Informational MDSAP Audit Findings - Document change orders

XRAY_3121

Wholesale Distributor Compliance and Regulatory
#1
I could really use some help from everyone on some audit findings. The first one is on document change orders. We were unable to produce all of the records requested (because the person responsible didn't complete them). They requested 3 DCO's and we only had 1. Yet this was marked as a major. We do have a process in place which was reflected in both written procedure, form, and the record produced. It's an initial audit and not a repeated finding. It doesn't to me directly impact quality of the product, can I argue this or do I not have a valid point?

1555509999319.png
 
Last edited:
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Are you wanting to argue that it's not a major? Clearly you had nonconformities. Based on the auditor's sampling (3 records), 2 were nonconforming. Would probably be reasonable for an auditor to conclude it's systemic. Maybe some of the auditing experts can weigh in on whether they agree it's major or not.
 

XRAY_3121

Wholesale Distributor Compliance and Regulatory
#3
Oh yes systemic and we had problems no doubt. But it's still not repeat offense and indirect on QMS which is why MDSAP grade of 1. I'm wondering why a major on ISO. I have friend in notified body that thinks it is a minor. But I'm also looking for insight from other experts.
 

shimonv

Trusted Information Resource
#4
I don't have the current version of ISO 17021, but from what I see in section 9.1.15(b) a major means:

1) failure to fulfil one or more requirements of the management system standard, or

2) a situation that raises significant doubt about the ability of the client's management system to achieve its intended outputs;

If I may speculate... the reason you got a major and not a minor is the auditor's lack of confidence in the QMS. It's difficult to argue against that and saying that it doesn't directly effect the quality of the product won't help you, and you can't prove it.
If you should appeal, aim to regain his confidence in your process.

I hope it makes sense.

Shimon
 

Watchcat

Trusted Information Resource
#6
It seems to me that you do not have a process in place, or the person responsible for the process would have in fact completed all the records.

Uncontrolled changes to documents can definitely affect the quality of the product in the narrow sense (whether it continues to meet lot release criteria) and in the broader sense (whether it remains safe and effective for its intended use).

I do not think major vs minor should have anything to do with whether it is a first, second, or third offense, but should reflect the risk it represents, not to the manufacturer, but to patients. What MDSAP auditors think, I cannot say.
 

myusoffice

First Time Right...
#7
First of all, MDSAP grading is calculated automatically. Grade 1-3 considered as minor non-conformity in general sense. However, this can easily turn into grade 4-5 if repeated. You should really be worried if your NC grade is above 3. Although it is present on the MDSAP NC grading exchange form, the grade per ISO/IEC 17021-1 is not used by Regulatory Authorities participating in MDSAP. The auditing organization may be required to grade the nonconformity as major or minor per ISO/IEC 17021-1 to satisfy the needs of certification schemes other than MDSAP. If you are only getting audited per MDSAP scope, you can politely ask the auditor for an explanation behind grading that as a Major. If the auditor is not asking any additional rigor or corrective action other than what would require for MDSAP grade 1, I wouldn't challenge the auditor other than just asking for an explanation. Hope this helps.
 

Jean_B

Trusted Information Resource
#9
Showing it from a training slide to help others out. There are similar slides available from multiple sources. This is the general information.

Depending on the clause the auditor must/chooses to write it up against it will be either considered indirect or direct (though the simplistic choice on this construction has been disputed, this is still the current state).
They must then verify whether in the past there were findings against the same clause (at the specific clause number level, though not at the itemized list level). To note: for us the recurrence was drawn from the two most recent (though non-MDSAP) ISO audits by the same certifying body. I think this one can get confusing depending on schemes, bodies etc, but simply count back 2 years.
You can get an additional increase to the grade for the absence of mandatory procedures and for the release of non-conforming product to the field (note that release under concessions, if done well, do not count as such).

Three or more grade 4's, or one or more grade 5's will result in expedited notification of relevant authorities. Any number of grade 4's already cuts down on the time you have to respond.

ISO is a different scheme, so to obtain ISO certification, relevant non-conformities will be graded minor or major as well (when they are written out against an ISO 13485 clause). We did not experience a write-up solely against an MDSAP step with only a regional requirement, but most auditors will default to a (distantly) related ISO 13485 clause anyway.

MDSAP has tighter timelines than ISO, counted in days (not work or weekdays). So tight that you should plan to:
  1. initiate CAPA's the day after the audit,
  2. and ensure you have the key personnel available for 3 months after the audit to implement.
  3. for grade 4's or higher to complete root cause analysis and action planning within 15 days (again days, not work or weekdays).
  4. complete implementation of grade 4's or higher within 30 days (to be doubly certain days, not work or weekdays).
  5. complete minors in the time that you used to prioritize only to majors.
  6. Luckily verification can extend beyond the period.
We went through it and this approach gave peace of mind, but might take a toll on your workforce (MDSAP don't care about school vacation or holidays).

I still believe that as truly critical NC's require real effort that cannot be compressed within a month, MDSAP will (for a period of time) result in some fake solutions within 30 days, and hopefully real solutions outside of it out of fear for the next time. But it is still odd to play it like that from the regulator's standpoint.

