change control

The challenges of Change Control: sharing, documentation, training and digitisation

BLOG

The challenges of Change Control: sharing, documentation, training and digitisation

The challenges of Change Control: sharing, documentation, training and digitisation

Change Control is a key system for ensuring the quality of products and processes, especially in the Life Sciences sector where there are significant regulatory complexities.

As defined in the EU GMP Guidelines, Change Control is a formal system whereby qualified representatives from appropriate disciplines review proposed or actual changes that could affect validation. Its aim is to determine whether action is needed to ensure that the overall system is maintained in its validated state.

Change requirements (Change Requests or COC) are not specific to one department, but can affect the whole company. Indeed, they are requested by those who need to implement a change that may impact validation.

When introducing a new line, for example, the Change Request is issued by the engineering and qualifications department and includes tasks for other departments, such as validation. For a change of material or supplier, on the other hand, the Change could be requested by the purchasing department.

Supervision is always carried out by the quality control department, which usually sets up a local and/or global Change Control Committee, to which the most significant and relevant Change Controls are periodically presented, evaluated and discussed with the various impacted departments and where final authorisation is given.

 

Documentation

The Change Control system requires a written procedure (change control program) to resolve the following points.

  • Which types of change the Change Control system should take into account. To which sections these operating instructions apply.

  • Who can suggest/initiate the Change.

  • How a change can be requested (form, digital system or other communication methods).

  • How changes are classified. Who is responsible for the evaluation.

  • How the measures necessary for implementing the change are determined and who compiles the required information.

  • Who is responsible for carrying out and monitoring all necessary measures.

  • How the Change Control Committee is assembled and which tasks it has.

  • How the change will be documented (format, content, memory).

  • Who is responsible for authorising the changes.

  • What are the special rules for urgent changes.

The challenges of Change Control

The Change Control system is complex and therefore presents many challenges and difficulties. In particular:

  • Communication. Poor communication between departments, lack of follow up or escalation of change requests, delayed or inappropriate notification by suppliers, etc.
  • Processing time. Many companies manually manage change requests and documentation. This causes a lot of effort, more management time and a higher risk of errors, backlog and loss of data and documents. Digitisation does not replace approvals and tasks, but simplifies compilation, information sharing and alerts on upcoming deadlines, thus increasing control of the process.
  • Ineffective documentation. A manual system makes it more difficult to update the documentation, including the revision history, and to recover the data necessary to support the change. For example, a test might be duplicated because the documentation was not updated for the previously performed test.
  • Training: Adequate staff training is a prerequisite for both FDA and ISO. When training management is not linked to the rest of the quality control processes, especially in manual management, keeping training up to date with changes in procedures becomes complex. Procedures are usually impacted by Change and having control over the training to be given to staff greatly reduces the management time.

Change Control Management with a digital system

Change Request documentation can be managed in printed or electronic form.

Change management using a digital workflow management system not only enables documentation to be protected, organised and available, but also allows actions to be assigned to those involved, the process to be monitored and notifications to be sent ahead of deadlines, while also keeping backlogs and other critical KPIs under control.

In addition, Change Requests can connect to other processes such as CAPA.

With a digital system, the management of both processes is interdependent, so there is no risk of premature closure of one process over another.


 

PRAGMA4U is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports and dossiers that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
CAPA

Discovering CAPA. Tools and techniques for optimising the process

BLOG

Discovering CAPA. Tools and techniques for optimising the process

Discovering CAPA. Tools and techniques for optimising the process

Corrective and Preventive Actions (CAPA) are currently one of the major points of observation by the FDA.

The management of CAPAs is complex and difficulties do not always depend on staff shortages, but very often they are attributable to a problem in the structure and flow of the process. How often is it the case that not all actions are tracked, not all steps are documented or even data is lost in a cluttered system with excessively long implementation timeframes.

Furthermore, corrective action should be minimised as much as possible, as a consequence of deviations, non-conformities, etc., in favour of proactive approaches such as greater use of Quality Risk Management.

Being Proactive and Preventing is less expensive than being Reactive and Correcting!

In the following paragraphs, we will reference the regulations, explore tools and techniques to improve the approach to preventive and corrective actions, answer the most frequently asked questions about CAPAs and, finally, use an infographic to demonstrate how to simplify a CAPA process using a digital system.

Tools and Techniques to improve the approach to preventive and corrective actions

There are several techniques and tools that can be used to improve the approach to corrective and preventive actions.

The RCA uses different models and tools such as:

  • Failure Mode and Effect Analysis (FMEA) is a methodology used to analyse the failure or defect modes of a process, product or system, assess the causes and evaluate the effects on the entire system/plant. Generally (but not necessarily) the analysis is carried out beforehand and is therefore based on theoretical and not experimental considerations. It allows organisations to anticipate possible defects and errors in process design during the design phase.
  • The 5 Why method consists of asking the question “why” repeatedly until you understand all the symptoms of a problem and get to the root. The method is usually used during problem-solving activities or in conjunction with other tools, such as the cause and effect diagram.
  • Ishikawa or fishbone diagram, so-called because it resembles a fishbone with a rectangle at the end containing the effect or problem. In manufacturing, the causes or factors influencing a production process are often organised into four macro-groups, which are: labour, machines (including the energy used and working and measuring instruments), materials (raw and auxiliary materials), and methods (operating procedures or practices). The Ishikawa diagram can be used as a support in brainstorming sessions with the team.
 

