Preparing for an FDA Medical Device GMP Audit.

In order to place a medical device onto the US market, there is a requirement to demonstrate compliance with current Good Manufacturing Practice. This requirement is detailed in the US FDA QSR’s – Quality System Regulation 21 CFR part 820.  Proof of compliance will require audit by the FDA of the design, development and manufacturing process applied to the medical device, it will require demonstration of the existence of an effective quality management system in addition to efficient customer experience feedback processes.

FDA Medical Device

FDA Medical Device Validation, Regulation, Classification, etc. … Information and training presentation. Details >>>

Development of an Internal Audit program:

The first step in preparing for an FDA audit is to ensure an understanding of the various GMP requirements which the FDA may inspect during the audit. The creation of a top level check-list of key requirements is often a good first step. Once satisfied at an overview level that the key requirements are in place, then a rigorous internal audit process needs to be established.  The purpose of the internal audits will be to enquire in detail as to the effectiveness and compliance levels across the organization versus the FDA regulations. An audit schedule needs to be created, which identifies all the QSR requirements and the dates of the planned audits. The audits need to be performed by individuals fully competent in the FDA requirements.


Corrective and Preventative Action (CAPA).

The internal audits will start to identify deficiencies (or non-conformances) versus the FDA regulatory requirements. These non-conformances will need to be categorized into critical, major or minor. An example of a critical non-conformance may be where a key regulatory requirement is not being adhered to, for example, the customer complaints system may not be in place or operating effectively. A minor non-conformance on the other hand may relate to procedural in-accuracies. The corrective and preventative action process will need to prioritize and track to closure all identified non-conformances.


Compliance status versus the QSR’s.

The internal audit and CAPA processes should in themselves be sufficient to provide a clear indication of the compliance of the quality management system to the FDA regulatory requirements. It is often good practice to introduce “third party” auditors into the internal audit program, as internal auditors from within the business itself may be too close to “day-to-day” operations to see potential shortcomings. In large organizations third party auditors may come from corporate head-quarters, in smaller organizations, it may require the use of an external consultant auditor. What-ever approach is taken, the “new set of eyes” can often identify shortcomings in compliance with a forthcoming FDA audit.

Medical Device Validation, cGMP requirements, Documentation, DMR’s, etc., …


FDA auditor “meet and greet”, auditor room planning, etc.

A procedure should be agreed in advance detailing the process to be followed once an FDA audit is announced, the steps involved on the morning of the audit, who is to meet the auditor, where he/she will reside during the audit, the policy towards handing over copies of potentially confidential information, etc..

It is important that on the day of an audit, the FDA auditor is given the clear impression of an organization “in control”. The person on “reception” needs to be clearly briefed with respect to the need to request identification from the auditor, the need for the auditor to “sign-in”, the need to contact the appropriate person, be that the Quality Manager, Facility Manager, etc.. The FDA auditor will then be taken to an appropriate audit room, where he/she can comfortably and confidentially perform their audit duties during the course of the FDA facility inspection. Where documents are provided to the auditor, copies should be made and retained for future reference. Employees who will be talking to the auditor should be informed about the need to answer questions accurately, but not to elaborate beyond the questions asked, not to provide opinions and not to guess answers.


Audit closure.

At the end of the audit, the FDA auditor may issue a list of findings on form F483. Any findings need to be clearly understood and the process for follow-up agreed.


What is Risk Management >>>
FDA 21 CFR Part 11 compliance >>>
FDA Validation requirements for Medical Devices >>>
Medical Device Apps and FDA requirements >>>
Electronic signature requirements in Medical Device manufacturing >>>
Australian regulatory requirements for Medical Device Manufacturing >>>
Classification of Medical Devices under the EU Directives >>>
Medical Device Design Control >>>
GMP Training >>>
Quality System Documentation in a digital era >>>
Validation Master Plan >>>
Quality Management Plan >>>
Quality Assurance and Quality Control >>>
Supplier Quality Assurance Planning >>>
Operational Risk Management >>>
Hazop Analysis >>>
Lean Business Model >>>