Risk Management for Medical Devices – ISO 14971 2007

If your design and manufacturing resources are spending too much time on documentation and not enough time on actual risk management and mitigation, you as a manager need to be looking for ways to simplify the work at hand.

Advertisements

Risk management overarches projects associated with a particular product family, given that risks will both remain and change as new design features and medical indications for use evolve with a particular device.

During all phases of a project, any new consideration must be held up against the scrutiny of potential risk and harm to the health of people, damage to property, or to the environment during all stages of a product’s life cycle and supply chain.

Risk management is a process that involves many considerations, responsibilities, personnel, and the transfer of knowledge. Given that it transcends projects and even companies, it is particularly critical that key pieces of information survive these many hand-offs.

If you are constantly struggling to create, manage, and maintain all of the information found in the various Risk Management documents and files, all of which are often redundant, repetitive, and clustered together in an awkward manner, this webinar is something that will give you a different perspective and a very different approach that you can use.

If your design and manufacturing resources are spending too much time on documentation and not enough time on actual risk management and mitigation, you as a manager need to be looking for ways to simplify the work at hand.

  • Risk management process as per ISO 14971
  • Management responsibilities
  • Qualification of personnel
  • Risk management plan
  • Risk management file
  • Bringing it all together –links to design and process

 

Risk Based Incident Management and CAPA for GxP Computerized Systems Operations

Recognizing that the control of the resolution and implementation of the correction may be managed by other processes.

This specifically addresses the Incident Management and CAPA processes of the Operations phase of GxP Computerized Systems and describes the development, implementation, and maintenance of efficient, cost-effective, and compliant processes and procedures.

An incident is any unplanned occurrence which prevents (or may prevent) or delays users, the system, an operation, or a service from proceeding with an assigned task. The Incident Management process is intended to provide effective support for unexpected events to users of laboratory, process control, and IT systems.

The CAPA process captures those incidents and failures escalated from the incident management and periodic review processes. These are then tracked from initial occurrence, through impact assessment to resolution and implementation of the correction, recognizing that the control of the resolution and implementation of the correction may be managed by other processes.

The CAPA process also accommodates the situation in which a failure needs both corrective action (to fix a failure) and additional preventive action (to avoid the failure occurring again).

corrective action capa

Whenever possible, processes discussed will be aligned on the Quality Management System described by ICH Q10 (Pharmaceutical Quality System) and ICH Q9 (Quality Risk Management).

 

  • How the Operations Phase fits into the Quality Management System
  • Operations Phase Processes Lifecycle
    • Capture of Operational Control Requirements
    • Design of Operational Processes
    • Verification of Processes
    • Deployment of Processes
    • Verification of the Effectiveness of Processes
    • Process Relationships
  • Risk Management for Operational Processes

 

  • Managers/Directors/Supervisors and Personnel related to:
    • IT
    • Validation
    • Quality Management System
    • Quality Assurance
    • Quality Control
    • Product Development
    • Engineering
    • Manufacturing
    • Risk Management
  • Complaint Handling
  • Personnel New to the Regulated Industry
  • Training Personnel
  • Document Control Personnel
  • Regulatory Personnel

Risk Management for Operational Processes http://bit.ly/2UmYyIt

 

 

 

What Everybody Ought to Know About Supplier Management

Technology and globalization have given it a new impetus, the way these forces have to many other such activities and areas of business.

Isn’t supplier management all about managing your suppliers? Well, at first glance, it appears as simple as that. In fact, it is the easiest way to understand the term. Yes, from a semantic and literal point of view, this may be what supplier management really is. But it is in making the idea of supplier management work that businesses have quite a task on their hands.

Among the many aspects of what everybody ought to know about supplier management is that with the advent and ever-growing reliance of businesses on international trade, the discipline of supplier management has gained new traction. Supplier management has been a part of business for ages if one takes into account its undefined or raw use. However, technology and globalization have given it a new impetus, the way these forces have to many other such activities and areas of business.

Supplier

Supplier management is a process facilitator of the highest order

In certain areas like technology and supply chain, supplier management becomes a crucial aspect. This is because of the emergence of a concept collateral to the developments just discussed: outsourcing. The mention of this word may evoke many negative connotations in many people, but the fact is, it is here to stay. It is a natural outcome of globalization and technology and is hence a force to be reckoned with, no matter what reservations some people may have about it.

