The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
Trusting ISO 13485 Certification of a Supplier... A Sad Story
UL - Underwriters Laboratories - Health Sciences
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Trusting ISO 13485 Certification of a Supplier... A Sad Story
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Trusting ISO 13485 Certification of a Supplier... A Sad Story - Page 3


Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links




Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags
fda (food and drug administration), fda form 483 or warning letter, iso 13485 - medical device qms, medical device company or industry
Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 2 votes, 5.00 average. Display Modes
  Post Number #17  
Old 8th September 2011, 05:12 PM
MIREGMGR

 
 
Total Posts: 3,685
Re: Trust of ISO13485 Certification... A Sad Story

Quote:
In Reply to Parent Post by BradM View Post

This thing kind of scares me. How could a company be making direct product-contact material, with essentially no sterility checks of any kind?
In fairness, the text of the Warning Letter doesn't preclude that the subject company was having some sterility checking done...just not every batch, and without comprehensive record keeping. The batch the FDA cited was one for which no test was done and/or no records were created, but it's possible that they weren't all handled that way.

As to the contaminated product in the field, it's conceivable that a bacterial colonization of their production system occurred immediately prior to the FDA inspection, rather than being a long-standing condition.

Of course, neither of these interpretations would be a cautious construction of the possible scenarios that might explain what the FDA determined.
Thank You to MIREGMGR for your informative Post and/or Attachment!

Sponsored Links
  Post Number #18  
Old 9th September 2011, 02:28 PM
markl368

 
 
Total Posts: 25
Re: Trusting ISO13485 Certification of a supplier... A Sad Story

Just so everyone is aware of what is available from FDA...establishment inspection reports (EIRs) are available under FOIA regulations, but you have to follow specific procedures to get the reports. Even if a 483 (notice of adverse finding) is written against the company, you have to go through FOIA procedures to receive the EIR. Warning letters, however, are letters based on very serious findings OR the failure to adequately address 483 findings. These warning letters are published on the FDA website.

So, just because someone had some 483 findings from an inspection, if they take it seriously and address the issue in a timely and effective manner, they will not have a warning letter posted for all to see.
Thank You to markl368 for your informative Post and/or Attachment!
Sponsored Links

  Post Number #19  
Old 10th September 2011, 11:40 AM
Sidney Vianna's Avatar
Sidney Vianna

 
 
Total Posts: 8,807
Re: Trust of ISO13485 Certification... A Sad Story

Quote:
In Reply to Parent Post by MIREGMGR View Post

I've emailed Orion. After their response or a suitable time, I'll inquire similarly of the AB if necessary.

Responses will be shared here.
Be aware of a new IAF Mandatory Document:
IAF MD 9 :2011 Application of ISO/IEC 17021 in Medical Device Quality Management Systems (ISO 13485)
(Issue 1 Version 2, issued on 15 July 2011)
Sets out the general requirements for bodies operating audit and certification of organizations' Quality Management Systems in accordance with ISO 13485.

This document is not in force yet; application is mandatory from July 15, 2012, forward. However, a couple of aspects that are relevant to your concern expressed in this thread:
Quote:
4.4 Responsibility
MD.4.4.1
ISO 13485 requires the organization to comply with the statutory and regulatory requirements applicable to the safety and performance of the medical devices.
The maintenance and evaluation of legal compliance is the responsibility of the client organization. The CAB is responsible for verifying that the client organization has evaluated statutory and regulatory compliance and can show that appropriate action has been taken in cases of non-compliance with relevant legislation and regulations, including the notification to the Regulatory Authority of any incidences that require reporting.
Quote:
9.3.2 Surveillance audit
MD 9.3.2.1
In addition to requirements of Clause 9.3.2.1, the surveillance programme shall include a review of actions taken for notification of adverse events, advisory notices, and recalls.
Quote:
9.5.2 Short-notice audits
MD 9.5.2
Short notice audits may be required when:
a) external factors apply such as:
i) available post-market surveillance data known to the CAB on the subject devices indicate a possible significant deficiency in the quality management system
ii) significant safety related information becoming known to the CAB
An unannounced or short-notice audit may also be necessary if the CAB has justifiable concerns about implementation of corrective actions or compliance with standard and regulatory requirements.
Besides that, the supplier in case is also ISO 9001 certified. ANAB mandates that all CB's educate their workforce, including assessors, in the Expected Outcomes of Accredited ISO 9001 Certification document.
Attached Files: 1. Scan for viruses before opening, 2. Please report any 'bad' files by Reporting this post, 3. Use at your Own Risk.
File Type: pdf Application_of_ISO_17021_in_MD_QMS_Issue_1v2_Pub.pdf (259.0 KB, 51 views)

