Trusting ISO 13485 Certification of a Supplier... A Sad Story

Ronen E

Problem Solver
Moderator
I can sell into the US without the CE mark or anything else. Once a company is registered (completes an online form with FDA), they can sell immediately. The 510(k) issue may/may not apply, but that is a separate issue for a couple reasons.

So whether I have a CE or not makes no difference. The US is by far, the easiest big market to sell into. FDA inspections are free, if they occur at all. If one happens abroad (one of those 5% occurrences), its free.

Regardless of the fact that most of these assertions are either inaccurate or irrelevant, they don't support your earlier statement "I can get anywhere with my CE", if "anywhere" includes the USA.

One thing I do agree with - that's "whether I have a CE or not makes no difference", in the USA. It makes no difference in both directions - it will not stop you if you don't have it, but it will also not help you if you do have it, but don't meet the applicable USA regulations, directly.
 
Last edited:
G

gramaley

I'm glad you were able to see through whatever it was as inaccurate. CE is simply not relevant, that was all I was getting at. My statistics are spot on. Please be specific about any inaccuracy you see, since I certainly have provided a lot of information. I don't need to be inaccurate to make my points.

The FDA uses a "risk based priority" system for adjusting its "inspectional priorities". This creates a wide difference in experiences for different manufacturers. I understand your experience can be different.

Big companies with lots of high risk devices get lots of inspections. Low risk device makers will not likely see an inspector, especially if they operate abroad (The GAO report indicates one FDA visit every 27 years for medium risk device makers, and one visit every 6 years for high risk device makers abroad). You can verify whether or not these statements are accurate, by examining the GAO report published in 2008.

So lets stick to the Government Accountability Office's report on FDA inspections then, since that is easier for others to evaluate. Inspectional data is free, so you can crunch that yourself, which I invite you to do sometime.

Simply put. FDA audits are rare for most, but frequent for some. This creates a gap in interest in such things as MDSAP.
 

Ronen E

Problem Solver
Moderator
I'm glad you were able to see through whatever it was as inaccurate. CE is simply not relevant, that was all I was getting at. My statistics are spot on. Please be specific about any inaccuracy you see, since I certainly have provided a lot of information. I don't need to be inaccurate to make my points.

The FDA uses a "risk based priority" system for adjusting its "inspectional priorities". This creates a wide difference in experiences for different manufacturers. I understand your experience can be different.

Big companies with lots of high risk devices get lots of inspections. Low risk device makers will not likely see an inspector, especially if they operate abroad (The GAO report indicates one FDA visit every 27 years for medium risk device makers, and one visit every 6 years for high risk device makers abroad). You can verify whether or not these statements are accurate, by examining the GAO report published in 2008.

So lets stick to the Government Accountability Office's report on FDA inspections then, since that is easier for others to evaluate. Inspectional data is free, so you can crunch that yourself, which I invite you to do sometime.

Simply put. FDA audits are rare for most, but frequent for some. This creates a gap in interest in such things as MDSAP.

I don't dispute the above. I also don't have issues that I wish to raise at this moment WRT your general theme. My comment regarding inaccuracies related to a specific post of yours, which I quoted in my post where I made that comment. I've already wrote everything I wished to write in that context; my main argument was made (as you can see above) regardless of whatever inaccuracies / irrelevancies I referred to.

I re-joined the discussion at this specific point only because of your "I can get everywhere with my CE" statement, which I thought was misleading for the general public. That's all. Since I feel that this issue is now clarified, I think we can move on.

Thank you,
Ronen.
 
Last edited:
M

MIREGMGR

(...) by examining the GAO report published in 2008.

That's more than a bit misleading. In the 2008 time frame, US FDA had few inspectors abroad, particularly in China, India and other south and southeast Asian countries, and those areas got little attention. Now FDA has many more inspectors stationed there, and inspection activity has increased considerably. Since 2008, FDA also has added the PREDICT system for more readily spotting import problems; significantly increased Listing requirements for contract manufacturers to increase identifiability of problem points; and changed its de facto interpretation of several guidances and practices to make it easier to gig contract manufacturers when an inspector or FDA management determines that's desirable.
 
G

gramaley

The 2012 inspection data was provided earlier, which was a peak year for inspections. You can derive whatever opinion you have about the success of the FDA's inspections overseas, but the data is something anyone can verify, quantitatively.

All I did was create a spreadsheet containing every registered medical device firm, organized by a count into each country. I then used the FDA inspection data (also available online) and populated the number of inspections performed in each country. I could then examine inspections % in each country, group them into foreign inspections.

I grouped all of the foreign registered firms together, and then divided them into all of the foreign inspections that were performed, and got 5%.

So if there are 2000 registered firms in China, then 100 of them were inspected at the peak year of 2012. And this is indeed an improvement. The point I am making is, under a program where 3rd party certifications are used (e.g. CE marking) all 2000 would be inspected every year.

:topic:You are raising now another issue, which merits a different discussion. Lets set aside QMS for a moment, since the FDA commissioner himself has stated it is not working. He indicates that border control is the answer, and this is funded also by aid from the Homeland Security. This covers more than devices, but food as well.

