medical device program (mdsap)
TRANSCRIPT
3/28/2017
1
MEDICAL DEVICE SINGLE AUDIT PROGRAM (MDSAP)
Can I really get down to just one audit?
Rem Siekmann
R&Q
1
Connie Hoy
Cynosure, Inc.
ABOUT
▪ Industry-leading regulatory and quality consulting and engineering for medical device companies
▪ Founded in 2008 with offices in:▪ Pittsburgh, PA (HQ)
▪ Cleveland, OH
▪ Boston, MA
▪ Minneapolis, MN
▪ Philadelphia, PA
2
SERVICES
3
▪ REGULATORY
▪ Worldwide Regulatory Strategy
▪ FDA Clearance and PMA
▪ EU Entrance
▪ Canadian License and Approval
▪ Rest-of-World Support
▪ Guidance for Regulation and Standards Changes
▪ Acquisition Regulatory Due Diligence
▪ UDI Compliance
▪ MDD Technical File Clinical Evaluation Reports
▪ Combination Products
▪ QUALITY SYSTEMS
▪ Quality System Development(ISO13485/QSR/CMDR)
▪ Internal Auditing
▪ FDA Inspection Preparedness/Assistance
▪ Quality System Improvement Projects
▪ Acquisition Quality Systems Integration
▪ MDSAP
▪ Combination Products
▪ DESIGN ASSURANCE
▪ Design Verification and Validation
▪ Human Factors/Usability
▪ Safety Risk Management
▪ Design Quality Assurance
▪ Design Quality Engineering (software, electromechanical, sterile disposables)
▪ Clinical Evaluation Reports
▪ Design History Files
▪ PRODUCT QUALITY
▪ Supplier Quality and Audits
▪ Manufacturing Site Transfer
▪ Manufacturing Quality
▪ Process Validation/Qualification
▪ POST-MARKET SURVEILLANCE
▪ FDA 483s
▪ Warning Letters
▪ Consent Decrees
▪ Remediation Support
▪ CAPA and Complaint Monitoring/Leadership
▪ Safety Risk Monitoring
▪ Recall Decisions
R&Q INTELLIGENCE SERIES
▪ Free webinars held fourth Tuesday of every month in 2017
▪ Conducted by leading medical device experts
▪ Reporting on and analyzing top industry trends and topics
▪ Goal to provide key and actionable takeaways
▪ Slides and recording available to all registrants
▪ NEXT: April 25 – EU MDR▪ Subscribe to R&Q’s blog for details: rqteam.com/blog
4
R&Q INTELLIGENCE TOUR
5
▪ Premium in-person events in five cities
▪ Discussion of critical and trending 2017 medical device updates
▪ Speakers include FDA (invited), Notified Bodies, Medical Device Innovation Consortium (MDIC) and AAMI /ISO technical standards committee representatives
▪ Actionable takeaways and in-depth dialogue
▪ Locations▪ Philadelphia, Pittsburgh, Boston, Minneapolis, Cleveland
▪ Subscribe to R&Q’s blog for details: rqteam.com/blog
Rem Siekmann, R&Q▪ Certifications include:
▪ MDSAP Auditor Certification▪ Certified Biomedical Auditor (CBA)▪ CMDCAS Auditor
▪ Member of ASQ, RAPS, AAMI
▪ Former Technical Manager, SAI Global; achieved “Authorized” MDSAP Auditing Organization status
PRESENTERS Q&A Panel Additions
▪ Jake O’Donnell
▪ 21 years as FDA investigator
▪ Mark Swanson
▪ Member of ISO Technical Committee 210 and Working Group 1 for ISO 13485
6
Connie Hoy, Cynosure, Inc.▪ EVP of Regulatory Affairs and Clinical Development for Cynosure, Inc. (wholly owned by
Hologic)
▪ 32 years experience in regulatory and quality with focus on radiation emitting devices
▪ Team leader for two successful MDSAP inspections▪ Cynosure Corporate - October 2016 as part of the pilot program▪ Cynosure second manufacturing site - March 2017
3/28/2017
2
MEDICAL DEVICE SINGLE AUDIT PROGRAM (MDSAP)
Can I really get down to just one audit?
