July 28, 2014

NERC and Industry Move in the Right Direction for Greater Reliability

Trey Kirkpatrick, Vice President, Energy & Utilities Compliance, AssurX Inc.

Vice President, Energy & Utilities Compliance, AssurX Inc.

There is a different feel out there in the NERC world, the Electric Reliability Organization (ERO) and the registered entities are working together more than ever since the mandatory implementation of the NERC standards in June 2007. I attended the NERC Member Representatives Committee (MRC) and Board of Trustees (BOT) meetings in Phoenix, AZ on February 5-6, 2014. There are many initiatives that are being implemented and proposed to the registered entities. Not only are the registered entities trying to keep up with very important and impacting standard changes such as COM-002, PRC-005, and the CIP version 5; they are also focused on some serious changes to their existing compliance programs.

Even as we were attending the NERC management meeting in Phoenix, the story of the serious physical attack on a California substation, not far from my own office headquarters, hit the news.

Registered entities have been working hard to manage the ongoing challenges with a struggling economy impacting revenues, more competition, environmental regulations, and cyber security threats. Never has it been more important for large, medium, and small registered entities to focus on risk-management and their internal controls. As the NERC staff was making presentations to the NERC Compliance Committee, the MRC and the NERC BOT, it was obvious that the registered entities have opportunities to improve their overall compliance programs and working relationships with NERC and the Regional Entities.

Some of the ERO’s key initiatives that are:

  • Definition of BES implementation
  • Reliability Assessment Initiative (RAI)
  • Risk-based Registration Assessment Project
  • Cyber Security
  • Human Performance

Electric UtilityIf you have never had the opportunity to experience a NERC MRC and/or BOT meeting, I really encourage you to go to one. You can go to regional workshops and NERC Standards and Compliance workshops, but there is no better way to understand the goals and vision of the ERO unless you are there first hand. There are open discussions, shared industry experience and lessons learned not only from NERC subcommittees, but also the North American Transmission Forum (NATF) and the North American Generator Forum (NAGF) leadership.

Gerry Cauley, NERC President and CEO, also provides a comprehensive overview of the goals, accomplishments, and direction of the ERO. The Regional Entities’ senior management staffs are there and dialogue between industry members is encouraged.

Mr. Cauley highlighted the ERO Enterprise’s top strategic 5 goals:

  • Goal #1: Develop clear, reasonable and technically sound mandatory Reliability Standards in a timely and efficient manner.
  • Goal #2: Be a strong enforcement authority that is independent, without conflict of interest, objective and fair and promote a culture of reliability excellence through risk-informed compliance monitoring and enforcement.
  • Goal #3: Promote a culture of compliance that supports reliability excellence within industry.
  • Goal #4: Identify the most significant risks to reliability, be accountable for mitigating reliability risks and promote a culture of reliability excellence.
  • Goal #5: Improve transparency, consistency, quality and timeliness of results; operate as a collaborative enterprise; and improve efficiencies and cost effectiveness.

These goals have been communicated in prior meetings and workshops, but never to the degree of actual implementation and working with the industry to accomplishing these goals. The real challenge for FERC, the ERO, and the registered entity is the identification of significant risks to reliability and mitigating these risks (Goal #4).

It is extremely important for the registered entities to be engaged in these initiatives and start developing their own risk-management program, the appropriate internal controls, and corrective action programs. Currently, there are pilot programs going on with registered entities and the ERO. Their results along with newly revised auditor handbooks, risk-based registration (not treating every functional entity the same), the RAI program will improve the focus on the critical issues regarding reliability.

