John has had some unusual findings on audits for clients, saving them major cost and regulatory problems:

o Costly validations were performed by one company that were effective but had one major failing. A "line wasn't drawn in the sand", i.e, inputs weren't held constant, prior to start of the V&V and from then on. The validations required use of specific packaging products which weren't given part numbers or specifications. Over time these could change, effectively rendering the validation worthless, but without company awareness. Corrected on the spot.

o If something seems too good to be true, it probably is. A company manufacturing OEM medical equipment required software for its control. In several years and hundreds of units in the field, there had been no documented software upgrades. Since this didn't make sense, John started digging and found that customers had been able to circumvent normal channels, and talked to the company's programmer, who then willingly sent out patches to address their concerns. All of this was ad hoc / outside the CGMP system. As a result there was one official Rev / Release in the field, but no two were actually identical. This was brought to an immediate halt, with the software put under not only formal change control in name, but actual change control in deed.

o Truncated data: A review of QC inspection data on a measurement on 2nd shift found that one expected "normal curve" wasn't, but had a sharp drop rather than a tail. A review of the raw inspection data showed one inspector would "fudge" any measurement that fell just over the acceptable range, to keep from having to quarantine a lot and fill out more paper work. Corrected on the spot.

o "Gatekeepers": This has been observed during several client audits of CAPA / complaints. Complaints can enter most companies through many different routes: e-mail, fax, sales / marketing, letters, phone ... How are they captured and routed? Do all functions involved know and follow documentation requirements -- the receptionist, sales, help desk, customer service, tech support, return goods receipt, warranty claims, repairs, et al, know what a complaint is, and then complete the required documentation, so all complaints are captured?


John has been writing a quarterly "Medical Device Validation Forum" column on medical device issues for the JOURNAL OF VALIDATION TECHNOLOGY from the Autumn 2009 issue to the present.  Until the Winter 2013 issue, these were all print.  Now they are digital -- visit the website .  He also set up a section on their website on computer validations and their requirements in the US and in Europe, with links to applicable sites and reference documents.  


John contributed Chapter 23, "Developing a Master QMS Plan, pp 581 - 628, in that book, published in the Fall of 2012 -- visit the book's website .

510(k) CLEARED

John completed the successful submission of a 510(k) for a lumbar puncture needle. The submission cleared the US FDA for marketing in the U.S.  The submission included a multi-page FMECA and FDA MAUDE review and analysis, as well as the standard comparison matrix w/ the predicate device, in order to substantiate the SE claim. These are standard activities that are performed for the client with these type of submisions.


John recently completed a project to develop / fabricate a low cost, NIST-traceable calibrateable pull tester to perform real time seal strength tests on pouch seals. The project also included SOPs on the test and three different X-bar and R control charts, including the establishment of the control chart limits (average, and 1-, 2-, and 3-sigma limits), and a training component.


John was selected to assist in the development and selection of topics for the Institute of Validation Technology's Process Validation 3 day symposium held in San Diego CA. He ended up providing the material presented at four workshops (two presenters didn't show due to sickness), presenting three himself (one more than scheduled. 


John E. Lincoln, principal, has been awarded "IVT (Institute of Validation Technology) 2017 Author of the Year", for his articles on "Cybersecurity" and "Data Integrity". This award is given annually for the article(s) selected by the author's peers.

NEW BOOK REALEASED (2nd ed.) (Ref: Chapters 3-"Risk-Based Verification and Validation", 13-"Equipment Validation", 16-"Additive (3D Printing) Manufacturing", and 17-"Cybersecurity and Data Integrity", by J. E. Lincoln)

We recently updated two chapters and wrote two new chapters for the 2nd edition of Regulatory Affairs Professionals Society (RAPS) Book "The Medical Device Validation Handbook"; authored by John E.Lincoln. The book was released April 2018.


A major concern of medical device companies is Product Risk Management, extended to the end user, patient / clinician, required by the U.S. FDA, and using the ISO 14971 standard, or ICH Q9 (for pharma).   ISO (and the U.S. FDA) require the following, physically contained in or referenced as to location, in a product's Risk Management File.

The Product Risk Management (RM) File must address a product RM Plan, and the RM Process:

1) risk analysis;

2) risk evaluation;

3) risk control; and

4) post-production information.

This is usually accomplished by:

o Product descriptive and use data;

o Hazard List, per ISO 14971, and addressing those elements that apply; and also drawing upon other sources including MAUDE (with sources referenced in the File);

o Three FMEAs or FMECAs (Failure Mode, Effects, [and Criticality] Analysis) -- Design-, Process-, and Use-FME[C]A; - adjusted to include "normal" failures as well as "failure mode" failures (to address a common complaint in the use of these documents for medical products' risk management);

o A "Normal" Usage Problems List;

o A FTA (Fault Tree Analysis);

o A HAZOP (Hazard and Operability Study -- process analysis; if applicable);

o An analysis of any unremediated risks;

o A final conclusion as to the safety of the device.

John E. Lincoln, principal consultant, J. E. Lincoln and Associates LLC

Medical Devices / Pharmaceutical / Quality / Regulatory Affairs


Last updated 04/13/2023.