Rem Siekmann
R&Q
7
Connie Hoy
Cynosure, Inc.
AGENDA
▪ Background and Rationale
▪ How does it work?
▪ Potential Problems
▪ Case studies
▪ Solution and Q&A
8
BACKGROUND
▪ One audit by authorized Auditing Organizations (AO) used to fulfill regular inspection requirements of Canada, US, Australia, Brazil & Japan
▪ Process developed by IMDRF
▪ Built on ISO 13485:2003 + regulatory requirements (FDA: 21 CFR 820, Brazil: ANVISA RDC 16, Japan: MHLW Ministerial Ordinance No. 169)▪ Also have a version based on ISO 13485:2016
▪ 3 year pilot program completed in 2016
▪ Structure is loosely similar to FDA’s QSIT and built on a foundation of risk management data to help determine audit focus areas.
▪ IMDRF & FDA provides many useful tools (audit model & companion guidance, audit time calculations, post-audit guidance, CDRH Learn)
9
IMPACT: WHO IS AFFECTED AND WHEN?
▪ Any device firm that distributes in USA, Canada, Brazil, Australia or Japan should understand the program and contemplate participation.
▪ FDA went live with MDSAP on 1 JAN 2017 – acceptable replacement for routine inspections.
▪ Health Canada / CMDCAS makes MDSAP mandatory effective 1 JAN 2019 !
▪ Important: understand MDSAP program mechanics, benefits, risks and challenges to make timely decisions and preparation.
10
HOW USED BY REGULATORY AUTHORITIES?
11
▪ FDA (USA) will accept MDSAP in lieu of routine inspection, but not for initial visits or “for cause inspections.”
▪ Health Canada will use MDSAP to satisfy CMDCAS requirements: those medical device manufacturers wanting to sell in Canada will need MDSAP certification.
▪ ANVISA (Brazil) will accept MDSAP for initial audits, but the agency will still require its auditors to conduct ANVISA audits for higher-risk devices.
▪ TGA (Australia) will use MDSAP to satisfy TGA requirements, considering MDSAP certificates as equivalent CE certificates.
▪ MHLW (Japan) will accept MDSAP in lieu of an on-site Japanese Quality Management System (J-QMS) audit.
WHAT HAPPENS IN THE EU?
12
▪ Europe (EU) has not taken a firm move toward MDSAP yet, but is an official observer watching its progress▪ Gap in making a connection to the product-specific
aspects of the MDD
▪ Concern as to whether AO’s would have resources to review product issues
▪ Given EU focus on updating MDD regulations, Europe may not be joining soon
3/28/2017
3
MDSAP AUDIT
13
▪ Based on 3 year cycle (similar to ISO 13485:2003)
▪ Initial Certification Audit of entire quality management system (QMS)
▪ Stage 1: preparation review
▪ Stage 2: registration audit
▪ Annual Surveillance Audits – partial coverage
▪ Recertification audit in 3rd year
▪ Very prescriptive:
▪ Uses a detailed process approach for the audit
▪ Post-audit activity timelines determined
▪ Non-conformity findings are graded for severity
MDSAP AUDIT
14
Risk Management
Purchasing
ManagementMeasurement/Analysis andImprovement
Design andDevelopment
Production andService Controls
Device Marketing Authorization and Facility Registration
Medical Device Adverse Events and Advisory Notice Reporting
MDSAP AUDIT
15
▪ Audit duration is based on the elements to be covered in the audit, not on number of employees (as in ISO 13485)▪ A pre-determined amount of time is allocated
to each task (range: 15 – 44 minutes)
▪ reduced for no sterilization, service, installation or implants (¾ hr. each), or design (5 hrs)
▪ increased for critical supplier visits (4 hours each), outstanding NCRs (15 min. each)
▪ Cannot exclude geographies where sales exist but you would not be audited to jurisdictions where no sales exist
MDSAP AUDIT
16
