|
 |
 |
What You Need to Know About Contract Manufacturing
An FDA Veteran Describes What You Need to Know Before Working
With a New Outsourcing Partner
Alan Schwartz
Contributing Writer
The medical device industry is a very dynamic one, with new
companies being set up constantly—bringing either new, unique
devices or better designed me-too products to market on a regular
basis.
Most of these companies are set up by entrepreneurs whose strength
lays in the concept and design of the product, not manufacturing
expertise. Setting up a manufacturing plant typically does not make
sense to a new company with one or two products, and many require
specialized equipment or machinery. Medical devices requiring
software, molding or complex milling operations could require 10s or
100s of thousands of dollars in OEM investment to set up a
manufacturing operation.
Overall, it usually does not make good business sense to use
valuable resources that should be allocated for research and
development and marketing to set up a manufacturing facility,
especially since today’s medical device climate offers no shortage
of highly qualified contract manufacturers willing to provide their
expertise to manufacture products.
Many new companies are often confounded by the responsibilities they
have in assuring that their medical devices and operations are
compliant with FDA regulations and standards. In addition, many
don’t realize that handing over manufacturing operations to another
company doesn’t let the OEM off the hook for assuring FDA compliance
in the manufacturing process.
The Road to Compliance
In FDA regulatory lingo, the smaller OEM handing off manufacturing
duties is often referred to as a Specifications Developer. The
specifications (spec) developer is usually the person (or company)
that comes up with the specifications for the medical device and
will want to market the device. Basically, the spec developer is
responsible for assuring that the company is in FDA compliance when
obtaining FDA 510(k) clearance or PMA (pre-market application)
approval prior to marketing the device. (Note: In some cases, the
device maybe exempt from the 510[k] or PMA process; these are
usually fall in the area of a Class I device.)
The spec developer must register with the FDA, and once the product
has obtained FDA clearance/approval, the device must be listed with
the FDA. These tasks are most often performed by a spec developer’s
regulatory specialist or consultant.
If the OEM is handing off manufacturing to an outsourcing service
provider, many new smaller companies wonder, is the spec developer
required to assure that the device is manufactured under QSR/cGMP
(quality system regulations/current good manufacturing
practices)—even when the OEM company is not actually doing any of
the manufacturing?
If a spec developer takes the approach that it does not have any
responsibility for the manufacturing quality, the OEM is being
incredibly shortsighted. The assumption would be that the contract
manufacturer is responsible for ensuring full FDA compliance for the
manufacturing operations and that the finished device meets the
device’s required specifications.
Unfortunately, the FDA is not making this same assumption. In
reality, the FDA expects that the spec developer will make sure the
contract manufacturer is QSR/cGMP compliant.
In the past, the FDA required a contract service provider that
manufactures a finished medical device to register with the FDA as a
contract manufacturer. Once registered with the FDA, the agency
would then have the contract manufacturer in its database and
periodically schedule the firm for compliance audits. These audits
used to be conducted for all registered medical device
manufacturers—including contract manufacturers—once very two years.
Now, however, the FDA sets up its auditing schedule by using a
risk-based auditing schedule, which relies more on the potential
risk of a device. Surveillance audits can run between once every two
years to once every five years at present.
The contract manufacturer’s customers (ie, spec developers) are not
informed by the FDA when the agency has audited the company unless a
major problem with compliance is found. In such a case, the FDA
would notify the spec developer regarding the situation.
The spec developer is also open to an FDA audit. The FDA typically
audits the QSR sections with which the spec developer would be
expected to comply. These sections include (but are not be limited
to) design control, change control, device master record and, if the
spec developer was also the distributing the device, complaint
handling, medical device reporting procedures and corrections and
removal procedures. If the spec developer would also be installing
the devices and handling the service and repairs, then the FDA would
also evaluate additional procedures that the agency would expect the
company to have established and implemented.
The FDA would also want to determine if the spec developer had
conducted its own audit of the contract manufacturer. Please be
aware that the results of the audit should remain confidential and
do not have to be shown to the FDA, per QSR regulations
21CFR820.180(c).
Note: This section of 21CFR820 does not apply to the reports
required by 820.22 quality audits, or supplier audit reports used to
meet the requirements of 820.50(a) (“Evaluation of Suppliers,
Contractors, and Consultants”), but it does apply to procedures
established under these provisions. Under the request of a
designated employee of the FDA, an employee in management with
executive responsibility must certify in writing that the management
reviews and quality audits required under this part, and supplier
audits (where applicable), have been performed and documented, the
dates on which they were performed and also any required corrective
action that was taken.
Determining Each Party’s Role in Compliance
The FDA has recently changed its policy on contract manufacturers.
The FDA is now only requiring contract manufacturers that
manufacture the finished medical device and also distribute the
device for the spec developer to be registered with the FDA. In
other words, if you are a contract manufacturer that makes a
finished medical device and you ship it back to the spec developer
for distribution, the FDA no longer expects you to register with the
FDA as a contract manufacturer. (Visit http://www.fda.gov/cdrh/registration/
whomust.html#2 to learn more about which domestic contract
manufacturers must register with the FDA.)
With this change in registration requirements, the FDA is now
putting more accountability on the spec developer to assure that its
contract manufacturer is in compliance with QSR/cGMP regulations.
