Q: It’s my understanding that during an FDA audit of a pharmaceutical company, the Agency can request to see CAPA data from internal audits — but if you’re a medical device company, it can’t. Is that correct?
Also, can the FDA request to see the minutes and presentations from our quality system management reviews?
A: FDA’s regulations, guidance, programs, policies and enforcement indeed are different for medical devices than they are for pharmaceuticals.
But in answer to your first question, FDA’s Center for Devices and Radiological Health (CDRH) believes it can ask to review all CAPA data, regardless of the source.
[pullquote align=”right” cite=”” link=”” color=”” class=”” size=””]Inspectors are more likely to review your overall CAPA system and the corrective and preventive actions you’ve taken.[/pullquote]
Still, its inspectors aren’t likely to review your specific CAPA data. They are more likely to review your overall CAPA system and the corrective and preventive actions you’ve taken under your CAPA system. Originally the concept of not asking for internal audit results was a “suggestion” to investigators, but over the years the concept of not specifically seeking the source of CAPA data resulting from internal audits has now been written into device guidance and compliance programs.
In contrast, the Center for Drug Evaluation and Research (CDER) has not updated its guidance in the same way, but investigators rarely look for internal audit CAPA data during pharmaceutical investigations. Every few years, the issue is debated inside and outside the Agency. In the big picture, it probably makes little difference either way. A good quality system should be focused mostly on preventive actions, and your CAPA process should be used to continually improve your quality system.
FDA actually likes and expects to see a robust CAPA system — one that works hard to identify and address problems. For insights into each Center’s approach to investigations, I’d suggest you check the specific Compliance Program Guidance Manuals (CPGM) FDA makes available online.
Regarding your second question: By policy, CDRH has extended some of its thinking to management reviews of internal audit findings. While many FDA investigators won’t seek the minutes and presentations from management reviews, the only real exclusion for medical devices is for the internal audit-related data itself. The rest of your CAPA data is the product of a working quality system, and although it might seem to be “excludable” from review, it is very discoverable by FDA in other ways. Most companies find disclosing such data is a good way to prove their quality system works.
Answered by Martin Browning, EduQuest President and Co-Founder (22 years as an FDA investigator and the co-author of the original Part 11 rules when he served as the Special Assistant to FDA’s Associate Commissioner for Regulatory Affairs). Martin also is the developer and chairman of EduQuest’s FDA Auditing of Computerized Systems and Part 11/Annex 11 training class.