Get the App

Avoiding FDA warning letters

By establishing robust quality & compliance management programs, medical device manufacturers can ensure process quality and product safety in compliance with FDA mandates.

U.S. Food and Drug Administration (FDA) warning letters can spell big trouble for medical device manufacturers and pharmaceutical companies that have established their businesses within the U.S. Warning letters expose these companies to negative publicity and reputation damage, risk loss of business and customers, delay in approvals, and even civil and criminal litigation by the FDA. However, worse still are the results of mishandling a warning letter, which can be disastrous for top brands and small companies alike.

In recent times, the FDA has resorted to stringent enforcement actions, issuing warning letters to several top global companies. This indicates the FDA plans to conduct more inspections with greater detail and accuracy, and has heightened its oversight. Its ultimate goal: unerring quality and safety of drugs and devices.

While this is a welcome move for strengthening patient health and safety and public trust in the system, it calls for companies to be more alert and take all possible preventive actions to avoid FDA warning letters.

True to the world of medicine and pharmacy, the dictum “prevention is better than cure” holds very much true for FDA warning letters.

Role of FDA

The mandate for the FDA is to protect American public health. Its primary goal is to ensure that products in the United States market are not adulterated or misbranded.

FDA, as part of its inspections, verifies compliance to Current Good Manufacturing Practices (cGMPs) and quality system regulations; monitors recalls of products, devices, and drugs within the U.S.; and oversees corrections/removals and adverse events, including death and serious injuries. It authorizes products for sale in the U.S., through evaluation and approval processes, including pre-market notification or 510(k), pre-market approval (PMA), new drug application (NDA), or abbreviated new drug application (ANDA), and also evaluates and clears imported products for their safety and usage.

Below is a peek into the nitty-gritty of FDA Inspections for medical device manufacturing firms and pharmaceutical companies.

FDA inspections for medical device manufacturers

FDA leverages the quality system inspection technique (QSIT) approach for inspections, under which four main subsystems are assessed – management controls, design controls, corrective and preventive actions (CAPA), and production and process (P&P) controls.

It evaluates if the finished product, design process, and manufacturing process match the defined quality specifications and are adequate for the intended purpose. At the end of an inspection, the system-wide deficiencies are noted on FDA-483, an inspectional observation form. During the final inspectional closeout, the deviances from the cGMP requirements for medical devices which are specified in Title 21, Code of Federal Regulations (CFR), Part 820 are also noted.



FDA inspections for pharmaceutical firms

For pharmaceutical inspections, the FDA uses a bottom-up approach, in which it starts looking at complaints associated with the pharmaceutical manufacturing operations. The primary focus is on NDA or ANDA products. It also selects relevant drug processes that are applicable to NDA or ANDA. The FDA inspection team will finally note any departures from the pharmaceutical cGMPs on FDA-483.

FDA inspection closeout

At an inspectional closeout, the FDA classifies the inspection outcome in three different categories: NAI, VAI, and OAI.

NAI: No action indicated. Applicable for two years and no FDA-483 issued.

VAI: Voluntary action indicated. Company receives an FDA-483, but FDA will not pursue any regulatory actions like issue of warning letter, injunction, or seizure. A routine inspection should not occur within a two-year period.

OAI: Official action indicated. The firm receives an FDA-483 where an investigator notes significant cGMP or quality system regulation deficiencies. The establishment inspection report is written, and regulatory actions are recommended to the compliance branch. Once the investigation branch approves the recommendation to issue a warning letter, the compliance branch issues the warning letter to the firm.

FDA warning letter

For domestic inspections, the district compliance branch issues the warning letter after an FDA inspection. For foreign firms, the Center for Drugs and Radiological Health (CDRH) issues the warning letter with or without automatic detention (import alert). Once the warning letter is issued, the FDA expects a timely response and adequate corrective actions. Typically, FDA schedules a re-inspection to check the status of the corrective actions within a period of 6 to 12 months.

If a foreign firm receives automatic detention/import alert after an inspection, the products would be stopped at the U.S. border by the Customs and Border Protection and the FDA as an immediate response to GMP quality system regulation violations.

Preventing an FDA warning letter

To prevent an FDA warning letter, both pharmaceutical and device firms have to ensure that there is a compliant quality system in place, and gain comprehensive knowledge about CFR 211 and CFR 820 that govern the quality and safety requirements pertinent to drugs and devices respectively. The medical device manufacturers also need to possess a thorough knowledge about CFR 803 and CFR 806 guidelines for medical device reporting (MDRs) and recalls (corrections and removals).

Following are some of the critical steps that companies need to implement for avoiding an FDA warning letter.

