Prevent Quality System Deficiencies by Conducting Effective Internal Audits. Whitepaper

Similar documents
GUIDE TO INSPECTIONS OF QUALITY SYSTEMS

AAMI Quality Systems White Paper: Comparison of 21 CFR Part 820 to ISO 13485:2016 1

GxP Auditing, Remediation, and Quality System Resourcing

Purchasing Controls. FDA Small Business Regulatory Education for Industry (REdI) Conference Denver, Colorado May 13, 2015

GxP Auditing, Remediation, and Staff Augmentation

WHO Prequalification of In Vitro Diagnostics Programme

GxP Auditing, Remediation, and Staff Augmentation

The 5 Building Blocks of a CAPA Solution. Managing Corrective Actions/Preventive Actions for the Consumer Products Industry

Quality Management System MANUAL. SDIX, LLC Headquarters: 111 Pencader Drive Newark, Delaware 19702

MDSAP AUDIT PROCESS. A Manufacturer s Perspective. Connie Hoy EVP Regulatory Affairs Cynosure, Inc.

YOUR CERTIFICATION PROCESS EXPLAINED

Process validation in medical devices

CGMP and Postmarketing Safety Reporting Requirements for Combination Products

The Impact of Quality Culture on Quality Risk Management. FDA Perspective on Quality Culture; how it Impacts Risk Management

ASTM D10-F02 Workshop FDA Regulatory Perspective. Patrick Weixel FDA Center for Devices and Radiological Health


Combination Products Workshop: CGMP and PMSR Requirements. GMP by the Sea August 28, Mark D. Kramer Regulatory Strategies, Inc.

Self-Evaluation/Audit Checklist for Food Supplement Manufacturers

Objective Evidence Record (OER)

THE COMPLETE GUIDE TO FDA-REGULATED SUPPLIER QUALIFICATION & QUALITY MANAGEMENT

Desk Audit of. Based on Federal Transit Administration (FTA) Quality Assurance and Quality Control Guidelines FTA-IT

Revision. Quality Manual. Multilayer Prototypes. Compliant to ISO / AS9100 Rev C

UPPLIER ANUAL. Issued: 01 Aug 13

EPICOR, INCORPORATED QUALITY ASSURANCE MANUAL

HACCP audit checklist

ISO 9001:2008 Quality Management System QMS Manual

Stanley Industries, Inc. ISO 9001:2008 Quality Policy Manual

2015 > Soft Computer Consultants, Inc. 4/30/15

QM-1 QUALITY MANAGEMENT SYSTEMS MANUAL. Revision 10

Comparison ISO/TS (1999) to QS 9000, 3 rd edition (1998)

Quality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation

Food and Drug Administration, HHS Pt Sec Scope Definitions Quality system.

FDA 21 CFR Part 820 vs. ISO 13485:2016 Comparison Table created by greenlight.guru

Guide for Distributors of Medical Devices

Medical Device Purchasing Controls Challenges of Compliance in a World Market June, 2013 OMTEC

21 CFR Ch. I ( Edition) Personnel Design controls Identification Traceability.

ADVANCED INTERNAL AUDIT WORKSHOP

AB. OUR ISO CONFORMANCE AUDIT QUESTIONNAIRES 8. ASSESS HOW WELL YOU CONFORM TO ISO S REMEDIAL REQUIREMENTS

Sections of the Standard. Evidence / Comments. (Y) / Nonconforming (NC)

Supplier Quality Agreements

WHITE PAPER. Food Safety, From Farm to Fork. A Best-Practice Approach to Implementing a Food Safety Management System

Regulatory. Supplier Qualification A Review

ISPE Annual Meeting 29 October 1 November 2017 San Diego, CA

Page 1 / 11. Version 0 June 2014

Quality and Reliability Responsible Commitment to Customers

Regulatory Overview of Proposed LDT Framework. FDA Concerns. Background. FDA Proposed Regulatory Approach. By Ben Berg, Meaghan Bailey, RAC

Quality Manual Revision: C Effective: 03/01/10

For Use By Certification Bodies Performing SAAS Accredited SA8000:2014 Certification Audits

