During the last couple of months I have been working with a company that is undergoing a transition as products move through their pipeline – quite a radical shift in strategy.  Over the years, their Quality Management System (QMS) has evolved.  But as with all evolution, the small incremental changes that occur might lead along a path to an improved system or an evolutionary dead end.  With this radical shift, they invited me to come in and assess what they are doing right, what they are doing badly and what, perhaps, they are not doing.

So the first step is a gap analysis which entails reading documents and records and interviewing people.  Fortunately, management is highly supportive of this exercise so I got extreme cooperation from all parties.  Documents (SOPs policies, quality manuals and quality plans) were supplied to illustrate the systems.  In addition, I requested records which were supplied readily.  These included deviation investigations, CAPAs and change controls, to name just three types.  While I cannot look at all, I asked that typical examples be shown.  I want to see the average type record – neither the best nor the worst.  During discussions, which ranged from 1 on 1s to small groups, people felt comfortable describing what they liked and what they found frustrating.  The interesting feature I noted was that the same frustrations were felt universally across the organization.  It did not matter whether it was QA, QC, engineering or production: all felt the same.

The analysis revealed that the three systems described were all weak.  While the company used an electronic system to track and manage the system, the end result, the reports, did not meet the requirements of either the practitioners or me.  That is, they were neither well written nor clear.  They lacked the clear logic to explain what had happened and why for deviations, how the CAPAs linked back to the deviations and the rationale for the change in the change controls.  And why was this?  In a way the people involved had treated their systems as hurdles that had to be overcome to move to the next step, rather than the tools they should be.  With the e-system, it appeared the goal was to move the document from their inbox to next person’s inbox.

They had lost sight that an investigation’s goal should be to:

• Uncover what went wrong, identifying the factors that contributed to the issue (they got some of the factors but not all).
• Recover the material or data (they were good at that)
• Prevent it from happening again (not good at that)
• Prevent similar things from happening elsewhere (almost totally absent)

In this case, the e-system had done a grave disservice to the company.  It had taken the thinking out of the process; it had subverted the process from serving the operations to a system that had to be served.  It had also driven behavior into short term thinking versus long term.  They had cultivated a fire-fighting mentality.

The exact same thing had happened in the change control system.  There was not a critical evaluation of any of the changes.  The changes were made to save materials rather than build a rugged process or system.

To combat this systemic problem (and all three areas were linked), we embarked on a training session.  It included three elements

1. Back to basics of the three systems – explaining what the desired state was and how to get there.
2. Teamworks which had real life examples of challenges using some of the principles and skills learnt.
3. Practical examples from their company. I selected examples of deviations/investigations and CAPAs and change controls and worked through with the group some examples. After I gave my read on the situations, I let them loose to try out the new skills themselves.

During the second round, there was a breakthrough by one of the staff members.  Suddenly, the light bulb went off.  I have never seen such an excited person in all my years training.  I am going back in a couple of weeks to see how things are going.  I am quite optimistic.  I will keep you posted.

Posted in Clinical Manufacturing, Commercial Manufacturing, GMP, News, Quality Management Systems, Risk Management| Tags: Services, SOPs|Leave a comment

Every company I work with has a problem with their auditing program.  Some believe they are overdoing it and others feel they are not doing enough.  In a sense, they are both right.  In actual fact, they are all overdoing it in certain areas and underdoing in others.

Back when I started in Industry, and I am afraid to tell you exactly when, auditing programs were written in stone in SOPs.  The frequency, duration and number of people were defined and rigorously enforced.  Audits were conducted each the same way and lists of findings were assembled and sent to the auditee.  If lucky, the findings were responded to and CAPAs developed.  The report was closed out and filed.  After the prescribed period of time, the process was repeated.  Often the same findings were seen at the next audit.  So either the CAPA was not done or it was ineffective.  Not exactly an efficient, effective process, but it satisfied the regulators.

Today a program like that is just not acceptable.  Why?  Have the regulations changed? Have our expectations changed?  Has the world changed?  The answer to each is yes.

Over the last 20-30 years we have seen a lot change.  We have seen drug tampering (Tylenol and cyanide), counterfeit drugs in the market place (you get those emails for those drugs at unbelievable prices) and incidents like the Heparin / Baxter problem.  Both industry and regulators have taken note and reacted.  In the US and EU, regulators have recognized the problems and issued new regulations and guidances.  The Falsified Medicines Directive (FMD), Food and Drug Administration Security and Innovation Act (FDAsia) and the Drug Supply Chain Security Act (DSCSA) have been issued and are in the process of implementation.  So how does that fit into the auditing program?  It is because the auditing program is a tool that will enable you to meet the spirit of what these regulations are driving at.

We perform both internal audits of our own operations as well as audits of third parties.  These third parties include our CMOs, our suppliers of raw materials, excipients, actives as well as services such as testing labs, engineering functions and distribution to name a few.  The functions of an audit are many fold including a component of the assessment of whether we care to do business with an entity (the Vendor Qualification Program) as well as as a routine assessment of whether we want to continue to use them (continuous verification) and an assessment after some element has failed (for cause).

Each of these is approached differently, depending on the nature of why we are auditing.

1. Vendor assessment – usually, you have never worked with the vendor before, or at least recently, so this is an exploratory audit to assure they are operating to an appropriate standard that is compatible with our expectations.  Because of this, the goal is to assess all their systems.
2. Continuous verification – you have experience with this type of vendor.  You know what they do well and perhaps have identified areas where improvement might be needed.  You are often following up from previous audits or experience with their services (described in the annual product review).  So it is often more directed than the qualification stage of vendor assessment.
3. For cause – something has definitely gone wrong.  So this is a very directed audit towards the areas of potential deficiency.  The outcome may be to continue to use or to terminate the relationship.

