Konformitätsbewertung 3.9 B 17. Guidance for Notified Bodies auditing suppliers to medical device manufacturers



Similar documents
NBOG s Best Practice Guide

Frequently Asked Questions. Unannounced audits for manufacturers of CE-marked medical devices. 720 DM a Rev /10/02

FINAL DOCUMENT. Title: Quality Management System Medical Devices Guidance on the Control of Products and Services Obtained from Suppliers

Reporting Changes to your Notified Body

Guidance for manufacturers and Notified Bodies on reporting of Design Changes and Changes of the Quality System

FINAL DOCUMENT. Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 1: General Requirements

FINE LOGISTICS. Quality Manual. Document No.: Revision: A

NOTICE. Re: GD210: ISO 13485:2003 Quality Management System Audits Performed by Health Canada Recognized Registrars

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents

23. The quality management system

ISO 9001 Quality Systems Manual

PUBLICATIONS. Introduction

GUIDELINES ON MEDICAL DEVICES

ISO 9000 Introduction and Support Package: Guidance on the Documentation Requirements of ISO 9001:2008

ISO 13485:201x What is in the new standard?

Guide for Custom-Made Dental Device Manufacturers on Compliance with European Communities (Medical Devices) Regulations, 1994

Vigilant Security Services UK Ltd Quality Manual

This is Document Schedule 5 Part 1 referred to in this Contract SCOTTISH MINISTERS REQUIREMENTS SCHEDULE 5 PART 1 QUALITY MANAGEMENT SYSTEM

CENTRIS CONSULTING. Quality Control Manual

ISO 9001 (2000) QUALITY MANAGEMENT SYSTEM ASSESSMENT REPORT SUPPLIER/ SUBCONTRACTOR

Medical Devices. Notified Bodies and the CE certification Process for Medical Devices. European Surgical Robotics Demonstration Day

MP Plumbing & Heating Ltd Quality Policy Manual THE QUALITY POLICY STATEMENT OF:

New Guidelines on Good Distribution Practice of Medicinal Products for Human Use (2013/C 68/01)

PLM: Privat Label Manufacturer (Customer of the OEM-PLM relation) OEM: Original Equipment Manufacturer (Supplier of the OEM-PLM relation)

ONTIC UK SUPPLIER QUALITY SURVEY

Revision Date Author Description of change Jun13 Mark Benton Removed Admin. Manager from approval

Conformity assessment certification

ALL PRODUCTS MFG & SUPPLY

ISO 9001:2008 Audit Checklist

Technical Manufacturing Corporation (TMC) Quality Manual

The Prophotonix (UK) Ltd Quality manual

ISO 9001:2015 Overview of the Revised International Standard

Micro Plastics, Inc. Quality Manual

ISO 9001:2008 Quality Systems Manual

Quality Manual. UK Wide Security Solutions Ltd. 1 QM-001 Quality Manual Issue 1. January 1, 2011

14620 Henry Road Houston, Texas PH: FX: WEB: QUALITY MANUAL

BSI Unannounced Audits

QUALITY MANAGEMENT SYSTEM (QMS) ASSESSMENT CHECKLIST

Mossfiel Electrical & Safety Management Pty Ltd

QUALITY MANUAL ISO Quality Management System

ISO 9001 : 2000 Quality Management Systems Requirements

INTEGRATED MANAGEMENT SYSTEM MANUAL IMS. Based on ISO 9001:2008 and ISO 14001:2004 Standards

CCD MARINE LTD QUALITY MANUAL PROCEDURE Q Date: Title. Revision: QUALITY MANUAL PROCEDURE Q September 2014

ISO 9001:2000 AUDIT CHECKLIST

ISO 9001:2008 QUALITY MANUAL. Revision B

PROPOSED DOCUMENT. Quality management system Medical devices Nonconformity Grading System for Regulatory Purposes and Information Ex-change

QUALITY OPERATING PROCEDURE QOP QUALITY ASSURANCE SYSTEM MANUAL

Comparison ISO/TS (1999) to VDA 6.1 (1998)

Quality Management System Manual

Want to know more about the Notified Body?

