REGTech Insights: “Warning letters” show deficiencies in standard Q processes

It is astonishing: The dreaded “Warning Letters” (so-called 483s) from the FDA do not only flutter into our homes when there is a compliance deficit in special areas. Instead, they usually uncover deficiencies in the standard Q processes. This could be a diagnosis in the “Medical Devices” sector based on FDA data for 2017 and 2018 [1]. This is because of 699 “Warning Letters” in total, 354 concerned CAPA processes or CAPA documentation (86), the areas of complaints (229), procurement and supplier management (142), non-conformities (119) and the processes for quality audits (78). The findings in the area of training are also interesting; more on this later.

So it is not primarily the regulatory requirements for product development processes that cause difficulties; and it is not so much the often-discussed complexity of the Medical Device Regulation (MDR) that causes companies to fail in the audit. Certainly, companies are struggling with these requirements, and it can be an uphill battle for many, especially smaller companies. However, the above figures point to something much more fundamental, namely weaknesses in standard processes – CAPA, discrepancies, complaints, document management and control etc. – of a quality management system based on regulatory compliance.

Now, the FDA’s statistics do not provide detailed information about the causes behind the numbers. A look at practice, however, suggests the following: Many complaints are most likely the result of a lack of digitization of Q processes. Without digitization, there is no automation by means of workflows, no continuous and complete documentation of activities and events in the quality management system, and no sufficient integration and consistency of Q processes across different functional areas. This is because paper-based and manually controlled processes are more prone to errors and lead to incomplete data in the audit. In this respect, the FDA figures also indicate a plea for professionally integrated, digital management systems.

Finally, the situation is of particular interest in the area of training. As many as 48 Warning Letters concern inadequacies in the identification of training needs (“Procedures for training and identifying training needs have not been [adequately] established”); 17 criticize the adequate documentation of training activities (“Personnel training is not documented”); in addition, there are 10 for the deployment of insufficiently qualified personnel. Processes and documentation of activities are therefore the main weak points here. However, one could also take the results as an opportunity to reflect on the traditional training organization as a whole: Is the common “read and understood” still sufficient? Does the focus not have to be more on determining learning success, i.e. on qualitative aspects? Is it sufficient to “train documents”, i.e. to focus strongly on documents of an instructional nature and the communication of their content, as has been the case so far? From the perspective of these questions, that would mean: The view of “learning” and “training” would have to be broadened to include informal learning processes and non-formalized content. And it would have to expand beyond a focus on documents. Learning or training situations would then be triggered by various events relevant to quality – complaints, discrepancies, non-conformities, etc. – in the company, and employee competencies would be continuously reviewed, expanded and documented. “Learning” and “training” would thus become cross-cutting issues for all areas of quality management. But then there is really no way around digital solutions.