Understand and avoid deviations and non-compliance


Deviations, non-conformities, errors, findings and other terms are often mistakenly used synonymously. The standards also explicitly contradict each other when defining individual terms.

This article clarifies

  • how the terms should be understood,
  • what are the causes and consequences of non-conformities e
  • how medical device manufacturers can avoid these deviations and non-compliances.

1. Non-compliance: basics

1.1 The definition

1.1.1 Non-compliance

ISO 9000:2015 defines the term Non-compliance with “Failure to comply with a requirement”. Combine this term with the term “Mistake” Also. ISO 13485 contradicts this.

The standard deliberately uses the term “non-conformity” and not the term “error”. Both terms are not identical in content. “Defect” is a legal term that plays a role in warranty for material defects and product liability. “Non-conformity” differs from this in that the manufacturer’s own specifications may be broader or different from those agreed with the customer or expected by the market.

Those: ISO 13485:2021

The FDA defines the term similarly to ISO 9000:

Non-compliance means the failure to satisfy a specified requirement.

Those: 21 CFR part 820.3(q)

1.1.2 Deviation

The term deviation neither ISO 9000 nor ISO 13485 define it. Colloquially it is usually used as a synonym for non-compliance.

The term comes more from the automotive industry around IATF 16949. This standard also uses the term “non-conformance”. However, the set of supplementary rules (Rules for Obtaining and Maintaining IATF Recognition, IATF Rules 5th Edition) also uses the term “deviation” and distinguishes between Major and minor deviations.

In the medical device ecosystem, these major and minor deviations are associated with Greater Non-compliance AND Minor non-conformities equal in audits.

In English we constantly talk about “non-conformity”.

1.1.3 Results

We regularly hear it said that an audit is… Find he gave. What is meant is non-compliance. This colloquial usage is consistent Not with the definition of the term:

results of the evaluation of the audit evidence collected against the audit criteria

Those: ISO 9001:2015

Audit results, i.e. the “results of the evaluation of the audit evidence collected against the audit criteria”, are therefore inevitable in audits. Meaning what. Not that the results are automatically something bad that should be avoided. Things change when there are deviations or non-conformities.

1.1.4 Shortage

Even the term Lack it should not be equated with the term non-compliance.

“The distinction between the terms defect and non-conformity is important because of their legal meaning, particularly that relating to issues relating to product liability (3.7.6) and service liability (3.7.7).”

Those: ISO 9000:2015

1.1.5 Other terms

The FDA isn’t entirely consistent either. In the context of inspections, use other terms such as: Deviation, Non-compliance, Observation AND Violation, without defining them. Examples of this can be found in the Compliance Program Guidance Manual, Inspection of Medical Device Manufacturers, QSIT, and Investigation Operations Manual.

1.2 Examples of non-compliance

Non-conformities can be found in both products and processes.

1.2.1 Non-compliant processes

Examples of non-compliant processes are

  • Processes that are not practiced at all or are not performed according to documented procedural instructions.
    Example: No assessment of employee skills was carried out.
  • Undefined processes.
    Example: There is no process to evaluate and resolve non-conformities.
  • Processes that do not meet the requirements of a standard or legal requirement.
    Example: The procedural instructions do not require that complaints must be evaluated to determine whether a complaint constitutes a reportable event.

These nonconformities are usually discovered during audits and inspections.

Fig. 1: Deviations found by the FDA in 2023: Process issues dominate.

Nearly half of the noncompliances the FDA found during inspections in 2023 involved:

Regulatory requirement Description Portion
21 CFR 820.100 Corrective and preventive actions 14%
21 CFR 820.198 Complaint management 11%
21 CFR 820.30 Design control 10%
21 CFR 820.50 Supplier 8%
21 CFR 820.90 Handling of non-compliant products 6%
Rest 51%
Table 1: The deviations most frequently criticized by the FDA

1.2.2 Non-compliant products

Examples of non-compliant products include:

