Reasons for Approval Signatures for Records

[Copacetic]

In the QSR there are some defined records for which approval signatures are required (DMR, Design Output). These are easy to point to when challenged with "Why do we have to have approval signatures for that?"

Not so easy to respond to are the questions about why other records such as CAPA forms and installation records should be signed. I have a couple of answers that I use and I would be interested to hear other opinions on this. This is what I usually say:

1. Records are generated by executing processes and so serve as evidence of such execution. I look for signatures when a decision is made or a conclusion drawn or an approval granted. These acts require appropriate authority (820.20 (b)(1)) and I want to be able to verify that such authority was in place.

Thoughts?

 

[Jen Kirley]

Re: Approval Signatures for Records

Good day Copacetic, welcome to the Cove!

For the sake of adding to the discussion I have found details on 820 (b)(1), Quality Management Systems.

What I didn't find in there was any requirement whatsoever for signatures on records; the clause describes the organization making its requirements and then ensuring they are established.

I can imagine inspection records requiring signature, and I can suppose authorization for large purchases needs a signature. Even approval of an engineering change gets a signature, whether in handwriting or electronic by way of a mouse click in a software program registering an event is accomplished by someone with password-protected entry into the task. But again, none of these examples are specifically outlined in 820 (b)(1).

 

[Ronen E]

Re: Approval Signatures for Records

In the QSR there are some defined records for which approval signatures are required (DMR, Design Output). These are easy to point to when challenged with "Why do we have to have approval signatures for that?"

Not so easy to respond to are the questions about why other records such as CAPA forms and installation records should be signed. I have a couple of answers that I use and I would be interested to hear other opinions on this. This is what I usually say:

1. Records are generated by executing processes and so serve as evidence of such execution. I look for signatures when a decision is made or a conclusion drawn or an approval granted. These acts require appropriate authority (820.20 (b)(1)) and I want to be able to verify that such authority was in place.

Thoughts?

Hi,

The FDA's QSR manual, under Design Control, states:

To generate the design output per the QS regulation in 820.30(d), three activities are required. Each of these is listed and discussed below.

(...)

3. Design output shall be documented, reviewed, and approved before release. The approval, including the date and signature of the individual(s) approving the output, shall be documented.

(...)

Design Output Approval (3)
The third and final output requirement is that: design output shall be documented, reviewed, and approved before release. The approval, including the date and signature of the individual(s) approving the output, shall be documented. This means that:
Manufacturers may choose to have a group review certain documents and have individuals review other documents.
Output documents that are directly part of the DMR are reviewed, dated and signed by the author which is current practice; and reviewed, dated and approved by individual(s) designated by the manufacturer. As appropriate, these reviews should cover technical issues as well as adequacy for use in production, purchasing, servicing, etc. DMR documents that are generated and approved under 820.30 automatically meet the approval requirements of 820.40, Document Controls and do not have to be re-approved under 820.40.
Design output reports, data and any other document that will be used to create documents in the DMR are reviewed, dated and signed by the author which is current practice; and reviewed, dated and approved by individual(s) designated by the manufacturer.
Design output also includes the physical design which, of course, is not intended to be signed, and dated. The approval for the physical design is the validation that is done on initial production units.

Similar clauses may appear in other chapters of the manual.

Cheers,
Ronen.

 

[Marcelo]

Re: Approval Signatures for Records

Some thoughts:

This problem arises from a weird interpretation of what documents and records are (and the older versions of ISO 9001 which were the bases for 21 CFR 820 do not help, too).

The general idea "today" for management systems standards (9001, 13485) is that documents need revision control (and thus, approval) and records do not (also, although records are documents, their requirements are separate from documents).

Now, in 21 CR, take the example of device master record - it´s in fact a document, not a record.

It´s a way to do things (how to create the device), so it´s a procedure, not a record of things done. And it requires approval, as a document. And still it´s named a record :-(

Just take the definition and see the mess:

Device master record (DMR ) means a compilation of records containing the procedures and specifications for a finished device.

A record that is a compilation of records containing procedures and specifications? How can a record contain procedures and specications? This is crazy.

 

[Copacetic]

Re: Approval Signatures for Records

Thanks for responding to my post everyone and Marcelo, I agree, DMR is not a record.

I think what I am trying to get at is why any kind of document or record is signed. When an SOP is approved, the signatures indicate that the approvers agree with the accuracy of the content and the QA/RA signatures indicate that the content is compliant.

