Is my company responsible for enforcing good documentation practices on supplier COA?

[Javier Guan]

Case: During a QMS audit, the auditor found a supplier COA supplier signed but no approval date. This finding triggered an observation because the company should have requested the supplier to reissue the COA with a dated signature, not just a signature. Assuming both companies are ISO9000 certified and as part of supplier monitoring requirements, is the client company responsible for enforcing good documentation practices on external documents like this COA? Thank you, Javier

 

[Ed Panek]

A customer can require a signature and date on documentation as part of a specification. What severity was the finding?

 

[Javier Guan]

Thank you @Ed Panek. The company accepted the COA with no release date, just tests, and a signature, but no clue when these tests were approved or released. The FDA refers in several paragraphs (Guidance for industry GMP) that a dated signature is one of the seven elements of a valid COA. Is it critical? Maybe not, but I consider the observation reasonable. Thoughts?

 

[Miner]

If for no other reason you want the date to ensure the supplier is not sending the same COA with each shipment. We caught a supplier doing that.

 

[Bev D]

A date provides ‘objective evidence’ to you that the test was done around the time of the creation of the batch(es) of material sent. Of course they can fake that. Does the supplier have internal records linking the analysis to the batch of material? Are you audited by the FDA? A date is good practice and is in the guidance documents.

Since you are the recipient of the COA - and you accepted it - you should contact the supplier to determine if this was an oversight or intentional. A discussion is a reasonable thing for you to do.

 

[Javier Guan]

Thank you all!