“Remediation” is often synonymous with maximum stress: Notified bodies or authorities such as the FDA have discovered significant deviations that must be remedied with the highest priority and without regard to the workload of employees or budgets.
This article will help you to complete such “remediation projects” in such a way that
- the authorities are satisfied,
- your own team is not unnecessarily overloaded,
- budgets are not blown, and
- such a problem will not occur again in the future.
1. Remediation: First things first
1.1 What is meant by “remediation”
The term “remediation” is common in the regulatory field, but no legal definition exists. The Cambridge Dictionary defines the term as follows:
“the process of improving or correcting a situation”
For manufacturers of medical and pharmaceutical products, remediation involves eliminating (regulatory) problems.
Deviations are identified by notified bodies, authorities such as the FDA, or the companies themselves during internal/external audits or inspections. Remediations are, therefore, neither limited to the FDA nor one specific area of law.
- planning and implementation of measures following an audit by a notified body that has led to “major” non-conformities
- measures to eliminate the non-conformities identified by the financial supervisory authority
Some companies only talk about remediation once a certain level of escalation has occurred, such as the threat of a warning letter from the FDA.
1.2 How a remediation differs from a CAPA
Remediation aims to bring a system, process, or product back into compliance before serious consequences such as fines, criminal charges, import bans, or poor reputation can occur.
This goal is similar to that of corrective actions. However, remediation should be seen as a more comprehensive overarching process than a single corrective or preventive action (CAPA).
1.3 When remediation is necessary
Typically, several CAPAs are processed, grouped, and implemented as part of a remediation project. Therefore, organizations should start a remediation project immediately if several systemic problems have been identified whether in an internal audit or during an FDA inspection.
1.4 What the most frequent deviations are
The FDA almost always oberserves that procedures were not adequately defined or not followed.
The following procedures are particularly frequently affected (see Fig. 1):
- Corrective and preventive actions: This means that companies do not systematically recognize, record, and analyze their problems and root causes.
- Complaint handling
- Vigilance / MDR reporting
- Design controls, in particular, the handling of design changes. For example, manufacturers do not sufficiently verify and validate changes made to the device or do not report significant changes to the notified body or authority (or there is no documented evaluation for reportability/re-approval).
The FDA documents deviations (“inspectional observations”) on a form with the number 483. In case of major violations, a warning letter can be issued.
2. The regulatory framework
There are no legal requirements for remediation. However, there are requirements for corrective and preventive actions, e.g., in chapter 8.5 of ISO 13485 or 21 CFR 820.100.
The authorities and notified bodies also set deadlines. Manufacturers should adhere to these.
| Legal area | Deadlines |
|---|---|
| USA / FDA | Response to a 483 deviation report and warning letter: 15 working days |
| EU (MDR, IVDR) | Typically 15 days to create a plan and 30 to 90 days to implement it (depending on criticality) |
| MDSAP | 15 days until the submission of a remediation plan. 30 days until implementation of the remediation plan for non-conformities of grade 4 or 5 |
3. Typical steps in the remediation process
3.1 Receive and understand the findings
Typically, the process starts with the identification of a significant regulatory problem by
- a warning letter from the FDA or
- the audit report of a notified body with one or more “major” deviations.
In this case, manufacturers must act immediately due to the deadlines mentioned above:
- First, companies should understand the non-conformities and group them by area.
- They should then make all those affected or responsible for the area part of the remediation team.
3.2 Identify causes of problems
The next step is to work together to identify the root causes of the problems. Use the CAPA process for this (if it is not affected by the non-conformity).
Find the actual causes. The fact that someone has not complied with a process is not a “root cause.” The real problems usually lie deeper:
- Lack of commitment from top management
There are CEOs who are not committed to their QM system and for whom regulatory compliance is not so important. - Lack of resources
Without management commitment the necessary QA/RA resources are typically not provided. - Lack of expertise
Understanding the regulatory requirements and complying with them not only requires a lot of time but also a lot of expertise. This needs to be systematically updated. Companies must replace regulatory experts who leave in good time. - A lack of awareness
There is often a lack of awareness of how important it is to comply with regulatory requirements and how costly it is to fight entropy in the company. Without energy expenditure, every organization sinks into chaos. - Unsuitable resources, lack of inherent legal certainty
Anyone who has to manually keep content such as an intended use statement in different documents (e.g., risk management file, use specification, clinical evaluation report) synchronized has a hard time. In a system that is driven by data rather than documents, there is no redundant data and, therefore, no risk of inconsistencies.
3.3 Develop a remediation plan
Once the non-conformities and their causes have been fully identified and understood, the next step is to plan the remediation. The plan should include:
- planned corrections and corrective and preventive actions and the associated changes to the QM system incl. processes and procedures
- a justified time schedule
- Intermediate actions (for more complex, time-consuming CAPAs)
- specified responsibilities for monitoring and implementing the plan
- requirements for training
- methods for testing effectiveness
Communicate your plan to the notified body or authority (see also best practices).
3.4 Implement and track remediation plan
Companies should continuously monitor the plan’s implementation to react promptly, for example, in the event of delays. This task is typically the responsibility of a project manager.
3.5 Check the effectiveness of the actions
Once the actions have been implemented, the effectiveness check phase begins. This can last for different lengths of time. For an objective evaluation, the respective process often has to be run through several times in order to assess whether the cause of the problem has been eliminated.