  • Products whose suitability for use has not been demonstrated
  • Electrical medical equipment with excessive leakage currents
  • Products that do not meet advertised specifications
  • Products whose medical benefits have not been demonstrated and/or for which such benefits do not outweigh the risks
  • Tools that release toxic substances into the body

2. Consequences of non-conformities

The consequences of non-conformities depend on the possible consequences of such non-conformities:

  • Confiscation and/or destruction of products by the authorities
  • Obligation to recall products by the manufacturer
  • Certificate revocation
  • Warning letters
  • Accusation
  • Stopping import
  • Inspection by authorities
  • Fines
  • Obligation to eliminate non-conformities and their causes (corrective actions)

For example, the MPDG gives the authority the following rights:

The competent authority is particularly authorized within the scope of application of this law

1. prohibit or restrict the placing on the market or putting into service of the product,

2. prohibit or restrict the supply of a product to the market,

3. order measures to ensure that a product is placed on the market or made available on the market only when adequate and easily understandable safety instructions are included on the labeling or in the instructions for use,

4. order the withdrawal or recall of a product made available on the market,

5. prohibit or restrict the operation or use of the affected product,

6. order that the public be warned of the risks associated with a product made available on the market; The competent authority may itself alert the public if the economic operator does not alert or does not warn in a timely manner or does not take another equally effective measure or does not do so in a timely manner.

MPDG § 74, Risk Protection Procedure, Section 2

The MDR authorizes authorities to take the following measures:

Competent authorities may confiscate, destroy or otherwise render unusable products that present an unreasonable risk or counterfeit products if they deem it necessary in the interests of protecting public health.

MDR, article 93, paragraph 5

3. Causes of deviations or non-compliance

The causes are different. However, they can usually be attributed to one of the following reasons:

  • Those responsible are not aware of the legal and regulatory requirements.
  • Legal and regulatory requirements were not adequately understood and implemented.
  • Legal and regulatory requirements were knowingly ignored.
  • The company’s internal specifications are too complicated.
  • Management did not communicate to employees the importance and significance of the guidelines.

4. Find and avoid detours

4.1 Find deviations

Manufacturers should personally check for deviations:

  • Carry out internal audits (required by ISO 13485)
  • Carry out tests to detect non-conformities, possibly also automated
  • Carry out inspections and reviews of products and documents

Manufacturers can use external expertise for these tests, for example for internal audits and mock inspections.

Johner Institute experts carry out these audits and mock inspections. They not only identify possible non-conformances, but also provide concrete assistance to eliminate such non-conformities and avoid them in the future.

4.2. Avoid detours

Comprehensive quality management focuses not only on identifying non-conformities, but also on avoiding such non-conformities.

  • Manufacturers should design their processes so that they are understandable, sensible and streamlined. This way you can avoid deviations right from the start.
  • Manufacturers can use external experts to explain the specifications and their interpretation to inspectors and authorities.
  • Manufacturers should use methods/tools to avoid deviations, for example through automated workflows, electronic forms with verification, training systems and documentation of employee training.

The Johner Institute’s real-time compliance system supports manufacturers in systematically eliminating/avoiding incomplete, contradictory and incorrect content from technical documentation, while minimizing the effort required to create and control that documentation.

5. Conclusion and summary

The term deviation is used only colloquially. Therefore it is appropriate to talk about non-compliance, even if the FDA uses different terms, confuses them and does not define them.

Regardless of whether it is a deviation or a nonconformity, manufacturers must avoid these deficits or at least identify and eliminate them. The consequences for both manufacturers and individuals are far-reaching and include criminal prosecution and the demise of the company.

The Johner Institute comes to the rescue with its remediation service for manufacturers whose authorities or notified bodies have identified non-compliance and are threatening consequences.



Automotive

Deviations, non-conformities, errors, findings and other terms are often mistakenly used synonymously. The standards also explicitly contradict each other when defining individual terms. This article clarifies how the terms should be understood, what are the causes and consequences of non-conformities e how medical device manufacturers can avoid these deviations and non-compliances. 1. Non-compliance: basics 1.1…

Leave a Reply

Your email address will not be published. Required fields are marked *