SBS - The Best Value in QMS software

FDA requirement for CAPA Signoff

blah01

Involved In Discussions
#1
I'm fairly new to ISO 13485 and FDA 820 requirements with a new company I've joined though I've been dealing with ISO 9001 since the dark ages so quite knowledgeable on most of these requirements.

I've recently started revamping the CAPA process in this company and one thing I find extremely onerous is that physical signatures and dates (or Part11 compliant digital signatures) are required after the following steps:
• after the investigation is complete
• after root cause analysis is complete
• and after the corrective action plan is complete

Therefore physical signatures (not just a general 'approval'...I realize FDA is big on actual signatures) are required at 3 different points in the process, which si simply extensive administrative burden. I'm trying to get rid of the signatures and have more efficient ways of capturing approvals, but I'm told from a regulatory perspective we must retain the signatures.

Neither ISO 13485 8.5.2/8.5.3 nor FDA 820.100 say anything about CAs/PAs needing to be approved.

I therefore welcome some experienced insight in regards to what you are accustomed to seeing from FDA inspectors and/or ISO 13485 auditors when it comes to 'approvals' on CAs and PAs. Some level of approval is required and I've typically had this after RCA and CA plan has been completed, then at the conclusion of the effectiveness check of the CA, but I've moved away from signatures over the years and simply captured the approvals in a log which is good enough from and ISO 9001 perspective.

I look forward to your feedback. Thanks.
Dave
 
Elsmar Forum Sponsor

Tidge

Trusted Information Resource
#2
You should investigate tracking CAPA within a off-the-shelf electronic solution that implements Part 11 (and notify the FDA that you rely on electronic signatures). You likely had to use a system equivalent to most Part 11 compliant systems to post your question... which I hope was not too onerous :)

Strictly speaking: 21 CFR 820.100 doesn't explicitly call out for "signatures". It is much more likely that your EWMR has established the need for signatures (at key points) to be able to demonstrate that the persons accepting responsibility for having performed certain actions are identified and to be able to verify that such signers are appropriately trained, and the correct people were assigned such responsibilities.

I won't second guess your executives, as they are the ones who can explain why they want signatures at certain points in the process.
 
#3
Hi there, newbie here. I think the dilemma I am currently dealing with is very similar to what @blah01 has raised so decided to plunge into the discussion. We have requirements for intermediate physical signatures in both the CAPA process and and Complaint process. This significantly complicates the process, particularly now days when at least part of the work is done remotely. I understand the need to establish who the persons conducting the investigation / root cause analysis and/or taking critical decisions are and that they take the responsibility, but I wonder if there is another way to demonstrate this without need for a signoff process between each phase.
I should mention that this is not a requirement from management just part of the quality procedures that the company sort of inherited.
Using a e-sign option is also currently not on the table. Any insight would be most welcome.
 

yodon

Staff member
Super Moderator
#4
As @Tidge correctly points out, there's nothing in the regulation that calls out signatures - anywhere - in the CAPA process. You note:

I've recently started revamping the CAPA process in this company and one thing I find extremely onerous is that physical signatures and dates (or Part11 compliant digital signatures) are required after the following steps:
If you have a software application supporting your CAPA process then there's likely some audit trail data that associates the actions with the user. Otherwise, is just having the person doing the work identify him/her self not workable?
 

Tidge

Trusted Information Resource
#5
Hi there, newbie here. I think the dilemma I am currently dealing with is very similar to what @blah01 has raised so decided to plunge into the discussion. We have requirements for intermediate physical signatures in both the CAPA process and and Complaint process. This significantly complicates the process, particularly now days when at least part of the work is done remotely. I understand the need to establish who the persons conducting the investigation / root cause analysis and/or taking critical decisions are and that they take the responsibility, but I wonder if there is another way to demonstrate this without need for a signoff process between each phase.
(highlighted by me)

In my "salad days" in the medical device industry, I would often run into QS elements requiring sign-off that appeared onerous.

