Given the numerous inspectional observations citing insufficient established CAPA procedures, it’s worth revisiting what regulators expect to see from your CAPA process.

In a 2014 presentation, FDA’s Joseph Tartal described the basics of effective corrective and preventive action—a resource every company should use to evaluate against their own processes. Among many important points, one stands out as particularly useful when for ensuring FDA CAPA compliance:

“Manufacturers should consider that their corrective action and preventive action documentation can demonstrate to FDA that the manufacturer’s quality system is effective and enables the manufacturer to identify problems quickly and implement effective corrective and preventive actions (or not).”

Continue Reading

To improve medical device safety, the HHS Office of the Inspector General (OIG) is recommending that the FDA better integrate cybersecurity criteria into its premarket review process for medical devices.

In its September, 10th report, OIG advised the FDA make three specific improvements related to cybersecurity, all of which the agency says it is currently working to adopt:

  1. Include cybersecurity documentation as a criterion in its Refuse-to-Accept (RTA) checklist.

  2. Use presubmission meetings with manufacturers to address cybersecurity-related questions.

  3. Add cybersecurity questions to its 'Smart' template, which guides FDA's review of medical device submissions.

We've summarized the details of each of these changes to the premarket review process along with general preparation advice for affected device manufacturers.

Continue Reading