CAPA

Circle of Compliance Part IV: Improve

September 27, 2010 By Sal Lucido 1 Comment

Sal Lucido, VP Enterprise Solutions, AssurX

In Part I, Part II and Part III of this series we discussed the benefits of using a closed-loop process for managing regulatory compliance (pictured below). We discussed how setting up Key Performance Indicators (KPIs) that monitor performance to goals is a good way to Check that processes are working properly thus reducing the need to perform manual audits of a given operation. We also looked at how to collect and process problem information ensures that the right information is collected, the problem is contained and that the root cause is identified. This sets us up for the next step, which is to fix the problem by executing a Corrective Preventive Action (CAPA) project.

The primary goal of this step is to implement changes that correct (corrective action) the problems and prevent recurrence (preventive action). This is where we get our payoff; this is where we ‘close’ the loop. Remember the overall goal is to systematically and continuously improve regulatory compliance. The inputs we will need to execute the CAPA project are show in Figure 1 (below).

Corrective Action Inputs

Problem Scope: Determine the boundaries of the problem we are trying to solve. Trending helps determine the scope. If the scope is too narrow the project will not address all of the future potential issues. If the scope is too broad the project may be too time consuming and expensive.

Root Cause(s): In the previous step we determined the root cause or causes. Check that the corrective actions taken in the project address all of the causes.

Project Schedule: Determine how long this project is expected to take or how long you want to allow it to take. Time is money. This will guide your resource loading decisions.

Project Costs: Determine the overall project budget. Include all labor and material costs.

Determining the Root Cause or Causes is a crucial part of the process. Here are two effective methods for making this determination. The Eight Discipline workflow shown in Figure 2 is optimized for larger, multi-member team projects.

8 Discipline Workflow

The Five Why Methodology shown in Figure 3 is an effective technique for separating symptoms from causes. The example in the diagram illustrates this process.

5 Why Methodology Principle: Five or more iterations of asking why is generally sufficient to get to a root cause.

Once you have all of this information you can execute the CAPA project. The CAPA project outputs are shown in Figure 4.

Corrective Action Outputs

Action Items: Define and assign each task that needs to be completed. Unassigned tasks never get done.

Due Dates: Refer to your project schedule and consider the order of action item execution to set target due dates for each task. With team projects have each member report progress to due dates. Missing due dates is a symptom of a problem with the project (not enough resources, unclear tasks, etc.). Address these to keep the project on schedule and budget.

Document Changes: If you don’t change the ‘process’ and/or ‘product’, which are documented in your ‘procedures’ and/or ‘specifications’ – then you are not improving your operations. Remember what Einstein said: “Insanity is defined as doing the same thing over and over again and expecting different results.”

Notification and Training: If a tree falls in the forest and no one is around to hear it, does it make a sound? The same can be asked of CAPA projects. If process and products are change and no one is notified or trained on these changes, did we make an improvement? I know the answer to the second question, no.

Verification: Check to make sure the project solved the problem. This step usually takes place sometime after the project is completed. Set up the verification criteria and date before closing the project.

And there you have it – we have closed the loop. We have defined how a closed loop process defined by what I call the “Circle of Compliance” is used to automate a process that continuously “pulls” the operations toward meeting regulations. By replacing a manual ‘audit’ and ‘check’ routine with this process your company saves time and money while improving its ability to comply with industry regulations. This is the definition of a win-win situation.

Sal Lucido is Vice President, Enterprise Solutions at AssurX, Inc. You can follow him athttp://twitter.com/ComplianceTips

Filed Under: Quality Management, Regulatory, Sal Lucido Tagged With: CAPA, Quality Management, Regulatory Compliance, Sal Lucido

Savvy Compliance Strategy Part III: How to Track Problems

July 13, 2010 By Sal Lucido 4 Comments

Sal Lucido, VP Enterprise Solutions, AssurX

In previous series of articles Part I and Part II, we discussed the benefits of using a closed-loop process for managing regulatory compliance (pictured below). I also showed how setting up Key Performance Indicators (KPIs) that monitor performance to goals is a good way to Check that processes are working properly, thus reducing the need to perform manual audits of a given operation.

