Steris Isomedix Services

STERIS Corporation
Product:facility sterilizes medical devices

1. Failure to establish and maintain adequate procedures for implementing corrective and preventive action, as required by 21 CFR 820.100.
Your CAPA procedure, PROC-00007, Revision 19, is deficient in that it does not adequately describe how to identify, correct and prevent the recurrence of nonconforming product and other quality problems, including any actions necessary to mitigate such risk. For example, the investigation, NC-05731, opened on July 29, 2013 to investigate data manipulation/falsification at the inspected facility where product was overdosed but was subsequently made to appear within specification, did not include a review of all potentially affected products. Specifically, NC-05731 excluded:
all runs that were not suspected overdosed runs. This would include all dosimeters that are read following the possible manipulation of the spectrophotometer to improperly zero the instrument which is not stored in the instrument?s audit trail. If the spectrophotometer is not properly zeroed,

8. Failure to adequately validate software used as part of production and the quality system for its intended use according to an established protocol, as required by 21 CFR 820.70(i). Specifically, actions were not taken to ensure that computer errors would not result in the loss of dosimetry and run dose data from the Dosimetry Measurement Application (DMA) module of (b)(4). For example,

a. The inspection found that 2,900 records were missing from the main table of the DMA module of (b)(4) between the time that it was installed at the Libertyville North facility on November 4, 2011 and November 6, 2013. Each missing record represents an attempt at creating a dosimeter record.

b. Of the 2,900 missing records, 1,623 records/dosimeters (representing (b)(4) irradiation runs) contained dosimetry data and were intentionally deleted from the DMA module. These records contained a calculated dose when they were deleted, and 192 of the dosimeters (representing (b)(4) unique runs) were out-of-specification low (under-dosed).

c. The (b)(4) and DMA systems are set up to automatically discard any dosimeter absorbance readings outside the set operating range of (b)(4) to (b)(4) absorbance units.

We have reviewed your responses to sub-points (a) through (c) and have determined that the adequacy of the responses cannot be determined at this time because your firm?s corrective actions are either on-going or documentation was not provided to allow for FDA review. For example, your responses indicated that the (b)(4) software and system documentation will be remediated, and a full revalidation of the (b)(4) system will be performed; however, this is not complete. In addition, your responses indicated a number of corrective actions to address the specific issues listed above; however, no documentation was included with the responses to verify these actions.

FDA District Office:Chicago District

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

Cybersecurity Review

Our cybersecurity experts are NESSUS Pro Licensed and can quickly remediate cybersecurity deficiencies with your medical device or digital health software.  Planning, requirements, validation, and submissions – we can assist with all.

Interested in having a conversation?  Email us to arrange a Zoom meeting or call us at +1 781-721-2921.

Corporate Office

15148 Springview St
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN), Canada, and Italy.