The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
UL - Underwriters Laboratories - Health Sciences
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > Medical Devices, Medical Information Technology, Medical Software and Health Informatics > Medical Device Related Standards > ISO 13485:2016 - Medical Device Quality Management Systems
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Trusting ISO 13485 Certification of a Supplier... A Sad Story


Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links




Courtesy Quick Links


Links that Cove visitors will find useful in your quest for knowledge:

International Standards Bodies - World Wide Standards Bodies

ASQ - American Society for Quality

International Standards Organization - ISO Standards and Information

Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC


NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags (Not all threads are Tagged)
fda (food and drug administration), fda form 483 or warning letter, iso 13485 - medical device qms, medical device company or industry
Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 2 votes, 5.00 average. Display Modes
  Post Number #1  
Old 8th September 2011, 01:58 AM
MIREGMGR

 
 
Total Posts: 3,685
I Say... Trusting ISO 13485 Certification of a Supplier... A Sad Story

This post pertains to the subject-company of this US FDA Warning Letter, who have been (but no longer will be, starting yesterday) one of our suppliers.

It's about the worst medical-device-company Warning Letter I've ever seen...even exceeding the Triad situation in a number of respects, especially finding #10.

The subject-company is a maker of ultrasound probe coupling gel, among other products. Such coupling gel is commonly provided to end users in various forms, including pre-sterilized, single-use 20ml foil packettes for ultrasound imaging in medical contexts where materials contacting the patient must be sterile.

As reported in the Warning Letter, an end-user hospital had multiple babies in a neonatal intensive care unit develop infections with pseudomonas aeruginosa. Pseudomonas infection can be lethal, especially to immuno-weak persons such as already-sick/premature infants. An investigation by the hospital revealed that their supplies of subject-company-made ultrasound probe gel in two different package sizes were contaminated with pseudomonas. The hospital filed a mandatory Medical Device Report with FDA, which apparently led to a for-cause inspection of the subject-company.

As the Warning Letter notes, apparently the subject-company hasn't been calibrating or maintaining its in-house sterilizers, hasn't been using validated processes, hasn't been doing sterilization verification-testing (!), hasn't been maintaining a DMR/DHF, hasn't been maintaining a DHR with sterilization batch information, and openly destroyed legally required production records rather than let them be FDA-reviewed.

So, what's my point?

It turns out upon our initial internal review that our Quality and Purchasing folks hadn't physically visited this company to audit them. Instead we trusted their ISO13485 certification, and continued a prior relationship with them that was established by another company we bought some time ago.

In theory, we should be able to do that, right? What does ISO13485 certification mean, if the certificate doesn't indicate that the subject company actually operates according to the standard, and the company has been certified for a number of years so that many audits have (supposedly) taken place?

Bad mistake on our part.

At this point, I'm perfectly willing to change our internal procedures to completely disregard ISO13485 certification as a supplier qualification. If we can't trust any certificate without more knowledge of the issuer's and the individual auditors' track records than anyone will provide to us, it's meaningless.

We need a meaningful, rigorous certification system for medical device companies. ISO13485 doesn't cut it.

Last edited by MIREGMGR; 8th September 2011 at 02:07 AM.

Sponsored Links
  Post Number #2  
Old 8th September 2011, 02:25 AM
sagai

 
 
Total Posts: 1,094
Re: Trust of ISO13485 Certification...A Sad Story

very thank you for sharing these information, it is really valuable.
I would reflect regarding the ISO13485 certification ...
1.,
I can not recall any earlier ISO13485 audit, when the auditor had more knowledge than we had in the subject of our audit and they always leaving with more knowledge than they arrived. Once I would be grateful to learn something from them in such occasions.
2.,
We should acknowledge, third party ISO audit is business driven.

