I worked as a quality intern and participated in a BSI audit over the summer. The first thing we went through were gaps in our current documents and work instructions. If we found any gaps we would issue a CAPA to show the auditors we are working on a solution to the problem. We than do a walk through to each station. We make sure there are no uncontrolled documents laying around and all the gages and equipment are calibrated. We also make sure each operator or engineer is familiar with the procedures/ work instructions as well as the quality policy. Our violations usually come from not properly recording information. When you prepare for any audit, you need to put yourself in the auditor's shoes. The auditor will always go through most of the work instructions and procedures and then to the floor.
I have participated in 1 unannounced FDA audit and 1 MDSAP mock audit in the medical industry before. Prior to each audit, there are a series of training sessions for audit preparation that is mandatory for those who will be participating either directly (in the audit room or command center) or indirectly (owners of processes like SOPs) must complete. For the first FDA audit, I was only an intern, so I helped in preparing documents that were needed during the week of the audit and completing my training session. For the MDSAP mock audit, I was a full-time employee who manages the repository for our design history files (DHF) and is the owner of the SOP for that system. So even though I had more responsibility, my role was very similar. I located DHF documents that were required per project, which were primarily project quality plans, product development requirements, system requirement specifications, technical and peer review checklists, verification and validation documentation, as well as risk management files (risk assessments, FMEAs, risk management reports, hazards analysis, etc.). My mindset approaching the audit was pure panic. I was very nervous for no reason. In the audit, it was amazing to see how each department worked as one unit for providing the documents in a timely manner. The majority of the people in the Command Center (where document requests are sent, documents are located, and printed for the auditor) were employees from either Quality, Customer Service, or Product Lifecycle Management, with the exception of myself. The people who were in the room with the auditor were the supervisors of the Quality and Design Control departments. Every auditor is different and there is no agenda for what projects, documents, or CAPAs/SCARs they will be looking into (even though they do provide one) because each auditor has a different focus during their investigation. When an auditor asks you a question, you should only reply with a short and clear answer, avoiding redirecting an auditor down an additional path. Also, if you do not know something, there is nothing wrong with saying that you do not know and will contact the subject matter expert and return the information to the auditor as soon as possible. It was a great experience, and the audits are a great way to ensure all documentation is up-to-date and of highest quality.
For those who are interested in what an MDSAP audit it:
https://www.fda.gov/MedicalDevices/InternationalPrograms/MDSAPPilot/
Although I did not participate in QC where I was the one testing the product or evaluating it, I was the one who had to use the User Requirements Doc. to create process flows that need to be followed by the QC Techs. In my experience, when I toured the QC lab at the company where I worked at, I was pretty impressed with their protocols during audits. Some issues that were known as those involving equipment. If the equipment was malfunctioning, it will be catastrophic for the team, but they were prepared to encounter these type of situations. As to my part, I was in charge of evaluating how the system works, and explain every single outcome that could happen from there, so the QC tech would know what to do to pass an audit or fail it. It was a great learning opportunity for me because I never worked in QC or QA previously.
From my personal experience, audits are to making sure that everyone working in the company is familiar with the company’s goal and mission. Another main point is to expose everyone to SOP’s for their own department. Always have all documents updated and organized. All auditors are not the same, their way of ensuring process are different from each other. Some only come and look at the SOP while other may ask how the procedure was done and details. Sometimes you need to learn to not expose all internal details to auditors, only provide the information that the auditors have asked for, they do not care about long details we provide and may land you and your company in trouble. Since auditors job is to look for flaws in the company, they are constantly looking for any point to pick on.
Although I do not work in Quality, I would like to pitch in some input on how our company prepares and handles audits. Every year, our holding company carries out an unannounced mock audit. These mock audits, from what I've been told, are much more thorough and demanding than regular audits. Fortunately, we have passed every mock audit to date and as a result, passed every audit. I believe it is crucial for all medical device companies to establish random mock audits in order to ensure that all aspects of the company are maintaining good practice and quality. In addition, these mock audits provide a great amount of insight on how the company fared during the period. This allows companies to work on where they are lacking, whether they passed or not.
This is an interesting question. I think inspections are always stressful for the quality department. Even if Regulatory has put forth current procedures and regulations of certain products, it is ultimate upon Quality 's responsibility to ensure that adherence to those regulations was properly met. The perspective of failing regulations and being issued a 483 can put Quality on very stressed state of mind. Besides being a public embarrassment for the company, a 483 can have a negative effect on future projects that the company will submit to the FDA. The FDA scrutinized them very thoroughly due to their prior 483. So basically, with each inspection, the future of the company lies in the balance.
Auditing is defined as the on site verification activity, such as inspection or examination of a process or quality system to ensure compliance to requirements. An audit can apply to an entire organization or production step. Some audits have special administrative purposes such as auditing documents, risk, or performance or following up on completed corrective actions. ISO defines an audit as a systematic, independent and documented process for obtaining audit evidence (records, statements of fact or other information which are relevant and verifiable) and evaluating it objectively to determine the extent to which the audit criteria ( a set of policies, procedures or requirements ) are fulfilled. There are three type of audit: Process audit, Product audit, and System audit.
Having a detailed and accurate Quality System is extremely important for a medical device company. The Quality Systems ensure that essentially everything within a medical device company is documented. This includes validations, risk assessments, design history files, etc.
When an auditor such as the FDA or BSI comes into a manufacturing plant to conduct an audit, the first thing they ask to see and review is the Quality System. Usually the Regulatory Department and the Quality Department work together to lead these audits.