Last edited by Sidney Vianna; 30th June 2014 at 03:10 PM. Reason: I added the last link from the ANAB website
Thank You to Sidney Vianna for your informative Post and/or Attachment!
  Post Number #20  
Old 11th September 2011, 04:26 AM
Wes Bucey's Avatar
Wes Bucey

 
 
Total Posts: 11,075
Re: Trusting ISO 13485 Certification of a supplier... A Sad Story

Quote:
In Reply to Parent Post by Sidney Vianna View Post

What about keeping the CB responsible for the supplier ISO 13485 certificate accountable? I went to the supplier website and see they have an RvA accredited ISO 13485 certificate. If you were willing to use the certificate as a means of confidence in the supplier and now you feel that the certificate can not be trusted anymore, are you going to let the CB off the hook that easily? By the way, this is the same CB that was "disqualified" from the Canadian CMDCAS program 6 years ago.

It is disheartening when people make broad-brush generalizations about confidence in management system certificates. A few of us, CB's, want to be accountable to the users of our certificates. But if the users don't keep the CB's and AB's accountable to the need to provide confidence via accredited certification, they are just rewarding the certificate-mills, less than serious CB's.

Casting shadows over the whole industry without exercising the process does not add to the solution.

As my Cove signature says, sustainable conformity assessment adds value to all stakeholders. If a stakeholder feels "cheated" (like you, in this case), you need to voice your concern, as pointless as it might seem to you now. Otherwise, where is the hope that the CB's will be pressed into only certifying deserving systems?

Let's think, for a second, what will happen if you decide to stop recognizing management system certificates from your suppliers. What will be the business impact to you? Apparently, based on what you stated, you would have to send representatives to audit your suppliers. Can you afford to do that? Do you have competent QMS auditors to assess your supplier base? How often are you going to repeat the process?

It is time for people to realize that not all ISO management system certificates carry the the same credibility. That's exactly why I created the Should customers influence a supplier's registrar selection? thread.
I understand and sympathize with Sidney's frustration. It certainly isn't fair to have an ostensible competitor take shortcuts which take potential business, but even worse that the repercussions of those shortcuts result in a taint of your industry so that even the straight arrows who do everything by the book are forced to admit there are bad apples and their stench can start a rot in the entire registrar industry.

Quote:
In Reply to Parent Post by Sidney Vianna View Post

Going over the 10 items in the FDA warning letter, I don't see anything there that is not covered under ISO 13485. So, if there is a problem, it lies with the CONFORMITY ASSESSMENT (also known as certification) process.

This process will only work well if all stakeholders keep the parties accountable. For example, in this case, it is very possible that the CB themselves and RvA are unaware of this warning letter. Until someone brings this issue up to them and ask: we will have no idea how serious they are.
You, as a customer of the certified supplier and DIRECT user of the certificate (until the day before yesterday) are in a very good position to ask this question to the CB and the AB.
Yep. it's all very well and good to say we folks who rely on certificates of registration to relieve our organizations of the cost of individual supplier assessments "should" follow through on the report and complaint process, but pragmatism reigns and the money men at the top of the organization are hard put to justify the delay and cost when no immediate amelioration of the problem is forthcoming. How does the aggrieved organization deal while the report and investigation drag on? What if the result comes back, "This was not a systemic problem with the certifying body, but merely an individual 'slip' beyond the scope of the CB's audit."?

The situation described in the OP of this thread is one of the major factors FDA has thus far refused to sign on to the "harmonization" of ISO 13485; it also makes sense that much more attention needs to be paid to contract clauses with suppliers, requiring copies of audit reports (with details of N/C, if any) from CBs and regulators in a due and timely manner.
Quote:
This process will only work well if all stakeholders keep the parties accountable. For example, in this case, it is very possible that the CB themselves and RvA are unaware of this warning letter.
Similarly, CBs and ABs probably need more reporting rigor when such events occur. It is absolutely unacceptable for any CB to be unaware of an adverse report from FDA or any regulatory body. Organizations holding certificates cannot be allowed to sweep adverse reports under the rug and hide them from both registrar and customer. Do the CB's subscribe to the FDA reports? Do they require their certificate holders to notify them when even the reports that can only be retrieved via an FOIA are issued by a regulatory body?