The Circle of Compliance

Let’s now take a closer look at the Track Problems step. The primary goal of this step is to collect and analyze data related to operational problems. This is a vital prerequisite for the next step in the process: Improve. Remember our overall goal is to systematically and continuously improve regulatory compliance. So let’s first take a look at collecting data.

Collecting data about operational problems sounds like an easy task, but it turns out to be anything but. First of all, there is a cultural stigma associated with anything that is labeled as a problem. This is because, where there is a problem, there is blame. And where there is blame, there are consequences. Given the fact that we are talking about consequences associated with someone’s livelihood, this is not something to take lightly. Therefore it is important to set a “tone from the top” that let’s employees know that the data will be used to improve operational processes and not punish employees. It is also helpful to ask employees to suggest improvement ideas. I’ve even seen some companies acknowledge and reward employees for suggestions that result in positive actions. These are all good ways to encourage problem reporting. You want to tip the scale in favor of logging problems as shown in the illustration.

Logging Problems

The next question is, “What data should we be collecting?” Let me start by pointing out that some data is better than no data. Waiting to create the perfect system will result in the loss of valuable information that could have alerted you to looming problems. So at the very least, start collecting data any way that you can.

I have seen hundreds of problem tracking forms spanning many processes and many industries. I’ve created product issue forms, process problem forms, out of spec forms, suggestions forms for industries regulated by the FDA, NERC and the SEC. I’ve summarized four design tips in the next illustration.

The Four S's: Problem Tracking Form Design Tips

Now that you are collecting problem data, what should you do with that data? The high level steps for processing issues are: Identification, Investigation, Immediate Actions, Analysis and Planning for Further Action.

Problem Processing Flowchart

This is a summary of what each of these steps involves:

Identify: Collect problem data from all sources. Route these to someone that can determine immediate actions and investigate the problem.

Investigate: Look into the problem beyond the initial problem report. Look for trends from other sources (employees, vendors, customer) and from similar product and problems.

Immediate Actions: This step may be performed in parallel with or before the Investigate step. Determine if there are any immediate actions that need to be taken to contain the problem. While you are looking for root causes you don’t want the problem to grow or continue to do damage.

Root Cause Analysis: This is different from the initial investigate step in that you now are trying to determine what actually caused the problem. During the investigation you may determine that the problem was a result of operator error. But the root cause analysis may reveal that the operating procedure is unclear and is in fact the root cause of the problem.

Plans for Further Action: Once you have established the root cause you can take actions to Improve operations. In this step you would plan out what those improvement actions will entail, who will implement them, and how long they will take to enact. Typically this Corrective Action project requires management approval to allocate the required resources.

One benefit of this process is that a single Corrective Action project can address multiple problems. See the following illustration.

Investigation Funnel

The next step is to Improve operations through implementing the corrective action project. We will take look at that step in the next article.

Read Part IV.

Sal Lucido is Vice President, Enterprise Solutions at AssurX, Inc. You can follow him at http://twitter.com/ComplianceTips

Filed Under: Electric Reliability, FDA Regulated, Quality Management, Regulatory, Sal Lucido Tagged With: CAPA, Quality Management, Regulatory Compliance, Risk Management, Sal Lucido

FDA Lifts Curtain on Inspection Process, Rationale

March 25, 2010 By Michael Causey 2 Comments

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Gotta give the FDA some credit here. In addition to its transparency initiative we’ve talk about before, the agency is also trying to remove some of the mystery about how it handles inspections and other inner workings at the FDA. From where I sit, it appears to be a sincere effort and I believe it is helping outsiders better understand what the FDA is trying to do – and how it is trying to do it.

For example, at the second in a new series of monthly online webinars, FDA’s Michael C. Rogers, deputy director, Office of Regional Operations, said today (March 25, 2010) tried to outline how an FDA inspection tends to work, and what drives inspectors before, during and after an inspection.

As an aside, Rogers also said that the agency currently has about 1,800 total inspectors across its full portfolio, though food gets the bulk of the bodies. He also said there will be more foreign inspections this year, and that the number should continue to grow.

Inspections are based on risk, Rogers said. In other words, the riskier the potential drug, device or food item, the more likely they will be inspected.

Most inspections are unannounced, Rogers said. Before they go on-site, the inspector on inspection team will look at previous inspection reports and identify what corrective actions were promised during prior inspections. They also prepare inspection tool kits with sampling equipment, info to drive inspection based on guidance documents and the Investigation Operations Manual. They also carry a camera to document evidence.