After spending years in the industry and consulting with dozens of customers ranging from large to small utilities, co-ops and generators, it is encouraging to see registered entities working to identify their risks, implementing stronger compliance programs from industry experience and lessons learned, and developing internal controls. The transition will be challenging for everyone involved, but companies that build strong internal programs, controls, and focus on human performance will end up as industry leaders, have less burdensome oversight, and most importantly, provide a reliable bulk electric system for their customers and North America.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Medical Device Makers Urged to Play Nicer by Sharing Data

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

You shouldn’t need Barney the giant purple dinosaur to remind you of the playground mantra “sharing is caring,” but maybe the medical device industry needs to do some quick Netflix streaming of back episodes.

The Institute of Medicine (IOM), already working with more than a dozen drugmakers, the FDA and the National Institutes of Health (NIH), wants to see a little more enthusiasm from the medical device community when it comes to data sharing in device clinical trials. To be fair, this requires some delicate balance: Everyone wants to advance the public health, but it’s not fair to expect a drug or device company to just give away all of its hard-earned, costly proprietary data, either.

IOM understands that, it appears. Yet the medical device industry won’t be doing itself any favors by trying to ignore this issue. Beside the bad PR hit the industry could take, what happens if the FDA

info

decides to just swoop in and impose something on industry? The drug folks have had their input; the medical device industry would be well advised to speak up, too.

Industry and anyone else with interest in the issue has a few ways to get involved. Comments on IOM’s proposed framework for getting this right can be sent here until March 24.

For those in the area or looking for a nice trip, there are also two open workshops in Washington D.C. on Feb. 3-4 and May 5.

Seems like the medical device industry has a clear choice here. Speak up now, or don’t complain later.

Reminds me of another useful slogan: Silence is consent.

IOM’s proposed framework is can be found here.

Info on the public workshops is here.

 

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Analysis: No Need For State of the Union Analysis

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Those of us in and around Washington D.C. like to tell folks leading up to a president’s State of the Union (SOTU) address that the speeches rarely matter and are generally forgotten while the teleprompter’s still warm.

Then we analyze them to death for a few days. I don’t mean to sound cynical, but it does tend to help cable TV ratings and maybe even sell a few of those funny flat things called newspapers.

First, a little perspective might be in order. The good folks at the History Channel remind us that most SOTUs are remembered for reasons less to do with policy and more to do with current events. They point out that Harry Truman’s SOTU was kind of a big deal because…it was the first ever televised. Bill Clinton’s second was also a big deal…because everyone wanted to hear if he’d resign because of Monica Lewinsky and her blue dress.

President’s Reagan and Bush II delivered memorable SOTUs, among others, but in both cases they came after significant events — the Reagan assassination attempt, and 9/11, respectively — and they will probably be remembered more for emotional and not policy reasons.

Still, if CNN, MSNBC, FOX and everyone else can breathlessly analyze them seconds after they’re delivered, why not do it here from a medical device perspective.

It might be interesting to start with something President Obama didn’t talk about in his 2014 address: The Medical Device Excise Tax. It’s still out there, and its prospects of becoming the law of the land have ebbed and flowed over the past year, but the President chose not to bring that one up.

To be sure, the President did devote a lot of the SOTU to domestic issues including healthcare. However, that focus was mostly on the Affordable Health Care Act. That one’s not going away anytime soon, and we’re not going anywhere near that here today.

Now back to the SOTU and the medical device community.

state_of_the_unionSmart communications professionals who work for trade associations and private companies listen closely to the SOTU for anything, anything they can connect their industry to in order to get media coverage. This time, when President Obama spoke about the general need for innovation in this country, some saw the opportunity.

“The President is absolutely correct that investments in innovation will help the United States remain the global economic leader in the 21st century,” Medical Device Manufacturers Association (MDMA) President and CEO Mark Leahey said after the SOTU. “While there will be numerous debates on how we can improve our economy, there is widespread agreement that high tech job creation and reducing the cost of health care play a central role. Medical technology innovators have a proud tradition of meeting these important goals, but we cannot take for granted that this will always be the case.”

Meanwhile, the folks at the Advanced Medical Technology Association (AdvaMed) took a similar approach — but added a whack against the Medical Device Excise Tax in their response to the SOTU.

