Specifically, there are no written purchasing control procedures; no requirements, including quality requirements have been established for your suppliers; and you have not evaluated your suppliers. For example, you have not established requirements or evaluated the firm that contract manufactures your Dynavision D2 devices; and you have not established requirements or evaluated the software contract engineer, who makes the Dynavision D2 device’s software changes.
The response dated May 13, 2017, is not adequate. Your response states that you will establish written purchasing control procedures by July 1, 2017. It does not address establishing specifications, including quality specifications for your suppliers, especially your contract manufacturer and your software contract engineer…
Specifically, the “VALIDATION AND CONTROL OF COMPUTER SOFTWARE” procedure, #DYN-OP-VDC-01, dated 5/24/13, has not been implemented, and there is no validation for the software revisions you have made to the Dynavision D2 since 2011.
The response dated May 13, 2017, cannot be assessed at this time. Your response states that you will contract a consultant to build the appropriate DHF; create a DFMEA and a formal risk analysis compliant to ISO-14971; and create a formal software validation process, including a controlled document adequately track all software revisions along with implementation dates. Your response states these corrective actions will be completed by July 1, 2017.
View the original warning letter.