May FDA Regulate Medical Devices As If They Were Drugs?

FDA’s position that it may regulate device as drugs is plainly not authorized under the FDCA. To the contrary, if a product is within the definition of a device, Congress has decreed that it must be regulated under the device authorities.  

— Read on

Interesting ideas here. The boundaries between a device and a drug are becoming more and more blurred, and frankly I am not sure if this is the right way to move forward, but this is good reading.

Evolved Expendable Launch Vehicle (EELV) Quality Management

We determined that ULA, SpaceX, and AR were not performing adequate quality assurance management for the EELV program as evidenced by the 181 nonconformities to the AS9100C at the EELV contractor production facilities. This inadequate quality assurance management could increase costs, delay launch schedules, and increase the risk of mission failure.

From ”

Evaluation of the Evolved Expendable Launch Vehicle Program Quality Management System DODIG-2018-045, Department of Defense Office of Inspector General

It is useful to read audit reports and inspection findings from multiple industries. From this we can see trends, make connections and learn.

I see a few things that stand out.

DOD findings

Risk Register

Our evaluation of the RIO database showed that 11 out of 26 risks related to either Atlas V or Delta IV launch vehicle were in “red” status, which indicates that risk mitigation was behind schedule.

It is not enough to identify risks (though that is a critical place to start). You just can’t track them (though again, if you don’t track it you don’t see it). You actually have to have clear plans to mitigate and eliminate the risks. And this is where the program seemed to fall short.

Not a surprise. I think a lot of companies are having these difficulties. In the pharma world the regulatory agencies have been signaling pretty strongly that this is an issue.

Make sure you identify risks, track them, and have plans that are actually carried out to remediate.

Configuration Management

SpaceX failed to comply with AS9100C, section 7.1.3, which requires it to “establish, implement, and maintain a configuration management process.” Configuration management is a controlled process to establish the baseline configuration of a product and any changes to that product. This process should occur during the entire life cycle of a product to provide visibility and control of its physical, functional, and performance attributes.

First rule of reading inspection reports: Things probably went bad if a section starts with standard review 101 material.

That said, hello change management my dear friend.

This was the gist of my ASQ WCQI workshop last May, every industry needs good change management and change control.

Material Management

ULA and AR failed to comply with AS9100C, section 8.3, which requires them to “ensure that product which does not conform to product requirements are identified and controlled to prevent its unintended use or delivery.”

At ULA, we found 18 expired limited-life material items that were between 32 and 992 days past their expiration dates, but available for use on EELV flight hardware. This material should have been impounded and dispositioned. The use of expired limited-life items, such as glues and bonding agents, could result in product that does not meet specifications and may require costly rework.

I find it hard to believe that these companies aren’t tracking inventory. If they are tracking inventory and have any sort of cycle count process then the mechanism exists to ensure expired material is removed from the possibility of use. And yet we still see these observations across the pharma industry as well.

Concluding Thoughts

Quality Management has it its core the same principles, no matter the industry. We use similar tools. Leverage the best practices out there. Read about stresses other companies are having, learn from them and remediate at your own organization.

India releases draft guideline on Good Distribution Practices (GDP)

The Indian regulatory authority CDSCO (Central Drugs Standard Control Organization) has published a 21-page draft on Good Distribution Practices (GDP) for pharmaceutical products.

The draft covers topics that are well aligned to other good distribution practices, and is aligned to the ICH framework.

It is good to see India moving ahead in adopting best practices. This is a huge market, a growing source of production and it will be a huge center of innovation in the near future. It is important for CDSCO to continue to push forward in a better regulatory regime and to tighten their quality practices.

The guidance contains some of my favorite themes of GDP (and other pharma) practices, including::

  • Each company must hold one person responsible for ensuring a quality system is implemented and maintained.
  • All distributors of pharmaceutical products have to establish and maintain a quality system supported by a documented quality system.
  • Senior management has to ensure that all parts of the quality system are adequately resourced with competent personnel and suitable and sufficient premises, equipment and facilities.

The responsible person/quality person model is one of the more problematic aspects of our field. Yes, there is someone who is responsible for quality, its called the officers of the company. But this idea that one person sits on the top of the pyramid and makes ALL the best decisions is a problematic thing that regulations tend to enshrine.


Look for trends in inspection activities

I’m in charge of ice cream, an important element of my household and as a result there are agreed upon criteria for success. I have internal inspectors (me) and external (my teenagers). I can thus produce a fairly simple graph of internal and external inspections and see the areas where there is a difference.

ice cream audit

From this I can tell which categories of findings are pain points and can look for systematic ways to fix them.

In my case, it’s clear the kids do not appreciate only having vanilla, strawberry and chocolate ice cream.

You can apply the same process to your internal vs. regulatory agencies (or certifying body or similar) audit findings.

You can quickly find two major patterns:

  1. Places you are gapping
  2. Places you are tougher than regulatory agencies

For those areas where you are gapping, evaluate your systems and determine what process improvements are necessary. A good area to include in this evaluation is the skill set of your internal auditors. For example, do you need more intensive data integrity training?

For those areas where you are tougher than regulatory agencies, do a quick check to ensure internal expectations are appropriately aligned. And then congratulate yourself.

You might have some areas where you have internal findings but absolutely no external. This might be a good indication that this might be a cutting edge area and you are doing a great job keeping ahead of the curve.

Take an additional step. Go to a source of inspection findings, such as the FDA’s 483 collection, and add them to your graph. This can help you identify additional areas of potential improvement. This can be especially helpful if you are a smaller company that does not have a wealth of data to draw.

We should all be doing what we can to anticipate trends and benchmark ourselves. This sort of data review and go a long way to finding some potential pain points before they get worse.





Change Control- Leveraging regulatory inspection data

The Pfizer McPherson site has been under a great deal of regulatory scrutiny, and as a result there is a lot we can learn from their findings.

In July the MHRA stated the following:

Hospira McPherson Changes

There is a lot to unpack here, and for most of it I can pull up some previous postings to start with:

Breaking down change controls is both a necessity and a difficulty. I talked about the need for a change strategy when breaking up changes. This connective tissue will help with issues like above and can also serve as a good playbook for discussing the changes with an inspector. This is especially important when you find you need to implement related changes at different times. I talked about the various implementation dates in some detail.

Risk assessments are only getting more important, and for a company with international distribution it is important to consider the risks inherent to your regulatory strategy and distribution strategy and mitigate.

regulatory and change

If you have changes that will have long tails of regulatory approvals, then your change control needs to have the right controls to ensure appropriate and safe supply.

Build your actions to address all risks and impacts and ensure they are appropriately carried through.

action items

Finally ensure your change control process has a way to revise the plan and ensure all stakeholders are included in the decisions.


FDA In Brief > FDA In Brief: FDA advances policies related to bolstering security of drug products in the U.S. supply chain

FDA issues drug supply chain guidances to alert industry of changes to pharmaceutical product identification and tracing procedures.
— Read on

Today, the FDA is finalizing two guidance documents and making available one draft guidance to help ensure that prescription drug products are identified and traced properly as they move through the supply chain in compliance with federal law.