EA-7/04 Legal Compliance as a part of accredited ISO 14001: 2004 certification

CDRH Pilot Activities

MEDICAL DEVICE CLINICAL INVESTIGATIONS AND ISO 14155

ISO 9001: 2000 (December 13, 2000) QUALITY MANAGEMENT SYSTEM DOCUMENTATION OVERVIEW MATRIX

Industry Outreach Quality

FDA Initiatives and Regulatory Trends for Life Sciences. Larry Spears President L. Spears Consulting

FAQs about Certificate of Recognition (COR )

Clause Map IATF 16949:2016 to ISO/TS 16949:2009

Lifecycle Product Quality Risk Management

QUALITY MANUAL Revision H

EVANS CAPACITOR COMPANY

Important Information on Maintaining. SQF Certification December 2016

Specification for Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry

ISO 13485:2016 Mandatory documentation requirements & MyEasyISO

Quality Manual ISO 9001:2000

Q10 PHARMACEUTICAL QUALITY SYSTEM

APS Cleaning Quality Management System Scope of Certification The provision of commercial and industrial cleaning services throughout Queensland.

Making the Calibration

U.S. FDA CENTER FOR DEVICES AND RADIOLOGICAL HEALTH UPDATE. Jeff Shuren Director Center for Devices and Radiological Health

Business Management System: Manual 00-BMS-001

Four Best Practices To Improve Quality In the Supply Chain. Lower supply chain risks and cost of quality

Best Practices: Integration of Risk Management and Corrective and Preventive Action

Guidance for Sponsors, Institutional Review Boards, Clinical Investigators and FDA Staff

Compounding Pharmacies and the Contract Testing Lab

ASQ Tappan Zee Section Medical Devices, New Regulations and Standards. 26 th September / V. Fischer / Rev. 01

DATA INTEGRITY ASSURANCE AS KEY FACTOR FOR SURVIVING CORPORATE AUDITS AND REGULATORY INSECTIONS

UPGRADE ASSESSMENT CHECKLIST

PART 820 QUALITY SYSTEM REGULATION. 21 CFR Ch. I ( Edition)

How to be an Effective GMP Auditor

05/14/2008 VS

Drug and Device Makers Cited in 483s for CAPAs, Poor Documentation in 2014

HP Standard Supplier Requirements for Safe and Legal Products

QUALITY SYSTEM MANUAL

BS2482 TIMBER BOARDS ASSESSMENT REPORT. Assessment Summary

FSC36 SAFE FEED/SAFE FOOD GUIDANCE DOCUMENT

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Developing a Robust Quality System to Assure Data Integrity

OVERVIEW OF THE PREQUALIFICATION OF IN VITRO DIAGNOSTICS ASSESSMENT

ISO /TS 29001:2010 SYSTEMKARAN ADVISER & INFORMATION CENTER SYSTEM KARAN ADVISER & INFORMATION CENTER

List of Documented Information (Document & Records)

SUPPLIER QUALITY SYSTEM SURVEY

Procedures: QP 4 through QP 8, QP 16, QP 17, and QP 19

Compliance & Validation Validation of Software-as-a-Service (SaaS Solutions)

Document Number: QM001 Page 1 of 19. Rev Date: 10/16/2009 Rev Num: 1. Quality Manual. Quality Manual. Controlled Copy

INTERNATIONAL STANDARD

ISO 22000:2005 Standard INTERNATIONAL STANDARDS REGISTRATIONS

UNANNOUNCED EU MEDICAL DEVICE AUDITS BY NOTIFIED BODIES: IMPACT ON SUPPLIERS

TABLE OF CONTENTS 1.0 INTRODUCTION...

2017 Archaeology Audit Program Procedure Manual. April 2017

25 D.L. Martin Drive Mercersburg, PA (717)

GMP Inspection Process. Types of GMP Inspection. Module 18 Slide 1 of 14 WHO - EDM

Transcription:

Prevent Quality System Deficiencies by Conducting Effective Internal Audits Whitepaper