MDSAP Audit Duration Range Examples (ISO 13485:2003–based)
MDSAP AUDIT
MDSAP Nonconformity Grading (reference: GHTF/SG3/N19)
▪ Instead of Major/Minor classifications, based on two factors:1. QMS Impact:
▪ Indirect QMS Impact: ISO 13485:2003 clauses 4.1 through 6.3▪ Direct QMS Impact: ISO 13485:2003 clauses 6.4 through 8.5
2. Number of occurrences:▪ First sub-clause Occurrence: # from one audit to the next▪ Repeat Occurrence: if same NC in the past 2 audits
▪ Escalation (+ 1 point for each of), with 5 points as a maximum:▪ Absence of documented procedure, or▪ Release of nonconforming medical device
17
MDSAP AUDIT
18
MDSAP Nonconformity Grading (points)
QMS Impact
Occurrence
Dir
ect
Ind
ire
ct
First Repeat
3/28/2017
4
MDSAP AUDIT
Impact
▪ Certain nonconformity grades: 30 days to implement remediation + AO to conduct an additional unannounced audit▪ More than 2 nonconformities graded “4”
▪ 1 or more nonconformities graded “5”
▪ If due to frequent noncompliance or release of nonconforming medical devices, allowing up to 6-9 months to implement corrective actions
19
MDSAP Nonconformity Grading (points)
MDSAP REPORTS ANDCERTIFICATES
▪ Using the MDSAP formatted report
▪ Will be submitted to all applicable regulators for their review
▪ Regulators will maintain a database to track trends in nonconformities
▪ MDSAP Certificates will show the applicable jurisdictions
20
MDSAP AUDIT: PROS AND CONS
MDSAP vs. FDA Inspection
21
MDSAP AUDIT: PROS AND CONS
MDSAP vs.ISO 13485 Audit
22
Factor Comparison overview
Cost An MDSAP audit may result in changes to the audit
duration and therefore the costs may vary
Auditor Audits must be conducted by an MDSAP-trained auditor
and due to the length of the audit multiple auditors may be
required (but, potential reduced resource burden)
Auditing
Checklist
MDSAP uses a different auditing checklist process (up to 94
tasks) but the checklist contents are similar to ISO 13485
adding in the regulatory requirements already being
considered (common audit criteria)
NCRs Nonconformance ratings differ from ISO 13485 to MDSAP,
but resolution is the same (standardized system, more
predictable outcome)
MDSAP AUDIT: HOW TO PARTICIPATE?
▪ Auditing Organizations▪ “Recognized”
▪ BSi▪ TUV Sud America▪ Intertek
▪ FDA: expecting another 2-3 Recognized AO’s in next several months
▪ Complete list all auditing organizations (including “authorized”)▪ https://www.fda.gov/downloads/MedicalDevices/InternationalProgr
ams/MDSAPPilot/UCM429978.pdf
23
MDSAP AUDIT: POTENTIAL BOTTLENECKS
▪ Only 3 “recognized” MDSAP auditing organizations▪ Becoming mandatory 2019 for Canada
▪ ISO 13485:2016 becoming mandatory 2019
▪ EU MDR updates becoming mandatory 2020
▪ FDA: already experiencing significant ramp-up of activity in 2017
Therefore…Be actively pursuing MDSAP before 2018
24
3/28/2017
5
MDSAP RESOURCES
25
▪ General Guidance and MDSAP documents, polices, etc.▪ FDA MDSAP LANDING PAGE:
https://www.fda.gov/MedicalDevices/InternationalPrograms/MDSAPPilot/default.htm
▪ CDRH Learn – Postmarket -▪ IMDRF: http://www.imdrf.org/
▪ KEY DOCUMENTS:▪ COMPANION DOCUMENTS
▪ MDSAP AU G0002.1.003: Companion Document (PDF - 1.5MB)(ISO 13485 :2003)
▪ MDSAP AU G0002.1.004: Companion Document (PDF - 1.2MB)(ISO 13485 :2016)
MDSAP RESOURCES
26
▪ AUDIT MODELS: ▪ MDSAP AU P0002.003 Audit Model (PDF - 882KB)
(ISO 13485:2003 version)
▪ MDSAP AU P0002.004 Audit Model (PDF - 770KB)(ISO 13485 :2016 version) New
▪ OTHER HELPFUL DOCUMENTS:▪ MDSAP AU P0008.004: Audit Time Determination Procedure (PDF - 86KB)
▪ MDSAP AU P0027.004 Post Audit Activities and Timeline Policy (PDF - 412KB)
SUMMARY
The R&Q so lu t ion .