Despite strong regulatory pressures, not all deviations, complaints, audit results or supplier defects should trigger a CAPA. Trend analysis and risk management can help avoid the “everything is a CAPA” syndrome.

Trend Analysis: Paying attention to trends helps us understand whether a non-compliance is an anomaly or not and whether it therefore needs a CAPA process or simply corrective action following a deviation, etc. Trends can also identify minor issues before they become more risky, perform preventive actions and help to better prioritise non-compliances for further investigation.

Quality Risk Management (QRM). Quality Risk Management is a process to mitigate or eliminate risk. It starts with an initial assessment phase, up to a final periodic review. QRM is an increasingly popular process in the upstream inspection phase of any process and helps to reduce the number of open CAPAs.

The most frequently asked questions about CAPAs

What are CAPAs?

CAPAs (Corrective Actions, Preventive Actions) are a system of quality control measures designed to eliminate the causes of a deviation, non-compliance, defect or other undesirable situation in order to prevent its recurrence.

  • Corrective action acts on existing non-compliances, deviations or defects.
  • Preventive action is taken to eliminate the causes of a potential deviation, non-compliance or defect in order to prevent it from occurring.

Through a CAPA process, a company not only develops an Action Plan, but also determines, implements and monitors the effectiveness of an identified solution. Basically, through this process, the company Quality Control system is able to “self-correct” and improve itself.

Why open a CAPA?

The purpose of corrective and preventive actions is to acquire information, analyse it and identifyand investigate problems with quality in the product so ast totake appropriate and effective actions to correct the problem and prevent its recurrence.

Key to this process will be the testing and validation of corrective and preventive actions, the communication of activities to be carried out to the responsible parties, the documentation of activities and the collection and sharing of relevant information for management review.

When to open a CAPA?

CAPAs are opened following and in the presence of certain inputs. Including:

  1. Deviations
  2. Non-compliance
  3. Change Control
  4. Internal/External Audits
  5. Complaints
  6. Rejection of products
  7. Management Review
  8. Regulatory inspections
  9. Trends in process performance and product quality monitoring

Who opens the CAPA?

Usually the CAPA is linked to other “parent” processes such as Deviations, Complaints, etc., so the people who open CAPAs are those who have previously instigated another process. However, there are often committees within companies, which discuss the process and jointly decide who should be in charge of it. Quality Assurance is generally represented in the committees.

What are the reference regulations and guidelines for corrective and preventive actions (CAPA)?

The reference regulations for the management of CAPAs are:

Although CAPAs are not specifically indicated in the cGMPs for pharmaceuticals (21 CFR 210 and 211), there are requirements that are parallel to the CAPA concept. It is clear that CAPA expectations have become a current GMP for pharmaceuticals.

21 CFR 211 (e.g. 21 CFR 211.160 and 211.192) contain requirements parallel to the CAPA requirements listed in the Medical Device Regulations (21 CFR 820) (1-2).


How do you manage a CAPA using a digital system?

PRAGMA4U is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports and dossiers that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
pharma complaints

Complaints as an opportunity for continuous improvement for Life Science companies

BLOG

Complaints as an opportunity for continuous improvement for Life Science companies

Complaints as an opportunity for continuous improvement for Life Science companies

A complaint from an end or intermediate customer may occur when something goes wrong and a defect is found in the product or service.

Complaints can concern any aspect of the drug or device, from a packaging defect to an unexpected reaction during use.

Complaint Management is part of the Good Manufacturing Practice (GMP) and is subject to inspection by regulatory bodies. It therefore requires a great deal of attention and adequate documentation.

Beyond this regulatory aspect, however, complaints management can also represent a competitive opportunity for Life Science companies. Through the Quality Risk Management approach, companies can put in place a robust and dynamic quality control system.

Moreover, the transversal management of complaints throughout the company can lead, with the support of digital systems, to greater awareness and involvement of internal stakeholders in a process of continuous improvement towards the quality and productivity of the company.

Handling complaints

Complaint management, as we have said, requires a lot of attention, a robust quality control system and supporting documentation. This enables comprehensive investigations to be carried out in order to achieve, if the defect is confirmed, prompt corrective action, such as withdrawing the entire batch from the market, and preventing problems from recurring in the future.

Complaints management is also subject to inspections by regulatory bodies. In spite of the existing guidelines outlining the way forward, there are still many Warning Letters issued by the FDA for poor complaint management.

Receiving and managing a complaint is the responsibility of the Quality Assurance department, which acts as a bridge for external stakeholders, to whom it must provide a response regarding the complaint, and for internal stakeholders, who it must interview and involve, especially during the investigation phase, in order to determine the root cause of the problem and organise response activities.

Continuous improvement through digital technology

Having centralised and organised documentation greatly facilitates the investigation phase of the complaint. This phase is divided into two parts: Document Analysis and Laboratory Investigation.

In analysing the documents, the QA team checks whether there have been previous complaints about the same batch and, if so, what the response was. If there have been no complaints, QA checks batch records for a deviation or non-compliance and then proceeds in greater depth to trace the root cause for a confirmed complaint or declare it unconfirmed. The investigation may also involve external suppliers, in the case of different packaging colour, for example, the root cause may be found in the supplier’s production process.

