Sunquest Information Systems 3/3/97 Blood Bank Software manufacturer
1. Failure to implement and verify solutions to quality assurance problems [21 CFR 820.20(a)(3)]. For example, our investigation disclosed that representatives of your quality assurance program made recommendations to correct software defects which were not been implemented in a timely manner. Specifically, our investigation determined that some quality assurance recommendations suggesting corrections to your computer software are upwards to two years old and have not been implemented. Our investigation also disclosed that two of the complaints leading to your quality assurance recommendations resulted in your firm issuing “Product Safety Notices” to your customers regarding possible software problems. Our investigation also disclosed that your firm has not been conducting risk assessments of complaints in a timely manner as directed by your written procedures.
2. Failure to investigate the failure of a device to meet any of its performance specifications after the device has been released for distribution and to make a written record of the investigation including conclusions and follow-up [21 CFR 820.162]. For example, our investigation disclosed that no investigation was conducted to ascertain why your validation test plan for a software upgrade passed your in house testing but failed at a user site.