1.12k likes | 1.34k Views
FDA Medical Devices: Auditing the GMPs. The Objects Most Feared …. Very few situations get the same automatic negative reaction that the dreaded QA guy carrying a clipboard will usually receive… Why?. Internal Auditors.
E N D
The Objects Most Feared … • Very few situations get the same automatic negative reaction that the dreaded QA guy carrying a clipboard will usually receive… • Why?
Internal Auditors • Usually part-time: the QA Department “borrows” auditors for a few days when needed on monthly, quarterly, or annual schedule • Can be full-time in larger organizations: generally combined with inspection or other QA/QC duties • Sometimes outsourced: consultant is hired to perform all or some of the audits
You should say YES if asked… • Increases your value to the company • Adds to your resume • Good way to get to know other areas of the company • You will learn to see the “Big Picture” • QA Managers get lonely
The “Big Picture” • Sometimes we audit the Trees… • And sometimes we audit the Forest. • What’s the difference?
Product Improvement Supply Management Sales/ Contract Review Order Fulfillment Customer Interface Project Implementation Outside Resources Proposal Generation Resource Validation Pre- Sales efforts Design Review Current & Future Needs Customers Delivered Products
Continuous Improvement • The Three Laws of Statistical Thinking • Plan/Do/Check/Act Cycles
Three Laws of Statistical Thinking • All Work is comprised of interrelated processes • All Processes contain variation • Success is derived from understanding and controlling variation
Quality Assurance • Everything we do in QA should be designed to further the understanding and reduce the variation in our work processes. • Big honkin’ binders of procedures are not written to please the auditors. • Why do we write procedures?
Procedures Procedures are written for training and thus variation reduction in our processes… Why do we audit? TE009 RFP
Auditing Auditing is performed to uncover the difference between what we say we do and what we actually do…
Auditing …for both production and management processes. We want Continuous Improvement in all processes.
QA Explanation • Say What You Do • Do What You Say • Act on the Differences
PDCA Cycles DO PLAN CI ACT CHECK
DO CHECK PLAN ACT
DO Set objectives and build processes that meet customer expectations CHECK ACT
Perform your processes CHECK PLAN ACT
DO Monitor and measure the processes against policies, objectives and procedures PLAN ACT
DO CHECK PLAN Take actions based on what you’ve learned about the processes
Review • Why is the “Systems Approach” important? • How would you explain the Three Laws of Statistical Thinking to someone else? • Auditing belongs to what part of PDCA?
FDA Inspection Results Quality: 47% Laboratory: 19% Production: 11% Facilities/Equipment: 8% Materials: 6% Packaging/ Labeling: 0%
FDA-483 Citations 21 CFR Primary Reference Deficiency System
FDA-483 Citations cont. 21CFR Reference Deficiency Primary System
FDA-483 Citations cont. 21 CFR Primary Reference Deficiency System
Before the Inspection • Are procedures in place? FDA can request copies of high-level documents and procedures: the organization is not required to provide. • Do the procedures meet the requirements? • Review records • Pre-notification for quality system audits when company has a clean record, but surprise inspections are always possible
FDA Inspection/ Audit4 Major Subsystems • Management Controls • Design Controls • Corrective & Preventive Action (CAPA) • Medical Device Reporting • Corrections and Removals • Medical Device Tracking • Production & Process Controls • Sterilization Controls
FDA Inspectional Objectives4 Major Subsystems • Management Controls (7 Objectives) • Design Controls (15 Objectives) • Corrective & Preventive Action (10 Objectives) • Medical Device Reporting (4 Objectives) • Corrections and Removals (3 Objectives) • Medical Device Tracking (3 Objectives) • Production & Process Controls (6 Objectives) • Sterilization Controls (5 Objectives)
First Major Subsystem:Management Controls • Interview of the Management Representative • Does management have a good understanding of what is required under this section?
