Control of COTS (Commercial Off The Shelf) Specifications

rothlis

Involved In Discussions
#1
We are a small medical device manufacturer, with a quality system operating primarily under ISO 13485 with future plans to operate under FDA quality requirements. We are using a paper document control system and have historically approved a separate specification document for every component or material used in a product. Recently, however, we have considered the possibility that there are many cases where this creation of separate approved documents might be overkill.

In particular, the details regarding the components on a PCB, or raw materials used on a molded, cut or machined part, are often only actually used in practice to the extent that the make and model are communicated to the CM as inputs to the process of creating the PCB assembly or custom part. The proposal we are entertaining is that the make and model can simply be defined on the drawing or BOM of the assembly where it is used (in cases where that is sufficient information), so that the parent assembly is the only controlled specification document.
  • Do you feel that this is adequate to meet ISO 13485 and FDA requirements (assuming a company policy exists to verify that the correct product is received)? Is it perhaps already an accepted practice?
  • If this approach is used where the CM manages purchasing and receiving, does the parent assembly specification (or contract?) need to require that the CM verify the input components and materials on receiving inspection? Or would that only apply if the CM isn't itself certified to 13485 or 9001?

Appreciate your thoughts on the matter. Thanks.
 
Elsmar Forum Sponsor

yodon

Leader
Super Moderator
#2
Another apology for not responding to this sooner.

The 'manufacturer of record' is always ultimately responsible for ensuring all regulatory requirements are met. If some are flowed down to a CM, it's your responsibility to ensure they are complying.

FDA lays out purchasing data requirements in 820.50(b) and it's spelled out in much more detail in 13485 in 7.4.2 and 7.4.3. In 13485, there is certainly the concept of documentation commensurate with the risk. And what you describe (verifying the correct product is received is, I believe, generally the case for such commercial components. The CM needs to confirm the part meets the spec (typically in a BOM rather than a drawing) and then provide whatever traceability is required.
 

rothlis

Involved In Discussions
#3
Thank you yodon. When I reviewed the regulations I came away with the impression that if a part is specified only on the BOM of a parent assembly, then this satisfies the regulations if:
a) the entry on the controlled BOM of the parent assembly is sufficient to inform receive inspection, and
b) measures are in place to ensure that receiving inspection is conducted against the controlled BOM of the parent assembly (whether that's in-house or at a CM).

So my concern is primarily from lack of experience, having only ever worked at companies where every individual part is controlled as its own separate specification document. By abandoning that, I just want to make sure we aren't straying into some sort of unprecedented territory that will raise eyebrows.
 
Thread starter Similar threads Forum Replies Date
M Document Control ISO and FDA ISO 13485:2016 - Medical Device Quality Management Systems 5
M Design Control Procedure Medical Device and FDA Regulations and Standards News 4
D 8.5.1.2 Validation and control of special processes requirements for Heat Treat External Processor AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
R Humane Pest Control Food Safety - ISO 22000, HACCP (21 CFR 120) 1
B 8.5.1.1 Control Plan - question audit NC IATF 16949 - Automotive Quality Systems Standard 5
B QM Plan vs Control Plan IATF 16949 - Automotive Quality Systems Standard 3
N AS 13004 Control Plan and AQL FMEA and Control Plans 1
R Does anyone use iQMS for their ISO based document control? Manufacturing and Related Processes 0
qualprod Traceability with no rules to control labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
B Doubt about the correct control chart Statistical Analysis Tools, Techniques and SPC 14
G Change Control for Test Samples Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
Z Change color or shape of individual data point in control chart Using Minitab Software 6
Z Setting the Control limits on Minitab Using Minitab Software 4
C Elaborating a control chart with skewed data Manufacturing and Related Processes 4
M Who is performing quality control? IATF 16949 - Automotive Quality Systems Standard 2
S Risk control through Information for safety ISO 14971 - Medical Device Risk Management 8
D Locking Control Limits and SPC Sample Sizes (AIAG/Automotive Requirements) Six Sigma 2
Q Control limits Six Sigma 6
J PFMEA/control plan question- PLEASE HELP ! IATF 16949 - Automotive Quality Systems Standard 8
T Control of Nonconforming Material AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
G Control of Approved Supplier List (ASL) When Employees Make Purchases Supplier Quality Assurance and other Supplier Issues 6
dpenbert AS9100 7.5.3 - Manual Document Control AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
Y FMEA link to Control Plan frequency and sample size FMEA and Control Plans 19
D Control chart selection of multiple batches review Statistical Analysis Tools, Techniques and SPC 4
M Supplier Control for Unique Product ISO 13485:2016 - Medical Device Quality Management Systems 6
L Unique Supplier Control Issue AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
S Help in document control procedure Document Control Systems, Procedures, Forms and Templates 8
PQ Systems Understanding Capability and Control Charts Series Using SQCpack Software 0
PQ Systems Control Charts & Capability Analysis 101 Using SQCpack Software 0
D AS9100 Rev D - Clause 8.7 Control of Non conforming outputs AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
S Linking control chart with control plan Statistical Analysis Tools, Techniques and SPC 5
T IEC 62304 : Risk control for SaMD IEC 62304 - Medical Device Software Life Cycle Processes 8
N Change Control for processes & products Manufacturing and Related Processes 7
Q Change Control Numbering system Document Control Systems, Procedures, Forms and Templates 7
S Operation of possible rework in control plan FMEA and Control Plans 8
K MHLW MO169 2021 Japan Ministerial Ordinance on Standards for Manufacturing Control and Quality Control for Medical Devices and In-Vitro Diagnostics Japan Medical Device Regulations 2
D Using electronic lab notebooks in the design control process ISO 13485:2016 - Medical Device Quality Management Systems 3
M Process & Product Characteristic in Control Plan FMEA and Control Plans 17
D How to calculate the A4 constants in Median/Range control charts? Statistical Analysis Tools, Techniques and SPC 2
Nihls Quality Control (stability) Chart for CMM's - How the control limits are to be calculated Capability, Accuracy and Stability - Processes, Machines, etc. 2
M Change control on Tracking Sheet ISO 13485:2016 - Medical Device Quality Management Systems 11
K COPLANARITY: Composite profile tolerance on multiple surfaces- what does" lower dimensional reference frame tolerance" control? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 11
M Medical Device Marketing Material - Control of Social Media 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
M Does 4.5 - Alternative RISK CONTROL apply to the Particular Standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
H Control of Change i.e. process and WI IATF 16949 - Automotive Quality Systems Standard 9
Sonja D AIAG VDA PFMEA and Control Plan training FMEA and Control Plans 9
F Quality Control in Electrical Calibration ISO 17025 related Discussions 0
Z Why Control Limits are not the same depending on type of exclusion of data points Using Minitab Software 7
D Engineering Change order vs. Change Control ISO 13485:2016 - Medical Device Quality Management Systems 3
D Computer access, password control ISO 13485:2016 - Medical Device Quality Management Systems 6

Similar threads

Top Bottom