We knew it was coming. FERC enforcement actions picked up significantly in 2009. But what surprised us most was the eye-popping 214 violations for PRC-005-1.

So, what exactly is PRC-005-1?

Simply put, the NERC PRC-005-1 standard says (but is not limited to the following – see below for link/download of standard):

• Owners of generation Protection Systems shall have a maintenance and testing program for all protection devices that affect the reliability of the Bulk Electric System (BES).
• The program must include a maintenance and testing interval for each type of device and the basis used for determining that interval.
• The owner must provide documentation of its system maintenance and testing program and the implementation of that program to its Regional Reliability Organization on request within 30 calendar days.
• The program must provide the evidence that each Protection System device was maintained and tested within the defined intervals including the last tested/maintained date.

You can download the NERC PRC-005-1 Standard here.

Why has complying with PRC-005-1 been such a challenge to utilities?

The legacy of the unregulated past of both small and large utilities has left them with islands of disconnected data related to physical devices and assets that have an affect on the BES. This data consists primarily of work orders, maintenance activities, test results and supporting evidentiary documentation. Unfortunately, all of this data tends to reside in disparate systems such as ERP, spreadsheets, hard copies, custom databases, test systems, etc., and are typically spread across various departments and facilities in the enterprise. If a utility is found in non-compliance with the NERC Standard during an audit, it can result in fines from the tens to hundreds of thousands of dollars.

Achieving compliance with PRC-005-1

As daunting a challenge this might sound, there is a cost effective and simple solution that provides a central hub for real-time visual compliance to NERC PRC Standards. CATSWeb ER seamlessly integrates data from dozens of differing sources into a single repository and creates logical relationships amongst this data to perform measurements and analytics in real-time dashboards. This provides a visual status of PRC compliance of all devices and assets across the enterprise. Users also get real-time alerts and notifications as trends towards non-compliance occur, well before a state of non-compliance happens. The system also maintains a complete auditable history that’s ready for an audit of all devices, issues and actions in maintaining control and compliance.

Visit the NERC website to view enforcement actions, settlements and penalties.

Ken Miles, a 28 year veteran of the FDA, is today a widely-respected industry consultant to the medical device industry. He draws on his extensive experience to help firms effectively and efficiently comply with FDA requirements. Ken’s expertise includes evaluating Good Manufacture Practice (GMP) and Good Laboratory Practice (GLP) compliance, Quality System Regulations, and QSIT certification inspections (Management, Design, Process Controls, and CAPA).

In this multi-part series, we talked with Ken about FDA medical device inspections, CAPA, quality systems, audits, training and more.

Q: Where do you think companies fall short when it comes to implementing CAPA systems?

A: Some companies have a great CAPA program that is tied in with metrics, management reviews, etc., but ultimately may be only looking at trend analysis studies of post-production products. Unfortunately, they neglect trends with suppliers and internal production operations, or visa versa.  Valuable data can be obtained for correcting problems in their factory by looking at all trends: suppliers’ and in-house non-conforming materials and components, scrap rates, training issues, complaints, competitors’ non conformances (ie Warning Letter), etc.  Sometimes they’ll discover ”a peak in noncomformance with a certain product line”, but they fail to break it down to reveal that the nonconformance(s) only involve one or two models within the product line which is often the real culprit.

Company managers need to ask themselves, is it one model or all models? A certain shift? A certain part of the plant? Finding the root cause is very important in order to effectively resolve the problem(s). Companies need to isolate the problem and find out if it’s widespread, model specific, or a component. The big picture of using metrics is great, however, if you can’t drill down to the specific problem and root cause, then it’s really not solving the problem.

Q: Can you give us some examples of what you saw as an FDA inspector?

A: One time I was at a large global manufacturer and they had a lot of returned motherboards for ultrasound systems (hundreds of boards returned per month.) Instead of analyzing and finding the root cause of the problem of all these returned boards, they would simply rework and repair them – over and over again. These boards had a very high rate of return, but they would all just go into a big hopper for rework. They should’ve taken the time to do a root cause analysis, but they didn’t, preferring to continue to fix them. None of this was logged into a system, and no failure investigations were ever conducted.  Think of the risk to consumers and to the companies’ reputation and earnings! Think of the enormous waste in time and funds and other resources used for fixing the same problems over and over again.

This firm ended up having a major investigation by the FDA with recalls and monetary fines in the millions of dollars. If they had an effective CAPA system in place with root cause and failure investigations, they could’ve fixed the problem once and for all instead of reworking hundreds of motherboards per month.

