Professional Documents
Culture Documents
Conformance Vs Compliance
Conformance Vs Compliance
From:
Quality Handbook -
Six Sigma
DIFFERENCE BETWEEN CONFORMANCE AND COMPLIANCE
To clarify the difference between conformance and compliance – words which are often
interchanged, but should they be? Here’s just a few lines to explain the difference between
them and also why they tend to become confused.
Conformance
Choosing to do something in a recognised way (following standards such as ISO 9001 or
recognised methods such as agreed test methods for ring tests under ISO 17025).
Compliance
Doing what you are told (i.e. abiding by the law, meeting legislative requirements).
This is an important topic to talk about because many companies have assumed that having
the ISO certification means they shouldn’t have any problems being compliant with 21 CFR
Part 820. Unfortunately, many find that this is not true. When they’re left sorting out Form
483 observations, and possibly even warning letters, as a result of an FDA inspection, they
genuinely feel that they’ve done nothing to warrant the fuss - if ISO approves, why doesn’t
the FDA?
Medical device companies need to have a fundamental understanding of this; what is the
difference between standard conformity and regulatory compliance?
ISO 13485 VS. 21 CFR PART 820
ISO 13485 put out a new version in 2016 and in many respects, parts of it
were brought closer to FDA regulation. For example, the ISO standard
takes a risk-based approach toward quality management systems, which is
consistent with the interpretation and application of the FDA expectations.
(Note: FDA doesn’t explicitly define risk-based requirements for QMS).
The FDA QSIT (Quality System Inspection Techniques) looks at four
major subsystems; management controls, design controls, CAPA and
production and process controls.
Under the 2016 update, many ISO standards were brought closer into
alignment with the regulations under these subsystems (for example,
adding a specific clause pertaining to complaint handling); however,
there are still differences in interpretation between the two.
This is where device manufacturers can really start seeing a difference. Let’s say you
have an ISO audit and they find an issue, the usual procedure is to issue you with a
finding on your audit report. If you get a Category 1 (Major) finding, then your registrar
will require you to submit a corrective action plan within 30 calendar days. You’ll need
to provide evidence of effectively closing the issue within 90 calendar days.
Most registrars will then return after that 90 days to verify the corrective action with a
follow-up audit. The focus of that audit is solely on the issue that was raised. However,
let’s say you get back to the registrar beyond the 90 days they require, there’s a good
chance they’ll want to conduct a more thorough repeat audit and scrutinize your full
QMS for any other systemic issues. Your ISO certification may be at risk.
You lose your ISO certification and are unable to participate in global markets that
require it.
Let’s flip to the same scenario under an FDA inspection.
You undergo a comprehensive inspection following QSIT guidelines, under which the
inspector documents a form 483 observation. On receiving it, you have 15 business days to
respond in writing, including explaining your corrective actions and providing evidence
that they are an appropriate response.
Once FDA has received your form 483 response, they make a recommendation as to any
follow-up enforcement. Typically, this may include follow-up inspection, issuing a
warning letter or some other type of enforcement. Expect to see the FDA back within 6
months, or sooner for very serious issues.
If you have received a warning letter, you need to comprehend the seriousness of it. A
warning letter indicates that the FDA has determined you are in violation of the law and
may consider further enforcement actions, including seizure, injunction, prosecution or
civil penalties.
Bottom line consequences through the FDA: Your operation gets shut down, you face
civil penalties or prosecution, including the possibility of prison time.
Conformance is voluntary adherence to a standard, rule,
specification,requirement, design, process or practice.
The Difference
Conformance applies to strategies and plans that you adopt to be
more productive or to improve quality.