One of our customers has requested that I come and "pre-audit" their company prior to their annual 3rd party FDA audit. In going over the standard I see it is very much in line with ISO9001:2000. Is there anything I should be aware of that an auditor working to Part 820 will be looking for? As of right now I plan on using my ISO internal audit checklist and will start with a review of their last year audit and move on to their internal audits. This is a small company with only a couple of highly skilled employees so I won't be concentrating much on training. I will however check on documentation and traceability as these have been a problem in the past. Any advice would be greatly appreciated.

Doug

One of our customers has requested that I come and "pre-audit" their company prior to their annual 3rd party FDA audit. In going over the standard I see it is very much in line with ISO9001:2000. Is there anything I should be aware of that an auditor working to Part 820 will be looking for? As of right now I plan on using my ISO internal audit checklist and will start with a review of their last year audit and move on to their internal audits. This is a small company with only a couple of highly skilled employees so I won't be concentrating much on training. I will however check on documentation and traceability as these have been a problem in the past. Any advice would be greatly appreciated.

Doug21cfr820 is more proscriptive. You would be doing your client a disservice, if you do the audit without having some experience with it.
Look at Rate your FDA Audit Experience (http://elsmar.com/Forums/showthread.php?t=9057) for some tips.

One of our customers has requested that I come and "pre-audit" their company prior to their annual 3rd party FDA audit. In going over the standard I see it is very much in line with ISO9001:2000. Is there anything I should be aware of that an auditor working to Part 820 will be looking for? As of right now I plan on using my ISO internal audit checklist and will start with a review of their last year audit and move on to their internal audits. This is a small company with only a couple of highly skilled employees so I won't be concentrating much on training. I will however check on documentation and traceability as these have been a problem in the past. Any advice would be greatly appreciated.

Doug

Hi Doug,

Instead of using ISO 9001, use ISO 13485 which is the most appropriate to be compared to 21 CFR Part 820.

You can see many threads under ISO 13485 http://elsmar.com/Forums/forumdisplay.php?f=44 which gives similarities between these 2 standards.

All the Best :)

Thank you, thank you. Al, This customer manufactures one item and that is a light used in dentists offices. Their entire operation is a model of efficiency and organization. For some reason their FDA auditor told them that he wanted to see an audit ("any audit") other than an internal audit on his next visit. The reason I decided to go with ISO is that this customer has has expressed an interest in obtaining ISO 9001:2000 certification. In my opinion they would pass easily the first time. Thanks again for your input. You have given me much reading and steered me in a good direction.

Doug

Doug,
Also remember that ISO registration is voluntary, and that 21 CFR 820 is Federal Law.

Phil

ISO TR 14969 provides excellent guidance on the application of ISO 13485.

I do not believe FDA usually conducts annual audits of facilities, as stated in your opening post.

ISO TR 14969 provides excellent guidance on the application of ISO 13485.

I do not believe FDA usually conducts annual audits of facilities, as stated in your opening post.

Doug, My error- I ASSumed it was annual like we do our ISO. :o

Doug

You can request a 3rd party audit (http://www.fda.gov/cdrh/ap-inspection/index.html) to FDA requirements. BTW, the audit would cover more than 21cfr820. Don't forget parts 803 & 806.

Hi. I was a level II certified international medical device investigator for the FDA for over 21 years and now a contract international medical device consultant.

First of all, I want to caution everyone- auditors & manufacturers alike regarding ISO et al standards + FDA laws and regulations. Just because a facility is ISO certified and has passed an ISO audit, it does not mean that it will pass an FDA level I/III QSR inspection.

Even though there are similarities between the ISO/ANSI/AAMI, et al standards (voluntary as far as FDA is concerned) and FDA regulations (21 CFR 803, 806, 820, 821), the differences are the key (such as regarding design controls, CAPA, and process validation).

I suggest everyone read "The FDA and Worldwide Quality System Requirements Guidebook for Medical Devices" by Kim Trautman. She is a CDRH QSR expert. This book is an ASQ publication. This book compares and contrasts 21 CFR 820 against ANSI/ISO/ASQC Q9001-1994 and ISO/DIS 13485: April 1996 (old standards).

