INSIGHT REPORT #8    

 August 1998  

wpeA1.jpg (787 bytes) mdi Consultants’

INSIGHT REPORT


I

N

S

I

G

H

T

 wpeA0.jpg (698 bytes)

Auditing - ISO vs. GMP

Which is a better audit?

There is a lot of controversy concerning the difference between the way the FDA conducts their inspections for GMP compliance and the manner in which the ISO certification audits are conducted. Having the privilege of being involved in both types of audits on a frequent basis I feel that the there are lessons to be learned from each.

First of all, we should all recognize that the FDA’s mission and the ISO certification process serve two completely different purposes. The FDA is mandated to protect the American public from receiving and using medical devices, drug or foods that are not is specifications or otherwise adulterated. Thus, the FDA audit is conducted in such a way to be able to document that the company has the controls in place to be able to design, manufacture and ship a product that meets specification.

On the other hand, the ISO certification audit is used to assure that a quality system is in place and implemented. This would then be used to assure the company’s customer that they could provide them satisfaction that what order (specifications) would be met and if not there would be a way to deal with that problem.

If you read each of the above paragraphs you will see that in each case to describe the auditing use completely different. In describing the FDA audit, no where did I state "customer" or "satisfaction." When discussing the ISO certification audit no where was it discussed about a product being adulterated and though I did mention product specifications it was only in regards to meeting the customer’s specifications.

So where does this leave us. Which audit is better, an FDA audit or the ISO certification audit? Well, after almost 30 years experience of setting up quality systems and performing quality audits, both audits have their benefits and pitfalls.

You have to remember that ISO certification audits are used to certify all types of companies from dental practices to the manufacturers of airplanes. Because of this the ISO audits are very general and a look at the whole system and not really concerned with the product integrity. For the medical industry the ISO audits is supposed to include EN46001 requirements which provide guidance on how to apply certain sections of the ISO standard to their certification audits. This has provided more product safety credibility to their audit.

Though, the FDA GMP has been prepared as a whole to protect the American public and assure that products meet their specifications, lately the audits have been mainly targeting specific sections of the GMP keying certain areas involved in product design and safety. There have only been very few audits that would include all aspects of the GMP. The FDA investigator would only cover all aspects of the GMP when a problem is found at a company and complete documentation is necessary to build a case against a company.

Also, remember each company pays for the ISO audit, while the American taxpayer pays for the FDA audits, which includes even the inspections of foreign companies.

So when evaluating the audit process and determining as to which audit is better, overall the ISO audit is probably a better audit especially when evaluating the quality system. But, when determining how a company is addressing the product design requirements and assuring that only products that meet specifications are being sold, the FDA audit is without a doubt the better audit.

This could present a dilemma especially concerning the harmonization between the FDA and the EU. As part of this program, the FDA is supposed to allow third party audits of medical device manufactures in the EU. As was explained, with the difference in the audit structures presents a real problem for the FDA Commissioner in allowing this third party audits.

So be aware, even if your company has had the good fortune to pass an FDA inspection and found to be in compliance, there is very good chance that you might not pass an ISO audit. Conversely, if you successfully achieve ISO certification, there is as good a chance that the you will fail an FDA audit.

You could avoid this inconsistency by understanding both requirements, how they are to implemented and most importantly how they will be audited.

Next month’s INSIGHT REPORT
"IVDD – the next EU Hurdle"

 

If you have any comments on these INSIGHTS we hope that you let us hear them. If you have any of your own INSIGHTS that you feel would be of value to other companies, we would be pleased to hear from you and to discuss them with you and if you allow, we would even put them up on this site for others to learn from.
e-mail INSIGHT
Copyright 1998 mdi Consultants, Inc.

 

Close this window