Its President, Stephen J. Ubl, commended the other President, “AdvaMed applauds the President’s support for the growth of high technology manufacturing jobs and the importance of innovation to economic growth in [Obama's] State of the Union.

“In support of that goal, we urge Congress to act promptly to repeal the medical device excise tax. America’s medical technology companies are leading the world in the development of innovative, life-saving, life-enhancing medical progress – but that lead is eroding. Repealing the medical device tax would support the bipartisan goal of helping companies large and small reinvest in R&D, hiring or expanding.”

President Obama didn’t mention medical devices specifically anywhere in the speech, but what the heck. SOTU’s rarely mean as much as we in the media like to tell you, remember?

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Medical Device Industry Identifies Some Problems with Agency’s UDI Initiative

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Let’s start with what most everyone agrees on: The Unique Device Identification (UDI) program is a swell idea.

It gets a little trickier after that.

In extensive comments, the Advanced Medical Technology Association (AdvaMed), Boston Scientific, and Merck, among more than a dozen others, generally voice support for the UDI concept, while finding lots and lots to say about where the FDA’s September Draft Guidance could use improvement.

Noting that implementing UDI will be a “costly proposition,” AdvaMed stresses that the length and complexity of the implementation plan demands a “living document” approach that will allow industry and the FDA to update and improve the guidance as both sides learn more during set-up. AdvaMed follows with 61 specific comments, with suggested changes.

Coviden, manufacturer of medical devices and medical supplies, echoes AdvaMed’s comments, and tosses another 22 into the mix, including a request that the guidance remain open for feedback and comment until the September 24, 2014 implementation deadline.

Merck, among other commenters, requested clarification and summarization regarding the scope of products for which data must be submitted to the Global Unique Identification Database (GUDID). Merck also asked FDA to add information regarding deadlines for submitting data to GUDID.

X-ray of hipBoston Scientific, noting that its medical devices already bear unique identification via HIBCC or GS1 standards, calls FDA out for what it labels “inconsistencies” with the FDA UDI Rule.

To pick one of their examples, and joining several other commenters in making this point, Boston Scientific claims the data elements column “Required?” is unclear because it fails to clarify if it is required to follow the rule based on regulatory requirements or validation requirements. “The meaning of ‘required’ should be clarified so that BOTH regulatory and system validation requirements are clearly identified in this guidance.”

FDA’s got its work cut out for it here, particularly with the recent departure of its UDI guru, Jay Crowley, for the greener fields of consultantdom.

We can offer some small consolation though: Crowley leads a webinar on UDI implementation from his new professional perch. Information is here:

 

Final UDI rule as published in Federal Register

FDA’s UDI page

Previous AssurX blog on UDI

The entire comment letter line-up is available here

 

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA’s 2014 Promises Increased International Operations, Label Enforcement

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Given the fact that the FDA probably doesn’t know what it plans to do in 2014, predicting their actions is challenging, to put it mildly.

With that slightly weasel-like caveat, it’s worth noting three events in 2013 that will almost certainly impact 2014:

1) CDRH’s Office of Compliance Reorganization: With the addition of a Division of International Compliance Operations, watch for the FDA to shift focus and some budget funds to increased inspection and audits of foreign device manufacturers, and increased crackdowns on promotional claims (see below). Steve Silverman, Office of Compliance Director, is making the public relations rounds of late with events at a trade shows and the like. He’s stressing that the new “look” OC will better harmonize and broaden enforcement efforts. We’ll keep an eye on this and report back.

FDAlogo2) Device Off-Label Enforcement: If the old expression “the past is prologue” holds true, device makers would be well advised to take a good hard look at any public claims they, or a surrogate such as a doctor at a trade show, make about the wonderful things its gizmo can or will do for patients. Between May 1, 2012 and April 30, 2013, CDRH averaged two letters per month hitting device makers for making claims outside their 510(l) clearance and making claims requiring additional data they didn’t provide, among other issues. Early anecdotal evidence suggests this trend of more focus and more warning letters will continue to climb in 2014. Again, we’ll keep an eye out.