Having a centralised digital system for the whole company means that it is possible to trace back the related processes and all the documentation produced together with the owners and activities carried out, simply by searching for the batch number. This drastically reduces the search time, and at the same time, also increases compliance. With a centralised digital system, the documentation produced for the complaint remains archived and protected, accessible to authorised persons for potential requests during inspections and future investigations, as well as facilitating the final response to the customer and the extraction of KPIs.

Another difficulty that a digital system solves is the direct involvement of departments with assigned tasks. Indeed, there is often a tendency to rely solely on the Quality Assurance department to carry out the complaints process, when it actually concerns the whole company in terms of both cooperation during the investigation phase and any subsequent corrective and preventive action.

An opportunity for improvement here lies in the accountability of the whole company to the quality control system.

Risk Management as a Product Lifecycle Document

Using risk-based management to handle complaints can provide an opportunity for continuous improvement. When we launch a product we also create a risk management document containing the probability and severity of potential incidents that could occur when the product is on the market.

When we receive a complaint or even feedback, in addition to managing it, it is important to go back to that document and discuss with the people involved whether elements have been underestimated, overestimated or not considered. This discussion may, for example, reveal the need for further action beyond complaint management, such as opening a Change, conducting a new assessment re-evaluating the likelihood and severity of a risk or, perhaps, raising awareness of a particular process within the company.

The risk management document can become a true product lifecycle document that continuously strengthens and improves the system and the product.

In short, a living and dynamic document available to all departments concerned, not only those involved in the operational phase, but also for Top Management analysis.

 

Digitise complaints using a Workflow Management System

A Workflow Management System digitises business processes, bringing what happens in the offline world into a protected digital environment, where tasks can be assigned directly to owners and executed/recorded on the system to advance the process.

The advantage is that there is general monitoring of the process and its progress, with centralised and activity-related documentation.

Additionally, people are empowered and and directly involved in the activities, with deadlines and follow-up notifications that reduce the possibility of delays.

Two other major advantages are its integration with other complaint-related processes, such as CAPA, and with other systems, such as ERP, which provide up-to-date data on products.

Finally, a digital system allows you to extract dossiers, reports and KPIs for:

  • giving a response to the customer, including the actions put in place by the company to address the complaint;
  • providing complete documentation during an inspection;
  • and constantly monitoring trends and performance in order to implement supporting actions.

PRAGMA4U

PRAGMA4U is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports and dossiers that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
electronic dossier

Handling inspections (well) through an electronic dossier

BLOG

Handling inspections (well) through an electronic dossier

Handling inspections (well) through an electronic dossier

Life Science companies are subject to frequent inspections by partnersagencies and authorities. For example, you may receive an inspection when you introduce new lines, produce for new markets or simply have routine and/or follow-up inspections to check that the company is in line with regulations and guidelines.

A crucial stage during an inspection is the examination and review of documentation by the auditors, both in the preparation phase and during and after the inspection.

The documentation needed can be of any kind:

  • Personnel qualifications and training
  • Standard Operating Procedures (SOPs)
  • Qualification reports
  • Validation reports
  • Complaints
  • Change Control
  • Deviations
  • Etc.

Documentation Review – Remote Audits and Inspections

Documentation review has become an even more important activity for remote Audits, which, due to safety and travel constraints, have been replacing in-person audits over the last year, thanks to the great technological flexibility we have.

In remote Audits, the company being inspected (auditee) sends the required documentation to the inspectors (auditors) via a shared and previously agreed platform.

Now, imagine this documentation stage using paper systems, from the initial search for the document, to scanning it, saving the file in the folder and then sending. Quite a cumbersome process, if we consider, too, that it must be repeated for many documents.

Having those documents in digital form, on spreadsheets or in text files and saved in network folders, would certainly reduce the time involved. We also know that even in the most precise organisation, paper files in folders are prone to errorslosses and deterioration

 

Electronic dossier

Digitalising  work processes on a software platform that complies with regulatory standards and offers the ability to manage assets, digital signatures, attachments and documents is crucial during an inspection. 

Here is a practical example. An inspector wants to see documentation on deviations and related CAPAs for a particular batch. For paper documentation, as mentioned above, we would need to search in the archive folders, then scan them and share on the platform. For network files and folders, if we are organised, then we can “manage” with searching for all batch-related files and sharing them.

With a digital platform, by entering the batch number and using a simple search, we can trace one or more of the deviations the batch has encountered, the documents signed electronically, the tasks performed and also the relevant CAPAs. Once we have entered the single deviations process, we can extract a dossier, i.e. a protected pdf document summarising all information on the deviation and related processes and tasks, updated in real time and including attachments. 

The dossier can be opened, viewedsaved and printed, if necessary. During an inspection, especially remotely, it is extremely easy to go back to the documentation and share the dossier as a generated pdf file.

Customised Electronic Dossiers

The Standard Electronic Dossiers contain all the information on the process (tasks, owners, attachments and documents, etc.). 

However, not all companies can, or will, share such information with third parties, if not necessarily required to do so.

With PRAGMA4U , companies can create customised dossiers, entering the relevant process information that they want to pass on to the other party. This makes it possible to use the document for sending information to third parties, such as inspectors, but also, for example, as documentation for a customer in the event of a complaint.


