Gap Analysis itself is not going to replace your regularly scheduled audit activities. However, it will help you monitor and keep your fingers on the overall pulse of your quality system. This is also especially helpful in situations where standards and regulations are updated, and your quality system needs to be evaluated and updated accordingly.

For more in-depth education in specialized areas of the assessment, look into our training on Technical File Auditing for MDR compliance against Regulation (EU) 2017/745 at the link below.

Technical File Auditing for MDR Compliance

Posted in: Quality Management System

Leave a Comment (2) →

Procedure template for ISO ISO 13485:2016 quality systems

This 12 part procedure template for your medical device QMS can result in writing shorter, more effective documents that are easier to train personnel on.%name Procedure template for ISO ISO 13485:2016 quality systems

We all have a standard template for our quality system procedures. Typically, we begin with purpose, scope, and definitions. This 12-part procedure template for your medical device QMS  can result in shorter, more effective documents that are easier to train personnel on.

1. Purpose. Often I read something like, “This purpose of this document is to describe the CAPA procedure.” That necessary information is the reason why we title procedures. A better statement of purpose would be, “The purpose of this procedure is to provide a process for identifying, preventing and eliminating the causes of an actual or potential nonconformity, and using risk management principles.” The second version gives readers a better indication of the purpose of the procedure.

2. Scope. This section should identify functions or situations that the procedure applies to, but it is even more critical to identify which situations the procedure does not apply too.

3. References and Relationships. Reference documents that apply to the entire quality management system (e.g., – ISO 13485 and 21 CFR 820) only need to be listed in the Quality Manual. This reduces the need for future revisions to the procedures. I list here any procedure-specific external standard (e.g., – ISO 14971) in the applicable procedure. The relationship between procedures is more important than the references. Therefore, I prefer to use a simple flow diagram, with inputs and outputs, similar to the one below for a document control process.

sys 001 Procedure template for ISO ISO 13485:2016 quality systems

4. Document Approval. Who must sign off on the procedure? Keep this list short. Ideally, just the primary process owner and Quality Manager (to ensure consistency and integrity across the quality management system).

5. Revision History. A brief listing of each revision and a brief description of what was changed in the procedure.

6. Responsibilities and Authorities. A listing of the main areas of responsibility for each role. Remember to include the title of managers who may be required to approve forms, or make key decisions.

7. Procedure. I prefer to create a detailed flowchart outlining each step of a process before writing the procedure. Each task box in the flowchart will include a reference number. If you organize the reference numbers in an outline format, then you can write the text of your procedure to match the flowchart—including the numbering of the flow chart task boxes.

example Procedure template for ISO ISO 13485:2016 quality systemscapa Procedure template for ISO ISO 13485:2016 quality systems

8. Monitoring and Measurement. An explanation of how the process is monitored and measured, who does it, how often, format, method of communicating the analysis, and what process that analysis will be an input into, e.g., Management Review.

9. Training/Retraining. Tabulated, which roles need to be trained in this procedure, and to what level? The example below is also from a Document Control procedure.role Procedure template for ISO ISO 13485:2016 quality systems

10. Risk Management. This section identifies risks associated with each procedure and how the procedure controls those risks. As well as complying with the requirement to apply risk management throughout product realization (i.e., Clause 7 of ISO 13485), including a section specific to risk management forces the author of the procedure to think of ways the process can fail and to develop ways to avoid failure. Risks can also be a starting point for training people on the procedure.

11. Records. Tabulated, form number and names, a brief description of its purpose, and a column for retention and location. This column also allows for reference to compilations if the record becomes part of, e.g., Design History File, Device Master Record, or the Risk Management File.

12. Flowcharts. Step-by-step through the process, saying who performs the step when it isn’t apparent. I keep task shapes simple: rectangles for tasks, rounded rectangles for beginnings and endings, diamonds for decision boxes, and off-page reference symbols.

When the task needs supporting text, e.g., guidance or examples, put a number in the box and a corresponding number in the table in (7) above.  Ideally, the flowcharts are placed in the document with the Notes table on the same page or the opposite page. In practice, I often put them at the end to simplify the layout. One of my clients loves her flowcharts and puts them on the front page.

Benefits of this Approach

Information is well structured and presented consistently across procedures, more so than can be achieved through narrative.

  • The flowchart is the primary means of documenting the procedure.
  • Tables provide details that are not clear in the flowchart.

The procedure structure described above facilitates a consistent training approach built around the document. Purpose and scope are presented first, and then the Risk section is presented to explain what is essential in the procedure and why. The flowchart, the table, and the formwork together to describe each step of the procedure. Finally, a PowerPoint template can be used to guide process owners in developing their training.

And to make it even easier, you have already spelled out who needs to be trained and to what level.

Posted in: ISO Certification

Leave a Comment (2) →

Quality Management System Information Sources

This blog reviews a number of quality management system information sources.