3) UDI Finally: FDA issued the long-awaited Unique Device Identification (UDI) Final Rule in September. Its driving force and 27 year FDA veteran Jay Crowley, has since left the agency for a consulting gig. It remains to been seen what impact, if any, his departure will have on an issue that’s vexed industry and the agency for many moons. I can’t think Crowley leaving is any kind of net plus in terms of helping to fine-tune the rule. Time will tell. Then we’ll tell you.

I didn’t even factor in the possibility of more budget shenanigans in Washington, D.C. I’m a naive romantic, and I’m not going to go there until I have to.

Happy new year!

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA VCIP Program: Too Much Stick, Not Enough Carrot?

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

It’s a growing trend in these United States: paying extra for convenience such as bypassing the riffraff in airport security lines, or whizzing past mere mortal motorists on pristine for-pay express lanes.

Where I live in the Washington, D.C. area, the new express road program in Northern Virginia’s clotted traffic arteries appears to be a hit. For a buck or two, you get out of the more crowded free lanes. And you are allowed to go 65 miles an hour, while the peasants are held to 55 mph!

On the other hand, the express lane program at Reagan National Airport doesn’t appear to be generating much traffic.

If the FDA’s new VCIP (Voluntary Compliance Improvement Program) is trying to ride the “pay for convenience” bandwagon, early anecdotal evidence suggests they’re resembling airports more than highways. We’re hearing many in industry say the VCIP program doesn’t offer enough of an incentive to take on the extra work.

Undaunted, FDA released earlier this week a document that reads like a nice, bureaucrat gently trying to convince industry to give the program a try.

The joint pilot project housed in the Center for Devices and Radiological health (CDRH) and Office of Regulatory Affairs (ORA) “differs from the FDA’s traditional oversight model by allowing firms to voluntarily self identify and correct possible regulatory violations instead of undergoing FDA inspection.”

Regulated entities have to apply to participate, but those with violations that raise “imminent” public health concerns needn’t bother.

Here’s the FDA’s big carrot: “The FDA supports using new approaches to help companies come into compliance. These approaches benefit industry and may decrease the number of inspections that the FDA performs or permit the agency to focus on manufacturers with serious and ongoing problems.”

Pacemaker150Hmm. I guess I’m not super surprised that initial industry enthusiasm appears weak. To my knowledge, FDA has not released any statistics about participation. I’m basing my very early days’ assessment on discussions with medical device firms and consultants at recent trade shows and the like. I could be wrong, and VCIP might turn out to be a big hit.

If you want to get picked, know that FDA will identify manufacturers eligible to participate in VCIP through its 2014 inspection work plan and offer them an opportunity to apply rather. For the pilot, the FDA will choose three to five applicants. Of course, their feedback, whether official or in trade show hallway conversations, will tell us a lot about the merits of VCIP.

While it promises some benefits down the road, initial participation in VCIP sounds like it will just add another layer to a device manufacturer’s compliance program. VCIP participants will be required to retain an outside expert consultant to assess their manufacturing and quality assurance systems and to monitor and certify that they are following program requirements. Firms must also demonstrate the ability to define problems, analyze root causes, create appropriate corrective actions, and verify that the actions taken were effective.

If a firm does not meet its commitments under the VCIP, or if the FDA and the firm disagree about any of the results, then the firm may be removed from the program and undergo FDA inspection, which could lead to regulatory action. If a manufacturer ends its participation in the VCIP, it would be subject to FDA inspection and any resulting regulatory action.

FDA gets to the potentially big benefits toward the end of the new VCIP document. If you are selected and pass the tests, your firm “will not be subject to routine surveillance inspection while program participation is underway.” The exemption will be good for two years after a manufacturer successfully completes the program. FDA says it will also expedite review of export certificate requests and prioritize device and pre-amendment determination requests from program participants.