PRAGMA4U

PRAGMA4U is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports  and dossiers  that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
CAPA - Corrective Actions Preventive Actions

How to check a CAPA’s effectiveness: methods, tools and questions to ask

BLOG

How to check a CAPA’s effectiveness: methods, tools and questions to ask

How to check a CAPA’s effectiveness: methods, tools and questions to ask

In companies that are highly regulated, such as Life Science, problems that impact quality need to be supported by robust and well-structured processes so as to resolve their causes and avoid recurrence. One of the most common processes and methods is CAPA (Corrective Actions, Preventive Actions).

CAPAs are not only used because they are required by the regulations, guidelines and standards, but, if carried out correctly, they can help organisations to improve their processes and reduce waste, thereby increasing their competitive advantage.

A really important step in the CAPA process is checking its effectiveness once the preventive corrective actions have been implemented. This is to ensure that CAPA is an effective solution to the problem encountered and to reduce the risk of its recurrence or, as is often the case, to avoid it recurring some time later.

What aspects and questions should be considered when measuring the effectiveness of a CAPA? What methods and tools should be used?

1. Measuring the effectiveness of the CAPA: qualitative and quantitative data

 

To verify the effectiveness of a CAPA we need to measureit using both qualitative and quantitative data. With the former, people gain insight and understanding of a problem and its resolution through the collection of ‘narrative’ data, such as interviews or evaluations from experienced personnel. The latter explain, predict and/or check developments through targeted collection of numerical data and hypothesis tests.

Any aspect can be measured, what is important is identifying the target element(s) that determine the effectiveness of the implemented actions and achieving the final objective.

Let’s take a very simple example.

Our root cause that led to the creation of a CAPA, was a transcription error that occurred when copying information from the sample label to the laboratory records. The transcription error was caused by a printer malfunction that resulted in barely legible labels.

The CAPA included changing the printer as one of its tasks. Two elements to check its effectiveness could be: returning to the printer at set intervals and qualitatively assessing whether the labels are printed correctly (qualitative data) and quantifying the number of errors generated in a given period of time by comparing them with the number of errors generated with the previous printer (quantitative data).

2. Measuring the effectiveness of the CAPA: some questions to ask

Here are some questions to guide the understanding of effort, responsibility and other aspects to be considered in measuring the effectiveness of a CAPA.

  • Who will do the measuring?

The task should be assigned to the person or team in the company who ensures that problems in the quality control system are solved according to the regulations.

  • What will be measured?

The number of errors after implementing the CAPA measures compared to the number of previous errors. The number or type of deviations that occurred as a result of the CAPA measures. Etc.

  • Where will the data be measured/tracked?

Will the measurement results be entered into the CAPA form manually? Or will they be tracked using an electronic system?

  • When to take measurements?

The measuring time and frequency depends on the severity of the issue. For issues that could affect the patient’s health, measuring effectiveness should be immediate.

  • How will the CAPA’s effectiveness be measured?

Will quantitative or qualitative data be measured? For example, if an SOP is revised, then staff performance or compliance with the new version of the procedure can be measured by monitoring the number of deviations from the various process steps described in the procedure.

  • How will the measurements be analysed?

The analysis will have to be carried out by quality control, which will then determine whether the CAPA can be closed.

  • Who will communicate the results to the Management Team?

The results of the analysis should be communicated by the CAPA plan owners, usually by sharing monthly figures.

Methods and tools to check the effectiveness of a CAPA

Periodic Checks – This method involves establishing a regular review of the process/change that was introduced through the CAPA.

Surprise internal audits – Audits can be useful for ensuring that operators, processes or equipment are following the measures laid down by the CAPA.

Sampling – Sampling is an effective tool for checking corrective measures related to environmental monitoring or laboratory testing.


PRAGMA4U

PRAGMA4U is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports and dossiers that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
Internal audit

10 tips (+1) for an effective Internal AUDIT

BLOG

10 tips (+1) for an effective Internal AUDIT

10 tips (+1) for an effective Internal AUDIT

The Audit is a fundamental process within a company concerned with quality because it allows the risks associated with compliance to be identified and the most appropriate corrective and preventive action to be taken.

Internal audits are carried out periodically and systematically within the Life Science company and allow an objective assessment of whether an activity complies with a specific standard.

Internal Audit Regulations and Guidelines:

Pharmaceutical

Medical Devices

  • FDA CFR 820

10 Tips for carrying out an effective internal Audit

1- Frequency and Priority. Adopt a risk-based approach to the frequency and priority of audits. Have a minimum frequency for each area to ensure none are overlooked. In assessing frequency and priority, consider also the complexity of the operational activities and the severity of the risk to the patient and product in the area being inspected.

2- Training and Skills Updates. Train your audit team and keep them constantly updated on regulatory changes, observations received from external inspections, quality indicators (number of deviations, NC, etc.) for inspected sections, significant changes in processes, organisational changes in the section, assessments and risk areas. In the latter case, the use of a digital tool for centralised Quality Risk Management throughout the company helps to provide a comprehensive and up-to-date overview of the company.

3- Planning. Prepare a periodic audit programme, including who the auditor will be, the topics, processes and section of the company to be audited. Internal audits are carried out under the following circumstances: in accordance with the annual internal audit plan; for a specific reason; in preparation for a regulatory inspection; whenever required by management.

NB. Management of Internal Audits requires independence between the qualified inspector and the activity being audited.

