Guest article by Quality Specialist Daniel Little
In our first guest blog series, our quality specialist, Daniel Little, discussed the importance of quality management systems and the regulatory landscape for the medtech industry. In this article, he will be sharing his personal experience and insights, as well as tips on how to leverage your QMS and Fearsome's partnership with Greenlight Guru.
I worked for a while in academic research (molecular cell biology and translational neuroscience), which can be a bit of a wild-west in terms of formal quality management systems. This isn’t to say good quality work doesn’t happen in the field of academic research but it relies a lot on people figuring out for themselves how best to organise their documents and records and how to minimise errors and correct issues. Which, as I’ve mentioned already, can lead to a lot of inefficiencies through repeated work, and increased on-boarding time. Obviously some people might come up with better ways of working and organising their work and solving problems than others, but some of these learnings may be lost without them being formally documented. Of course people pass certain techniques down to new researchers they teach and some lab groups have a more holistic approach to organisation than others but there is a lot less control than in a formal QMS. Traceability is just as important in academic research as it is in the medical device field: you need to be able to check what you did months or years ago when writing a paper, find old data and understand where it came from, and pass protocols onto colleagues. This experience has helped me see the benefit of good organisation and control discussed above. The experience of trying to organise my own documents and records and reduce errors in my own research (sometimes not very well), has also been very helpful when establishing formal quality management processes when I moved into the world of quality.
Working In Quality Management Has Taught Me A Few Things Too:
It is important to change things when they aren’t working, but don’t try to change everything at once, or you risk nothing working and nothing being complied with. And don’t change a process just because people aren’t complying with it, of course try to understand why they aren’t complying, and do something about it, but don’t give the impression that people can get away with not doing something.
Similarly, building an aeroplane in flight is difficult, which shouldn’t be surprising, but it is common practice in start-ups and small companies. Building processes for things that don’t quite exist is difficult, and ISO standards are often written in a way that expects everything is already up and running. But on the other hand, getting processes in place early can be really valuable, then you don’t have to change people’s way of working or implement a quality culture further down the line (or once the plane is flying well).
Perfect is the enemy of good is a phrase I often think about when trying to implement a new quality management process. You can have endless meetings and endless drafts of a process trying to get it to work perfectly before putting it into use. But in reality you’ll never know how well it works until you start using it. And it is better to have an imperfect process in place and being used, than an almost-perfect process that is never used.
A lot of important decisions need to be made in Quality Management, including deciding whether something is a serious issue and how much effort should be put in fixing the issue.
Since I am a scientist by training, I am a big fan of data-driven decision making; collecting and regularly reviewing data on the functioning of processes (QMS and otherwise) can be really valuable. By looking at trends you can identify potential issues before they cause a big problem and take actions to correct the issue. Through data you can also see the effects of process improvements and identify what changes really worked, which can inform future process improvements. Data is also great for presenting clear information to senior management. However, it can be difficult and time-consuming to source data from various different places, and it can often be inaccurate or incomplete which can lead to incorrect conclusions being drawn. Ideally the data you rely on should be collected and presented in a way that allows it to be reviewed in real-time, if it is truly important. Regularly reviewing whether the data you collect and review is informative allows you to stop spending time on data that isn’t useful and focus on the useful data, or identify other metrics to monitor. Discussing the data with the people closely involved in the work can be useful to identify inaccuracies that may have arisen through how the data is collected or how the process is measured.
Here at Fearsome we are also big fans of using a risk-based approach to decision making. It is good that we are fans of this way of thinking because it is a requirement of ISO 13485:2016 to “apply a risk based approach to the control of appropriate processes needed for the quality management system”. This doesn’t necessarily mean doing big complex risk assessments all the time but consider how much the topic at hand might impact the safety or performance of a device, or the functioning of the quality management system or the wider business. The effort involved should then be proportionate to this risk. In reality this means low-risk processes don’t need to be over burdensome and might not need so much control or documentation. This frees up time to ensure there is plenty of control and documentation for high-risk processes. One practical way we do this at Fearsome is to grade nonconformances in terms of severity and frequency of the issue. This is used to determine whether a CAPA is required; high severity and/or frequency means effort should be spent on determining the root cause and performing corrective action to address the root cause. If the issue is of low severity and/or has occurred infrequently the issue can be quickly corrected without going through the CAPA process. This level of structure isn’t always necessary, it is often sufficient to simply bear in mind risk when making decisions, although documenting your thought process is always good practice.
I was recently involved in a successful surveillance audit for our 13485 certification at Fearsome. It was a great experience for me personally and a great opportunity to talk about quality all day. It is always good to know and understand your thought processes and decision making reasons for these situations. I presented the risk based methodology in our CAPA procedure which the auditor seemed happy with. One of the first things auditors look at is the quality manual. I was a bit nervous about this as I had recently trimmed it down from about 25 pages to 5 pages but the auditor was satisfied that it still met the requirements of ISO 13485:2016 (which are actually quite short). It was also much easier to read and in my opinion more useful as an introduction to our quality management system in its reduced form. And importantly there was less risk of the information within it deviating from what was written in procedures as it no longer summarised the contents of procedures. Having an electronic quality management system was a great help at this audit as we could quickly and easily navigate through different documents and records with everyone involved looking at the same page at once.
