Warning Letter – Missing software validation and procedures at endoscopic instrument manufacturer

During an inspection of your firm located in Tuttlingen, Germany, on January 25, 2012, through January 27, 2012, an investigator from the United States Food and Drug Administration (FDA) determined that your firm manufactures non-powered endoscopic grasping/cutting instruments. Under section 201(h) of the Federal Food, Drug, and Cosmetic Act (the Act), 21 U.S.C. § 321(h), these products are devices because they are intended for use in the diagnosis of disease or other conditions or in the cure, mitigation, treatment, or prevention of disease, or to affect the structure or function of the body.

This inspection revealed that these devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage, or installation are not in conformity with the current good manufacturing practice requirements of the Quality System regulation found at Title 21, Code of Federal Regulations (CFR), Part 820.
We received responses from you dated February 7, 2012 and February 24, 2012,concerning our investigator’s observations noted on the Form FDA 483 (FDA 483), List of Inspectional Observations, which was issued to your firm. We address these responses below, in relation to each of the noted violations. These violations include, but are not limited to, the following:
7. Failure to validate computer software for its intended use according to an established protocol, when computers or automated data processing systems are used as part of production or a quality system, according to established procedure, as required by 21 CFR 820.70(i). For example, there are no procedures that describe the qualification and maintenance of the Majesty Enterprise Resource Planning (ERP) software for production planning and maintenance of quality records. There are no software verification and validation requirements defined in your firm’s procedures, and there are no records documenting that the Majesty system is validated or meets user needs and intended uses. The Majesty ERP software was updated to version 28.6 on approximately December 21, 2011, by the vendor; however, the review and approval of the software verification report was not approved until January 26, 2012. There are no procedures or documents that describe changes and version updates to the Majesty ERP system. There are no records that document the installation and first use date of version 28.2 in May 2011. There are no documents that define the system’s features and functions, operating environment, or hardware requirements.
Your firm’s responses dated February 07, 2012, and February 24, 2012, are not adequate. Your firm does not state if there are other software programs in use or if your firm plans to verify and validate other software programs. Your firm has promised to develop a new software verification and validation procedure and validate Majesty ERP software for its intended uses by April 13, 2012.
8. Failure to adequately ensure that, when the results of a process cannot be fully verified by subsequent inspection and test, the process is validated with a high degree of assurance and approved according to established procedure, as required by 21 CFR 820.75(a). For example, a review of your firm’s Quality Manual and other procedures disclosed that there were no references or procedures addressing equipment qualification and validation requirements. When the investigator asked your firm for an explanation, your firm confirmed that it does not have these requirements in its Quality Manual procedure or perform equipment qualification or validation of its in-house equipment or processes.This observation was not cited on the FDA Form 483. During the inspection, the investigator discussed this observation with your firm and your firm promised to correct it. (b)(4) . Your firm’s responses dated February 07, 2012, and February 24, 2012, did not address the creation of a new procedure or the status of the two process qualifications.
9. Failure to establish and maintain adequate procedures to ensure that all purchased or otherwise received product and services conform to specified requirements, as required by 21 CFR 820.50. For example:
a) The procedure, “ (b)(4) (rev 1;20.01.12),” which addresses vendor selection qualification and requalification of suppliers, has not been not implemented.  There is no documentation that (b)(4) , the supplier of Majesty software, was qualified or re‑qualified as a supplier. Your firm has been purchasing software from this vendor since 1996.
b) The requirements to requalify vendors in the purchasing procedure, “ (b)(4) (rev 1;20.01.12),” are based on the percentage of products received by your firm from the vendor. The (b)(4) threshold required by your firm to re-qualify vendors is not based on the vendor’s ability to meet specified requirements, including quality requirements. In addition, the criticality of the purchased product or service is not evaluated for determining the needs to requalify suppliers.
Your firm’s responses dated February 07, 2012, and February 24, 2012, are not adequate. Your firm’s responses do not specifically address the deficiency cited and do not provide copies of revised procedures. Your firm has promised to revise its procedure and to develop a new procedure for supplier re-validation by April 13, 2012. Your firm also plans to re-evaluate suppliers upon completion of its new procedure. In the interim, your firm plans to review records to ensure that all suppliers of products and services have been captured in the system.

Upcoming Training

62304, FDA, and Emerging Standards for Medical Device and HealthIT
Planned Instructors:  Brian Pate, John F. Murray, Jr
Location: Sunnyvale, CA, USA
Dates:  February 4-6, 2020

QSS Software Validation
Planned Instructors:  Brian Pate, John F. Murray, Jr
Location: Boston, MA, USA
Dates:  June 4-6, 2020

To pre-register and get info on deep discounts or if you have questions, email training@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.