Has anybody participated in an audit to some extent from a Regulatory and Quality standpoint? From a Quality perspective, what type of issues/violations arose? Also, what is the mindset that a Quality person has when it comes to leading up to and walking through these type of audits?
I have not participated from a Quality perspective, but I have from an R&D perspective. Typically, the auditor has a specific set of things they want to focus on, such as the QMS structure, NCs/CAPAs, etc. I specifically supported reviews of NC or CAPA records that I contributed to or owned, and the main issue that arose was surrounding documentation. We have a great QMS system, but sometimes things still fall through the cracks. The auditor mainly wants to focus on what the issue was / why the NC was opened, and what was done to resolve it. From an R&D perspective, I needed to provide input as to what investigations were done to make sure I considered all possible factors, and the corrections that were implemented addressed each aspect of the NC. Additionally, it needs to be documented what will be done to prevent a similar NC from occurring again. The biggest thing I noticed from participating in an audit is to keep your answers short and simple, and only answer what the auditor is asking. Otherwise, if you say too much, the auditor can latch on to something unrelated to what they were initially asking for, and then you or the Quality rep need to steer them back in the right direction.
I have been audited by the IRB and the process is very bureaucratic. The quality system of all studies contain several forms and standards such as subject consent and HIPAA forms, but also case report forms and researcher notes, that are approved by both the IRB and the quality managers and coordinators within the organization. These employees are nothing more than a middle manager between the organization and the IRB, similar to a quality manager that works closely with the FDA for a medical device. The audit process is similar; it is basically revisiting paperwork, ensuring that all forms are completed and ratified, typos and other errors are corrected, and forms are placed in the proper filing location based on the type of study and study population of interest.
Working in the quality department i ensured i followed all the steps and documented them when the FDA came for the check they checked the report and made sure there was no violation of any rule if the rules are not followed there is a chance of receiving a 483 which shows failure of the company to follow the rules which can possibly lead to lesser chances of your product being approved and also hampers the name of the company
If I am QA auditor, there are two things that I am going to focus on: identifying the deficiencies of the regulatory framework of the project and to identify employees who are non-compliant. It should be understood that FDA standards should be met by the project's regulatory guidelines. If we focus on how to well the regulatory policies are followed and the company develops confidence in the team then the team can discuss with the auditor safety and effectiveness of the product and this is essentially QA checkpoint. Some ways to ensure quality within a company is to create checks and balances throughout the company. Something super important while working on a project is to train the project members on quality control for all phases of the project and to stress the importance as well as the significance of maintaining impeccable quality in each employee’s own department. This is an interdependent check and balance for overall quality of the project. Adversely, when it comes to corrective actions and corrective measures during possible violations of regulatory policies early on in the study you would need to correct the actions as soon as possible and provide a solution to the problem, never do a corrective action and not provide supplemental information to correct the action. Finally, always take necessary measurable action because if one employee sees another employee get away with something that requires corrective action then they will more than likely try to get away with the same.
Working for a quality department that not only gets audited every couple of years, but also performs audits for their suppliers, many different factors come into play regarding errors that can be found during the audit process. Issues can be divvied up into Major and Minor errors that an auditor may find when investigating the company. Something minor could be the improper order of filing certain documentation, illegibility of documents, or even a missing signature for a process. For reference, many procedures and documentation need approvers from separate departments, not just your own when submitting paperwork about a topic. After all, if you are working on testing a part for example in a subassembly, quality, manufacturing, production, and even the purchasing departments can all be relevant with regard to this specific component. If there is a single signature missing, or someone missed a line of information, this can be an error that is marked by an auditor, even IF the process could be running smoothly after the fact. From a more severe perspective, perhaps if a Root Cause Investigation (SCAR/CAPA) was started and hasn't been completed in its required time frame, not only does production cease, but if an auditor finds that the issue isn't being resolved, released product can cause danger to the patient (especially if the component that has the issue is STILL being used and no one is aware/people neglect it). Making sure all documentation, tools, and information are up to date and organized so that traceability isn't impacted is crucial to hand off to auditors. With the most relevant and important information at hand and ready to go, it makes audits run incredibly smooth.
From my experiences working in pharma, when the FDA comes to audit a clinical trial, the most important aspect the company focuses on is organization. All the required documents need to be filed correctly and organized in a manner that is easy for the FDA to follow. This is extremely time-consuming as there are often tens of thousands of documents needed for a respective medical device/product. Usually, companies focus on maintaining an organized filing system so that when the FDA comes to audit, they can simply provide them with a Trial Master File. However, if a Quality Department is not diligent in maintaining an organized filing system throughout the trial, then audit periods are times of high stress and scrambling to ensure that all documentation regulations are met. In my experience, companies hire full-time employees and contractors to maintain the filing system so that the company is ready for any quarterly and/or random audits.
Hello,
Having a precise Quality System is paramount for a medical device company. The Quality System serves as the backbone, ensuring that every facet of the company's operations, from validations to risk assessments and design history files, is documented. When external auditors like the FDA or BSI step into a manufacturing plant to conduct their assessments, their initial focus invariably centers on the Quality System. It's a pivotal juncture where the Regulatory and Quality Departments often collaborate closely to navigate the intricacies of the audit process. I've had the privilege of participating in audits from a Quality standpoint during my internship. From the Quality perspective, some common issues and violations that tend to surface involve documentation discrepancies, incomplete or inadequate records, and deviations from established procedures. These can range from minor oversights to more significant lapses in compliance.