Basically, the agency is expecting that the OEM will view the
contract manufacturer as an extension of its own operations. The
spec developer is expected to audit the contract manufacturer, and
if QSR compliance problems arise, they will be addressed by the
contract manufacturer and brought into compliance.
The spec developer has a lot more to lose in assuming that the
contract manufacturer is in FDA compliance. For example, if a
problem with a device develops that may cause an injury to the
patient or user, and the spec developer had not conducted its own
audit of the contract manufacturer’s facility, it would appear to
the FDA (and others) that the OEM’s due diligence was minimal or not
existing, thereby greatly increasing the OEM’s liability exposure.
In a recent inspection of one OEM by the FDA, the agency learned the
name and location of the OEM’s contract manufacturer and
additionally found out that the spec developer had visited its
outsourcing partner during initial negotiations but—not familiar
with FDA regulatory requirements—had not conducted an audit as part
of the due diligence process. This contract manufacturer was ISO
certified and was already supplying finished medical devices to
other companies. However, the FDA had never audited this contract
manufacturer—in fact, the contract manufacturer was not registered
with the FDA.
The FDA decided to audit this contract manufacturer for QSR
compliance. The audit resulted in the company receiving a very
extensive 483 (the list of observations that the investigator finds
during the inspection that are in violation with the QSR
regulations). This 483 resulted in the company being issued a
Warning Letter.
One lesson gleamed from this experience is that just because a
company is ISO certified, there is no guarantee that it would be
able to pass an FDA inspection. Though the FDA’s QSR and the
ISO:13485 or ISO:9000/2003 are similar in wording, the ways in which
the FDA and ISO conduct their audits are entirely different— often
resulting in incredibly different outcomes.
It may not be so unusual—especially for a company’s first FDA
audit—to receive a warning letter. What was more unusual in this
case, however, was that the FDA also issued the spec developer a
warning letter because its contract manufacturer was operating in
violation of the QSR regulations, and the agency noted the OEM
should have audited the supplier and asked for corrective actions.
This is the newest FDA policy. The agency now requires the spec
developer to take responsibility for the compliance of its contract
manufacturer. If the contract manufacturer is not in compliance and
is not working to achieve the necessary compliance, the spec
developer would be expected to find another source that is in
compliance. If a spec developer continued to use a contract
manufacturer that was not in compliance, the company would more or
less be accepting this with the understanding that the devices being
distributed were, in fact, adulterated.
If a medical device is manufactured while a company is not in QSR/cGMP
compliance, the device would be considered adulterated even if it
met all the required specifications. The fact that a company was
manufacturing a device while it did not have a compliant quality
system makes the devices being manufactured designated as
adulterated, according to the FDA regulations.
Optimal Manufacturing Agreements
Specification developers looking for a contract manufacturer should
be aware of this change in the FDA policy. The spec developer must
increase its due diligence on how a contract manufacturer is
selected. Under the most recent regulations, a contract
manufacturer’s FDA compliance problem will now become a problem for
its customers—the spec developers. Therefore, a spec developer can
no longer take things for granted and assume it will be immune from
the regulatory compliance problems of its contractor.
Depending on the spec developer’s level of experience in dealing
with FDA issues (a full understanding of what would be necessary to
ensure full FDA compliance), the OEM should stipulate the following
areas of concern in a supplier agreement with the contract
manufacturer:
1. The contract manufacturer should be registered with the FDA.
(Note: In 2005, the FDA changed its rules regarding which types of
contract manufacturers must be registered. Visit www.fda.gov for
more information.)
2. A comprehensive quality system that is compliant with QSR/cGMPs
is documented, and if there are intentions to sell to the European
Union and Canada, the company is certified to the ISO:13485 and
Canadian standards.
3. The contract manufacturer will notify the OEM of any past FDA
regulatory actions, FDA 483 observations or Warning Letters that
were issued, in addition to any pending or ongoing FDA
investigations.
4. The OEM will be notified in writing if there are any changes
in any of the device raw materials or specifications, prior to
making these changes.
5. If a potential problem is found concerning the manufacturing
process that may have affected the finished medical device(s), the
OEM will be notified immediately.
6. The contract manufacturer ensures that it has an enforced
insurance policy.
7. As part of its quality system compliance, the contract
manufacturer must make sure that all automated processes have been
validated.
8. The software in the operating systems of manufacturing
equipment has been validated.
9. The OEM is allowed to audit the operations for QSR compliance.
10. The OEM is allowed to watch the manufacturing operations of
its devices with unannounced visits.
Ensuring compliance up front will lead to fewer problems down the
road for both parties.
Alan P. Schwartz, executive vice president of mdi Consultants, Inc. in
Great Neck, NY, has been providing strategic planning on FDA
regulatory compliance issues since 1978. Prior to mdi, he was a
supervisor of field operations for the US FDA. He has been an
invited speaker on FDA policy and issues both in the United States
and internationally, is an Internationally Certified Lead Assessor
for ISO:9000 and ISO:13485 and is on the editorial advisory board of
the Institute of Validation Technology. He can be reached at (516)
482-9001 or alan@mdiconsultants.com.
2006 by: Rodman Publications Online:
Reprinted with permission of the Publisher
Rodman Publications Online:
|
 |
