by Greg Maloney
There was a college in Boston that used to run radio ads that went something like this:

You were recently promoted to an IT Program Manager position implementing Quality and Regulatory applications. Your mission is to implement new applications for improving regulatory compliance. What do you do?
You begin compiling a 100-day action plan that includes the following:
  • Inventory the IT systems used within your company and classify them as part of the Quality Management system.
  • Determine applications that require validation
  • Develop a program plan for implementing high priority applications
  • Create a validation schedule for applications
  • Begin implementation
 The first order of business is to determine what is in scope. Performing an application inventory is a good first step. In a large company, it is not unusual to have many different applications performing critical functions. The identification step is needed to determine the who, what, and where of the overall program.
Once you have an inventory of the applications, each application needs to be classified based on impact to the overall Quality Management System. If the applications are core to the QMS, then the applications will require validation.
  • Determine intended use – what process will the application support
  • Identify the requirements of the application
  • Test the application – provide objective evidence that the application was tested for the intended use
  • Train personnel
  • Implement the application
 The software validation workstream is parallel to the implementation of any Quality System Application. There are 5 project phases, as shown in the table below.
PMI Initiate Plan Execute Monitor / Control Close
Application development User Requirements
Functional requirements
Develop project schedules Run project Ensure project stays on track Implement software – after validation approval
Validation Determine intended use Develop Validation project plan Run validation Perform due diligence – ensure objective evidence is obtained Obtain validation approval
What applications should be worked on first? Of course, this depends upon your own organization and internal history. One starting point might be the list of common 483 observations.
The FDA maintains lists of the most common 483 observations by calendar year and business type. The top 5 issues in ranked order for Medical Devices in 2018 are; Note: The total count of issues was 3497.
Regulation Short Description Long Description Process Frequency
21 CFR 820.100(a) Lack of or inadequate procedures Procedures for corrective and preventive action have not been [adequately] established. Specifically, *** CAPA 354
21 CFR 820.198(a) Lack of or inadequate complaint procedures Procedures for receiving, reviewing, and evaluating complaints by a formally designated unit have not been [adequately] established.  Specifically, *** Complaint Handling 229
21 CFR 820.50 Purchasing controls, Lack of or inadequate procedures Procedures to ensure that all purchased or otherwise received product and services conform to specified requirements have not been [adequately] established.  Specifically, *** Purchasing controls 142
21 CFR 803.17 Lack of Written MDR Procedures Written MDR procedures have not been [developed] [maintained] [implemented].  Specifically, *** Medical Device Reporting 139
21 CFR 820.75(a) Lack of or inadequate process validation A process whose results cannot be fully verified by subsequent inspection and test has not been [adequately] validated according to established procedures.  Specifically, *** Process Validation 138
This is a good place to start if you are prioritizing your work effort. The top 5 issues listed here represent the top 29% of all observations.
The next step is to perform your own internal assessment of the areas most needing improvement. You will need to balance the top issues against the funding available within your organization. As with any effort, it is impossible to do everything all at once.
Finally, once the applications are validated and ready for implementation, personnel will need to be trained on the process, system and expectations of their role.

About the Author
Greg Maloney is an Engagement Lead at USDM Life Sciences. With 40 years of experience working in Medical Device companies, Greg has worked in Manufacturing and IT on a diverse set of projects. The bulk of his career has been served in IT supporting Quality and Regulatory applications and consulting with executives and VP's to improve Governance, Risk and Compliance processes within large multinational companies. Greg has specialized in addressing regulatory concerns and simplifying business processes and the IT system landscape.
Greg has extensive experience with IT Program Management, Software Validation, Business Process Management at the Enterprise level, Post Merger and Acquisition integration, Complaint Handling, CAPA and other core Q&R processes.

USDM Life Sciences will help you assess, plan and execute the changes and enhancements necessary to meet UDI regulations. Our team of UDI experts will assess your products, the markets where they are sold and determine an implementation strategy for the changes that need to be made. USDM's assessment methodology is extensive and includes the labels and packaging, the management of identification changes to each product, the changes to PLM, ERP, EPCIS and packaging systems, changes to printing, vision inspection and warehouse/inventory management systems and interfaces to the GUDID.

Want our experts to work on your project?

Take the first step towards creating more value with USDM today.

Connect Now

We use cookies to understand how you use our site and improve your experience. This includes personalizing content and advertising. Learn more.