SBS - The best value in QMS software

Auditor driving us nuts - ESD requirements

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#1
We are in the middle of our 13485:2016 surv audit. We brought production in house from contract manufacturing.

During our planning stage, we talked about ESD requirements for production. We have never required contract manufacturing to use ESD based spec data from our board manufacturers.

Our ISO 13485 auditor considers himself to be the global expert on all things ESD. We submitted our device to ESD testing under IEC 61000-4-2:2008 Part 4-2 and IEC 60601-1-2:2014 Parts 1 and 2, We then tested those exact samples in our original functional V&V testing and they passed.

He is claiming the reports that the devices passed that testing and are not ESD sensitive is not enough to not use ESD protection in production. His follow up was "How do you know the testing didn't slightly damage the electronics slightly altering their performance and shortening their shelf life?

This seems ridiculous and appears to invalidate all of our required testing we did to meet ISO, FDA and CE years ago.
 
Last edited:
Elsmar Forum Sponsor
#4
I think there is a difference between ESD safe at a unit level and ESD safe at component level.

Good engineering practice would certainly demand ESD precautions in any (electronics?) assembly area - even things like diodes can be damaged by ESD.
We got taken to task during an FDA inspection. Had to banish all cardboard and ordinary plastic bags (even for nuts and bolts!).
 

Tidge

Trusted Information Resource
#5
He is claiming the reports that the devices passed that testing and are not ESD sensitive is not enough to not use ESD protection in production. His follow up was "How do you know the testing didn't slightly damage the electronics slightly altering their performance and shortening their shelf life?
There is a difference between the finished device and the individual components. Perhaps this auditor didn't make it clear where the concerns lie.

I think there is a difference between ESD safe at a unit level and ESD safe at component level.

Good engineering practice would certainly demand ESD precautions in any (electronics?) assembly area - even things like diodes can be damaged by ESD.
I have approached ESD concerns in manufacturing within manufacturing pFMEA. For our products, electrostatic damage is recognized as a potential contributing factor to product defects. We have an assessment of our ES-sensitive components; we recognize the minimum level of concern that can lead to damage and we have an established program to mitigate ESD at the level necessary to address those levels. It has been a long time since I was directly involved with our ESD program so I can't remember precise levels and may get some specific terminology wrong.

In our specific case, we have a multi-tiered approach to ESD in manufacturing to control the risks associate with things discharging to the components (e.g. wrist straps, mats) as well as the components getting charged by external fields (e.g. ionizers, banishing cardboard). Our components are not extremely sensitive but they are sensitive enough that we have a rather robust program.
 

Jean_B

Trusted Information Resource
#6
We are in the middle of our 13485:2016 surv audit. We brought production in house from contract manufacturing.

During our planning stage, we talked about ESD requirements for production. We have never required contract manufacturing to use ESD based spec data from our board manufacturers.

Our ISO 13485 auditor considers himself to be the global expert on all things ESD. We submitted our device to ESD testing under IEC 61000-4-2:2008 Part 4-2 and IEC 60601-1-2:2014 Parts 1 and 2, We then tested those exact samples in our original functional V&V testing and they passed.

He is claiming the reports that the devices passed that testing and are not ESD sensitive is not enough to not use ESD protection in production. His follow up was "How do you know the testing didn't slightly damage the electronics slightly altering their performance and shortening their shelf life?

This seems ridiculous and appears to invalidate all of our required testing we did to meet ISO, FDA and CE years ago.
Opening note: those standards are EMC standards. ESD testing can partially be considered covered by it, but those standards do far more (and different) things. And yes, they still have their value, just not when it comes to this case. Those standards test the device in fully assembled conditions, including covers and all. This is not the typical condition for manufacture (as said by @Pads38). Based solely on that, he can refuse those reports as being a valid defense, and rightly so. (Even though ""How do you know the testing didn't slightly damage the electronics slightly altering their performance and shortening their shelf life?" is silly. The unit sent to the test-lab would/should be representative and probably wasn't produced under significantly different conditions)

If there would be a reference to a specific ElectroStatic Discharge management standard, it would be ANSI/ESD S20.20 or IEC 61340-5-1 (and the useful IEC 61340-5-2). Neither is normative in the medical device sector to my knowledge. Thus, there is no regulatory expectation for you to implement them based purely on the fact that they are applicable.
It is likely that if any practices are implemented, they are without claiming compliance to either of those, so there would not be an entry for the auditor to claim deficiency against some specific part of them through your QMS. (And otherwise, the auditor might have a point; but you would be less mystified and not here).

