In Part One of this two-blog series, I shared 5 best practices to prepare your organization for FDA inspection success. Inspections by the FDA can lead to regulatory action and consequences such as warning letters, recalls, and consent decrees. Thus, you want to put your best foot forward to demonstrate the compliance of your Quality Management System (QMS). In this Part 2, we’ll focus on the logistics for running a smooth and efficient inspection.
1: Tone and philosophy
First and foremost, everyone interacting with the FDA should be truthful, professional, and courteous. While this may seem like common sense, it is worthwhile to emphasize. The FDA is there to protect the public good by finding the evidence that your Quality Management System is compliant, so convey that you are there to help them in that goal.
In its aim to demonstrate compliance to FDA regulations, an organization is balancing 3 things: 1) Providing the investigator with requested documents, information, and subject matter experts (SMEs) in a timely manner; 2) Understanding what topics the investigator may request go to next and prepare accordingly; and 3) Keeping a record of what the investigator has examined.
To that end, here are roles to have during an inspection.
Host – Serves as the primary interface with the investigator. This role is typically best served by your Head of Quality, as that individual understands the organization’s QMS and understands the FDA approach. If there is more than one investigator, there should be one host per investigator.
Scribe – Takes notes on conversations with the investigator and what the investigator is examining throughout the inspection. Like the host, assign one scribe per investigator. Folks great at listening and typing quickly make for great scribes.
Back Room lead – This person runs the Back Room, coordinating all the requests coming in, sending requests to the front room, and prepping SMEs. Even more importantly, this person is monitoring what is happening in the front room, anticipating areas of inquiry, and preparing accordingly.
Doc Control – Whether your organization is paper based, 100% with electronic records, or a hybrid, Doc Control is key to retrieving those records in a timely manner and keeping track of what has been presented and reviewed by the investigator.
Tech Reviewers – These folks inspect records before they head into the Front Room to ensure it’s the right document and noticing any issues that the host should be aware of before they are presented to the investigator.
Runners – Individuals who can retrieve information and SMEs as needed.
3: Set up a Front Room and Back Room
Typically a conference room, the Front Room is where activities with the investigator(s) are centralized. Aside from the investigator, Individuals are limited the bulk of the time to the host, scribe, and SME’s.
The Back Room is where document, information, and SME preparation occurs. A large conference room works best, not too far from the Front Room.
4: Communicating between the Front Room and Back Room
Determine how information between the Front Room and Back Room will be shared. This includes document and information requests, as well as the conversations that are occurring. One way that works is a web-conference call (no audio or video) in which the scribe shares a document in which they are typing in live. This shared screen is then projected in the Back Room.
Direct chat channels between the scribe and Back Room Lead are also helpful to communicate information the Host should be aware of, like any delays in document retrieval, etc.
5: Documents/Request Management
Determine how documents and request management will occur. There will be time periods when requests are coming fast and furiously. Whether through a spreadsheet or database, it is important to keep track of what has been requested, when it has been presented to the investigator, and returning any hard copy records after the investigator is through with them.
Providing the investigator with the requests in a timely manner demonstrates that your organization’s QMS is under control and has nothing to hide. Keeping a file of everything the investigator has reviewed is key if there is any action taken by the FDA that requires formal response by your organization. It is vital to know what was specifically reviewed so it can be referenced and referred to as necessary to inform those responses.
Closing
Your organization has worked hard to build and run its Quality Management System and prepare for an FDA inspection. Implement these tips to run an efficient inspection and demonstrate your compliance to FDA regulations.
READ MORE
https://www.jamasoftware.com/media/2022/02/2022-02-02-v2-preparing-for-fda-inspection-part2-logistics.jpg5121024Michelle Wu/media/jama-logo-primary.svgMichelle Wu2022-02-02 03:00:432022-03-24 12:05:50Prepping for an FDA Inspection Part 2: Logistics
This is part one of a two-part series. Part two is available here.