They also conduct “for cause” inspections driven by consumer complaints or other outside activity.

Typically, the inspection begins with a discussion with management to explain the purpose of the inspection, and they try to learn about the corporate structure and any changes made since last inspection. They also ask about complaints, positive tests or returns. Answers to those questions help FDA inspectors focus their on-site efforts.

Next, they go to the physical manufacturing area. They try to observe and understand the on-site process. They ask about acceptance criteria and want specifics on failures, especially the reasons.

Inspectors also draw a diagram of the facility showing the manufacturing process from start to finish. They’re looking for problems in the system and looking to identify critical control points in the manufacturing process.

FDA inspectors then identify procedures in place and assess if company is actually following them. They also look for controls in place to mitigate any contaminated products.

They also look at training and cleaning programs. They also watch employees while they are actually making the product.

If they find evidence of an adulterated product, they collect evidence based on inspector observations and collect samples to prepare their case for possible legal action in court.

At conclusion of inspection, the FDA team meets again with management. They then inform the top company official what is in the official Form 483. That form documents observations during the inspection but does not include final recommendations. They also ask for the firms corrective actions planned or in place to get into compliance.

These corrective actions are taken into account as agency formulates official recommendations.

After the inspection at the firm, the inspector develops a report back at the home office. It includes evidence collected and what the firm has already agreed to do about any shortcomings.

In some cases firms can offer voluntary corrections. But sometimes the agency decides it needs enforcement action such as a warning letter, and can also impose civil and/or monetary penalties.

The webinar was extremely popular. In fact, it “sold out” so many who tried to join it could not get in to the live event. There will be a recording available on Monday March 29.

UPDATE: Slides are now available from this event here in PDF format.

Filed Under: FDA Regulated, Food, Medical Devices, Michael Causey, Pharma/Biotech, Regulatory, Risk Management, Uncategorized, Warning Letters/Recalls Tagged With: CAPA, Complaint Handling, Corrective Action, FDA, Food Safety, Pharma, Quality Management, Regulatory Compliance, Risk Management

Part II: Former FDA Inspector Miles | Key to Avoiding More Trouble with the FDA is Identifying Root Cause

March 23, 2010 By Tamar June 1 Comment

Ken Miles, Former FDA Inspector

Ken Miles, a 28 year veteran of the FDA, is today a widely-respected industry consultant to the medical device industry. He draws on his extensive experience to help firms effectively and efficiently comply with FDA requirements. Ken’s expertise includes evaluating Good Manufacture Practice (GMP) and Good Laboratory Practice (GLP) compliance, Quality System Regulations, and QSIT certification inspections (Management, Design, Process Controls, and CAPA).

In this multi-part series, we talked with Ken about FDA medical device inspections, CAPA, quality systems, audits, training and more.

Q: Where do you think companies fall short when it comes to implementing CAPA systems?

A: Some companies have a great CAPA program that is tied in with metrics, management reviews, etc., but ultimately may be only looking at trend analysis studies of post-production products. Unfortunately, they neglect trends with suppliers and internal production operations, or visa versa. Valuable data can be obtained for correcting problems in their factory by looking at all trends: suppliers’ and in-house non-conforming materials and components, scrap rates, training issues, complaints, competitors’ non conformances (ie Warning Letter), etc. Sometimes they’ll discover ”a peak in noncomformance with a certain product line”, but they fail to break it down to reveal that the nonconformance(s) only involve one or two models within the product line which is often the real culprit.

Company managers need to ask themselves, is it one model or all models? A certain shift? A certain part of the plant? Finding the root cause is very important in order to effectively resolve the problem(s). Companies need to isolate the problem and find out if it’s widespread, model specific, or a component. The big picture of using metrics is great, however, if you can’t drill down to the specific problem and root cause, then it’s really not solving the problem.

Q: Can you give us some examples of what you saw as an FDA inspector?

A: One time I was at a large global manufacturer and they had a lot of returned motherboards for ultrasound systems (hundreds of boards returned per month.) Instead of analyzing and finding the root cause of the problem of all these returned boards, they would simply rework and repair them – over and over again. These boards had a very high rate of return, but they would all just go into a big hopper for rework. They should’ve taken the time to do a root cause analysis, but they didn’t, preferring to continue to fix them. None of this was logged into a system, and no failure investigations were ever conducted. Think of the risk to consumers and to the companies’ reputation and earnings! Think of the enormous waste in time and funds and other resources used for fixing the same problems over and over again.

