vendredi 26 octobre 2012

FDA Warning letter review 26/10/2012

Une nouvelle mise en demeure de l'agence américaine pointe des défaillances dans l'évaluation des fournisseurs et consultants d'une société de dispositif médicaux :

1.      Failure to establish and maintain procedures to ensure that all purchased or otherwise received products and services conform to specified requirements, as required by 21 C.F.R. § 820.50. Specifically,
a)    Your “Vendor Evaluation and Quality” work instruction, WI-050-0140, dated 08/21/12, does not adequately establish and maintain the requirements, including quality requirements, that must be met by suppliers, contractors and consultants. For example, the requirements, including quality requirements, the contract manufacturer of the AC powered hospital beds must meet have not been established.
b)    All suppliers, contractors and consultants have not been evaluated on the basis of their ability to meet specified requirements, including quality requirements. For example, your contract manufacturer of the hospital beds has no evaluation documented. Additionally, only 8 of the 226 suppliers on your approved supplier list have been evaluated.

vendredi 19 octobre 2012

Une nouvelle Warning letter met en évidence des insuffisances dans l'évaluation des fournisseurs et la validation informatique

Dans cette récente mise en demeure adressée à une entreprise allemande, la FDA pointe des manquements sur ces sujets déjà abordés.

3. Failure to evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements, and document the evaluation, as required by 21 CFR 820.50(a)(1).  For example, there was no documented evidence of suppliers, contractors, and consultants being evaluated and selected based on their ability to meet specified requirements.

7. Failure to validate, for its intended use, computer software used as part of production or the quality system according to an established protocol, as required by 21 CFR 820.70(i).  For example, your firm uses an (b)(4) software system to (b)(4)This software system has not been validated by the firm.


jeudi 18 octobre 2012

Google dévoile l'intérieur de ses data centers

Challengé par la CNIL et l'Europe sur la confidentialité des résultats de son moteur de recherche, Google livre aux internautes une visibilité sur ses data centers en ligne sur http://googlefrance.blogspot.fr/2012/10/decouvrez-les-coulisses-des-centres-de.html . 

A voir pour ceux qui ne sont jamais entré dans un data center moderne.

vendredi 12 octobre 2012

FDA Warning letters review 12 octobre 2012

Les mises en demeure récemment publiés par la FDA pointent des écarts déjà signalés dans nos newsletters précédentes et en particulier des manquements dans l'évaluation des fournisseurs pour des fabricants de dispositifs médicaux.

Une première mise en demeure met également en évidence des défaillances dans la validation d'un logiciel utilisé chez un fabricant de dispositif médical et souligne l'absence de documentation descriptive du logiciel, de ses fonctionnalités et de son infrastructure :

3. Failure to validate computer software for its intended use according to an established protocol, when computers or automated data processing systems are used as part of production or a quality system, according to established procedure, as required by 21 C.F.R. 820.70(i). For example, there are no procedures that describe the qualification and maintenance of the Sorting software for decay calculations on brachytherapy seeds sorted into inventory. There are no software verification and validation requirements defined in your firm's procedures, and there are no records documenting that the Sorting software is fully validated for its intended uses. Your firm updated the Sorting software in May 2009, to address a “glitch” when sorting brachytherapy seeds and their respective activity into properly labeled containers; however, your firm failed to validate the updated software prior to implementation for use. There are no procedures or documents that describe changes and version updates to the Sorting software. There are no documents that define the software’s features and functions, operating environment, or hardware requirements.
7. Failure to establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements, as required by 21 C.F.R. 820.50. Failure to establish and maintain the requirements, including the quality requirements that must be met by suppliers, contractors, and consultants. 21 C.F.R. 820.50(a). For example, your procedure for Purchasing, SOP 06-01, Rev. 3 and Vendor Survey, Form No. 06-01-04, Rev. 1 are inadequate in that they do not require an evaluation and qualification determination of vendors, suppliers, and contract service providers listed on your firm’s Approved Vendors List prior to February 28, 2003. There is no documentation that (b)(4)., the supplier of extruded titanium tubes used in the manufacture of Brachytherapy seeds, was qualified or re‑qualified as a supplier. Your firm has been purchasing extruded titanium tubes from this vendor since prior to 2003. 
Dans une autre mise en demeure :

6.      Failure to adequately evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements and failure to document this evaluation, as required by 21 CFR 820.50(a)(1). For example, your firm’s Purchasing Control Procedure, FMS-2015, requires your firm to document supplier evaluations. It also states that (b)(4) and (b)(4) suppliers are grandfathered, but all new and potentially new suppliers are subject to the evaluation of this procedure. However, your firm failed to document evaluation of suppliers that are not listed as grandfathered, such as (b)(4) and (b)(4), supplier of (b)(4)infusion pumps, as well (b)(4), which is a catheter kit assembler overseeing your firm’s products sterilization.

lundi 8 octobre 2012

Une Warning Letter repose la question du choix des fournisseurs

Cette mise en demeure s'adresse à une société fabricante de dispositif médical et lui reproche (entre autres) de ne pas avoir évalué et sélectionné correctement certains de ses fournisseurs :
5.    Failure to adequately evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements, as required by 21 CFR 820.50(a)(1). For example,
a.    Your firm has not evaluated and selected the suppliers for the components used in the manufacture of the ANSR: BEAM and ANSR: HALO devices on the basis of their ability to meet specified requirements, including quality requirements.

 b.    Your firm has not evaluated and selected the contract manufacturers for the ANSR: BEAM and ANSR: HALO devices on the basis of their ability to meet specified requirements, including quality requirements.
Nous aurons l'occasion de revenir prochainement sur ce sujet.

L’Agence de cybersécurité publie un guide d’hygiène d’informatique

L’Anssi a publié son précis de l’hygiène informatique, un guide composé de 40 règles permettant d’améliorer la sécurité des SI des entreprises.
Le document est ouvert aux commentaires jusqu’au 15 novembre et devrait donc évoluer.

Accéder au document ici.