QUALITY MANUAL 3 KENDRICK ROAD WAREHAM, MA FAX

GUIDANCE NOTE FOR MANUFACTURERS OF CUSTOM-MADE MEDICAL DEVICES

BLOOM AND WAKE (ELECTRICAL CONTRACTORS) LIMITED QUALITY ASSURANCE MANUAL

Cartel Electronics. AS 9100 Quality Systems Manual

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

Company Quality Manual Document No. QM Rev 0. 0 John Rickey Initial Release. Controlled Copy Stamp. authorized signature

Manual for ITC's clients, Conformity assessment of ACTIVE IMPLANTABLE MEDICAL DEVICES pursuant to Council Directive 90/385/EEC

Camar Aircraft Products Co. QUALITY MANUAL Revision D

QUALITY MANAGEMENT SYSTEM Corporate

AVNET Logistics & EM Americas. Quality Manual

G & R Labs. Quality Assurance Manual. G&R Labs Scott Boulevard Santa Clara CA Light Meters and Calibration

FMC Technologies Measurement Solutions Inc.

Eagle Machining, Inc. Quality Management System

Row Manufacturing Inc. Quality Manual ISO 9001:2008

QUALITY ASSURANCE MANUAL JPM OF MISSISSIPPI, INC.

Schweppes Australia Head Office Level 5, 111 Cecil Street South Melbourne Victoria

Specialties Manufacturing. Talladega Castings & Machine Co., Inc. ISO 9001:2008. Quality Manual

PHARMACEUTICAL QUALITY SYSTEM Q10

INTEROPERABILITY UNIT

QUALITY MANAGEMENT SYSTEM

Uncontrolled Document

Update: Proposed Medical Device Regulation (MDR) & IVD Regulation (IVDR)

D. MCLAUGHLIN & SONS LTD QUALITY MANUAL

Rockwell Automation Quality Management System

General Rules for the Certification of Management Systems Code: RG

Guidance on the In Vitro Diagnostic Medical Devices Directive 98/79/EC

Standard Practice for Quality Control Systems for Nondestructive Testing Agencies 1

Quality Manual ALABAMA RESEARCH & DEVELOPMENT. This Quality Manual complies with the Requirements of ISO 9001:2008.

QUALITY MANAGEMENT SYSTEM MANUAL

Quality Management System MANUAL. SDIX, LLC Headquarters: 111 Pencader Drive Newark, Delaware 19702

General Rules for the certification of Management Systems

Quality Management System MANUAL. SDIX, LLC Headquarters: 111 Pencader Drive Newark, Delaware 19702

ISO 9001:2008 Quality Management System Requirements (Third Revision)

ISO 9001:2000 Gap Analysis Checklist

Guideline on good pharmacovigilance practices (GVP)

JSP 886 THE DEFENCE LOGISTIC SUPPORT CHAIN MANUAL VOLUME 7 INTEGRATED LOGISTICS SUPPORT PART 8.11 QUALITY MANAGEMENT

AS9100 Quality Manual

Understanding Principles and Concepts of Quality, Safety and Environmental Management System Graham Caddies

Benchmark OHS Consulting Pty Ltd Self Assessment WHS Audit Tool

Mapping of outsourcing requirements

Quality Management System General

Network Certification Body

AS 9100 Rev C Quality Management System Manual. B&A Engineering Systems, Inc Business Park Drive, Suite A-1 Costa Mesa, CA 92626

Quality Management System

UNDERSTANDING THE EC DIRECTIVE 98/79/EC ON IN VITRO DIAGNOSTIC MEDICAL DEVICES

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

Quality Management System Manual

Transcription:

Antworten und Beschlüsse des EK-Med Konformitätsbewertung 3.9 B 17 Guidance for Notified Bodies auditing suppliers to medical device manufacturers Herkunft Notified Body Operations Group Quellen NBOG BPG 2010-1 Bezug Schlüsselwörter Richtlinie 93/42/EWG, Richtlinie 90/385/EWG, Richtlinie 98/79/EG Auditierung, Benannte Stelle, kritischer Lieferant, Lieferant, Unterauftragnehmer Stand April 2010; ersetzt die Fassung vom Januar 2007 Zentralstelle der Länder für Gesundheitsschutz bei Arzneimitteln und Medizinprodukten Sebastianstraße 189 53115 Bonn Germany Telefon +49 228 97794-0 Fax +49 228 97794-44 E-Mail zlg@zlg.nrw.de Website www.zlg.de 309-0410.B17 ZLG 1/8