FDA Inspection
FDA inspections can be daunting, especially for an organization that is expecting its first one. In part one of a two-blog series, here are five best practices to prepare your organization for success:
1: Understand why the FDA will perform an inspection
The first step in preparing for a successful FDA inspection is understanding why your facility and Quality System (QS) are being inspected. Whether it’s a pre-approval inspection, a biennial audit, or for‑cause, knowing where the FDA will be focusing will help you focus on how to prepare.
2: Learn what an FDA Investigation is like
Another key understanding is that an FDA inspection is not just another audit. The inspection is not the same as an ISO 13485 certification audit, internal audit, or supplier audit. While not all FDA investigators are identical, in general, FDA inspections are much more rigorous and intense in nature.
Thus, educating yourself and your organization on what to expect during an FDA inspection is important. Many resources are available at the FDA’s website, including guides for medical device manufacturers and their Quality System Inspection Technique (QSIT). Another aspect to know is an inspection will assess compliance to 21 CFR 820 (the Quality System), as well as other parts, including 803 (MDR), 821 (Tracking), 806 (Corrections and Removals), and 807 (Registration and Listing).
3: Identify Subject Matter Experts (SMEs) for processes and devices
Identify subject matter experts (SMEs) for QS processes and devices. These individuals should be knowledgeable with the subject matter, as well as able to communicate well with the investigator. While your organization’s records should speak for themselves, having an individual who can guide an investigator as necessary makes the inspection run more smoothly and efficiently.
4: Perform an assessment and address gaps
For an organization preparing for its first FDA inspection, review your Quality System procedures and records, with increased attention to the areas relevant to the anticipated focus of the inspection.
Many organizations also design their Quality Systems for ISO 13485 compliance, and while ISO 13485 and the FDA Quality Systems Regulations (QSR) are similar, there are some differences. Note, the FDA has indicated that harmonizing and modernizing the Quality System Regulation (QSR) with ISO 13485 is an active initiative. Until then, ensure your Quality System covers all aspects required by the FDA. One available tool that maps the FDA 21 CFR to ISO 13485:2016 is AAMI TIR102:2019.
Also audit your recent Quality Systems records for 2 reasons, 1) identify any issues for compliance to your organization’s procedures, and 2) familiarize yourself with any issues so they can be reviewed clearly by the SME if those topics come up in the investigation. Use a reputable auditor that is familiar with FDA inspections and how investigators are trained. Involve your SMEs so they are prepared as well.
Records to review include those associated with the particular device of focus. For example, in a Pre-Market Approval (PMA) inspection, ensure an SME can walk an investigator through the Design History File of the device to demonstrate the design controls were adequately met. Before the FDA arrives is a good time to ensure that there is evidence that all design inputs are verified and all user needs and all intended uses have been validated.
Ensure that your firm is registered and that your device listings are up to date.
Mock inspections serve a number of purposes when preparing for an FDA inspection. They allow individuals that may be involved, including SMEs, an opportunity to practice, can identify areas of concern that can be addressed before the FDA arrives, and give your organization an opportunity to practice the logistics of hosting an FDA inspection.
Again, use an experienced auditor familiar with FDA inspections and the mindset of FDA investigators.
As with any large endeavor, preparation is key. These best practices provide you with the path and resources to educate and prepare your organization for an FDA inspection.
Visit part twoof this blog series for best practices and tips regarding the logistics of running a smooth and efficient inspection.
READ MORE
https://www.jamasoftware.com/media/2022/01/2022-01-19-preparing-for-fda-inspection-part1.jpg5121024Michelle Wu/media/jama-logo-primary.svgMichelle Wu2022-01-19 03:00:042022-02-03 10:40:19Preparing for an FDA Inspection – Part 1
If you’ve worked in product development for any time at all, you’ve probably heard the term “ISO” used in conjunction with the terms “standards” and “compliance” (along with a variety of four- and five-digit numbers).
But what does that all mean, and how does it affect you? In this article, we will provide you with a basic guide to understanding ISO standards.
What is ISO and What are ISO Standards?
