The Food and Drug Administration (FDA) will evaluate the effectiveness of your internal quality audits and review the corrective actions pursued as part of the overall quality audit system. If a nefarious approach to executing quality audits is pursued, the reward will be a Form 483. If the FDA feels the violation is egregious, a warning letter will be forthcoming. In monopoly speak, “do not pass go and do not collect your two hundred dollars.”
Warning letter violations
As you can see by the abundance of warning letters, quality audits – specifically internal quality audits – are clearly on the FDA’s radar screen. Once again, the failure to perform a specific task, as mandated by quality system regulation (QSR), or adequate written procedures defining a specific task, has placed three organizations into the agency’s doghouse. The fundamental reason behind the performance of internal quality audits is for organizations to effectively monitor and sustain ongoing compliance to the QSR; and to pursue corrective actions when non-compliances to the QSR or their internal quality procedures are observed.
Warning Letter One (February 2010): Failure to conduct quality audits in accordance with established procedures to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system in accordance with 21 CFR 820.22. Specifically, your Internal Audit SOP requires annual internal audits; however, an internal audit has not been conducted on any quality system since October 2006.
Warning Letter Two (February 2010): Failure to conduct an audit to assure the quality system is in compliance with the established quality system requirements, 21 CFR Part 820; and failure of your “Internal Quality Audits” procedure, #13.1 Revision D, dated 8/06/07 to address the frequency of internal audits and assure that all parts of the quality system will be covered during the audit, as required by 21 CFR § 820.22.
Warning Letter Three (February 2010): Failure to establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. A report of the results of each quality audit, and reaudit(s) reports shall be reviewed by management having responsibility for the matters audited as required by 21 CFR § 820.22. Specifically, your firm does not have any written procedures relating to quality audits and management reviews, and does not conduct such audits or reviews at the time of this inspection.
When it comes to defining the requirements for quality audits, the QSR is prescriptive.
- QSR – Subpart B – Quality System Requirements: Section 820.22 Quality Audits
Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action(s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and reaudits shall be documented.
I am always amazed at how tasks as important as performing internal quality audits are often overlooked by medical device manufacturers or the significance and importance of audits are downplayed. Performing effective quality audits, and pursuing timely corrective actions, when non-compliances are noted and documented, is a sure-fire way to remain in the good graces of the agency.
Additionally, performing all of the quality audits at once, i.e., within a single day or week for an entire year, is not an acceptable approach. In fact, do not buy into the shibboleth (look it up time) that performing all of the internal audits at one time, each year, equates to compliance with the QSR, Let Dr. D assure you – it does not. Furthermore, a quality audit is only a snapshot taken at specific point in time. For example, if a quality audit on purchasing activities was performed on April 1, 2010 and there were no non-conformances noted, the conclusion drawn is that on that date, the purchasing function was in compliance with the documented quality system, procedures, and hopefully, the QSR.
Finally, the individuals performing the quality audits shall be trained and shall not have direct responsibility for the area being audited. If an organization is resource challenged, the use of consultants or third-party contractors to augment the quality audit process is acceptable. If contractors are employed for executing internal audits, make sure these individuals are adequately trained and qualified.
Effective audit program
So what are the salient points associated with an effective quality audit program? In Dr. D’s opinion, the process can be broken down into an eleven-step process (eleven being Dr. D’s lucky number), with the steps of the process being:
- Creation of a well-written procedure that delineates the quality audit process;
- Generation and posting of the internal quality-audit schedule;
- Training of the auditors;
- Pre-audit meeting;
- Actual performance of the audit;
- Post-audit debrief;
- Generation of the written audit report;
- Assignment of corrective action and completion of corrective action, if warranted;
- Verification of the effectiveness of the corrective action (follow-up audit);
- Adjustment of the audit schedule, if deemed necessary; and
- Inclusion of the audit results into the management review process.
One key ingredient for a successful quality audit program is blind-faith compliance with Devine Guidance Rule # 3: Document the results of all events in writing, because if it is not documented in writing, the event did not occur. Remember, although we all tend to categorize the friendly visits by FDA as an audit, they are not audits. The agency performs investigations and the outcome of these investigations can result in the assessment of criminal and civil penalties. This is something to keep in mind if you can be categorized as the ‘Chief Jailable Officer (CJO).’
The best defense for medical device manufacturers are clear and concise policies and procedures, internal compliance to these policies and procedures, training to these policies and procedures, and documented evidence (IN WRITING) of compliance to policies and procedures (hint – documented policies and procedures). Remember medical device manufacturers retain the esemplastic (look it up) power to implement effective quality tools that result in compliance with the QSR.
In conclusion, an effective system governing the execution of quality audits should be the first line of defense for medical device manufacturers. Well-trained auditors, supporting an all-encompassing approach for executing effective quality audits, provide substantial value and can result in Form 483 free investigations. Some free advice from Dr. D: focus on quality audits. I cannot stand on my proverbial soapbox and preach enough about the benefits of these audits. As a medical device manufacturer, you want to find and fix all potential non-conformances before the agency finds them. Remember if you are the CJO; picture yourself in a bright-orange jumpsuit. The vision should keep you on the straight and narrow path of compliance.
In closing, thank you again for joining Dr. D and I hope you find value in the guidance provided. Until the next installment, when I discuss Section 820.25 Personnel, – cheers from Dr. D. and best wishes for continued professional success.
Code of Federal Regulation. (2008, April). Title 21 Part 820: Quality system regulation. Washington, D.C.: U. S. Government Printing Office.
Devine. C. (2009, July). Exploring the effectiveness of defensive-receiving inspection for medical device manufacturers: a mixed method study. Published doctoral dissertation. Northcentral University. Prescott Valley, AZ.
FDA – U.S. Food and Drug Administration Website. (2010). Warning letters. Retrieved April 7, 2010, from http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/