Welcome to week 4 of MedTech Compliance Chronicles!
This week is a special one. Today’s post will be the first in a series about implementing an effective quality management system (QMS). There are many reasons beneficial to the organization to implement a QMS but in the medical device industry, in pretty much any developed country, having an effective QMS is also required by regulation. As this series is focused on US FDA compliance to begin with, the posts cover the requirements of Title 21 CFR Part 820 primarily but I will also cover equivalent sections of ISO 13485:2016 in each post for two reasons. The first reason being that ISO 13485:2016 is a recognized consensus standard by the US FDA and in the same manner in which compliance with a consensus standard can be used as evidence that your device is safe and effective, compliance with ISO 13485:2016 can be used as evidence your QMS is effective. The second reason is that eventually, once we have fully covered everything necessary to begin marketing your device in the USA, I plan to begin to cover international medical device regulations so having ISO 13485:2016 explained already will be helpful as to not have to revisit the QMS in as much detail as I will be over the next few posts.
Now for the question on everyone’s mind, what exactly is a quality management system? In short, a QMS is the system in place at your organization to ensure that organization is compliant with the requirements that are applicable to them. Processes of the QMS generally output objective evidence of compliance with requirements. You may be familiar with a couple of common terms such as “quality assurance” and “quality control.” Many wonder what the differences between these two terms are and even more seem to wonder what quality means in the making of a medical device. In today’s post, we will cover these most fundamental and defining characteristics of a QMS so that we have an understanding of what we are trying to achieve when we go into the QMS processes.
Quality Management
Quality management in the medical device industry, or any industry really, is an extremely broad concept applicable to many different types of organizations. With that said, let me narrow our scope to stay with the overall topic of this blog. The quality management system which will be described here is one which a domestic (to the United States) medical device manufacturer would implement in order to market their device on the US market for the first time.
The overall purpose of a QMS is to ensure the organization's compliance with applicable requirements. Again, quite a broad statement so let’s bring it into the real world. As a medical device manufacturer, you are bound to various requirements, in some cases by law. You, whether you knew it or not, developed at least some of these requirements when you made your device, the design outputs (hopefully you’ve formally documented them). Other sources of requirements can include national or international consensus standards that you claim conformity to and must include the regulatory requirements of any market you wish to sell your device in. Common regulatory requirements include establishment and device registrations, labeling requirements and post-market surveillance.
Now that you have an idea of what types of requirements your organization might be held to, let's get into how your QMS will help you ensure you are meeting them
Quality Assurance
The first of the two divisions of quality management, quality assurance, is the up-front, proactive portion of quality management. In quality assurance you are making sure that your device will meet the requirements applicable to it. This includes determining which requirements are applicable and then determining how your organization will meet them.
Quality Assurance activities generally happen towards the beginning of a device’s lifecycle but also happen throughout an organization’s history. They include quality planning which you might be doing right now, where you seek out knowledge of which requirements are applicable to your device. Your search should cover Title 21 CFR Chapter I Subchapter H, which includes all US medical device regulations, the FDA’s website is full of useful guidance documents. Determining your device’s class is 1) a quality planning activity you have already done if you’ve been following the blog and 2) will help narrow the regulations you need to search through significantly. Even if consensus standards are not listed for your device on FDA’s website, it is always helpful to search ISO and IEC respective website’s for relevant standards for your device type or operations you perform. Non-device specific quality planning would be things like writing validation protocols for equipment validation, establishing a preventive maintenance program and developing a cleanroom monitoring plan.
The next set of quality assurance activities determine how you will meet the requirements. These are things like design verification and validation, determining critical to quality characteristics, risk management and determining what, where and how to inspect the product throughout production. You are taking the generalized requirements from whichever source and figuring out how your organization will meet it, i.e. determining what you will actually do that will make you ‘in conformity’ with this requirement. This leads to another important quality assurance activity, which is the development of some type of system to record that you have done these activities to provide as evidence when audit time comes around.
That concludes our introduction to quality assurance. Next we will examine the other half of the quality world, quality control.
Quality Control
Quality control is sometimes called the reactive portion of quality. I do not personally like that description because it can sound like you wait until an issue happens until you perform quality control activities. Rather, quality control activities are aimed at early detection of issues related to quality so that they may be corrected before nonconforming product leaves the facility. Quality control also encompasses the activities you will perform if and when nonconforming product does happen to leave the facility, or even reach the end user.
The day-to-day of quality control will be your inspections (receiving, in-process, final), nonconforming product quarantine, root cause investigations etc. These processes will generate data which will feed into other QC activities like statistical process control and trending data to detect arising issues.
The thing to remember about quality control is that these are the activities you perform to check or verify that you are meeting requirements and, if you are not, how you will correct the issue. Being audited, in fact, is a good comprehensive example of a QC activity.
Conclusion
In this brief overview of quality management I have tried to introduce the high level concept of what quality management is, its various aspects and their purposes and a little bit of real world examples of what it all means. I hope this was a good introduction to the concept. The following posts will begin to go in-depth into each individual aspect of a QMS.
Comments