I think the issue will always circle back to "will executive management be able to truthfully testify that the work was done on a certain date by an appropriate individual?" In the USA, it is executive management (of medical device manufacturers) that can face personal legal consequences... so at a bare minimum MWER will delegate specific actions necessary for regulatory compliance via procedures and training. Requiring truthful signoffs with dates provide an effective mechanism collective data to evaluate the effectiveness of a quality system (See 13485 section 4.1.3). If signatures (with dates) are not included, it is possible to question if the records are really under control (or not).

It's very fair to ask if your process requires the approval at different phases... but if approvals are not required to move between certain phases of a process, then my initial reaction is that such phases should be combined.
 

blah01

Involved In Discussions
#6
Thanks for the feedback to date.

To elaborate, our regulatory person who has many years dealing with FDA inspections (and no one else in the company has the experience to counter her feedback) is indicating that whenever you see a name on a form then there needs to be some controls around it to guarantee that person indeed is the one that did that task (apparently FDA has pressed on this in various inspections she's gone through). So for example, if a person initiates a CAPA and puts their name in the 'Initiated By' section of the form, then how do we know that it's not someone else that put that person's name there. So it's not just about approvals but also any name that appears on the form such as 'Done By' and others. So their approach has been to use hand written signatures for any such things. However with my Lean background, I see signatures as non-value added steps which I always try to eliminate or streamline (I guess the MD world does not care much about Lean...). We do have an electronic system for other QMS related things but its CAPA functionality has a very onerous workflow which I am trying to avoid. We have recently validated Adobe digital signatures to be Part11 compliant so this helps a bit with the signatures, but what I'm wondering and hoping to get some feedback on is if anyone has had similar experience with FDA inspections and FDA pressing to have controls that make sure that any name that appears on a record have some type of digital control around it (i.e. if not hand written) to guarantee it wasn't essentially forged.

Any further feedback would be appreciated.
 

Tidge

Trusted Information Resource
#7
Auditors like to see signatures (and dates) identifying the specific people who are taking responsibility for records.

My opinion is that this is one of those areas where if you choose to fight, you will forever be fighting... and the people that are eventually called on to defend (what appears to be) a non-standard practice are unlikely to be willing to mount a specific intellectual defense of the practice.

The "lean" concept is irrelevant, as "lean" implies that there is waste in the process. If the signature is actually providing value (perhaps only in a regulatory sense) then it ought not to be discarded.
 