4- Preparation. Once the audit programme has been planned, it should be communicated to the sections concerned well in advance. This will allow possible changes to be planned, as well as giving the section concerned the opportunity to prepare for the internal audit. The Lead Auditor should prepare and share an agenda that includes a list of records, processes and systems to be reviewed and a review of any open CAPAs arising from previous internal audits or external inspections with any changes made within the section.

5- Launch. If possible, organise a launch meeting with all operational sections at the start of the audit. An internal audit should not take the same form as an audit carried out by a regulatory authority. An internal audit should be a collaboration between the audited function and the auditor. It should be an open, honest, collaborative learning forum where operational sections have the opportunity to openly discuss concerns and problem areas.

6- Collaboration. During the internal audit, auditors should be direct and avoid questions that mislead people. Internal audits are an opportunity to instruct staff, explaining why certain questions are being asked and providing a regulatory explanation of the review being conducted. It is also important to listen carefully to staff responses and to adopt a friendly, non-confrontational tone with them. 

7- Participation. The people directly responsible for carrying out the operations usually have a deeper insight into what is going on and what needs to be improved. This is why it is essential to involve them in the internal audit process, so that critical issues come to light during the inspection and are not overlooked.

8- Conclusion. Organise a wrap-up meeting at the end of the audit to take stock of the situation and the next steps. There should be no surprises at this meeting, as all observations should already have been discussed during the day. 

9 – Documentation. All documentation produced in connection with conducting the audit (audit plan, audit report, follow-up, etc.) must be organised, filed and always available, whether on paper or in digital form. It may also be required during the regulatory inspection.

10- Monitoring . Internal audit observations may result in corrective and preventive actions that are not always easy to monitor and track, not least because it may take months before tasks are completed. We recommend using a digital system that monitors and sends notifications and alerts to the persons in charge of the tasks and that allows the Audit to be concluded only when all tasks have been completed.

11 Report. At the end of the audit, the Lead Auditor shall draw up a report, with the assistance of the Audit Team. The report should be shared with the team, managers of the departments involved (always including the QA manager), the plant manager and the person in charge.

Audit management with a digital system

Managing the audit process with a digital system allows you to:

  • log internal and external audits received and carried out;
  • continuously keep track of the progress of Observations generated throughout their life cycle;
  • monitor the processes and tasks resulting from the observations, such as CAPA, non-compliance, Change Control, etc;
  • send follow-up notifications to the people in charge in order to finish the tasks;
  • conclude the Audit only when all actions to resolve observations have been completed;
  • track and monitor the impacts of audits on processes and the organisation;
  • archive and organise the documentation produced (audit plan, audit report, follow up, wrap-up documents) and make it available if requested during the audit;
  • draw up and keep track of the Action Plan needed to resolve deficiencies;
  • create a strong link between Processes: for example, a dedicated system allows a CAPA, Change or Non-Compliance process to be initiated directly from an Audit.

PRAGMA4U

PRAGMA-WFM is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports  and dossiers  that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
procedures

6 Tips for writing effective procedures (and reducing the number of deviations)

BLOG

6 Tips for writing effective procedures (and reducing the number of deviations)

6 Tips for writing effective procedures (and reducing the number of deviations)

Can procedures impact the number of deviations?

Deviations arise when unforeseen events or problems deviate from an approved GMP process and/or from what is required/accepted in the GMP area. 

One of the reasons why people deviate from a GMP process is that it is not effectively and clearly explained in the SOP . This can cause lack of understanding on the part of staff and misinterpretation of the process, which can then result in deviations.

How do we write efficient procedures?

We have identified 6 useful tips.

1. Keep four simple concepts in mind:

Say what you do. When writing the SOP, describe what you do and outline the steps taken to achieve compliance with a regulatory requirement.

Do what you say This is equivalent to following the standard procedure.

Prove it. This means collecting and being able to present data demonstrating that you have followed the instructions in the procedure and have investigated any incidents in which you have deviated from those instructions.

Improve it. Once you have mastered the first three concepts, you can start working on the concept of “improvement” by reviewing and updating your procedures to reflect current practices and process refinements.

2. Balanced information

Writing an SOP with the correct amount of information, neither too restrictive nor too ambiguous, is not an easy task. It takes time and effort to create an SOP with the right balance of information.

Procedures should have the correct amount of information for keeping the process under control and reducing deviations. An example of an SOP with too much information would be one that lists the serial number of a piece of equipment. If the equipment has to be changed for any reason, this will result in a deviation. An example of ambiguous information is not indicating the specific order in which reagents must be added to generate a reaction. If it is important to add the reagents in a certain order, this information must be specified in the SOP.

3. Target audience

When writing an SOP, it is a good idea to keep in mind the target audience and adapt the language to the intended audience. In any event, we should avoid overly technical language in favour of clarity and precision. We should also aim for concise and action-oriented sentences.

4. Check and measure understanding of an SOP using qualitative and quantitative data.

This links back to point 3, namely keeping the audience in mind and checking whether they actually understand the SOP. How do we do this? For instance, by involving the end user in the review phase and then analysing quantitative and qualitative data, such as the number and type of wrong answers during training, the implementation of the process described in the SOP on a target group and the number and type of deviations related to the SOP.

