Control of COTS (Commercial Off The Shelf) Specifications

rothlis

Involved In Discussions
#1
We are a small medical device manufacturer, with a quality system operating primarily under ISO 13485 with future plans to operate under FDA quality requirements. We are using a paper document control system and have historically approved a separate specification document for every component or material used in a product. Recently, however, we have considered the possibility that there are many cases where this creation of separate approved documents might be overkill.

In particular, the details regarding the components on a PCB, or raw materials used on a molded, cut or machined part, are often only actually used in practice to the extent that the make and model are communicated to the CM as inputs to the process of creating the PCB assembly or custom part. The proposal we are entertaining is that the make and model can simply be defined on the drawing or BOM of the assembly where it is used (in cases where that is sufficient information), so that the parent assembly is the only controlled specification document.
  • Do you feel that this is adequate to meet ISO 13485 and FDA requirements (assuming a company policy exists to verify that the correct product is received)? Is it perhaps already an accepted practice?
  • If this approach is used where the CM manages purchasing and receiving, does the parent assembly specification (or contract?) need to require that the CM verify the input components and materials on receiving inspection? Or would that only apply if the CM isn't itself certified to 13485 or 9001?

Appreciate your thoughts on the matter. Thanks.
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Another apology for not responding to this sooner.

The 'manufacturer of record' is always ultimately responsible for ensuring all regulatory requirements are met. If some are flowed down to a CM, it's your responsibility to ensure they are complying.

FDA lays out purchasing data requirements in 820.50(b) and it's spelled out in much more detail in 13485 in 7.4.2 and 7.4.3. In 13485, there is certainly the concept of documentation commensurate with the risk. And what you describe (verifying the correct product is received is, I believe, generally the case for such commercial components. The CM needs to confirm the part meets the spec (typically in a BOM rather than a drawing) and then provide whatever traceability is required.
 

rothlis

Involved In Discussions
#3
Thank you yodon. When I reviewed the regulations I came away with the impression that if a part is specified only on the BOM of a parent assembly, then this satisfies the regulations if:
a) the entry on the controlled BOM of the parent assembly is sufficient to inform receive inspection, and
b) measures are in place to ensure that receiving inspection is conducted against the controlled BOM of the parent assembly (whether that's in-house or at a CM).

So my concern is primarily from lack of experience, having only ever worked at companies where every individual part is controlled as its own separate specification document. By abandoning that, I just want to make sure we aren't straying into some sort of unprecedented territory that will raise eyebrows.
 
Thread starter Similar threads Forum Replies Date
H Control of Change i.e. process and WI IATF 16949 - Automotive Quality Systems Standard 9
Sonja D AIAG VDA PFMEA and Control Plan training FMEA and Control Plans 6
F Quality Control in Electrical Calibration ISO 17025 related Discussions 0
Z Why Control Limits are not the same depending on type of exclusion of data points Using Minitab Software 7
D Engineering Change order vs. Change Control ISO 13485:2016 - Medical Device Quality Management Systems 3
D Computer access, password control ISO 13485:2016 - Medical Device Quality Management Systems 6
A How to control distribution list? Document Control Systems, Procedures, Forms and Templates 2
A Control plan for IATF - example? FMEA and Control Plans 1
J ISO 9001:2015 Clause 8.5.1 Control of Production and service provision - Help with Work Instruction Access ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
A Final quality control corrective actions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
J Training on the importance of Document Control Document Control Systems, Procedures, Forms and Templates 3
G How to implement H&S and Quality Control Requirements in Contract for Potential Supplier? Contract Review Process 6
D GAMP CAT 5 Change Control Qualification and Validation (including 21 CFR Part 11) 9
D Use Error Risk Controls and Control Verification ISO 14971 - Medical Device Risk Management 6
S Maintenence related action in Control plan FMEA and Control Plans 3
M ISO 13485 and document control for programs ISO 13485:2016 - Medical Device Quality Management Systems 6
R Control Methods in Control Plan FMEA and Control Plans 5
M Design Control - Management of Electronic CAD files Design and Development of Products and Processes 14
S TSCA (Toxic Substances Control Act) PIP 3:1 RoHS, REACH, ELV, IMDS and Restricted Substances 0
S Use of Attributes Control Charts Statistical Analysis Tools, Techniques and SPC 1
U Appraiser Out of Control Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 5
L Looking for Control Plan and FMEA Stamping process FMEA and Control Plans 2
Z AS9100 Control of Nonconforming Outputs - Rework Dispositions AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
K ASME, ANSI, ASTM and similar specifications and their requirements for document control. Inspection, Prints (Drawings), Testing, Sampling and Related Topics 8
Z Software for design control ISO 13485:2016 - Medical Device Quality Management Systems 5
K Quality Control/Assurance in the Metal Industry Quality Tools, Improvement and Analysis 10
K Defining risk control measures IEC 62304 - Medical Device Software Life Cycle Processes 14
J Warehouse temperature and humidity control EU Medical Device Regulations 7
Jimmy123 IATF16949 Control Plan FMEA and Control Plans 1
D Control Number for Class III and IV devices Canada Medical Device Regulations 1
J Document Control Metrics Document Control Systems, Procedures, Forms and Templates 3
I Document Control Software Document Control Systems, Procedures, Forms and Templates 2
T Controlling Expandable Forms in Paper-Based Document Control System Document Control Systems, Procedures, Forms and Templates 10
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
C UDI Questions on Control Units Other US Medical Device Regulations 6
A Quality Control Datasheets Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
M Control-self assessment Internal Auditing 5
GreatNate Master Control QMS software Quality Tools, Improvement and Analysis 1
A Prototype control plan FMEA and Control Plans 2
J Records Control - Does each individual record need to be numbered? Records and Data - Quality, Legal and Other Evidence 2
shimonv Document Control Procedure Header Content Document Control Systems, Procedures, Forms and Templates 4
W FMEA - Current control and occurrence rating FMEA and Control Plans 3
S Which department should prepare the control plan? could you show me a standard regarding to this matter. FMEA and Control Plans 17
G Control Plan & PFMEA Review Procedure? FMEA and Control Plans 8
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
A Fabric roll inspection - What type of Control Chart to use? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
C Monitoring and Control Instruments RoHS, REACH, ELV, IMDS and Restricted Substances 3
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 5
T Risks arising from control measures vs. ineffective control measures ISO 14971 - Medical Device Risk Management 11
J Need Change Control Yes/No Decision Tree Template ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1

Similar threads

Top Bottom