An internal audit system is one of the most effective ways to monitor, analyze, control, and improve quality management systems for medical device companies. The primary function of internal audits is to evaluate the company s performance against the requirements established by the company. Knowing how often and how well the company performs evaluations via routine quality management system status reports significantly reduces potential deficiencies cited by regulators. For example, quality audit procedures (21 CFR 820.22) were ranked ninth on the FDA s list of 483 Warning Letter citations for quality system deficiencies in 2012,. In today s competitive medical device manufacturing environment companies are facing upcoming device tax, 510k reforms, and increased operational costs. Having an effective internal audit program is a way to manage these challenges and stay ahead of competitors without compromising on quality. Manufacturers are required to perform internal audits that consist of a formal, planned check of all elements in the quality system. This is accomplished by identifying deficiencies in processes or procedures when unsatisfactory trends result in defective products and/ or prevent the production of unsafe or nonconforming devices. These regular internal audits manage quality and ensure compliance with federal or international regulations such as U.S. 21 CFR 820.22 or ISO 13485:2003. The audit of a quality system is one of the more critical Good Manufacturing Practice (GMP) requirements from the FDA. Current Good Manufacturing Practice (cgmp) guidelines suggest that manufacturing processes are clearly defined and controlled, with all critical processes validated to ensure consistency and compliance with specifications. When changes are needed, the procedures should be clearly documented. Although it is up to the manufacturer to decide the most effective quality process, following the FDA guidelines can help ease the complexity of the mandatory audit drills that are required. Failure to conduct these audits can result in poor product quality, loss of certification, or lack of process improvement. In the United States, Title 21 of the Code of Federal Regulations (CFR), Part 820, Section 820.22 addresses these key requirements of Quality Audits: Establish procedures for Quality Audits Conduct audits to assure compliance by individuals not having direct responsibility for areas audited Perform corrective action(s), including re-audit of deficiencies Generate a written report of audit results for management review www.spartasystems.com 2

Medical Device Quality Systems Management as per 21 CFR 820.22 The management control subsystem provides adequate resources for device design, manufacturing, quality assurance, distribution, installation, and servicing activities; assures the quality system is functioning properly; monitor the quality system; and make necessary adjustments. A quality system that has been implemented effectively and is monitored to identify and address problems is more likely to produce devices that function as intended. Each inspection should begin and end with an evaluation of this subsystem in order to determine if management with executive responsibility ensures that an adequate and effective quality system has been established (defined, documented, and implemented) at the firm. The corrective and preventive action (CAPA) subsystem collects information, analyzes information, identifies and investigates product and quality problems, and takes corrective action to prevent recurrence. It provides relevant information to management for review and documentation, which is integral to preventing and minimalizing device failures. The CAPA subsystem is broken down further into three distinct sub-categories: Medical Device Reporting, Reports of Corrections and Removals, and Medical Device Tracking. The Medical Device Reporting (MDR) Regulation requires medical device manufacturers, device user facilities, and importers to establish a reporting structure that guarantees the prompt identification and investigation of device-related death, serious injury, and malfunction information. Medical Device Reports (MDR s) may require the FDA to initiate corrective actions to protect public health. Therefore, compliance with Medical Device Reporting must be verified to ensure that the Center for Devices and Radiological Health s (CDRH) Surveillance Program receives both timely and accurate information. The Corrections and Removals (CAR) Regulation requires medical device manufacturers and importers to promptly notify the FDA of any correction or removal initiated to reduce a risk to health. This early notification improves the FDA s ability to respond to public health crises. The Medical Device Tracking Regulation ensures that manufacturers and importers of certain medical devices can expeditiously locate and remove these devices from the market and/or notify patients of significant device problems. What is the implication/ benefit? The production and process control subsystem (including sterilization process controls) manufactures products to meet specifications. Developing processes to produce devices that meet specifications, validating (or fully verifying the results of) those processes, and monitoring and controlling the processes are the mechanisms that help manufacturers meet device specifications e.g., Sterility Assurance Level (SAL) or endotoxin levels. Europe s governing body, the International Organization for Standardization (ISO), equivalent to the FDA in the U.S., has the standard ISO 13485 for internal auditing. This standard is used to obtain a CE mark for the marketing and distribution of devices in the European Economic Area (EEA). ISO 13485 is defined as the process standard of requirements relating to design controls, process controls (including environmental controls), special processes, traceability, record retention, and regulatory actions that incorporates medical device quality systems and supplements ISO 9001. ISO requires a compliant quality system and for manufacturers to comply with all relevant product and service oriented technical standards and regulations. ISO 13485 certification must be obtained and issued to companies that manufacture private label medical devices desiring to market and distribute in the European Economic Area (EEA) when referring to the CE marking. Consultants who design, manufacture, and assemble medical and in-vitro diagnostic (IVD) medical devices as well as manufacturers of IVD medical devices preparing for future IVD regulatory obligations to enter the EEA must also gain certification. An effective audit program according to ISO 13485 is conducted once a year and has five (5) objectives: www.spartasystems.com 3

