MHLW MO 169 – Chapter 2/Section 6 – Internal Audit
Ohayou Gozaimasu. This week the term/phrase specific to Japan, the doctor would like to introduce to the readers, is “CJO
wo sagashite imasu” or for those of you with some degree of literacy in Japanese “CJO
を探しています。” The literal translation is “I am looking for the CJO (Chief Jailable Officer).” If a regulatory body comes looking specifically for the CJO, and you are the CJO, you just might want to consider lawyering up.
In this edition of Devine Guidance, the doctor will explore the need for performing internal audits. The doctor would like to add that the performance of timely audits or in some cases, not performing audits at all is one of the frequent non-conformances cited by Dr. D during the performance of audits for my clients. True story, I visited a supplier earlier in the year that emphatically stated that their organization “really did not have to actually perform audits, just plan for them.” Do you know how difficult it was for the doctor to keep from laughing hysterically? But hey, audits are a learning experience and hopefully the lesson taught by Dr. D was a memorable one.
Internal audits, regardless of the regulatory environment, are a fundamental requirement for an effective QMS. ISO 13485:2012; 21 CFR, Part 820, and Ministerial Ordinance 169 (MO 169), each clearly specifies that device manufacturers must plan and perform internal quality audits in order to gauge the overall effectiveness of the QMS. That being said, I hope you enjoy this week’s guidance.
Ministerial Ordinance Number 169 (2004)
Chapter Two “Manufacturing Control and Quality Control in Manufacturing Sites of Medical Device Manufacturers, etc.”
Section Six – Measurement, Analysis, and Improvement
(Internal Audit)
Article 56 The manufacturer, etc. shall conduct the internal audits at planned intervals to determine whether the quality management system meets the following requirements.
(1) To conform to the arrangements defined in the product realization plan, to the requirements of this Ministerial Ordinance and to the quality management system requirements established by the manufacturer, etc., and
(2) To be effectively implemented and maintained.
2. The manufacturer, etc. shall ensure that the audit program is planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of the previous audits.
3. The manufacturer, etc. shall ensure that the audit criteria, scope, frequency and methods are defined.
4. The manufacturer, etc. shall ensure that the selection of the personnel who conduct the audits (hereinafter referred to as “auditors”) and the conduct of the audits ensures objectivity and impartiality of the audit process.
5. The manufacturer, etc. shall ensure that the auditors do not audit their own work.
6. The manufacturer, etc. shall ensure that the responsibilities and requirements for planning and conducting the audits, and for reporting the results and maintaining the records are defined in the documented procedure.
7. The manufacturer, etc. shall ensure that the management responsible for the area being audited ensures that the actions are taken without undue delay to eliminate the detected nonconformities and their causes and the follow-up activities include the verification of the actions taken and the reporting of the verification results.
What device manufacturers need to know
The performance of an effective internal audit is a mission-critical requirement that organizations use to gage the effectiveness of their QMS and drive overall organizational improvements. MO 169’s requirement for internal audits contains sufficient granularity (similar to ISO 13485) for a device manufacturer to implement an internal audit program. The requirements for the internal audit program are relatively straight-forward. The internal audit program must:
- Be documented by an established procedure;
- Ensure audits, assessing all aspects of the QMS, are performed;
- Define audit frequency;
- Define the publishing of an audit schedule;
- Define audit scope and methods employed for auditing;
- Contain requirements and skills for auditors (recommend reading ISO 19011);
- Contain a requirement that auditors cannot audit their own work or functional organization;
- Ensure audit results, including non-conformances noted, are recorded and retained as a quality record;
- Ensure re-audits and increased frequency of audits are performed for problem areas; and
- Ensure that corrective action is pursued when non-conformances are identified during the execution of an internal audit.
What device manufacturers need to do
Dr. D appreciates the manpower resource challenges facing medical device manufacturers, especially small and medium size device manufacturers. The good news is hiring Second Party Auditors (
a.k.a. consultants like Dr. D) is an acceptable practice. The key is to ensure the Second Party Auditor is competent.
Another point Dr. D would like to make is that if your organization decides to use an external auditor, make sure the auditor trains to your Internal Audit SOP and evidence of this training is documented.
From the doctor’s stand point there are a number of different ways to meet the internal audit requirement. One – break the schedule down into small bites and spread the audits out monthly, covering the course of the year. Two – break the audits down into quarters and execute audits four times a year. Three – perform at least a well-scripted annual audit (least preferred approach). Regardless of the path, pick one, document it, and execute the audit(s). Please do not be that organization that states audits just have to be planned. Before the doctor forgets, it is always considered a best practice to map your organization’s QMS to specific regulatory requirements. That being said, Table 1.0 reflects an approach for mapping an Internal Audit requirement.
Procedure |
Procedure Name |
Requirement |
21 CFR, Part 820 |
EN ISO 13485:2003 |
MHLW MO 169 |
1266-1 Rev B |
Internal Quality Audits |
Internal Audit |
820.22 |
8.2.2 |
Article 56
|
Takeaways
For this edition of DG, the doctor will leave the readers with four takeaways.
- Use the internal audit program to gage the effectiveness of the QMS and to drive continuous improvements.
- Performing internal audits is not optional. Internal audits are mandated by MO 169.
- Make sure internal auditors are adequately trained (reference ISO 19011).
- If your organization does not have the resources available to perform internal audits, it is an acceptable practice to hire a 2nd Party Auditor (give Dr. D a Call).
Until the next edition of DG, when the doctor provides guidance on MO 169 – Chapter 2, Section 6 “Measurement, Analysis, and Improvement” (Articles 57 through 59 Measuring and Monitoring of processes, Products, and Specialty Devices), sayonara from Dr. D and best wishes for continued professional success.
- Code of Federal Regulation. (2011, April). Title 21 Part 820: Quality system regulation. Washington, D.C.: U. S. Government Printing Office.
- EN ISO 13485:2012. (2012, February). Medical devices – quality management systems – requirements for regulatory purposes (EN ISO 13485:2012).
- Linguanaut the Japanese phrases and expressions. (2012). Retrieved September 8, 2012, from http://www.linguanaut.com/english_japanese.htm
- Ministerial Ordinance 169. (2004). MHLW ministerial ordinance 169 on standards for manufacturing control and quality control for medical devices and in-vitro diagnostic reagents. Retrieved June 1, 2012, from http://www.pmda.go.jp/english/service/pdf/ministerial/050909betsu3.pdf
Related Articles
-
Connected devices already enable remote patient monitoring by collecting real-time data, such as injection date and time. With time, these benefits are likely to grow. Following are three areas where manufacturers are exploring new uses of digitalization in drug delivery…
About The Author
Dr. Christopher Joseph Devine
President
Dr. Christopher Joseph Devine is the President of Devine Guidance International, a consulting firm specializing in providing solutions for regulatory compliance, quality, supplier management, and supply-chain issues facing the device industry. Dr. Devine has 32 years of experience in quality assurance, regulatory compliance and program management. He is a senior member of the American Society for Quality (ASQ), a member of the Regulatory Affairs Professionals Society (RAPS), and a member of the Project Management Institute, and resides on several technical advisory boards. Dr. Devine received his doctorate from Northcentral University, with his doctoral dissertation titled, “Exploring the Effectiveness of Defensive-Receiving Inspection for Medical Device Manufacturers: A Mixed-Method Study.” Dr. Devine holds a graduate degree in organizational management (MAOM) and an undergraduate degree in business management (BSBM).