Ghtf sg4 Auditing of qms of Medical Device Manufacturers-Part 2 Audit Strategies


Method of estimating audit duration



Yüklə 264,5 Kb.
səhifə3/3
tarix31.08.2018
ölçüsü264,5 Kb.
#65594
1   2   3

Method of estimating audit duration

When auditing organizations are planning audits, sufficient time should be allowed for the audit team to determine the conformity status of the manufacturer's quality management system with respect to the relevant regulatory requirements. Any additional time required to assess national or regional regulatory requirements must be justified.


For example, the table from the IAF Guidance on the Application of ISO/IEC Guide 62 may be used in order to determine a baseline for the duration of initial ISO 9000-series audits, measured in auditor-days. As this table is not intended for the special needs of medical device audits, additional time should be added for the requirements of ISO 13485:2003 and for regulatory requirements. This document also provides guidance for other types of activities, such as surveillance audits.
The extended baseline includes time to prepare for the audit, preview the quality management system documentation and write the report. It does not consider the time

required for design dossier reviews, type examinations, pre-market approval audits and other similar activities, but does include the assessment of product documentations on a sample basis during the audit. The extended baseline for initial audits should be adjusted to take into account the other types of audits and the factors listed in Appendix 2 which may increase or decrease the estimated audit duration, but only if these factors are required by the applicable regulations.



Approximate percentage of on-site auditing time


The approximate percentage of on-site time assigned to different subsystems can be estimated using Table 2:


Subsystems

Approximate percentage of

on-site time



Remarks

Management

5-10 %




Design and development

0-20%

Depends on regulatory requirements

Product documentation

5-20%




Production and process controls

20-30 %




Corrective and preventive actions

10-30 %




Purchasing controls

5-20%

Depending on the proportion and importance of activities an outsourcing manufacturer is contracting

Documentation and records

5 %




Customer related processes

5 %






Table 2: Approximate percentage of on-site auditing time

The approximate percentage of on-site audit time for each subsystem will vary depending on factors such as:

- the audit scope

- schedule changes

- the need to gather information from remote locations


    1. Guidance for Logistics during an Audit

The following points should help the auditor in performing the audit in the most appropriate way:




  • changes by the manufacturer other than those previously submitted to the auditing organization (e.g., organization, quality management system, facilities, processes, products) that are presented at the opening meeting



  • Efforts should be made to accommodate executive management with respect to the scheduling and length of time spent auditing management responsibility.



  • follow-up nonconformity(ies) from last audit as soon as possible, to determine whether the manufacturer has effectively implemented corrective actions



  • auditing the warehouse at the beginning of an audit allows for the selection of examples that can be followed up later on (e.g., nonconforming material, batch records, etc.)



  • auditing traceability at an early stage of the audit allows the traceability path to be followed either forward (e.g., simulated recall) or backwards, and gives the manufacturer sufficient time to access relevant information




  • surveillance audits may focus on either design or production and their related activities also taking into account factors like range of products and/or scope of certificate(s)


  • internal audits, complaints, CAPA and management review should be covered at every audit

    Note: FDA’s policy is to review procedures and schedules for internal audits and management reviews but not to review the manufacturer’s reports of these activities during routine inspections.



  • auditing documentation and training at the end of an audit allows for better follow-up of the examples picked-up during the audit



  • evaluating the internal audit system towards the end of the audit avoids biasing the audit team



  • the local situation may influence the sequence of audit and should be considered to avoid wasting time

Consideration to the points above should be given, but the audit team is free to audit the subsystems in any appropriate sequence.




    1. Links
      Note:       Figure 1 shows the main links. There are many other links (e.g., feedback in the product realization processes and links between each process in the supporting processes.

Although most of the auditor’s time will be spent on examining processes within the subsystems, it is important to remember that links exist between the subsystems and between different processes.




Examples

Corrective and preventive actions and management: Disseminating CAPA information to management for management review.


Design and development controls and purchasing controls: Design output used


in evaluating potential suppliers of components and assemblies and
communicating specified purchase requirement to that supplier.

Within a process, the steps will normally be linked because the output from one step will be the input to the next.


