Dr. Christopher Joseph Devine, President, Devine Guidance International
Devine Guidance

‘Play it Again Sam’: Bad News for a Device Establishment

By Dr. Christopher Joseph Devine
No Comments
Dr. Christopher Joseph Devine, President, Devine Guidance International

Have repeat observations from a previous inspection? Expect a warning letter.

For those of you who may be a little long in the tooth like Dr. D or just like old movies, “Play it again Sam” was a line made famous by Humphrey Bogart in the classic movie Casablanca. The line was great for a movie. However, when the FDA shows up in a device establishment’s lobby for that friendly cup of coffee and an inspection, having a repeat Form 483 observation is a bad thing—henceforth, the “play it again” analogy for this week’s guidance. Device establishments never want to have a repeat observation during an inspection. Why? If you have to ask, you are scaring the old doctor but if you must, repeat Form 483 observations typically result in the issuance of a warning letter. This time of year such letters are not accompanied by a holiday greeting such as “Happy Holidays from your friends at FDA” or “Merry Christmas from your local district office.” In fact, for the discerning Chief Jailable Officer (CJO) on the receiving end of an agency warning letter, this individual probably wants to run outside to scream and shout objurgations (look-it-up) at the world. Enjoy!

Warning Letter – November 30, 2016

The recipient of the warning letter referenced in this week’s article received seven Form 483 observations as a result of an agency inspection, with the first observation being a repeat from this establishment’s previous inspection. To make matters worse, all seven of the responses provided to the agency were found to be “not adequate” by FDA. Ouch, ouch, and ouch again. A 0 for 7 performance is really bad in baseball, but it is truly a disaster when dealing with FDA. Now granted, on occasion the agency may not agree with the steps a device establishment has proposed to mitigate a compliance issue with the quality management system (QMS). However, putting up goose eggs is a rare event. It is Dr. D’s opinion that the agency was clearly sending a message. Hopefully, the message is well-received and mitigation activities quickly take place.

Warning Letter Excerpt

Observation One (1) “failure to establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements, as required by 21 CFR 820.50.  Specifically, your firm has not established purchasing control procedures for the evaluation of suppliers, contractors, and consultants.  This is a repeat observation from our inspection in 2013.”

“We reviewed your firm’s response and conclude that it is not adequate.  In response to the inspection, your firm submitted written procedure PURCHASING PM104 that generally describes vendor approval criteria.  Your response is not adequate in that you have not described how you will document your evaluation and selection of potential suppliers, contractors and consultants on the basis of their ability to meet specified requirements, including quality requirements, as required by 21 CFR 820.50(a)(1).  Furthermore, you do not address controls over suppliers, contractors, and consultants to ensure your firm will be notified of any changes in the product or service so that you may evaluate the effect of those changes on the quality of your firm’s finished devices.  Additionally, there is no indication in the forms and procedures you submitted how this new procedure will be implemented for existing suppliers, contractors, and consultants.”

21 CFR, Part 820.50(a) – Purchasing Controls

Each manufacturer shall establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements.

(a) Evaluation of suppliers, contractors, and consultants. Each manufacturer shall establish and maintain the requirements, including quality requirements, that must be met by suppliers, contractors, and consultants. Each manufacturer shall:

(1) Evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements. The evaluation shall be documented.

(2) Define the type and extent of control to be exercised over the product, services, suppliers, contractors, and consultants, based on the evaluation results.

(3) Establish and maintain records of acceptable suppliers, contractors, and consultants.

Compliance for Dummies

First and foremost, responding to a Form 483 observation or a warning letter is somewhat of an art form. Firstly, let us start with the 15-day response window (tick-tock, tick-tock, the clock is ticking away). Secondly, the respondent really does need to be skilled in the response process and capable of using fine prose to paint a clear picture of the past, present and future state for each observation noted, including a clear path defining the mitigation activities pursued and the verification of effectiveness. Additionally, if the nonconformance is for failing to establish a procedure for, let us say, “Purchasing Controls,” it might be nice to actually script and implement a procedure for purchasing controls. What part of compliance with Part 820 (the Quality System Regulation, a.k.a. QSR) is not being understood? My dear readers, compliance is the easy part of the device industry. Please repeat after Dr. D, “There is no such thing as minimum or maximum compliance, there is just compliance.” Repeat three times, fast!

As for the purchasing controls piece, there are four salient parts to a purchasing controls / supplier management program:

  • Establish (define, document, and implement) a purchasing controls process, which clearly defines how your establishment will manage its procurement process, including supplier base (suppliers, contractors, and consultants)
  • Ensure that the written procedure defines how each supplier is to be assessed, including how they are qualified to meet your requirements
  • Defining what supplier controls are necessary premised on the results of the evaluation (e.g., mandatory receiving inspection)
  • Documentation for everything relating to purchasing controls (i.e., supplier questionnaires, quality contracts; no-change agreements, results of audits, ISO certifications, etc.)

The best advice Dr. D can offer the readers is to link your procurement process and approach to supplier management to risk (patient, product, user, regulatory and business). The higher the risk, the more controls are warranted. This is nothing more than old-fashion common sense, right? There is some good news to share with those readers who have not read the QSR from cover-to-cover. The good news is that the results of supplier audits do not have to be shared with FDA. The bad news is that device establishments must provide documented evidence that such evaluations have been performed. Best practice is to share an audit agenda and attendance sheet for each supplier audit performed. For questionnaires, have a cover page with basic supplier information that can be shared with FDA. If you have an ISO certification from a supplier, that is also acceptable to share with an investigator from FDA. Chances are pretty good, they can quickly get their own copy from your supplier’s website.


For this week’s guidance, the doctor will leave the readers with just one takeaway. One: There is no such thing as minimum compliance. There is no such thing as maximum compliance. There is just compliance. In closing, thank you again for joining Dr. D, and I hope you found value in the guidance provided. Until the next installment of DG, cheers from Dr. D. and best wishes for continued professional success.


  1. Code of Federal Regulation. (2015, April). Title 21 Part 820: Quality system regulation. Washington, D.C.: U.S. Government Printing Office.
  2. Code of Federal Regulation. (2015, April). Title 21 Part 803: Medical device reporting. Washington, D.C.: U.S. Government Printing Office.
  3. Devine, C. (2011). Devine guidance for complying with the FDA’s quality system   regulation – 21 CFR, Part 820. Charleston, SC: Amazon.
  4. Devine, C. (2013). Devine guidance for managing key attributes of a FDA-compliant quality management system – 21 CFR, Part 820 Compliance. Charleston, SC: Amazon.
  5. FDA. (November 2016). Inspections, Compliance, Enforcement, and Criminal Investigations. United Contact Lens, Inc. Accessed November 30, 2016. Retrieved from http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2016/ucm532322.htm

About The Author

Dr. Christopher Joseph Devine, President, Devine Guidance International

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.