Clearly it’s too early to judge whether VCIP will be a success. And FDA is to be applauded, I think, for trying something a bit new.

Still, here’s hoping VCIP becomes the equivalent of sailing down the relatively empty highway at 65 mph, while others are slogging through heavy traffic at lower speeds.

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

The Much-Anticipated CIP Version 5 Final Rule Released by FERC

Trey Kirkpatrick

Vice President, Energy & Utilities Compliance, AssurX Inc.

At the FERC Commission meeting on November 21, 2013, the Commission approved the CIP version 5 Standards that addresses the cyber security of the bulk electric system.  As stated in the FERC final rule, these standards are an improvement over the current effective CIP version 3 Standards.  CIP version 5 requires the industry to adopt new controls and expands the scope of systems that are protected by the CIP standards.  The Commission also approved definitions associated with the CIP Standards and directed NERC to make modifications to CIP version 5 and submit informational filings back to FERC.

FERC LogoOne of the key decisions, as requested by the ERO, was the Commission’s approval to allow registered entities to transition from currently-effective CIP version 3 Standards to compliance with CIP version 5 Standards.  The CIP version 4 approved Standards will not become effective.  CIP version 3 will remain in effect until the effective date of CIP version 5.  The Commission also approved the implementation plan and effective dates proposed by NERC.

Some of the key highlights from the FERC Order:

  • The CIP version 5 Standards identify and categorize BES Cyber Systems using a new methodology based on whether a BES Cyber System has a Low, Medium, or High Impact on the reliable operation of the bulk electric system. At a minimum, a BES Cyber System must be categorized as a Low Impact asset. Once a BES Cyber System is categorized, a responsible entity must comply with the associated requirements of the CIP version 5 Standards that apply to the impact category.
  • The CIP version 5 Standards also include 12 requirements with new cyber security controls, which address Electronic Security Perimeters (CIP-005-5), Systems Security Management (CIP-007-5), Incident Reporting and Response Planning (CIP-008-5), Recovery Plans for BES Cyber Systems (CIP-009-5), and Configuration Change Management and Vulnerability Assessments (CIP-010-1).
  • The Commission directs NERC to remove language found in 17 requirements in the CIP version 5 Standards that requires responsible entities to implement the requirements in a manner to “identify, assess, and correct” deficiencies.   We support NERC’s move away from a “zero tolerance” approach to compliance, the development of strong internal controls by responsible entities, and NERC’s development of standards that focus on the activities that have the greatest impact on Bulk-Power System reliability. However, the Commission is concerned that the proposed language is overly-vague, lacking basic definition and guidance that is needed, for example, to distinguish a successful internal control program from one that is inadequate.

Note the Commission response to the “identify, assess, and correct”

“We would prefer approaches that would not involve the placement of compliance language within the text of the Reliability Standards to address these issues. We understand that NERC has inserted the “identify, assess, and correct” language into the CIP Reliability Standard requirements to move its compliance processes towards a more risk-based model. With this objective in mind, we believe that a more appropriate balance might be struck to address the underlying concerns by developing compliance and enforcement processes that would grant NERC and the Regional Entities the ability to decline to pursue low risk violations of the Reliability Standards. Striking this balance could be accomplished through a modification to the Compliance Monitoring and Enforcement Program. We believe that such an approach would: (1) empower NERC and the Regional Entities to implement risk-based compliance monitoring techniques that avoid zero defect enforcement when appropriate; (2) allow the Commission to retain oversight over the enforcement of Reliability Standards; and (3) ensure that all Reliability Standards are drafted to be sufficiently clear and enforceable.”