For processes that are rarely run, e.g., vigilance processes, it can be helpful to evaluate the effectiveness of the actions and the process’s conformity using a simulation
The organizations typically are obliged to report the remediation completion to the notified body or authority.
4. Tips for successful remediation
4.1 Best practices and factors of success
Demand and demonstrate commitment
The commitment of top management and all those responsible is one of the most important success factors in a remediation project. It will be difficult if management does not understand how critical the situation is.
Use the help of Professor Johner and his team to do the necessary persuasion work. This has always been helpful to companies. Get in touch.
Carry out a system-wide and unconditional root cause analysis
The root cause analysis should be system-wide and not limited to a specific process. This is the only way to identify the real root causes.
There must be no taboos in the analysis. It is not about finding the culprits but about finding the root cause. As long as companies do not find them, the next remediation is only a matter of time.
Act promptly, but not hastily
Respond to non-conformity reports or warning letters promptly and always within the set deadlines.
However, you should not react too hastily if you want your plan to be accepted. A good and well-founded remediation plan takes time because all those responsible must be involved, not just the Quality or RA manager.
Define preventive actions
Where possible, companies should define suitable preventive actions. These could be actions in other areas of the QM system or for processes that have not been objected to and that are currently (still) compliant. However, jf similar root causes could also apply to those processes and potential non-conformities could occur in the future, a preventive action might be suitable.
The process for the mandatory reporting of incidents is legally compliant and is implemented in accordance with the company’s own QM procedures. However, it has been noticed that for several events the specified deadline for evaluating incidents is only just being met (negative trend).
In the simplest case, the cause is a lack of resources. However, it could also be a systemic problem (e.g., the process is too complicated, or too many people are involved). In this case, a preventive action may be useful.
Respond adequately
The response to the authority or notified body should include the remediation plan. It is useful to formulate your intention to comply with the law and remain so in the future, preferably with the signature of top management.
4.2 Recognizing and avoiding traps
Imprecise response
A vague response to the authority should be avoided. For example, do not mention that you are working on a solution without giving specific deadlines and responsibilities.
Only “treat” the symptoms
Systemic problems can only be solved if the cause is eliminated. Treating a symptom usually only helps in the short term or not at all.
No effectiveness check
Remediation actions are implemented and trained. However, the evaluation of effectiveness is often inadequate. Take the necessary time for this and choose suitable methods.
It is not sufficient to simply document a complaint retrospectively. Instead, the organization should find out how it came about. The 5 Why method, for example, can help with this.
One possible cause is an incorrectly configured or unsuitable ticket system that leads to user errors. Or users may lack the necessary training.
5. Finding the right support
5.1 Knowing when support is needed
In some cases, it is advisable to call in external help:
- Your company does not have the necessary resources to handle the work at hand.
- Your own team lacks the necessary expertise, e.g., in dealing with the authorities.
- There is disagreement, for example, about the urgency or the choice of actions that an external authority can eliminate.
- A “driver” is required who ensures and takes responsibility for ensuring that the planned activities are completed in the planned time.
5.2 Knowing where support is particularly helpful
External experts can help with almost all steps:
- understanding the non-conformity reports and regulatory requirements (including the scope for implementation)
- planning of the remediation project
- project management and project monitoring
- communication with the authority or notified body, e.g., drafting an appropriate response to a warning letter
- root cause analysis and development of an action plan
- support with the implementation of actions (e.g., establishing a new procedure, validation of processes)
- training courses
5.3 Knowing how to choose the right partner
There is no second chance with remediation projects! In most cases, there is no possibility of extending the project. It is, therefore, essential to find the right partner.
When choosing a partner, make sure that your ideal partner …
- has the expertise and practical experience with many and larger remediation projects. Ideally, this experience should be market-specific.
- has an interdisciplinary team that can take on as many activities as possible, from the revision of SOPs and clinical evaluations to process validation. The fewer external parties involved, the easier the project is to manage.
- is actually available and commits to providing all the necessary resources until the project is successfully completed. Given the short-term nature of these kinds of projects, this cannot be taken for granted.
- has experience in communicating with authorities/notified bodies. This know-how cannot be acquired theoretically but is developed through a lot of practice.
- enjoys the appreciation and trust of your own team. This is the prerequisite for transparency, which in turn is necessary in order to find and eliminate the root causes.
Get in touch and find out how the Johner Institute can support you with inspections and remediation projects.
6. Summary and conclusion
Violations of the law or standards uncovered by audits or inspections can have serious consequences. In order to avoid this, it is imperative to have:
- a precise remediation plan,
- a prompt and consistent root cause analysis and
- the implementation of the necessary actions.
The right partner will ensure that resource and competence bottlenecks are eliminated and that the actual causes are eliminated. In this way, you will complete your remediation project to the authority’s or notified body’s satisfaction.
Remediation has thus achieved another goal: better organization.
The Johner Institute’s team of experts has quickly implemented countless remediation projects and helped to prevent more serious regulatory actions or warning letters from the FDA. This success is based not least on clever communication with authorities and notified bodies.
Whether you need help interpreting a non-conformity report or warning letter or an entire “remediation squad,” The Johner Institute team will assist you with all activities or take them over completely if you wish.
The only decisive factor is that you get in touch quickly if an inspection or audit is pending or has already led to a suboptimal result. If we start together within a few days, it is easier to achieve the desired result: The authority or notified body closes the case successfully.