This firm ended up having a major investigation by the FDA with recalls and monetary fines in the millions of dollars. If they had an effective CAPA system in place with root cause and failure investigations, they could’ve fixed the problem once and for all instead of reworking hundreds of motherboards per month.

Q: Why do you think medical device companies have such a problem with CAPA?

A: The biggest problem I see has to do with a lack of human resources. Typically a person in charge of CAPA has too many tasks and things tend to fall through the cracks. This generally happens to smaller companies with growing pains. That said, it also happens with the biggest ones, too. Bottom-line: the failure is about not devoting enough resources to CAPA, and letting other issues distract them because they are overworked.

Click here to learn more about CAPA Systems.

Filed Under: FDA Regulated, Medical Devices, Pharma/Biotech, Quality Management, Regulatory, Tamar June, Warning Letters/Recalls Tagged With: CAPA, FDA, Ken Miles, Medical Devices, Regulatory Compliance, Tamar June

Former FDA inspector Miles on What FDA Looks for During Inspections & the Importance of Strong CAPA Systems

December 1, 2009 By Tamar June 1 Comment

Ken Miles, Former FDA Inspector

In this multi-part series, we talked with Ken about FDA inspections, CAPA, quality systems, audits, training and more.

Q: When you were with the FDA, what did you look for during onsite inspections at medical device facilities?

A: What I primarily looked for was a robust quality management system that covered all of the key areas: CAPA, internal quality audit findings, training, MDRs and complaints, supplier quality, etc. Supplier audits are also very important, and they should always tie back into CAPA and management review findings.

Q: You mention training as part of the overall quality management system – what kind of problems did you see in that area?

A: The most common problem with training is that programs are often inadequate. Oftentimes procedures are either nonexistent or very poorly written. You need to have stringent management commitment and oversight, while also removing irresponsible people who can seriously damage the business. Procedures, management review and training are the primary areas that should generally be addressed through a CAPA program to make it work.

Q: Digging deeper, what were the CAPA-related issues you saw most often during inspections?

A: The one thing I saw often was that companies did not prioritize their CAPA items. You need to prioritize them using a risk-based approach. The highest priority ones should be put at the top of the list. Sounds like an obvious thing, but a lot of companies just throw all CAPA related issues into one bucket with no priority or even closure dates. If you don’t have some sort of prioritization system, you might become weighed down with too many assignments with no end in sight. Prioritize by low, medium and high priority, as well as severity of consequences. That would also imply that you have a target date, or closure date once you implement that program. A lot of companies don’t do that.

Q: You stress the importance of prioritizing and setting due dates for CAPA. Can you give us some examples of what you looked for during your inspections?

A: Medium and serious CAPA issues should be closed out within 30 or 90 days at the most. I’ve seen situations where CAPAs are still hanging out there after two or three years! And I’ve even some that have never closed or resolved! In certain situations, I’ve also seen CAPAs that don’t even have a closure date. Unfortunately, that’s typical of spreadsheet based CAPA systems.

In the next part, we will delve deeper into actual situations, and discuss some of the more egregious things that Ken Miles experienced as an FDA inspector.

Click here for more detailed information about CAPA.

Filed Under: FDA Regulated, Quality Management, Regulatory, Tamar June Tagged With: Audits, CAPA, Corrective Action, FDA, Supplier Quality Management

The Most Common Drug and Device GMP 483 Items

October 5, 2009 By Tamar June 6 Comments

In a recent FDA presentation Foster City, CA, Mark Roh, Regional Food and Drug Director outlined the most common cited 483 items for both pharma and med device companies:

The most common Drug GMP FDA-483 (observational) items:

Responsibilities and procedures of the Quality Control unit are not in writing
Written procedures are not followed
Control procedures not established
Inadequate specificatons
inadequate written procedures
Inadequate failure analysis

The most common Medical Device GMP FDA-483 (observational) items:

Deficiencies in complaint file system
Inadequate CAPA procedures
Lack of written MDR procedures
Corrective and preventive actions not documented
Inadequate process validation

This doesn’t mean you won’t be cited for anything not listed in the bullet items or nabbed for all of the above. These are the most common observations cited by FDA personnel during an inspection. So now you may want to go back and take a good hard look at your SOPs, quality management system, CAPA process, complaint handling/MDRs as well as your validation documentation. Obviously training your personnel in these procedures and processes is also key.