There are also some obvious links between processes, e.g., the output from design will be an input to production. These links need to be checked during both parts of the audit (e.g., design and production) to verify that the link is working and the quality management system is working as a coherent whole.
There are other links which may be less obvious, but which still need to be audited, e.g., if nonconforming product is seen in finished goods, did this problem originate in stores, production, final inspection or design?
There also are links between subsystems, e.g., if faulty components arrive on the production floor, was this caused by the supplier, receiving inspection, incorrect data to the supplier or by design? In such instances, does the system require the manufacturer to always make a CAPA report?




  1. Auditing Subsystems



There is a specific goal in auditing each subsystem. The plan for auditing each subsystem should be process based (section 6.4) and should enable the objective to be met. This should include verifying conformity with the requirements that are addressed by each subsystem.
For the purposes of regulatory auditing, risk management principles apply throughout the product realisation process of a medical device and should be used to identify and address safety issues. Risk management activities should be audited concurrently with the relevant subsystems. (For additional guidance see GHTF-SG3/N15 R8: 2005 Implementation of Risk Management Principles and Activities within a Quality Management System.)

The purpose of auditing the risk management process is to ensure that adequate and effective risk management has been established and maintained throughout the product realization process.



Note 1: Certain national and regional regulations have risk management requirements applicable to all stages of the medical device life cycle.

Note 2: Numbers beneath each section below refer to ISO 13485:2003.

Note 3: Subsystems below marked with* are main subsystems and should receive a main focus of the audit, if this is a regulatory requirement. See also Section 6.2.



    1. Management Subsystem*

      Objective: The purpose of the management subsystem audit is to verify that the top management ensures that an adequate and effective quality management system has been established and maintained.




Major Steps: The following major steps serve as a guide in the audit of the Management subsystem:
*

  1. Verify that a quality manual, management review and quality audit procedures, quality plan, and quality management system procedures and instructions have been defined and documented.
    (ISO 13485:2003: 4.1, 4.2)


  2. Verify that a quality policy and objectives have been defined and documented and steps taken to achieve them.
    (ISO 13485:2003: 5.3, 5.4)



  3. Verify that the product realisation process incorporates risk management planning, and ongoing review of the effectiveness of risk management activities ensuring that policies, procedures and practices are established for analyzing, evaluating and controlling risk.
    (ISO 13485:2003: 7.1)



  4. Review the manufacturer’s organizational structure and related documents to verify that they include provisions for responsibilities, authorities (e.g., management representative), resources, competencies and training.
    (ISO 13485:2003: 5.1, 5.5.1, 5.5.2, 6.1, 6.2)



  5. Verify that management reviews are being conducted and that they include a review of the suitability and effectiveness of the quality management system.
    (ISO 13485:2003: 5.6)



  6. Verify that internal audits of the quality management system are being conducted and that they include verification of corrective and preventive actions.(ISO 13485:2003: 8.2.2)



  7. The audit commences and ends with the management subsystem, however between the opening and closing of management subsystem the other subsystems are audited.



At the conclusion of the audit a decision should be made as to whether top management has taken the appropriate actions to ensure a suitable and effective quality management system is in place.



    1. Design and Development Subsystem*

      Objective: The purpose of auditing the design and development subsystem is to verify that the design and development process is controlled to ensure that medical devices meet user needs, intended uses and specified requirements.




      Note: In certain jurisdictions some products are not subject to audit of design control due to their classification. Subsystem 7.2 is applicable to the audit of design controls where this is needed.

      Major Steps: The following major steps serve as a guide in the audit of the Design and Development subsystem:




  1. Verify if products are by regulation subject to design and development procedures including risk management (e.g., hazard identification, risk evaluation and risk control).
    (ISO 13485:2003: 7.1, 7.3)




  1. Review documents describing the design process and select sufficient records to cover the manufacturer’s product range. Focus on individual products rather than families.

    Criteria for selection:



  • product risk

  • complaints or known problems

  • age of design (prefer most recent)

3. Review the design plan for the selected product(s) to understand the design and development activities, including assigned responsibilities and interfaces.


(ISO 13485:2003: 7.3.1)

4. For the product design record(s) selected, verify that design and development procedures have been established and applied.


(ISO 13485:2003: 7.3.1)

5. Verify that design inputs were established and address customer functional, performance and safety requirements, intended use, applicable regulatory requirements, and other requirements essential for design and development.