The International Organization for Standardization is a nongovernmental organization. It consists of a network of standards bodies from 165 member countries (currently), with one body representing each member country. The American National Standards Institute (ANSI), for example, represents the United States. The organization maintains a central office in Geneva, Switzerland, to oversee this network.
Because “International Organization for Standardization” is a mouthful and would have different acronyms in different languages, the organization’s founders chose ISO—derived from the Greek ‘isos’, meaning equal—as its official abbreviation. As the group’s website proclaims: “Whatever the country, whatever the language, we are always ISO.”
ISO’s purpose is to help unify standards on an international basis. ISO standards are designated by the term ISO followed by a number, like ISO 9001. In some cases, ISO standards share a numeric code with an industry association, as in the case of ISO/IEC 12207. IEC stands for the International Electrotechnical Commission, which prepares and publishes international standards for electrical, electronic, and related technologies.
Nearly 800 ISO technical committees and subcommittees are tasked with standards development. As of June 2021, ISO has published some 23,886 international standards covering almost all aspects of technology and manufacturing.
What Are the Benefits of ISO Standards?
ISO forms a bridge that links the public and private sectors. Many of its member institutes are either departments of their national governments or mandated by them. Other member organizations are rooted solely in the private sector, having been set up by industry association partnerships within their country. ISO helps these diverse bodies reach consensus on solutions that meet both the requirements of business and the broader needs of society.
ISO standards help make the world a safer place and give consumers confidence that the products they buy are safe, reliable, and of high quality. Regulators and governments count on ISO standards to help develop better regulation, knowing they have a sound basis thanks to the involvement of globally recognized experts.
Finally, compliance with ISO standards gives companies an advantage in the marketplace. ISO certification provides assurance to potential customers that the company adheres to industry best practices. In many industries, companies require that their suppliers are certified to certain relevant ISO standards.
The ISO process for creating a new standard begins when an alliance of industry associations or consumer groups submits a request. ISO then recruits subject matter experts and industry stakeholders to form a technical committee or subcommittee. This committee executes a two-round drafting process and then takes a formal vote on the second draft. This second draft is called the Final Draft International Standard (FDIS). If the FDIS is approved, it is certified by the central secretariat, and ISO publishes it as an official international standard.
As technologies and best practices evolve, industry associations may request an update of an ISO standard. Different versions of the standard are distinguished by the year the revision was published appended to the standard designation. For example, the latest version of ISO 9001 is ISO 9001:2015.
What ISO Standards Are Related to Product Development?
ISO 9001
The ISO 9000 family of quality management standards is easily the most popular set of industry standards in the world. Of these, ISO 9001 is the only one to which companies can be certified.
ISO 9001 describes how to put a Quality Management System (QMS) in place to better prepare your organization to produce quality products and services. Today, over one million companies in more than 170 countries are certified to ISO 9001:2015.
ISO/IEC 12207
ISO/IEC 12207, Systems and software engineering – Software lifecycle processes aims to define all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.
First introduced in 1995, ISO/IEC 12207 establishes a common framework for software life cycle processes with well-defined terminology that can be referenced by the software industry. It defines the processes, activities, and tasks to be applied during the acquisition of software products or services, as well as during the supply, development, operation, maintenance, and disposal of software products and to the software portion of firmware, as well.
ISO/IEC 12207 also provides a process that can be employed for defining, controlling, and improving software life cycle processes.
ISO 8887
ISO 8887 specifies the requirements for the preparation, content, and structure of technical product documentation (TPD) of the design output for the cycles of manufacturing, assembling, disassembling, and end-of-life processing of products. It describes the TPD needed at the critical stages of the design process.
Beyond those requirements, the standard also identifies and describes methods and conventions appropriate to the preparation of documentation necessary to realize a design, including the application to multiple life cycles. ISO 8887 also incorporates guidance on the ultimate reusing, recovering, recycling, and disposing of the components and materials used.
ISO/TS 16949
Based on ISO 9001, ISO/TS 16949 is a technical specification (TS) aimed at the development of a quality management system that provides for continual improvement within the automotive industry. First published in 1999, it emphasizes defect prevention and the reduction of variation and waste in the automotive industry supply chain and the assembly process.
