Non-Conforming Product

Medical Device Manufacturer should have a system and instructions to identify, document, evaluate and disposition of nonconforming products. Nonconforming products are very expensive to handle and should be prevented its occurrence in the first place.

The system and instruction should applies to all purchased, in-house manufactured materials, components, subassemblies and finished products. The system should also have a form called Product Nonconformity Report Template to record the detail of the nonconformity product and its disposition.

Let us talk about identification, documentation, evaluation, disposition, Advisory Note and Recall for nonconforming products.

Identification: All associates in the company especially QC inspectors and production personnel are responsible for identifying nonconforming products in the course of their inspection and process monitoring activities.

Documentation: When a nonconformity is identified, it should be documented in detail in Nonconformity Report form. Only certain personnel can initiate this form like QC inspectors and Quality Assurance. All other personnel report identified nonconformities to QA.

Disposition: The nonconformity report form should document, the identity of the device in question, department, area, operation where nonconformity occurred. The report should also describes objective facts detailing the nature of the nonconformity. The nonconforming product shall be labeled ‘rejected’ and quarantined until QA decides its disposition- reworked, accepted as-is and scrapped.

Advisory Notices and Recall: When nonconforming product is detected after delivery to the customers, customers should be notified expeditiously and be instructed on how to mitigate or avoid the effects, or potential effects, of the nonconformity. If the product need to be recalled, the sponsor should instruct them how to send back the product in question.

Reference	Criteria
21 CFR 820.90(a)	Has the company established and maintained procedures to control product that does not conform to specified requirements?
21 CFR 820.90(a)	Do the procedures address the identification, documentation, evaluation, segregation, and disposition of a nonconforming product?
21 CFR 820.90(a)	Does the evaluation of nonconformance include a determination of the need for an investigation and notification of the persons or organizations responsible for the nonconformance?
21 CFR 820.90(a)	Have evaluations and investigations been documented?
21 CFR 820.90(b)(1)	Has the company established and maintained procedures that define the responsibility for review and the authority for the disposition of the nonconforming product?
21 CFR 820.90(b)(1)	Do the procedures set forth the review and disposition process?
21 CFR 820.90(b)(1)	Is the disposition of nonconforming product documented?
21 CFR 820.90(b)(1)	Does documentation include the justification for use of nonconforming product and the signature of the individual(s) authorizing the use?
21 CFR 820.90(b)(2)	Has the company established and maintained procedures for rework, including retesting and reevaluation of the nonconforming product after rework, to ensure that the product meets its current approved specifications?
21 CFR 820.90(b)(2)	Are rework and reevaluation activities, including a determination of any adverse effect from the rework upon the product, documented in the device history record (DHR)?

Disclaimer: Although the author had exhaustively researched all sources to ensure the accuracy and completeness of the information contained in this blog, but no warranty and fitness is implied. I assumed no responsibility and implied warranty of any kind for errors, inaccuracies, omission, or any inconsistency herein. No liability is assumed for incidental or consequential damages in connection with the use of the information contained herein. Readers should always use their own judgment and review all related regulatory guidelines. Guidelines can change over time.

External Quality Audits

As described in previous post entitled “the internal quality audit” and conversely, there should also be an external quality audits program in the medical device company. The internal quality plan is to audit the state of things with the internal quality system while the external audit is to audit the state of things with external business entities associated with the device manufacturer. Examples are contract research organization (CRO), contract manufacturing organization (CMO) and all sort of suppliers of components and parts.

Depending on the complexity of the medical device, sometimes, the sponsors has literally a few to a few hundred suppliers. These suppliers need to be constantly audited to ensure their quality system is in compliance to 21 CFR 820, ISO 13485, ISO 14971 etc.

Therefore, sponsor should have a procedure that can provide a system and instructions and to assign responsibility for conducting external audits of the quality management system of suppliers and CMO.

Aside from the procedure, sponsor should also has external audit plan, audit nonconformity report template, quality audit checklist and a great external quality audit team.

For audit plan: QA is responsible for planning and scheduling external audits of the quality system of CMO manufacturing processes and raw materials suppliers. Because of the enormity of the external audit program, therefore, it is prudent to choose the audit frequency based on status and importance of the processes, products and areas to be audited and as well as results from previous audits, previous nonconformities, CAPA and customer complaints. Typically, each supplier should be audited once in two years.

In the external audit plan, the dates, assignment of audit teams, areas to be audited should be set clearly and to be followed. External audit plans should be synchronized with management reviews of the sponsor’s quality system.

For external audit team: External quality team member should be qualified, experienced, have the necessary education, independent and able to write well and fast. External auditors must have expert level in ISO 13485, 21 CFR 820 and EU MDD, for example.

During the external auditing, external auditors seek objective evidence to demonstrate whether the audited activities conform to the requirements of the documented quality system, and whether the system is effectively implemented and maintained. When nonconformity is noted, it is brought to the attention of, and discussed with, the responsible individual of the department.

At the end of the audit, each noted nonconformity is documented using the audit Nonconformity Report. External audit team should fill out only the first part of the form, describing the nonconformity and handed over to the responsible individual who uses the second part to propose correction, corrective action or perhaps a remediation plan.

Upon receiving the report, the responsible individual investigates the cause/s of the problem noted as a nonconformity, proposes a correction or corrective action to be taken, and indicates the date by which the corrective action will be fully implemented. The external auditor reviews and approves the proposed action.

Documentation and Record: this is a critical part. External audits, implementation of resulting corrective actions, and follow-up audits are documented. At the end of an auditing cycle, all nonconformity reports established during the cycle are compiled and analyzed, and are presented at the management review meeting

Reference	Criteria
ISO 13485 /8.2.2	Are the company’s audit programs planned?
ISO 13485 /8.2.2	Do the audit programs take into consideration the status and importance of the processes and areas to be audited?
ISO 13485 /8.2.2	Do the audit programs take into consideration the results of previous audits?
ISO 13485 /8.2.2	Are the audit criteria, scope, frequency, and methods defined?
ISO 13485 /8.2.2	Does selection of auditors and conduct of audits ensure the objectivity and impartiality of the audit process?
ISO 13485 /8.2.2	Does the audit process ensure that auditors do not audit their own work?
ISO 13485 /8.2.2	Are the responsibilities and requirements for planning and conducting audits, and for reporting audits and maintaining records, defined in a documented procedure?
ISO 13485 /8.2.2	Does management responsible for the area being audited ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes?
ISO 13485 /8.2.2	Do follow-up activities include the verification of the actions taken and the reporting of verification results?

Disclaimer: Although the author had exhaustively researched all sources to ensure the accuracy and completeness of the information contained in this blog, but no warranty and fitness is implied. I assumed no responsibility and implied warranty of any kind for errors, inaccuracies, omission, or any inconsistency herein. No liability is assumed for incidental or consequential damages in connection with the use of the information contained herein. Readers should always use their own judgment and review all related regulatory guidelines. Guidelines can change over time.