(ISO 13485:2003: 7.2.1, 7.3.2)

6. Review medical device specifications to confirm that design and development outputs meet design input requirements. Verify that the design outputs essential for the proper functioning of the medical device have been identified.


(ISO 13485:2003: 7.3.3)

7. Verify that risk management activities are defined and implemented and that risk acceptability criteria are established and met throughout the design and development process. Verify that any residual risk is evaluated and, where appropriate, communicated to the customer (e.g., labelling, service documents, advisory notices, etc).


(ISO 13485:2003: 7.1, 7.3.2)
Note: It may be necessary to audit other subsystems to verify that risk acceptability criteria are met and residual risk is communicated if necessary.

8. Verify that design validation data show that the approved design meets the requirements for the specified application or intended use(s).


(ISO 13485:2003: 7.3.6)

9. Verify that clinical evaluations and/or evaluation of the medical device safety and performance were performed if required by national or regional regulations.


(ISO 13485:2003: 7.3.6)

Note: FDA reviews and monitors clinical studies during special inspections specifically for this purpose, not during audits of quality management systems.

10. If the medical device includes software, verify that the software was part of the medical device’s design and development validation.


(ISO 13485:2003: 7.3.1, 7.3.6)

11. Verify that design changes were controlled and verified or where appropriate validated and that design changes have been addressed.

(ISO 13485:2003: 7.1, 7.3.5, 7.3.7)

12. Verify that design reviews were conducted.


(ISO 13485:2003: 7.3.1, 7.3.4)

13. Verify that design changes have been reviewed for the effect on products previously made and delivered, and that records of review results are maintained.


(ISO 13485:2003: 7.3.7

14. Determine if the design was correctly transferred to production.


ISO 13485:2003: 7.3.1)

Evaluate the Design and Development subsystem for adequacy based on findings.




    1. Product Documentation Subsystem*


Objective: The purpose of auditing the Product Documentation Subsystem is to verify that the manufacturer’s documentation ensures that products meet customer and regulatory requirements.

Major Steps: The following major steps serve as a guide in the audit of the Product Documentation subsystem:
*

  1. Verify if there are documents needed by the organization to ensure planning, operation and control of its processes.
    (ISO 13485:2003: 4.2.1d)




              1. Select Product Documentation for sufficient product(s) to cover the manufacturer’s product range.

(ISO 13485:2003: 7.1, 7.2, 7.3.3)

Criteria for selection:



  • product risk

  • complaints or known problems

  • age of design (prefer most recent)

3. For the product(s) selected verify that documentation includes (if required by


national or regional regulations):

  • evidence of conformity to requirements, including standards used

  • medical device description including instruction for use, materials and specification

  • summary of design verification and validation documents including clinical evidence

  • labelling

  • risk management documents

  • manufacturing information including major suppliers



Note: This does not prevent the auditor from assessing additional documentation.

Evaluate the Product Documentation Subsystem for adequacy based on findings.





    1. Production and Process Controls Subsystem*

      Objective: The purpose of auditing the production and process control subsystem (including testing, infrastructure, facilities and equipment) is to verify that the manufacturer’s production and process controls are able to ensure that products will meet specifications.



      Major Steps: The following major steps serve as a guide in the audit of the Production Process subsystem:



  1. Verify that the product realization processes are planned – including any necessary controls and controlled conditions.
    (ISO 13485:2003: 7.1, 7.5.1)



  2. Verify that the planning of product realization is consistent with the requirements of the other processes of the quality management system.
    (ISO 13485:2003: 7.1)




  1. Review production processes considering the following criteria. Select one or more production processes to audit.

    Criteria for selection:



  • CAPA indicators of process problems

  • use of production process for higher risk products

  • new production processes or new technologies

  • use of the process in manufacturing multiple products

  • processes not covered during previous audits



Note: For auditing a sterilization process see Appendix 4



  1. Verify that the processes have been validated if the result of the process cannot be verified. Verify that the validation demonstrates the ability of the processes to achieve planned result.
    (ISO 13485:2003: 7.5.2)



  2. Verify that the equipment used in production and process control has been adjusted, calibrated and maintained.
    (ISO 13485:2003: 7.5 , 7.6)