According to the British Standards Institution (BSI), the ISO/TS 16949 standard was created by the International Automotive Task Force (IATF) to help streamline this process. It focuses on the avoidance of errors and defines the requirements for the development, production, and installation of automotive-related products. Today, certification is required by almost all Tier 1 companies, many of whom require their Tier 2 and Tier 3 suppliers to certify. As a result, over 50,000 certifications have been issued to date against this standard.
ISO 26262
ISO 26262, Road vehicles – Functional safety applies to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars. Introduced in 2011, this standard addresses possible hazards caused by malfunctioning behavior of E/E safety-related systems, including the interaction of these systems.
With the increased number and interaction of electronic systems within passenger vehicles, this standard is being adopted rapidly within the automotive industry.
ISO 13485
Unlike many ISO standards, ISO 13485, Medical Device Quality Standards, is a single document and does not belong to a family. It was originally published in 2003 and revised in 2016.
ISO 13485 puts a quality management system in place for the production of medical devices and equipment and is very specific to the health industry. It is often implemented with ISO 9001 to show that an organization is qualified to do business in the medical device field.
ISO 13485 is a regulated standard against which over 25,000 certifications have already been issued.
Product developers sometimes ask, “What are the differences between standards and requirements?”
According to Merriam-Webster, a requirement is “something wanted or needed; a necessity” or “something essential to the existence or occurrence of something else.” Other definitions include “a necessity or prerequisite” and “something required or obligatory.”
Webster’s defines a standard as “something set up and established by authority as a rule for the measure of quantity, weight, extent, value, or quality” or “something established by authority, custom, or general consent as a model or example.” In other words, a standard is a principle, example, or measure used for comparison—a benchmark used to evaluate suitability for a purpose.
To meet a requirement, a thing, person or organization must do exactly what the requirement says. To meet a standard, a thing, person or organization must meet the minimum requirements of the standard and align with its intent. Standards typically allow some leeway for tailoring to individual organizational practices and obligations.
As mentioned earlier, many corporate and governmental customers want their suppliers to adhere to certain ISO standards, especially in industries that are multi-tiered or highly regulated. Certification to applicable standards is often a contractual requirement within those industries.
Is ISO Compliance Required by Law?
The ISO standards themselves are not legally binding. There are no laws that compel companies to meet or be certified to any ISO standards.
However, national regulators may refer to ISO standards as examples of good practice. For example, a building regulation might say you must comply with certain local regulations and that one way of complying with those is to comply with a given ISO standard.
Also, while not legally bound, many companies find certification to certain ISO standards is a necessity if they wish to compete for contracts within their industry or with specific customers.
In this guide, we’ve talked frequently about ISO compliance and ISO certification. So, what’s the difference?
Compliance simply means that your product or process conforms to the requirements of the ISO standard. ISO certification, on the other hand, is the result of a formal procedure and thus a bit more complicated.
ISO itself does certify companies directly. Instead, specific certification bodies perform the task of auditing and then certifying an organization’s compliance with a given ISO standard. These bodies, often known as registrars, must themselves be certified under a separate standard, ISO/IEC TS 17021.
During the certification process, the registrar audits the organization to ensure that its operations are in compliance with processes outlined in the current ISO standard. Where inconsistencies or “non-conformities” are found, the organization must typically create a program for correcting these problems before the registrar will issue a certificate.
Once an organization is granted certification, it receives a certification mark that can be used on its company stationery, websites, etc.
When it comes to ISO standards governing ongoing business practices, like ISO 9001 for example, approval is typically valid for a period of three years. After that, the company must recertify to the current form of the standard.
Applying ISO Standards in Lifecycle and Requirements Management
What tools can help meet ISO standards in the realm of product lifecycle management? Jama Software provides several.
