Originally Published October 2000
A comparison of the guidelines and FDA practices reveals the agency is in compliance with most requirements.
Timothy R. Wells
The Global Harmonization Task Force (GHTF) was conceived in 1992 in an effort to respond to the growing need for international harmonization in the regulation of medical devices. The objective of the task force is to encourage convergence at the global level in the evolution of regulatory systems for medical devices in order to protect public health and facilitate trade. This goal is reached through the promotion of an international consensus to develop equivalent systems with a common basis for how regulatory practices and decisions are carried out relative to medical devices. The founding members of GHTF are Australia, Canada, the European Union, Japan, and the United States. Other, nonmember countries are encouraged to participate in GHTF activities.
Despite the enormous effort that has gone into the development of guidelines, it is not readily apparent whether their requirements are being met by the member countries of the task force. The foreward to one guideline states that "as with international standards, GHTF documents do not, by themselves, have official status but are intended to offer sound advice. The expectation is, however, that governments, through applicable procedures, may wish to give GHTF documents official status."1
This article focuses on the GHTF guideline, Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers (1999) (hereafter referred to as "the Guideline"). Although FDA has not accorded this document official status, an analysis of the Guideline that compares it with current FDA practices used for conducting medical device quality system inspections reveals that the United States is in compliance with a majority of the elements in the document.
GHTF AND QSIT: A REVIEW OF CONVERGENCE
The Guideline contains 12 sections. The first four—comprising an introduction, document scope, references, and definitions—are not discussed in the present article, nor are sections 9 through 12. Sections 9 and 10 deal with the auditing organization and the audit team, and it is the exception, rather than the norm, for FDA to use an audit team. For inspections based on the quality system inspection technique (QSIT) guide, the agency manages to perform most of the activities carried out by an audit team with a single investigator. Section 11, on the subject of audit processes, merits a treatment of its own in a separate article, as FDA does follow most of these processes. Similarly, Section 12, on corrective action follow-up, is also not discussed here, though once again FDA does perform the follow-up activities delineated therein.
The remaining four sections of the Guideline are examined below: general principles for auditing organizations (section 5), audit objectives (section 6), audit scope (section 7), and types of audit (section 8).
A number of FDA policies and procedures provide the necessary groundwork for meeting the GHTF Guideline. These include the Investigations Operations Manual (IOM); Draft Compliance Program 7382.845, Inspection of Medical Device Manufacturers (CD); Guide to Inspections of Quality Systems (QSIT Guide); and the Code of Federal Regulations (CFR).2
With the advent of the quality system inspection technique, FDA is taking huge strides in coming closer to the GHTF guideline. A significant stimulus for the agency in the reengineering of its inspection process was the need for FDA to consider the harmonization of its inspections with those of other government entities. The mutual recognition agreement (MRA) signed by President Clinton in December 1998 stipulates that the U.S. government will normally endorse audit reports from conformity-assessment bodies in the European Union by December 2001.
The industry working group that met in the early stages of QSIT development wanted the agency to use the GHTF auditing guidelines. Thus, the Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers became one of the QSIT design inputs. The rationale was that, if an organization was hoping ultimately to harmonize, it should consider using global documents such as the GHTF Guidelines within its own programs.
The motivation of the working group, however, was not merely to provide a consistent process, but also to steer FDA toward some of the same practices used by the notified bodies when auditing U.S. manufacturers. This change in FDA practices would also bring many of the concepts in the Guideline—such as consistency of auditing procedures, clearly defined audit scope, assurance that the audits would focus on the firms' implemented quality system, and documented competency of auditors and communications both pre- and postaudit, to name a few—into FDA's way of doing business.
|"The purpose of the GHTF is to encourage convergence in regulatory practices related to ensuring the safety, effectiveness/performance, and quality of medical devices, promoting technological innovation and facilitating international trade, and the primary way in which this is accomplished is via the publication and dissemination of harmonized guidance documents on basic regulatory practices. These documents, which are developed by four different GHTF Study Groups (see Organizational Structure for more information), can then be adopted/implemented by member national control authorities." (from the Summary Statement of the Global Harmonization Task Force, which can be found at www.ghtf.org)|
Since the GHTF Guideline was based on the principles in the ISO guidelines for auditing (ISO 10011–1, 2 and 3:1990–1991), the auditing principles in ISO 14011: 1996, and the vocabulary in ISO 8402: 1994, the use of the Guideline by FDA would certainly make FDA audits more international in flavor. (Throughout this paper, the terms audit and inspections are used interchangeably. While the traditional term at FDA has been inspection, the advent of QSIT and other newer programs like investigator certification and GHTF activities are causing the agency more and more to employ the term audit.)
