Audits of quality systems are required in the medical device industry—but are you conducting your own internal audits on a routine basis? Are you including your packaging operations?
Internal audits at planned intervals are expected under 21 CFR Part 820 as well as under ISO 13485. Speaking at HealthPack 2017, John Derek Thompson, lead sterile packaging operations engineer for DePuy Synthes, encouraged attendees to conduct them regularly. He offered a “toolbox of tips” to help attendees be more actively “compliance self-aware.”
Thompson began by explaining that developing an auditor’s eye is “a tool of compliance self-awareness.” For instance, for “every action you do and everything you write down, you should ask yourself, ‘how would this look to an auditor’?” he explained. And then “you must present objective evidence of how the right thing was done and how the risk of not having done it right was mitigated.”
Thompson said it’s also important for packaging professionals to ask themselves and their team the right questions while generating these documents: validations, SOPs, maintenance records, change control, non-conformance reports, and CAPAs.
Risk is a core concern throughout all these activities, so Thompson advised packaging professionals to ask these questions as a real-time compliance check:
- What is the identified risk?
- How does this action mitigate the identified risk?
- What are performance indicators to demonstrate that the risk has been effectively mitigated?
- Is there a system in place to effectively monitor established processes?
- And is there objective evidence for all the above?
When writing validation reports, professionals should ask themselves and their teams these questions:
- Are the results immediately apparent? (“Don’t make an auditor search or wait until the end of a report for the final outcome,” Thompson said.
- Have all identified acceptance criteria defined in your preapproved protocol been met?
- Does the first page of your protocol summary state the following clearly: the validation activity and the results, the original intent of the protocol, whether acceptance criteria have been met, the major equipment validated, and clear pointers to objective evidence provided?
- Is all data clear and legible?
- Have all test methods been validated?
- Have all measurement devices used been calibrated?
- Are all training records documented for those recording data or approving the protocol?
In terms of designing SOPs, Thompson said it’s important to consider whether work instructions are clear and straightforward so that people who know nothing of a company’s process can follow them. For instance, are there clearly stated steps and output expectations as well as procedures for handling unexpected results?
Maintenance schedules and records for validated equipment are also expected under 21 CFR Part 820, so companies should audit these procedures and be “compliance self-aware” in their design, he said. For instance, is it clear as to who is responsible for executing routine tasks? Are tools or materials defined and available to mitigate risk? Does routine equipment maintenance include a verification step to ensure a return to a validated state? What about standard risk mitigation during unplanned maintenance?
Thompson also urged the audience to consider their procedures for documenting nonconformances and CAPAs. For instance, packaging professionals should ask themselves as they document a nonconformance whether someone unfamiliar with their processes can determine from records what the nonconformance was and who it involved, what the outcome was, and how the issue was immediately contained.
He also told the audience to avoid these indefinite types of words in their CAPA reports: usually, mostly, typically.
Finally, companies should have a “compliance mind” for their procedures in place for validated-system change control. Thompson advised the audience to ask themselves whether there is a process in place to determine the level of system change required (e.g., critical, moderate, or minor) based on the risk to the validated state and what steps need to take place at each level. “Define system levels and change requirements in the original validation,” said Thompson. “You may not be able to capture all cases, but all reasonable ones should be listed with requirements for verification testing or revalidation following changes to them.”
Referring to all these activities, Thompson told the audience: “Remember that in all your documentation, you are giving an account of events that an auditor was not present for. Each document should tell a complete story and leave little or no doubt that the outcome was what was intended and the risk of deviation was mitigated through robust design and effective monitoring.”
He later told PMP News that: “An audit is after the fact. The intention is to maintain an auditor’s eye while you carry out a task, rather than waiting to have it reviewed later for compliance assurance.”
He encouraged the audience to join the Packaging Operations Technical Subcommittee of IoPP’s Medical Device Packaging Technical Committee. Thompson is chairman of the subcommittee. More details can be found at www.iopp.org or by contacting Thompson at email@example.com.
To learn about the "Next Big Thing" in healthcare, check out this conference at the upcoming BIOMEDevice Boston event on Wednesday, May 3:
"The Next Big Thing: Collaborating in Research, Design, and Development to Create the Future of Healthcare,"by speaker Brian Mullen, Innovation Strategy Manager, Brigham Innovation Hub, Brigham and Women's Hospital