Regulatory Open Forum

 View Only

  • 1.  ERP system Regulatory requirements

    This message was posted by a user wishing to remain anonymous
    Posted 18-Oct-2023 09:05
    This message was posted by a user wishing to remain anonymous

    Hi RAPS community 

    Our organisation is looking to implement an ERP system. Would anyone be able to point me out to the guidelines to assess regulatory requirements?

    Does anyone have some experiences to share? Things to consider, areas of risk, etc.

    Thanks 

    Anon



  • 2.  RE: ERP system Regulatory requirements

    Posted 19-Oct-2023 03:52

    Hello Anon,

    There are no specific requirements or guidelines on implementing an ERP system in a medical device company.  However, the ERP system just like any other electronic system needs to be assessed, qualified, verified, and/or validated as an electronic management system.  This is required under ISO 13485 Section 4.1.6 and has been "expected" by US FDA 21 CFR 820 for a while - though the FDA requirements focused more on validation of computer systems in manufacturing.  It does not mean a full validation is required of an ERP system, though there needs to be an assessment to determine what needs are there, a risk-based approach, and whether this is under the control of the company or not.  It is probably too much to share in a forum post as there are many things which orbit around computer system validation requirements and how an ERP system fits into quality system requirements; might want to seek some expert advice.



    ------------------------------
    Richard Vincins ASQ-CQA, MTOPRA, RAC
    Vice President Global Regulatory Affairs
    ------------------------------

    Original Message


  • 3.  RE: ERP system Regulatory requirements

    This message was posted by a user wishing to remain anonymous
    Posted 19-Oct-2023 15:16
    This message was posted by a user wishing to remain anonymous

    Agree with Richard that this can be a complex topic.  However, some specific areas of risk that are relatively common with ERP systems, depending on what functionality you are implementing:

    • traceability (if your ERP system is responsible for assigning lot/serial numbers you need to ensure these are correctly assigned, not repeating, properly stored, retrievable, etc)

    • component supply chain/purchasing/supplier controls (if your ERP system generates purchase orders, you need to ensure the POs contain all of the correct information, cannot order obsoleted component revs, order from the approved suppliers, etc)

    As Richard noted, any QMS functionality that your ERP system takes over which otherwise would have had manual/paper controls needs to be risk assessed, and verified/validated as appropriate to the risk and downstream controls.

    I've seen ERP systems that are implemented for "convenience", but all processes are subject to downstream controls (QC inspections, manual signatures, etc).  This is obviously less risky than an ERP system that assumes control of a key QMS function and the controls are built into the ERP via electronic means.  


    Original Message


Related Content