FDA Audit Documentation - Recently released FDA Warning Letter

A

alex.Kennedy

A recently released FDA Warning Letter portrays a tighter interpretation of 21 CFR part 820.50, in so much as they expect to be able to review documented record for items a) to d) below. It must also be understood that other branches of the FDA (Drugs & Bio) have ascertained that when 21 CFR 211 lacks detail; they will audit to detail in 21 CFR 820 (if any).

Although the wording used in a) & b) would definitely identify them as applicable to medical devices parts; c) & d) are not. Also the fact that they mention in b) & c); that these requirements are applicable to - contractors and services rendered. This for many companies will be very disconcerting.

Extract from warning letter:

a) Your firm has not documented the evaluation and approval of suppliers of components used in the manufacture or assembly of the xxxxx xxx xxxx measurement device.

b) Your firm does not have a documented agreement with any component suppliers or contractors to notify it of changes made in the components supplied or services rendered.

c) Your firm has not established the requirements that must be met by suppliers and contractors.

d) Your firm does not maintain an approved suppliers list.
Precise extraction from WL CMS Case #175552

Alex Kennedy
 
M

MIREGMGR

Re: FDA Audit Documentation

Our understanding since 1996, at least in regard to matters that might be subject to FDA inspection, has been "if it's not documented, it didn't happen".
 

sagai

Quite Involved in Discussions
Thank you Alex for sharing, it is really a good way to collect impressions and thoughts!
Regards, Szabolcs
 

sagai

Quite Involved in Discussions
Re: FDA Audit Documentation

what is the minimal criteria for "documented"? :frust:
:bigwave:
 

Wes Bucey

Prophet of Profit
Re: FDA Audit Documentation

Our understanding since 1996, at least in regard to matters that might be subject to FDA inspection, has been "if it's not documented, it didn't happen".

what is the minimal criteria for "documented"? :frust:
:bigwave:
In my mind [and practice], "documentation" means you have

  1. a written plan for an activity
  2. a record (hard copy or electronic) of the activity being performed
  3. periodic evaluation (recorded) of the activity record to compare against the plan (audit and management review?)
  4. record of the action or non action taken after the evaluation (this presupposes management makes due and timely communication to concerned parties, including regulators)
 

Ronen E

Problem Solver
Moderator
A recently released FDA Warning Letter portrays a tighter interpretation of 21 CFR part 820.50, in so much as they expect to be able to review documented record for items a) to d) below. It must also be understood that other branches of the FDA (Drugs & Bio) have ascertained that when 21 CFR 211 lacks detail; they will audit to detail in 21 CFR 820 (if any).

Although the wording used in a) & b) would definitely identify them as applicable to medical devices parts; c) & d) are not. Also the fact that they mention in b) & c); that these requirements are applicable to - contractors and services rendered. This for many companies will be very disconcerting.

Extract from warning letter:

a) Your firm has not documented the evaluation and approval of suppliers of components used in the manufacture or assembly of the xxxxx xxx xxxx measurement device.

b) Your firm does not have a documented agreement with any component suppliers or contractors to notify it of changes made in the components supplied or services rendered.

c) Your firm has not established the requirements that must be met by suppliers and contractors.

d) Your firm does not maintain an approved suppliers list.
Precise extraction from WL CMS Case #175552

Alex Kennedy
validation online

Thanks for highlighting the subject; however, I think this is old news to any manufacturer following the FDA's QSR manual and/or ISO 13485.

Cheers,
Ronen.
 
A

alex.Kennedy

I appreciate the comments made by forum readers and I do agree that the universal understanding with regulators was if it was not document; it was not being done and probably never had been done.


The subtlety I was trying to highlight is that in one simple interpretation they are saying ‘audit all your suppliers’. In the past we have used all sorts of risk assessments to define which software suppliers require to be audited and which do not. Now it would appear that the terms mentioned in this interpretation; that contractors and suppliers must be made aware of the precise skills competency and resources that are required of them and that contract givers must have documented evidence that these requirements are within the suppliers capabilities; requires the contract giver to carry out some form of audit in order to establish the requisite documented evidence. How else can you officially approve a supplier.


Alex Kennedy
 
Last edited by a moderator:

Wes Bucey

Prophet of Profit
I appreciate the comments made by forum readers and I do agree that the universal understanding with regulators was if it was not document; it was not being done and probably never had been done.


The subtlety I was trying to highlight is that in one simple interpretation they are saying ‘audit all your suppliers’. In the past we have used all sorts of risk assessments to define which software suppliers require to be audited and which do not. Now it would appear that the terms mentioned in this interpretation; that contractors and suppliers must be made aware of the precise skills competency and resources that are required of them and that contract givers must have documented evidence that these requirements are within the suppliers capabilities; requires the contract giver to carry out some form of audit in order to establish the requisite documented evidence. How else can you officially approve a supplier.


Alex Kennedy
Every supplier does not require the same level or intensity of audit. The point should be that management PLANS which level of supplier gets what level of audit and then DOCUMENTS that the audit has been conducted at that level and that any and all issues arising from the audit are resolved.
 

Ronen E

Problem Solver
Moderator
I appreciate the comments made by forum readers and I do agree that the universal understanding with regulators was if it was not document; it was not being done and probably never had been done.


The subtlety I was trying to highlight is that in one simple interpretation they are saying ‘audit all your suppliers’. In the past we have used all sorts of risk assessments to define which software suppliers require to be audited and which do not. Now it would appear that the terms mentioned in this interpretation; that contractors and suppliers must be made aware of the precise skills competency and resources that are required of them and that contract givers must have documented evidence that these requirements are within the suppliers capabilities; requires the contract giver to carry out some form of audit in order to establish the requisite documented evidence. How else can you officially approve a supplier.


Alex Kennedy

I fail to see how the text you quoted (items a to d) leads to a statement that ALL suppliers are subject to the same level of scrutiny.
 

Wes Bucey

Prophet of Profit
Show me the shall!
I am not aware of any clause in either FDA or ISO 13485 which says suppliers must be aware of and/or agree to the criteria the customer uses in approving them [or rejecting them!]

Please review the concept of "mission creep." I think you are wandering into that territory.
 
Top Bottom