Dr. Christopher Joseph Devine, President, Devine Guidance International
Devine Guidance

Management Review, Be Careful of What You Share

By Dr. Christopher Joseph Devine
Dr. Christopher Joseph Devine, President, Devine Guidance International

You don’t need to tell FDA all the gory details.

A few times each year Dr. D comes across a warning letter that cites the failure of management to adequately review the effectiveness of their establishment’s quality management system (QMS) and/or fails to document that such a review has occurred. Now the doctor has mentioned on multiple occasions that the content of such reviews are not required to be shared with the agency when they arrive for a friendly cup of coffee and an inspection (reference §820.180(c) – Exceptions). However, regardless of the exceptions depicted in the quality system regulation (QSR), each establishment is required to provide documented evidence that such reviews are occurring, just not all of the gory details. When a Chief Jailable Officer (CJO) is not able to provide an investigator with documented evidence that a management review was performed, a laconic (look-it-up) investigator from the FDA, will quickly come to the conclusion that a Form 483 observation is warranted for the violation of the QSR. Enjoy!

Warning Letter – December 15, 2016

My dear readers, there is really nothing in the warning letter mentioned in this week’s guidance that strikes Dr. D as being extraordinary. In fact, the six observations noted are frequently cited Form 483 observations. Additionally, the offending establishment provided a response to the Form 483 observations and by all accounts it appears the agency found the response acceptable and filed it pending verification during the next inspection. That being said, Dr. D does find the issuance of this warning letter somewhat puzzling; however, the doctor was not there, so Dr. D’s focus will be providing guidance on how establishments can successfully navigate through the management review piece while meeting the requirements of the QSR.

Warning Letter Excerpt

Observation Three (3) – “You failed to review and document the suitability and effectiveness of the quality system at defined intervals. The dates and results of management review meetings, including a list of attendees and review of quality trend analyses, were not documented from January 2015 to September 2016.”

21 CFR, Part 820.20 – Management Responsibility

“(c) Management review. Management with executive responsibility shall review the suitability and effectiveness of the quality system at defined intervals and with sufficient frequency according to established procedures to ensure that the quality system satisfies the requirements of this part and the manufacturer’s established quality policy and objectives. The dates and results of quality system reviews shall be documented.”

Compliance for Dummies

Unlike management review in the ISO world (reference ISO 13485:2016, Clause 5.6) a meeting is not necessarily warranted to comply with FDA requirements, just a review of the QMS by management. However, most establishments dabble in multiple regulatory environments, so an official management review meeting placates multiple regulatory bodies, and a meeting is the preferred modality. Since the content of the management review does not have to be shared with FDA, Dr. D strongly recommends the creation of an agenda and signature sheet that captures attendees and the date that the review was performed. If you decide to use the ISO 13485 format for review inputs and outputs, capture those as part of the agenda.

Additionally, the frequency of the management review needs to be clearly defined. It is the doctor’s humble opinion (ok, Dr. D’s opinions are not so humble) the frequency of these reviews should at least be quarterly. Once a year (a.k.a., annually), which is typically invoked by many device establishments, is just not effective. You may want to consider adding the management reviews to the master audit schedule that contains: (a) notified body audits; (b) internal audit; (c) other planned audits; and (d) management reviews. This way the entire establishment has visibility into the management review schedule.

When the FDA finally does grace your establishment with their presence for coffee and an inspection, if management review is on the table, you can share:

  • The management review attendance sheet (ensure the sheet has the date the review was performed)
  • The agenda for the review
  • A brief summary statement discussing the review’s outcome

Remember, the meat of the management review does not have to be shared with FDA.

Takeaways

For this week’s guidance Dr. D will leave the readers with just one takeaway. One: Please remember, the content (a.k.a. the meat) of the management review does not have to be shared with FDA. Establishments shall provide FDA with documented evidence that the reviews are occurring (e.g., sign-in sheet, agenda, and brief summary discussing the outcome). In closing, thank you again for joining Dr. D, and I hope you found value in the guidance provided. Until the next installment of DG, cheers from Dr. D., and best wishes for continued professional success.

References

  1. Code of Federal Regulation. (April 2016). Title 21 Part 820: Quality system regulation. Washington, D.C.: U.S. Government Printing Office.
  2. Code of Federal Regulation. (April 2016). Title 21 Part 803: Medical device reporting. Washington, D.C.: U.S. Government Printing Office.
  3. Devine, C. (2011). Devine guidance for complying with the FDA’s quality system   regulation – 21 CFR, Part 820. Charleston, SC: Amazon.
  4. Devine, C. (2013). Devine guidance for managing key attributes of a FDA-compliant quality management system – 21 CFR, Part 820 Compliance. Charleston, SC: Amazon.
  5. FDA. (December 2016). Inspections, Compliance, Enforcement, and Criminal Investigations. Nomax, Inc.  Accessed February 28, 2017. Retrieved from https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2016/ucm534145.htm

About The Author

Dr. Christopher Joseph Devine, President, Devine Guidance International

With the implementation of MDSAP what information will have to be shared? In my years of experience, ISO has always been able to and has reviewed management review content (minutes, handouts, etc.). A sign in page, dates of review and agenda were never considered acceptable. Now that MDSAP is combining the requirements of the regulatory world, what level of information is expected?

  • Dr. D

    Sarah, Thank you for reading DG. You make bring up an excellent point. As disparate regulatory environments converge under MDSAP, regulatory requirements are going to change. I concur in that device establishments routinely share review content with their notified bodies; however, considering the NBs are essentially suppliers, establishments pay for that pain. However, regardless of MDSAP, QSR is still considered law until changed. More to come I am sure. Be Well, Dr. D

  • James Shore

    Dr. D – a great article outlining great advice. Just to follow up with Sarah’s comment, then the only thing I should show the ISO Registrar is the three bulleted items and not the “meat?” I’m just curious to see how our Registrar will react to that position. It has become to the the expectation to share everything with the Registrar knowing this was all confidential and would not be shared.

    Thanks and hope all is well,
    Gunny

  • Leave a Reply

    Your email address will not be published. Required fields are marked *