December 26, 2019
Excerpts from warning letter of interest to software professionals:
“The inspection also revealed that your … LED light therapy devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage, or installation are not in conformity with the current good manufacturing practice requirements of the Quality System regulation found at 21 CFR Part 820.”
2. Procedures for design control have not been established and maintained per the requirements of 21 CFR 820.30, to include a complete risk analysis.
“During our inspection, the Design Control Procedure, … and the Design Change Control Procedure, … were provided. These draft procedures were dated the day our inspection began and had not been reviewed or approved as required by your Document and Data Control Procedure, … . The Design Control Procedure states that devices developed before the Procedure became effective may follow a retrospective approach for documenting design; however, the documents provided did not document any such retrospective approach.
In general, many design documents reviewed during the inspection were not approved, were not complete, and did not follow an established procedure. For example, a Design Plan, … was provided, but it is undated and has no signatures demonstrating the document is approved as required by your Document and Data Control Procedure. In addition, two design checklists were provided dated … . The checklists refer to a “Product Brief” that could not be provided upon request. The checklists were not signed and did not demonstrate approval (i.e., all places for “sign off” were left blank). Design reviews, verification and validation, and design changes should follow an approved procedure and be governed by document controls that demonstrate appropriate review, approval, and control.”
Now for the software stuff:
“The Software Validation Procedure, was dated xxx, (issued the day before our preannounced inspection began) was also provided during the inspection. All documents related to software validation should be aligned per the requirements of your design procedures and this Software Validation Procedure. We recommend that you review your procedures against 21 CFR 820.30 to ensure all requirements are met because the software validation documents provided during the inspection do not appear to have been governed by a procedure at the time of performance. In addition, the Software Validation Report dated x/x/xxxx references a (b)(4) minute default setting for the run time of “The Vevazz” yet the treatment time is listed in the “Vevazz” User Manual as 7 minutes. The test plan referred to within this report was requested, but could not be provided. Per the two different treatment times indicated in clearances, the device and related software should be validated to demonstrate consistent performance for either treatment time based on the indication(s) for use.
Your firm’s Software Validation and Risk Mitigation Procedures reference risk assessment. The Software Level of Concern document provided to address risk analysis lists mitigations to defined risks such as visual inspection, however no documentation of visual inspection or other mitigating steps could be provided during the inspection. Without adequate records documenting performance of risk mitigation steps, there is no assurance that the risks identified with the device have been adequately controlled/mitigated to reduce the hazards to the user as required per your Hazard Analysis document, rev 0, no release date.
Your response indicates you will implement the “design control procedures” by x/x/xxxx, and compile the Design History File (DHF) by x/x/xxxx. We cannot evaluate the adequacy of your firm’s response and proposed actions at this time as you have not provided objective evidence of corrections.
See the complete Warning Letter at this link: https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/vevazz-llc-592118-12262019