The article highlights the key points related to internal audits and outsourcing activities. 

The Health Sciences Authority (HSA), Singapore’s regulatory agency in the sphere of healthcare products, has published a guidance document dedicated to the application of Singapore Standard Good Distribution Practice for Medical Devices. The document provides additional clarifications regarding the applicable regulatory requirements related to the operations with medical devices, as well as recommendations to be taken into consideration by all the parties involved to ensure compliance thereto. At the same time, provisions of the guidance are non-binding, nor are intended to introduce new rules or impose new obligations. The authority also reserves the right to make changes to the guidance and recommendations provided therein, should such changes be reasonably necessary to reflect corresponding changes in the underlying legislation. 


Internal Audits

One of the aspects covered by the scope of the guidance relates to internal audits. According to the document, they should be carried out regularly (at least once a year) and duly documented. In the course of such audits, compliance with the GDP requirements should be assessed. Upon completion of an audit, the appropriate written report should be created, outlining all the nonconformities identified. These non-conformities should be duly addressed promptly. According to the guidance, the audit results and the status of the nonconformities should be communicated to management for review and be monitored till effective closure is achieved, while the organization should identify and implement any changes necessary to ensure and maintain the continued suitability and effectiveness of the quality management system. 

Outsourced Activities 

The guidance also describes the approach to be applied concerning outsourced activities. In this regard, the HSA states that all entities that provide outsourced activities should be subject to audits to be conducted by certification bodies (except the cases when such entities are certified under the applicable standard). The said audits stand for on-site audits to be conducted by certification bodies concerning the entities that provide the services of storage and secondary assembly. 

Apart from that, the entity which works with an outsource activities provider should include such activities into its scope of internal audit. Furthermore, such an entity will be solely responsible for ensuring that there are efficient controls implemented concerning outsourced activities. 

The authority highlights the following key points to be considered:

  • Before outsourcing activities, the organization is responsible for assessing the suitability and the competence of the service provider to carry out the outsourced activities;
  • When monitoring the performance of the service provider, the organization should consider compliance trends and conformance history;
  • The performance of the service provider should be monitored regularly.  

As further explained by the HSA, the activities that could potentially be outsourced include, inter alia, the ones related to cleaning, pest control, installation and servicing, calibration, and transportation. As it was stated before, the providers of such services should be subject to audits in the course of internal audits an organization should conduct, unless such providers are certified. At the same time, the providers offering outsourced activities related to storage, warehousing, stock handling, and secondary assessment should be subject to audits to be carried out by the certification body (except in cases when such providers are certified). 

It is also stated that for outsourced activities covered under Clause 7 of the guidance (Premises and facilities) and Clause 8 (secondary assembly) of the SS GDPMDS, there should be a written contract to define the roles and responsibilities of each party, technical specification and contractual agreements to avoid any misunderstanding which could result in a product or work of unsatisfactory quality. According to the guidance, the aforementioned technical specifications to be agreed upon by the parties could address special storage and handling conditions to be applied due to the nature of devices concerning which the services are provided (such conditions could be indicated by the initial medical device manufacturer and indicated in the documentation accompanying the device). 


Additional Details 

The guidance also contains annexes that provide additional details related to the Good Distribution Practice and the way it should be followed by the parties involved. For instance, the first annex describes the scope of SS GDPMDS certification – according to the document, it covers the following aspects:

  1. Activities performed + categories of medical devices handled by the organization;
  2. Activities that are outsourced;
  3. Any special storage and handling conditions (e.g., cold chain management). 

The guidance also outlines the scope of medical devices for which certification is required. The list includes such categories as:

  1. Active implantable devices;
  2. Anesthetic and respiratory devices;
  3. Dental devices;
  4. Electromechanical medical devices;
  5. Hospital hardware;
  6. In vitro diagnostic devices;
  7. Non-active implantable devices;
  8. Ophthalmic and optical devices;
  9. Reusable devices;
  10. Single-use devices;
  11. Assistive products for persons with disability; 
  12. Diagnostic and therapeutic radiation devices;
  13. Medical software.  

In summary, the present HSA guidance describes the approach to be applied by the parties involved in operations with medical devices to ensure compliance with the country’s Good Distribution Practices. The document outlines the key points to be considered concerning each type of activity and also highlights certain specific aspects – for instance, the ones related to internal audits and activities that could be outsourced. 



How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.