1. Provide auditor with scope and objectives of the audit (e.g., subjects, departments, locations, products, areas, processes.) 2. Specify authorities and responsible parties participating in the audit (e.g., employees, management representatives, technical experts) 3. Detail the resources required for the audit (e.g., meeting rooms, records, production lines) 4. Description of topics and issues to be audited and discussed 5. Indicate scheduled timeframes for the different audit stages. As part of the audit program, there is an audit plan whose purpose is to direct the auditor through specific areas, topics, and issues that must be audited, and to specify tests that need to be done in order to evaluate the situation. Typically, there is a general audit plan and a specific audit plan. The general one refers to all organizational units and asks for an evaluation of the performance of procedures and work instructions, quality procedures, and sampling processes that are applicable to the entire organization. The specific plan is individual to the organizational unit and refers to that unit s related processes, the unit s interrelations with other organizational units, and the applicable criteria and quality requirements. ISO 13485 requires quality plans, for medical device specifically, to be audited so that the device performs as planned. ISO audit requirements for documentation include customer complaints, purchasing information, CAPA and training throughout the entire organizational units involved with product realization. Other audit topics covered through ISO 13485 are identification and implementation of international, national, or local regulations, processes and procedures, quality objectives and quality management systems effectiveness. The three elements of an audit plan are the purpose, the topics and issues, and the methods. Criteria defined by the manufacturer are used as a method of evaluation and refers to products, parts, components as well as realization processes and conditions. Criteria examples include working instructions, test instructions and procedures, drawing and specifications, quality plans, standards and technical specifications, regulations and directives and documented customer requirements. The auditor collects evidence and records the findings that are then compared to predefined criteria and indicates conformity where sampled process or product meets the assigned criteria. Other findings as part of the audit are opportunity for improvement (OFI), nonconformity where sampled process or product does not meet the criteria and other classifications can be added by the manufacturer to further suit specific nature or processes. The closing report is a summary report that includes all the information, data, findings, nonconformities, and OFIs, and processes. The main goal is to provide the organization with a status report regarding the quality management system and for follow up during the next audit and to ensure commitment for closure of the identified nonconformities. The report is generated typically for top management and specifies participants, scope of the audit/auditee/or functional units that were audited, audit objectives, general details and information supporting the findings, audit findings that were sampled or observed, reference to prior audits and findings, recommendations and nonconformities discovered during the audit. www.spartasystems.com 4

The critical elements for an effective internal audit need to be relevant to the product and/or process, comprehensive, and have well-integrated, risk-based principles throughout the product s life cycle. They are essential to satisfy requirements for U.S. FDA current Good Manufacturing Practices (cgmp) and 21 CFR Part 820 Quality System Regulations or other international standards. Secondly, comprehensive internal audits should also be prioritized by primarily focusing on those device facilities/manufacturing areas targeted most by regulators and that are most impacted by CAPA, P&PC, Design Controls, and Management Controls as previously described. A best practice approach for audits is when upper management is responsible to ensure and verify when audits are conducted and that they are completed according to the program and plan. They need to review and evaluate the results and verify that all nonconformities found in the audit are closed. There are basic rules that need to be followed in order to perform an effective internal audit. The audit should be conducted by individuals not having responsibility for matters being audited. When dealing with one-person or very small manufacturing facilities, requiring an external auditor may be impractical or overly burdensome in which case, self-audit is acceptable and the auditor doesn t need to be independent. If a device manufacturer is generating significant FDA-483 observations due to unidentified deficiencies by the auditor while independent audits are being performed, an observation of the lack of adequate audits would be received. Lastly, although FDA access to a firm s audit results is prohibited by CPG 7151.02 (CPG Manual subchapter 130.300). Quality System/GMP regulations allow reviews of supplier audit reports and management reviews including supporting procedures and documents for Purchasing Controls as per 21 CFR 820.50 and Management Reviews as per 21 CFR 820.20(3)(c), and 21 CFR 920.22 Quality Audit, are subject to FDA inspection. An internal audit should address the following questions for a process audit: Plan: What do we want to accomplish? Do: Are we implementing our plans? Check: Do we evaluate our progress? Act: Do we take action based on the results? Sampling: Take the appropriate amount. If no issues are found, take minimum samples and only taking more samples when necessary to enable clear and complete reporting Improving audit methodologies: There are different ways to source information to find and collect evidence for evaluating a compliance degree. Ways like interviews with employees and Subject Matter Experts (SME s), documents (e.g. policies, objectives, plans, SOPs, drawings, licenses), observations of activities and surrounding work and environment conditions. Additional data that should be leveraged includes records (e.g. inspection records, meeting minutes, monitoring records), data summaries, analyses and performance indicators. It s important to have information on auditee s sampling programs and procedures for control of sampling and measurement process along with reports from other sources (e.g., customer feedback, supplier ratings) and computerized databases and web sites. When gathering information for your internal audit, stay focused. Both parties need to agree on the facts and remain objective. It s important to select samples randomly. As audit results get compiled, the data should be understandable by auditee and traceable for future follow-up progress which involves accurate reporting of the issues and evidence, audit criteria and the finding category. www.spartasystems.com 5