Thread starter Similar threads Forum Replies Date
L FDA CAPA Requirement for Contract Med. Dev. Manufacturers Other US Medical Device Regulations 4
Ed Panek Does this FDA Requirement Apply to international (not USA) distributors for USA based manufacturing companies? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
C Non-sterile reusable surgical instruments - FDA sterilization requirement Other Medical Device Related Standards 2
J Is Device Tracking Card an actual requirement under FDA regulation? Other US Medical Device Regulations 0
D FDA Date Format Requirement US Food and Drug Administration (FDA) 0
I FDA requirement for 0.5 and 5 micron particle monitoring US Food and Drug Administration (FDA) 0
chris1price Is there a regulatory (MDD, MDR, FDA, ISO, etc) requirement to perform a mock recall? CE Marking (Conformité Européene) / CB Scheme 4
N Cry for help - FDA calibration requirement for accuracy & precision General Measurement Device and Calibration Topics 2
R Is it a requirement to notify my customer if I receive a 483 from the FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
K 510 (k) - Requirement to notify the FDA or is only the Notified Bodies required? Registrars and Notified Bodies 1
V FDA regulatory requirement on the lot number convention for medical devices US Food and Drug Administration (FDA) 2
R ISO 13485 vs FDA Requirement question about when ISO 13485 Certification is Required ISO 13485:2016 - Medical Device Quality Management Systems 4
B Is there an FDA requirement for a Supplier Audit Schedule US Food and Drug Administration (FDA) 22
R Is a Quality Manual a requirement for FDA registration? US Food and Drug Administration (FDA) 5
K Is there a requirement for monitoring the FDA's Medwatch and/or Medline US Food and Drug Administration (FDA) 9
M IEC 62366:2007 - Is FDA Usability Engineering Standard a Requirement in Canada? Canada Medical Device Regulations 5
G FDA requirement that 'sister divisions' to be treated as suppliers in 21 CFR 820 ISO 13485:2016 - Medical Device Quality Management Systems 2
G How to determine FDA Product Performance Requirement US Food and Drug Administration (FDA) 5
L FDA GMP requirement: Avoid Non contact with floor? 21 CFR Part 110 US Food and Drug Administration (FDA) 1
C Software Validation Procedure per FDA requirement Qualification and Validation (including 21 CFR Part 11) 3
amjadrana FDA requirement for Minimum Font or Type Size for Labelling 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
H EU Validation Requirement vs. FDA Validation Requirement - EN 62304 IEC 62304 - Medical Device Software Life Cycle Processes 16
M FDA Compliant Company - which procedure addresses Customer Order Changes/Requirement? Misc. Quality Assurance and Business Systems Related Topics 5
M CE requirement for software importer / reseller - Class II for FDA and Health Canada EU Medical Device Regulations 1
R System Requirement - FDA - Software Validation on various OSs ISO 13485:2016 - Medical Device Quality Management Systems 13
L Are Fireproof Cabinets a Regulatory Requirement for record storage? FDA or EU Records and Data - Quality, Legal and Other Evidence 23
Ed Panek FDA Remote Regulatory Assessment (RRA) Overview 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
B What is the difference btw RUO vs IUO for IVD in FDA guidance ? US Food and Drug Administration (FDA) 10
B How to submit Pre-submission to FDA? US Food and Drug Administration (FDA) 4
L FDA & 21 CFR Part 11 Medical Device and FDA Regulations and Standards News 19
B A.I diagnostic software is considered as medical device in FDA? US Food and Drug Administration (FDA) 5
Ed Panek 2020 FDA Top Ten Observations 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
M FDA Requirements for Investigational Devices - Clinical Investigation & Shipping Medical Device and FDA Regulations and Standards News 0
B FDA Breakthrough Device can be overlapped with a designated device? US Food and Drug Administration (FDA) 6
pbojsen ISO 13485 Requirements versus FDA product classification and GMP exemptions - Audits ISO 13485:2016 - Medical Device Quality Management Systems 3
S Examples of FDA acceptable Software Design Specification (SDS) Medical Device and FDA Regulations and Standards News 6
F Labelling to comply with both FDA and MDR US Food and Drug Administration (FDA) 6
Watchcat FDA vs NB Fees? Other US Medical Device Regulations 7
K FDA Registration and listing weird situation Medical Device and FDA Regulations and Standards News 4
D FDA Guidance on Computer Software Assurance versus 21 CFR Part 11 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
G Does FDA allows remote approvals of quality documentation. Is there any specific guidance on signing any quality records remotely? Document Control Systems, Procedures, Forms and Templates 1
B Does FDA Registration QSR need to cover non-medical devices for contract repackager? US Food and Drug Administration (FDA) 1
D FDA Information - Revising the Instructions for Use US Food and Drug Administration (FDA) 0
S Transitional Adolescent A and B - "CDRH PREMARKET REVIEW SUBMISSION COVER SHEET FORM FDA 3514" Medical Device and FDA Regulations and Standards News 1
P MSDS for MVQ FDA White, Vinyl Methyl Silicone Rubber EU Medical Device Regulations 4
S Manufacturing Process FDA FOIA Medical Device and FDA Regulations and Standards News 3
S Manufacturing Process FDA FOIA US Food and Drug Administration (FDA) 4
S Mechanical Test Under FDA Freedom of Information Act Medical Device and FDA Regulations and Standards News 5
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
M Supplier requirements - Major supplier is a Non-Profit registered with ICCBBA (FDA UDI) Supply Chain Security Management Systems 12

Similar threads

Top Bottom