Compliant quality system: A sound compliant quality system must be established. A quality manual – with exhaustive documents on operating procedures, work instructions, and testing specification, including in-process and final acceptance testing of the medical device, and the finished pharmaceutical product – must be maintained.

Quality department: The quality department must possess adequate resources and personnel to adhere to the standards of the Quality Management System (QMS). It must have the latitude to make appropriate changes to the quality system as required, and must report directly to the executive management or the CEO, so as to have the desired independence in its decision making.

Internal/External Quality Audits: Trained individuals must conduct the internal audits as per established procedures at appropriate intervals. The audit schedules must include a detailed plan of what should be audited, how, and when. For external audits, a capable external auditor/auditing body must be identified. The findings from internal/external audits must be properly linked to the CAPA system to ensure that the pain points and concerns identified during audits are addressed effectively.

Robust CAPA system: While preventive actions enable companies to avoid potential difficult situations, suitable corrective actions help avoid warning letters and other enforcement actions and also help them build a healthy relationship with the FDA. The effectiveness of CAPA must be verified, and proof of action maintained, through proper documentation. Training program: Effective training metrics aligned with established procedures are necessary to ensure the availability of quality experts within the firm. Result-oriented training programs require systematic planning, execution, and evaluation.

Executive management buy-in: FDA holds management with executive responsibility to ensure consistent adherence to cGMPs, and to build an organizational culture of quality and safety. Management representatives must oversee the entire quality system to identify problems and be involved in regular reviews of the quality system.

Design controls: There must be established procedures and well-trained personnel involved in design control. All activities in design control for drugs and devices must be documented. Any changes in devices must be evaluated to determine if they would require a submission to FDA through 510(k), PMA, NDA, or the ANDA process for further approval or clearance.

Risk management: The FDA refers to ISO 14971 which mandates a risk management approach to designing and managing medical devices. Companies need to assess any risk to public health within their design controls arena. They must evaluate risk in CAPA handling, root-cause determination as well as design validation. The Hazard Analysis Critical Control Point (HACCP) in production and process controls must also be well established. The emphasis must be on a balanced and scientific assessment, management, and documentation of risks involved in devices and drugs.

Leveraging technology to prevent FDA warnings

Technology can play a dominant enabling role in automating and enhancing almost every aspect of quality management system (QMS), including CAPA process and management, change control, training, document management, understanding compliance requirements, and risk assessment, as well as proactive internal process and audit management.

An advanced technology solution can act as a facilitator in the pre-inspection, inspection, and post-inspection stages. Deploying technology can help minimize the inspection effort, and also make QMS highly effective and almost foolproof. This will help significantly reduce the percentage of non-conformances and the number of customer complaints, and help achieve quicker resolution time and better preparedness for FDA inspections. The latest tools and applications help companies standardize their quality, audit, and risk programs, and automate various routine tasks through efficient workflows, plus reduce redundancy and duplication.

Integrated solutions provide a closed loop and holistic approach to handling quality issues and data. Document management and control processes for documents such as standard operating procedures (SOPs) and quality reports can also be maintained efficiently through centralized repositories and collaboration tools. Sophisticated risk assessment tools such as risk heat maps and risk calculators can be used to define, assess, and manage risks in device and drug safety and quality.

Advanced executive dashboards and automated reports enable effective monitoring of quality management programs and also offer the latest analytics and statistics. In case of non-conformances and deviations, the best-in-class capabilities of appropriate solutions can be leveraged to facilitate prompt and timely remedial action. In addition, various activities like creating, maintaining, and submitting evidences of compliance, risk assessment, and proactive implementation of controls can be automated for more efficiency and robustness. The training programs can also be streamlined and tracked, and gap analysis through proactive internal investigations can be made more efficient.

Achieving sustainable compliance

Medical devices manufacturers and pharmaceutical companies wish to receive a clean slate from every FDA inspection to safeguard their reputation and reduce the risk of overarching financial loss. However, the FDA resorts to a stringent inspection process before issuing an NAI to companies. The onus is on the companies to establish sound quality management programs based on a well-informed understanding of the regulatory requirements and standards.

Often, companies end up receiving an FDA-483 or a warning letter as a result of simple oversight or errors in their quality systems and manual handling of the processes. Technology can play a vital role in automating the key quality processes and infuse more efficiency into the drug and device design, manufacturing, and distribution management program. An overall risk-intelligent approach will also provide the key to achieving sustainable compliance with the CFR requirements, ISO standards, and broader FDA mandates governing the medical device and pharmaceutical industries, thereby helping companies steer away from FDA Regulatory Actions.

MetricStream Inc.


About the authors: Regulatory consultant Lori Carr can be reached at Timothy Schmutzler, regional VP of GRC Solutions, MetricStream, can be reached at

You May Also Like

comments powered by Disqus