Understanding compliance regulations in the life science sector

The career path for professionals working with quality assurance in North America can take many roads. Quality Assurance Director, Chief Compliance Officer, Quality Manager, or any other variation of job title, it is not uncommon for quality professionals to move from one sector to another. Who hasn’t changed jobs over the years? However, there is a common baseline for the profession regardless of the industry. It’s their job to ensure that products are safe to use, operate properly and to develop operating procedures and policies to maintain quality standards to meet compliance regulations. For someone transitioning from, for example, the food industry into life sciences, you will recognize many of the FDA (Food and Drug Administration) regulations. Still, there are some differences to be aware of.

What should quality professionals from another sector know about regulations in the life science sector?

The main difference is the amount and the level of detail of the regulations. Life science companies undergo rigorous scrutiny because their products can have a life or death impact on the user. The more potentially dangerous the product, the more FDA regulations there are to follow, and naturally, the more audits there will be. The FDA guidelines are outlined in the Code of Federal Regulations (CFR) Title 21. Dedicated parts of Title 21, such as Part 11, refer to electronic records and electronic signatures, and Part 820 outlines current good manufacturing practices (CGMP) for medical device manufacturers in North America.

21 CFR Part 11 Electronic records and electronic signatures

Besides quality professionals, the IT department will be particularly interested in Part 11. It basically says that you should be able to identify who enters data, the use and allocation of electronic signatures, and the security of the documents. Life science companies must ensure that the documents in use are the latest released copies and that there is a clear audit trail – who changed it, when they changed it, why, and what they changed from. Auditors will look at validation, the audit trail, copies of records, and record retention.

21 CFR Part 11 includes validation, time stamps, maintenance of electronic records, and electronic copies. Limiting system access to authorized individuals, use of operational systems, and authority and device checks are essential. Determining that the people who develop, maintain, or use the electronic systems have the proper education, training, experience, and clearances to perform their assigned tasks is required. Establishing accountability and policies for people using electronic signatures and controls over system documentation is essential.


Download our free guide - Life Sciences eQMS: Managing the top 5 demands

21 CFR Part 820 Good Manufacturing Practices

21 CFR Part 820 provides guidance for current good manufacturing practices (CGMP), particularly for medical devices companies. You have to document all processes related to the products in your quality management system (QMS). This includes the methods used in the facilities and controls for the design, manufacturing, packaging, labeling, storage, installation, and servicing of all finished devices intended for human use.

For life science companies, validating quality processes will probably be the single most significant expense in terms of systems and processes. If a given process could result in serious risk, validation will be more extensive, or if there is little risk, it requires less validation. Depending on the risk level, validation consultants will help test and validate that your QMS is in order to prepare for audits.

What’s needed to pass a regulatory audit in North America?

First of all, you should be prepared. Inspectors aren’t required to give notice of their arrival ahead of time, but if they don’t, they still need to make their presence known when they arrive. Therefore, it requires a lot of prep time and resources before the inspection, during the inspection to host the inspector onsite (which might take up to a week), and the post-audit work depending on the findings.

When the FDA conducts an inspection, the inspectors will look for a number of specific components within your QMS. A few examples include:

  • A quality policy: You’ll need to show that you’ve established a quality policy that applies to each onsite operation.
  • Internal audits: Inspectors will want to see that not only are you auditing internally but that you’ve put a standard procedure for doing so in place.
  • A quality plan:Inspectors will want to see you’ve established a list of goals for ensuring quality moving forward.
  • Corrective Action And Preventative Action (CAPA) procedures: Inspectors will want to see you’re making an effort to investigate and correct quality issues to prevent a recurrence.
  • Risk analysis: Inspectors will want to see that you’ve put any and all appropriate risk monitoring systems in place and routinely assess relevant risks within your operations.
  • Training procedures
  • Manufacturing processes validation reports
  • Product and process performance reviews: In addition to other internal audits, inspectors will want to see that you’re routinely reviewing the performance of your products as well as the processes that go into producing them

Triggers and consequences of an audit

The more risk associated with your product, the more likely an audit will occur and the more frequent the audits. Audits are triggered by “it’s time to audit this company” or a customer complaint. A simple audit scenario can be that you are asked to find the latest document for a process. However, sometimes it can be more problematic than you think. For example, if you don’t have the standard operating procedure (SOP) in an electronic system, the paper version might not have been kept up to date. And the audit would have a negative outcome. As a result, audit findings will be classified into major or minor and will need to be rectified and followed up.

Consequently, you now have to prove to the FDA that you have a procedure to prevent that from happening again. One way to avoid this mistake is to ensure everyone knows where to find the latest standard operating procedure (SOP). The SOP has to accurately describe and document that you are doing what you said you would do. For instance, auditors will ask a machine operator to find the latest SOP or material safety datasheet. The operator needs to know where it is and how to do it. Each audit has a different purpose, and the auditor could be looking for specific things.

An audit can also result in an FDA warning letter. If a company has received a warning letter, it would likely be a higher priority to audit again. To issue a ”Warning Letter Close-out,” the FDA will conduct an audit to ensure that the corrective actions have been made by the company and verified by the FDA.

An audit can also be triggered by an MDR or eMDR (electronic medical device reporting). The company reports the MDR to the FDA as a “medical device adverse event.”


free guide life sciences eQMS


Some basic advice

If you are a quality professional transitioning from another industry to the life sciences, one of the first things you should do is make sure that the requirements for quality, CGMP, and regulatory compliance are aligned and support each other.

Secondly, talk to your Lab colleagues and the people making the product. They will be able to steer you to where the issues are and about inspections on the production line. It’s common sense.

It might seem overwhelming, but modern and powerful tools such as the QMS help quality professionals. Learn more about how the CANEA ONE business system can help you.