27
THE R&Q SOLUTION
▪ Gap Analysis
▪ Update QMS procedures
▪ Conduct Internal Audit
▪ Report to Management
▪ Assist with communication/planning with certification body
▪ Visit rqteam.com/services
28
CYNOSURE 2014…
29
AUDITS!
▪ In 2014 we had the following audits:▪ ISO Certification▪ Japan▪ Korea▪ 3 Brazil GMP (our site + 2 OEM manufacturers)▪ 2 FDA audits of IDEs▪ 1 QSIT Audit
▪ Prompting Cynosure to decide to enroll into the MDSAP Pilot program – We applied in early 2015
▪ Notified Body is Intertek SEMKO AB (Swedish)
30
3/28/2017
6
OCTOBER 2016…
31 32
33
http://www.fda.gov/downloads/MedicalDevices/InternationalPrograms/MDSAPPilot/UCM375697.pdf
WHAT IS THE COMPANION DOCUMENT?
This is your guidebook.
If you don’t have a highlighted, redlined, dog-eared, coffee-stained copy of this in your possession, then you are
not ready for your MDSAP Audit.
35
FORMAT
▪ Each process has a chapter that includes:▪ Purpose
▪ Expected outcomes for the auditor
▪ Audit Tasks and Links to other processes
▪ Audit Tasks are numbered and correspond to the audit report
▪ Section to explain what should be assessed during each audit task
▪ Country specific requirements
36
3/28/2017
7
EXAMPLE: TASK 8 OF MANAGEMENT
37 38
WHAT TO DO!
▪ Read the Companion Document cover to cover ▪ ALL 96 pages! - This will help you understand the overall flavor of the audit
▪ Look for Risk related activities
▪ Highlight all the Audit tasks in each section▪ I did it first in the hard copy
▪ Then in the e-Copy
▪ Ask your notified body if they will provide you with the audit report checklist▪ If yes, start performing internal audits to the checklist
▪ If no, create your own checklist and perform internal audits
39 40
DON’T FEAR THE AUDIT.
THE AUDIT
▪ Very promptly started and stuck to a strict schedule
▪ Followed Audit Task Checklist to the letter and typed into the checklist during the audit▪ If you understand the Audit Tasks this is very direct
▪ Seemed to be some overlap between the two auditors▪ For example, metrics were reviewed in Management Review and also
reviewed in Monitoring and Measurement
▪ Did spend time on the production floor▪ Process Control▪ Calibration
41
THE AUDIT
▪ Focus on Risk Assessment – do you have risk assessment for significant changes? Complaint trends? Nonconforming material trends? CAPA trends?
▪ Focus on outsourced processes – do you have quality agreements? How do you handle nonconformities? So you assess risk as part of your SCAR process?
▪ Focus on Validation – Design and process▪ Focus on Change management and associated risks▪ Found multiple times where the subject matter expert for particular
topics was required in both rooms ▪ Had to improvise!
42
3/28/2017
8
43
MY BEST ADVICE…
START NOW.
QUESTION AND ANSWER PANEL
Rem, Conn ie , Jake , and Mark a re av a i lab le fo r ques t ions .
45
THANK YOU
DOWNLOAD white papers and case studies.
SUBSCRIBE to our blog.
BEGIN a conversation.
WEBINAR QUESTIONS?
EMAIL [email protected]
AUDIT TIME CALCULATION
MDSAP AUDIT DURATION
▪ The number of audit tasks accomplished during the audit of a medical device manufacturer will vary depending on the type of audit performed and the specific activities performed by the organization.
▪ Duration of audit is calculated based on the number of applicable audit tasks associated with the type of audit to be conducted (as defined in the MDSAP Audit Cycle) and the specific activities of the organization to be audited.
