"Documented Procedure" Health Canada

[QM Becky]

Hello Everyone,
I'm so bummed to see that Elsmar.com will be going off line this month. It's been a wealth of knowledge and assistance to me over the years.

I have an ISO 13485 audit response due next week and I'm still debating if I push back on this non-conformance because I really don't agree with the auditor's evaluation. Can anyone comment on this:

ISO 13485:2003; 4.2.1
"The Quality Management system documentation shall include:
... (f) any other documentation specified by national or regional regulations."
CMDR - Section 43
"Every manufacturer of a licensed medical device shall, annually before November 1 and in a form authorized by the Minister, furnish the Minister with a statement signed by the manufacturer or by a person authorized to sign on the manufacturer?s behalf"

We have evidence that all of our licenses have been renewed on time, every year as required including work product, copies of submissions as well as licenses that show as active and properly maintained via the Health Canada.

Our auditor issued us a NC for not having a documented procedure telling us to renew our licenses. I tried to politely disagree with her over the requirement for a "documented procedure" and that while it may be a good practice, it isn't required. The requirement is that the activity be conducted, not that there be a procedure for it. (and we all know, "documented procedure" is the golden word in standards and documentation). My contention is that since there is no requirement for a documented procedure and I have multiple layers of objective evidence that the activity is occurring, the NC was issued incorrectly and should not require a formal response (except to close it out via objection of course).

All that said, we are going to pull together a "regulatory requirements" document that simply has dates for these types of things... basically a checklist... so that it's easily audit-able. Historically our auditors have been fine with our evidence... this was a new auditor and her methods were horrible so we received a lot of "I want to see it this way" which is completely inappropriate. However, we kind of just took it and figured we'd follow up with the notified body after the fact so that she would just continue on.

Anyone have any thoughts on the "documented procedure" issue I'm facing? Is my interpretation incorrect?

Thank you again for all the wisdom and insight over the years.

-QM Becky

 

[John Broomfield]

Hello Everyone,
I'm so bummed to see that Elsmar.com will be going off line this month. It's been a wealth of knowledge and assistance to me over the years.

I have an ISO 13485 audit response due next week and I'm still debating if I push back on this non-conformance because I really don't agree with the auditor's evaluation. Can anyone comment on this:

ISO 13485:2003; 4.2.1
"The Quality Management system documentation shall include:
... (f) any other documentation specified by national or regional regulations."
CMDR - Section 43
"Every manufacturer of a licensed medical device shall, annually before November 1 and in a form authorized by the Minister, furnish the Minister with a statement signed by the manufacturer or by a person authorized to sign on the manufacturer?s behalf"

We have evidence that all of our licenses have been renewed on time, every year as required including work product, copies of submissions as well as licenses that show as active and properly maintained via the Health Canada.

Our auditor issued us a NC for not having a documented procedure telling us to renew our licenses. I tried to politely disagree with her over the requirement for a "documented procedure" and that while it may be a good practice, it isn't required. The requirement is that the activity be conducted, not that there be a procedure for it. (and we all know, "documented procedure" is the golden word in standards and documentation). My contention is that since there is no requirement for a documented procedure and I have multiple layers of objective evidence that the activity is occurring, the NC was issued incorrectly and should not require a formal response (except to close it out via objection of course).

All that said, we are going to pull together a "regulatory requirements" document that simply has dates for these types of things... basically a checklist... so that it's easily audit-able. Historically our auditors have been fine with our evidence... this was a new auditor and her methods were horrible so we received a lot of "I want to see it this way" which is completely inappropriate. However, we kind of just took it and figured we'd follow up with the notified body after the fact so that she would just continue on.

Anyone have any thoughts on the "documented procedure" issue I'm facing? Is my interpretation incorrect?

Thank you again for all the wisdom and insight over the years.

-QM Becky

Becky,

You have evidence that your procedure already is effective in keeping your licenses up to date.

Be ready, also, to bring to the attention of your auditor the definition of procedure just to remind her that procedures need not be documented to be effective.

Please continue the good fight: don't over document your management system just to keep your auditor happy!