The ineffectiveness of internal audits may be found from deficiencies observed in complaint files, change control and/or calibration, or other problems in quality systems. If significant quality system problems continue both prior to and following the company s last self-audit, the company needs to reassess their written audit procedures. The audit procedures should cover each quality system, and should be specific to enable the person conducting the audit to perform an adequate audit. An experienced trained auditor should be competent in how the audits are performed, including knowledge of what documents are examined, and how long audits take. Upper management needs to be notified and follow-up corrective actions need to be prioritized. Failures to implement follow-up corrective actions, including re-audits of deficient matters may also be listed as GMP deficiency on the FDA-483. NOTE: Re-audits of deficient matters are not always required, but where one is indicated, it must be conducted. The re-audit report should verify that the recommended corrective action(s) were implemented and effective. As previously mentioned, a risk-based approach when time and resources are limited ensures greater coverage and consistent, transparent oversight to effective quality system management across global sites. This approach saves valuable time and effort by prioritizing manufacturing areas or sites with the most observed deficiencies based on compliance history (e.g., FDA-483 observations or open actions from prior audits), those experiencing the greatest level of change (e.g., changes in equipment, resources, processes), or maturity in the organization (e.g., recent site or production process acquisitions). There are advantages to internal audits from a compliance and operational standpoint. Some benefits of regular internal audits of quality management systems from a compliance perspective are protecting the manufacturer against issues that would be found by regulators and providing confidence in the effectiveness of management systems which result in a higher percentage of quality products that conform to specifications and consumer need. It s important to note the advantages of regular internal audits from an operational perspective which highlights opportunities for product or process improvements, exposes activities that produce waste and helps companies focus on strategic cost savings plans in streamlining operations. Lastly, a company s internal audit program can significantly improve its compliance standing and product quality if in-depth assessments of post-market information are included on distributed devices such as recalls, MDRs, corrections and removals, significant changes in device specifications or manufacturing specifications, follow-ups on FDA-483 observation(s) and related CAPAs, and previous Establishment Inspection Reports (EIRs). This program helps the company proactively address existing or potential quality deficiencies ahead of inspection and avoid costly remediation efforts. References: The Code of Federal Regulations (CFR) Part 820 Medical Device cgmp regulations: www.fda.gov Quality Systems Inspection Technique (QSIT) Manual: www.fda.gov International Organization of Standardization (ISO) 13485 International Organization of Standardization (ISO) 14971 www.spartasystems.com 6

Founded in 1994, Sparta Systems is the world s premier provider of cloud and on-premise quality management software. We offer the solutions, analytics, and expertise that speed up quality and compliance. Companies in life sciences, consumer products, discrete manufacturing and more, rely on Sparta. Learn why at www.spartasystems.com www.spartasystems.com 1.888.261.5948 1.609.807.5100 http://blog. sales@spartasystems.com www.spartasystems.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback