The term specific to Japan that the doctor would like to remind the readers this week is “Shonin
.” As mentioned in a previous column
, Shonin is the pre-market submission process associated with Class III and IV devices (and occasionally Class II devices not categorized as Specified Controlled Devices) in Japan. Class III and IV devices are also known as “Highly Controlled Medical Devices” Additionally, devices in this category require a pre-market approval application to be filed with PMDA and obtain approval.
Control of purchasing and supplier management activities continue to be the Achilles heel for many medical device companies. The problem is rooted in effective supplier management. You see, there is simple seven-letter word “control” that is often misinterpreted by device manufacturers. In the eyes of regulatory bodies, or in this case the Japanese regulatory bodies (MHLW and PMDA) control of suppliers means device manufacturers must actually evaluate and select their supplier base premised on the supplier’s ability to meet requirements. However, Dr. D would like to add a four letter word of his own @#!$ (just kidding) the word is “risk.” Device manufacturers need to be pursuing a risk-based approach to supplier selection, evaluation, qualification, and sustaining activities. Now the doctor is not one to want to vilipend (look-it-up) the Japanese regulatory bodies, as that would equate to poking a bear in the eye with a sharp stick. So the message that needs to be sent, in the case of this week’s guidance, is to just comply baby. That being said, Dr. D hopes you enjoy this week’s guidance.
Ministerial Ordinance Number 169 (2004)
Chapter Two “Manufacturing Control and Quality Control in Manufacturing Sites of Medical Device Manufacturers, etc.”
Section Five – Product Realization
Article 37 The manufacturer, etc. shall establish the documented procedure to ensure that the purchased products conform to the requirements that they specify for the purchased products (hereinafter referred to as “purchased product requirements”).
2. The manufacturer, etc. shall ensure that the type and extent of the control applied to the supplier and the purchased products are dependent upon the effect of the purchased products on subsequent product realization or the final products.
3. The manufacturer, etc. shall evaluate and select the suppliers based on their ability to supply the products in accordance with the purchased product requirements.
4. The manufacturer, etc. shall ensure that the criteria for the selection, evaluation and re-evaluation are established.
5. The manufacturer, etc. shall ensure that the records of the results of the evaluations specified in preceding Paragraph 3 and any necessary actions arising from the evaluation are maintained.
Article 38 The manufacturer, etc. shall ensure that the information on the purchased products (hereinafter referred to as “purchasing information”) describes the products to be purchased, including the following items where appropriate.
(1) The requirements for the approval of the purchased products, procedures, processes and equipment,
(2) The requirements for the qualification of the personnel,
(3) The quality management system requirements, and
(4) Other information necessary for the purchased products.
2. The manufacturer, etc. shall ensure the adequacy of the purchased product requirements prior to their communication to the supplier.
3. The manufacturer, etc. shall maintain, to the extent required for the traceability given in the documented procedure in accordance with the provision of Paragraph 2 of Article 48, relevant purchasing information, i.e. documents and records.
(Verification of Purchased Products)
Article 39 The manufacturer, etc. shall establish and implement the inspection or other activities necessary for ensuring that the purchased products meet the specified purchase requirements.
2. Where the manufacturer, etc. or their customer intends to perform the verification at the supplier’s premises, the manufacturer, etc. shall state the intended verification arrangements and method of the product release in the purchasing information specified in preceding Article.
3. The manufacturer, etc. shall maintain the records of the verification specified in preceding Paragraph 2.
What device manufacturers need to know
Similar to 21 CFR, Part 820.50 and clause 7.4 of ISO 13485:2003, MO 169 has definitive requirements for the purchasing of materials to be employed by medical device manufacturers and the control of the suppliers they use. As the doctor stated in the introduction, the level of supplier control must be appropriate for the product or service being purchased; henceforth, the risk-based approach for supplier management. As a minimum, just like all of the other published regulations, an established procedure is required for the purchasing and supplier management process. The doctor has experienced the joy of attempting to audit a procedure with purchasing and supplier management activities jammed into one humungous document. Dr. D’s best advice to the readers is just “don’t do it.” It is better to have two separate, stand-alone procedures; one procedure dedicated to purchasing and one procedure dedicated to supplier management. Remember, these documents will be intertwined as they need to effectively have references and pointers to shared roles and responsibilities. However, purchasing and supplier management are functionally different in the eyes of the doctor. For those of you that may disagree with Dr. D too bad, my blog, my opinions.
As you are preparing to script the purchasing and supplier management procedures, there are a few salient requirements that you need to keep in the forefront of your thought process. For starters, the procedures, needed to be prescriptive in regards to defining the appropriate level of supplier controls for each purchased product or service. For example, if the device company is purchasing lint-free wipes for use on the manufacturing floor, the risk to the product is probably going to be low so the supplier controls are going to be low, e.g., maybe just a brief supplier questionnaire is all that will be required. However, if the supplier provides sterilization services, an on-site assessment is probably going to be in order due to the significant increase in risk associated with finished medical device sterilization. The good news is that the purchasing process is owned by the device manufacturer and they do retain some leverage in regards to implementing an effective approach to the purchasing process.
Additionally, the criteria for the supplier selection process, the supplier evaluation process, and the supplier re-evaluation process must be defined in a procedure. Do not forget to add a supplier disqualification process to the procedure. Yes, the doctor knows that disqualification has negative connotations; but hey, Dr. D is a realist.
Eventually, a device manufacturer will end up disqualifying a bad supplier. Furthermore, records of supplier evaluations are required. Can you say documented evidence of compliance? Dr. D knew you could.
The doctor is going to provide the readers with some more, not-so-earth-shattering-news. Device manufacturers are expected to put their procurement requirements in writing. Who knew? Seriously, MO 169 requires device manufacturers to:
- Define the actual requirements (i.e., material specs, purchase orders, etc.);
- Define special requirements in regards to personnel qualifications for a supplier (if deemed appropriate);
- Define QMS requirements (e.g., ISO 9001:2008); and
- Any additional information that may be considered relevant to the procurement process.
Prior to issuing a purchase order to the supplier, it is incumbent upon the device manufacturer to ensure the requirements specified are adequate. When in doubt, the quality folks should review and approve the purchase order before the order is placed. Another requirement associated with MO 169 and the purchasing process is traceability. Make sure appropriate levels of traceability are implemented in accordance with MO 169.
Finally, similar to ISO 13485 and the Quality System Regulation, purchased product must be verified. The verification of purchased product implies defensive-receiving inspection. Note to readers: the doctor hates defensive-receiving inspection; and spent a two years studying the virtues of receiving inspection in support of my doctoral dissertation. Considering medical device manufacturers are paying their suppliers good money for conforming product, defensive-receiving inspection is not a value-added proposition. The good news here is that the device manufacturer can establish an inspection process that aligns with their business model. It is an acceptable approach to have the supplier perform the final inspection and provide the statistical data for the device manufacturer to review. This approach can be enhanced by defining a specific level of process capability for a supplier to meet, e.g., a CpK of 1.33. MO 169, under Article 39, also delineates the use of source inspection as a viable option for the verification and acceptance of purchased products. If you think defensive-receiving inspection is expensive, you had better have your CFO hold onto their wallet because source inspection can be really expensive. Now granted, source inspection may be a necessary evil at some point in time, it is always better to select suppliers that are capable of meeting procurement requirements 110% of the time. One final thought in regards to the verification process; do not forget to maintain records of the inspections performed. Why? Because documented evidence of compliance is needed.
What device manufacturers need to do
In keeping with previously issued guidance, Dr. D recommends that organizations continue with the mapping of the QMS to MO 169 (reference Table 2.0). Like the doctor previously stated, you should draft two procedures (my humble opinion) to meet the MO 169 requirements. However, if your organization chooses to write just one, that is acceptable too. Now if your organization is too busy to write these procedure, you could always retain Devine Guidance International, Inc. (yes – the doctor is a paid spokesperson for DGII) to draft the documents. Regardless of who drafts the procedure(s), the following should be included into the procedures:
- Make sure the Purchasing SOP defines all aspects of the procurement process.
- Make sure the Purchasing SOP references the Supplier Management SOP.
- Make sure the Purchasing SOP references the Purchase Order Form.
- Make sure the Purchasing SOP references the use of an Approved Supplier’s List (ASL).
- Make sure the Purchasing SOP states that purchase orders (including change orders) are always sent to the supplier.
- Make sure the Purchasing SOP states that a component specification, purchase specification, or other supporting documentation accompanies each purchase order.
- Make sure the Purchasing SOP delineates the type of purchasing record(s) to be retained and where the records are retained.
- Make sure the Purchasing SOP delineates the use of a Supplier No-Change Agreement.
One more final thought, let’s call it a final-final thought, if a supplier balks at signing a no-change agreement, participating in a supplied data program, or allowing source inspections, quickly run away from this supplier. They will only break your heart when they fail to meet your organization’s procurement requirements or worse yet, result in a product “recall” (the doctor’s favorite six-letter word).