Of course, everyone’s goal is not to end up here…

Also, you may want to check out our previous blog entry “Don’t Ignore 483s…it’s in Your Best Interest to Respond in Writing“

Filed Under: FDA Regulated, Medical Devices, Pharma/Biotech, Quality Management, Regulatory, Tamar June Tagged With: CAPA, Corrective Action, FDA, Medical Devices, Pharma, Quality Management, Regulatory Compliance

Keystone Dental Takes Fixing Smiles Very Seriously

April 16, 2009 By Tamar June 2 Comments

More than 30 million Americans are missing some of their teeth in one or both jaws, and with a growing aging population, that’s estimated to grow substantially. According to the American Academy of Implant Dentistry, an estimated two in three Americans have one or more missing teeth, due to the increase in periodontal disease as the population ages.

Three million people have dental implants and that number is growing by 500,000 per year with an estimated market for implants to reach $1.3 billion by 2010. Dental implants are permanent fixtures of titanium posts anchored in the jawbone and topped with a replacement tooth. The technology was initially developed in Europe over 30 years ago and the success rate is remarkably high: 97 percent success rate in lower implants and 91% success rate in the upper implants.

Keystone Dental, based in Burlington, MA, was founded in March 2006, and aspires to build a market leading global brand recognized within the dental community for its integrity, trust and commitment to improving the standard of care for patients and their quality of life.

Since then, they have rapidly grown into a diversely skilled, fast-moving team of professionals committed to providing excellent customer service and producing high-quality products and services.

Keystone’s business plan called for an electronic quality management system to be implemented as soon as possible. Being an extraordinarily high volume medical device manufacturer, Keystone’s new system would have to handle an equally large volume of electronic records per year.

According to Richard Jancsy, Manager of Quality Systems, “A critical success factor for us is to effectively and efficiently manage a significant volume of regulatory documentation; in a rigorous and compliant manner…you need a reliable and highly configurable system to meet that challenge. That’s why we selected CATSWeb.”

Instead of using a manual, paper-based system that tediously captures data, the new electronic system has streamlined the process; it’s focused on capturing the essential and actionable information quickly. The implementation activity allowed Keystone to critically re-evaluate their current manual complaint handling system and design a robust solution by leveraging CATSWeb’s flexible capability.

“CATSWeb can mirror the process in a way that we get to choose, and not the other way around,” added Jancsy. Keystone will integrate the CATSWeb quality system with Salesforce.com and their IFS ERP. The first process rolling out is complaint handling and then CAPA, audits, training and change control during 2009.

Filed Under: Company News, FDA Regulated, Medical Devices, Quality Management, Regulatory, Success Stories, Tamar June Tagged With: AssurX, Audits, CAPA, Change Control, Quality Management, Success Stories

Who Says You Can’t Integrate Systems in Software as a Service (SaaS) Environment?

April 16, 2009 By Eric Cooper 1 Comment

The idea of software as a service is not new and in fact AssurX has offered its CATSWeb enterprise quality and compliance system in a hosted environment for over 10 years. However, there has always been a certain resistance in business for utilizing this software model. The reasons have varied from security issues to wanting to have control over the platforms to a perception that the data just needs to be in-house. For several years, though, businesses have been looking to reduce their overall costs, including those involved with IT. As a result SaaS has much more appeal as it can significantly help to reduce the overall cost of ownership.

One of the chief issues that have confounded IT, though, is system integration. No system is the be-all-to-end-all. ERP systems will generally handle most of the basic functions of a business, however there are aspects like complaint management, auditing, CAPA, etc., that are not fully covered by these systems – hence the need for multiple applications and the need to integrate.

