FDA requirement for CAPA Signoff

blah01

Involved In Discussions
#1
I'm fairly new to ISO 13485 and FDA 820 requirements with a new company I've joined though I've been dealing with ISO 9001 since the dark ages so quite knowledgeable on most of these requirements.

I've recently started revamping the CAPA process in this company and one thing I find extremely onerous is that physical signatures and dates (or Part11 compliant digital signatures) are required after the following steps:
• after the investigation is complete
• after root cause analysis is complete
• and after the corrective action plan is complete

Therefore physical signatures (not just a general 'approval'...I realize FDA is big on actual signatures) are required at 3 different points in the process, which si simply extensive administrative burden. I'm trying to get rid of the signatures and have more efficient ways of capturing approvals, but I'm told from a regulatory perspective we must retain the signatures.

Neither ISO 13485 8.5.2/8.5.3 nor FDA 820.100 say anything about CAs/PAs needing to be approved.

I therefore welcome some experienced insight in regards to what you are accustomed to seeing from FDA inspectors and/or ISO 13485 auditors when it comes to 'approvals' on CAs and PAs. Some level of approval is required and I've typically had this after RCA and CA plan has been completed, then at the conclusion of the effectiveness check of the CA, but I've moved away from signatures over the years and simply captured the approvals in a log which is good enough from and ISO 9001 perspective.

I look forward to your feedback. Thanks.
Dave
 
Elsmar Forum Sponsor

Tidge

Trusted Information Resource
#2
You should investigate tracking CAPA within a off-the-shelf electronic solution that implements Part 11 (and notify the FDA that you rely on electronic signatures). You likely had to use a system equivalent to most Part 11 compliant systems to post your question... which I hope was not too onerous :)

Strictly speaking: 21 CFR 820.100 doesn't explicitly call out for "signatures". It is much more likely that your EWMR has established the need for signatures (at key points) to be able to demonstrate that the persons accepting responsibility for having performed certain actions are identified and to be able to verify that such signers are appropriately trained, and the correct people were assigned such responsibilities.

I won't second guess your executives, as they are the ones who can explain why they want signatures at certain points in the process.
 
#3
Hi there, newbie here. I think the dilemma I am currently dealing with is very similar to what @blah01 has raised so decided to plunge into the discussion. We have requirements for intermediate physical signatures in both the CAPA process and and Complaint process. This significantly complicates the process, particularly now days when at least part of the work is done remotely. I understand the need to establish who the persons conducting the investigation / root cause analysis and/or taking critical decisions are and that they take the responsibility, but I wonder if there is another way to demonstrate this without need for a signoff process between each phase.
I should mention that this is not a requirement from management just part of the quality procedures that the company sort of inherited.
Using a e-sign option is also currently not on the table. Any insight would be most welcome.
 

yodon

Leader
Super Moderator
#4
As @Tidge correctly points out, there's nothing in the regulation that calls out signatures - anywhere - in the CAPA process. You note:

I've recently started revamping the CAPA process in this company and one thing I find extremely onerous is that physical signatures and dates (or Part11 compliant digital signatures) are required after the following steps:
If you have a software application supporting your CAPA process then there's likely some audit trail data that associates the actions with the user. Otherwise, is just having the person doing the work identify him/her self not workable?
 

Tidge

Trusted Information Resource
#5
Hi there, newbie here. I think the dilemma I am currently dealing with is very similar to what @blah01 has raised so decided to plunge into the discussion. We have requirements for intermediate physical signatures in both the CAPA process and and Complaint process. This significantly complicates the process, particularly now days when at least part of the work is done remotely. I understand the need to establish who the persons conducting the investigation / root cause analysis and/or taking critical decisions are and that they take the responsibility, but I wonder if there is another way to demonstrate this without need for a signoff process between each phase.
(highlighted by me)

In my "salad days" in the medical device industry, I would often run into QS elements requiring sign-off that appeared onerous.

