The Medical Industry’s Move Toward Quality, Part
Three
In the February and April columns
in this series, we first discussed how process management
and risk-based initiatives will change the FDA’s approach
to medical device and pharmaceutical reviews. We then examined
in depth the potential effects of introducing risk management
methods to the medical device industry, as required by ISO
13485:2003. We’ll now focus more closely on process
management and consider its role in meeting the stated primary
objective of ISO 13485:2003: “to facilitate harmonized
medical device requirements for quality management systems.”
To begin, one must recognize that the components of risk
management--risk analysis, evaluation and control-- are
subsets of pro-cess management. They’re essential
elements of the design process, which includes planning,
review, verification and validation. They’re also
vital components of the review and validation phases of
every other process included in the product realization
cycle.
One of the most significant differences between ISO 9001:2000
and ISO 13485:2003 is found in the latter’s product
realization planning:
“The organization shall establish documented requirements
for risk management throughout product realization. Records
arising from risk management shall be maintained.”
And the reason stated for the change?
“To make the resulting text consistent with the
objective of reflecting the current regulations and facilitating
the harmonization of new medical device regulations around
the world.”
Processes, we know, receive inputs and convert them to
outputs. Processes can have multiple inputs, each of which
is the output of another process, and multiple outputs,
each feeding one or more other processes. Moreover, processes
are often cross-functional, involving activities from diverse
elements within an organization. Hence, analyzing, validating
and controlling processes involved in complex operations
require special expertise. But effective process management
and its subset, risk management, are essential to streamline
and improve regulatory processes.
The quality management profession has recognized that
managing and controlling processes for designing, producing,
delivering and servicing a product is the best way of ensuring
the product’s safety and integrity--short of 100 percent
inspection and testing, which is generally impractical if
not impossible.
The analogy often used is that of producing bread in a
bakery. You can’t test a loaf without destroying it,
and random sampling is only effective if your processes
are effective. But if you rigidly control how you train
your personnel, mix the dough, heat the ovens, bake the
bread, and package and ship it, you achieve a high degree
of confidence in the product’s consistency.
For this reason, ISO 13485:2003 goes far beyond ISO 9001
in documentation requirements. Besides mandating additional
documents and records, ISO 13485:2003 requires that for
each medical device, the organization must establish a file
of documents that “defines the complete manufacturing
process and, if applicable, installation and servicing.”
How does all this relate to what the FDA is doing in the
United States? It’s too early to tell, but it looks
as though the developed world is moving in parallel. For
example, the FDA’s Quality System Inspectional Technique
for medical devices is a process-based approach that allows
an inspector to look at the management system, corrective
and preventive actions, documented and validated procedures,
paper trails, and device history records to get a concise
overview of a manufacturer’s quality management system
for a particular product.
Conversely, the documentation, records and files, and
process management and risk-based approach imposed by ISO
13485:2003 will help an organization prepare for QSIT. The
FDA might eventually recognize ISO 13485:2003 registrations
as partial evidence of compliance with regulatory requirements--which
appears to be the approach evolving in the European Union
and Canada.
In the pharmaceutical industry, the FDA has a stated objective
of introducing process analytical technology and risk-based
assessment as the foundation of the next-generation pharmaceutical
good manufacturing practice. Again, this move seems to parallel
the direction in which other countries are heading. In short,
health care regulatory reviews are moving toward increased
globalization based on a better understanding of process
management and risk control.
As I’ve suggested before, implementing such assessments--including
developing first-, second- and third-party auditors with
the knowledge and skills to perform process audits in a
high-technology environment--might be the biggest challenge
of all. We’ll consider this in more detail in future
columns.
Stanley A. Marash, Ph.D., is chairman and CEO of The
SAM Group.
|
