If you are a returning visitor, welcome back to this 4th installment of Devine Guidance. If this is your first time, I hope you have a chance to read the first-three installments of my blog.
In this installment, I will continue with the defensive-receiving inspection theme, a process that I feel “has limited-value.” That said, please dear colleagues do not heap contumely (yep – look it up) on me for my quality beliefs. Additionally, I will dive into the 1st Article Inspection (FAI) process, and the value of Supplier Statistical Data (SSD). Obverse to my beliefs pertaining to defensive-receiving inspection, I find significant value in an effective FAI process and accurate SSD.
Warning letter violation
Let me start off by stating, there are no regulatory requirements specific to an organization executing a FAI program; however, world-class organizations find real value in FAI because, when correctly executed, it will find issues before these potential non-conformances manifest themselves in finished medical devices. The potential cost-saving gleaned from FAI can be substantial. From a requirement standpoint, FAI loosely falls under the category as acceptance activities for procured product. SSD, if employed for acceptance of purchased product falls, into the same category. However, the Quality System Regulation (QSR) contains requirements for the employment of statistical concepts for acceptance activities that can influence the employment of SSD as a reduced inspection program.
Once again, I have cut and pasted another QSR violation, extracted from a recently issued FDA warning letter. This warning letter was issued in July of 2009 and focused on the lack of documented defensive-receiving inspection results. It also pointed to the need for Good Documentation Practices (GDP) and the accurate documentation of inspection results. Remember, “If the event or activity is not documented in writing, in the eyes of the FDA, the event or activity did not occur.”
Failure to document acceptance activities as required by 21 CFR 820.80(e). For example, in March 2009, 464 incoming bottles (part # 6700-0209-500) were received, visually inspected, and measured for wall thickness. There is no documentation to show inspectional results including values for measured wall thickness and results of the visual inspection; results are simply reported as passing.
Your response, dated June 16, 2009, addressing proposed revisions to procedures for incoming inspection, is inadequate in that the procedure is not yet complete and is not included with the response for review. In addition, a new procedure governing Good Documentation Practices, SOP 505057, was created, but it is not yet implemented and was not included with the response for review.
Regulations and requirements
The QSR, Medical Device Directive (MDD), and EN ISO 13485:2003/AC2007 continue to be sufficiently vague when delineating requirements for FAI and SSD. Now let’s all repeat my quality mantra, at least the underlined part; “compliance to regulations is not optional and should be viewed as the cost of admission to participate in the world of medical device manufacturing.” That said, the key regulations providing oversight for the inspection of procured product, statistical concepts, and documentation are:
1. QSR – Subpart H – Acceptance Activities
(a) General. Each manufacturer shall establish and maintain procedures for acceptance activities. Acceptance activities include inspections, tests, or other verification activities.
(b) Receiving acceptance activities. Each manufacturer shall establish and maintain procedures for acceptance of incoming product. Incoming product shall be inspected, tested, or otherwise verified as conforming to specified requirements. Acceptance or rejection shall be documented.
(c) Acceptance records. Each manufacturer shall document acceptance activities required by this part. These records shall include:
- The acceptance activities performed;
- The dates acceptance activities are performed;
- The results;
- The signature of the individual(s) conducting the acceptance activities; and
- Where appropriate, the equipment used. These records shall be part of the DHR.
(a) Each manufacturer shall establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements.
2. QSR – Subpart 0 – Statistical Techniques
(a) Where appropriate, each manufacturer shall establish and maintain procedures for identifying valid statistical techniques required for establishing, controlling, and verifying the acceptability of process capability and product characteristics.
(b) Sampling plans, when used, shall be written and based on a valid statistical rationale. Each manufacturer shall establish and maintain procedures to ensure that sampling methods are adequate for their intended use and to ensure that when changes occur, the sampling plans are reviewed. These activities shall be documented.
3. MDD (no change from installment 3)
Article 3 – Essential Requirements: The devices must meet the essential requirements set out in Annex I, which apply to them, taking account of the intended purpose of the devices concerned.