NBOG s Best Practice Guide applicable for AIMD, MDD, and IVDD 2010-1 Guidance for Notified Bodies auditing suppliers to medical device manufacturers 1 Introduction This document gives guidance to Notified Bodies on auditing of a manufacturer s purchasing controls, including when and to what extent audits of suppliers are necessary. It also serves as guidance to Designating Authorities assessing such Notified Body activities. The manufacturer that is ultimately responsible for the device also has full responsibility for each element of the quality management system (QMS). The manufacturer cannot relinquish (contractually or otherwise) the responsibility of any or all functions within the quality management system relating to a particular device. This includes elements such as customer complaints handling and vigilance. In effect, this means that the responsibility for complying with the QMS requirements cannot be delegated to any supplier of a product, and/or a service. 2 Definitions 2.1 Supplier Organisation or person that provides a product, a service or information, and which is outside of the QMS of the manufacturer [1]. Examples of supplier: Producer, distributor, retailer or vendor of a product, or provider of a service or information For the purpose of this document, the product supplied may be a process, e.g. a supplier may provide a sterilisation process. Note 1: For the purpose of this document, Note 1 of EN ISO 9000 3.3.6 does not apply Note 2: The term supplier may refer to a contractor or subcontractor. For the purposes of the document the terms are regarded as synonymous. 2.2 Critical supplier A critical supplier is a supplier delivering materials, components, or services that may influence the safety and performance of the device [2]. Note: In the context of the audit of medical device manufacturers, a critical supplier is a supplier of a product or service, the failure of which to meet specified requirements could cause unreasonable risk to the patient, clinician or others, or could cause a significant degradation in performance. This can include suppliers of services, which are needed for compliance with QMS or regulatory requirements, e.g. internal audit contractors or Authorised Representatives. 309-0410.B17 ZLG 2/8

3 Legislative Basis for the requirements for suppliers Quality assurance systems Approvals of quality systems according to Annex II, V or VI of Directive 93/42/EEC, Annex 2 or 5 of Directive 90/385/EEC or Annex IV or VII of Directive 98/79/EC may only be issued if the Notified Body has verified and documented, i.e. evidence has been provided, that the quality system is able to ensure that the products conform to the provision of these Directives, which apply to them at every stage, from design to final inspection. The Notified Body shall include in its assessment all of the steps in the design and/or manufacture during product realisation of a medical device that are conducted by suppliers. This includes the provision of raw materials, components and services. Annex II Section 3.2 (b) of Directive 93/42/EEC states where the design, manufacture and/or final inspection and testing of the products, or elements thereof, is carried out by a third party, the methods of monitoring the efficient operation of the quality system and in particular the type and extent of control applied to the third party must be included in the manufacturer s application for assessment to the Notified Body. Suppliers are examples of a third party. The Directives, e.g. Directive 93/42/EEC Annex II Section 3.3, state The assessment team must include at least one member with past experience of assessments of the technology concerned. The assessment procedure must include an assessment, on a representative basis, of the documentation of the design of the product(s) concerned, an inspection on the manufacturer's premises and, in duly substantiated cases, on the premises of the manufacturer's suppliers to inspect the manufacturing processes. The Notified Body therefore has to audit the activities and/or premises of suppliers linked to the specific medical devices (for further guidance please refer to section 5 of this document). However, in the conformity assessment procedure the Notified Body should consider the results of tests, assessments and audits, which have already been conducted for the relevant products. 4 Audit of the purchasing system of the manufacturer The manufacturer should establish and maintain documented procedures and records to ensure that products or services purchased from their suppliers meet the relevant regulatory requirements. Purchasing controls will be first assessed by the Notified Body at the premises of the manufacturer. Hereby, the Notified Body normally should use section 7.4 of EN ISO 13485 [3] and applicable guidance from the GHTF [4, 6] (extract from document N30 [4] is reproduced below). N30 7.6 Purchasing Controls Subsystem The Purchasing Controls subsystem should be considered a main subsystem for those manufacturers who outsource essential activities such as design and development and/or production to one or more suppliers. Objective: The purpose of auditing the purchasing control subsystem is to verify that the manufacturer s processes ensure that products, components, materials and services provided by suppliers, (including contractors and consultants) are in conformity. This is particularly important when the finished product or service cannot be verified by inspection (e.g. sterilisation services). Major Steps: The following major steps serve as a guide in the audit of the Purchasing controls Subsystem. [The examples listed below of objective evidence were drawn from the flow chart in GHTF SG3 N17 Guidance on the control of products and services obtained from suppliers [5] (see Appendix 1)]: 309-0410.B17 ZLG 3/8