Secondly, audit checklists are good audit ticklers but should not be used as the primary means of conducting an internal audit. This is because these checklists are general and may not conform to the inner workings of the firm. Plus, the auditor may miss things that FDA will undercover. :bonk:

What I do as a consultant, is conduct mock FDA audits- just like an actual FDA investigator would. Not only does this prepare the firm for the upcoming FDA audit (i.e. no surprises), it also prepares them administratively as well. However, unlike FDA, I also wear my consulting hat, giving them corrective and preventive actions as well. :)

I am just returning from a 1 week AAMI training seminar, subject: Quality System Requirements & Industry Practices (CFR 21 Part 820). The Association for the Advancement of Medical Instrumentation (AAMI) sponsored the training, the FDA was also present to give their view/interpretation of the regulations. Kim Trautman was the FDA expert that was present. Kim is very well versed in the regulations, and is very aware of the industry practices.
For anyone that it struggling with the ISO/FDA issues, I would highly suggest AAMI training. Taking a course such as this will also satisfy training requirement is audited by the FDA.

Phil

One of our customers has requested that I come and "pre-audit" their company prior to their annual 3rd party FDA audit. In going over the standard I see it is very much in line with ISO9001:2000. Is there anything I should be aware of that an auditor working to Part 820 will be looking for? As of right now I plan on using my ISO internal audit checklist and will start with a review of their last year audit and move on to their internal audits. This is a small company with only a couple of highly skilled employees so I won't be concentrating much on training. I will however check on documentation and traceability as these have been a problem in the past. Any advice would be greatly appreciated.

Doug

Doug-

There are differences between FDA's QSR, MDR, et al regs and ISO 9001.

If you do not have it, I recommend Kim Trautman's QSR book (The FDA and Worldwide Quality System Requirements for Medical Devices) and her QSR videos. The book is an ASQ book. The videos you can request from FDA's DSMA. These references note the differences between the QSR and ISO/AAMI/ANSI. (This is just one reference. There are others.)

FYI- I as an ex FDA investigator and now as a consultant have observed that even though a company has passed an ISO audit, that this does not guarantee that an FDA type audit will note a pass too.

FDA's QSR & QSIT manuals, IOM, and C/P 7382.845 can also help as auditing aids.

http://www.fda.gov/cdrh/devadvice/
http://www.fda.gov/ora/
http://www.fda.gov/ora/cpgm/default.htm

Remember, FDA does not only cover 21 CFR 820, but other regulations as well (such as 21 CFR 7, 11, 803, 806, 807, 809, 812, 814, and 821) + info contained in the FD&C Act (and other laws).

:)Hi,
A few points:
1) There may have been a miscommunication regarding FDA preference to see an external audit during their next inspection. 21 CFR Part 820 has no such requirement. Medical device manufacturers must audit their quality system per an established procedure. FDA cannot mandate that it be outsourced. Furthermore, FDA is not privy to quality system audit records--they are considered "off-limits" during a routine FDA inspection.
2) 21 CFR Part 820, 803 etc. and ISO 13485:2003 are quite similar but the outcomes for non-compliance can be quite different. I totally agree with previous posts--you are not doing your customer any favors if you are not qualified to audit them against the regulation or the standard. Unless you are up to speed on requirements in the medical device industry you may want to pass on this.

:)Hi,
A few points:
1) There may have been a miscommunication regarding FDA preference to see an external audit during their next inspection. 21 CFR Part 820 has no such requirement. Medical device manufacturers must audit their quality system per an established procedure. FDA cannot mandate that it be outsourced. Furthermore, FDA is not privy to quality system audit records--they are considered "off-limits" during a routine FDA inspection.
2) 21 CFR Part 820, 803 etc. and ISO 13485:2003 are quite similar but the outcomes for non-compliance can be quite different. I totally agree with previous posts--you are not doing your customer any favors if you are not qualified to audit them against the regulation or the standard. Unless you are up to speed on requirements in the medical device industry you may want to pass on this.

Good points and welcome to the Cove!

Hi Redsoxrule,

Welcome to the Cove :bigwave:

I echo Doug comments