There was a college in Boston that used to run radio ads that went something like this:
You were recently promoted to an IT Program Manager position implementing Quality and Regulatory applications. Your mission is to implement new applications for improving regulatory compliance. What do you do?
You begin compiling a 100-day action plan that includes the following:
- Inventory the IT systems used within your company and classify them as part of the Quality Management system.
- Determine applications that require validation
- Develop a program plan for implementing high priority applications
- Create a validation schedule for applications
- Begin implementation
The first order of business is to determine what is in scope. Performing an application inventory is a good first step. In a large company, it is not unusual to have many different applications performing critical functions. The identification step is needed to determine the who, what, and where of the overall program.
Once you have an inventory of the applications, each application needs to be classified based on impact to the overall Quality Management System. If the applications are core to the QMS, then the applications will require validation.
- Determine intended use – what process will the application support
- Identify the requirements of the application
- Test the application – provide objective evidence that the application was tested for the intended use
- Train personnel
- Implement the application
The software validation workstream is parallel to the implementation of any Quality System Application. There are 5 project phases, as shown in the table below.
||Monitor / Control
|Develop project schedules
||Ensure project stays on track
||Implement software – after validation approval
||Determine intended use
||Develop Validation project plan
||Perform due diligence – ensure objective evidence is obtained
||Obtain validation approval
What applications should be worked on first? Of course, this depends upon your own organization and internal history. One starting point might be the list of common 483 observations.
The FDA maintains lists of the most common 483 observations
by calendar year and business type. The top 5 issues in ranked order for Medical Devices in 2018 are; Note: The total count of issues was 3497.
|21 CFR 820.100(a)
||Lack of or inadequate procedures
||Procedures for corrective and preventive action have not been [adequately] established. Specifically, ***
|21 CFR 820.198(a)
||Lack of or inadequate complaint procedures
||Procedures for receiving, reviewing, and evaluating complaints by a formally designated unit have not been [adequately] established. Specifically, ***
|21 CFR 820.50
||Purchasing controls, Lack of or inadequate procedures
||Procedures to ensure that all purchased or otherwise received product and services conform to specified requirements have not been [adequately] established. Specifically, ***
|21 CFR 803.17
||Lack of Written MDR Procedures
||Written MDR procedures have not been [developed] [maintained] [implemented]. Specifically, ***
||Medical Device Reporting
|21 CFR 820.75(a)
||Lack of or inadequate process validation
||A process whose results cannot be fully verified by subsequent inspection and test has not been [adequately] validated according to established procedures. Specifically, ***
This is a good place to start if you are prioritizing your work effort. The top 5 issues listed here represent the top 29% of all observations.
The next step is to perform your own internal assessment of the areas most needing improvement. You will need to balance the top issues against the funding available within your organization. As with any effort, it is impossible to do everything all at once.
Finally, once the applications are validated and ready for implementation, personnel will need to be trained on the process, system and expectations of their role.
About the Author
Greg Maloney is an Engagement Lead at USDM Life Sciences. With 40 years of experience working in Medical Device companies, Greg has worked in Manufacturing and IT on a diverse set of projects. The bulk of his career has been served in IT supporting Quality and Regulatory applications and consulting with executives and VP's to improve Governance, Risk and Compliance processes within large multinational companies. Greg has specialized in addressing regulatory concerns and simplifying business processes and the IT system landscape.
Greg has extensive experience with IT Program Management, Software Validation, Business Process Management at the Enterprise level, Post Merger and Acquisition integration, Complaint Handling, CAPA and other core Q&R processes.
USDM Life Sciences
will help you assess, plan and execute the changes and enhancements necessary to meet UDI regulations. Our team of UDI
experts will assess your products, the markets where they are sold and determine an implementation strategy for the changes that need to be made. USDM's assessment methodology is extensive and includes the labels and packaging, the management of identification changes to each product, the changes to PLM, ERP, EPCIS and packaging systems, changes to printing, vision inspection and warehouse/inventory management systems and interfaces to the GUDID.