We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Question

Ronen E

Problem Solver
Staff member
Moderator
#11
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

So, unless the contract says otherwise, we have no obligation to manufacture the device in accordance with the GMP or 21 CFR 820? That is the way I read the regulations, but that seems so bizarre to me that as the contract manufacturer we would not have some obligation or need to have the records necessary to pass an FDA audit, should it occur. Thanks for your input.

Hi,

Yes, it does sound bizarre, but it almost never actually happens because medical devices manufacturers who are subject to part 820 typically control their CMs one way or another. So, you don't have direct responsibility but some requirements may be "delegated" to you via your customer.

it's also been written here recently that the FDA doesn't "audit" per-se. the FDA holds inspections as it sees fit, and if you're not required to register you won't be on their "regular" inspection schedule. You might get inspected as part of an inspection held at your customer's (them being required to register) but then I guess you'd be inspected more as an extension of your customer's operations / QMS, rather than as an independent entity. If any deficiencies will be found, I guess the FDA will hold your customer accountable unless you acted fraudulently.

Cheers,
Ronen.
 
Elsmar Forum Sponsor

Marcelo

Inactive Registered Visitor
#12
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

So, unless the contract says otherwise, we have no obligation to manufacture the device in accordance with the GMP or 21 CFR 820? That is the way I read the regulations, but that seems so bizarre to me that as the contract manufacturer we would not have some obligation or need to have the records necessary to pass an FDA audit, should it occur. Thanks for your input.
You really have, in principle, no responsibility because you simply perform something that the manufacturer should perform but, for any reason, chose not to. So everything you do is under his belt, as Ronen said.

However, as a good business practice, it would be interesting if you pointed out this need if ever your client does not directly asks for this in a contract. "Implied requirements" is something that should be kept in mind in this situation.

The ideal way the read the regulations is:

You do have an obligation to your client to have controls and records to show that what you do is done under the regulations, however, your client has to make this clear (or you might make it clear to them so they do not complain afterwards if something happen)....or something like that :)
 
M

MIREGMGR

#13
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

Just to make this more murky...there have been a couple of instances in the past few years in which FDA has issued a Warning Letter to a contract manufacturer that was poorly controlled by their customer, on the basis that the Contract Manufacturer was an experienced medical device maker with knowledge of the issues involved in making the specified product safe and effective, and should have known that their customer was not competently specifying the product and controlling them.

This of course is directly supportive of Marcelo's suggestion above that you might want to approach the relationship on an "implied requirements" or guiding-your-customer basis.
 
R

Roland Cooke

#14
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

Just to make this more murky...there have been a couple of instances in the past few years in which FDA has issued a Warning Letter to a contract manufacturer that was poorly controlled by their customer, on the basis that the Contract Manufacturer was an experienced medical device maker with knowledge of the issues involved in making the specified product safe and effective, and should have known that their customer was not competently specifying the product and controlling them.

This of course is directly supportive of Marcelo's suggestion above that you might want to approach the relationship on an "implied requirements" or guiding-your-customer basis.
If you have links to one or more of these Warning Letters that would be very helpful.

I'd not heard this before, but it's certainly something I've hammered home on quite a few visits to contract manufacturers, (including under design control, customer contracts, risk management etc etc).
 
M

MIREGMGR

#15
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

I'll dig for them. As you know, the Warning Letter system isn't very effectively searchable.
 
M

MIREGMGR

#16
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

These are the contract-manufacturing-specific Warning Letters for which I have immediately accessible records:

www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucmXXXXXX.htm

where XXXXXX is replaced by:

174488
204223
246119

I'm aware of one or two more, more explicitly supportive of the CM-is-expert-so-held-responsible point, but I haven't found them yet.
 
M

MRWardell

#17
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

You really have, in principle, no responsibility because you simply perform something that the manufacturer should perform but, for any reason, chose not to. So everything you do is under his belt, as Ronen said.

However, as a good business practice, it would be interesting if you pointed out this need if ever your client does not directly asks for this in a contract. "Implied requirements" is something that should be kept in mind in this situation.

The ideal way the read the regulations is:

You do have an obligation to your client to have controls and records to show that what you do is done under the regulations, however, your client has to make this clear (or you might make it clear to them so they do not complain afterwards if something happen)....or something like that :)
The contract we have our customer does require us to be 13485 certified (we are) and to comply with QSR. The contract attempts to transfer all responsibility for QSR compliance to us, which I now understand, the customer (manufacturer of record) cannot do. We do not distribute the device, but will drop ship directly to their customers. This is our first medical device, so the learning curve has been fairly steep. There has also been a struggle to change the culture from one of shipping on time is the priority to one of following the process, even if that means delays in production or shipping. The input from the Forum has been great and reinforces the changes management needs to enforce if we (and our customer) are to be successful and compliant.
 