48
3/28/2017
9
MDSAP AUDIT DURATION
▪ Audit Time computed based on applicable tasks (audit type and auditee processes), and standardized times for each task
▪ Allowable Adjustments identified in MDSAP AU P0008.004 .
49
MDSAP AUDIT DURATION
▪ Adjustments Example: ▪ If the organization does not manufacture sterile medical devices (or
medical devices subject to sterilization by the user) and the devices do not require installation, or servicing, Production and Service Controls tasks 9, 26, and 27 will not be applicable and should not be considered in duration of audit calculations. Conversely, if more than one design or more than one manufacturing process is selected for audit*, the addition of duplicate audit tasks may need to be considered when making duration of audit calculations since the same tasks will be applied during multiple audit activities.
*: use of multipliers, apparently at AO discretion (per our FDA discussions), not unlike the discretion currently available to FDA investigators.
50
MDSAP AUDIT DURATION
▪ Adjustments (continued):
▪ Adjustments specific to Design and Development (when applicable) ▪ If the organization to be audited does not engage in design and
development activities, the audit of Design and Development can be limited to tasks 1 and 16.
▪ If the organization to be audited manufactures medical devices that were designed prior to regulatory design and development requirements and does not actively design new devices, the audit of Design and Development can be limited to tasks 1, 4 (Design Change Procedures) and 13 – 16.
▪ For medical devices containing software, applicable design and development activities specific to the software may result in the duplication of design and development tasks.
51
MDSAP AUDIT DURATION
▪ Adjustments (continued):
▪ Adjustments specific to Production & Service Control ▪ If the manufacturing process selected to be audited during a surveillance
audit was comprehensively audited during a previous current MDSAP audit cycle audit and there have been no significant changes to the process or indicators of potential concerns, the time estimated for auditing this process may be reduced.
▪ Adjustments specific to assessment of previously cited nonconformities ▪ If the audit requires the assessment of corrections and/or corrective
actions from previously cited nonconformities, each nonconformity should be considered (an additional) task under Measurement, Analysis and Improvement (MA&I) with the appropriate additional time allocated.
52
MDSAP AUDIT DURATION
▪ Adjustments (continued):
▪ Adjustments specific to assessment of critical suppliers ▪ Additional time should be added based on the number of critical suppliers,
where necessary .
▪ Adjustments based on Multiple Site Audits ▪ When multiple site audits are conducted, the duration of audit for each
individual site should be calculated. The total duration of audit is the cumulative duration of audit necessary to audit each individual site. Multiple site audits may require the duplication of audit tasks at multiple sites. Conversely, multiple sites may not have the same responsibilities and processes.
53
MDSAP AUDIT DURATION
▪ Adjustments (continued):
▪ Adjustments based on organization size
▪ For organizations with fifteen (15) or fewer personnel, duration of audit may be reduced commensurate with the risk of the product or processes audited. The maximum allowable reduction of the duration of audit based on organization size shall be no more than 10% of the calculated duration of audit.
54
3/28/2017
10
MDSAP AUDIT DURATION
▪ Possible Concerns:
▪ Small firms – duration scoping mechanism only allows up to 10% time reduction for firms having fewer than 15 employees.
▪ Cycle Alignment of ISO 13485 and MDSAP audit – MDSAP may be applied at 13485 surveillance audit but will not result in MDSAP certification until MDSAP comprehensive initial or MDSAP recertification audit occurs. (ref.: MDSAP AU G0026.1.001, 2014-07-22).
▪ Cost generally, and perhaps potential variability in use of multipliers.
55
POST-AUDIT TIMELINE/EVENTS
56
MDSAP POST-AUDIT TIMELINE
57
15 Days
MDSAP POST-AUDIT TIMELINE
58
▪ Audit Report Package▪ The audit report documented on the fillable Medical Device Regulatory
Audit Report Form MDSAP AU F0019.1. The audit report provided must be the final version after its technical review by the Auditing Organization;
▪ ‐ If any nonconformity was open during the audit, the Nonconformity Grading and Exchange Form MDSAP AU F0019.2;
▪ ‐ If any nonconformity was open, or left open during the audit, the Nonconformity Reports issued by the Auditing Organization on their corresponding forms, including the remediation plan developed by the manufacturer and the results of the review of this remediation plan by the Auditing Organization. Nonconformities may be documented as individual nonconformity reports or as a single document;
▪ ‐ The evidence of implementation of corrections and/or corrective actions provided by the manufacturer to remedy any nonconformity grade 4 or 5.
