Given the numerous inspectional observations citing insufficient established CAPA procedures, it’s worth revisiting what regulators expect to see from your CAPA process.

In a 2014 presentation, FDA’s Joseph Tartal described the basics of effective corrective and preventive action—a resource every company should use to evaluate against their own processes. Among many important points, one stands out as particularly useful when for ensuring FDA CAPA compliance:

“Manufacturers should consider that their corrective action and preventive action documentation can demonstrate to FDA that the manufacturer’s quality system is effective and enables the manufacturer to identify problems quickly and implement effective corrective and preventive actions (or not).”

Continue Reading

To improve medical device safety, the HHS Office of the Inspector General (OIG) is recommending that the FDA better integrate cybersecurity criteria into its premarket review process for medical devices.

In its September, 10th report, OIG advised the FDA make three specific improvements related to cybersecurity, all of which the agency says it is currently working to adopt:

  1. Include cybersecurity documentation as a criterion in its Refuse-to-Accept (RTA) checklist.

  2. Use presubmission meetings with manufacturers to address cybersecurity-related questions.

  3. Add cybersecurity questions to its 'Smart' template, which guides FDA's review of medical device submissions.

We've summarized the details of each of these changes to the premarket review process along with general preparation advice for affected device manufacturers.

Continue Reading

In a recent statement, FDA Commissioner Scott Gottlieb, M.D., outlined the steps the agency is taking to ensure the quality of compounded drugs while enabling access to patients in need.

In addition to revising a draft memorandum of understanding (MOU) aimed at increasing the proportion of drugs compounders may ship interstate, the announcement includes critical information for both traditional compounders and outsourced compounding facilities (those registered with the FDA to comply with guidelines under section 503B of the FD&C Act).

In short, traditional compounding facilities will likely come under greater scrutiny from state agencies. The data collected will then be used by FDA to prioritize risk-based federal inspection and enforcement. Outsourced compounding drug facilities will be accountable for meeting current good manufacturing (CGMP) requirements via a risk-based approach with less-stringent requirements for low-risk products to encourage compounders to register and operate as outsourcing facilities.

Continue Reading

The Eight Disciplines (8D) model is a problem-solving methodology used primarily within the automotive industry to identify root causes, correct them in the short term and prevent them in the long term.

Given its reputation for reliability in the automotive space, it's no surprise the method has been embraced by engineers in other industries tasked with solving similar types of problems. Drug and device manufacturing is one such space where 8D seems like a fit, particularly within corrective and preventive action (CAPA) programs.

But despite its success, the 8D model presents a serious compliance problem under both FDA and global ISO regulations––one that regulators are seizing on as evident by the top-cited inspectional observation within the device space since 2010: "Procedures for corrective and preventive action have not been [adequately] established."

Continue Reading

As data integrity issues increasingly find their way into FDA Warning Letters and Form 483s, regulators are demanding companies determine the root cause of these problems by conducting in-depth, objective employee interviews.

This typically appears in FDA Inspectional Observations with the statement below.

“Interviews of current and former employees to identify the nature, scope, and root cause of data inaccuracies. We recommend that these interviews be conducted by a qualified third party.”

In many cases, regulators expect the scope of these investigations to encompass laboratory and production areas in order to fully explain data irregularities and the causes for them, wherever they originated.

Continue Reading