A discussion of sections 5, 6, 7, and 8 of the GHTF Guideline follows.
SECTION 5: GENERAL PRINCIPLES
Ten elements are covered in section 5. These subsections are Independence; Audit Objectives and Scope; Roles, Responsibilities, and Authorities; Resources; Competence of Team; Consistency of Procedures; Adequacy of Audit Documentation; Confidentiality and Ethics; Audit Results and Conclusions; and Quality System. As can be seen in Table I, FDA is meeting most requirements in these areas. Five of the most important subsections are discussed below.
Section 5.3.b. Audit Ties to Relevant Regulatory Requirements. QSIT was developed with the purpose of evaluating relevant regulatory requirements. A gap analysis performed by Robert Ruff, FDA New Jersey District investigator and QSIT team member, during the reengineering effort to validate QSIT demonstrates that the QSIT process adequately covers the applicable requirements in the quality system regulation (21 CFR Part 820). A second gap analysis, done by the industry working group mentioned earlier, came to the same conclusion. These analyses are found in the QSIT Validation Report.
Section 5.4. Resources. The draft compliance program document (available at http://www.fda.gov/cdrh/comp/7382_845.pdf) provides three levels of QSIT inspections, which vary in complexity. QSIT level 1, also referred to as level A ("abbreviated"), is a shorter process that covers two subsystems. QSIT level 2, also referred to as level B ("baseline"), is a comprehensive inspection that covers four subsystems. Level 3, or level C ("compliance follow-up"), is a more complex inspection that follows a preceding "violative" inspection. FDA considers any inspection classified as OAI ("official action indicated") as violative, and reinspections are generally done within six months using a level 3 QSIT inspection.
Section 5.5. Competence of Team. The GHTF Guideline discusses the qualifications of the audit team. Although FDA generally does not use an audit team—but rather solo inspectors—for most quality system inspections, teams are used in complex audits (such as some level 3 inspections), training audits, and certification audits. Regardless of whether FDA does the inspection with a team or with one investigator, a level of quality system training and QSIT competence is required for investigators doing medical device quality system inspections. A mandate by top management of the FDA's field forces states that investigators performing medical device quality system inspections must take a CD-ROM QSIT training course and pass an exam. This is designed to ensure consistency and to document the competency of personnel in the area of regulatory requirements and audits.
Section 5.8. Confidentiality and Ethics. Whereas the Guideline states there should be no disclosure of documents and information without the express approval of the auditee, it also specifies that this should be the case "unless it is a regulatory requirement." Since the Freedom of Information (FOI) Act is considered a regulatory requirement, no approval from the auditee is necessary before information is released; however, the agency does protect the confidentiality of trade secrets. Under the FOI program, FDA will release a purged FDA-483, Establishment Inspection Report (EIR), and other documents related to quality system inspections to any person requesting them.
Section 5.10. Quality System. FDA is making significant progress in establishing its own quality systems within the agency. However, the sophistication of the quality systems varies within different parts of the organization. While the field has been working on an internal quality system for several years, CDRH has only recently become more active in developing its internal quality system.
SECTION 6: AUDIT OBJECTIVES
Four elements covering audit objectives are listed in section 6. As Table II indicates, FDA is meeting all of these GHTF elements. The Guideline states that audits are designed to "determine conformance of a manufacturer's quality system with regulatory requirements," to "determine the effectiveness of the implemented quality system," to "audit the quality system as the manufacturer has defined it," and to "ensure that corrective actions agreed to as a result of a previous audit have been completed effectively."
|GHTF Section||Requirement||US Harmonization? Yes/No||FDA Equivalent Requirement||FDA Procedures/ Policy/ Remarks|
|Section 6—Audit Objectives|
|6a)||Determine conformance with regulatory requirements||Yes||QSIT||QSIT uses "Establish" test|
|6b)||Determine effectiveness of QS||Yes||QSIT||QSIT uses "Sampling"|
|6c)||Audits check the mfr.'s "defined" system||Yes||QSIT||QSIT checks the "system"|
|6d)||Audits check corrective actions from previous audits||Yes||CP, IOM||Covered during each audit|
Table II. Comparison of GHTF Guideline Section 6, Audit Objectives, with FDA practices.
Section 6a). Determine Conformance of a Manufacturer's Quality System with Regulatory Requirements. The lead objectives for quality subsystems in the QSIT Guide deal with the establishment of procedures and policies that meet each of the subsystem requirements. With QSIT, the auditor will first review the procedures and policies the firm has developed and determine whether they meet regulatory requirements before checking to see if they are being followed. (With the QSIT approach, the "establish test" is to check if the items were defined, documented, and implemented (21 CFR 820.3(k)).