Given that you do not claim it yourself, the auditor must have another channel to write a finding against.
The reasoning path to reach a finding of inadequate ESD control without regulatory or QMS claims have a varying amount of pre-conditions and hops to make.
Pre-condition 1 has been mentioned by @Tidge:
For our products, electrostatic damage is recognized as a potential contributing factor to product defects.
He can get at you if you have not considered which hazardous situations could arise from electronic component failure, and thus not considered implementing any control such as ESD precautions in manufacture. That would be appropriate, though he should write it against risk management, not manufacturing control or facilities which auditors are prone to do (neural short-circuit in our brains).

Perhaps you have considered hazardous situations for which you either justified unacceptable risk per ISO 14971, while not implementing the known effective ESD management aspect. In this case the auditor has you, but knowing @Ed Panek 's competence, this company is not in that state.

You might have considered hazardous situations and found your current level acceptable based on history. This is fully valid, and then it would be up to the auditor to find fault with that in your complaints, feedback (warranty claims) and post-market surveillance system. However, he needs to evidence the link from the shortcomings there to the initiating event of ESD at manufacture. Improbable by its nature, though not technically impossible. But if you show that you've considered and monitored it (or at least re-analyzed your data with this view over-night), your countercase is strong.

For devices distributed to the EU, you might not have implemented all of the options available to you which would reduce risk in a cumulative fashion per EN ISO 14971 and its content deviations. If the auditor must adhere to the consensus statement version 1.1, there's still a way out: the above specific versions are non-harmonized industry standards at a level of protection. This means that any one risk control in the categories harmonized protective measure in the device or manufacturing process, or any inherent safety by design (whether from harmonized, industry or company-specific standards) beats it as an end-point. Thus, under the assumption of single-fault condition (which is still commonly accepted in the medical device industry, though a bit less under 60601-1) if you have a validated safe-state for those failures which might have been caused by ESD in manufacture (and it is present as such in your risk management file), then you have a company specific inherent safety by design.
That last one is a long haul of defense with a lot to prove (but you are saying you have a decent amount of supporting reports), but it is fully compliant. If he is not beholden to consensus statement version 1.1: tough luck, but then that would have been a losing battle anyway.

The core remains: he must not presuppose your device is risky without ESD. That surveillance audit is not for improvement, it is for certification. If you show you are meeting the requirements you are fine. If he wants to make a point, he must be specific about the requirement which he has found you not conforming to.

This does not take away the fact that, for the given cost, I would implement basic ESD management measures. There are practically no options to lead a field failure back to a manufacturing ESD failure on a case basis, but on a statistical base their advantage has been shown. However, I would select what controls to implement based on a risk-assessment which includes consideration of risky handling, warranty case reduction and risk of electronic failures not leading to safe-state.
 

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#7
We are writing a memo with 3 mitigating factors

1)We do 100% product verification at the time of packaging. Power on the unit, Bluetooth QC app verifies the temperature and related circuitry is working and sending data (its a one way comm device)

2) The IEC reports

3) Current field data from contract manufacturers showing over 100,000 units inthe field and no failures due to the contract man not using esd in their production

We also received a signed letter from the chair of EE at Case Western Reserve University who reviewed our report and said we do not need to use ESD in our line

We hope this will be enough.
 

Jean_B

Trusted Information Resource
#8
That won't factor into his concern. He sounds focused on the end of the bathtub curve, and that doesn't show in those snapshot tests and inspections at the beginning. Perhaps predictive failures or measurements of service checkups might give some indication, but that doesn't seem to apply to your description of the device and system around it.
 

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#9
Perhaps. We specifically asked our electronics manufacturer to design a board we could handle without ESD. The spec they signed states it isnt required. Just not sure what we can do.
 
Last edited:

Tidge

Trusted Information Resource
#10
Perhaps. We specifically asked our electronics manufacturer to design a board we could handle without ESD. The spec they signed states it isnt required. Just not sure what we can do.
This is a very strong start. It would probably be more effective to have the manufacturer provide a statement as to what levels of sensitivity the board has. If you decide to implement an ESD controls program, you will have an idea how much effort you can expect to expend (for this component).
 