Q: Why do you think medical device companies have such a problem with CAPA?

A: The biggest problem I see has to do with a lack of human resources. Typically a person in charge of CAPA has too many tasks and things tend to fall through the cracks. This generally happens to smaller companies with growing pains. That said, it also happens with the biggest ones, too. Bottom-line: the failure is about not devoting enough resources to CAPA, and letting other issues distract them because they are overworked.

Click here to learn more about CAPA Systems.

Numbers don’t lie. Reviewing the year-end numbers for FDA’s CDRH electronic submissions (AS2 Electronic Submissions Gateway) provides some eye popping stats.  This is an early indicator that electronic medical device reporting submissions have significantly increased over 2008, and certainly suggests they’ll rise even faster this year after the final rule is published.

Comment period on the draft guidance ended November 2009. The final ruling is expected within weeks. According to some FDA insiders, many were relieved the agency wasn’t overwhelmed with comments (slightly over two dozen comments were filed), and the ones received were definitely “workable”.

So, what did 2009 numbers look like?

As the chart shows, early 2009 got off to a slow start, but picked up significantly in the fourth quarter of the year.

But when comparing 2008 vs. 2009, total submission numbers jumped from 4,619 to 21,296. It’s apparent that the device industry has picked up the pace when it comes to electronic submissions to FDA. And if this isn’t a wake up call for device companies to move away from paper 3500A submissions to eMDR, we don’t know what is.

We’ll be keeping a close eye on this through 2010.

The concept of implementing SaaS is moving ahead quickly, especially in the medical device arena. Perhaps that shouldn’t be surprising; most industry experts say that device firms tend to be a bit more innovative when it comes to embracing new technologies.

That may be why Angiotech made the decision to go with AssurX’s OnDemand (SaaS) model as opposed to on-premise implementation for their global complaint handling system. Angiotech is a global specialty pharmaceutical and medical device company that discovers, develops, and markets innovative technologies and medical products primarily for local diseases or for complications associated with medical device implants, surgical interventions and acute injury.

AssurX’s CATSWeb system is already rolled out across four facilities – three in the US and one in Puerto Rico – with Europe expected by the end of 2009.

Larry Murphy, Senior Manager, Corporate Quality, was part of the team that made the decision to go with the SaaS model because they needed to get up and running quicker.

“We got the blessing of the IT group after they reviewed the AssurX system and were able to get answers quickly about the level of security and support,” Murphy said. “As far as the users are concerned, they really like having everything centralized, including the reporting capabilities. We have significantly improved our efficiency and productivity,” added Murphy.

Prior to implementing an automated complaint handling system, various divisions of Angiotech were using either paper-based systems or homegrown Access database applications. Now the company-wide system using CATSWeb allows them to process complaints in a more structured and standardized manner that provides a much higher level of quality of information as well as the ability to track progress using metrics and dashboards.

Future plans include expansion of the current process and perhaps implementing electronic medical device reporting (eMDR) somewhere down the line.

Even though there’s no regulatory requirement to respond to an FDA 483 inspectional observations report, it’s in your best interest to do so in writing, according to FDA sources. In a recent presentation by Anita Richardson, Associate Director for Policy Office of Compliance & Biologics Quality, she outlined four reasons for submitting a comprehensive 483 response, and eight suggestions for an effective response.

Four reasons for submitting a well-prepared and timely 483 response:

1. Could possibly mitigate an FDA compliance decision for further action (warning letter, etc.) “As a general rule, a Warning Letter should not be issued if the agency concludes that a firm’s corrective actions are adequate and that the violations that would have supported the letter have been corrected.”
2. Demonstrates to the FDA (and other stakeholders) an understanding and acknowledgement of the observations
3. Demonstrates to the FDA (and other stakeholders) a commitment to correct, i.e. the intent to voluntarily comply
4. Establishes credibility with FDA

Eight suggestions for an effective 483 response

1. Include a commitment/statement from senior leadership
2. Address each observation separately
3. Note whether you agree or disagree with the observation
4. Provide corrective action accomplished and/or planned; tell FDA the plan
   • Be specific (e.g. observation-by-observation)
   • Be complete
   • Be realistic
   • Be able to deliver what you promise
   • Address affected products
5. Provide time frames for correction
6. Provide method of verification and/or monitoring for corrections
7. Consider submitting documentation of corrections where reasonable & feasible
8. BE TIMELY

Good advice. And remember…

“A well-reasoned, complete, and timely 483 response is in your best interest.”