Top Tips and Insights About Quality Assurance:
Documentation- if it is not documented it didn't happen. This is a bit of a cliché but for good reason, documentation really is a cornerstone of quality assurance. Procedures, forms, and work instructions ensure everyone knows what to do. Forms ensure the necessary data is captured in an appropriate format, thus creating records which need to be stored appropriately so they can be found and referred to when needed. This is key to figuring out what happened when something has gone wrong. There is nothing more annoying when something goes wrong, and you want to check the details of how the process was performed, and you can’t find the relevant record. And it always seems to be the specific record you need that is missing. Key to document and record management is good, clear, organisation (not to mention control). If documents and records are organised in such a way that no-one can find what they are looking for, or even worse, if no-one knows what documents exist, the documents and records quickly become useless. Or if it takes a long time to find the document you need because there are a lot of similar looking documents. And of course, changes to these documents and records need to be strictly controlled. I've seen the impact of someone innocently changing a document without consulting other stakeholders and thus without realising, and mitigating, the impact of this change.
Traceability- a close relative to documentation and record management is traceability. By traceability I mean being able to track interrelated processes and events through records. A simple example of this would be identifying that a Change Order that was raised as a result of a CAPA. More complex examples would be the tracing of a specific lot of components used in the manufacture of devices, or tracing the impact of a design change to other components and related risks as well as related verification and validation activities.
Planning- another cornerstone of good quality management is planning. This is why it is the first part of the Plan-Do-Check-Act cycle - the foundation of all quality management systems. Without taking the time to plan any enterprise, you can’t fully understand what needs to be done. Planning the design of a device by defining user needs and design inputs should be obvious, but the design of quality management processes should also be planned. This means they are implemented in a sensible order, they meet the company’s needs and regulatory requirements. Planning of changes is important to ensure the implications are identified and addressed. Proper planning also contributes to achieving wide stakeholder buy-in and getting everyone on the same page, from top management to the workers on the floor.
How To Leverage Your QMS?
A key element of leveraging your QMS is good planning and getting buy-in from the wider company and especially top management. Following on from this is using the procedures at the right time, in the way they were intended. Starting processes early and finishing them in good time ensures that they are a value adding exercise that provides a return on investment for your quality management system.
I see the quality team as conductors or facilitators, guiding colleagues in other departments and helping them achieve good quality work. Document control for example is more than just controlling documents, the guiding hand of QA can ensure documents get finished and document approvals show that the document was agreed on at a specific time, then document control ensures they are in a defined location for future reference.
A great way to leverage your QMS is to make it as efficient and user-friendly as possible. The best way to do this is to make it fully electronic. Having a good eQMS solution means that your QMS is available at the touch of a button from everyone’s workspace, wherever they are. Furthermore it will be easy to navigate and searchable, unlike physical files and folders of old records. Furthermore, if your QMS is lagging behind technological advancements in other aspects of the business it will give the impression that it isn’t very important. One of the first things I did when establishing a QMS in a previous role was to ensure we had an electronic signature solution in place (21 CFR Part 11 compliant of course). This streamlined document approvals and enabled electronic completion of records and was probably one of the best decisions I made, particularly when everyone suddenly started working from home due to the pandemic.
Partnership Between Fearsome And The Greenlight Guru
Here at Fearsome we have recently transitioned our QMS to Greenlight Guru. The transition was quick and straightforward thanks to all of the advice and support provided by Greenlight Guru and I can see the benefits already. I love how it helps organise all of your documentation, including through requiring unique titles and filtering by metadata. The ability to easily check out documents, add them to change orders, and upload new versions, coupled with routing documents for approvals, provides a lot of efficiency - no more moving documents to different folders and manually asking people to sign something. Another key benefit of this kind of unified eQMS is simple built-in traceability: related documents, change orders, nonconformances and audit findings can all be easily linked to each other for example. Furthermore there is no need to manually update separate logs for nonconformances, CAPAs, change orders, audits and training as this is all done automatically. This is another efficiency gain that frees up valuable staff time.
As mentioned above, having everything in one place makes presenting information to external auditors very easy. It also makes everything clearer for staff too, they can easily find the documents, CAPAs, design controls and risks they need to work with. I also love that the dashboard shows me everything that is going on with the QMS so I don’t need to keep in mind what change orders or CAPAs are open, or what documents or training needs doing. And the automated analytics allows me to track and trend QMS processes in real-time and present graphs to senior management to aid data-driven decision making. Finally Greenlight Guru provides invaluable peace of mind, helping to ensure QMS processes, and documentation of design controls and risk management activities, are compliant with regulations.