Where a relevant hazard exists, devices, which are also machinery within the meaning of Article 2(a) of Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery shall also meet the essential health and safety requirements set out in Annex I to that Directive to the extent to which those essential health and safety requirements are more specific than the essential requirements set out in Annex I to this Directive.
Annex II.3 EC Declaration of Conformity – Full Quality Assurance System: The manufacturer must ensure application of the quality system approved for the design, manufacture and final inspection of the products concerned, as specified in Section 3 and is subject to audit as laid down in Section 3.3 and 4 and to Conformity surveillance as specified in Section 5.
EN ISO 13485 – 4.2 Documentation Requirements: 4.2.4 Control of Records – Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable, and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time, and disposition of records.
EN ISO 13485 – 7.4 Purchasing: 7.4.3 Verification of Purchased Product – The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements. Where the organization or its customer intends to perform verification at the supplier’s premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information. Records of the verification shall be maintained.
1st article inspection
Raise your hand if you think a FAI is the measuring of the initial component or first production lot. If you raised your hand, you would be incorrect; now if you actually raised your hand, please lower it, and read on.
In support of establishing an effective FAI process, a supplier must be able to manufacture product in accordance with the component or procurement specification. The process commences with the supplier and the manufacturer agreeing on the data and format, completing the FAI, and then analyzing the data for accuracy and correlation. The concept of the first-article inspection has different meanings for different organizations; however, it is much more than the inspection of the first manufactured component. Additionally, the intent of this installment of Devine Guidance is not to castigate ineffective FAI practices pursued by other organizations, but to bring into focus world-class practices needed to execute an effective FAI.
Prior to my migration into the medical device world, I spent several years working in the aerospace industry, which, similar to the medical device industry, is heavily regulated. In fact, I strongly recommend that you find some time and actually read AS9102, the current aerospace standard governing FAI for the aerospace industry. One of the benefits gleaned from the employment of AS9102 is consistency in the FAI process. Initially, organizations categorized the AS9102 approach to FAI as a fiscally prohibitive approach due to the costs directly linked with the extended inspection hours associated with performing a detailed FAI. However, due to the potential for escalating costs resulting from product failure, AS9102 is a proven tool for reducing the number of product non-conformances reaching the field.
The FAI process is an integral requirement needed for material qualification and supplier certification. The FAI process consists of measuring a statistically significant sample randomly selected from each of the initial manufacturing runs (a minimum of three is recommended) provided by a supplier. Additionally, the supplier is required to execute a Gage R & R Study (we will explore this in the next installment) to support the accuracy of dimensional measurements and the effectiveness of the tools employed for the measurement process. The FAI process adheres to a predetermined sample-size requirement for all dimensional measurements premised on risk of product failure and input extracted from the design failure modes and effects analysis, (DFMEA).
Finally, you, as the medical device manufacturer, must work with the supplier in identifying characteristics to be measured, and subsequently collecting and analyzing statistical data that will be employed as a gauge for ongoing production. As stated in the previous column, the supplier is considered the expert in the manufacturing of material employed in the manufacturing of finished medical devices. This expertise drives the need for the supplier to take the lead in identifying the appropriate characteristics requiring ongoing measurement and monitoring for statistical analysis.
There are four categories of features requiring measurement: Critical (C), major (M), minor (m) and audit (A). The sample-sizes, dimensions requiring measurement, process capability requirements, etc. should be defined in advance, with supplier acknowledgment and linked directly to the feature category. As criticality, premised on the DFMEA, increases, so should sample sizes for the associated feature requiring measurement. Additionally, although not a prerequisite, I recommend designing your own FAI form. This document can be constructed so the supplier can quickly enter measurement data. Considering all of the statistical packages on the market today, such as Minitab™, a supplier should be able to provide accurate process capability data and attach the results to your own documentation. Once the supplier completes the FAI and provides the samples, results, statistical data, etc., you should plan to repeat the entire process internally. But why should you repeat work that has already been paid for and completed by your supplier? This is the one of the few times I find some value in defensive-receiving inspection. It is also a sure-fire way to ensure you and your suppliers are on the same page, as ascertained through the successful correlation of the FAI results. This process also feeds nicely into the concept of SSD and the employment of SSD to reduce the defensive-receiving inspection burden.