Regards
Szabolcs
Thank You to sagai for your informative Post and/or Attachment!
Sponsored Links

  Post Number #3  
Old 8th September 2011, 02:32 AM
Sidney Vianna's Avatar
Sidney Vianna

 
 
Total Posts: 8,515
Re: Trust of ISO13485 Certification...A Sad Story

Quote:
In Reply to Parent Post by MIREGMGR View Post

This post pertains to the subject-company of this US FDA Warning Letter, who have been (but no longer will be, starting yesterday) one of our suppliers. <snip>
What about keeping the CB responsible for the supplier ISO 13485 certificate accountable? I went to the supplier website and see they have an RvA accredited ISO 13485 certificate. If you were willing to use the certificate as a means of confidence in the supplier and now you feel that the certificate can not be trusted anymore, are you going to let the CB off the hook that easily? By the way, this is the same CB that was "disqualified" from the Canadian CMDCAS program 6 years ago.

It is disheartening when people make broad-brush generalizations about confidence in management system certificates. A few of us, CB's, want to be accountable to the users of our certificates. But if the users don't keep the CB's and AB's accountable to the need to provide confidence via accredited certification, they are just rewarding the certificate-mills, less than serious CB's.

Casting shadows over the whole industry without exercising the process does not add to the solution.

As my Cove signature says, sustainable conformity assessment adds value to all stakeholders. If a stakeholder feels "cheated" (like you, in this case), you need to voice your concern, as pointless as it might seem to you now. Otherwise, where is the hope that the CB's will be pressed into only certifying deserving systems?

Let's think, for a second, what will happen if you decide to stop recognizing management system certificates from your suppliers. What will be the business impact to you? Apparently, based on what you stated, you would have to send representatives to audit your suppliers. Can you afford to do that? Do you have competent QMS auditors to assess your supplier base? How often are you going to repeat the process?

It is time for people to realize that not all ISO management system certificates carry the the same credibility. That's exactly why I created the Should customers influence a supplier's registrar selection? thread.
Thank You to Sidney Vianna for your informative Post and/or Attachment!
  Post Number #4  
Old 8th September 2011, 03:01 AM
MIREGMGR

 
 
Total Posts: 3,685
Re: Trust of ISO13485 Certification...A Sad Story

Quote:
In Reply to Parent Post by Sidney Vianna View Post

What about keeping the CB responsible for the supplier ISO 13485 certificate accountable? I went to the supplier website and see they have an RvA accredited ISO 13485 certificate. If you were willing to use the certificate as a means of confidence in the supplier and now you feel that the certificate can not be trusted anymore, are you going to let the CB off the hook that easily? By the way, this is the same CB that was "disqualified" from the Canadian CMDCAS program 6 years ago.
Well, we already have a policy of not accepting certificates from certain bodies, and this particular CB obviously will go on that list. But there are a lot of other CBs. Do we have to be burned by each bad one in order to find out that we can't trust them? How do we know that we can trust even the ones with supposedly good reputations? How do we quantify and evidentiate a reputation?

Quote:
It is disheartening when people make broad-brush generalizations about confidence in management system certificates.
My point isn't that there aren't good CBs. It's that ISO13485 as presently constituted doesn't require enough rigor from either certified companies or certifiers and their auditors for third parties like us to be objectively certain that the certified company always does what the standard requires.

We make medical devices. We absolutely require always.

Quote:
Casting shadows over the whole industry without exercising the process does not add to the solution.
The direction you're advocating is a CB-discipline process. I don't think throwing out a CB will fix the problem. I think what's needed is something well beyond ISO13485, and then more rigorous CB qualification and responsibility.

Quote:
Let's think, for a second, what will happen if you decide to stop recognizing management system certificates from your suppliers. What will be the business impact to you? Apparently, based on what you stated, you would have to send representatives to audit your suppliers. Can you afford to do that?
Yes. The cost to us of having even one supplier like this will be, in the current instance, much greater than auditing them every six months would have been.

Quote:
Do you have competent QMS auditors to assess your supplier base?
Noting that the focus would be Critical Suppliers as defined in our QMS, I think so, but if not we'd get more. And our audit teams include a process validation engineer, because we audit to our qualitative standards.