5. Follow clear formatting

Paragraphs that contain too much information are difficult to read. One suggestion is to add an extra paragraph to make the information more user-friendly and to use bullet points, images and graphics to make it even clearer.

6. Revision History and Current Version

Keep track of the revision history and ensure that the current version of the SOP is available to everyone involved. Obsolete procedures represent a very serious error, which can be particularly common in companies that use a paper SOP system. A digital system, on the other hand, automatically blocks the obsolete version, making only the current version available centrally to all staff involved.

References: S. Schniepp, “Writing Effective SOPs,” Pharmaceutical Technology 44 (10) 2020, https://www.pharmtech.com/view/writing-effective-sops


Digitise your processes with PRAGMA4U

PRAGMA4U is a modular and scalable Workflow Management System platform that digitises work processes in compliance with FDA and cGxP guidelines.

It enables companies to: have documentation that is protected, always up-to-date, organised and linked to the source processes; assign and implement workactivities directly on the platform; easily share information between departments; keep processes under control using KPIs; and compile reports  and dossiers  that will be useful for inspections.

The platform can contain multiple processes, creating a true digital map of the company. It also integrates with other systems, such as ERP, simplifying the compilation and updating of data.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
Quality Risk Management

Quality Risk Management (QRM) and ICHQ9 – Part 1

BLOG

Quality Risk Management (QRM) and ICHQ9 – Part 1

Quality Risk Management (QRM) and ICHQ9 – Part 1

The International Conference on Harmonisation (ICH) guideline Q,  Quality Risk Management, is the first internationally recognised guideline that specifically addresses QRM for the pharmaceutical and biopharmaceutical industries. 

Published in June 2005, the guideline offers an overview of the general principles of quality risk management, an example of a risk management lifecycle, a discussion of the activities that occur at each stage of the cycle and a list of tools and areas of the quality control system to which QRM can be applied.

ICH Q9’s intention is to focus the behaviour of industry and regulators on the two primary principles of Quality Risk Management, which are:

  • quality risk assessment should be based on scientific knowledge and related to patient care;
  •  the effort level and documentation of the Quality Risk Management process must be commensurate with the level of risk.

There is no Zero risk

Risk is defined as the combination of the probability of damage occurring and its severity. The ICH Q9 Guideline debunks a myth found in previous industrial and regulatory cultures: the concept of zero risk. In the old quality paradigms, drug manufacturers sought to eliminate risk from their products and processes, taking their cue from regulators who implied, through publications and regulatory inspections, that no degree of risk was acceptable. However, ICH recognises that “the manufacture and use of a drug (medicine), including its components, necessarily involves a degree of risk”, which must be managed to protect product quality and patient safety. The challenge, therefore, shifts from achieving an almost impossible concept of ‘perfect’ quality to understanding what constitutes an acceptable risk and attempting to reach that state.

Moreover, risk management is not necessarily linked to the use of rigorous and detailed tools, such as FMEA, instead the guideline explains how to apply the principles of risk management to the practice of risk management itself; the use of formal or less formal approaches is acceptable, provided that the effort is proportionate to the risk of the product, process or system to be assessed. This enables the industry to incorporate risk management into all aspects of operations without the need to undertake a formal, staff-intensive exercise. 

QRM does not replace regulatory requirements

Furthermore, Q9 is quite clear that “the appropriate use of quality risk management can facilitate but does not remove the industry’s obligation to comply with regulatory requirements and is not a substitute for appropriate dialogue between industry and regulators”. Moreover, compliance with all applicable laws is mandatory; risk management cannot be used to justify non-compliance or to argue why a regulatory requirement need not be met. 

Rather, QRM can be used to offer perspectives on how to best comply with standards and to characterise aspects of quality that are not specifically associated with compliance.

More info: Tools and tips to make the best use of Quality Risk Management 

Advantages of a QRM approach 

  • Improved product quality assurance through proactive identification and avoidance or minimisation of quality risks
  • Identifying sources of variation in the product and production process that can be targeted for continuous improvement;
  • Improved decision making as QRM provides a lens through which scientific data and information can be viewed to better evaluate options and understand the potential outcomes of a given decision; 
  • It has a positive impact on the scope and level of regulatory oversight, increasing confidence in the authorities.

References:

ICH. ICH Q9: Quality Risk Management. June 2005
Quality Risk Management 101: ICH Q9 In Context – Pharmaceutical Online – March 28, 2018

More info: Quality Risk Management Lifecycle – Part 2

How can we help you?

Specialist Consultancy for Computer System Validation & Data Integrity

Specialist consultancy for Equipment Qualifications, environments and utilities

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
digital transformation

Digital Transformation in Life Science companies: impacts and opportunities

BLOG

Digital Transformation in Life Science companies: impacts and opportunities

Digital Transformation in Life Science companies: impacts and opportunities

Digital Transformation: we have all heard these words at least once. Especially in recent months, in the light of the pandemic. Many companies are dealing with remote contactsoverproduction and the adoption of digital tools in order to continue their business.

Digital Transformation,  however, goes beyond the introduction of new technologies, leading rather to a total rethinking of the organisation and posing more cultural than technological challenges.

In the following paragraphs, we will analyse the meaning and impact of digital transformation and what scenarios and challenges lie ahead for the Life Science businesses.

Digital Transformation

Digital Transformation has been talked about since the late 1990s, as an approach that involves the whole company and introduces changes in the business at a technological, cultural, organisational, social, creative and managerial level.

