A global medical device company received an FDA 483 for failing to comply with the requirements of FDA QS regulations and ISO 14971 device quality system requirements for combination products in that:
a) the complaint and adverse event systems did not include provisions that allow for the review and determination of an investigation by the quality control unit;
b) product complaints were not opened at the time of AE triaging;
c) medical assessment requests for further investigations were not timely;
d) manufacturing-related investigations were not requested; and
e) no rationale was provided if a manufacturing investigation was not required.
The auditor concluded that the company was failing to ensure that post-marketing surveillance data was fed back into the risk management process to verify that the original risk determination was suitable and sufficient and that no new risks had been identified.
Results and Benefits
- Simplified processes with clear ownership and responsibilities;
- Fewer hand-offs meant improved communications between functions;
- All findings were addressed to the satisfaction of the inspector;
- the complaint and adverse event systems called for review and determination of an investigation by the quality control unit;
- product complaints opened at the time of AE triaging or before;
- requests for further investigations called for within 2 working days;
- a rationale written if felt that a manufacturing-related investigations is not required;
- post-marketing surveillance data is fed back into the risk management process closing the loop and future proofing against EU MDR requirements;
- The FDA 483 warnings were removed for these findings.
- Each of the complaint, adverse event and risk management systems were complex;
- Steps in each process were owned by different functions with hand-offs between;
- Quality and safety functions were not involved with R&D in the original risk determination;
- Each team member was very busy with the focus on entering the data as quickly as possible;
- Each function operated in its own silo;
- No clear single owner of the overall Complaints/AE/Risk systems
- Risk to patient safety due to non-compliant systems;
- Fines for non-compliance from the FDA.
Address each of the observations recorded by the auditor and verify that:
- the complaint and adverse event systems do include provisions that allow for the review and determination of an investigation by the quality control unit;
- product complaints are opened at the time of AE triaging;
- requests for further investigations are made within time limits;
- manufacturing-related investigations are requested if required and if not a rationale is to be provided;
- post-marketing surveillance data is fed back into the risk management process.
- A number of CAPAs were opened to address each individual section of the observations;
- Root Cause Analyses were conducted for each;
- The complaint, ICSR and risk management processes were mapped and re-engineered reducing the number of steps and hand-offs;
- Clear process ownership was defined;
- The supporting SOPs were amended through document control and approval;
- Relevant staff members were trained in the amended SOPs and training records were kept;
- Resources were reorganised with clear focus and objectives;
- Team structure was redefined and implemented;
- Clear KPIs and trending introduced.
- CAPA Management;
- Process Mapping and Process Re-engineering;
- Document Control and Training;
- Changes to departmental organisation and process ownership;
- Setting clear objectives and measures.