Corrective and Preventive Action (CAPA) routinely tops the list of most-cited inspectional observations year after year, making it a clear target for investigators. When problems are found in your CAPA program, it can open your broader QMS up to intense scrutiny.

Continue Reading

In FDA-regulated manufacturing, genuine human errors do occur but they’re cited far more frequently than they probably should be.

In truth, most problems that appear to be caused by human error — especially those that occur multiple times — are actually rooted in processes or systems that when left unchanged, will keep producing the problem despite the convenient band-aids often placed over them.

When human error is identified more frequently than it should be expected to happen, it signals to investigators that problems aren’t being internally investigated thoroughly enough. This can quickly shift the investigator into problem-hunting mode and open your quality management system up to even greater scrutiny.

Continue Reading

Given the numerous inspectional observations citing insufficient established CAPA procedures, it’s worth revisiting what regulators expect to see from your CAPA process.

In a 2014 presentation, FDA’s Joseph Tartal described the basics of effective corrective and preventive action—a resource every company should use to evaluate against their own processes. Among many important points, one stands out as particularly useful when for ensuring FDA CAPA compliance:

“Manufacturers should consider that their corrective action and preventive action documentation can demonstrate to FDA that the manufacturer’s quality system is effective and enables the manufacturer to identify problems quickly and implement effective corrective and preventive actions (or not).”

Continue Reading

To improve medical device safety, the HHS Office of the Inspector General (OIG) is recommending that the FDA better integrate cybersecurity criteria into its premarket review process for medical devices.

In its September, 10th report, OIG advised the FDA make three specific improvements related to cybersecurity, all of which the agency says it is currently working to adopt:

  1. Include cybersecurity documentation as a criterion in its Refuse-to-Accept (RTA) checklist.

  2. Use presubmission meetings with manufacturers to address cybersecurity-related questions.

  3. Add cybersecurity questions to its 'Smart' template, which guides FDA's review of medical device submissions.

We've summarized the details of each of these changes to the premarket review process along with general preparation advice for affected device manufacturers.

Continue Reading

In a recent statement, FDA Commissioner Scott Gottlieb, M.D., outlined the steps the agency is taking to ensure the quality of compounded drugs while enabling access to patients in need.

In addition to revising a draft memorandum of understanding (MOU) aimed at increasing the proportion of drugs compounders may ship interstate, the announcement includes critical information for both traditional compounders and outsourced compounding facilities (those registered with the FDA to comply with guidelines under section 503B of the FD&C Act).

In short, traditional compounding facilities will likely come under greater scrutiny from state agencies. The data collected will then be used by FDA to prioritize risk-based federal inspection and enforcement. Outsourced compounding drug facilities will be accountable for meeting current good manufacturing (CGMP) requirements via a risk-based approach with less-stringent requirements for low-risk products to encourage compounders to register and operate as outsourcing facilities.

Continue Reading