FDA Warning Letter: If a Company Finds Other Areas of Remediation, Should They Communicate Them to FDA?

You do not need to communicate other areas of remediation to the FDA immediately. For instance, if you have a nine month plan and a couple months into it you find an area that you need to correct and a couple months after you find another area that you will remediate that wasn’t part of an initial finding either, you do not have to communicate all of that back to the FDA.  But, in your final report or your final statement back to the FDA you may want to include that information. Including your own findings shows that you are doing your own due diligence and that you have your own internal controls in place.

USDM had a large client that had some 483s around some computer systems validation. Part of the plan was to investigate the root cause and within that was a plan to look at all of their automated systems and find out the levels of validation, if there was any validation. We found many systems the investigator didn’t look at that were not validated. We corrected the specific automated system in ERP as part of the investigation but in our final statement to the FDA we included that we addressed other areas where we found a lack of validation.

USDM Life Sciences has a combination of over 100 years in regulatory compliance, Quality Assurance, Quality Systems and auditing. USDM’s auditors in the Global Audits Practice Team perform audits on Pharmaceutical, Biotech and Medical Device companies in the US and abroad.

How Does UDI Traceability Work with the Distributor?

There isn't a requirement for full traceability like you will see in pharmaceuticals. There is a requirement for full identification through plan of use at the healthcare institutions. The distributors really don't have a traceability responsibility, they have a responsibility to ensure that only properly identified medical devices, as required by law, are continued through the supply chain.

There are specific requirements that manufacturers legislation mandates manufacturers be compliant by a certain date and those dates are already under way. For class 3 - September 2014, for class 2 and class 1 that are regulated by the sedation regulation - September 2015, with some extensions, but essentially 2015. The large remaining bulk of class 2 products - September 2016, and then the class 1 products - September 2018.

Those are the UDI Final Rule regulatory requirements. There are some exceptions for existing inventory and there are also some feature requirements for direct marking, but there isn't going to be a traceability process, such as you may see in pharmaceuticals. It will be a registration with the FDA and a identification consistent with UDI and then the ability to start adopting that as that flow starts in the healthcare institution. The legislation regulation is there, the UDI Final Rule with those dates rolling from September 2014. The product changes are on the label, the product effect is on the label, not in a transaction history or a pedigree type of traceability that's required on the pharmaceutical side.

USDM Life Sciences offers healthcare a comprehensive assessment, strategy and solutions to implement end to end traceability of pharmaceutical and medical devices from point of receipt through to the electronic health record.

Should Implantable Medical Device Manufacturers be Working on a Direct Marking Solution?

There is no regulatory requirement for direct marking the UDI on implantable devices.  However, for some implants, the DM UDI will provide a way of identifying a device at the point of implantation.  However, the inability to DM an implant is not an exception to the overarching requirement to provide the UDI at the point of implantation.
1. Individually labeled sterile implants
2. UDI tag – remains on the individual implant until use
3. Direct Part Marking (DPM) – 2D barcode etched on implant
4. Inventory control sheets – use sheets to map and recording sheets contain the DI in barcode and human readable lot number may be directly marked on implant (can be recorded or photographed)
5. Mobile application – to support field replenishment – ties specific implant’s UDI to each tray/caddy and guides replenish activities
USDM Life Sciences will help you assess, plan and execute the changes and enhancements necessary to meet UDI regulations. Our team of UDI experts will assess your products, the markets where they are sold and determine an implementation strategy for the changes that need to be made. USDM’s assessment methodology is extensive and includes the labels and packaging, the management of identification changes to each product, the changes to PLM, ERP, EPCIS and packaging systems, changes to printing, vision inspection and warehouse/inventory management systems and interfaces to the GUDID.

What’s the Process for Validating Mobile Applications and Devices?

A mobile device validation process should be included with your main system validation plan.  It can be treated like its own mini risk based system validation with inclusion of the integrations to the parent platform or master system, such as Salesforce.  Initially you perform an IQ on your hardware and software for the device using the specified operating system, hardware, and software application versions that you want to use.  It’s best to prevent users from upgrading to newer versions of the operating system, but that is not always feasible.  If you can’t prevent users from upgrading, you want your training policies and standard operating procedures (SOPs) to state that users are not permitted to upgrade to the newest version of operating system.  You also want to make sure you do testing for the integration to the master system.  You also need to consider whether data updates will be synced in real time automatically, offline manually, or a combination of both for situations when a network isn’t always available.

The USDM Life Sciences Cloud Team is the one you can trust when looking to move applications and business processes to the Cloud. Our team of cloud experts understand compliance, validation, implementation, mobile, data security, data migration, and system integration, and we ensure that leading cloud vendors meet and maintain compliance regulations around the globe.

How Far Back in the Supply Chain Does a Pharmaceutical Need to Be Traceable?

A pharmaceutical must have the ability to be traced back to the manufacturer.  For example, authorized distributors must have information on the TH (what is TH?) TH links the product back to the manufacturer.  If there is a change of ownership between the manufacturer and the authorized distributor, the manufacturer must appear on the TH.

USDM Life Sciences offers healthcare a comprehensive assessment, strategy and solutions to implement end to end traceability of pharmaceutical and medical devices from point of receipt through to the electronic health record.

Can You Rank Suppliers in Categories Other Than Critical or Noncritical?

In order to determine the rank of a supplier it is important to take the risk-based approach. The FDA really promotes that as well as what they call “the least burdensome process”. Whether it is supplier qualification, computer system validation, cleaning validation, or process validation it is essential to take that risk based approach. Evaluate the risk to the product, the risk to patient safety, and all the safety quality identity purity potency.
 For example, a supplier of glass vials you will use for the final packaging of your biologics product is a much greater risk than the supplier doing your pest control.  A risk-based approach will allow you to determine the risk classification. Ranking a supplier depends on its criticality to your particular function for product. You could rank them within critical or non-critical but then within each you could have various time frames as far as on site or desk audits are concerned.
 Any associated activities whether it is frequency of auditing, frequency of validation, or periodic review should be scaled appropriately based on the risk. We suggest listening to the webinar on incorporating risks into the audit process. We are considered to be a thought leader in the life science industry and we are very eager to share our information on webinars.
USDM Life Sciences has a combination of over 100 years in regulatory compliance, Quality Assurance, Quality Systems and auditing. USDM’s auditors in the Global Audits Practice Team perform audits on Pharmaceutical, Biotech and Medical Device companies in the US and abroad.

Is Data More Secure in the Cloud?

You’ve probably heard about people getting unauthorized access to a company’s data. If you have your own servers or use a third party data center, all your data resides in one place or cluster.  If a security breech happens and a hacker obtains access to your systems, they can usually get their hands on all of your data.  In the Cloud, your data is segmented into multiple servers around the country or even the world.  Gaining access to all your data in the Cloud is much more difficult than if it were stored in one system. This means that if a criminal gains access to your sensitive information in the Cloud, they would only get a small amount of data.

The USDM Life Sciences Cloud Team is the one you can trust when looking to move applications and business processes to the Cloud. Our team of cloud experts understand compliance, validation, implementation, mobile, data security, data migration, and system integration, and we ensure that leading cloud vendors meet and maintain compliance regulations around the globe.