I think the issue will always circle back to "will executive management be able to truthfully testify that the work was done on a certain date by an appropriate individual?" In the USA, it is executive management (of medical device manufacturers) that can face personal legal consequences... so at a bare minimum MWER will delegate specific actions necessary for regulatory compliance via procedures and training. Requiring truthful signoffs with dates provide an effective mechanism collective data to evaluate the effectiveness of a quality system (See 13485 section 4.1.3). If signatures (with dates) are not included, it is possible to question if the records are really under control (or not).

It's very fair to ask if your process requires the approval at different phases... but if approvals are not required to move between certain phases of a process, then my initial reaction is that such phases should be combined.
 

blah01

Involved In Discussions
#6
Thanks for the feedback to date.

To elaborate, our regulatory person who has many years dealing with FDA inspections (and no one else in the company has the experience to counter her feedback) is indicating that whenever you see a name on a form then there needs to be some controls around it to guarantee that person indeed is the one that did that task (apparently FDA has pressed on this in various inspections she's gone through). So for example, if a person initiates a CAPA and puts their name in the 'Initiated By' section of the form, then how do we know that it's not someone else that put that person's name there. So it's not just about approvals but also any name that appears on the form such as 'Done By' and others. So their approach has been to use hand written signatures for any such things. However with my Lean background, I see signatures as non-value added steps which I always try to eliminate or streamline (I guess the MD world does not care much about Lean...). We do have an electronic system for other QMS related things but its CAPA functionality has a very onerous workflow which I am trying to avoid. We have recently validated Adobe digital signatures to be Part11 compliant so this helps a bit with the signatures, but what I'm wondering and hoping to get some feedback on is if anyone has had similar experience with FDA inspections and FDA pressing to have controls that make sure that any name that appears on a record have some type of digital control around it (i.e. if not hand written) to guarantee it wasn't essentially forged.

Any further feedback would be appreciated.
 

Tidge

Trusted Information Resource
#7
Auditors like to see signatures (and dates) identifying the specific people who are taking responsibility for records.

My opinion is that this is one of those areas where if you choose to fight, you will forever be fighting... and the people that are eventually called on to defend (what appears to be) a non-standard practice are unlikely to be willing to mount a specific intellectual defense of the practice.

The "lean" concept is irrelevant, as "lean" implies that there is waste in the process. If the signature is actually providing value (perhaps only in a regulatory sense) then it ought not to be discarded.
 