First and foremost of these is our flagship product, Jama Connect. For example, let’s say your organization is seeking certification to ISO 9001. To achieve that certification, you need to demonstrate you have put in place a defined, repeatable process for assuring quality. Jama Connect is a tool built specifically for requirements management and requirements traceability. Not only does Jama Connect simplify the tracking and tracing of requirements, it also makes it simpler and easier to maintain and demonstrate a robust quality process. That’s because Jama Connect automates so much of your requirements management process.
Finally, to learn more about choosing the right requirements management tools to help your company attain or maintain ISO certification, download our Requirements Management Buyer’s Guide.
https://www.jamasoftware.com/media/2021/07/2021-07-15_guide-to-iso-standards_1024x512.jpg5121024Jama Software/media/jama-logo-primary.svgJama Software2021-07-15 03:00:152021-11-01 15:11:05A Guide to Understanding ISO Standards
In the complex world of medical device development, teams not only face challenges of innovation, but also a shifting regulatory environment and evolving standards.
Balancing the competing interests of customers and stakeholders with the guidance and regulations from different entities across global boundaries presents challenges that even the most organized and methodical teams may struggle to meet.
In this environment, systems thinking can greatly improve the ability of medical device development teams to get products from the idea stage to market. By breaking down complex problems into manageable pieces, teams can better evaluate their systems and streamline and strengthen processes.
Using an applied systems approach will also help resolve inefficiencies in the development process and produce the outputs necessary for the design history file (DHF).
A growing number of organizations and teams are already pursuing a general systems approach by applying the guidance in ISO 13485:2016. This standard helps define a framework for the Quality Management System (QMS) for medical device development and pushes the development process naturally toward a systems approach. But for those teams that have not yet adopted the standard, adding one more document or piece of guidance to the overall process can feel like another layer of complication.
It doesn’t have to be. Adopting this standard can help standardize and systematize the medical device development process. Though it may look daunting at first, once adopted, ISO 13485 can streamline processes and position organizations for a better outcome with regulatory requirements.
The standard was developed by the International Organization for Standardization (ISO) to outline the standard for a Quality Management System (QMS) for the design and manufacture of medical devices.
The ISO defines “medical device” as “a product, such as an instrument, machine, implant or in vitro reagent, that is intended for use in the diagnosis, prevention and treatment of diseases or other medical conditions.” It is a stand-alone document designed for use by organizations of any size involved in any stage of medical device development, from design to production to installation to service of devices. Both internal and external parties can use the standard to support the auditing process.
ISO 13485 is the most common standard for quality management in the field of medical device development across the globe. Adoption of the standard indicates a commitment to the highest quality and safety across the development process, and it provides a foundation for QMS requirements.
While not required by all government entities, the standard does provide a good foundation for addressing regulations such as the EU Medical Device Directive and the EU Medical Device Regulation. In 2018, the FDA proposed a rule that would align US FDA 21 CFR 820 with ISO 13485:2016; this rule would make this standard the mandatory QMS for medical devices.
Note: The rule was set for release in 2019; however, as of December 2020, the rule was still forthcoming. Check for current guidance.
Key Takeaways from Our Complete Guide to ISO 13485
ISO 13485 and systems thinking go hand-in-hand; teams will find that adoption of ISO 13485 directs them toward systems thinking.
Adoption of this standard will streamline processes and position medical device teams for better regulatory outcomes.
ISO 13485 is a stand-alone document; however, it closely aligns with ISO 9001:2008 and EN ISO 13485.
ISO 13485 and ISO 14971 are related, but ISO 14971 is more focused on risk management – the two standards can be used in tandem.
This standard is not mandatory; teams can develop a Quality Management System (QMS) without the standard as long as it meets regulatory requirements. However, adoption of the ISO 13485 will create a QMS that is ideally positioned to meet the requirements of various regulatory and legislative entities, including the EU.
Jama Software’s Complete Guide to ISO 13485 for Medical Device Development covers requirements for adherence, the difference between ISO 13485 and other medical device standards, and steps for successful adoption and certification.
