To understand how enterprise software might look in action, consider this hypothetical situation.
Liz is a customer service representative at a major manufacturer of medical devices. She receives a complaint from a leading surgical hospital that frequently purchases the company’s devices. The complaint identifies the offending product as a “Laparoscope, 5 mm,” and reads, “Lens fogged while device was in use during surgery. Unit had to be swapped out for another in the middle of the procedure. The patient was not harmed.”
Liz signs into her compliance software to log the customer complaint. The software automatically assigns it to Dave, the customer service manager, for further action.
Dave is immediately advised of the complaint via e-mail. He logs into the software to fill out a return of materials authorization form so that the hospital can return the offending product. He then schedules a meeting with the postmarket surveillance team, which is composed of quality and service professionals from across the organization.
The team meets and decides on several action items for Dave. Dave first creates a nonconforming material record (NCMR) in the software to initiate a failure analysis. He then notifies the FDA about the problem by using the software to create an adverse event report, or a 3500a. He then creates a corrective action request (CAR) and assigns it to the CAR coordinator, Debra.
Debra automatically receives notification about the failure via e-mail. Because of the problem’s severity, she decides to assign it to herself. From the CAR, she immediately creates a meeting for that same day notifying the corrective action board (CAB) of the time and agenda, which is to investigate the failure, discuss containment strategies, determine its likely causes, and analyze the associated risk and determine a solution.
During the meeting, the CAB decides to open the product profile to determine whether there were previous complaints about similar problems. Having found several, they perform a risk assessment to analyze two potential problems for severity and risk: Improper O-ring material had been selected, and qualification testing failed to identify potential O-ring failure.
The team determines that the root cause is improper material selection. The engineer failed to follow the design guidelines for glass optics to metal seals. The CAB decides to perform destructive physical analysis of the returned part and review the material’s data sheet against the original design requirements.
They then use the software to perform an initial risk analysis, and decide that it is a very severe issue, because it indicates that design controls and qualification testing failed. The history (maintained and viewed in the software) does not indicate that material selection for O-rings are an ongoing issue, and this appears to be an unusual situation. However, this should have been caught during the qualification testing, indicating that the methods should be reviewed for flaws. They create dependent action item requests to review qualification requirements for O-rings in autoclaved devices, and to update the contractor work-control standard operating procedure (SOP).
During the meeting, the CAR coordinator documented the results of the risk analysis and created the action items online from the CAR with a priority rating of “high,” indicating that they should be completed within three days. The action items were created as dependent actions to prevent t he CAR from being closed until the action items were completed and approved. The software assures that this can’t happen. A follow-up meeting was also created from the CAR and scheduled for four days later. The software automatically notifies the assignees by e-mail of their responsibilities. They complete the actions in the allotted time and send the action items to Debra for approval.
During the subsequent meeting, the team performs follow-up risk analysis. They conclude that this selection error was because a contractor performed the design work. SOP-034 for contractor work controls is updated to add a senior in-house engineering peer review at the end of the process for all contract engineering activities.
An engineering change request (ECR) is generated and assigned to the supplier to change the design of the O-ring. Training on the new procedure is also scheduled for all relevant parties.
The qualification testing is updated to include a durometer test on the materials after the heat-and-steam stress test. This should identify any problems.
The results are documented in the CAR. An action item is created to update the postmarket surveillance study report that will eventually be sent to the FDA as part of the requirement for a postmarket surveillance study, and the CAR is sent for approval. An effectiveness review is selected for the CAR to be done in 60 days, at which time Debra will be notified.
The device master record is updated with the new device specification, and the device history record is updated with details of the NCMR and CAR-mandated changes to procedures.
During the effectiveness review, Debra determines that there have been no additional complaints about the foggy lens. The training has been completed, the ECR has been closed, and the postmarket surveillance study report has been updated. The problem has been resolved.
The language of the Food and Drug Administration’s Quality System Regulation advocates a “total systems approach” to quality management. This approach involves developing quality processes for all the phases of the product life cycle, from design through post-market evaluations, and continually performing these activities to achieve compliance and drive continuous improvement.
Without an electronic solution for FDA compliance, even the most conscientious companies struggle to achieve these objectives. Various teams throughout the product cycle, such as designers, shop floor employees, and post-market surveillance teams, do not pool their data, leading to disjointed processes and duplicated efforts. Activities such as risk assessments and corrective actions are performed using a combination of spreadsheets and manual methods. Reaction time to quality issues is slowed by communication hurdles. Making use of quality system software can help companies eliminate these problems by automating and integrating their entire compliance program.
The cornerstone of any quality system is effective document control. FDA regulations such as Title 21, Part 820 of the Code of Federal Regulations requires manufacturers of finished medical devices for human use to keep detailed documentation of the design and device histories of their products. This can result in hundreds of associated documents for one complex device, and thousands of documents for companies with diverse product offerings. If these companies store documentation in files on public servers, employees may unknowingly access outdated versions of documents, or make unauthorized revisions. Conversely, if companies do not make this documentation accessible to everyone, they make it difficult for employees to effectively utilize it during quality procedures.
Compliance management software makes it possible for companies to store data in accessible systems with multi- level security. In these kinds of systems, users can be categorized by a number of roles (e.g., system administrator, editor, reader) that determine what level of access they have to documentation. Documents can be categorized by a wide range of criteria, such as business unit, function, area, product, family, or document type, making it easy to search for and retrieve documentation. Most systems make it possible for users to access only the latest version of a document. Post-market surveillance teams can quickly gain access to design specifications when determining why a device failed, and quality managers can quickly pull up records requested by their auditors, giving them real-time visibility into quality processes.