Thread starter Similar threads Forum Replies Date
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
W Redacting Info Before Giving to Auditor ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
T Quality auditor legal right to see Board meeting minutes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
V Certified Auditor - Need of additional certification specific to industry ( GMPs) ASQ vs ECA vs others Professional Certifications and Degrees 1
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 14
R American Petroleum Institute - Becoming an API Auditor Professional Certifications and Degrees 2
B Lowest cost way to pass Lead Auditor exam ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
Z Auditor Findings ISO 14001:2015 vs. 45001:2015 ISO 14001:2015 Specific Discussions 6
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 7
A Becoming an ISO27001 3rd Party Auditor Career and Occupation Discussions 4
L ASQ's Biomedical Auditor Course Test ASQ - American Society for Quality 1
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
G Same parts but new customer - What will the auditor ask me? IATF 16949 - Automotive Quality Systems Standard 2
Gun46 ISO 9001 : 2015 Lead Auditor Exam General Auditing Discussions 16
K %GRR was between 10-30% so we have to have a "backup plan" per auditor IATF 16949 - Automotive Quality Systems Standard 15
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
R ISO 45001 Lead Auditor Exam paper Training - Internal, External, Online and Distance Learning 1
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
A Our auditor told if we didn't have a patent we would have to do a validation or verification ISO 13485:2016 - Medical Device Quality Management Systems 6
W Certification for IATF Lead Auditor will expire in 2020 IATF 16949 - Automotive Quality Systems Standard 2
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
A OHSAS 18001 external auditor finding personal interpretation? Occupational Health & Safety Management Standards 5
S IRCA Lead Auditor training and Exam tips Training - Internal, External, Online and Distance Learning 5
L ASQ CBA biomedical auditor - CBA primer material is enough to study? ISO 13485:2016 - Medical Device Quality Management Systems 6
B VDA 6.3 Qualification as Process Auditor training course and exam VDA Standards - Germany's Automotive Standards 0
F ISO 21001 Educational Organizations Management - How to become an auditor Other ISO and International Standards and European Regulations 1
J Getting training either from ASQ or from SAI Global - ISO 9001 Lead Auditor training Training - Internal, External, Online and Distance Learning 1
P ASQ Certified Biomedical Auditor (CBA) Certification Preparation 2019 ASQ - American Society for Quality 3
M Medical Device Design Control Auditor Recommentations General Auditing Discussions 19
G Third party auditor mentions no grace period for calibration Calibration Frequency (Interval) 22
D Where (in US) can I get the VDA Auditor Edition book? VDA Standards - Germany's Automotive Standards 3
S AIAG CQI Auditor Qualification and 3rd Party Certification Requirements General Auditing Discussions 2
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7
C Recommendations for UK-based ISO 13485 internal auditor training ISO 13485:2016 - Medical Device Quality Management Systems 1
Sidney Vianna AS9100 News July 2019 AAQG/RMC CB Auditor Workshop - Presentation Materials AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Scope of Facility - Our auditor asked us last week for our "Scope of the Facility" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
A ISO 9001 lead auditor as Full time career India Career and Occupation Discussions 2
J Manufacturing Process Auditor Requirements - IATF 16949 IATF 16949 - Automotive Quality Systems Standard 9
GreatNate ISO 9001:2015 Lead Auditor Course? (who to take with) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
A External Auditor issue with Internal Audits Internal Auditing 7
Q Internal Auditor competence for ISO 14001 ISO 14001:2015 Specific Discussions 11
S IATF 16949: Is "Certified" Internal Auditor mandatory? IATF 16949 - Automotive Quality Systems Standard 9
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
J Your opinion on the better training org for IATF16949 Internal auditor and Lead Auditor IATF 16949 - Automotive Quality Systems Standard 3
K Turtle diagram or process interaction chart - Making it easier for an auditor Process Maps, Process Mapping and Turtle Diagrams 23
C TL-9000 Certifying Body Issue - Auditor failed to find an issue for 10 years TL 9000 Telecommunications Standard and QuEST 16
C Advice on becoming a AS9100 Auditor - Need to audit organizations that are Design Responsible AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
Q Audit 1 week away and no agenda from auditor yet IATF 16949 - Automotive Quality Systems Standard 12

Similar threads

Top Bottom