Regulatory Open Forum

In a thread labeled Risk Management SOP I suggested following 21 CFR 820.25(b) to identify training needs and ensure adequate performance. In the thread it is not clear whether the company is implementing QSR only or will be implementing ISO 13485:2016 as well.<o:p></o:p>

<o:p> </o:p>

In a response Ed Bills said, "[As] the Proposed QMSR is expected to be released in December according to FDA, perhaps you should be moving to the more modern requirements in ISO 13485 6.2 for "a) determine the necessary competence..." and "b) provide training or take other actions to achieve or maintain the necessary competence.""<o:p></o:p>

<o:p> </o:p>

I'm nervous about early implementation of the Proposed QMSR.<o:p></o:p>

<o:p> </o:p>

FDA does not intend to adopt ISO 13485:2016 as QMSR. Instead, they intend to adopt a modified version. Some things from ISO 13485:2016 will be adopted without change and some will be modified. In addition, there will be QMSR elements not in ISO 13485:2016.<o:p></o:p>

<o:p> </o:p>

We won't know the details of the QMSR until December 2023 when FDA plans to issue the final rule. Also, we don't know the implementation timeline. The original proposal was one year, but some comments asked for two years.<o:p></o:p>

<o:p> </o:p>

My recommendation is to maintain QSR, implement ISO 13485:2016 if it applies, and do not try to anticipate the details of QMSR until FDA publishes the final rule.<o:p></o:p>

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

@Dan O'Leary in response to your statement, a company should be creating a Quality Plan to transition, if they are only currently compliant to 21 CFR 820. Companies already in compliance with both will need to only examine their Quality System to see if anything at all needs to be changed.

The transition is not a big lift as the QSR and 13485 are 95% the same as demonstrated in research done by FDA and also published in AAMI TIR 102.  The reason to start now is to determine the resources needed and what differences need to be accommodated as well as how this will affect any products under development.  Projects always take more time and resources than first estimated, especially if you have not done the process to determine the work needed and only guessed.  

Based on a reading of the 68 comments FDA received on the transition it is not likely that much will be changed from the proposal.  In the last update in 1995 that FDA received hundreds of comments and only allowed a seven month transition, except for the major change, the adoption of Design Controls.  For the QSR,  FDA inspections was a transition of only seven months, but all Design Control findings were documented on a separate form and not part of any Official Action for an additional year.  FDA will not perform any inspections under the new QMSR until the end of the transition period, which I think will be one year.  That is based on the fact that is what FDA published and also the small number of comments received from industry.  One requested a transition of three yers, which will not be granted, and several asked for two years.  With the small differences between the current regulation and the standard it is not likely the FDA will delay more than a year for transition.

Just as with the EU MDR, we found that so many waited until it was too late and then petitioned to have the implementation delayed.  Of course the lack of Notified Bodies did impact the implementation, but many companies waited until too late to implement.  I don't think we will have a big delay in implementation so the time to start is now.  Most companies will not have a big issue, but all companies have competition for resources, and need to know what this effort will take so they have time to get it done.

------------------------------
Edwin Bills
Edwin Bills Consultant
ASQ Fellow CQE, CQA, CQM/OE, RAPS RAC
elb@edwinbillsconsultant.com
------------------------------

Original Message:
Sent: 21-Jun-2023 13:20
From: Dan O'Leary
Subject: Early QMSR Implementation

In a thread labeled Risk Management SOP I suggested following 21 CFR 820.25(b) to identify training needs and ensure adequate performance. In the thread it is not clear whether the company is implementing QSR only or will be implementing ISO 13485:2016 as well.<o:p></o:p>

<o:p> </o:p>

In a response Ed Bills said, "[As] the Proposed QMSR is expected to be released in December according to FDA, perhaps you should be moving to the more modern requirements in ISO 13485 6.2 for "a) determine the necessary competence..." and "b) provide training or take other actions to achieve or maintain the necessary competence.""<o:p></o:p>

<o:p> </o:p>

I'm nervous about early implementation of the Proposed QMSR.<o:p></o:p>

<o:p> </o:p>

FDA does not intend to adopt ISO 13485:2016 as QMSR. Instead, they intend to adopt a modified version. Some things from ISO 13485:2016 will be adopted without change and some will be modified. In addition, there will be QMSR elements not in ISO 13485:2016.<o:p></o:p>

<o:p> </o:p>

We won't know the details of the QMSR until December 2023 when FDA plans to issue the final rule. Also, we don't know the implementation timeline. The original proposal was one year, but some comments asked for two years.<o:p></o:p>

<o:p> </o:p>

My recommendation is to maintain QSR, implement ISO 13485:2016 if it applies, and do not try to anticipate the details of QMSR until FDA publishes the final rule.<o:p></o:p>

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

Hi @Dan O'Leary - I don't disagree with your perspective.

Having said that, don't you think that regardless of what the regulations explicitly require, it would be a good practice to start thinking about competence and not just training?

My experience is that training is pretty much useless unless designed appropriately and we are actively measuring effectiveness. We have used "training" as a check-the-box activity just to meet "requirements". 

I sincerely hope that auditors and inspectors start challenging competence, especially when they come across "human error" as a root cause! 