  • The Commission directs NERC to develop modifications that address security controls for Low Impact assets. The adoption of the Low Impact BES Cyber Asset category will expand the protections offered by the CIP version 5 Standards to additional assets that could cause cyber security risks to the bulk electric system. Specifically, categorizing BES Cyber Systems based on their Low, Medium, or High Impact on the reliable operation of the bulk electric system, with all BES Cyber Systems being categorized as at least Low Impact, offers more comprehensive protection of the bulk electric system. However, the CIP version 5 Standards do not require specific controls for Low Impact assets nor do they contain objective criteria from which to judge the sufficiency of the controls ultimately adopted by responsible entities for Low Impact assets. The Commission directs that NERC develop modifications to the CIP version 5 Standards to address this concern. While NERC may address this concern by developing specific controls for Low Impact facilities, it has the flexibility to address it through other means, including those discussed below.
  • The Commission directs NERC to submit an informational filing one year from the effective date of this Final Rule that assesses, based on the survey results, whether the BES Cyber Asset definition will, with the 15- minute parameter, cover the assets that are necessary to ensure the reliable operation of the Bulk-Power System.
  • Commission directs NERC to create a definition of communication networks and to develop new or modified Reliability Standards that address the protection of communication networks.  The Commission also directs its staff to include the issue of protecting the nonprogrammable components of communications networks in the staff-led technical conference discussed herein.

For more information: 

NERC CIP Version 5 Implementation Plan

Version 5 Critical Infrastructure Protection Reliability Standards, Docket No. RM13-5-000

Commissioner LaFleur’s comments

Trey Kirkpatrick is Vice President of Energy and Utilities for AssurX, Inc., a leading provider of energy and utility enterprise compliance management solutions.

 

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA Draft Medical Device Development Tools Guidance is Here to Help

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

A new FDA draft guidance just issued by the Center for Devices and Diagnostic Health (CDRH), outlining a voluntary process for qualification of medical device development tools (MDDT), is designed to facilitate the development and “timely evaluation of innovative” medical devices, the Center says.

An MDDT is a scientifically validated tool — such as a clinical outcome assessment or a test to detect or measure a biomarker — designed to aid device development and regulatory evaluation.

The guidance, issued November 14, 2013, describes the framework and process of voluntary CDRH qualification of MDDT.

It also includes a helpful definition of key concepts that provide something of a window into FDA’s viewpoint and regulatory expectations. Here are two important examples of how FDA views the world:

  • Qualification: A conclusion that within a specified context of use (FDA’s italics), CDRH expects that the results of an assessment that uses MDDT can be relied upon to support device development and regulatory-decision making.
  • Context of Use: Use defined in part by the device or product area for which the MDDT is qualified, the stage of device development, and the specific role of the MDDT.

FDAlogoCDRH is developing a qualification process because it provides a mechanism for leveraging advances in regulatory science, encouraging MDDT development and adoption, and “facilitating faster, more efficient device development and regulatory evaluation,” the draft guidance states.

However, the guidance intentionally stays away from any specific evidentiary or performance expectations the agency would have for qualifying a specific MDDT.

FDA is accepting comment and suggestions for revising the guidance until early February 2014. Electronic comments should be sent to http://www.regulations.gov.

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

HighPoint Solutions Announces Quality Partnership with AssurX

HighPoint SolutionsHighPoint Solutions, LLC, a premier, global provider of specialized IT services dedicated to the life sciences and healthcare industries, and AssurX, Inc., a leading Enterprise Quality Management and Regulatory Compliance Software company, are announcing the formalization of their ongoing strategic partnership.

Vice President of Quality & Compliance, Robert Lorence, said, “HighPoint’s extensive domain experience in Quality Systems and AssurX’s product CATSWeb, a very powerful Quality Management System with Training Management and Document Management “built in”, has resulted in a very robust offering for clients.” Lorence continues, “Working together we will further our ability to bring value, competitive edge, and innovative thinking to our clients in a demanding and ever-changing regulatory environment.”

AssurX has offered clients a turnkey approach to projects coupling the AssurX Professional Services Organization (APSO) for configuration and implementation of the CATSWeb product with HighPoint’s Project Management, Business Analysis and Validation services.