Digital Transformation encourages participants to share, be transparent and inclusive in the process and places the recipient of the final service at the centre of the development, if not actually participating in it.

Digital Transformation is a ‘gateway’ to the future and to maintaining competitiveness in the marketplace. Companies that have already implemented projects related to the use of new technologies achieve “a profitability that is 26% higher than other companies and a market value increase in the region of 12%”.

According to a SAP report, most companies understand the importance of digital change, but only 3% have implemented digital transformation projects within the company.

Companies that are considered leaders in Digital Transformation have the following characteristics:

  • they consider Digital Transformation to be at the very core of their business (96%) and technology as highly important for achieving a competitive advantage (93%). With this in mind, leaders are also rethinking their business models;
  • they prioritise customer contact activities. The 92% of leaders in Digital Transformation have already set up strategies and processes for improving customer experience. Generally speaking, they consider the latter to be the gateway to successful digital transformation;
  • they invest heavily in digital research and training of employees, so as to be ready for change. The 71% of leaders also state that investing in digital transformation makes it easier to attract and retain talent;
  • they are built on a bimodal structure. This is an organisational model that takes into account a company’s technological tradition and brings this element together with the more typically innovation-oriented aspects. This enables the business to be run efficiently while at the same time introducing new technologies to remain competitive, especially Big Data and Analytics (94%), Machine Learning (50%) and Internet of Things (76%).

Departments that are most often digitised in the Life Sciences sector

 

For Life Science companies in particular, being part of a digital ecosystem implies easier communication and sharing of data, extending from regulating bodies right up to the patient.

 

Of great interest in this respect is a study conducted by KPGM on digitisation within the Life Science businesses of Germany, Switzerland and Austria. The research looked at 75 companies, including pharmaceutical, medtech and other Life Science companies. 

The departments with the greatest digitisation are IT and Quality Assurance. Quality Assurance is also the area where most digitisation projects are planned. The areas least affected at the time of the research were logistics and production. Although in recent months, there has been a sharp increase in interest and projects in these areas.

Just the increase in efficiency is, according to the research, one of the major benefits of deploying digital technologies, including the agile design of R&D processes (39%). Closely followed by the advantage of optimising Quality & Compliance processes (28%).

 

Efficient internal processes and an agile approach

 

Before implementing a technological solution, it is advisable to reflect on our own internal processes. How they can be simplified. Only then should we ask how a digital tool can fit in. Without this prerequisite, there is a risk that instead of increasing productivity, the technologies will lead to further wasted time for the staff using them.

Another issue to consider is transversal collaboration with internal and external stakeholders who will make use of the technology, even if not managing it directly. The advice is to involve them and create cross-functional teams within the company and the group to jointly evaluate and test the new technology, the impacts it will have and how to manage them.

The agile approach can help with tackling the uncertainty of a new technology and the change it entails, as it allows the best solution to be implemented gradually while making quick decisions.  The agile approach involves setting up working groups that are horizontal to the organisation’s hierarchy for rapid prototyping and testing of the best solutions.

Culture and digital skills

Amongst the biggest challenges for more than80% of Life Science companies (KPGM report), are the lack of digital skills and acceptance of new technologies on the part of employees.

The introduction of new technologies might in fact be  seen as replacing human activities with the consequent risk of job losses. Therefore, fear of this may lead, consciously or unconsciously, to employees’ resistance to change. If this is the case, management should intercept the fear and convey the message that Digital Transformation is an opportunity to increase one’s skills, remain competitive in the labour market and have the opportunity of changing a repetitive job for a more valuable one within the company.

Companies often employ coaches to help them establish a culture of digital change.

When it comes to lack of digital skills, many companies have undertaken to retrain their employees. Starting with an assessment, they have provided personalised routes for digital growth. Training of this kind certainly involves a significant investment. Many companies in KPMG’s research expressed considerable doubt about their ability to develop such skills.

In this respect, a critical parameter in the digital transformation process is a clear definition of the qualified employee profile that will be required in the future. The training system must therefore adapt to these requirements with specific training programmes.

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA
Quality risk management

Quality Risk Management Lifecycle – Part 2

BLOG

Quality Risk Management Lifecycle – Part 2

Quality Risk Management Lifecycle – Part 2

According to ICH Q9, the benefits of risk management are to be achieved through the application of a QRM lifecycle. This is an iterative process consisting of four primary phases (risk assessment, risk control, risk review, risk communication), each facilitated by the application of risk management tools.

While ICH Q9 recognises that other lifecycle models can be used, most companies have adopted the model contained in the guidelines.

In the start-up and planningphase, ICH Q9 describes the activities that could be performed as follows:

  • define the problem and/or risk situation, including the relevant assumptions to identify the risk potential;
  • identify personnel and leadership;
  • outline the expected results;
  • specify a timeline, documents and an adequate level of decision-making for the risk management process;
  • collect basic information and/or data on the potential danger, damage or impact on human health that is relevant for the Risk Assessment.

The ICHQ9 guideline does not indicate when or under what circumstances the Quality risk management process should be initiated, or which triggers could activate this first critical step.

Risk Assessment

The Risk Assessment consists of identifying hazards andanalysing and assessing the risks associated with exposure to these hazards. It is typically based on the use of risk management tools, which allow a methodical and structured means of identifying and analysing risks.