MDSAP POST-AUDIT TIMELINE
59
▪ 5 Day Notices (Early Awareness Communication)
Auditing Organization must inform the Regulatory Authorities within 5 working days starting on D0, if any of the following situations occur:
▪ -If the audit team identified:
▪ ‐ one or more nonconformity grade 5, OR
▪ ‐ more than two nonconformities grade 4,
Then:
▪ the Auditing Organization must inform the Regulatory Authorities by providing a
completed Nonconformity Grading and Exchange form MDSAP AU F0019.2.
▪ or if: in the course of the audit, the audit team: ▪ ‐ perceives a public health threat, OR
▪ detects any fraudulent activity, OR
▪ detects any counterfeit product,
Then : the Auditing Organization must inform the Regulatory Authorities by providing a written report setting out the circumstances of the perceived public health threat, the detected fraudulent activity or the identification of counterfeit product.
NONCONFORMITY GRADING DETAILS
60
3/28/2017
11
MDSAP NONCONFORMITY GRADING
▪ Ref: GHTF/SG3/N19:2012: Nonconformity Grading System for Regulatory Purposes and Information Exchange.
▪ On writing NCs:▪ The nonconformity should▪ a) be a statement of nonconformity written in a clear, concise manner:▪ * be self-explanatory and related to the issue, not just be a restatement of the audit evidence,
or be used in lieu of audit evidence▪ b) be supported by objective evidence:▪ • justify the extent of evidence (e.g. number of records) - what exactly was found or not
found, with an example(s)▪ • identify the location or basis (source document) for the evidence (e.g. in a record,
procedure, interview, or visual observation)▪ c) identify the specific requirements which have not been met:
use the words of ISO 13485:2003
document the source of the requirement (e.g. medical device regulations, other applicable standards, procedures or requirements established by the
organization, etc.)
61
▪ 2 Step NC Grading Process
62
MDSAP NONCONFORMITY GRADING
63
MDSAP NONCONFORMITY GRADING
▪ Step 2 – Escalation Rules▪ The resultant grading from Step 1 is carried forward to Step 2, which is a rules-based escalation
process to address areas of higher risk that have a potential to affect product safety and performance. Under this grading system the Step 1 grade is increased by 1 for each rule:
▪ 1. Absence of a documented process or procedure▪ The absence of a documented process or procedure will fundamentally
affect consistency and effective implementation of any process.▪ 2. Release of a Nonconforming Medical Device▪ A nonconformity which resulted in the release of a nonconforming
medical device to the market is direct evidence of a QMS failure. This rule in the grading system is assessing the QMS nonconformity at a higher risk, because nonconforming product is on the market and outside the control of the manufacturer’s QMS. If a nonconforming medical device is released under concession with adequate technical and scientific justification, then the nonconformity has been resolved.
64
MDSAP NONCONFORMITY GRADING
65
▪ NCs with safety implications are to be classified Direct Impact (example: Vigilance Reporting NC against improvement, not documents.)
▪ Repeat observation is one for which an NC was written to same sub-clause in either of the 2 preceding audits that covered that sub-clause (does not have to be identical)
▪ Release of NC product that has been approved based on appropriate documented rationale does not result in application of escalation rule.
MDSAP NONCONFORMITY GRADING
66
MDSAP NONCONFORMITY GRADING
3/28/2017
12
AUDIT MODEL / TASK EXAMPLES
67
▪ References: ▪ MDSAP AU P0002.003 2015-10-06 (:2003)
▪ MDSAP AU P0002.004 2017-01-06 (:2016)
▪ 7 Process Areas▪ Management = Management Process ▪ DMA&FR = Device Marketing Authorization and Facility Registration
Process ▪ MAI = Measurement, Analysis and Improvement Process ▪ MDAE&ANR = Medical Device Adverse Events and Advisory Notices
Reporting Process ▪ D&D = Design and Development Process ▪ P&SC = Process and Service Controls Process ▪ Purchasing = Purchasing Process
68
MDSAP AUDIT MODEL
MDSAP AUDIT MODEL
▪ Management (7 tasks). Examples:▪ 1. Verify that a quality manual, management review, and quality
management system procedures and instructions have been defined and documented.