It is natural for global companies in many areas from IT to textiles and from construction to food to rely on suppliers. The reason is as simple and commonsensical as one can imagine: cost effectives and ease of operation. At the heart of supplier management is the idea that many activities of a business, sometimes even core business activities or processes, are outsourced to suppliers and this is something that needs to be managed with diligence and meticulousness.

Adherence to the specifications is crucial

Another among what everybody ought to know about supplier management is that there is a core reason for which supplier management becomes critical: suppliers have to adhere to the specifications set out for a product. The specifications apart, in some high specialty areas such as medical devices and life sciences, there is a lot of importance attached to the process as well. Processes for manufacture or finishing are set out in acute detail by the regulatory agencies. If these are not complied with or if there are deviations beyond the permitted levels or extent, there could be serious repercussions on the business.

It is to prevent such situations that supplier management has to be very robust. It should consist of clarity in the process and method of allowing work. It should also have inbuilt safeguards and guarantees for errors or deviations. All the activities of the supplier, from procurement of the raw material to the transportation and final destination of the product need to be tracked at various stages. It is in ensuring that this happens in a smooth and hassle-free manner that a system called supplier management solution exists.

f7e2cb310c97f78545a16f819b1f3cd5

What to look for in a supplier management system

Now, supplier management systems or solutions are software tools that help to monitor and track the various aspects of suppliers for any activity from the first to the last stages. These systems eliminate to need to manually track the range of activities that the supplier is entrusted.

A lot of care and diligence is needed in selecting the supplier management system. It has to consist of the features that will enable the smooth flow of goods and products according to specification.

suppliermanagement

Plus, it must be compliant with the regulations. Most important of all, it should integrate rightly. Integration is the very soul of a supplier management system. The system should be able to access inputs from the right sources and integrate them into the whole system to enable smooth functioning.

Trust and relationships are the base of a supplier management system

While a supplier management system is central to supplier management, it is only the physical aspect of supplier management. It is like an edifice which is built on a foundation, and that foundation has to be the right relationship between the supplier and the company.

All the benefits of the many technologies and the power of contracts notwithstanding; what everybody ought to know about supplier management is that trust is the point from which supplier management operates. Having a sound relationship is still the core of a supplier management system, no matter how much processes may depend on technology in this age.

http://spendmatters.com/2017/01/31/what-is-supplier-management/

https://www.digitalistmag.com/digital-supply-networks/2017/12/05/how-to-choose-winning-supplier-management-solution-05596549

https://www.zycus.com/blog/procurement-technology/5-step-process-for-effective-supplier-management.html

https://blog.sysaid.com/entry/supplier-management-is-more-than-just-negotiating-contracts

What is the legal language of the FDA form 1572 or Device equivalent?

The Form FDA 1572 also has another important purpose to fulfil.

Form FDA 1572 is one of the primary documents needed when carrying out a clinical trial. Also called the Statement of Investigator; Form FDA 1572, called just 1572 informally, is a contract between the Principal Investigator (PI) and the FDA. This form contains all details of the subjects, as well as commitments from the PI.

It is a contract in which the Principal Investigator, the person who is in charge of the clinical trial, gives an undertaking to the FDA giving it the assurance that she will comply with all the requirements set out by the regulatory agency with regard to the trial.

By signing the FDA form 1572, which relates to IND studies, or the “Statement of the Investigator, which is meant for IDE studies; the PI is submitting herself to all the appropriate regulations, as this is a legally binding document by which they commit themselves to follow all of these.

The 1572 is meant to serve two important purposes:

It is a way of helping the FDA, as well as the sponsor of the study to qualify the PI, i.e., it gives the FDA and the sponsor of the study the opportunity to understand the Principal Investigator’s qualifications and ability to carry out the research in terms with the purposes it seeks to fulfil. It is also a way to verify that the site at which the clinical study is being carried out is appropriate for the study.

fdaguidanceoninvestigatorresponsibilitiesand1572-130320142921-phpapp01-thumbnail-4

The Form FDA 1572 also has another important purpose to fulfil.  It takes an undertaking from the Principal Investigator that the requirements set out by the FDA will be met during the trial. Failure to adhere to these commitments is considered a criminal offence, as something amounting to making false statements, and is liable for legal action under the terms set out in 18 USC 1001. This form has to be submitted whenever the sponsor selects the Principal Investigator to take charge of a clinical trial that is being conducted as an investigational new drug (IND) meets the criteria set out in 21 CFR 312.53 (c).

Other documents

Further, other documents such as 21 CFR 312.50, which deals with the General Responsibilities of Investigators, 21 CFR 812.100, which deals with the Responsibilities of Investigators for Biologics, and 21 CFR 812.110, which deals with the Responsibilities of Investigators for devices, need to be adhered to.