1. Verify that procedures for conducting supplier evaluations have been established. (ISO 13485:2003: 7.4.1) Documented process/product controls for manufacturer and supplier Supplier Management Procedures 2. Verify that the manufacturer evaluates and maintains effective controls over suppliers, so that specified requirements are met. (ISO 13485:2003: 7.4.1) Supplier selection criteria & decision rationale Competency of the selector of the supplier Supplier agreements (see Appendix 2 for details) Change Management Methodology and Records 3. Verify that the manufacturer assures the adequacy of specifications for products and services that suppliers are to provide, and defines risk management responsibilities and any necessary risk control measures. (ISO 13485:2003: 7.4.2) Specifications, requirements, procedures & work instructions Documented list of the risks identified for the products and services supplied, and linkage to design and planning Quality Requirements documented Capability assessment of the supplier Contracts, Purchase Orders 4. Verify that records of supplier evaluations are maintained. (ISO 13485:2003: 7.4.1) Audits Reports (1st, 2nd, & 3rd Party) Correspondence (Supplier File; e.g. Change control, audits, CAPAs) Minutes of Meetings with Supplier CAPA relating to products and services supplied Verification of incoming products 5. Determine that the verification of purchased products and services is adequate. (ISO 13485:2003: 7.4.3) Acceptance procedures for incoming products Specifications & Procedures Documented process/product controls for manufacturer and supplier Evaluate the Purchasing Controls subsystem for adequacy based on findings. 5 Criteria for audit of a supplier s premises The Notified Body auditors should determine and document the need to audit at a supplier s premises depending on: the outcome of the audit of the manufacturer s purchasing process (as outlined in Appendix 1) and other processes, described above. The Notified Body should have predefined decision criteria, which they use to decide, based on audit outcome if an audit of a particular supplier is required. Information derived from the audit may include: information of the product realisation processes, including data from incoming acceptance activities and production controls whether the manufacturer performs an inspection on the product or service supplied whether faults in the product supplied can be detected at some later stage in production 309-0410.B17 ZLG 4/8

whether the history/data relating to suppliers is sufficient whether there is third party certification of suppliers and whether this certification alone is adequate the criticality of the item or process being purchased, i.e. the effect the purchased product/service might have on the subsequent product realisation or the final product (GHTF SG3 N17/2008 [5], section 3.3.1). Critical items or processes may include: Finished products Primary packaging Sterilisation Contract laboratories (e.g. biocompatibility) Services (Design, Distribution, Regulatory Compliance etc.) Labeling Other similar cases where the conformity of the finished medical device is significantly influenced by the activity of the supplier and the manufacturer cannot demonstrate sufficient control over the supplier via purchasing controls and incoming acceptance activities Note: It is the responsibility of the manufacturer to determine which are critical items or processes and how their purchase is controlled. This depends on the manufacturer s risk management activity. However, the auditing organisation may decide to visit suppliers deemed by the manufacturer to be non-critical. In response to post market information Field Safety Corrective actions impacting on the supplier s processes or products Complaints relating to the supplier s processes or products Post-market information, e.g. clinical investigations, public information etc., relating to the supplier s processes or products In principle, premises of critical suppliers should be audited. In cases where the manufacturer is not able to give satisfactory evidence to the Notified Body that purchase of critical products or services meet the specified requirements (e.g. relying solely on the supplier s certification to EN ISO 9001 or EN ISO 13485), the Notified Body needs to audit the control of processes on the premises of the manufacturer's suppliers (e.g. sterilisation suppliers). The Notified Body has to audit each of these suppliers unless there is enough evidence provided by the manufacturer demonstrating that sufficient controls have been established and implemented. 6 Audit at supplier premises The objective of an audit at a supplier s premises is to: verify manufacturer s supplier control is effective to ensure the purchased product or service conforms to the specified requirements assess the supplier s ability to provide a product or service that consistently meets specified manufacturer requirements including quality requirements An audit at a supplier should be carried out as part of the audit of the manufacturer s purchasing activity. It should not take the place of a Second Party 1 audit carried out on behalf of the manufacturer. 1 According to EN ISO 17000 Conformity assessment Vocabulary and general principles, clause 2.3 309-0410.B17 ZLG 5/8