FDA has a robost border control system, that will place an FDA hold on devices that do not have a registration, listing or a 510(k) in some cases. So it is effective at screening devices, at the border, for registration and possibly 510(k). Is this working? Well, maybe. Many more 510(k) submissions are piling up at FDA than ever before. I spoke with FDA last week about this, and they are complaining about the pile of 510(k) they are now seeing from overseas. Why? More than likely, border control is doing that.:topic:

Maybe this isn't too far off topic, because at the end of the day, public health protection comes from more than just a quality system. A good assessment of the product by FDA helps too, and border control does seem to be driving more foreign devices into the 510(k) review system.
 
M

MIREGMGR

The point I am making is, under a program where 3rd party certifications are used (e.g. CE marking) all 2000 would be inspected every year.

Let's see, what was the name of that other program under which every device maker would be inspected every year? Oh, yeah, "MDSAP".

What a coincidence! According to Kim Trautman and several other sources, that's actually FDA's plan, once they get past the voluntary pilot phase and roll it out.

I'm glad to see that they're working to achieve the end goals that you've suggested for them. :)
 
G

gramaley

Actually, they are not. I warned them that if they continue to make this program voluntary in the United States, it will fail as the other three programs have.

https://www.qualitydigest.com/insid...l-device-single-audit-program-s-dismal-future

MDSAP is not done yet, so there is hope that FDA can get this time what it has never achieved in the other three attempts. However, Kim has more of a political battle than most people can manage. As you say, people don't trust 3rd party, and that is even more true of the Office of Compliance, which would potentially lose jobs to 3rd party.

All of the programs, including the IAF program, have to contend with politics that most are not prepared to deal with. Some of these politics come from far away places, and national regulations, such as Swiss protections of confidential information, or internal politics within the agency. And of course you have most of the medical device industry in the US that isn't paying for any FDA inspections, and don't want to, so forcing them to pay $20,000 for an annual inspection will hit the fan in Congress faster than... well. Lots of politics have to be navigated.
 
G

gramaley

I thought I would help you challenge my own IAF program :)

You see, ISO 13485 is also a voluntary program. ISO 9001 is still the Quality system for most of the world, even for medical devices. You may not believe it, but 80% of Chinese industry doesn't have ISO 13485, and at best, they have ISO 9001 (as I was informed by a Taiwan CAB operating in the region).

So I cannot claim very broad acceptance of the IAF program for ISO 13485, and as it is voluntary, and arguably much more expensive than a free local Taiwan GMP, so it isn't going very far in Taiwan for the SMEs anyway.

MDSAP, like the IAF program, will remain voluntary worldwide, because they are expensive. Regulators that make them mandatory may find a terrible loss of access to medical devices, much the same way Canada has suffered under CMDCAS (as many smaller companies bailed on Canada). That is why they have 3000 firms registered compared to 32,000 US firms.

So smaller countries are not going to make any of these programs mandatory. Heck, not even the US is doing it, so why would, say...Singapore?

Europe could leverage the MDSAP to worldwide use, as they are a HUGE economy. The price of Canada's CMDCAS, but 30 times the value. So if Europe made MDSAP mandatory, it could help Canada enormously, but there is another problem. European Certification is a CE cert, a product cert, and allows any one of thee different approaches for gaining the CE mark, some don't require any QMS at all. So MDSAP isn't a replacement for CE marking, since this is a actually a product certification "audit" hybrid. This is where IMDRF has to make something work with Europe. I am not opposed to MDSAP. I am opposed to things that don't work. MDSAP is not done, and maybe they can make it work. When I wrote the article, it had too many features of the failed programs of the past. So maybe that will steer them to make it work!

The IAF program was designed to be an "off the shelf" global system of accreditation, derived from the (state of regulatory audits, competency, GHTF SG-4 guidance, etc). It was designed to make the ISO 13485 audits fit for regulator use, worldwide, especially in developing nations that can use local AB resources to help them. Industry can opt in, or out of ISO 13485. If regulators choose to recognize MDSAP or IAF or both (like TGA Australia) fine, but will industry use either of them? Surely ISO 13485 is widely used in the West, but we still have a long way to go in other regions of the world. The AHWP is now moving much more toward use of ISO 13485, especially with their new Guidance on Good Distribution Practices. In Asia, Distributors need more regulating than manufacturers in some countries.
 
Last edited by a moderator:

somashekar

Leader
Admin
With this sad story about ISO 13485 having so much response., and looking forward the MDSAP program gaining momentum with four regulatory regions being members and perhaps more to join .... and with the ISO 13485 faced with a delayed revision .... what is the sanctity of this ISO standard ?
Will the MDSAP finally make the ISO 13485 no more a sought after standard for the medical device industry ~~~ ??
 
Last edited:
M

MIREGMGR

My understanding is that the pro-MDSAP faction within US FDA and certain Congressional staffers is the same group as the pro-harmonization faction...except what they want the world to harmonize on is an enhanced ISO 13485 that does approximately what MDSAP is intended to do, i.e. provide supervision with teeth of the CBs and national regulatory bodies that are allowed to participate, to eliminate international marketing of devices based on meaningless certificates from sham issuers and to force a high degree of uniformity among national regulators and auditing bodies, so as to eliminate marketplace competition among national regulators or CBs on the basis that one is "easier" than another.
 
Top Bottom