All these documents set out the general and specific responsibilities that the Investigators have when conducting a clinical trial. These start from who can qualify to be considered a PI to what qualification criteria sub investigators and research staff need to have.

A proper understanding of Form FDA 1572

FDA Form 1572 is thus an extremely important document that needs to be complied with fully if the clinical trial has to be considered compliant with the regulatory requirements. A full understanding of all the aspects that go into this will be spelt out at a webinar that Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, is organizing.

This webinar educates participants about the due diligence that investigators and their staff about their regulatory and legal responsibilities. Charles H. Pierce, a consultant in the Clinical Research/Drug-Device Development arena, will be the speaker at this webinar. In order to gain complete knowledge of this valuable guidance document, please enroll for this webinar by visiting signs the FDA form 1572

productdetail-297pxcircles-chemolock

There are nine statements in the FDA form 1572. Seven out of these begin with “I agree”. These are the important elements named in the 1572:

  • 21 CFR 50 (Protection of Human Subjects)
  • 21 CFR 56 (Institutional Review Boards)
  • 21 CFR 312 (Investigational New Drug Application/IND)
  • For Device studies, 21 CFR 812 (Investigational Device Exemptions/IDE) is added in place of 21 CFR 312.

The GCP Guidelines of E6 (4) and the Compliance Program Guidance Manual (CPGM) 7348.811 outline additional responsibilities. It makes sense for PI and sponsors to comply with the principles of Good Clinical Practices (GCP), and to also use their common sense.

Charles will give a proper understanding of all these at this webinar. He will cover the following areas at this webinar:

  • The Investigators role in the clinical research process
  • The difference between AEs and SAEs and the reporting requirements of the investigator
  • Why the investigator maintains a list of staff signatures?
  • Why the investigator files the signed and dated protocol?
  • Why the investigator is responsible for the IC process?
  • What is the legal language of the FDA form 1572 or Device equivalent?
  • Why is Financial Disclosure information important?

What is the history of the drug / device regulations?

Actions for Noncompliance of cGMPs in the Quality Control Laboratory

The inappropriate or incomplete implementation of cGMPs in the Quality Control labs is a major area for which the FDA takes penal actions against them.

Quality controls in laboratories are a major area for which the FDA issues 483’s. A laboratory is the venue for many activities, all of them of varying importance to the product. When controls in laboratories are not up to the standard, such a laboratory could produce products that do not meet quality and processes expectations, and hence invite 483’s.

Quality Control Laboratory 141216186486

 

Issues with drug quality, drug integrity and data integrity, as well as data fabrication and human errors and even behavior towards the FDA inspectors during inspections are some of the reasons for which laboratories get hauled up by the FDA. The inappropriate or incomplete implementation of cGMPs in the Quality Control labs is a major area for which the FDA takes penal actions against them.

Most common areas of noncompliance

These are some of the most common areas in which the FDA is likely to find issues relating to cGMPs in Quality Control laboratories:

  • Out of Specification lab results
  • Laboratory error- improper analysis method, use of incorrect standards, and/or miscalculation of data
  • Operator error or non-process error
  • Fault in the manufacturing process
  • Product failures
  • Laboratory documentation and records
  • Validation of methods
  • Equipment errors
  • Problems with raw materials
  • Lack of in-process controls and specifications
  • Management of the laboratory
  • Unexplained anomalies

Ways of avoiding penal actions

maxresdefault 56897951

From about the 1980’s, the FDA has been targeting Quality Control laboratories ever more stringently. The way of avoiding receipt of 483’s, which could escalate into a Warning Letter if it not addressed properly, is to be aware of all the ways by which to meet the FDA’s requirements of cGMPs in Quality Control laboratories. Some of the steps a QC laboratory needs to take to avoid FDA actions include:

  • Carefully reviewing and analyzing the regulations, inspectional guidance, 483 observations and Warning Letter and internal audit observations and deviations
  • Thoroughly reviewing laboratory practice and procedures
  • Gaining knowledge of the areas the investigators review and the type of observations that are made in other organizations and using this information to ensure that their laboratory operations are improved

Implementing actions based on these is at the root of its strategy for avoiding future observations of non-compliance and the issuance of 483’s from the FDA.

A valuable learning session on implementing these

How do laboratories do all these? How do they implement the correct cGMPs in their Quality Control laboratories, so that they meet the FDA’s compliance requirements? A webinar on this highly relevant and meaningful topic from Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will show how.