Why would anyone NOT have signatures on investigations, CAPAs, Nonconformance reports, etc. to attest to the compliant execution of such activities?

When I audit in the medical device industry i see these reports (records) with no signatures and so there is no evidence of i) who conducted/approved the investigation, ii) the adequacy of that person's qualifications to conduct those activities.

What am i supposed to do - just believe them when they tell me who did the work?

I did find one FDA warning letter that cited lack of approval signatures on CAPA - search for WARNING LETTER NO. 2010-NOL-06 (i can't post the link)

It's in item number 1.

So there does appear to be an expectation in the FDA that CAPA records need to be approved. I'm just having a hard time tying it into the QSR or even the preamble.

 

[Ronen E]

Re: Approval Signatures for Records

Thanks for responding to my post everyone and Marcelo, I agree, DMR is not a record.

I think what I am trying to get at is why any kind of document or record is signed. When an SOP is approved, the signatures indicate that the approvers agree with the accuracy of the content and the QA/RA signatures indicate that the content is compliant.

Why would anyone NOT have signatures on investigations, CAPAs, Nonconformance reports, etc. to attest to the compliant execution of such activities?

When I audit in the medical device industry i see these reports (records) with no signatures and so there is no evidence of i) who conducted/approved the investigation, ii) the adequacy of that person's qualifications to conduct those activities.

What am i supposed to do - just believe them when they tell me who did the work?

I did find one FDA warning letter that cited lack of approval signatures on CAPA - search for WARNING LETTER NO. 2010-NOL-06 (i can't post the link)

It's in item number 1.

So there does appear to be an expectation in the FDA that CAPA records need to be approved. I'm just having a hard time tying it into the QSR or even the preamble.

I think you shouldn't limit your search to the bare regulations (preamble included). A lot of relevant content in these forums indicates that, based on different professionals' experience, FDA's expectations (which are applicable in most cases) are established via "external" documents. Now, would you like to take the FDA to court over some expectation that they derived from the regulation, but is not explicitly stated in the regulation, or perhaps following suit would be easier / wiser?...

Cheers,
Ronen.

 

[MIREGMGR]

Re: Approval Signatures for Records

I think you shouldn't limit your search to the bare regulations (preamble included).

I very much agree.

In my experience, FDA expectations can only be fully understood via a broad and in-depth review of their published and otherwise-available materials, because those materials are very disorganized.

 

[Marcelo]

What am i supposed to do - just believe them when they tell me who did the work?

From a theoretical standpoit of a quality system, yes, you should. Quality system requirements such as standards and regulations are created for those wishing to comply, so the records are expected to really show what is done without the need for approval. Approval of other documents is only required because they need "qualification", meaning, they can only be used if they fit their purpose (you hav to make sure the step-by-step procedure can really creates the result). More than than, it's bureaucracy madness.

However, in practice, FDA, other regulators and auditors really think different, which is one of the problems due to why quality systems are perceived as bunch of bureaucratic documents (when the system is , in fact, the "living thing" meaning, people working).

 

[barden]

Hi,
This is not specifically a QSR requirement, but maybe you would find it useful as a reference nonetheless. 4.2.4.4. from ISO 14969 includes this: "Persons making authorized entries on records or
verifying such entries should do so in clear legible writing, and should confirm the entry by adding their initials,
signature, or equivalent, and the date." Of course, entries are usually grouped into logical sections in such a way as to allow for some efficiencies. In other words, a certain set of fields will usually be completed by a single individual on a single day, so you will have only a single signature field to cover all of these entries. Another thing to consider is the meaning of the signature, I think. In the 14969 example above, the meaning of the signature is to "confirm the entry" or provide traceability about who completed that portion of the record. In general terms, I think signatures are needed as a form of objective evidence of complying with requirements of one kind or another. For some signatures on records, you may simply be trying to provide objective evidence of the fact that the person providing the information was authorized and competent to do so. The signature alone is not the complete objective evidence, but the start of a traceable trail of bread crumbs. You could further verify the evidence by confirming that the signature could be linked to an individual, then look at their responsibilities and qualifications, etc. Anyway, signatures provide objective evidence (and accountability) for compliance to other requirements as well, such as review, approval, or verification. What's the evidence that these activities were performed? A signature. These are key words that you can use in the regs and standards to determine when signatures are needed. Those are my thoughts on the subject.

 

[Lou Beck]

Question to the group:
Has anyone used the approval signature on an engineering change notice as evidence of training. The intent is the approver would read the changes which would be the same as training on changes.