Purchasing Control

Some of the key requirements in purchasing controls are always have procedures to evaluate and select potential suppliers, contractors and consultants. Sponsor are advised to have an ‘Approved Supplier List’ where the detail of each sponsor evaluation. How and when it is being evaluated. What is the outcome of each evaluation?

Qualified auditor should physically go to the site to audit thoroughly the whole site and should also re-audit per schedule. Ideally, each supplier must be audited once in two years.

Update the Approved Supplier List regularly. Should any supplier disqualified, inform all purchasing department of the sponsor’s status.

Another key issue is that sponsor must sign a quality agreement with the supplier so that part/parts must be made accordingly to sponsor specification. The quality agreement must be detail to ensure the supplier performs according to the supplier agreement. For example, the sponsor should state specifically that all medical device components must be made per 21 CFR 820 or ISO 13485 etc.

One of the quality problem I had experienced was that sponsor has very poor control of the medical device components suppliers. The suppliers are behaving like the ‘boss’ and not the way around.

Sponsor must have a supplier evaluation form to ‘evaluate’ each supplier. Example of items in the form are: Name, Contact Information, Supplier Quality Certification like ISO 13485, Job/Part Description, Initiation Date, on-time delivery, evaluation results etc.

Of course, another element is the proper documentation of all the purchasing control. I will blog a little bit more detail about purchasing in subsequent blog.

Reference	Criteria
ISO 13485, 7.4.2.a	Does purchasing information describe the product to be purchased, including (where appropriate) requirements for approval of product, procedures, processes and equipment?
ISO 13485, 7.4.2.b	Does purchasing information describe the product to be purchased, including (where appropriate) requirements for qualification of personnel?
ISO 13485, 7.4.2.c	Does purchasing information describe the product to be purchased, including (where appropriate) quality management system requirements?
ISO 13485, 7.4.2	Has the company ensured the adequacy of specified purchase requirements prior to their communication to the supplier?
ISO 13485, 7.4.2	Does the company, to the extent needed for the traceability required, maintain relevant purchasing information, i.e. documents and records?.

Disclaimer: Although the author had exhaustively researched all sources to ensure the accuracy and completeness of the information contained in this blog, but no warranty and fitness is implied. I assumed no responsibility and implied warranty of any kind for errors, inaccuracies, omission, or any inconsistency herein. No liability is assumed for incidental or consequential damages in connection with the use of the information contained herein. Readers should always use their own judgment and review all related regulatory guidelines. Guidelines can change over time.

Non-Conforming Product

Medical Device Manufacturer should have a system and instructions to identify, document, evaluate and disposition of nonconforming products. Nonconforming products are very expensive to handle and should be prevented its occurrence in the first place.

The system and instruction should applies to all purchased, in-house manufactured materials, components, subassemblies and finished products. The system should also have a form called Product Nonconformity Report Template to record the detail of the nonconformity product and its disposition.

Let us talk about identification, documentation, evaluation, disposition, Advisory Note and Recall for nonconforming products.

Identification: All associates in the company especially QC inspectors and production personnel are responsible for identifying nonconforming products in the course of their inspection and process monitoring activities.

Documentation: When a nonconformity is identified, it should be documented in detail in Nonconformity Report form. Only certain personnel can initiate this form like QC inspectors and Quality Assurance. All other personnel report identified nonconformities to QA.

Disposition: The nonconformity report form should document, the identity of the device in question, department, area, operation where nonconformity occurred. The report should also describes objective facts detailing the nature of the nonconformity. The nonconforming product shall be labeled ‘rejected’ and quarantined until QA decides its disposition- reworked, accepted as-is and scrapped.

Advisory Notices and Recall: When nonconforming product is detected after delivery to the customers, customers should be notified expeditiously and be instructed on how to mitigate or avoid the effects, or potential effects, of the nonconformity. If the product need to be recalled, the sponsor should instruct them how to send back the product in question.

Reference	Criteria
21 CFR 820.90(a)	Has the company established and maintained procedures to control product that does not conform to specified requirements?
21 CFR 820.90(a)	Do the procedures address the identification, documentation, evaluation, segregation, and disposition of a nonconforming product?
21 CFR 820.90(a)	Does the evaluation of nonconformance include a determination of the need for an investigation and notification of the persons or organizations responsible for the nonconformance?
21 CFR 820.90(a)	Have evaluations and investigations been documented?
21 CFR 820.90(b)(1)	Has the company established and maintained procedures that define the responsibility for review and the authority for the disposition of the nonconforming product?
21 CFR 820.90(b)(1)	Do the procedures set forth the review and disposition process?
21 CFR 820.90(b)(1)	Is the disposition of nonconforming product documented?
21 CFR 820.90(b)(1)	Does documentation include the justification for use of nonconforming product and the signature of the individual(s) authorizing the use?
21 CFR 820.90(b)(2)	Has the company established and maintained procedures for rework, including retesting and reevaluation of the nonconforming product after rework, to ensure that the product meets its current approved specifications?
21 CFR 820.90(b)(2)	Are rework and reevaluation activities, including a determination of any adverse effect from the rework upon the product, documented in the device history record (DHR)?

