Computer Software Assurance Draft

The FDA published on 13-Sep-2022 the long-awaited draft of the guidance “Computer Software Assurance for Production and Quality System Software,” and you may, based on all the emails and posting be wondering just how radical a change this is.

It’s not. This guidance is just one big “calm down people” letter from the agency. They publish these sorts of guidance every now and then because we as an industry can sometimes learn the wrong lessons.

This guidance states:

  1. Determine intended use
  2. Perform a risk assessment
  3. Perform activities to the required level

I wrote about this approach in “Risk Based Data Integrity Assessment,” and it has existed in GAMP5 and other approaches for years.

So read the guidance, but don’t panic. You are either following it already or you just need to spend some time getting better at risk assessments and creating some matrix approaches.

FDA Final Guidance on Recalls

The FDA published the final guidance for “Initiation of Voluntary Recalls Under 21 CFR Part 7, Subpart C” in March of 2022.

Nothing new here really, as the FDA has just finalized recommendations that companies make adequate preparations to operations in advance of when a recall may be needed (e.g., prepare and execute a recall communications plan). In addition to these preparations, the FDA recommends that companies consider preparing, maintaining, and documenting written procedures (in paper or electronic format) for initiating a recall and performing actions related to initiating a recall. Moreover, the document addresses how companies should develop a recall strategy and train personnel on executing a recall, as well as how companies should use adequate product coding.

Guidances in Administrative Law

Edward Rubin over on the Administrative Law JOTWELL, in the post “Uncovering the Hidden World of Administrative Guidance” exposed me to the 2019 article by Nicholas R. Parrillo “Federal Agency Guidance and the Power to Bind: An Empirical Study of Agencies and Industries” which I just find fascinating.

Guidances are an interesting part of our job. As a best practice, they show one way to get to the desired end result, but there can be other ways but the presence of guidance can obscure those possibilities. Often times if an agency goes to the level of detail to show you what good looks like you’d be foolish not to try to meet them there. Other times guidance can be a real head scratcher.

Good article, and of interest to the non-lawyers like myself who have to live within the boundaries.

Good practices for research and development facilities (WHO draft guideline)

Last month the World Health Organization published a draft guideline on Good practices for research and development facilities.

This arrow pretty much sums it up:

Application of the guide

Seriously, not much surprising here. What this guide definitely does is place early research in the framework of Q10 and point out that there is one quality system to rule them all and that level of rigor is based on risk.

Give it a read.

WHO Revises Guidance on QMS Requirements for National Inspectorates

The guidances that health authorities adopt for themselves can tell us much about what they think is important. WHO recently revised the Guidance on QMS for National Inspectorates to align with international standards and the latest quality management system (QMS) principles and to expand the document’s scope. This guidance is pretty much saying “Get with the times.”

Nothing here is that unfamiliar to folks who are familiar with IS 9001 or most other standards. There are sections on management, management system planning, resources, personnel, infrastructure and documentation. There is a section on a section on operational planning and performance evaluation. WHO states inspections, should be planned in advance and risk management principles should be established for prioritizing inspection.

The document is in it’s comment period through September.