An audit at a supplier assesses the implementation of the requirements placed upon the supplier by the manufacturer as documented in the agreement between the two parties. The adequacy of this agreement, including its scope, should be assessed as part of the audit of the manufacturer. Although EN ISO 13485 or an annex of the relevant directive may be used to assist in the assessment of the suitability and implementation of the agreement, the audit of a supplier does not necessarily assess the supplier against the whole of EN ISO 13485 or an annex of the relevant directive. Any nonconformity identified in the supplier audit will normally be documented as a nonconformity against the manufacturer. 7 Reporting Audits at supplier s premises need to be adequately documented. This can be done either in the audit report of the manufacturer s quality system or in separate report(s). If a separate report is written, the Notified Body should make clear the reason for the audit of the particular supplier and should address the audit report to the manufacturer and not to the supplier. It is the manufacturer s responsibility to discuss the reported findings of the NB audit with the supplier and to follow up on any nonconformity raised. However, if agreed by all parties, the results of the audit at the supplier may also be made available to the supplier for information. The Notified Body s rationale for auditing a particular supplier should be documented either in the audit report or in a separate document generated as part of the preparation for the audit. References Sources Directive 93/42/EEC*, Directive 90/385/EEC*, Directive 98/79/EC*, *as amended [1] EN ISO 9000 : 2005 Quality management systems Fundamentals and vocabulary, Clause 3.3.6 [2] GHTF SG4/N33R16 : 2007: Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 3: Regulatory Audit Reports [3] EN ISO 13485 : 2003 + AC : 2009 Medical devices Quality management systems Requirements for regulatory purposes [4] GHTF SG4/N30R20 : 2006 Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 2: Regulatory Auditing Strategy [5] GHTF SG3/N17/2008 Quality management system Medical devices Guidance on the control of products and services obtained from suppliers [6] GHTF SG4(WD)N84R12 : 2009 Guidelines for Regulatory Auditing of Quality Management Systems of Medical Device Manufacturers Part 5: Audits of manufacturer control of suppliers Keywords auditing, critical supplier, Notified Body, supplier, subcontractor Date of issue March 2010 309-0410.B17 ZLG 6/8