Management Controls The purpose of the management control subsystem is to provide adequate resources for device design, manufacturing, quality assurance, distribution, installation, and servicing activities; assure the quality system is functioning properly; monitor the quality system; and make necessary adjustments. A quality system that has been implemented effectively and is monitored to identify and address problems is more likely to produce devices that function as intended. A primary purpose of the inspection is to determine whether management with executive responsibility ensures that an adequate and effective quality system has been established (defined, documented and implemented) at the firm. Because of this, each inspection should begin and end with an evaluation of this subsystem.
ISO 13485; 5.5.2; Management RepresentativeCFR Title 21; Part 820; Subpart B; Section 820.20 Management Responsibility • The Code of Federal Regulations Part 820 is referred to as the Quality System Regulation (QSR) • It is “harmonized” with ISO 13485, meaning that they cover the same requirements and share much of the same language. • ISO, in common usage, refers to the International Organization for Standardization. • The organization registers to the Standard, and complies with the law…
ISO 13485; 5.5.2; Management RepresentativeCFR Title 21; Part 820; Subpart B; Section 820.20 Management Responsibility Top Management shall appoint a Representative with R&A that includes: • Ensuring QMS processes are established and maintained • Reporting to Top Management on performance and improvement needs • Ensuring the promotion of regulatory and customer requirements throughout the Organization
Inspectional Objective #1 Verify that a quality policy, management review and quality audit procedures, quality plan, and quality system procedures and instructions have been defined and documented.
Inspectional Objective #2 Verify that a quality policy and objectives have been implemented. What is the difference between documented and implemented to an auditor?
ISO 13485; 5.3; Quality PolicyCFR 820.20 (a) • Top Management must establish a written policy appropriate to the organization that includes: • a statement of commitment to comply with the regulatory requirements and to maintain the effectiveness of the quality management system and • provides a framework for establishing and reviewing the quality objectives • Management must communicate the policy throughout the organization and continually review the policy for its suitability
Inspectional Objective #3 Review the firm's established organizational structure to confirm that it includes provisions for responsibilities, authorities and necessary resources.
Inspectional Objective #4 Confirm that a management representative has been appointed. Evaluate the purview of the management representative.
Inspectional Objective #5 Verify that management reviews, including a review of the suitability and effectiveness of the quality system, are being conducted
ISO 13485: 5.6.1 Management Review At planned intervals, Top Management shall review the QMS for suitability and effectiveness, which shall include assessment of opportunities for improvement and the need for changes to the QMS including the Quality Policy and Objectives. Records shall be maintained. Requirements are established for Review of Inputs and Outputs including…
5.6.2 Review Input • Results of Audits • Customer Feedback • Process Performance/ Product Conformity • Preventive/Corrective Actions • Follow ups to Action Items • Changes affecting the QMS • Recommendations for Improvement • Changes to regulations
Planned Intervals… • Monthly Project Reviews • Quarterly or Annual System Reviews • Annual Procedure and Manual Reviews • Other? What’s appropriate?
5.6.3 Review Output • Improvements needed to maintain effectiveness of the QMS and its processes • Improvement of product relative to the customer • Resource Needs
8.2.2 Internal Audit The organization shall conduct internal audits at planned intervals to determine whether the QMS… • Conforms to planned arrangements (7.1) • Requirements of the standard • Requirements of the organization
8.2.2 Internal Audit The organization shall conduct internal audits at planned intervals to determine whether the QMS… • Is effectively implemented and maintained
8.2.2 Internal Audit: PLAN An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
ISO 8.2.2 Auditors shall not audit their own work. CFR 820.22 Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Can the Manager of Product Engineering be an internal auditor?
8.2.2 Internal AuditDO The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records shall be defined in a documented procedure. The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes.
8.2.2 Internal AuditACT Actions must be taken or planned ASAP after the audit finding or observation is reported… Corrective Action
Inspectional Objective #7 Evaluate whether management with executive responsibility ensures that an adequate and effective quality system has been established and maintained.
Review • Why does FDA look at the high-level documents before beginning the inspection? • Why is the Quality Policy required? • Explain Management Review.
Major Subsystem 2:Design Controls • In 1990 FDA published a study showing that 44% of device failures leading to recalls (1983-1989) were due to design failures that could have been prevented. • For software failures, that number was over 90%.