John Lanese, an independent consultant with a focus on Quality Systems and the components of an effective Quality System and Founder of The Lanese Group, which consults with small and large medical device and pharmaceutical companies, including companies under FDA Consent Decree, API and excipient manufacturers, electronic firms and other manufacturing organizations; will be the speaker.

Please register for this highly valuable session by visiting and learn all that it takes to implement cGMPs in the Quality Control lab and avoid harsh penalties from the FDA, which could set your business back.

A thorough approach to imparting lessons on cGMPs

This is the approach that John will adapt for inculcating the lessons on cGMPs in the Quality Control laboratory:

He will apply one aspect of a proactive approach and review how this approach can be implemented for meeting regulatory requirements. He will then analyze 483 and Warning Letter observations to determine if similar observations that could serve as a benchmark to initiate further preventive actions could be made in the participants’ facility.

John will explain the non-conformances most often cited by the FDA, along with the relevant regulation. He will then show specific observations that relate to the laboratory cited in Warning Letters and FDA 483s. John will use these real life examples to show to participants the ways of analyzing what went wrong. He will explain the systems, procedures and records the laboratory should have in place that would prevent a similar observation. He will also familiarize the participants with several questions that a laboratory manager or an auditor might ask to assure that appropriate systems, procedures and records are in place and are being followed.

quality-control-in-the-medical-laboratory-16-638568541

Key personnel in laboratories, such as Quality Control Laboratory Managers, Quality Control Laboratory Supervisors, Quality Control Analysts, Quality Control Microbiologists, Quality Assurance Managers, and Quality Auditors will gain immense benefits by participating in this webinar. They will be able to critically evaluate key areas in the laboratory operations for compliance and identify areas for improvement after completion of this webinar.

John will cover the following areas at this webinar:

  • System Based Inspection Guidance
  • Laboratory Control System
  • Most common observations in the laboratory
  • 483 and Warning letter observations
  • Analysis of observations
  • Areas for preventive action.

How to Comply and how to Protect Privacy

Another area that is addressed by the GDPR is the export of personal data to regions outside the EU.

The General Data Protection Regulation (GDPR) –codified as Regulation (EU) 2016/679 – is an important law concerning the protection of data of all people living in the European Union (EU). Through the GDPR regulation; all the legislative and secretarial bodies of the EU, namely the European Parliament, the Council of the European Union and the European Commission, fortify and toughen and unify all aspects of data protection for all individuals within the European Union (EU).

Business, Technology, Internet and network concept. Young businessman showing a word in a virtual tablet of the future: Data protection

Another area that is addressed by the GDPR is the export of personal data to regions outside the EU. The core purposes for which the GDPR is enacted are twofold:

  • Giving control back to citizens and residents over their personal data
  • Simplifying the regulatory environment and bringing about uniformity and unity in data protection regulations across the EU to facilitate the ease of doing global business within the EU.

The GDPR will be the new law without requiring members to endorse it

The GDPR came into effect when the European Commission adapted the proposal for its creation on January 25, 2012. When the GDPR comes into effect and becomes enforceable from 25 May 2018 after a two-year transition period after being adopted on 27 April 2016; it will replace the data protection directive that has been in use in the EU from 1995: Directive 95/46/EC.

The all-powerful nature of this regulation can be gauged from the fact that it does not require legislative support from any of the EU members. It straightaway becomes law and will be directly binding and applicable from the date of its enforcement.

Benefits of the new legislation

EU-GDPR-new-1

The GDPR will come with many advantages:

  • It will offer greater and clearer insight into Personally Identifiable Information (PII) processing within the company
  • It will boost security controls and unify these across the 27 EU members
  • It brings about increased customer confidence, since there are stronger safeguards for data protection
  • It will relax the process of doing business in the EU

Drawbacks of the GDPR for companies that want to do business in the EU

While the primary objective of the GDPR is smoothing the laws for allowing global businesses in the bloc; it comes at a rather expensive price tag: If companies fail to comply with the GDPR provisions on data protection, they end up coughing up two percent of their worldwide revenues in penalties!

These are some of the other pain areas of the GDPR:

  • Provisions stipulate fines of up to € 20 million
  • Inviting a host of complicated lawsuits
  • Loss of reputation
  • A host of liability cases

These facts about the GDPR make it necessary for companies in any line of business that want to gain access to the huge EU market to get a complete and clear grasp of the nuances of this new legislation. This is absolutely necessary if they have to avoid the consequences of noncompliance.