Similarly, customers dealing with suppliers of products which can contain hidden factors [not capable of being detected in ordinary incoming inspection, but only through destructive testing] which would affect life, health, or safety of users may need to implement programs of segregating samples from random shipments and subjecting them to destructive testing. It seems to me that many of the instances I read about where products are contaminated with disease-causing organisms involve companies which previously had pristine safety records. However, in the weeks or months leading up to the discovery of the contamination, those suppliers exhibited signals (shoddy paperwork, slow or non-existent response to queries or complaints, late shipments, etc.) that all was not right with the supplier. Some customers, once burned by a bad supplier, become much more alert to those signals, triggering deeper investigation, escalated to a higher level than some assistant purchasing agent, into the root cause behind the changes.

(In my own experience, I was burned by a supplier who had a big turnover in employees so that we seemed to be dealing with a new person whenever we talked or exchanged correspondence. The big surprise came when we learned the owner had died, but his widow kept the knowledge secret from customers as she frantically tried to milk money out of the company. Employees who had been loyal to the owner were mistreated and left the company, but were threatened with unspecified harm if they told the "secret." We ended up having to trash $20,000 in parts which had been damaged in contaminated plating solutions. The company was bankrupt so we never recovered the loss. In hindsight, the signals were all there that we should have made an on-site investigation in the two months leading up to our loss.)

Quote:
In Reply to Parent Post by MIREGMGR View Post

I've emailed Orion. After their response or a suitable time, I'll inquire similarly of the AB if necessary.

Responses will be shared here.
Thanks for caring enough!

Quote:
In Reply to Parent Post by Bev D View Post

exactly. the fda should also be investigating all certifying bodies for this organization. The WHOLE point of this proliferation of "TLA-XXXX whatever" standards over the last two+ decades was to get Customers out of the business of auditing their suppliers as it is a collosal expense for both parties.

I'm not saying throw the baby out with the bath water - I'm saying let's make all of our third party auditors accountable, professional and valuable.
OK, but exactly WHAT would the regulatory body investigate? What signals would trigger action by the regulatory body?

Quote:
In Reply to Parent Post by markl368 View Post

Just so everyone is aware of what is available from FDA...establishment inspection reports (EIRs) are available under FOIA regulations, but you have to follow specific procedures to get the reports. Even if a 483 (notice of adverse finding) is written against the company, you have to go through FOIA procedures to receive the EIR. Warning letters, however, are letters based on very serious findings OR the failure to adequately address 483 findings. These warning letters are published on the FDA website.

So, just because someone had some 483 findings from an inspection, if they take it seriously and address the issue in a timely and effective manner, they will not have a warning letter posted for all to see.
Yes. In general, I agree with the premise that one or two minor complaints should not lead to public reports which could trigger a panicked exodus by customers, plunging the regulated company into bankruptcy. The question arises about the level of nonconformance which should trigger such a public report. Should it be triggered by implementing a very short response deadline, which, when passed without resolution, means public exposure? Are customers willing to agree to the net cost of regulatory bodies hiring more competent investigators to implement the heightened regulatory activity? (The net cost comes from higher fees paid by regulated companies passed on to customers.)
Thanks to Wes Bucey for your informative Post and/or Attachment!
  Post Number #21  
Old 11th September 2011, 02:18 PM
Sidney Vianna's Avatar
Sidney Vianna

 
 
Total Posts: 8,807
Exclamation Re: Trusting ISO 13485 Certification of a supplier... A Sad Story