Appendix 1 PHASES 3.1 Planning Describe what is to be obtained (1) Identify technical and process Information (2) Identify controls (5) ACTIVITIES Identify potential suppliers(s) (3) Identify risk(s) (4) EXAMPLES OF OBJECTIVE EVIDENCE (1) Identification of product and services (2)(1) Specifications Identification, part of product requirements, and services procedures, (2) Specifications, work instructions part requirements, (3) procedures, Name and contact work instructions information of potential suppliers (3) Name and contact information of potential (4) suppliers Documented list of the risks identified (5)(4) Documented process/product list of the risks controls identified for manufacturer (5) Documented and supplier process/product controls for manufacturer and supplier 3.2 Selection of Potential Supplier(s) Investigate business capability of supplier(s) Select potential supplier(s) (7) Investigate operational capability of supplier(s) (6) (6) Technological and operational capabilities, logistics, (6) Technological quality, technical and operational risks capabilities, logistics, quality, technical risks (7) Selection criteria for potential suppliers, decision (7) Selection rationale criteria for potential suppliers, decision rationale 3.3 Supplier Evaluation and Acceptance No Single source and/or process improvement? Yes Planning for evaluation and selection criteria (8) Communicate with potential supplier(s) (9) Evaluate supplier (s) ability to fulfill specified requirements (10) (8) Documented evaluation and selection criteria (9)(8) Documented initial evaluation agreement(s) and selection criteria (10) (9) Documents Documented and initial records agreement(s) (11) (10) Documented Documents decision and records and rationale (11) Documented decision and rationale No Supplier acceptable? (11) Yes 3.4 Finalization of Controls and Responsibilities Establish: Purchasing Information (12) Controls (Acceptance Activities, Verifications, etc.) (13, 14, 15) (12) Contracts, purchase orders, etc. (13) (12) Acceptance Contracts, procedures; purchase orders, purchasing etc. requirements (13) Acceptance procedures; purchasing (14) requirements Specifications and requirements (15) (14) Records Specifications of review and and requirements acceptance (15) Records of review and acceptance *Product realization & related processes 3.5 Delivery, Measurement, and Monitoring Problems identified Conduct correction (20) Receive product/service Carry out acceptance activities Conduct measurement and monitoring Analyze data (16) Receiving records (17) (16) Inspection Receiving records (18) (17) Acceptance Inspection records (19) (18) Records Acceptance of results records of any analysis of data (20) (19) Records of any of results corrections of any analysis of data (20) Records of any corrections Additional action required? Yes No (16, 17, 18, 19) Periodic re-evaluation of supplier * This box delineates activities that can identify problems with the supplied product/ services as well as supplier problems associated with adherence to the supplier arrangements. 3.6 Feedback & Communication Feedback and communication (21) Corrective Action and Preventive Action process (22) (Re-evaluation of supplier) (21) Manufacturer and/or supplier correspondence (21) Manufacturer and/or supplier correspondence (22) Documentation and records of corrective and (22) preventive Documentation action process and records of corrective and preventive action process Note: The depicted activities in this figure are not meant to be strictly sequential. In certain cases they may also occur in parallel. Figure 1 (excerpt from GHTF SG3/N17/2008 Guidance on the control of products and services obtained from suppliers [5]) 309-0410.B17 ZLG 7/8

Appendix 2 Agreements with suppliers The medical device manufacturer must provide evidence of detailed agreements with their suppliers to the Notified Body. In these agreements, precise provisions must be made concerning conformity with all the requirements of the relevant Medical Device Directive and of any applicable national law, which the manufacturer cannot demonstrate themselves. The items below will be checked and assessed by the Notified Body: Scope of agreement(s) (devices/device groups concerned, activities) Procedures by which manufacturer maintains effective controls over all suppliers and subcontractors Period of agreement(s) validity and in the case where the validity has expired, relevant provisions to ensure the required post market activities are completed Detailed specifications for the devices/activities concerned Details of who is responsible for each piece of documentation (e.g. quality/production records, including language and retention periods, also in case of termination of the agreement(s)) Traceability of raw material/components Details of the process for, the documentation of, and the parties responsible for the design of the device should be reviewed and it should be ensured that the overall responsibility for the design of the device rests with the manufacturer Procedure by which changes to the device or supplied components or activities and/or the manufacturing process are initiated, released, implemented, documented and communicated between all the relevant parties e.g. manufacturer and subcontractor The right to access to the supplier technical documentation and records by the manufacturer, the Notified Body assessing the product and the relevant Competent Authority if required Procedures governing collaboration between supplier and manufacturer in the case of incidents/mandatory notifications/recalls Procedures and criteria for managing, communicating and following up on customer complaints, post-market issues and corrective and preventive actions between the relevant parties e.g. supplier/manufacturer, and procedures for assessment of the impact that any such issues, from any stage in the product realisation, have on the product Procedures governing access of manufacturer, Notified Body and Competent Authorities to the premises of supplier(s) if required Obligation to provide information to the manufacturer and Notified Body where there are changes to the status of the supplier certificates that affect the status of the device Where relevant, a responsibility matrix Full data relating to medicinal substances, human blood and plasma derivatives, and tissues of animal origin held by suppliers must be available to the manufacturer and the Notified Body 309-0410.B17 ZLG 8/8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information