The Quality Risk Assessment begins with a well-defined description of the problem or risk issue. At this point, a risk management tool and the type of information needed to address the risk will be more easily identified.

To define the risks, it is useful to answer 3 questions:

  1. What could go wrong? (Risk identification). Systematic use of information (historical data, theoretical analysis, knowledge-based opinions, stakeholder concerns) to identify dangers related to a problem.
  2. What is the probability that it will go wrong? (Risk Analysis). Each hazard is analysed to determine its relative criticality, using the risk equation (probability x severity = risk). It is a qualitative or quantitative process that links the probability of occurrence and the severity of damage.
  3. What are the consequences (severity)? (Risk Evaluation) Finally, the identified and analysed risks are compared with predefined criteria to determine their acceptability (risk assessment).

Our Risk Assessment Advice

In carrying out an effective Risk Assessment, the robustness of the data set is important because it determines the quality of the output. Showing assumptions and reasonable sources of uncertainty increases confidence in this output and/or helps to identify its limitations.

The uncertainty is due to the combination of:

  • incompleteknowledge of a process and its expected or unexpected variability;
  • knowledge gaps in pharmaceutical science and in the understanding of the process, in the sources of harm (e.g. failure modes of a process, sources of variability) and in the probability of identifying problems.

The output of a Risk Assessment is a quantitative estimate of the risk or a qualitative description of a series of risks.

Risk Control

In this phase,the risks are reduced to an acceptable level. This is perhaps the most important stage, as it is the point in the process where control strategies are identified, implemented and continuously improved; risk control is the phase that guarantees adequate patient protection.

The main activities are:

  • Risk reduction – actions taken to reduce the probability of damage occurrence and severity. Focuses on quality risk mitigation and prevention processes;
  • Risk acceptance – Confirmation that risk mitigation actions have not adversely affected the overall risk profile by introducing new risks or increasing risk levels, the risks are adequately controlled (i.e., that risk mitigation actions and other risk controls are effective) and the resulting risks are acceptable. Risk acceptance consists of a formal decision to accept the residual risk or a passive decision in which the residual risk is not specified.

In the event that the risk remains unacceptable following risk reduction, the cycle returns to the risk assessment stage and the process can be repeated.

Our advice for the Risk Control phase

The amount of work and resources invested in risk control should be proportional to the magnitude of the risk. Decision-makers can use several processes, including cost-benefit analysis, to understand the optimal level of risk control.

Risk Control could focus on the following questions:

  1. Is the risk above an acceptable level?
  2. What can be done to reduce or eliminate the risks?
  3. What is the right balance between the benefits, risks and resources?
  4. Did the new risks start as a result of the identified risks being controlled?

Quality Risk Management Output/Result

After risk control, there is an output. Although included in the QRM life cycle, ICH Q9 does not provide any narrative description of what such an output or result might entail.

Generally, at this stage a report is compiled on the results of the risk assessment and risk control, the risk reduction efforts undertaken and the acceptability of the residual risk.

Risk Review

Once the risk control has been completed and the results documented, the risk review phase begins. The goal is to ensure that previous activities and associated deliverables remain accurate, relevant and complete in light of changing conditions. Knowledge gained during the product lifecycle, ongoing activities, such as product, process or system changes, unplanned events, such as customer deviations and complaints, and changes in internal and external business and regulatory climate can impact the decisions taken in the risk assessment and acceptance phases.

Risk review, therefore, involves aperiodic or event-driven review to determine whether the original risk assessment needs to be updated and whether risk acceptability will therefore be affected. In this sense, ICH Q9 presents the risk review as an opportunity to confirm the continued validity of decisions made within the QRM process.

The review frequency should be based on the level of risk.

Risk Communication

A critical and often overlooked element of the QRM lifecycle is risk communication. The objective is to ensure that all interested parties are aware of the information on risks, including aspects such as “existence, nature, form, probability, severity, acceptability, control, treatment, detectability or other aspects of quality risks”.

Such communication occurs most commonly in the output phase of the QRM lifecycle, through documentation associated with risk assessment and control activities as the primary communication mechanism; however, risk communication can and should occur at other stages of the QRM lifecycle, depending on the nature and criticality of the identified risks.

A significant challenge in quality risk communication lies in the relatively limited options for communication between QRM professionals, decision-makers and the patient. Unlike intrinsic risks (such as known adverse reactions), which are typically communicated through product labelling, extrinsic risks, including quality risks, have no defined communication mechanism.

Our advice for the Risk Communication phase

In Risk Communication, it is important to take into account the following elements:

  • stakeholders must communicate in all stages of the Risk Management process;
  • the result of the Risk Management process must be adequately communicated and documented;
  • the information contained in the report may relate to the existence, nature, form, probability, severity, acceptability, control, treatment, recognition or other aspects of risks;
  • communication is not required for each acceptance of risk;
  • between industry and regulatory authorities, communication relating to Quality Risk Management decisions can be made through existing channels, as specified by the regulations and guidelines

References:

ICH. ICH Q9: Quality Risk Management. June 2005
Quality Risk Management 101: ICH Q9 In Context – Pharmaceutical Online – March 28, 2018

MORE INFO

Subscribe to our newsletter

Increase your knowledge, join a community of professionals and stay up to date each week on the latest industry news.

SHARE ON SOCIAL MEDIA