Identifying CSV Compliance Violations: Lessons Learned from an FDA Inspection in June 2023

During an FDA inspection in June 2023, several violations related to computer system / software compliance and general quality system processes were identified. Here is a link to the letter:  Warning Letter CMS #653455

The warning letter details a variety of violations that can be addressed through computer system validation (CSV), computer software assurance, equipment qualification/validation, and quality system procedures. Here is a summary of the findings, recommendations, and thoughts:

1. Failure to submit a new 510(k) for changes in software: The company changed its approved treatment planning software used for their dental aligner system to a without submitting a new 510(k). As it is unclear if the software change could significantly affect the safety and effectiveness of the device, the FDA recommends the company submit a new premarket notification submission. For this violation, a documented risk-based change control process should be implemented to assess changes to the software and guide the appropriate actions.
2. Failure to validate complaint handling system software: The company did not validate its complaint handling system software. These types of systems (e.g., eQMS) must be validated when they manage compliant handling processes due to the risk of impact to patient safety and product quality. In the warning letter, the FDA requests the organization to generate a software validation report, approach, testing methodology, and validation results within six weeks. This is an instance in which from the FDA draft guidance on Computer Software Assurance (CSA) would be very helpful. The guidance provides an excellent framework for determining the appropriate software assurance process to validate the system.
3. Failure to establish and maintain procedures for evaluating suppliers: The company lacked procedures for evaluating suppliers, contractors, and consultants. The FDA recommends that Vitthe company review the supplier evaluation process, update necessary documents, and conduct auditing of all suppliers within 12 weeks. A well developed and documented supplier assessment procedure is essential for FDA compliance. Further – it is a fundamental component of CSA in that it allows for due diligence to leverage software vendor testing and documentation. In this way, one can avoid duplication of testing and other software assurance activities.
4. Failure to validate the 3D printing process and equipment: The company did not adequately validate its 3D printing process and equipment used in manufacturing of their system. The company’s procedures did not address equipment qualification and validation. The FDA requests evidence that the 3D printing process has been qualified and validated.
5. Inadequate calibration of equipment: The failed to adequately calibrate its 3D printers used in the manufacture of dental aligners. The company could only provide records of quarterly maintenance instead of monthly calibration as stated in their procedure. The FDA recommends that the company review its forms and procedures relating to calibration and ensure equipment is routinely calibrated, inspected, checked, and maintained as required.
6. Lack of a device history record (DHR) procedure: The company does not have a procedure for device history records (DHRs). The DHRs for dental aligners did not include or refer to the primary identification label and labeling used for each production unit. The FDA suggests that the company review and update its device history process procedures, including the inclusion of UDI information, and provide training to employees. Often a Manufacturing Execution System (MES) will capture the DHR information. It is not clear if the company has one or not. However, this MES would need to be validated as well.

The violations described in this warning letter are cited to ensure that appropriate corrective and preventive actions are taken to comply with FDA regulations (21 CFR Part 820) and ensure the safety and effectiveness of their products. As mentioned throughout this summary, good CSV / CSA procedures and activities (and compliance with them) are necessary to ensure compliance with FDA regulations; they would prevent issues found in the warning letter.