Section 6b). Determine the Effectiveness of the Implemented Quality System. The QSIT approach requires that auditors not only check whether a firm's procedures and policies are being followed, but that they also determine whether the quality system itself and each of the subsystems are adequate and effective. Investigators determine if the quality system is adequate and effective by boring vertically down into the subsystems and looking at raw data (records). The QSIT sampling tables are a tool that can be used to help in this process.
Section 6c). Audit the Quality System as the Manufacturer Has Defined It. QSIT addresses quality systems as they are employed by manufacturers. While it may be possible for a firm to have a more extensive system than that defined in the regulations (as suggested in the Guideline), firms should show FDA any and all practices demonstrating that the system they use is effective.
Section 6d). Ensure that the Corrective Actions Agreed to as a Result of the Previous Audit Have Been Completed Effectively. The new draft compliance program and other FDA procedures advise investigators to follow up on previous audits in order to ensure that any problems have been corrected.
SECTION 7: AUDIT SCOPE
Section 7 of the Guideline comprises four elements covering the audit scope. Table III shows that FDA is meeting three of the four GHTF elements. The Guideline states that "audit scope" describes the extent and the boundaries of the audit insofar as it includes "the devices to be covered by the audit," the "QS requirements against which the quality system is to be audited," the "type of audit to be done," and the "physical location and the documents to be covered."
Section 7a). Includes the Devices to be Covered by the Audit. Generally, the scope of a QSIT inspection will not initially specify which devices are to be covered. Whereas the PMA inspection program and the for-cause program will generally provide more specifics on which devices are to be covered, most QSIT inspections are done without any specific devices in mind. In fact, more than one device can be covered since QSIT challenges the firm's "systems"—which should cover a multitude of devices. By contrast, Draft Compliance Program 7382.845 states that for-cause inspections can deal with a specific device.
Section 7b). Includes the QS Requirements against Which the Quality System is to be Audited. The QSIT guide provides a clear idea of which quality system requirements will be looked at during an inspection.
Section 7c). Includes the Type of Audit to be Done. FDA's preannouncement program for medical device inspections provides for some communication between a firm and the investigator before the inspection. It would be wise to discuss with the investigator the type of audit to be done: for instance, whether it will be a QSIT inspection, at which level it will occur, or if it will be a for-cause inspection.
Section 7d). Includes the Physical Location and the Documents to be Covered. During the preinspection discussion with FDA, a firm can ask about the location of the audit. If the audit is a QSIT inspection, the company can determine which documentation will be discussed during the audit by reviewing the QSIT Guide. However, FDA will likely not reveal which specific documents will be covered (aside from the documents mentioned in the QSIT Guide) until that point during the audit at which they are requested.
|GHTF Section||Requirement||US Harmonization? Yes/No||FDA Equivalent Requirement||FDA Procedures/ Policy/ Remarks|
|Section 7—Audit Scope|
|7a)||Includes the devices to be covered||Partial||CP||Only PMA and for-cause inspection programs will provide information on the devices to be covered; not with QSIT|
|7b)||Includes the QS requirements to be covered||Yes||QSIT||Includes covered "systems"|
|7c)||Includes the type of audit to be done||Yes||QSIT||QSIT preannounce program|
|7d)||Includes the location/ documents to be covered||Yes||QSIT, FR||Defined in FR and QSIT preannounce program|
Table III. Comparison of GHTF Guideline Section 7, Audit Scope, with FDA practices.
SECTION 8: TYPES OF AUDIT
Four types of audits—with 12 elements—are listed in this section of the Guideline: initial audit, surveillance audit, special audit, and unannounced audit. A review of Table IV reveals that FDA is currently meeting 9 of the 12 GHTF elements.
Section 8.1. Initial Audit. The Guideline states that the initial audit will generally be an audit of all elements of the quality system. With the advent of QSIT, FDA attempted to ensure that each manufacturer was audited against the QSIT Guide, regardless of whether previous audits may have been done. The plan is to use level 2 QSIT as a baseline audit. Since level 2 QSIT covers all of the elements in the quality system, this should guarantee that initial audits meet this element of the Guideline.
Section 8.2. Surveillance Audit. According to the Guideline, a surveillance audit for a previously audited facility can either constitute a full or partial audit of the quality system. Under QSIT, FDA is able to meet this element with a level 1 QSIT abbreviated audit. The draft compliance program states that firms that pass a level 2 audit (inspections classified as "voluntary action indicated" or "no action indicated") will receive a level 1 QSIT inspection on the next round. Since the QSIT program was started in early 2000, there probably won't be many level 1 audits until 2002—the first year a firm audited in 2000 will be eligible for the second QSIT audit.
