FDA requirement for CAPA Signoff

[blah01]

I'm fairly new to ISO 13485 and FDA 820 requirements with a new company I've joined though I've been dealing with ISO 9001 since the dark ages so quite knowledgeable on most of these requirements.

I've recently started revamping the CAPA process in this company and one thing I find extremely onerous is that physical signatures and dates (or Part11 compliant digital signatures) are required after the following steps:
• after the investigation is complete
• after root cause analysis is complete
• and after the corrective action plan is complete

Therefore physical signatures (not just a general 'approval'...I realize FDA is big on actual signatures) are required at 3 different points in the process, which si simply extensive administrative burden. I'm trying to get rid of the signatures and have more efficient ways of capturing approvals, but I'm told from a regulatory perspective we must retain the signatures.

Neither ISO 13485 8.5.2/8.5.3 nor FDA 820.100 say anything about CAs/PAs needing to be approved.

I therefore welcome some experienced insight in regards to what you are accustomed to seeing from FDA inspectors and/or ISO 13485 auditors when it comes to 'approvals' on CAs and PAs. Some level of approval is required and I've typically had this after RCA and CA plan has been completed, then at the conclusion of the effectiveness check of the CA, but I've moved away from signatures over the years and simply captured the approvals in a log which is good enough from and ISO 9001 perspective.

I look forward to your feedback. Thanks.
Dave

 

[Tidge]

You should investigate tracking CAPA within a off-the-shelf electronic solution that implements Part 11 (and notify the FDA that you rely on electronic signatures). You likely had to use a system equivalent to most Part 11 compliant systems to post your question... which I hope was not too onerous

Strictly speaking: 21 CFR 820.100 doesn't explicitly call out for "signatures". It is much more likely that your EWMR has established the need for signatures (at key points) to be able to demonstrate that the persons accepting responsibility for having performed certain actions are identified and to be able to verify that such signers are appropriately trained, and the correct people were assigned such responsibilities.

I won't second guess your executives, as they are the ones who can explain why they want signatures at certain points in the process.

 

[simone]

Hi there, newbie here. I think the dilemma I am currently dealing with is very similar to what @blah01 has raised so decided to plunge into the discussion. We have requirements for intermediate physical signatures in both the CAPA process and and Complaint process. This significantly complicates the process, particularly now days when at least part of the work is done remotely. I understand the need to establish who the persons conducting the investigation / root cause analysis and/or taking critical decisions are and that they take the responsibility, but I wonder if there is another way to demonstrate this without need for a signoff process between each phase.
I should mention that this is not a requirement from management just part of the quality procedures that the company sort of inherited.
Using a e-sign option is also currently not on the table. Any insight would be most welcome.

 

[yodon]

As @Tidge correctly points out, there's nothing in the regulation that calls out signatures - anywhere - in the CAPA process. You note:

I've recently started revamping the CAPA process in this company and one thing I find extremely onerous is that physical signatures and dates (or Part11 compliant digital signatures) are required after the following steps:

If you have a software application supporting your CAPA process then there's likely some audit trail data that associates the actions with the user. Otherwise, is just having the person doing the work identify him/her self not workable?

 

[Tidge]

Hi there, newbie here. I think the dilemma I am currently dealing with is very similar to what @blah01 has raised so decided to plunge into the discussion. We have requirements for intermediate physical signatures in both the CAPA process and and Complaint process. This significantly complicates the process, particularly now days when at least part of the work is done remotely. I understand the need to establish who the persons conducting the investigation / root cause analysis and/or taking critical decisions are and that they take the responsibility, but I wonder if there is another way to demonstrate this without need for a signoff process between each phase.

(highlighted by me)

In my "salad days" in the medical device industry, I would often run into QS elements requiring sign-off that appeared onerous.

I think the issue will always circle back to "will executive management be able to truthfully testify that the work was done on a certain date by an appropriate individual?" In the USA, it is executive management (of medical device manufacturers) that can face personal legal consequences... so at a bare minimum MWER will delegate specific actions necessary for regulatory compliance via procedures and training. Requiring truthful signoffs with dates provide an effective mechanism collective data to evaluate the effectiveness of a quality system (See 13485 section 4.1.3). If signatures (with dates) are not included, it is possible to question if the records are really under control (or not).

It's very fair to ask if your process requires the approval at different phases... but if approvals are not required to move between certain phases of a process, then my initial reaction is that such phases should be combined.

 

[blah01]

Thanks for the feedback to date.

To elaborate, our regulatory person who has many years dealing with FDA inspections (and no one else in the company has the experience to counter her feedback) is indicating that whenever you see a name on a form then there needs to be some controls around it to guarantee that person indeed is the one that did that task (apparently FDA has pressed on this in various inspections she's gone through). So for example, if a person initiates a CAPA and puts their name in the 'Initiated By' section of the form, then how do we know that it's not someone else that put that person's name there. So it's not just about approvals but also any name that appears on the form such as 'Done By' and others. So their approach has been to use hand written signatures for any such things. However with my Lean background, I see signatures as non-value added steps which I always try to eliminate or streamline (I guess the MD world does not care much about Lean...). We do have an electronic system for other QMS related things but its CAPA functionality has a very onerous workflow which I am trying to avoid. We have recently validated Adobe digital signatures to be Part11 compliant so this helps a bit with the signatures, but what I'm wondering and hoping to get some feedback on is if anyone has had similar experience with FDA inspections and FDA pressing to have controls that make sure that any name that appears on a record have some type of digital control around it (i.e. if not hand written) to guarantee it wasn't essentially forged.

Any further feedback would be appreciated.

 

[Tidge]

Auditors like to see signatures (and dates) identifying the specific people who are taking responsibility for records.

My opinion is that this is one of those areas where if you choose to fight, you will forever be fighting... and the people that are eventually called on to defend (what appears to be) a non-standard practice are unlikely to be willing to mount a specific intellectual defense of the practice.

The "lean" concept is irrelevant, as "lean" implies that there is waste in the process. If the signature is actually providing value (perhaps only in a regulatory sense) then it ought not to be discarded.