  3. Verify that the processes are controlled and monitored and operating within specified limits. In addition, verify that risk control measures identified by the manufacturer in production processes are controlled, monitored and evaluated.
    (ISO 13485:2003: 7.1, 7.5)



  4. Verify that risk control measures are applied to delivery, installation and servicing, where applicable.

(ISO 13485:2003: 7.5.1.1, 7.5.1.2.2 and 7.5.1.2.3)



  1. Determine the links to other processes.
    (ISO 13485:2003: 4.1, 4.2)




  1. Verify that personnel are appropriately qualified and/or trained to implement/maintain the processes.
    (ISO 13485:2003: 6.2.2)



  2. Verify that the infrastructure and the work environment are adequate.
    (ISO 13485:2003: 6.3, 6.4)



  3. Verify that identification and traceability for processes and products are in place and are adequate.
    (ISO 13485:2003: 7.5.3)



  4. If the process is software controlled, verify that the software is validated for its intended use.
    (ISO 13485:2003: 7.5.2.1)



  5. Verify that the control of the monitoring and measuring devices is adequate.
    (ISO 13485:2003: 7.6)



  6. Verify that the system for monitoring and measuring of products is adequate. Ensure that any identified risk control measures are implemented.
    (ISO 13485:2003: 7.6, 8.2.4)



  7. Verify that acceptance activities assure conformance with specifications and are documented.
    (ISO 13485:2003: 8.2.4, 8.2.4.1, 8.2.4.2)



  8. Verify that the control of nonconforming products is adequate.
    (ISO 13485:2003: 8.3)



Evaluate the Production Processes subsystem for adequacy based on findings.



    1. Corrective and Preventive Actions – CAPA Subsystem*

      Objective: The purpose of auditing the CAPA subsystem (including reporting/tracking) is to verify that manufacturer’s processes ensure that information is collected and analyzed to identify actual and potential product and quality problems, and that these are investigated, and appropriate and effective corrective and preventive actions are taken.





Major Steps: The following major steps serve as a guide in the audit of the Corrective and Preventive Actions – CAPA subsystem:



  1. Verify that CAPA system procedure(s) which address the requirements of the quality management system have been established.
    (ISO 13485:2003: 4.1, 4.2, 8.5)



  2. Verify that accurate information is analysed for input into the CAPA system and that corrective and preventive actions were effective.
    (ISO 13485:2003: 8.4, 8.5)



  3. When a CAPA results in a design change, verify that the hazard(s) and any new risks are evaluated under the risk management process.
    (ISO 13485:2003: 7.1)



  4. Determine if all appropriate sources of CAPA data have been identified and are being monitored to determine action when indicated. Confirm that data from these sources are analyzed, using valid statistical methods where appropriate, to identify existing product and quality problems that may require corrective action.
    (ISO 13485:2003: 8.1, 8.2.3, 8.4)



  5. Determine if failure investigations are conducted to identify the causes of nonconformities, where possible.
    (ISO 13485:2003: 8.5.2)



  6. Verify that controls are in place to prevent distribution of nonconforming products.
    (ISO 13485:2003: 8.3)



  7. Confirm that corrective and preventive actions were implemented, effective, documented and did not adversely affect finished devices.
    (ISO 13485:2003: 8.2.3 8.5.2, 8.5.3)



  8. Determine if relevant information regarding nonconforming product and quality problem(s) and corrective and preventive actions has been supplied to management for management review.
    (ISO 13485:2003: 5.6.3)



  9. Verify that medical device reporting is done according to the applicable regulatory requirements.
    (ISO 13485:2003: 8.5.1)



  10. Confirm that the manufacturer has made effective arrangements for gaining experience from the post production phase, handling complaints (see also 7.8.3), and investigating the cause of non-conformance related to advisory notices/recalls with provision for feed back into the corrective and preventive action subsystem.
    (ISO 13485:2003: 7.2.3, 8.2.1)



  11. Confirm that the manufacturer has made effective arrangements for the issue and implementation of advisory notices/recalls.
    (ISO 13485:2003: 8.5.1)



Evaluate the Corrective and Preventive Actions subsystem for adequacy based on findings.


            1. Purchasing Controls Subsystem

              The Purchasing Controls subsystem should be considered a main subsystem for those manufacturers who outsource essential activities such as design and development and/or production to one or more suppliers.


Objective: The purpose of auditing the purchasing control subsystem is to verify that the manufacturer’s processes ensure that products, components, materials and services provided by suppliers, (including contractors and consultants) are in conformity. This is particularly important when the finished product or service cannot be verified by inspection (e.g., sterilisation services).
Major Steps: The following major steps serve as a guide in the audit of the Purchasing controls Subsystem:


  1. Verify that procedures for conducting supplier evaluations have been established.
    (ISO 13485:2003: 7.4.1)



  2. Verify that the manufacturer evaluates and maintains effective controls over suppliers, so that specified requirements are met.
    (ISO 13485:2003: 7.4.1)



  3. Verify that the manufacturer assures the adequacy of specifications for products and services that suppliers are to provide, and defines risk management responsibilities and any necessary risk control measures.
    (ISO 13485:2003: 7.4.2)



  4. Verify that records of supplier evaluations are maintained.
    (ISO 13485:2003: 7.4.1)



  5. Determine that the verification of purchased products and services is adequate.
    (ISO 13485:2003: 7.4.3)



Evaluate the Purchasing Controls subsystem for adequacy based on findings.
7.7 Documentation and Records Subsystem

Objective: The purpose of auditing the documentation and records subsystem is to verify that the manufacturer’s documentation processes ensure that relevant documents are adequately controlled and that relevant records are available.


Major Steps: The following major steps serve as a guide in the audit of the Documentation and Records subsystem:



  1. Verify that procedures have been established for the identification, storage, protection, retrieval, retention time and disposition of documents and records. (Including change control).
    (ISO 13485:2003: 4.2.3, 4.2.4)



  2. Confirm that documents and changes are approved prior to use.
    (ISO 13485:2003: 4.2.3)



  3. Confirm that current documents are available where they are used and that obsolete documents are no longer in use.
    (ISO 13485:2003: 4.2.3)



  4. Verify that required documents and records are being retained for the required length of time.
    (ISO 13485:2003: 4.2.1, 4.2.4)



Evaluate the Documentation and Records subsystem for adequacy based on findings.

7.8 Customer Related Processes Subsystem

Objective: The purpose of auditing customer related processes subsystem is to verify that customer related processes ensure that requirements including regulatory requirements are addressed by the quality management system.



Major Steps: The following major steps serve as a guide in the audit of the Customer related processes subsystem.



  1. Review product requirements to verify that they address the intended use as well as customer and regulatory requirements.
    (ISO 13485:2003: 7.2.1, 7.2.2)



  2. Confirm that incoming orders and related information are reviewed to assure that any conflicting information is resolved and the manufacturer can fulfil the customer’s requirements.
    (ISO 13485:2003: 7.2.2)



  3. Confirm that the manufacturer has made effective arrangements for handling communications with customers including documenting customer feedback to identify quality problems and provide input into the corrective and preventive action subsystem.
    (ISO 13485:2003: 7.2.3, 8.2.1)



  4. Confirm that customer feedback is analyzed in the product realization process and used to re-evaluate the risk assessment and, where necessary, adjust the risk management activities.

(ISO 13485:2003: 7.1, 7.2.3)

Evaluate the Customer related processes subsystem for adequacy based on findings.



Appendices


Appendix 1: Binomial Staged Sampling Plans

[Taken from the Quality System Inspection Technique, QSIT (1999)]


Table 1: Confidence Limit 95%
Table 2: Confidence Limit 99%

Table 1
Binomial Staged Sampling Plans
Binomial Confidence Levels

Confidence Limit .95<

0 out of:

1 out of:

2 out of:

A

.30 ucl*

11

17

22

B

.25 ucl

13

20

27

C

.20 ucl

17

26

34

D

.15 ucl

23

35

46

E

.10 ucl

35

52

72

F

.05 ucl

72

115

157


Table 2
Binomial Staged Sampling Plans
Binomial Confidence Levels

Confidence Limit .99<

0 out of:

1 out of:

2 out of:

A

.30 ucl*

15

22

27

B

.25 ucl

19

27

34

C

.20 ucl

24

34

43

D

.15 ucl

35

47

59

E

.10 ucl

51

73

90

F

.05 ucl

107

161

190

*ucl = Upper Confidence Level



CRC Handbook of Probability and Statistics: Second Edition

Binomial Sampling may be used when trying to make a decision about an endpoint that only has two potential outcomes (e.g., the record is compliant or the record is noncompliant).

Factors to consider when selecting a sampling table and sampling size may include the risk of the medical device or risk of the process and the records being sampled and the time the auditor has allocated to this part of the audit.

For the review of records regarding a low risk medical device, Table 1 is recommended (95% Confidence), for the review of records regarding a high risk medical device Table 2 is recommended (99% Confidence). Two examples are given:



Example 1:
The auditor plans to determine whether the sterilization process is monitored and controlled by reviewing sterilization records. The sterilization process is a high risk process, so the auditor uses sampling Table 2 in Appendix 1. The auditor selects a random sample of 24 sterilization batch records to review. All 24 records show that sterilization process was monitored and controlled and conducted at validated operating parameters. Based on Table 2, the auditor can be 99% confident that no more than 20% of the total population of sterilization records will show that the sterilization process was not conducted at the validated operating parameters.
Example 2:
The auditor is reviewing training records to determine whether employees have received training on recent revisions of the complaint handling procedures. The manufacturer makes computed tomography. Using Table 1, the auditor selects a random sample consisting of training records for 17 employees. The auditor finds that one employee has not received training in the revised procedure. Using Table 1, the auditor can be 95% certain that not more than 30% of the employees have not received training in the newly revised procedure.


Appendix 2: Factors used to determine the audit duration


  1. Factors which may increase the audit duration




  1. Manufacturers using suppliers to supply processes or parts that are critical to the function of the medical device and/or the safety of the user or finished products, including own label products. When the manufacturer cannot provide sufficient evidence for conformity with audit criteria , then additional time may be allowed for each supplier to be audited.
    (Note: Component suppliers are exempt from the FDA Quality System Regulation and are not inspected routinely by FDA.)

  2. Manufacturers who install product on customer’s premises.
    Note: Time may be required for customer site visits or installation records review

  3. Audits conducted in a foreign language (see GHTF Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers – General Requirements, Part 1, Supplement 1: Audit Language Requirements)

  4. Multipurpose audits required by the manufacturer

  5. Poor regulatory compliance by the manufacturer



  1. Factors that may reduce the audit duration




  1. Low and medium risk medical devices

  2. Any evidence of satisfactory audits from other third party or auditing organizations of suppliers

  3. The result of previous audits conducted by the auditing organisation show compliance with regulatory requirements, i.e. regulatory compliance by the manufacturer

  4. Reduction of the manufacturer product range since last audit

  5. Reduction of the design/or production process since last audit




  1. Multiple site manufacturers

When multiple sites are involved, the manufacturer should define the activities that take place on each site.


When the sites operate different quality management systems, for the purposes of estimating the audit duration each site should be regarded as a separate entity.
For manufacturers who have two or more manufacturing sites providing similar products or services in different locations, which are covered by a single quality management system, the audit duration may be estimated in three steps:
i) Estimate the audit duration for each site separately, then total the auditor-days

ii) Add together the total number of staff for all sites, and then apply the IAF Guidelines to determine the base line, as applicable

iii) Average these two results


  1. Other types of audits

There are a number of types of audits where the duration is less than that required for a full initial audit.

(See GHTF Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers Part 1- general requirements, SG4/N28, section 8).
The factors listed in this appendix should be considered when estimating audit duration for those other types of audits.
For partial audits, the duration may be calculated according to the number of quality subsystems that are to be examined. This could apply, for example, to re-audits conducted to verify corrective actions taken as a result of the initial audit, or to situations where the regulations only require a partial audit, e.g., Class A measuring devices according to GHTF classification.
In cases where significant changes have occurred to a manufacturer (see GHTF Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers Part 1- General Requirements, section 8.3) additional time may be required.
Appendix 3: Cross-reference between ISO 13485:2003 and 21 CFR Part 820
7.1 Management Subsystem


Clauses and subclauses of ISO 13485:2003

Sections of 21 CFR Part 820

4, 5, 6, 7, 8

820.5, 820.20, 820.22, 820.25, 820.30



Step

ISO 13485:2003

21 CFR 820

1

4.1, 4.2

820.20(c), 820.20(d), 820.20(e), 820.22

2

5.3, 5.4

820.20(a)

3

7.1

820.30(g), 820.30(i)

4

5.1, 5.5.1, 5.5.2, 6.1, 6.2,

820.20(b), 820.20(b)(1), 820.20(b)(2), 820.20(b)(3)(i) and (ii), 820.25

5

5.6

820.5, 820.20 (c)

6

8.2.2

820.22

7.2 Design and Development Subsystem



Clauses and subclauses of ISO 13485:2003

Sections of

21 CFR Part 820

7

820.30, 820.70



Step

ISO 13485:2003

21 CFR 820

1

7.1, 7.3

820.30

3

7.1

820.30(a)



4

7.3.1

820.30(b)

5

7.3.1

820.30(a), 820.30(b) – (j)

6

7.2.1, 7.3.2

820.30(c)

7

7.3.3

820.30(f), 820.30(d)

8

7.1, 7.3.2

820.30(g)

9

7.3.6

820.30(g)

10

7.3.6

820.70(i), 820.30(g)

11

7.3.1, 7.3.6

820.30(g)

12

7.1, 7.3.5, 7.3.7

820.30(i), 820.70(b), 820.30(g)

13

7.3.1, 7.3.4

820.30(e)

14

7.3.7

820.30(i), 820.70(b)

7.3 Product Documentation Subsystem



Clauses and subclauses of ISO 13485:2003

Sections of

21 CFR Part 820

4, 7

820.30, 820.181, 820.50, 820.180, 820.184, 820.186, 820.75



Step

ISO 13485:2003

21 CFR 820

1

4.2.1d

820.180, 820.181, 820.184, 820.186

3

ISO 13485:2003: 7.1, 7.2, 7.3.3

820.30(d), 820.30(g), 820.30(f), 820.181, 820.50, 820.75

7.4 Production and Process Controls Subsystem



Clauses and subclauses of ISO 13485:2003

Sections of

21 CFR Part 820

4, 6, 7, 8

820.50, 820.60, 820.65, 820.70, 820.72, 820.75, 820.80, 820.90, 820.20, 820.25, 820.30, 820.40, 820.100, 820.180, 820.140, 820.150, 820.184, 820.181, 820.86



Step

ISO 13485:2003

21 CFR 820

1

7.1, 7.5.1

820.70, 820.70(c)

2

7.1

820.30, 820.40, 820.50, 820.80, 820.181

3







4

7.5.2

820.75



5

7.5.1, 7,6

820.70(g)(3), 820.72(a), 820.70(g)(1)

6

7.1, 7.5

820.70(a), 820.70(c), 820.70(e), 820.70(f), 820.70(g), 820.70(h), 820.72, 820.75(b), 820.80

7

7.5.1.1, 7.5.1.2.2, 7.5.1.2.3




8

4.1, 4.2

820.20, 820.25, 820.30, 820.40, 820.72, 820.90, 820.100, 820.180

9

6.2.2

820.20 (b)(2), 820.25, 820.70, 820.70(d), 820.75(b)(1)

10

6.3, 6.4

820.70(c), 820.70(g), 820.70(f)



11

7.5.3, 7.5.3.1, 7.5.3.2, 7.5.3.3

820.60, 820.65



12

7.5.2.1

820.70(i)



13

7.6

820.72,

14

7.6, 8.2.4

820.72, 820.80(c), 820.80(d)

15

8.2.4, 8.2.4.1, 8.2.4.2

820.80, 820.86, 820.184(d)

16

8.3

820.90

7.5 Corrective and Preventive Actions – CAPA Subsystem



Clauses and subclauses of ISO 13485:2003

Sections of

21 CFR Part 820

4, 5, 6, 7, 8

820.90, 820.100, 820.198, 820.250, 820.30



Step

ISO 13485:2003

21 CFR 820

1

4.1, 4.2, 8.5

820.100(a) (b)

2

8.4, 8.5

820.100(a)(1)

3

7.1

820.30(i)

4

8.1, 8.2.3, 8.4

820.100(a), 820.100(a)(1), 820.250

5

8.5.2

820.100(a)(2)

6

8.3

820.90(b)

7

8.2.3, 8.5.2, 8.5.3

820.100(a)(3), 820.100(a)(4), 820.100(a)(5), 820.100(b)

8

5.6.3

820.100(a)(7)

9

8.5.1

820.198(d)

10

7.2.3, 8.2.1

820.100, 820.198

11

8.5.1



7.6 Purchasing Controls Subsystem



Clauses and subclauses of ISO 13485:2003

Sections of

21 CFR Part 820

7

820.40, 820.50, 820.80



Step

ISO 13485:2003

21 CFR 820

1

7.4.1

820.40, 820.50

2

7.4.1

820.50(a)(1) and 820.50(a)(2)

3

7.4.2

820.50(b)



4

7.4.1

820.50(a)(3)

5

7.4.3

820.50(a)(2), 820.80(a), 820.80(b)

7.7 Documentation and Records Subsystem



Clauses and subclauses of ISO 13485:2003

Sections of

21 CFR Part 820

4

820.40, 820.65, 820.180, 820.100, 820.181, 820.184, 820.186, 820.198, 820.200



Step

ISO 13485:2003

21 CFR 820

1

4.2.3, 4.2.4

820.180, 820.180(b)

2

4.2.3

820.40(a), 820.40(b)

3

4.2.3

820.40(a)

4

4.2.1, 4.2.4

820.100(b), 820.180(b), 820.181, 820.184, 820.186, 820.198(a), 820.200(d)

7.8 Customer Related Processes Subsystem



Clauses and subclauses of ISO 13485:2003

Sections of

21 CFR Part 820

7

820.30, 820.100, 820.198, 820.50, 820.160


Step

ISO 13485:2003

21 CFR 820

1

7.2.1, 7.2.2

820.30(c), 820.30(d), 820.30(f), 820.30(g)

2

7.2.2

820.50, 820.160

3

7.2.3, 8.2.1

820.198, 820.100(a)(1)

4

7.1, 7.2.3





Appendix 4: Sterilization Process



GOAL: The purpose of auditing the sterilization process (including testing, infrastructure, facilities and equipment) is to verify that the processes are appropriate to produce sterile products.
Major Steps: The following major steps serve as a guide in the audit of sterilization processes under the Production Process subsystem:


  1. Determine that the sterilization processes are planned – including the controlled conditions.
    ISO 13485:2003: 7.1, 7.5.1.3




  1. Determine that the planning of product sterilization is consistent with the requirements of the other processes of the quality management system.
    ISO 13485:2003: 7.1. 7.5.1.3




  1. Determine that records of process parameters for the sterilization process for each sterilization batch are maintained and are traceable to each production batch.
    ISO 13485:2003: 7.5.1.3



  2. Select a sterilization process (es) for review. If there is more than one sterilization process use the following criteria:

  • degree of difficulty to sterilize a medical device

  • process used for the largest number of medical devices

  • process that is most difficult to control



    1. Determine that the sterilization process has been validated and review the validation for adequacy. Validation includes qualification of the sterilizer. Check that validation is up-to-date.
      ISO 13485:2003: 7.5.2.1



    2. Determine that biological indicators are handled appropriately and validated.
      ISO 13485:2003: 8.2.3




    1. Determine that the process is controlled and monitored including product bio burden. Verify that configuration of loads comply with validated configurations.
      ISO 13485:2003: 7.5.1.3



    2. Determine that the process is operating within specified limits.
      ISO 13485:2003: 7.5.1.3



    3. If data indicates that the process does not always meet process parameters, determine that non-conformances are handled appropriately and investigated and appropriate corrections and corrective actions are taken to address non-conformances.
      ISO 13485:2003: 8.1, 8.2.3, 8.3, 8.4, 8.5.2



    4. If the sterilization process is software controlled, determine that the software is validated.
      ISO 13485:2003: 7.5.2.1



    5. Determine that the equipment used has been adjusted, calibrated and maintained.
      ISO 13485:2003: 7.5, 7.6



    6. Determine that personnel are appropriately qualified and trained to validate, implement and maintain the process.
      ISO 13485:2003: 6.2



Evaluate the sterilization process for adequacy as part of the evaluation of the Production Processes subsystem.


*


*


Yüklə 264,5 Kb.

Dostları ilə paylaş:
1   2   3



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©www.genderi.org 2024
rəhbərliyinə müraciət
    Ana səhifə
Psixologiya