Simplified change management is another major benefit of using compliance management software. Once serious problems are identified and turned into corrective action requests (CARs), they can be more quickly contained and resolved. CARs may initiate engineering change requests (ECRs) that initiate changes to specifications, manufacturing processes, and inspection plans. These changes may also require updating device master records, device history records, and other quality documents. Document change requests, reviews, and approvals can all be managed electronically with compliance management software. Automatic alarms and alerts remind users of impending deadlines. Automatic escalation messages to management advising them of missed deadlines ensure that changes move rapidly through the system. This fosters efficient handling of time-sensitive matters and quick reactions to quality issues. It also ensures that all relevant parties stay informed about the issues that are important to their job functions.
The difference between traditional document control systems and enterprise compliance management software is the ability to integrate effective document control with other quality processes, such as employee training. The FDA requires that medical device manufacturers and pharmaceutical companies give their employees adequate training in their job responsibilities, and in their roles in ensuring the quality of a company’s goods and services. In compliance software systems, users can create documentation for training requirements, job descriptions, qualification definitions, courses, work instructions, and many other criteria. System administrators can configure multiple levels of secure access, so that all employee records remain confidential. Many systems have capabilities for managing and tracking employee certifications, scheduling courses and training sessions, and monitoring employee performance. Approved changes to documentation can automatically update employee training records and simultaneously notify appropriate employees and managers of the need for retraining on these documents. Automating these processes makes it much easier to keep employee records updated, and is an important element in FDA compliance.
It is essential that FDA-regulated companies consistently perform internal audits. Audits are mandated by the FDA as a company’s best means of gauging the effectiveness of its processes. Compliance management software enables companies to continuously assess their systems, processes, suppliers, and risks.
For example, an original equipment manufacturer (OEM) may perform quarterly assessments of one of its suppliers to determine that the quality standards of its outsourcing partner remains on par. In an enterprise software product, the OEM’s auditors can outline their plan for the assessment, including the key criteria that they want to examine. They can then perform the supplier audit and use the system to log the results. Using previously configured workflows in the system, assessment findings can trigger a set of steps that will remain open in the system until they’re addressed. If the supplier is found to be deficient in one area, the system can launch corrective actions, preventive actions, or any appropriate follow-up response. This prompts employees to treat audit and assessment findings as actionable information, and use them to improve internal processes. Auditors appreciate it when manufacturers demonstrate sincere efforts to continuously improve their quality systems. Companies that perform internal audits and assessments on a regular basis generate fewer findings, finish audits quicker, and are better prepared for surprise audits.
Since medical devices and pharmaceuticals have such high potential risks for customers, it is critical for FDA-regulated companies to perform extensive risk analyses. Manufacturers should document all potential risks associated with products and processes from design through distribution. They can then use compliance software’s assessment capabilities to determine the significance of risks by measuring their severity and the likelihood that they will occur, and test a number of possible controls that will mitigate the effect of risks before selecting the appropriate actions. Software systems help users document these activities so that users can refer back to them later to determine the effectiveness of the actions that they took. Risks and controls can be reevaluated at any time in the product life cycle so that companies can improve risk management processes based on real-world criteria. This can prevent the occurrence of nonconformances and other quality problems down the line.
The FDA wants effective quality management to continue even after finished products have been shipped. Companies that collect and evaluate post-market data can apply this information to the continuous improvement of design, manufacturing, and other processes and procedures throughout the product life cycle. Many systems enable users to invite customer feedback through the creation and sending of surveys, and through logging and tracking complaints. Users can also input other post-market data such as postmarket surveillance surveys, nonconfor mance requests, and incident reports. They can then use the post-market data to launch appropriate actions within the system that engages the participation of employees across the enterprise.
For example, if a customer service representative logs a customer complaint, the system may prompt him or her to schedule a corrective action. This might necessitate the involvement of shop floor employees, to determine if there is a manufacturing problem, and of engineers, to determine if there is a design flaw. Because employees use the system to log all documentation for design, development, and procedures throughout the product life cycle, users have a vast repository of data that’s easy to access and review to determine root cause or causes. Once they have identified the root cause of a problem, they can outline the appropriate actions to resolve or mitigate it. These communication capabilities ensure that all relevant users receive the necessary information to perform their roles in the corrective action process according to predefined deadlines. Users can also be required to monitor and verify the effectiveness of their corrective actions after they have been closed, ensuring that they took the right steps in resolving product- and process-related issues.
These corrective and preventive action procedures can be launched not only from customer complaints, but from a range of sources, including nonconforming material records (NCMRs), supplier assessments, and internal audit findings. Companies can use these capabilities to perform real, proactive quality management. Companies can not only resolve specific issues more easily, but they can also apply lessons learned to design, manufacturing, distribution, and support. This permits ongoing correction of design and process flaws in a real-time manner at any time in the product life cycle.
Many companies strive toward the total systems approach to quality management, but use manual methods to address quality issues. As a result, they are hindered by disparate documentation and slow decision- making processes. This makes them more likely to be censured by FDA auditors and may eventually hurt the value of their businesses.
In an enterprise quality system, employees can share data across multiple departments and company sites in real time. They can trend these data to produce meaningful metrics and share them across departments and company sites. This fosters an in-depth analysis of processes, and better decision making by management. It means that employees can better evolve their product offerings to align with customer requirements and industry trends, while minimizing the inherent risks involved in making changes.
Dan Riordan is the vice president of product marketing for IBS America Inc. He joined the company 10 years ago, bringing more than 25 years of experience in the technology industry working with organizations to provide customers with innovative business solutions. Recently, he has been instrumental in leading IBS’s entrance into the medical device sector. For additional information on the technologies discussed in this article, visit IBS America Inc. at www.ibs-us.com.