Quote:
In Reply to Parent Post by Wes Bucey View Post

Yep. it's all very well and good to say we folks who rely on certificates of registration to relieve our organizations of the cost of individual supplier assessments "should" follow through on the report and complaint process, but pragmatism reigns and the money men at the top of the organization are hard put to justify the delay and cost when no immediate amelioration of the problem is forthcoming. How does the aggrieved organization deal while the report and investigation drag on? What if the result comes back, "This was not a systemic problem with the certifying body, but merely an individual 'slip' beyond the scope of the CB's audit."?
Therein lies the WHOLE PROBLEM WITH THE ACCREDITED MANAGEMENT SYSTEM CERTIFICATION (MSC) sector. Most organizations want THE BENEFIT of supplier certificates, so they don't incur in onerous, repetitive, redundant audits of their suppliers, deciding, instead, to rely on a certificate as a means to keep the certified supplier in their approved supplier list. But when the supplier and/or their respective CB's show they don't deserve their trust, nothing of significance is done, other than (potentially) disqualifying the supplier. So, irresponsible CB's, without being forced to deliver confidence, are left free to grow their business.

Reliance on management systems certificates as a component of supplier monitoring and oversight REQUIRES the users of the certificates not only to be vigilant, but also keep the parties accountable to the process. If you are unwilling to engage with CB's and AB's about their performance, you should NOT rely on supplier system certificates for ANYTHING. It is analogous to people who complain about the political system but never vote, trying to change the situation.

I think MIREGMGR is being very responsible and diligent in his approach to this situation, but he represents the exception, not the rule. Most people mandating suppliers to attain certification to management system standards are utterly ignorant about the accredited certification process.

The only thing that will force AB's and CB's to clean up their acts and remain accountable to the intent of the process is the demand (by the users of certificates) for ACCOUNTABILITY at all levels, added by transparency.
Thank You to Sidney Vianna for your informative Post and/or Attachment!
  Post Number #22  
Old 11th September 2011, 05:48 PM
Wes Bucey's Avatar
Wes Bucey

 
 
Total Posts: 11,075
Re: Trusting ISO 13485 Certification of a supplier... A Sad Story

Quote:
In Reply to Parent Post by Sidney Vianna View Post

Therein lies the WHOLE PROBLEM WITH THE ACCREDITED MANAGEMENT SYSTEM CERTIFICATION (MSC) sector. Most organizations want THE BENEFIT of supplier certificates, so they don't incur in onerous, repetitive, redundant audits of their suppliers, deciding, instead, to rely on a certificate as a means to keep the certified supplier in their approved supplier list. But when the supplier and/or their respective CB's show they don't deserve their trust, nothing of significance is done, other than (potentially) disqualifying the supplier. So, irresponsible CB's, without being forced to deliver confidence, are left free to grow their business.

Reliance on management systems certificates as a component of supplier monitoring and oversight REQUIRES the users of the certificates not only to be vigilant, but also keep the parties accountable to the process. If you are unwilling to engage with CB's and AB's about their performance, you should NOT rely on supplier system certificates for ANYTHING. It is analogous to people who complain about the political system but never vote, trying to change the situation.

I think MIREGMGR is being very responsible and diligent in his approach to this situation, but he represents the exception, not the rule. Most people mandating suppliers to attain certification to management system standards are utterly ignorant about the accredited certification process.

The only thing that will force AB's and CB's to clean up their acts and remain accountable to the intent of the process is the demand (by the users of certificates) for ACCOUNTABILITY at all levels, added by transparency.
What I wrote about the FDA applies equally to the CBs and the ABs
Yes. In general, I agree with the premise that one or two minor complaints should not lead to public reports which could trigger a panicked exodus by customers, plunging the regulated company into bankruptcy. The question arises about the level of nonconformance which should trigger such a public report. Should it be triggered by implementing a very short response deadline, which, when passed without resolution, means public exposure? Are customers willing to agree to the net cost of regulatory bodies hiring more competent investigators to implement the heightened regulatory activity? (The net cost comes from higher fees paid by regulated companies passed on to customers.)
What Sidney says about transparency of the process is imperative if we are to persuade organizations there is a benefit to reporting apparent discrepancies between certification status and actual practice of a registrant to a Standard.

If I'm John Doe, CEO of ABC Organization, I'd like to know if anybody else besides me is complaining. I'd like periodic progress reports of the status of the investigation. I'd like a very short timetable for answers from everyone up and down the line.

It is also true that relying solely on 3rd party certification prior to approving a supplier is very risky in the best of times. In a recession like our current one, however, it is tantamount to giving the keys to your new car to a drunk stranger who bumps into you at a tavern. The economic pressure of a recession tempts upper and middle managers to cut corners. I recall an infamous case in the aerospace industry where a supplier of titanium tubing decided to forgo the expense of inspection and merely duplicated the results of ONE inspection and reported it as the results of every inspection thereafter (and that was BEFORE 2008!)

So the question still remains:
How do we, as quality professionals, counsel upper management in our organizations to proceed? If we counsel redundant supplier site visits and nothing deleterious is found, we look like Chicken Little crying, "The sky is falling!"

Are there some signals we can be on the lookout for to trigger a site audit of a registered supplier?

How do we sell this to upper management without looking alarmist?

How do we justify our own existence and salary when a supplier we have approved turns traitor and "cheats?"

Should CBs be more alert and look for cues beyond the Standard "warned long in advance" audit?

Should a CB have a duty to alert end customers and users when the CB discovers one (or more) of its auditors has been "less than rigorous" in auditing certain companies, whether from incompetence, laziness, or collusion with the organization being audited?

Yes, Sidney, TRANSPARENCY of the process is key to protecting the system against total anarchy.
Thanks to Wes Bucey for your informative Post and/or Attachment!
  Post Number #23  
Old 11th September 2011, 06:53 PM
Ronen E

 
 
Total Posts: 3,388
Re: Trusting ISO 13485 Certification of a supplier... A Sad Story

Without diminishing the accountability argument () -

2 notes:

Quote:
In Reply to Parent Post by Wes Bucey View Post

So the question still remains:
How do we, as quality professionals, counsel upper management in our organizations to proceed? If we counsel redundant supplier site visits and nothing deleterious is found, we look like Chicken Little crying, "The sky is falling!"
That is always the issue with risk management and risk mitigation. If you succeed (i.e. harm prevented) someone could always claim that the risk wasn't real or wasn't as high, and the mitigation resources were a waste; while YOU could argue that in fact the risk was well identified and well mitigated and therefore the allocation was justified. Who's right? In most cases it's not a clear call

Quote:
In Reply to Parent Post by Wes Bucey View Post

It is also true that relying solely on 3rd party certification prior to approving a supplier is very risky in the best of times. In a recession like our current one, however, it is tantamount to giving the keys to your new car to a drunk stranger who bumps into you at a tavern.
When validation is too costly / too complicated - verify.
When you can't count on certification (or any other "across the board" means) to get confidence - go back to the basics and look at what you get.
In recession times, the linear concept of "more is better" must be replaced with wits. Concerned about a supplier's performance? Pay them an unannounced (or minimally announced) visit, and see how they react. It doesn't have to be a full scale audit. When things run by the book (I mean, really) nobody has a reason to hide anything. Too blunt for in your culture? Run a random sampling on that other incoming lot and send for 3rd party analysis, after having your own risk analysis (so you know what to focus on). Heck, if I were buying contact gel for my device, I wanted to know exactly what's in there - be it viable matter or not.

Ronen.
Thank You to Ronen E for your informative Post and/or Attachment!
  Post Number #24  
Old 12th September 2011, 05:49 AM
sonflowerinwales's Avatar
sonflowerinwales

 
 
Total Posts: 175
Re: Trusting ISO 13485 Certification of a supplier... A Sad Story

Thanks for this post. It's confirmed what I've been thinking for several months. We "approve" suppliers by telecon/vendor form. I've been trying to get all our suppliers visited, just to judge their apporoach to the work ethic etc.

But I'm getting lots of resistance from the senior management......

Regards
Paul
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Certification services for ISO 13485, CMDCAS 13485, and CE Markings sabrina.qa Canada Medical Device Regulations 18 10th June 2016 09:46 AM
Trusting Gage Manufacturer Calibration Certifications Michael_M General Measurement Device and Calibration Topics 3 13th March 2014 11:25 AM
ISO 13485 vs FDA Requirement question about when ISO 13485 Certification is Required rvanelli ISO 13485:2016 - Medical Device Quality Management Systems 4 15th January 2014 03:05 PM
Supplier Certification for ISO 13485 danush ISO 13485:2016 - Medical Device Quality Management Systems 7 2nd April 2012 06:15 PM
What is a QC story? How to prepare a QC Story? dnarendran Quality Tools, Improvement and Analysis 3 30th September 2008 07:49 AM



The time now is 02:54 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


 
 
 


NOTE: This forum uses "Cookies"