Supplier statistical data
Through the employment of an interactive approach to supplier management, with active supplier participation, tools such as the collection and analysis of measurement data can result in a reduction in the defensive-receiving inspection pursued. In conjunction with the first-article inspection process, it is a reasonable expectation that the specification creators take the opportunity and work with the suppliers in determining critical features requiring measurement in support of the SSD process. The supplier has the capability to identify the correct dimensions needed to gauge the overall effectiveness of their manufacturing processes and the sustainability of long-term process control. In fact, FAI and SSD requirements should be built into the same specification, can depict the importance of each feature (C, M, m, and A), and link criticality and risk directly to a sampling plan, aligned with the DFMEA.
Each supplier selected for participation in the supplied data program should meet certain requirements prior to inclusion into this program. At a minimum, the supplier should pass an initial supplier assessment (including a review of the D & B Report), pass the FAI for the procured component, complete a supplier non-disclosure agreement, meet a pre-determined level of process capability during the first-article process, and sustain a minimum level of process capability during production. Eventually, the goal is to push the supplier toward Six-Sigma compliance. Additionally, each supplier should meet the following criteria to qualify for inclusion into a SSD program.
- The supplier and the medical device manufacturer must sign the jointly created (with both supplier and manufacturer inputs) SSD agreement that defines the features requiring measurement and appropriate sample sizes.
- A minimum of number of consecutive lots (recommend at least three) must pass the appropriate defensive-receiving inspection criteria, with no defects or anomalies noted.
- No supplier corrective action requests or similar supplier remediation activities are outstanding
Finally, you need to ensure your suppliers and inspectors receive adequate training in support of the SSD program. I have witnessed suppliers providing the wrong measurement data or supplying component lots with targeted process control limits lower than the agreed upon SSD agreement. Worse, I have witnessed receiving inspection organizations accepting component lots premised on the availability of the SSD, without verifying the data is acceptable. Remember, SSD is ultimately a reduced approach to defensive-receiving inspection and not a paper exercise requiring the proverbial rubberstamp.
In closing, FAI and SSD programs, when executed properly, can be valuable tools employed by world-class medical device manufacturers. These tools have the ability to detect potential supplier manufacturing issues early in the design and development process. Additionally, they can significantly reduce the cost of quality by reducing the inspection burden at defensive-receiving inspection. Furthermore, if non-conforming products manage to find their way into your supply chain, potentially forcing field actions, that really, really, ugly word “recall” may come into play. Believe me, recall events are expensive; and it is difficult to place a price on all of the customer goodwill potentially lost.
As I close out this installment, I want to once again thank you for joining me. I hope you return for my next installment when Devine Guidance will be provided for Gage R & R and reduced inspecting programs that can be employed to reduce defensive-receiving inspection.
- Code of Federal Regulation. (2008, April). Title 21 Part 820: Quality system regulation. Washington, D.C.: U. S. Government Printing Office.
- Dimensioning and tolerancing. (1994). American Society of Mechanical Engineers ASME Y14.5M-1994. New York, NY.
- Devine. C. (2009, July). Exploring the effectiveness of defensive-receiving inspection for medical device manufacturers: a mixed method study. Published doctoral dissertation. Northcentral University. Prescott Valley, AZ.
- Ericson, J. (2006, November). Lean inspection through supplier partnership. Quality Progress, 39(11), 36-41.
- Foster, M. (2003, August). 3-D and G D & T takes a concept to production. Quality, 42(8). Retrieved November 3, 2008, from http://proquest.umi.com
- FDA – U.S. Food and Drug Administration Website. (2009). Warning letters. Retrieved January 18, 2010, from http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm193670.htm
- Medical Device Directive. (1993). Council Directive 93/42/EEC. Medical Device Safety Service. Retrieved January 11, 2010, from http://directive93-42-eec.htm
- Medical devices – quality management systems – requirements for regulatory purposes. (2007). EN ISO 13485:2003/AC:2007.
- Morris, R. (2007, July). Enhance first article inspection. Quality, 46(7).