John

 

[QM Becky]

John,
Thank you for the validation. I've been going nuts over here. I couldn't believe that someone in her position would not understand the difference, but she was adamant that it was required. I just can't see that it is. I don't want to tick them off, because that can get messy and complicated, but as you've stated, we should not over document just to keep them happy.

Cheers!
Becky

 

[mihzago]

this is actually required by Canadian Medical Device Regulation, which the Notified Body auditors are required to check. I've been told this by more than one auditor.

One source of this requirement could be from GD-210
"2.1.1 Inclusion of regulatory requirements in management system documents
A MDR requirement can be included in QMS documents in a number of ways. For example, regulatory text or a summary of the text could be inserted into a procedure, work instruction or some other relevant document. A MDR requirement could be listed in an annex to a general procedure, or the section number of the requirement could simply be referenced. However, if referencing is used, the Manufacturer must have a
current electronic or paper version of the MDR available at all times. Vague or unsubstantiated statements of compliance with the MDR are unacceptable as they are not supported by objective evidence"

License renewal is one of the MDR requirements.

 

[QM Becky]

That's interesting .. is a Guidance Document technically audit-able? It certainly wasn't part of the scope of my audit. I'll dig into that one a bit more to see if there is some relevance. . just haven't heard/seen/been told about the "documented procedure" requirement for licensing renewals. Thanks for the tip...

Edit: I found the Guidance Doc you mentioned... WOW, that's a great tool. It's interesting that they are telling auditors to have these "documented procedures" checked, but if you read the regulation it isn't clearly defined. Thank you for the GD reference, there's a TON of information in there that will be most helpful.

Cheers!

 

[somashekar]

Auditors from the CMDCAS recognized registrars are usually competent on the regulatory requirements mapping into the QMS. Had she told you what mihzago detailed at least in the closing meeting, so much more better and clear...

 

[Mark Meer]

Our auditor issued us a NC for not having a documented procedure telling us to renew our licenses.

QM Becky: I'm totally in your corner! Good plan to deal with it (a regulatory checklist), but in my opinion the auditor is making a bad call.

...if you think about it, this type of "NC" could be a precedent for the ridiculous notion that you must proceduralize the entire CMDR! Personally, I think it should be perfectly acceptable to have stated somewhere that compliance to CMDR is a quality system requirement, and then have evidence that these requirements are being met.

 

[QM Becky]

Mark,
Thank you for the support. This was the first time we've had this auditor so I expected a bit of a give and take until we figured out each other's styles, but I was exceptionally disappointed in her audit manner. On more than one occasion she wouldn't accept what I had provided because it wasn't in a format she liked (wait, what?) and make a few comments about how things "had to be done" in a particular way.

I didn't share with her, because it was obvious it was a losing battle, but I'm a certified lead auditor as well to the same standard (not the CMDCAS, just ISO 13485) and I knew darn well what she was saying was incorrect.

I've been through 3 FDA inspections and 12 other major (ISO, customer, etc) audits in less than 5 years and I'm an auditor myself. I feel like I have a good background upon which to make a judgement. She was awful. It was unfortunate. She's got tons of industry experience, but has only been an auditor for about 2 years. Unfortunately, it shows.

Oh well, even bad experiences give you something to learn.

 

[QM Becky]

Auditors from the CMDCAS recognized registrars are usually competent on the regulatory requirements mapping into the QMS. Had she told you what mihzago detailed at least in the closing meeting, so much more better and clear...

I couldn't agree more! The document that mihzago referenced appears to be a guidance document for the auditor to use. What's interesting, is that it's not consistent with the standard or the regulation.

The standard states (sic) make sure you execute the relevant regulatory requirements of countries you operate in.

The CMDR doesn't call out this particular issue as a "documented procedure" requirement.

But the auditors are being told, in the guidance document, that they need to look for it to be a documented procedure.

The Guidance Document, however, is VERY eye opening. It's going to make this year's Quality System updates and upgrades very easy! you can be sure, my next audit, no matter who the auditor is, will be SMOOTH where teh CMDR is concerned.