------------------------------
Naveen Agarwal, Ph.D.
Problem Solver | Knowledge Sharer.
Let's Talk Risk!
@https://naveenagarwalphd.substack.com/
------------------------------

Original Message:
Sent: 21-Jun-2023 13:20
From: Dan O'Leary
Subject: Early QMSR Implementation

In a thread labeled Risk Management SOP I suggested following 21 CFR 820.25(b) to identify training needs and ensure adequate performance. In the thread it is not clear whether the company is implementing QSR only or will be implementing ISO 13485:2016 as well.<o:p></o:p>

<o:p> </o:p>

In a response Ed Bills said, "[As] the Proposed QMSR is expected to be released in December according to FDA, perhaps you should be moving to the more modern requirements in ISO 13485 6.2 for "a) determine the necessary competence..." and "b) provide training or take other actions to achieve or maintain the necessary competence.""<o:p></o:p>

<o:p> </o:p>

I'm nervous about early implementation of the Proposed QMSR.<o:p></o:p>

<o:p> </o:p>

FDA does not intend to adopt ISO 13485:2016 as QMSR. Instead, they intend to adopt a modified version. Some things from ISO 13485:2016 will be adopted without change and some will be modified. In addition, there will be QMSR elements not in ISO 13485:2016.<o:p></o:p>

<o:p> </o:p>

We won't know the details of the QMSR until December 2023 when FDA plans to issue the final rule. Also, we don't know the implementation timeline. The original proposal was one year, but some comments asked for two years.<o:p></o:p>

<o:p> </o:p>

My recommendation is to maintain QSR, implement ISO 13485:2016 if it applies, and do not try to anticipate the details of QMSR until FDA publishes the final rule.<o:p></o:p>

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

To discuss competence, one must start with understanding the term. ISO 9000:2015, 2.2.5.3 explains competence as "A QMS is most effective when all employees understand and apply the skills, training, education, and experience needed to perform their roles and responsibilities. It is the responsibility of top management to provide opportunities for people to develop these necessary competencies". The definition of competence is in ISO 9000:2015, 3.10.4 as "ability to apply knowledge and skills to achieve intended results".<o:p></o:p>

<o:p> </o:p>

QSR in 820.25(a) Personnel – General says, "Each manufacturer shall have sufficient personnel with the necessary education, background, training, and experience to assure that all activities required by this part are correctly performed".<o:p></o:p>

<o:p> </o:p>

This is competence. QSR doesn't use the word but embodies the concept.<o:p></o:p>

<o:p> </o:p>

ISO 13485:2016, 6.2, says "Personnel performing work affecting product quality shall be competent on the basis of appropriate education, training, skills, and experience".<o:p></o:p>

<o:p> </o:p>

Notice the differences in the dimensions of competency. QSR says background while 13485 says skills.<o:p></o:p>

<o:p> </o:p>

I advise my clients that position descriptions should include the four dimensions of competence. They may also include other attributes such physical requirements (not color blind, able to lift 25 pounds on a regular basis, etc.)<o:p></o:p>

<o:p> </o:p>

My point is that QSR already embodies the concept of competence; it is not new to 13845.<o:p></o:p>

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

Original Message:
Sent: 22-Jun-2023 09:12
From: Naveen Agarwal
Subject: Early QMSR Implementation

Hi @Dan O'Leary - I don't disagree with your perspective.

Having said that, don't you think that regardless of what the regulations explicitly require, it would be a good practice to start thinking about competence and not just training?

My experience is that training is pretty much useless unless designed appropriately and we are actively measuring effectiveness. We have used "training" as a check-the-box activity just to meet "requirements". 

I sincerely hope that auditors and inspectors start challenging competence, especially when they come across "human error" as a root cause! 

------------------------------
Naveen Agarwal, Ph.D.
Problem Solver | Knowledge Sharer.
Let's Talk Risk!
@https://naveenagarwalphd.substack.com/

Original Message:
Sent: 21-Jun-2023 13:20
From: Dan O'Leary
Subject: Early QMSR Implementation

In a thread labeled Risk Management SOP I suggested following 21 CFR 820.25(b) to identify training needs and ensure adequate performance. In the thread it is not clear whether the company is implementing QSR only or will be implementing ISO 13485:2016 as well.<o:p></o:p>

<o:p> </o:p>

In a response Ed Bills said, "[As] the Proposed QMSR is expected to be released in December according to FDA, perhaps you should be moving to the more modern requirements in ISO 13485 6.2 for "a) determine the necessary competence..." and "b) provide training or take other actions to achieve or maintain the necessary competence.""<o:p></o:p>

<o:p> </o:p>

I'm nervous about early implementation of the Proposed QMSR.<o:p></o:p>

<o:p> </o:p>

FDA does not intend to adopt ISO 13485:2016 as QMSR. Instead, they intend to adopt a modified version. Some things from ISO 13485:2016 will be adopted without change and some will be modified. In addition, there will be QMSR elements not in ISO 13485:2016.<o:p></o:p>

<o:p> </o:p>

We won't know the details of the QMSR until December 2023 when FDA plans to issue the final rule. Also, we don't know the implementation timeline. The original proposal was one year, but some comments asked for two years.<o:p></o:p>

<o:p> </o:p>

My recommendation is to maintain QSR, implement ISO 13485:2016 if it applies, and do not try to anticipate the details of QMSR until FDA publishes the final rule.<o:p></o:p>

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------