Unable to close a finding raised from BSI last year

[ire88]

Hello,

I have a question, as I have never been in this position before.

We are going to have a BSI surveillance audit for the maintenance of the ISO 13485 Standard next week and we realised that one of the minor finding that was raised by the auditor last year is not yet completed and it's now overdue (it was due on Feb 22).
From your experience what's the consequence if one of the findings from BSI of last year remains not implemented?

Many thanks for your help

 

[Randy]

Hello,

I have a question, as I have never been in this position before.

We are going to have a BSI surveillance audit for the maintenance of the ISO 13485 Standard next week and we realized that one of the minor finding that was raised by the auditor last year is not yet completed and it's now overdue (it was due on Feb 22).
From your experience what's the consequence if one of the findings from BSI of last year remains not implemented?

Many thanks for your help

Easy, unless you can show evidence of trying to take positive action like cause analysis, some containment and planning to correct correct it, the NC will most likely be raised to a Major and your certificate be placed under risk of suspicion or revocation.

Did you send in a proposed corrective action like you were asked to or did you post one to the Portal?

If you've done nothing what you get is a self inflicted wound.

There is no mandate for complete closure, sometimes it takes time & resources to get something done. Now what do you mean it was due Feb 22? I know a wee bit about this and a totally completed CA isn't given a "due by date" only the initial CAP will have a due assigned to it with review at the next audit.............HAVE SOMETHING TO SHOW!!!!

 

[Sidney Vianna]

Depending on the reasons behind the failure to effectively implement corrective action by the due date, the auditor is likely to escalate the issue to a major and give you a shorter timeframe to resolve it. And you will have the privilege to pay for their onsite visit to (hopefully) close the issue.

 

[ire88]

Thanks a lot for your response.
Yes, we did the investigation and we identified the RC, however, the QA team was under resources and we were not able to complete the implementation plan. The proposed corrective action was sent to BSI within the due date and our implementation plan was approved.

 

[Randy]

Thanks a lot for your response.
Yes, we did the investigation and we identified the RC, however, the QA team was under resources and we were not able to complete the implementation plan. The proposed corrective action was sent to BSI within the due date and our implementation plan was approved.

Well flitter you might be fine for a continuation based on other factors. Why did the QA team have to correct it? Did they own the process? Don't be surprised if you're asked about "Resources" and get another one for "lack of appropriate thereof" and maybe a lack of demonstrated "commitment"

 

[ire88]

Yep, QA was the owner of the process. The process is itself about findings.
Historically in the company, all the NCs were escalated to CAPAs. The result is a cumbersome process. The action for the finding raised by BSI was to review the process to use a risk-based approach to evaluate when an NC warrants a CAPA.

 

[Randy]

Yep, QA was the owner of the process. The process is itself about findings.
Historically in the company, all the NCs were escalated to CAPAs. The result is a cumbersome process. The action for the finding raised by BSI was to review the process to use a risk-based approach to evaluate when an NC warrants a CAPA.

So you're saying that some things for incorrect or "nonconforming" are left to whither on the vine?

Here's a risk based approach........"What could happen if the problem isn't fixed?...Worst case scenario

 

[Tidge]

Easy, unless you can show evidence of trying to take positive action like cause analysis, some containment and planning to correct correct it, the NC will most likely be raised to a Major and your certificate be placed under risk of suspicion or revocation.

“Before I draw nearer to that stone to which you point, answer me one question. Are these the shadows of the things that Will be, or are they shadows of things that May be, only?”

 

[Tata347]

So quick and dirty; change your CAPA process to state external audits are reviewed, evaluated and documented on external auditors/customer documentation (or point to the external corrective action process in your CAPA process to an internal CAPA - for tracking and closing purposes only); realize that these two items are one in the same and it sounds like they were made to be two separate processes. Since you've obviously done the majority of the work; finish the documentation based on what you gave BSI originally (as long as its still sound) and note that audit CAPAs may be closed as part of subsequent audits by external sources. Define the difference is "CLOSED" and Documented... closed implies that you have verified effectiveness and the issue no longer exists.. since you haven't had a repeat audit from BSI - I would contend that the CAPA can't be verified for effectiveness and therefor not "CLOSED" yet as long as you've documented the plan and an ECD documented you may be able to squeak by. Do something even if its a "Draft" to submit for review; its' better than doing nothing - that will be an automatic MAJOR and 30 days to complete and implement.

 

[Randy]

So quick and dirty; change your CAPA process to state external audits are reviewed, evaluated and documented on external auditors/customer documentation (or point to the external corrective action process in your CAPA process to an internal CAPA - for tracking and closing purposes only); realize that these two items are one in the same and it sounds like they were made to be two separate processes. Since you've obviously done the majority of the work; finish the documentation based on what you gave BSI originally (as long as its still sound) and note that audit CAPAs may be closed as part of subsequent audits by external sources. Define the difference is "CLOSED" and Documented... closed implies that you have verified effectiveness and the issue no longer exists.. since you haven't had a repeat audit from BSI - I would contend that the CAPA can't be verified for effectiveness and therefor not "CLOSED" yet as long as you've documented the plan and an ECD documented you may be able to squeak by. Do something even if its a "Draft" to submit for review; its' better than doing nothing - that will be an automatic MAJOR and 30 days to complete and implement.

Not necessarily, unless you're more intimate with the process than I.