The draft compliance program mandates that a level 1 audit will cover "CAPA plus 1." What this means is that the level 1 audit will cover the firm's corrective and preventive action subsystem and one other subsystem in the QSIT Guide. The investigators will choose the "plus 1" subsystem based on some guidance provided in the draft compliance program.
This section of the GHTF Guideline also includes the statement that "if partial audits are used for surveillance, within a maximum period of five years all elements of the quality system should be audited." FDA's draft compliance program addresses this by declaring that a comprehensive inspection will be done every six years. Since FDA does inspections on an every-other-year schedule, a six-year rotation would allow the agency to perform a level 2 baseline audit on the third visit (year six).
Regarding "time interval" items a-e of section 8.2, FDA has made it clear in the draft compliance program that manufacturers of higher-risk devices will be inspected more frequently (every two years is the goal). Part III of the compliance program explains this concept.
Section 8.3. Special Audit. The Guideline states that special audits may be required when external factors apply (such as safety or postmarket data) or when significant changes occur to a manufacturer. FDA handles these areas outside of the QSIT mode—for instance, through a "for-cause" inspection. This is a bottom-up inspection in which the investigator will typically begin the audit with some adverse product data or allegation, and work through the data related to the reported or alleged problem. Generally, in a for-cause inspection the investigator will look at the root causes of a problem and check to see whether appropriate remedial actions are being taken.
Another form of special audit done by FDA is the PMA inspection process, which has its own separate compliance program that is more specific to devices under PMA review or those already cleared for market. Some of the things that the agency looks at are changes to the device or to the manufacturing process that could affect the quality system (e.g., a change in facility location). Many of the same items mentioned in section 8.3 of the GHTF Guideline would also trigger FDA inspections.
Section 8.4. Unannounced Audits. The Guideline states that unannounced audits may be necessary when the auditing organization has justifiable concerns about implementation of corrective actions or compliance with regulatory requirements. As mentioned above in the discussion of section 8.3, FDA uses a for-cause inspection whenever there is a special concern. Corrective actions—such as recalls—could be the basis for initiating a for-cause inspection. Most of the time, however, the triggering event will be surveillance information (such as MDR reports) or complaints, as well as occasional letters from current or former employees that bring some special piece of information to FDA's attention.
Based on the review of four critical sections of the GHTF Guideline, it appears that FDA's various medical device quality system inspection programs provide a solid basis for meeting most of the audit requirements of the Global Harmonization Task Force. In addition, some of FDA's other existing programs—such as preannouncement of inspections—are also enabling the agency to satisfy GHTF procedures. Without formally adopting the GHTF Guideline as an official document, FDA is currently meeting approximately 85% of the elements in the Guideline—29 of the 34 sections reviewed—and is moving closer to compliance on a number of remaining items.
1.From the Forward to Global Harmonization Task Force, Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers, General Requirements: 1999, Final Document, p. 2; available from Internet: http://www.ghtf.org/sg4/inventorysg4/99-28GenReq.PDF.
2.These documents are available from the Internet at, respectively: www.fda.gov/ora/inspect_ref/iom/IOMForeword.html www.fda.gov/ora/inspect_ref/iom/IOMForeword.html; www.fda.gov/cdrh/comp/7382_845.pdf ; www.fda.gov/ora/inspect_ref/igs/qsit/QSITGUIDE.PDF; and www.access.gpo.gov/nara/cfr/cfr-table-search.html.
Code of Federal Regulations, Quality System Regulation, 21 CFR 820.
Draft Compliance Program 7382.845, Inspection of Medical Device Manufacturers, Rockville, MD: FDA.
Federal Register, 61 FR:14786, Preannouncement program, April 3, 1996.
Guide to Inspections of Quality Systems, Rockville, MD: Food and Drug Administration, QSIT Team, August 1999.
Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers General Requirements, Ottawa, ON: The Global Harmonization Task Force (GHTF), 1999.
Investigations Operations Manual (IOM), Rockville, MD: FDA, Office of Regulatory Affairs.
QSIT Validation Report, Rockville, MD: FDA, March 18, 1999.
Timothy R. Wells was team leader of FDA's Medical Device Quality System Inspections Reengineering team and an FDA representative on the Global Harmonization Task Force, Study Group 4—Auditing. During his 24-year career with the agency, he has worked as a field investigator in the Chicago district, as a small business representative in the Atlanta regional office, and as a branch chief in the Office of Compliance at the Center for Devices and Radiological Health (CDRH). He left FDA in September 2000 to form Wells & Associates, a consulting firm located in Rockville, MD.