Thread starter Similar threads Forum Replies Date
L FDA CAPA Requirement for Contract Med. Dev. Manufacturers Other US Medical Device Regulations 4
Ed Panek Does this FDA Requirement Apply to international (not USA) distributors for USA based manufacturing companies? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
C Non-sterile reusable surgical instruments - FDA sterilization requirement Other Medical Device Related Standards 2
J Is Device Tracking Card an actual requirement under FDA regulation? Other US Medical Device Regulations 0
D FDA Date Format Requirement US Food and Drug Administration (FDA) 0
I FDA requirement for 0.5 and 5 micron particle monitoring US Food and Drug Administration (FDA) 0
chris1price Is there a regulatory (MDD, MDR, FDA, ISO, etc) requirement to perform a mock recall? CE Marking (Conformité Européene) / CB Scheme 5
N Cry for help - FDA calibration requirement for accuracy & precision General Measurement Device and Calibration Topics 2
R Is it a requirement to notify my customer if I receive a 483 from the FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
K 510 (k) - Requirement to notify the FDA or is only the Notified Bodies required? Registrars and Notified Bodies 1
V FDA regulatory requirement on the lot number convention for medical devices US Food and Drug Administration (FDA) 2
R ISO 13485 vs FDA Requirement question about when ISO 13485 Certification is Required ISO 13485:2016 - Medical Device Quality Management Systems 4
B Is there an FDA requirement for a Supplier Audit Schedule US Food and Drug Administration (FDA) 22
R Is a Quality Manual a requirement for FDA registration? US Food and Drug Administration (FDA) 5
K Is there a requirement for monitoring the FDA's Medwatch and/or Medline US Food and Drug Administration (FDA) 9
M IEC 62366:2007 - Is FDA Usability Engineering Standard a Requirement in Canada? Canada Medical Device Regulations 5
G FDA requirement that 'sister divisions' to be treated as suppliers in 21 CFR 820 ISO 13485:2016 - Medical Device Quality Management Systems 2
G How to determine FDA Product Performance Requirement US Food and Drug Administration (FDA) 5
L FDA GMP requirement: Avoid Non contact with floor? 21 CFR Part 110 US Food and Drug Administration (FDA) 1
C Software Validation Procedure per FDA requirement Qualification and Validation (including 21 CFR Part 11) 3
amjadrana FDA requirement for Minimum Font or Type Size for Labelling 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
H EU Validation Requirement vs. FDA Validation Requirement - EN 62304 IEC 62304 - Medical Device Software Life Cycle Processes 16
M FDA Compliant Company - which procedure addresses Customer Order Changes/Requirement? Misc. Quality Assurance and Business Systems Related Topics 5
M CE requirement for software importer / reseller - Class II for FDA and Health Canada EU Medical Device Regulations 1
R System Requirement - FDA - Software Validation on various OSs ISO 13485:2016 - Medical Device Quality Management Systems 13
L Are Fireproof Cabinets a Regulatory Requirement for record storage? FDA or EU Records and Data - Quality, Legal and Other Evidence 23
E FDA & Internal Audits US Medical Device Regulations 3
N Importing into US without 510K/FDA Clearance US Medical Device Regulations 1
N FDA class 2 Device QS Requirements US Food and Drug Administration (FDA) 2
T FDA labeling requirements US Food and Drug Administration (FDA) 2
S FDA Contract Manufacturer and Applicant US Food and Drug Administration (FDA) 0
R IVD Software FDA/CLIA doubts Medical Device and FDA Regulations and Standards News 1
R IVD software FDA and CLIA US Food and Drug Administration (FDA) 2
T FDA level of concern vs IEC 62304 safety classification - 510(k) exempt device Other US Medical Device Regulations 12
K Change in address on ERLM US FDA: Implications to import US Medical Device Regulations 0
V FDA 510K - Pre Submission Query US Food and Drug Administration (FDA) 6
M Document Control ISO and FDA ISO 13485:2016 - Medical Device Quality Management Systems 7
C FDA 510k documentation requirements US Food and Drug Administration (FDA) 1
T Link GMDN code and FDA product code US Medical Device Regulations 5
cgaro62 Does FDA apply to a non-medical 13485 certified custom manufacturing company? ISO 13485:2016 - Medical Device Quality Management Systems 11
M How does FDA determine OAI and VAI after inspection? ISO 13485:2016 - Medical Device Quality Management Systems 0
K Non-Device MDDS Clarifications (FDA) US Food and Drug Administration (FDA) 7
Ed Panek Consultant Request SaMD AI "Expert" FDA US Food and Drug Administration (FDA) 2
Sam Lazzara Record signature requirements in proposed FDA 21 CFR 820 QMS Regulation 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 9
shimonv FDA-recognized Standards US Food and Drug Administration (FDA) 0
R FDA ECG Data Requirements Medical Information Technology, Medical Software and Health Informatics 3
L Language of quality system in case of FDA inspection US Food and Drug Administration (FDA) 1
M Can you import medical device not FDA approved into the USA under an IND application? US Food and Drug Administration (FDA) 2
Ed Panek FDA Submits to White House Plan to Harmonize with ISO 13485 US Medical Device Regulations 2
Melissa Contract Mfg--to Manufacturer with the FDA ISO 13485:2016 - Medical Device Quality Management Systems 4

Similar threads

Top Bottom