Jeff Mazik, Vice President of Life Science Solutions at AssurX said, “The partnership between AssurX and HighPoint allows both our companies to better serve our current and future customers. HighPoint can help their customers identify a best of breed Quality Management solution that consistently meets the customer’s particular business needs and regulatory requirements. At the same time, AssurX is able to complement its Professional Services offerings to its customers with specialized assistance in terms of validation resources and professional project management to Life Science companies located all over the world.”

About HighPoint Solutions
HighPoint Solutions is a premier, global provider of specialized IT with vertically-focused business consulting, system integration, professional service, and managed hosting solutions for life sciences and healthcare companies.   Since 2000, our 500+ consultants have provided business consulting and technology solutions that continue to deliver business value and competitive advantage to more than 140 clients globally. For more information about HighPoint Solutions and their upcoming events, please visit http://highpointsolutions.com/

About AssurX, Inc.
AssurX, Inc., provides highly regulated life science organizations with enterprise quality management and regulatory compliance solutions. With a choice of OnDemand (SaaS) or OnPremise (licensed) software delivery options, AssurX’s flexible, all-in-one system automates quality and compliance processes so issues can be centrally managed. It helps collect, organize, analyze and share information to better manage and improve quality and compliance performance everywhere in your enterprise. For more information, visit http://www.assurx.com.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA Looks Overseas, Doesn’t Like What it Sees

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Thanks to the folks in Washington, most anything having to do with the federal government is closed until further notice. That means fixtures like the Grand Canyon and the Library of Congress (LOC) are off-limits.

The FDA is feeling the pinch too. It’s had to send about half of its staff home, according to RAPS. FDA’s website won’t be updated, either.

The lion’s share of the pre-shutdown device-related warning letters involved overseas entities. A good example comes in a September 5, 2013 letter to Vincent Medical Manufacturing Company, based in Dong Guan City, China.

FDA kicked the tires at this manufacturer of breathing circuits and sterile fluid management injection systems, and didn’t like some of what it saw. For example, Vincent’s Corrective and Prevention Action (CAPA) failed to establish and maintain a number of procedures.  Vincent was also charged with failing to ensure that inspection and test procedures could be validated with a “high degree of assurance.”

FDA also chided Vincent for “failure to establish and maintain procedures to ensure that participants at each design review include representatives of all functions concerned with the design stage being reviewed.”

FDAlogoFDA sent an August 26 letter to Bio Focus Co., based in Uiwang, Republic of South Korea.  FDA hit that firm for an inadequate CAPA program, process validation, device design validation, management of suppliers and other outside vendors, and environmental controls, among several other issues. Bio Focus manufactures Sure-Aid pregnancy tests.

In Taiwan, FDA challenged St. Shine Optical, manufacturer of contact lenses, for several shortcomings. Shortcomings cited in the August 26 warning letter include: inadequate validation reports, design control procedures, and process controls.

Earlier in August, FDA issued a warning letter to Denmark-based Dako Denmark, manufacturer of the HER2 CISH pharmaDx kit. In the August 21 letter, FDA noted that the firm closed six CAPA’s, but failed to provide any evidence that the CAPA’s were effective.  FDA also hit the firm for inadequate process validation protocol, and complaint processing.

FDA returned to the U.S. with a September 20 letter to Medical Device Resource Corporation. The Livermore, California-based maker of the LS2 Aspirator, and the K Pump was issued a warning letter because it’s process validation, outside products, and other product controls were found lacking.

Elsewhere in California, Medtronic MiniMed was hit with, among others issues, inadequate CAPA, device control, and complaint management. That came in a September 19 warning letter.

While medical device makers may not be overly worried about a hobbled FDA, let’s all agree that it would be nice someday to be allowed to visit the Grand Canyon and the LOC again. Those are both bi-partisan places, right?

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare