Since this is football season, Dr. D decided to employ the old metaphor “basic blocking and tackling” or simply stated, “Mastering the fundamentals of the game.” Not unlike football, device establishments both located in the United States and outside of the country wishing to enter medical devices into the U.S. device market are expected to master the fundamentals. In the eyes of the FDA, the mastering of the fundamentals begins with the Quality System Regulation (QSR; 21 CFR, Part 820). Now as an old-time quality guy, the doctor has been practicing the fundamentals associated with effective Quality Management Systems (QMS) for a very-long time. That being said, one of the most basic of quality fundamentals is the execution of audits to assess the effectiveness of the QMS. In fact, the FDA has deemed quality audits so important that they dedicated an entire section in the QSR for auditing requirements (§820.22). For many Chief Jailable Officers (CJOs), the vicissitudes (look-it-up) of an agency inspection can sour even the most placid of faces. The souring effect is especially true when the outcome of an inspection results in double digit Form 483 observations. Ouch! Enjoy!
Warning Letter – June 2, 2016
For the readers who frequently traverse the pages of the FDA’s warning letter database, you already know that agency inspections resulting in Form 483 observations typically highlight issues associated with complaint management, CAPA, design control, process validation, etc. However, device establishments tend to comply with the basic tenants associated with an effective QMS such as document control, inspection, calibration, control of nonconforming product and audits. If an establishment fails to successfully establish (define, document in writing or electronically, and implement) an element of the QSR, an FDA investigator is obliged to award the offending establishment with a Form 483 observation. Remember, when an investigator arrives in an establishment’s lobby for that friendly cup of coffee and an inspection, they are there to collect documented evidence of compliance or lack of compliance. An FDA inspection should never be confused with a notified body audit. The purpose and outcomes are very different. That being said, the establishment referenced in this week’s Devine Guidance (DG) was awarded 12 Form 483 observations during an inspection held in October 2015. One of the observations was for the failure to perform quality audits. In fact, the offending establishment failed to perform audits for three consecutive years (2013, 2014, and 2015). Now Dr. D works with a lot of establishments that are resourced challenged. Sometimes, there are just no bodies available to perform audits. That is why it is an acceptable practice to retain third-party auditors to assist in the auditing tasks. Sometimes having a pair of eyes from outside the organization to assess the QMS is actually a good thing. Different perspectives tend to be enlightening.
Warning Letter Excerpt
Observation Twelve (12) “Failure to conduct quality audits in accordance with your established procedures to ensure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system, as required by 21 CFR 820.22. Specifically, your firm’s Quality Audit Procedures state that audits are to be conducted annually during the last three months of the year. However, your firm failed to conduct quality audits in 2013, 2014, and 2015.
We reviewed your response dated November 17, 2015, and cannot evaluate this aspect of the response because you did not provide supporting documentation. You stated you plan to have a third party audit conducted in February, 2016, but provided no further evidence of implementation of this corrective action.”
21 CFR, Part 820.22 – Quality Audit
“Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action(s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and reaudits shall be documented.”
Compliance for Dummies
For those extremely intimate with the QSR, you are aware of the exceptions noted in §820.180(c). Quality audits are one of the requirements of the QSR where the contents of audits do not have to be shared with FDA during an agency inspection. However, documented proof that such audits are being performed is a salient requirement. That is why having an audit agenda and sign-in sheet is so important. When the investigator asks to review documented evidence that quality audits are being performed, all that is required is to provide the investigator with evidence of compliance. A copy of the audit agenda and sign-in sheet will suffice. Please do not hand the investigator the entire audit file, because bad things can potentially happen. If you need to ask why, you just might be working in the wrong industry.
As for overall compliance with the requirement, device establishments are required to script a procedure. The good news is creating an audit schedule is left completely in the hands of the establishment. When scripting the annual audit schedule, audits can be planned for and executed monthly, quarterly, semi-annually or even annually. However, the dates, results and the need to re-audit problem areas do need to be documented. Additionally, the auditors need to be appropriately qualified. Dr. D recommends using ISO 19011 for guidance pertaining to auditor qualification and training. Furthermore, auditors should not be auditing functional areas where they have some level of oversight and responsibility (i.e., auditing their own work). Finally, when issues are noted during an audit, some level of corrective action needs to be pursued. The doctor is seeing a trend of moving away from using the CAPA system to correct audit deficiencies and having a more informal approach to correcting audit non-conformances. Why? If you must ask, it is because the FDA does have access to an establishment’s CAPAs. In fact, that is where most inspections start.
For this week’s guidance, the doctor will leave the readers with two takeaways. One: The execution of quality audits is one of the most basic elements of a quality management system. It really is a valuable tool that should be used to gage the effectiveness of an establishment’s approach to quality. Two: The results of quality audits do not have to be shared with our friend from the agency when they drop by for a cup of coffee and an inspection. However, documented evidence that audits are being performed is required. In closing, thank you again for joining Dr. D; and I hope you found value in the guidance provided. Until the next installment of DG, cheers from Dr. D., and best wishes for continued professional success.
- Code of Federal Regulation. (2015, April). Title 21 Part 820: Quality system regulation. Washington, D.C.: U.S. Government Printing Office.
- Devine, C. (2011). Devine guidance for complying with the FDA’s quality system regulation – 21 CFR, Part 820. Charleston, SC: Amazon.
- Devine, C. (2013). Devine guidance for managing key attributes of a FDA-compliant quality management system – 21 CFR, Part 820 Compliance. Charleston, SC: Amazon.
- FDA. (June 2016). Inspections, Compliance, Enforcement, and Criminal Investigations. General Medical Company. Accessed December 04, 2016. Retrieved from http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2016/ucm508251.htm