For the Supplier Management SOP, the same level of granularity is required. For example, the Supplier Management SOP should contain:
- The requirements for supplier selection;
- The requirements for supplier evaluation (including audit checklists and questionnaires);
- The requirements for supplier re-evaluation; and
- The requirements for supplier disqualification.
Dr. D also recommends creating a supplier-category table; and assigning each supplier a category, premised on risk. This will allow the device manufacturer to define the re-evaluation process for each category of supplier. Table 2.0 depicts a basic supplier category table.
Additional supplier management requirements to consider are:
- The establishment of a supplier statistical data program (supplied data) in lieu of defensive-receiving inspection;
- The establishment of a skip-lot inspection program and similar programs to reduce the burden of defensive-receiving inspection;
- The use of supplier report cards;
- The supplier corrective action process;
- Target acceptance rates at incoming inspection; and
- A supplier quality agreement that delineates the roles and responsibilities for the device manufacturer and the supplier.
Make sure to establish a stand-alone SOP for Defensive-Receiving Inspection. Yes, the doctor knows it is additional work; however, you can thank me later. The procedure should contain:
- Inspection sample sizes;
- Material acceptance requirements;
- Acceptance labeling;
- References to types of inspection (First Article, Receiving, Skip-Lot, or Supplier Statistical Data; a.k.a., supplied data);
- The collection of inspection metrics;
- A pointer to the non-conforming material process; and
- A pointer to the supplier corrective action process.
|Annual On-Site Assessment Mandatory – Due to Risk
|| Contract Manufacturers
| Category 2
||On-Site Assessment Mandatory – Once Every 2 years (Premised on Schedule & Risk)
Components Identified as Critical Premised on the Device FMEA
| Category 3
||On-Site Assessment as Necessary (Premised on Risk)
Mail-in Survey Required Once Every 3 Years
Non-Critical Custom Material, Process, and/ or Component
| Category 4
Current EN ISO 9000 or EN ISO 13485 Quality Certificate is acceptable in lieu of survey
Distributors of Catalog Components
| 21 CFR, Part 820
| EN ISO 13485:2003
| MHLW MO 169
1251-1 Rev B
|| Purchasing Process
|| Article 37
| 1251-1 Rev B
|| Purchasing Information
|| Article 38
| 1252-1 Rev A
|| Supplier Management
|| Purchasing Process
|| Article 37
1253 – 1 Rev C
| Receiving Inspection
||Verification of Purchased Product
As many of the readers already know, the doctor is quite passionate about purchasing and supplier management. This is one area where a supplier’s poor performance can have a direct impact on the safety and efficacy of a finished medical device. In fact, a bad supplier can easily result in a product “recall” (yes – that nasty 6-letter word). That being said, the doctor will leave the readers with six takeaways from this guidance.
- Write separate procedures for Purchasing, Supplier Management, and Defensive-Receiving Inspection.
- Make sure a supplier no-change agreement is signed and on file.
- If possible, implement a supplied data program.
- When deemed appropriate, always issue a supplier a corrective action request for non-conformances.
- The doctor strongly recommends writing supplier quality agreements for key suppliers.
- Make sure the supplier selection and evaluation process is linked to risk.
Until the next edition of DG, when the doctor begins providing guidance on MO 169 – Chapter 2, Section 5 “Product Realization” (Articles 40 through 43 – Production and Service Provision), sayonara from Dr. D and best wishes for continued professional success.
- Code of Federal Regulation. (2011, April). Title 21 Part 820: Quality system regulation. Washington, D.C.: U. S. Government Printing Office.
- EN ISO 13485:2003. (2004, February). Medical devices – quality management systems – requirements for regulatory purposes (ISO 13485:2003).
- Ministerial Ordinance 169. (2004). MHLW ministerial ordinance 169 on standards for manufacturing control and quality control for medical devices and in-vitro diagnostic reagents. Retrieved June 1, 2012, from http://www.pmda.go.jp/english/service/pdf/ministerial/050909betsu3.pdf
There are some unique record-retention requirements associated with Ministerial Ordinance 169: So employ a little bit of common sense and script just one well-written SOP for all of your organization’s needs.
Make sure that the procedure scripted by your organization addresses all of the requirements associated with “Improvement” (Article 62). Since most medical device manufacturers get the complaint management piece right, let’s focus on what is often missed.
The most important piece of information that you can garner for Article 80 is the change in time-period duration for record retention.
Training is one of the areas that result in many non-conformances being issued during quality system audits.