Mark,
I agree and disagree. ISO:13485:2016 section 4.1.5 states, "When the organization chooses to outsource any process that affects product conformity to requirements, it shall monitor and ensure control over such processes. The organization shall retain responsibility of conformity to this International Standard and to customer and applicable regulatory requirements for outsourced processes. The controls shall be proportionate to the risk involved and the ability of the external party to meet the requirements in accordance with 7.4. The controls shall include written quality agreements."
Then to support this clause... ISO:13485:2016 section 7.3.3 subpart (e) states, "other requirements essential for design and development of the product and processes."
Process Validations is part of the DHF/DMR.. You mentioned, quality agreement, and supplier controls, which both are critical elements inside ISO:13485 standard and 21 CFR... not controlling process validations will get an ISO certification pulled, receive a 483, or worse.
Without process validations, how will you prove that your product is Safe, or does what it claims to do? doesn't matter whether you do validations in-house, or contract out... your QMS needs to prove that it controls it's process validations.
I will agree that, a company can choose which processes to validate, or not.. That depends on the criticality of the process... what are the level of risks? Just remember, you never have to justify why you validate a process, but always have to justify/explain why you're NOT validating a process.
------------------------------
Lance Tovar
RA/QA Specialist
Roy UT
United States
------------------------------
Original Message:
Sent: 25-Jan-2021 06:58
From: Mark Swanson
Subject: ISO 13485 QMS Processes
Hi Anon,
I think this will possibly evoke a response from several members, but I would not agree that you need your own QMS process for process validation here. Since you are not performing the processes, why would you have that?
HOWEVER, you are responsible to make sure your contract manufacturer is compliant to the regulation. This is the reason that FDA requires registration for contract manufacturers as well. They can conduct an inspection there and if official action is indicated (due to noncompliance) it will affect your product.
In addition, you should keep in mind that the need for process validation is limited (those processes that cannot be fully verified or you choose not to verify). For more information, see comment 143 (and the rest of section iii) of the preamble to 21CFR820.
I know there are those that may argue that you need this process in your own QMS to make sure a supplier follows it. I would disagree. You qualify your suppliers for the processes that you need them to do for you. You could have as part of your agreement (or a supplier quality agreement) that they agree to meet the requirements of ISO 13485/21CFR820. Then you make sure they do that as part of your supplier controls. In other words, you outsource the processes AND any need to validate those processes.
Comments?
------------------------------
Regards,
Mark Swanson, ASQ CBA, CMQ/OE, CQE ASQ, MBA
Becker MN
United States
Original Message:
Sent: 22-Jan-2021 07:55
From: Anonymous Member
Subject: ISO 13485 QMS Processes
This message was posted by a user wishing to remain anonymous
Hi,
We currently are a manufacturer of Class II devices, which we manufacture through contract manufacturing. My question is, as it relates to "Process Validation", would our QMS include this as a procedure? Or would we rely on the controls we have with the contract manufacture (e.g. supplier controls etc.) to control this function. Please advise as I am not 100% clear on "Process Validation"