A blog follower from Jon Speer’s website, Creo Quality, recently sent me a message asking for information sources on  Quality Management System (QMS) subject matter.

The single best guidance document on the implementation of a QMS system in accordance with ISO 13485 is “13485 Plus” (type in the words in quotes to the CSA Group search engine).

There are also a bunch of pocket guides you can purchase for either ISO 9001 or ISO 13485 to help you quickly access information you are having trouble remembering. One of my lead auditor students recommended one pocket guide in particular and she was kind enough to give me her copy.

There are some webinars out there that provide an overview of QMS Standards. Some are free and some have a modest fee. I’m not sure of the value for these basic overview webinars, but if you need to train a group, it’s a great solution. I know BSI has several webinars that are recorded for this purpose.

AAMI has an excellent course on the Quality System Regulations (QSR) which combines 21 CFR 820 and ISO 13485.

There are a number of blogs I recommend on my website.

You can try to identify a local mentor–either in your own company, or at your local ASQ Section.

You can join the following LinkedIn subgroup: Medical Device: QA/RA. You will need to become a member of the parent group (Medical Device Group)–if you are not already one of the 140,000+ members connected with Joe Hage. George Marcel and I manage this subgroup for Joe.

You can visit the Elsmar Cove website and participate in the discussions you find there. I wrote a blog about Elsmar Cove a while back (wow almost 2 years ago now).

The best way to learn this stuff is to do all of the above.

Posted in: ISO Certification

Leave a Comment (2) →

Qualifying a Supplier That Doesn’t Have a Quality Management System

This blog proposes a simple solution for how to qualify a supplier that doesn’t have a quality management system.

You are ignoring the obvious question of why doesn’t a medical device supplier have a quality management system. If you are a contract manufacturer, you should ensure that you have a clause in your supplier qualification procedure that says you don’t need to qualify suppliers that are mandated by your customers. If your response to this suggestion is “Duh,” you haven’t conducted many supplier audits of contract manufacturers. As my buddy, Tim says, “You need to leave somewiggle room’ in your procedures.” This is also good advice for all 19 of your top-level procedures that get audited each year.

For the remaining suppliers you are considering to add to your Approved Supplier List (ASL), you need a SIMPLE set of criteria for how you qualified the supplier. Guess what that magical document should be? (Answer to be provided shortly)

Many companies use a supplier self-evaluation survey. I’m almost certain that I have bashed these nearly useless documents before, but if I failed to do this, …most of them are problematic. A one-page supplier information form seems more appropriate. No signature required! And please make it a Word document.

The supplier qualification procedure needs to be generic for all raw materials and services you purchase. The problem is that everything you purchase has different requirements. So instead of wasting your time with writing one procedure that has wiggle room for every single product or service, you will ever purchase, don’t even try. Instead, write a SIMPLE procedure. This procedure needs only to be one page long. It needs four requirements:

1)      New suppliers must complete a supplier information form and submit it to the company. This should be updated at least once every 12 months and whenever there is a change to the information provided (i.e., – notification of change).

2)      You need at least two people to approve the addition to the Quality Management System. This can be done on your ECO or DCO form for changing the ASL. If the supplier is customer-mandated, you need the customer’s approval and the purchasing managers. If the supplier is internally selected, you need at least purchasing and QA to approve it.

3)      You should have an objective criterion (probably more than one requirement) that is product/service-related for acceptance of the supplier. This criterion SHALL be under document control, and the revision shall be communicated to the supplier when orders are placed. See ISO 13485:2003, section 7.4.2 (Purchasing Information).

4)      Finally, you need a reference to your purchasing procedure (one of the required 19 documents) and your supplier re-evaluation procedure.

If you have not already guessed, the “magical” document is called a purchasing specification or raw material specification for raw material items. For capital equipment, you may require that a capital expenditure justification be completed instead of the purchasing specification. For a calibrated instrument, tool, or fixture, you may request that requirements of the instrument/tool/fixture are documented in the applicable procedure or work instruction. For example, for measurement of this cannula, a calibrated optical comparator is required with 20x magnification. Reference the inspection procedure or drawing, and you are done.

For those of you that would like to keep your ASL shorter, which I recommend, if you don’t think you will be using the supplier more than once, you might want to give the buyer the option of documenting the purchasing specification on the purchasing requisition instead. This might be very helpful for those engineers that are doing R&D or validation work. For example, I need a bag of resin that meets the following raw material specifications—but we don’t currently use this material, and I’m not ready to submit one for approval. That’s why the engineer is ordering the bag of resin. She needs to test the material in the application and gather some preliminary data as justification for the new raw material specification.

There are 100’s of other ways to qualify your suppliers, and many of them work well if you follow your procedure. If your procedure is SIMPLE, your Monday’s will be better.

 

Posted in: Supplier Quality Management

Leave a Comment (0) →