FAQ – Process validation at suppliers

FAQ – Process validation at suppliers

After more than 20 years in medical devices, I still get many questions regarding process validation at suppliers for medical devices. I summarized some of them briefly below and added my personal view of an adequate answer.

?Q: Do processes at suppliers need to be validated?

A: Yes, ISO 13485:2016, clause 7.5.6, does not make a difference if processes are conducted internally or externally (“The organization shall validate any processes for production and service provision where the resulting output cannot be or is not verified by subsequent monitoring or measurement and, as a consequence, deficiencies become apparent only after the product is in use or the service has been delivered”).

?Q: Who is then responsible that validations at suppliers are conducted?

A: Finally, it is the manufacturer of the final finished medical device, i.e., the company placing the product on the market (sometimes called “legal” manufacturer). Responsibilities should be clearly specified between supplier and manufacturer, for example within a quality system agreement.

?Q: Is it sufficient that the supplier has the validation onsite available or does he need to hand-over the validation to the manufacturer?

A: He needs to hand-over the full process validation to the manufacturer. This is defined in EU 2017/745 (MDR), annex II, 3 (“[the TD includes] … complete information and specifications, including the manufacturing processes and their validation, their adjuvants, the continuous monitoring and the final product testing. Data shall be fully included in the technical documentation).

?Q: My supplier wants to protect his intellectual property. Is he allowed to hide information or make it illegible?

A: No, at least not in Germany. This is stated in a document from German authorities (Question 9 in the following: https://www.bundesgesundheitsministerium.de/fileadmin/Dateien/3_Downloads/N/NAKI/NAKI_02-05_FAQ-NAKI-UG-3.pdf (Blacking out or making parts of the technical documentation unrecognizable, e.g. affecting the intellectual property of the OEM, is not permitted).

?Q: But what would be a solution to protect his knowledge while still fulfilling the requirements?

A: There is a solution if you will dive a bit deeper: The validation is part of the technical documentation (TD) as per EU 2017/745 (MDR) annex II. This TD serves as evidence, that the general safety and performance requirements (GSPR) from annex I are fulfilled. Regarding process validation, the manufacturer must therefore verify that the supplier did validation and that the validation was done as per state-of-the-art, i.e., ISO 13485:2016 and/or GHTF guideline for process validation (GHTF/SG3/N99-10:2004). This includes verification that IQ, OQ and PQ was conducted including, for example, correct product acceptance criteria, correct materials, justified and sufficient statistical sampling plans, and the challenging of process limits. While product acceptance criteria, materials, and sampling plans are surely not a secret of the supplier but requirements of the manufacturer, the supplier may still want to protect his process limits. This actually means, that his validation package may document the limits in percentage (for example lower process limit 80%, upper limit 120% in OQ and nominal setting 100% in PQ) instead of the real settings in mm, sec or °C. Doing this, the manufacturer will find evidence that OQ and PQ were conducted as required and the supplier would not have to communicate the real value of process parameter!

Q: What if my supplier will just reject doing IQ, OQ, PQ?

A: Changing supplier is an option but usually the least possible. Once you understood the reason(s) beyond his rejection you may know the way out. Is it a lack of money, knowledge or time? If there is a lack of money, you’ll have to reconsider the pricing. If it is a lack of knowledge, you may be able to train him. Once he understood process validation, he may understand the real value behind IQ, OQ and PQ and he may even be able to use the new knowledge for other customers too (win-win).

If it is a lack of time, you may just decide to do his validation partially without him: An IQ at the supplier can be done by asking the supplier for information (take the phone and ask him about basic IQ elements like calibration, maintenance, software) and using the own templates to document “his” IQ. The PQ at a supplier is simple. PQ is nominal production, i.e., you may just test his first batches (initial runs) to show that he is able to produce product under anticipated conditions. For sure you must plan and document such PQ, but this is not an issue for you. The one thing remaining would be OQ. There, you must tell him to produce products at upper and lower settings. You will write the plan, he will produce, you will test (or he if you are not able to) and you will report the results. For sure not easy, but it should be possible to achieve such OQ with the suppler.

?Q: Is there any other option?

A: No, unless you or he will verify his products fully, i.e., 100%.

?If you are interested in training or more information…feel free to contact me anytime! Trainings are available including practical workshops via TüV SüD Akademie.

Michael Dorn

Senior Process Engineer bei Institut Straumann AG

3 年

Hi Michael, I agree fully with your statements.

Gert S?rensen

Owner/Auditor at Quality-Audit

3 年

I have a feeling that most NBs will have a field day with this one : While product acceptance criteria, materials, and sampling plans are surely not a secret of the supplier but requirements of the manufacturer, the supplier may still want to protect his process limits. This actually means, that his validation package may document the limits in percentage (for example lower process limit 80%, upper limit 120% in OQ and nominal setting 100% in PQ) instead of the real settings in mm, sec or °C. I for one would be sharpening my pencil, and start issuing NCs??

回复
Dr. Thomas Ertl

Experienced COO and Member of Global Executive Boards | Strategy | Internal Advisor for Non-Executive Boards | Transformation | Digitalization | Corporate Governance | Member of SwissBoardForum | MedTech

3 年

Hi Michael, long time not heard from you. is Your post caught my attention, since we are actually discussing exactly this topic in my team. very helpull. best regards Thomas

要查看或添加评论,请登录

Michael Schaefer的更多文章

  • Conducting a meaningful audit

    Conducting a meaningful audit

    Did you ever wonder why your QMS will be evaluated by one auditor as compliant and effective, while another auditor…

    2 条评论
  • Digging deep – SAR in the archive!

    Digging deep – SAR in the archive!

    Leo gave me a ring yesterday and he was totally enthusiastic. Do you remember him? Leo is a quality management…

  • Why ISO 17025 matters for medical device manufacturers!

    Why ISO 17025 matters for medical device manufacturers!

    Despite the fact that we all are overwhelmed with requirements from EU 2017/745 (MDR) we still should keep our eyes…

    6 条评论
  • Leo’s way to classify suppliers

    Leo’s way to classify suppliers

    Just recently I met Leo again. He is a Quality Manager and PRRC in medical device industry.

    3 条评论
  • FDA intends to apply ISO 13485 – “QSR” will become “QMSR”

    FDA intends to apply ISO 13485 – “QSR” will become “QMSR”

    The proposal for a revised 21CFR820 was published (https://www.federalregister.

    1 条评论
  • Validation of manual processes!

    Validation of manual processes!

    You may remember Leo, a highly motivated quality management representative in medical devices (for sure Leo does not…

    6 条评论
  • Time to simplify ISO 13485

    Time to simplify ISO 13485

    The more I am auditing and the more I am being audited my conviction is growing that ISO 13485 must be simplified…

    40 条评论
  • ISO 14971 – What if you are a supplier?

    ISO 14971 – What if you are a supplier?

    Safety risk management as per ISO 14971:2019 [1] aims to protect patients and users from harm caused by medical…

    24 条评论
  • Harms and severities - applying IMDRF and CTCAE

    Harms and severities - applying IMDRF and CTCAE

    Background Manufacturers sometimes struggle to determine adequate medical terms and to assign reasonable severity…

    1 条评论
  • MDR 2017/745 Date of Application 2021 – Consequences and opportunities

    MDR 2017/745 Date of Application 2021 – Consequences and opportunities

    Background Related to the ongoing outbreak of COVID-19 the date of application (DoA) of (EU) 2017/745 MDR is proposed…

    9 条评论

社区洞察

其他会员也浏览了