FDA Audit Documentation - Recently released FDA Warning Letter

A

alex.Kennedy

#1
A recently released FDA Warning Letter portrays a tighter interpretation of 21 CFR part 820.50, in so much as they expect to be able to review documented record for items a) to d) below. It must also be understood that other branches of the FDA (Drugs & Bio) have ascertained that when 21 CFR 211 lacks detail; they will audit to detail in 21 CFR 820 (if any).

Although the wording used in a) & b) would definitely identify them as applicable to medical devices parts; c) & d) are not. Also the fact that they mention in b) & c); that these requirements are applicable to - contractors and services rendered. This for many companies will be very disconcerting.

Extract from warning letter:

a) Your firm has not documented the evaluation and approval of suppliers of components used in the manufacture or assembly of the xxxxx xxx xxxx measurement device.

b) Your firm does not have a documented agreement with any component suppliers or contractors to notify it of changes made in the components supplied or services rendered.

c) Your firm has not established the requirements that must be met by suppliers and contractors.

d) Your firm does not maintain an approved suppliers list.
Precise extraction from WL CMS Case #175552

Alex Kennedy
 
Elsmar Forum Sponsor
M

MIREGMGR

#2
Re: FDA Audit Documentation

Our understanding since 1996, at least in regard to matters that might be subject to FDA inspection, has been "if it's not documented, it didn't happen".
 

sagai

Quite Involved in Discussions
#3
Thank you Alex for sharing, it is really a good way to collect impressions and thoughts!
Regards, Szabolcs
 

Wes Bucey

Prophet of Profit
#5
Re: FDA Audit Documentation

Our understanding since 1996, at least in regard to matters that might be subject to FDA inspection, has been "if it's not documented, it didn't happen".
what is the minimal criteria for "documented"? :frust:
:bigwave:
In my mind [and practice], "documentation" means you have

  1. a written plan for an activity
  2. a record (hard copy or electronic) of the activity being performed
  3. periodic evaluation (recorded) of the activity record to compare against the plan (audit and management review?)
  4. record of the action or non action taken after the evaluation (this presupposes management makes due and timely communication to concerned parties, including regulators)
 

Ronen E

Problem Solver
Moderator
#6
A recently released FDA Warning Letter portrays a tighter interpretation of 21 CFR part 820.50, in so much as they expect to be able to review documented record for items a) to d) below. It must also be understood that other branches of the FDA (Drugs & Bio) have ascertained that when 21 CFR 211 lacks detail; they will audit to detail in 21 CFR 820 (if any).

Although the wording used in a) & b) would definitely identify them as applicable to medical devices parts; c) & d) are not. Also the fact that they mention in b) & c); that these requirements are applicable to - contractors and services rendered. This for many companies will be very disconcerting.

Extract from warning letter:

a) Your firm has not documented the evaluation and approval of suppliers of components used in the manufacture or assembly of the xxxxx xxx xxxx measurement device.

b) Your firm does not have a documented agreement with any component suppliers or contractors to notify it of changes made in the components supplied or services rendered.

c) Your firm has not established the requirements that must be met by suppliers and contractors.

d) Your firm does not maintain an approved suppliers list.
Precise extraction from WL CMS Case #175552

Alex Kennedy
validation online
Thanks for highlighting the subject; however, I think this is old news to any manufacturer following the FDA's QSR manual and/or ISO 13485.

Cheers,
Ronen.
 
A

alex.Kennedy

#7
I appreciate the comments made by forum readers and I do agree that the universal understanding with regulators was if it was not document; it was not being done and probably never had been done.


The subtlety I was trying to highlight is that in one simple interpretation they are saying ‘audit all your suppliers’. In the past we have used all sorts of risk assessments to define which software suppliers require to be audited and which do not. Now it would appear that the terms mentioned in this interpretation; that contractors and suppliers must be made aware of the precise skills competency and resources that are required of them and that contract givers must have documented evidence that these requirements are within the suppliers capabilities; requires the contract giver to carry out some form of audit in order to establish the requisite documented evidence. How else can you officially approve a supplier.


Alex Kennedy
 
Last edited by a moderator:

Wes Bucey

Prophet of Profit
#8
I appreciate the comments made by forum readers and I do agree that the universal understanding with regulators was if it was not document; it was not being done and probably never had been done.


The subtlety I was trying to highlight is that in one simple interpretation they are saying ‘audit all your suppliers’. In the past we have used all sorts of risk assessments to define which software suppliers require to be audited and which do not. Now it would appear that the terms mentioned in this interpretation; that contractors and suppliers must be made aware of the precise skills competency and resources that are required of them and that contract givers must have documented evidence that these requirements are within the suppliers capabilities; requires the contract giver to carry out some form of audit in order to establish the requisite documented evidence. How else can you officially approve a supplier.


Alex Kennedy
Every supplier does not require the same level or intensity of audit. The point should be that management PLANS which level of supplier gets what level of audit and then DOCUMENTS that the audit has been conducted at that level and that any and all issues arising from the audit are resolved.
 

Ronen E

Problem Solver
Moderator
#9
I appreciate the comments made by forum readers and I do agree that the universal understanding with regulators was if it was not document; it was not being done and probably never had been done.


The subtlety I was trying to highlight is that in one simple interpretation they are saying ‘audit all your suppliers’. In the past we have used all sorts of risk assessments to define which software suppliers require to be audited and which do not. Now it would appear that the terms mentioned in this interpretation; that contractors and suppliers must be made aware of the precise skills competency and resources that are required of them and that contract givers must have documented evidence that these requirements are within the suppliers capabilities; requires the contract giver to carry out some form of audit in order to establish the requisite documented evidence. How else can you officially approve a supplier.