1563893223515.png
 

Watchcat

Trusted Information Resource
#10
"initiate CAPA's the day after the audit"

Nice to know that actions taken to address deficiencies critical to patient safety will be carefully thought through and not just slapped together. :sarcasm:
 
Thread starter Similar threads Forum Replies Date
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
K MDSAP Audit Approach 2020 for Brazil Other Medical Device Regulations World-Wide 1
K MDSAP Audit Approach 2020 ISO 13485:2016 - Medical Device Quality Management Systems 3
R What happens during a Stage 1 MDSAP audit? ISO 13485:2016 - Medical Device Quality Management Systems 4
R Critical suppliers (Definition of) and MDSAP (Medical Device Single Audit Program) ISO 13485:2016 - Medical Device Quality Management Systems 15
XRAY_3121 Design and Development Requirement - MDSAP Audit Finding Other Medical Device Regulations World-Wide 5
E MDSAP Audit - Our QMS conforms to ISO 13485:2016 and FDA GMP Canada Medical Device Regulations 9
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7
M Medical Device News Health Canada - Medical Device Single Audit Program (MDSAP) Transition Plan Canada Medical Device Regulations 2
A ISO-13485 7.1 - Preparing for our MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
C Substantial Change in MDSAP Audit Other Medical Device Regulations World-Wide 1
S Internal Audit Program under MDSAP and 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 10
J Revised MDSAP Audit Model - Health Canada - October 30, 2017 ISO 13485:2016 - Medical Device Quality Management Systems 7
Edward Reesor MDSAP (Medical Device Single Audit Program) Costs Canada Medical Device Regulations 7
M MDSAP Audit Plan - Please share an Audit Plan/Schedule/Agenda ISO 13485:2016 - Medical Device Quality Management Systems 7
A MDSAP Internal Audit Program example wanted Internal Auditing 3
Ronen E FDA encourages industry to participate in Medical Device Single Audit Program (MDSAP) Other US Medical Device Regulations 10
somashekar MDSAP (Medical Device Single Audit Program) Pilot: Please share your feedback ISO 13485:2016 - Medical Device Quality Management Systems 35
B MDSAP Withdrawal? ISO 13485:2016 - Medical Device Quality Management Systems 1
M ISO13485:2016, MDSAP and Internal Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
V MDSAP Requirements for Device Designer Canada Medical Device Regulations 1
H SOP Template for seeking regulatory clearance - MDSAP Document Control Systems, Procedures, Forms and Templates 6
Ed Panek COVID 19 Exception and MDSAP Canada Medical Device Regulations 5
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
Nikki9154 MDSAP inquiry for China Contract Manufacturers ISO 13485:2016 - Medical Device Quality Management Systems 4
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 7
C List of MDSAP Auditing Organizations Medical Device and FDA Regulations and Standards News 1
R Exporting to Canada and MDSAP Canada Medical Device Regulations 7
P ISO 13485:2016 MDSAP Certification Fee Survey ISO 13485:2016 - Medical Device Quality Management Systems 6
M MDSAP and 13485:2016 gap analysis Quality Management System (QMS) Manuals 1
O MDSAP Reduction in Scope Other Medical Device Related Standards 0
M MDR Impact on MDSAP Countries Other Medical Device Regulations World-Wide 16
Watchcat What's up with MDSAP lately? Medical Device and FDA Regulations and Standards News 2
K Comparison essential requirements EU compared to those of MDSAP countries Other Medical Device Regulations World-Wide 3
A Does Class 1 Medical Device need to be certified to MDSAP? Canada Medical Device Regulations 5
J MDSAP Companion and HC requirements Canada Medical Device Regulations 4
CPhelan Do you require MDSAP for CE Marking of a Medical Device or is ISO13485:2016 with clinical data sufficient? CE Marking (Conformité Européene) / CB Scheme 6
N MDSAP Participants 2019 - How many companies are participating YTD? ISO 13485:2016 - Medical Device Quality Management Systems 20
B MDSAP 8.2.6 CH6 task 17 ANVISA 16/2013 3.2.1 - Label History in Device history record Other Medical Device Regulations World-Wide 3
W Informational MDSAP Substantial change / Change of notice forms Document Control Systems, Procedures, Forms and Templates 2
B MDSAP for OEM products in Canada for in vitro diagnostic test kit to include lancing device Other Medical Device Related Standards 0
M Medical Device News EU interesting developments – embracing MDSAP and UDI alignment Medical Device and FDA Regulations and Standards News 0
M Medical Device News MDSAP Stakeholder Day – December 5, 2018 presentations Medical Device and FDA Regulations and Standards News 0
Ajit Basrur MDSAP Presentations - Dec 5, 2018 - Stakeholders Other Medical Device Regulations World-Wide 0
JoshuaFroud FDA Form MDSAP AU F0029.1.004 - Help with Completion US Food and Drug Administration (FDA) 0
Sidney Vianna Interesting Discussion Article from Grant Ramaley in QD - MDSAP: When Is a Certificate Not a Certificate? Canada Medical Device Regulations 0
T MDSAP AO Cost ISO 13485:2016 - Medical Device Quality Management Systems 2

Similar threads

Top Bottom