Ronen E

Problem Solver
Staff member
Moderator
#18
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

The contract attempts to transfer all responsibility for QSR compliance to us, which I now understand, the customer (manufacturer of record) cannot do.
The customer has the right to ask for anything; and if your company has agreed and signed such a contract, then it is deemed binding unless proven illegal or otherwise unenforceable. It's true the customer can't delegate their direct responsibility towards the FDA; however, they could very well spell out each and every requirement in a way that would practically mean you are labouring towards the actual compliance whilst they cheer from the sidelines.
 

somashekar

Staff member
Super Moderator
#19
Re: We Design and Develop - All of our Manufacturing is Outsourced - ISO 13485 Questi

they could very well spell out each and every requirement in a way that would practically mean you are labouring towards the actual compliance whilst they cheer from the sidelines.
I am sure this comes out of real application, as I can proudly say that from several years we are being cheered for the actual and correct compliance in our medical device business.
 
Thread starter Similar threads Forum Replies Date
M ISO 9001 Requirements for associated service - Design and develop software Design and Development of Products and Processes 7
S Product Development Program - Design, develop, approve and manufacture new products Design and Development of Products and Processes 6
DuncanGibbons Section 8.3 relevant for design organisations AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
P DFMEA - Machinery Design Best Practices FMEA and Control Plans 0
R Is a FAIR required on parts that we design? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
U API Spec Q1 - 5.6.1.2 C (3) - Design software Oil and Gas Industry Standards and Regulations 3
N Example for design and development planning,input,output,review,verification,validation and transfer Misc. Quality Assurance and Business Systems Related Topics 4
A 8.6 Release of products and services, 8.3 Design and development - evidence required ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
C Stress / Challenge Conditions for Design Verification Testing to Reduce Sample Size 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 11
J Significant change related to design and intended use EU Medical Device Regulations 3
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
U NOC - What is considered a "design change" EU Medical Device Regulations 5
Q PPT used as Design Review ISO 13485:2016 - Medical Device Quality Management Systems 3
D Design Verification Sample Size vs Repeats Statistical Analysis Tools, Techniques and SPC 9
A Design and development procedure for API Spec Q2 Oil and Gas Industry Standards and Regulations 6
D Design controls - Inputs, outputs, V&V, DHF, DMR ISO 13485:2016 - Medical Device Quality Management Systems 10
LostLouie Manufacturer divorced from Design process, is he justified in design process deficiencies? ISO 13485:2016 - Medical Device Quality Management Systems 9
R DFA & DFM - Examples for Design for assembly and design for manufacturability Lean in Manufacturing and Service Industries 2
D Using Laboratory Notebooks in R&D and Design and Development ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 6
K Joint approval between OEM and Manufacturer on Design Documents ISO 13485:2016 - Medical Device Quality Management Systems 4
M API 4F/7K/8C Design Package Validation Oil and Gas Industry Standards and Regulations 2
A Design History File - Not ready to share the design drawings or Bill of Material US Food and Drug Administration (FDA) 2
W Need for current design or process control FMEA and Control Plans 2
A What is the difference between Design Process, Process Design and Design Control? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
D Test summary report example for design validation wanted - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
B Why the Greek god Hephaestus should have done a design FMEA (DFMEA) on his giant robot APQP and PPAP 1
S Documenting Design Verification Test Results (ISO 9001) Design and Development of Products and Processes 1
DuncanGibbons Understanding the applicability of Design of Experiments to the IQ OQ PQ qualification approach Qualification and Validation (including 21 CFR Part 11) 5
S Requirement to Conduct New Shelf-life Testing? (re-do testing for design change) EU Medical Device Regulations 3
A Sample Agreement available for Outsourcing Medical Device Design activity? ISO 13485:2016 - Medical Device Quality Management Systems 1
DuncanGibbons How is the arrangement between Design and Production organisation envisaged? EASA and JAA Aviation Standards and Requirements 4
L Design & Development of a SERVICE Service Industry Specific Topics 13
C Documentation for items used for Design Verification 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
P Design verification driven by new equipment. How is this different than process validation? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A AS9102B - 3.6 Design Characteristics and form 3 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
P Design FMEA - Detection Rating criteria ISO 14971 - Medical Device Risk Management 3
U Medical Device Design finalization testing ISO 13485:2016 - Medical Device Quality Management Systems 2
S MDR Delay - MDD design Change? (before new MDR DOA) EU Medical Device Regulations 8
J Iterative design and production for custom made products ISO 13485:2016 - Medical Device Quality Management Systems 3
T Design Input detail & specificity ISO 13485:2016 - Medical Device Quality Management Systems 4
J Design file for pre-existing products - Inputs and Outputs ISO 13485:2016 - Medical Device Quality Management Systems 5
D Design Transfer Template capturing Customer Specific Requirements Other Medical Device Related Standards 3
T Design Control Procedures later in the Development Process ISO 13485:2016 - Medical Device Quality Management Systems 6
M Looking for a Presentation on Design for Excellence (DfX) Manufacturing and Related Processes 2
K Old medical devices -> 7.3.7. Design and development validation ISO 13485:2016 - Medical Device Quality Management Systems 1
R Design and Manufacture Guidelines for Surface Mount Technology Misc. Quality Assurance and Business Systems Related Topics 9
optomist1 Design Exclusion, but now we might have an outsourced Product Design ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Relabeler for patent expired product - design control responsibilities? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
B Supplier of design and manufacture process ISO 13485:2016 - Medical Device Quality Management Systems 10

Similar threads

Top Bottom