Alex Kennedy
I fail to see how the text you quoted (items a to d) leads to a statement that ALL suppliers are subject to the same level of scrutiny.
 

Wes Bucey

Prophet of Profit
#10
Show me the shall!
I am not aware of any clause in either FDA or ISO 13485 which says suppliers must be aware of and/or agree to the criteria the customer uses in approving them [or rejecting them!]

Please review the concept of "mission creep." I think you are wandering into that territory.
 
Thread starter Similar threads Forum Replies Date
S Initial Audit FDA US Medical Device Regulations 3
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
A FDA and NB audit of Engineering Drawings in DHF and DMR. Medical Device and FDA Regulations and Standards News 1
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
E MDSAP Audit - Our QMS conforms to ISO 13485:2016 and FDA GMP Canada Medical Device Regulations 9
W ERP Audit Trail audit by FDA? Regular audit trail report template? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 10
R FDA Inspection (Audit) Readiness Procedure General Auditing Discussions 14
Ronen E FDA encourages industry to participate in Medical Device Single Audit Program (MDSAP) Other US Medical Device Regulations 10
V Data Quality and Data Integrity - Audit Trail - Part 11 - WHO - FDA - MHRA - PDA US Food and Drug Administration (FDA) 6
M US FDA "Single Audit Program" and Brazil Other Medical Device Regulations World-Wide 3
R IEC 62304 was brought up during an FDA Inspection/Audit IEC 62304 - Medical Device Software Life Cycle Processes 6
B Is there an FDA requirement for a Supplier Audit Schedule US Food and Drug Administration (FDA) 22
A What documents would an FDA auditor want to see in an FDA Audit of Quality System 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 9
A Can Internal Audit Observations be kept confidential from State FDA inspections ? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 11
R Always Internal Audit all Line Items of applicable FDA Regulations? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
C Internal Audit Confidentiality - Exempt from review by the FDA under 820.180(c)? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
B FDA 21 CFR Part 820 Medical Device Audit Criteria US Food and Drug Administration (FDA) 5
Ajit Basrur FDA guidance on accepting audit reports by other auditors/regulators US Food and Drug Administration (FDA) 1
G FDA Voluntary Audit Report Submission Pilot Program now a final guidance document 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
E FDA Quality Systems and DAMAS (Dental Appliance Manufacturers Audit Scheme) US Food and Drug Administration (FDA) 3
E 483 Process Validation - FDA Audit Observation 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
S Internal Audit Closure Certification Report - FDA Requirements US Food and Drug Administration (FDA) 5
AnaMariaVR2 Pros & Cons of FDA viewing QAU Audit Report Findings US Food and Drug Administration (FDA) 7
L FDA Audit - How much advance notice do foreign manufacturers get? ISO 13485:2016 - Medical Device Quality Management Systems 4
Q ISO 13485, FDA's QSR, CMDR, MDD: Seeking Internal Audit Correlation Matrix Various Other Specifications, Standards, and related Requirements 3
D FDA Audit - who is "eligible"? Medical Device Sub-Contract Manufacturer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 20
M FDA Audit Procedure - SOP - Small Medical Device Company Document Control Systems, Procedures, Forms and Templates 19
S Does anyone know if ISO publishes audit findings/results much like the FDA ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
R FDA Audit - Medical Device missing Repair Record General Auditing Discussions 21
D Upcoming FDA ISO 13485 audit guidance (draft version) ISO 13485:2016 - Medical Device Quality Management Systems 19
M Procedure on Traceability - FDA audit finding US Food and Drug Administration (FDA) 8
D FDA Audit next week US Food and Drug Administration (FDA) 21
T FDA Medical Device Audit Checklist. Other US Medical Device Regulations 13
S FDA Part 820 Audit vs. ISO 9001 - Anything I should be aware of as an auditor? Various Other Specifications, Standards, and related Requirements 13
P Is anyone out there considering using a Third-Party for their FDA Audit? US Food and Drug Administration (FDA) 7
E FDA - Audit - Response - Observation form 483. Do we now receive a formal letter? US Food and Drug Administration (FDA) 5
D Help - FDA Audit - Caliper Calibrated .750 Use - Calibrated @ 0 & 1" General Measurement Device and Calibration Topics 7
W Rate your FDA Audit Experience ISO 13485:2016 - Medical Device Quality Management Systems 6
E The FDA regulations (21 CFR 312.3): Is it allowable that IND sponsor involves more than one individual or organization? Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
P Looking for Korean FDA Drug Master File requirements for packaging systems. Other Medical Device and Orthopedic Related Topics 1
M IEC 62366 Hazard-related Use Scenario vs FDA Critical Task EU Medical Device Regulations 3
N Free sale and FDA US Food and Drug Administration (FDA) 1
N FDA class 1 US Food and Drug Administration (FDA) 6
G UDI in EU vs FDA EU Medical Device Regulations 1
T FDA PMA review process - advisory panel timing? Other Medical Device and Orthopedic Related Topics 0
E FDA & Internal Audits US Medical Device Regulations 3
N Importing into US without 510K/FDA Clearance US Medical Device Regulations 1
N FDA class 2 Device QS Requirements US Food and Drug Administration (FDA) 2
T FDA labeling requirements US Food and Drug Administration (FDA) 2
S FDA Contract Manufacturer and Applicant US Food and Drug Administration (FDA) 0

Similar threads

Top Bottom