Get to understand the ways of the GDPR

This is the learning that a webinar from Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will be offering. Derk Yntema, who has over 15 years of experience in ICT and security-management and has demonstrated capacity to implement innovative security programs that drive awareness towards information security and strengthen organizations and proven knowledge of privacy legislation and helping companies towards privacy compliance, will be the speaker at this session.

To get a full and proper understanding of the GDPR and how it affects your business, please register for this webinar by visiting Security Controls up to level

At this webinar, which will be of very high value to professionals such as Board of Directors, Supervisory Board, CxO’s and Compliance Managers/Officers; Derk will cover the following areas:

  • What is Privacy?
  • How to Protect Privacy
  • What is PII?
  • What is in the GDPR (General Data Protection Regulation)
  • How to Comply.

Guarding against cyberattacks

It was estimated that cyberattacks amounted to a loss of at least a trillion dollars to the US economy in 2013, up by more than 25% over the previous year.

Data breaches, malware and related frauds can cost an organization very dearly. The effects of cyber fraud are rather alarming:

It was estimated that cyberattacks amounted to a loss of at least a trillion dollars to the US economy in 2013, up by more than 25% over the previous year. The US continues to be the largest target and sufferer of cyberattacks. It accounts for more than a third of all cyberattacks that happen all around the world, followed by India, which is a distant second, at a ninth of that of the US.

Security

In terms of numbers of cyber attackers, the top cyber attackers are found predominantly in the developed world, with three of the top countries for cyber attackers belonging to the west. Germany is home to over a million cyber attackers, followed closely by the US, which had close to a million attackers in late 2013, followed by Mongolia and France.

 

A huge variety of losses

In addition to the financial loss that organizations face in the aftermath of a cyberattack, they have to also contend with other losses that are of a grave nature. Organizations in which fraud happens risk their reputation. They go down in the market as being run by incompetent and untrustworthy people at the top. Deloitte lists a number of other losses, both hidden and overt, that cyberattacks cause to organizations. These are some of them:

  • Inability to meet regulatory compliance and having to pay fines levied by regulatory agencies
  • Payment of losses and fees spent on litigation
  • Costs relating to taking measures to improve security
  • Cost of the investigation
  • Loss caused by disruption to business
  • Loss of intellectual property
  • Increased cost of insurance

Dollarphotoclub_64869762_2-1438304252

What can be done about this?

If organizations need to prevent negative scenarios such as these; they have to implement a number of security measures and procedures. These security measures need to be in the form of an Incident Response Program that will allow organizations the ability to respond to such attacks with dexterity, while at the same time making sure that their business operations do not get disrupted.

This calls for establishing Key Performance Indicators (KPI) to help to determine if organizations’ Information Systems Incident Response program meets business objectives and operational metrics for ongoing process improvement.

kpi_infographic_1_2

Get to understand the ways of implementing cyber security

The ways of putting such a system in place will be the learning a webinar from Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance. Michael Redmond Consultant, a well-known speaker and author who also conducts ISO Certification Training for PECB, will be the speaker at this webinar. Michael is the Chapter President for Association of Contingency Planners Eastern Great Lake Chapter and an active member of ISSA.

Please log in to Business Continuity Planning to register for this webinar.

The key learning imparted by this training session is the ways of creating, testing and implementing an effective cyber Incident program to counter cyber threat and malware attacks. It will explain how to measure an organization’s susceptibility to a cyberattack. The speaker will explain the critical action areas in such events.

Ms. Redmond will explain all the measures that organizations need to take in order to avert a cyberattack, during the course of which she will discuss the following:

  • How to tailor and enhance an existing security training program and set up requirements for specific audiences
  • How to strengthen IT Risk Management – Integrate Information Security risk management with enterprise risk management
  • How to build an IS regulation review process, schedule and regulation requirements

This session will be of high value to those professionals who are at the forefront of security operations, such as Information Security Managers, CEO, CIO, CFO, CSO, Technology Managers, Risk Managers, Compliance Managers, and Auditors.

The speaker will cover the following areas at this webinar:

  • Adopting a systematic approach to risk tracking to enhance the effectiveness of the Cyber Incident Program
  • Outlining the critical actions to take if an event affects the company or its partners
  • Understanding an organizations’ susceptibility to a Cyber Attack
  • Cyber Incident Response: Getting started, research, training, testing and maintaining
  • Standards and Best Practice: ISO 27001, ISO 27035, ISO 27005. NIST, FFIEC, HIPPA and HITRUST.