Disclaimer: Although the author had exhaustively researched all sources to ensure the accuracy and completeness of the information contained in this blog, but no warranty and fitness is implied. I assumed no responsibility and implied warranty of any kind for errors, inaccuracies, omission, or any inconsistency herein. No liability is assumed for incidental or consequential damages in connection with the use of the information contained herein. Readers should always use their own judgment and review all related regulatory guidelines. Guidelines can change over time.

External Quality Audits

As described in previous post entitled “the internal quality audit” and conversely, there should also be an external quality audits program in the medical device company. The internal quality plan is to audit the state of things with the internal quality system while the external audit is to audit the state of things with external business entities associated with the device manufacturer. Examples are contract research organization (CRO), contract manufacturing organization (CMO) and all sort of suppliers of components and parts.

Depending on the complexity of the medical device, sometimes, the sponsors has literally a few to a few hundred suppliers. These suppliers need to be constantly audited to ensure their quality system is in compliance to 21 CFR 820, ISO 13485, ISO 14971 etc.

Therefore, sponsor should have a procedure that can provide a system and instructions and to assign responsibility for conducting external audits of the quality management system of suppliers and CMO.

Aside from the procedure, sponsor should also has external audit plan, audit nonconformity report template, quality audit checklist and a great external quality audit team.

For audit plan: QA is responsible for planning and scheduling external audits of the quality system of CMO manufacturing processes and raw materials suppliers. Because of the enormity of the external audit program, therefore, it is prudent to choose the audit frequency based on status and importance of the processes, products and areas to be audited and as well as results from previous audits, previous nonconformities, CAPA and customer complaints. Typically, each supplier should be audited once in two years.

In the external audit plan, the dates, assignment of audit teams, areas to be audited should be set clearly and to be followed. External audit plans should be synchronized with management reviews of the sponsor’s quality system.

For external audit team: External quality team member should be qualified, experienced, have the necessary education, independent and able to write well and fast. External auditors must have expert level in ISO 13485, 21 CFR 820 and EU MDD, for example.

During the external auditing, external auditors seek objective evidence to demonstrate whether the audited activities conform to the requirements of the documented quality system, and whether the system is effectively implemented and maintained. When nonconformity is noted, it is brought to the attention of, and discussed with, the responsible individual of the department.

At the end of the audit, each noted nonconformity is documented using the audit Nonconformity Report. External audit team should fill out only the first part of the form, describing the nonconformity and handed over to the responsible individual who uses the second part to propose correction, corrective action or perhaps a remediation plan.

Upon receiving the report, the responsible individual investigates the cause/s of the problem noted as a nonconformity, proposes a correction or corrective action to be taken, and indicates the date by which the corrective action will be fully implemented. The external auditor reviews and approves the proposed action.

Documentation and Record: this is a critical part. External audits, implementation of resulting corrective actions, and follow-up audits are documented. At the end of an auditing cycle, all nonconformity reports established during the cycle are compiled and analyzed, and are presented at the management review meeting

Reference	Criteria
ISO 13485 /8.2.2	Are the company’s audit programs planned?
ISO 13485 /8.2.2	Do the audit programs take into consideration the status and importance of the processes and areas to be audited?
ISO 13485 /8.2.2	Do the audit programs take into consideration the results of previous audits?
ISO 13485 /8.2.2	Are the audit criteria, scope, frequency, and methods defined?
ISO 13485 /8.2.2	Does selection of auditors and conduct of audits ensure the objectivity and impartiality of the audit process?
ISO 13485 /8.2.2	Does the audit process ensure that auditors do not audit their own work?
ISO 13485 /8.2.2	Are the responsibilities and requirements for planning and conducting audits, and for reporting audits and maintaining records, defined in a documented procedure?
ISO 13485 /8.2.2	Does management responsible for the area being audited ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes?
ISO 13485 /8.2.2	Do follow-up activities include the verification of the actions taken and the reporting of verification results?

Disclaimer: Although the author had exhaustively researched all sources to ensure the accuracy and completeness of the information contained in this blog, but no warranty and fitness is implied. I assumed no responsibility and implied warranty of any kind for errors, inaccuracies, omission, or any inconsistency herein. No liability is assumed for incidental or consequential damages in connection with the use of the information contained herein. Readers should always use their own judgment and review all related regulatory guidelines. Guidelines can change over time.