The next argument from many is that if our systems are all hosted we cannot integrate them. That is not necessarily true. Systems that have Web service capabilities are fully capable of being integrated regardless of their location. This was recently proven by a very successful hosted NetSuite to CATSWeb integration. The requirement was to allow customer service to enter their initial customer complaint as a Support Case in NetSuite (which the customer runs as a SaaS) and have a corresponding transaction triggered in CATSWeb (which is also running as SaaS) where the actual complaint processing occurs. This was all accomplished by using a simple call from NetSuite to the CATSWeb web service. CATSWeb creates the record and sends a success or error message back to NetSuite, which then either stores the newly created CATSWeb Record ID in the Support Case for reference purposes or sends an email to an individual in the case of an error message. Additionally, because CATSWeb returns the Record ID created to NetSuite, any further changes to the NetSuite Support Case can be sent to CATSWeb, which will update the record accordingly.

So is system integration of SaaS applications possible? Absolutely. And depending the capabilities of the systems involved it can be relatively easy to accomplish. CATSWeb offers a fully functional Web services API, which will allow any external system to integrate with it. The location of the external system does not matter. The bottom line is that Software as a Service is a viable business model which can greatly reduce IT costs and the idea that just because your applications are hosted at offsite locations is no reason why they cannot be effectively integrated.

Filed Under: Eric Cooper, Featured, SaaS & Cloud Computing Tagged With: CAPA, CATSWeb, Eric Cooper, ERP, SaaS, Web Services

FDA Importer Guidance for Medical Devices: What it Means to you Going Forward

March 17, 2009 By Tamar June 2 Comments

The FDA has had many challenges and setbacks in the past few years. From budget cuts to high-level departures, the agency has also faced fury from lawmakers on Capitol Hill over high-profile device, drug and food recalls.

Off the record, current and former FDAers have told us that they know they’ve been understaffed and underfunded in recent years, and that their enforcement capabilities often weren’t up to the task.

Now with a new president and renewed focus on government regulation in Washington, it’s likely pressure from the White House and Capitol Hill will spur the agency to be more active this year and in the next several years, experts say.

In a new white paper from AssurX, you’ll learn why a FDA’s new Good Importer Practices draft guidance is putting the device industry on notice. The white paper explains that the FDA will:

Hold those at the top accountable for any import problems for their
products,
Expect medical device manufacturers to be vigilant about quality, and;
Increase its emphasis on device firms’ catching and correcting mistakes and
complaints.

As this new guidance demonstrates, a revitalized FDA today demands that medical device manufacturers to build quality into their products from the very beginning, and to spot procedural problems very early in the product lifecycle.

At its heart, the FDA guidance wants device manufacturers to:

1) Establish procedures for developing corrective action plans, and for taking corrective and preventive actions if non-compliance with a U.S. requirement or a safety concern should arise.

2) Identify and investigate the root cause of non-compliance with U.S. requirements for products they import, or by foreign firms with which they do business.

3) Take steps to remediate and prevent harm from present and future shipments, and to ensure non-compliance and safety problems do not recur.

4) Work with the non-compliant firm to meet U.S. requirements, or stop conducting business with that firm.

“This is part of a broader effort, pushing responsibility for manufacturing on the manufacturer,” says Mark Mansour, an attorney with Bryan Cave LLP in D.C. While the FDA is saying it will inspect and enforce more, manufacturers are counted on as the “first line of defense,” he adds. “Device firms should take this very seriously,” Mansour said.

Request your copy of the FDA Importer Guidance for Medical Devices paper here.

Filed Under: FDA Regulated, Featured, Medical Devices, Quality Management, Tamar June Tagged With: CAPA, Corrective Action, FDA Importer, Quality Management, Supplier Quality Management

Circle of Compliance Part IV: Improve

Savvy Compliance Strategy Part III: How to Track Problems

FDA Lifts Curtain on Inspection Process, Rationale

Part II: Former FDA Inspector Miles | Key to Avoiding More Trouble with the FDA is Identifying Root Cause

Former FDA inspector Miles on What FDA Looks for During Inspections & the Importance of Strong CAPA Systems

The Most Common Drug and Device GMP 483 Items

Keystone Dental Takes Fixing Smiles Very Seriously

Who Says You Can’t Integrate Systems in Software as a Service (SaaS) Environment?

FDA Importer Guidance for Medical Devices: What it Means to you Going Forward

News and Updates

Recent Posts

Webcasts and Events

AssurX Related Sites

AssurX Twitter Feed

AssurX Categories

AssurX Archive

Site Admin

Useful Links

AssurX

Other Links

Copyright