▪ 2. Confirm top management has documented the appointment of a management representative. Verify the responsibilities of the management representative include ensuring that quality management system requirements are effectively established and maintained, reporting to top management on the performance of the quality management system, and ensuring the promotion of awareness of regulatory requirements throughout the organization.
69
MDSAP AUDIT MODEL
▪ Device Marketing Authorization and Facility Registration -3 Tasks – Examples:
▪ 1. Verify the organization has complied with regulatory requirements to register and/or license device facilities and submit device listing information in the appropriate jurisdictions where the organization markets or distributes devices.
▪ 2. Confirm the organization has received appropriate device marketing authorization in the regulatory jurisdictions where the organization markets its devices.
▪ 3. Verify the organization has arranged for assessment of the change (where applicable) and obtained marketing authorization for changes to devices or the quality management system which require amendment to existing marketing authorization.
70
MDSAP AUDIT MODEL
▪ Measurement, Analysis and Improvement – 16 Tasks –Examples:▪ 3. Determine if investigations are conducted to identify the
underlying cause(s) of detected nonconformities, where possible. Confirm investigations are commensurate with the risk of the nonconformity.
▪ 5. Confirm that corrections, corrective actions, and preventive actions were determined, implemented, documented, effective, and did not adversely affect finished devices. Ensure corrective action and preventive action is appropriate to the risk of the non-conformities or potential nonconformities encountered.
71
MDSAP AUDIT MODEL
▪ Med Device Adverse Events and Advisory Notice Reporting -2 Tasks:▪ 1. Verify that the organization has a process in place for identifying
device-related events that may meet reporting criteria as defined by participating regulatory authorities. Verify that the complaint process has a mechanism for reviewing each complaint to determine if a report to a regulatory authority is required. Confirm that the organization’s processes meet the timeframes required by each regulatory authority where the product is marketed.
▪ 2. Verify that advisory notices are reported to regulatory authorities when necessary and comply with the timeframes and recordkeeping requirements established by participating regulatory authorities.
72
3/28/2017
13
MDSAP AUDIT MODEL
▪ Design and Development – 17 Tasks – Examples:▪ 4. For the device design and development record(s) selected, verify that
design and development procedures have been established and applied. Confirm the design and development procedures address the design and development stages, review, verification, validation, design transfer, and design changes.
▪ 8. Verify t h a t risk management activities are defined and implemented for product and process design and development. Confirm that risk acceptability criteria are established and met throughout the design and development process. Verify that any residual risk is evaluated and, where appropriate, communicated to the customer (e.g., labeling, service documents, advisory notices, etc.).
73
MDSAP AUDIT MODEL
▪ Production and Service Controls – 29 tasks – Example:▪ 3. For each selected process, determine if the production and service
process is planned and conducted under controlled conditions that include the following: ▪ the availability of information describing product characteristics
▪ the availability of documented procedures, requirements, work instructions, and reference materials, reference measurements, and criteria for workmanship
▪ the use of suitable equipment
▪ the availability and use of monitoring and measuring devices
▪ the implementation of monitoring and measurement of process parameters and product characteristics during production
▪ the implementation of release, delivery and post-delivery activities
▪ the implementation of defined operations for labeling and packaging the establishment of documented requirements for changes to methods and processes
74
MDSAP AUDIT MODEL
▪ Purchasing – 15 tasks – Examples: ▪ 6. Verify that suppliers are selected based on their ability to supply
product or services in accordance with the manufacturer’s specified requirements. Confirm t h a t the degree of control applied to the supplier is commensurate with the significance of the supplied product or service on the quality of the finished device, based on risk.
▪ 11. Verify that the organization documents purchasing information, including where appropriate the requirements for approval of product, procedures, processes, equipment, qualification of personnel, and other quality management system requirements.
75