Quote:
How often are you going to repeat the process?
As often as necessary for us to avoid this happening again.

Last edited by MIREGMGR; 8th September 2011 at 03:11 AM.
Thank You to MIREGMGR for your informative Post and/or Attachment!
  Post Number #5  
Old 8th September 2011, 08:23 AM
Doug Tropf

 
 
Total Posts: 396
Re: Trust of ISO13485 Certification... A Sad Story

It would be interesting to know if there were any similar findings during previous FDA inspections.
  Post Number #6  
Old 8th September 2011, 09:52 AM
MIREGMGR

 
 
Total Posts: 3,685
Re: Trust of ISO13485 Certification... A Sad Story

Quote:
In Reply to Parent Post by Doug Tropf View Post

It would be interesting to know if there were any similar findings during previous FDA inspections.
I've been reviewing the weekly Warning Letter list for the past three years or so. If there was a prior Warning Letter, either I missed it or for some reason it wasn't included in the published list.

Finding #5 does mention that a DHR discrepancy was "documented during a previous inspection". My guess is that a Warning Letter wasn't issued that time.

Perhaps the prior inspection was a normal low-intensity QSIT-1 review, whereas the April-May inspection was a For-Cause and therefore more thorough.
  Post Number #7  
Old 8th September 2011, 10:04 AM
Sidney Vianna's Avatar
Sidney Vianna

 
 
Total Posts: 8,515
Re: Trust of ISO13485 Certification...A Sad Story

Quote:
In Reply to Parent Post by MIREGMGR View Post

My point isn't that there aren't good CBs. It's that ISO13485 as presently constituted doesn't require enough rigor from either certified companies or certifiers and their auditors for third parties like us to be objectively certain that the certified company always does what the standard requires. ...SNIP.... I think what's needed is something well beyond ISO13485, and then more rigorous CB qualification and responsibility.
Going over the 10 items in the FDA warning letter, I don't see anything there that is not covered under ISO 13485. So, if there is a problem, it lies with the CONFORMITY ASSESSMENT (also known as certification) process.

This process will only work well if all stakeholders keep the parties accountable. For example, in this case, it is very possible that the CB themselves and RvA are unaware of this warning letter. Until someone brings this issue up to them and ask:
Quote:
What are you going to do about this?
we will have no idea how serious they are.
You, as a customer of the certified supplier and DIRECT user of the certificate (until the day before yesterday) are in a very good position to ask this question to the CB and the AB.
  Post Number #8  
Old 8th September 2011, 10:41 AM
MIREGMGR

 
 
Total Posts: 3,685
Re: Trust of ISO13485 Certification... A Sad Story

I've emailed Orion. After their response or a suitable time, I'll inquire similarly of the AB if necessary.

Responses will be shared here.
Thank You to MIREGMGR for your informative Post and/or Attachment!
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > Medical Devices, Medical Information Technology, Medical Software and Health Informatics > Medical Device Related Standards > ISO 13485:2016 - Medical Device Quality Management Systems

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Certification services for ISO 13485, CMDCAS 13485, and CE Markings sabrina.qa Canada Medical Device Regulations 18 10th June 2016 09:46 AM
Trusting Gage Manufacturer Calibration Certifications Michael_M General Measurement Device and Calibration Topics 3 13th March 2014 11:25 AM
ISO 13485 vs FDA Requirement question about when ISO 13485 Certification is Required rvanelli ISO 13485:2016 - Medical Device Quality Management Systems 4 15th January 2014 03:05 PM
Supplier Certification for ISO 13485 danush ISO 13485:2016 - Medical Device Quality Management Systems 7 2nd April 2012 06:15 PM
What is a QC story? How to prepare a QC Story? dnarendran Quality Tools, Improvement and Analysis 3 30th September 2008 07:49 AM



The time now is 01:23 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


 
 


NOTE: This forum uses "Cookies" - A Peachfarm Internet Property