Download The Complete Guide to ISO 13485 for Medical Device Development to untangle everything there is to know about this important standard.
https://www.jamasoftware.com/media/2021/02/2021-02-18-ISO-13485-ebook-1024x512-1.jpg5121024McKenzie Jonsson/media/jama-logo-primary.svgMcKenzie Jonsson2021-02-18 03:00:002021-03-29 15:20:34[GUIDE] ISO 13485 for Medical Device Development
Every company that produces medical devices has to plan for that time when they must present compliance evidence to the FDA auditor. Often the most difficult and time-consuming aspect of this process is sorting through the available documentation produced by the design and development team, including outputs from multiple software tools. Even in that best-case scenario (likely you have the added challenge of having to fill a few holes in the paper trail), assembling and delivering documentation that is comprehensive in its demonstration of risk management can be an arduous task.
When the auditor is reviewing the design and development history of your medical device they want to see the full story, from the original concept though post-production. They want to see all the angles from which you’ve examined your product, from internal actions items and decisions, to incorporation of market feedback, to safety analysis of similar products. And within that story, auditors want proof that you’ve taken action to ensure that risks that can’t be eliminated fall into an acceptable range.
Everyone–including the auditor!–wants a smooth audit process, to ensure the safety of the patient. So how can you easily produce comprehensive documentation and pass your compliance audit?
In our work with medical device companies, we’ve come up with these recommendations for using Jama in your development process. These techniques allow you to show full traceability between risks and design controls, making the task of proving compliance less daunting, less time-consuming, with the added benefit of having a positive impact on your product quality.
Use Jama to execute your risk management process
First, we recommend that you manage all design controls (requirements, risks, design specs and tests) in Jama, and synchronize data from other developer tools, such as JIRA, using the Jama Integrations Hub. This foundational set up will ensure end-to-end traceability and also ensure that all of your data is available for your audit documentation.
Also in this Jama instance, capture and manage specific medical device data pertinent to a future compliance audit, such as intended use of your product, patient and user needs, your risk management plan and any other information that defines the device, your product objectives, and information about similar products in the market.
Just like you manage requirements with Jama’s collaboration tools, you can also use Jama to execute your risk management process. This provides the team one area where they can go to understand how to document risks and what information needs to be collected, and prevents confusion around process that is vital for your FDA submissions.
To do this, we suggest you track risks as individual items. Complete a preliminary estimate of the risk by defining the probability of occurrence of the harm and the severity of that harm, and use the calculated risk priority number to assess if the risk is acceptable. As you define mitigations, use relationships to illustrate those in Jama, and then update the risk priority number post-mitigation.
Use Jama’s Review Center for both risk and design controls reviews, inviting feedback from subject matter experts and stakeholders. When anyone has questions about why a risk was estimated in a certain way, these reviews are the source of truth for why decisions were made. Using Review Center, along with documenting this information in the project space, allows teams to collaborate on risk definition (and add more as they arise), discuss mitigation plans and verification of test results, to collaborate on solutions and to finalize and document decisions.
When telling the story of your medical device’s development lifecycle to the FDA, it can be a struggle to organize the information in a cohesive manner. And if documentation is missing or decisions and action items aren’t recorded, these gaps could result in your product never reaching the market—or being pulled from the shelves. Using Jama creates much of the needed evidence and is an easy step to take that will save time and money in the long run.
More on managing risk in medical devices using Jama
Want to know more about how Jama manages risk in Jama? Check out this video to understand more. And if you’re ready to see how Jama can help you manage the development of your medical device start a free trial.
We’d love to hear how your teams manage documentation for compliance audits. Do you have stories about how your company passed audits for ISO 14971, ISO 13485 or 21 CFR Part 11? Our medical devices team is curious to hear about your methods for streamlining your submission process for compliance audits.
00jstetson/media/jama-logo-primary.svgjstetson2016-01-15 16:51:242016-01-15 16:51:24Streamline Medical Device Compliance with Jama
If you’ve worked in product development for any time at all, you’ve probably heard the term “ISO” used in conjunction with the terms “standards” and “compliance” (along with a variety of four- and five-digit numbers).