Control of COTS (Commercial Off The Shelf) Specifications

rothlis

Involved In Discussions
#1
We are a small medical device manufacturer, with a quality system operating primarily under ISO 13485 with future plans to operate under FDA quality requirements. We are using a paper document control system and have historically approved a separate specification document for every component or material used in a product. Recently, however, we have considered the possibility that there are many cases where this creation of separate approved documents might be overkill.

In particular, the details regarding the components on a PCB, or raw materials used on a molded, cut or machined part, are often only actually used in practice to the extent that the make and model are communicated to the CM as inputs to the process of creating the PCB assembly or custom part. The proposal we are entertaining is that the make and model can simply be defined on the drawing or BOM of the assembly where it is used (in cases where that is sufficient information), so that the parent assembly is the only controlled specification document.
  • Do you feel that this is adequate to meet ISO 13485 and FDA requirements (assuming a company policy exists to verify that the correct product is received)? Is it perhaps already an accepted practice?
  • If this approach is used where the CM manages purchasing and receiving, does the parent assembly specification (or contract?) need to require that the CM verify the input components and materials on receiving inspection? Or would that only apply if the CM isn't itself certified to 13485 or 9001?

Appreciate your thoughts on the matter. Thanks.
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Another apology for not responding to this sooner.

The 'manufacturer of record' is always ultimately responsible for ensuring all regulatory requirements are met. If some are flowed down to a CM, it's your responsibility to ensure they are complying.

FDA lays out purchasing data requirements in 820.50(b) and it's spelled out in much more detail in 13485 in 7.4.2 and 7.4.3. In 13485, there is certainly the concept of documentation commensurate with the risk. And what you describe (verifying the correct product is received is, I believe, generally the case for such commercial components. The CM needs to confirm the part meets the spec (typically in a BOM rather than a drawing) and then provide whatever traceability is required.
 

rothlis

Involved In Discussions
#3
Thank you yodon. When I reviewed the regulations I came away with the impression that if a part is specified only on the BOM of a parent assembly, then this satisfies the regulations if:
a) the entry on the controlled BOM of the parent assembly is sufficient to inform receive inspection, and
b) measures are in place to ensure that receiving inspection is conducted against the controlled BOM of the parent assembly (whether that's in-house or at a CM).

So my concern is primarily from lack of experience, having only ever worked at companies where every individual part is controlled as its own separate specification document. By abandoning that, I just want to make sure we aren't straying into some sort of unprecedented territory that will raise eyebrows.
 
Thread starter Similar threads Forum Replies Date
C 8.5.1.1 Control of Equipment, Tools, and Software Programs - Questions about the extent of control of NC programs AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
Q Version/Revision Control of CAD files Document Control Systems, Procedures, Forms and Templates 2
earl62 What is the best way to control special characteristics in Control plan? Is it Mandatory to have SPC for IATF 16949? IATF 16949 - Automotive Quality Systems Standard 7
I Control Plan (Product/Process specification/ Tolerance) acceptance FMEA and Control Plans 27
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 4
Z Putting back excluded rows/data points in a control chart Using Minitab Software 0
J Control Plan use on the manufacturing floor FMEA and Control Plans 4
E Change in control plan - Do I have to do sampling? IATF 16949 - Automotive Quality Systems Standard 1
D All Dimensions listed on control plan FMEA and Control Plans 10
W Need for current design or process control FMEA and Control Plans 2
Q ISO 9001 8.5.1 - Control of production and service performance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A What is the difference between Design Process, Process Design and Design Control? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
A Beginners help with ISO3951-2 Combined control s-method n>5 what is Phi ?? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
C Corrective action for failure in documents control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B Control chart and sample time Statistical Analysis Tools, Techniques and SPC 1
DuncanGibbons Manufacturing Plan vs Material Specification vs Control Plan Manufacturing and Related Processes 4
J Control chart for huge sample size Statistical Analysis Tools, Techniques and SPC 9
K Contamination Control - Class Is medical devices (Clause 6.4.2 ISO 13485:2016 (E)) ISO 13485:2016 - Medical Device Quality Management Systems 12
J 510(k) for a control kit for an external IVD test kit 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T Assessing Hazard-Related Use Scenarios where control measures exist through standards IEC 62366 - Medical Device Usability Engineering 32
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
T Design Control Procedures later in the Development Process ISO 13485:2016 - Medical Device Quality Management Systems 6
L AS5553 Clause 3.1.7 e "Control packaging material ..................reused" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
T Attributes SPC study - Attributive control (Go gage) Statistical Analysis Tools, Techniques and SPC 5
K Process Mapping - Inputs/Outputs/Detail Activities/Control points/Measurement? Process Maps, Process Mapping and Turtle Diagrams 4
S Should safety checks be included in the Control Plan? IATF 16949 - Automotive Quality Systems Standard 5
D Infrastructure: Equipment, Work Environment and Contamination Control ISO 13485:2016 - Medical Device Quality Management Systems 4
Q Relabeler for patent expired product - design control responsibilities? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
J How to make Quality Control plans Quality Tools, Improvement and Analysis 5
I Document Control on Log Files ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Q Tracking Procedure Revisions (Document Control) Document Control Systems, Procedures, Forms and Templates 9
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 24
D Supplied Product on Control Plan - Lot ranging in 40,000 pcs per product FMEA and Control Plans 3
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
J Antiviral Mask or Mask to Mitigate or Control Corona Virus Manufacturing and Related Processes 29
A UDI and Design Controls - Labeling change via the Design Control process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
I Control of Documentation Distribution - Document Control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
S Inventory Control - Any thoughts would be appreciated ISO 13485:2016 - Medical Device Quality Management Systems 2
H SPC for special characteristics - CSR - Control of SC and CC Statistical Analysis Tools, Techniques and SPC 1
T Control of downloaded document copies by employees Document Control Systems, Procedures, Forms and Templates 3
T Document control ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
M Is there any pre-defined Control plan format/template acc. VDA? VDA Standards - Germany's Automotive Standards 0
B Record Management - Does the QMS need to control templates of records? Records and Data - Quality, Legal and Other Evidence 17
O Inventory control ideas - I have an open stock room with a "sign out" book Manufacturing and Related Processes 9
V IATF 16949 8.4.1 Control of externally provided processes, products and services - Should the CB be on our Approved Supplier List? IATF 16949 - Automotive Quality Systems Standard 10
R Process control documents - Context of API Spec Q1, Clause 5.7.1.3 Other ISO and International Standards and European Regulations 0
D Performance specification as a Risk Control Measure, EN 14971 ISO 14971 - Medical Device Risk Management 7
L Form-dependent position prevention control FMEA and Control Plans 1
S CQI-23 - Molding System Assessment - Control of part weight IATF 16949 - Automotive Quality Systems Standard 5
D Change Control - Product Name Change and its associated labeling EU Medical Device Regulations 7

Similar threads

Top Bottom