The Calcott Consulting Blog:

   Articles on Vendor Qualification:


Risk management – it does not have to be complicated

October 18th, 2011 by

At a course I was recently teaching at the University of California, Berkeley on Biotech Pharmaceutical Quality and Compliance, the topic of how to implement the ICH Q9 was brought up.  One attendee indicated that his company had tried to implement it and had run into trouble.  They had set up a Quality Risk Management (QRM) department and it just appeared that all they had done was create another function that had to review all work, SOP’s and reports.  It was like a further level of QA.  Processes were operating even slower than normal and it appeared the amount of work had mushroomed.  He indicated that in the presentation, I made it seem so easy.  he posed the question:

Where had we gone wrong? And was it to late to get back on the right path?

In reality, I find many companies that implement QRM do make it too complicated.  It should not be a separate department but rather the tools should be incorporated into your everyday processes so that simply there is just a further step in your pre-existing processes.  These processes could be change control, investigations, CAPA, complaints, environmental monitoring, testing schedules, raw materials programs, vendor qualification.  You get the picture.  Put it where it adds value.

I am reminded of one of the first times I heard an FDA’er articulate on QRM.  A few years ago (quite a few actually) I was at a conference where an FDA’er was describing Quality Risk Management (QRM) and their expectations.  It was a few months after the ICH Q9 was issued.  the speaker described agency expectations and since I knew him very well (having had lunch and a few beers socially), I approached him and indicated that I thought what he was describing was already in place in most progressive companies.

He replied:

You are right, it is.

I continued:

So what is different now?

He replied:

The agency just wants it to become second nature and get it integrated formally into your processes and, of course, document decisions and assumptions.

That was one of the most valuable set of comments I have received on the topic.

So I recommend that when making QRM mainstream, you need to do the following:

  1. Learn the tools and examples of where it can fit in.  There are many webinars out there offering the know how.  Tungsten Shield does offer some good ones on this and other topics.
  2. Examine all your business processes and incorporate QRM steps into the process that exists.  Try one first and slowly roll out across the other processes.  Change Control is an excellent one to start on.
  3. Examine after a period of time to see what works and what does not.  With QRM you have begun continuous improvement so expect changes over time as your skill increases and you find out how the company likes to operate.
  4. Remember to document all your decisions and most importantly assumptions.  Be prepared to go back if your assumptions are found to be wrong or new information  surfaces.
  5. Do not fall into the trap of setting up a QRM department or you will be mired in bureaucracy.

And, most importantly, enjoy what you are doing.

Vendor Qualification – What Can Go Wrong

August 12th, 2011 by

As Calcott Consulting spreads its wings and extends its reach into the Pharmaceutical and Biotech industry, it is time to start a blog. This is the first (and hopefully not the last post).The topic for today is VENDOR QUALIFICATION.

I routinely review FDA warning letters every month or so to see how the industry is faring and to get new information for all my classes and training sessions and the one that caught my eye was this topic. I think we are all aware of the Baxter – Heparin incident and how a lack of oversight brought disaster to the company and also its Chinese vendor of heparin. It did also cause quite stir in the industry and with the public at large.

Is this an isolated incident or is part of deeper issue in the industry? I think the latter.

I see in my audits lcak of clarity in these programs to qualify and manage vendors of services and materials whether it be a testing lab, a provider of services eg. maintenance or raw materials. Too often when I ask the question “show me your vendor managemnt or qualification program”, I am presented with an audit of the company. Similarly, when I scan and read the group discussions in LinkedIn, I am amazed by some of the questions that indicate a lack of understanding of the first principles of what needs to be done. And this is by people who are in the field in senior positions.

So what are they doing wrong. I have included some links below to go directly to the warning letters but companies who fail clearly demonstrate at least a few of the following:

  1. Delegation of all responsibility and accountability to the service provider. It does not matter who does the work, you are still responsible for the outcome.
  2. No objective demonstration that the vendor can provide what they say they can do.
  3. No tracking of performance to assure the vendor continues to provide the service at an acceptable level.
  4. Accepting sub standard materials and services

This is to name but 4. Read through the attached links to see the details.

Warning Letters to Allure Labs, Scientific Protein Labs, and Toxin Technology Labs