Which brings us to how to conduct an audit to add value.  ICH Q9 is a wonderful guidance that if used intelligently can aid you in developing a truly risk-based auditing program: that is to balance the “too much” versus the “too little”.  I highly recommend integrating this guidance into your auditing program.  Remember if you do not document your risk decisions, you will be found lacking by the regulators.

I use the old moniker of

say what you do,

                    do what you say,

                                          prove it and

                                                           improve it.

Put another way it is really documents, execution, records and continuous improvement.

These following steps may aid you in defining the audit program.

1. Never schedule your auditors more than 67% of their time and that includes prep time and report writing time.  The extra 1/3 is important for the unexpected such as the for cause audits, the new suppliers, the new emergency programs and also the deep dives you provide as a service to your internal customers.
2. Determine the risk factor for the particular vendor.  That includes not just the service provided but the track record of each.  This will determine the frequency, duration and manpower needed. And this needs to be kept current because situations change.
3. You have limited time at the vendor so use it well.  Prepare the outline of what you want to accomplish (the type of audit), what you know, what questions need answering.  If possible do work before you arrive.  That could be sending out a focused questionnaire to relatively simple elements (you can confirm when you arrive).  Even present to them a proposed agenda, so they are prepared and have no excuse when you arrive.
4. So what do I focus on when I arrive.  A typical process flow approach is my choice.  For actives suppliers or CMOs, I walk the process with my questions and get my answers in situ.  Armed with my preparation work, I walk through the facility and quite prepared to stop even for a significant length of time to explore more if I sense an issue.  For testing labs walk the samples.  This is the execution component
5. I look at paper work later and I focus on the various quality systems of interest.  I do not read SOPs or policies but rather focus on the records part.  I look at deviations and investigations, CAPAs, change controls and lot dispositions.  The threads I find lead me into the various other systems.  I find these systems are the pulse of the organization and tell you a lot about the company.
6. If necessary, I go to SOPs and policies.  That is the documentation part to confirm that what they say corresponds to what they do.
7. I also look at operations and people to detect signs of continuous improvement which is often picked up, not in documents, but in conversation.
8. I usually look to see evidence of a modern approach to quality as evidenced by an active involvement of management.
9. In the close out I gather the observations which I have ranked using the EU standard of critical, major and minor.  In the discussion I might even make some suggestions of how improvement might be made.  But it is the company’s decision on the how to address really.
10. After you get home, make sure to follow up with requests for CAPAs after the agreed upon time frame.

BTW, one of my first stops is the bath room.  Not because of a medical problem but  to see how it is kept.  Companies that have a good QMS have clear bathrooms.  For those with QMS problems, the bathroom can be a telltale.

Posted in audits, Commercial Manufacturing, Contract Manufacturing, FDA Guidance, GMP, News, Quality Agreements| Tags: Services, SOPs|Leave a comment

Over my career I have lived and, unfortunately, died by Metrics.  What do I mean by that?  Metrics if developed carefully, and with thought, can help us attain our goals.  However, badly thought out metrics don’t just not help us from attaining our goals, they can actually prevent us from attaining them.  Because they can be counter productive.

Is this new?  No, I have seen it for decades both working in the industry but also as a consultant to the industry.  I find it’s amazing that these bad metrics are not isolated to companies with poor compliance records, but also to the companies who are leaders in doing things right.  Of course, with confidentiality, I can not name names, but I can talk about them and give advise in the public domain.

What are these bad metrics.  They are metrics that have been set up in order to measure and control certain outputs.  However, when set up, they encourage the wrong behavior.  How is that possible?    I will give you two examples.  Now, let me explain.

1. First example

I was visiting a company recently for a training session on quality systems.  During the break, one of the attendees took me aside and described a situation at his company.  He asked the situation to be kept private.  And by that he meant that not only should I not describe it in  public describing his company but he did not want management at his company to hear about it ascribed to him.  Of course, I honored his request so you will learn neither who the person is or the company.

As with most companies, they wrestle with investigations taking long times to close out which leaves the company vulnerable both operationally and from a compliance perspective.  So to combat that and to drive closure, the company instituted a metric of “All investigations to be closed in 30 days”.  Depending on the number open during the year, the persons performance rating would be impacted.  Performance impacted equals decreased pay raise, bonus etc.  You get the picture.

Result, the number of investigations lingering past 30 days goes down.  Management is content and everything is improved.  Or is it?

The answer is no!!!!!  Yes, investigations are closed out quickly, but are they really completed and accurately describe what the root cause or contributing factors are?  In the haste to get a good grade, people are closing out investigations prematurely with poor root cause analysis.  Without this “good” investigation, the CAPAs developed are not directed to the right things.  So the CAPAs do not solve the problem and the result is that the problem reappears – in other word, we get repeat observations.

A better metric would be a goal of no repeat deviations or discrepancies.  That would indicate the CAPA worked because the investigation was thorough.  With decreased repeats, the work load would decrease giving better opportunity for effort on the unique observations.

2.  Second example

I was visiting a client one day to examine their quality systems, especially deviations and their handling.  I had flown for several hours to visit the company and was met by the plant manager who indicated that the issue that I was there for had been solved and they did not need my services for that.  Since I was already there, and he was paying anyway, I suggested I look at the remediation and maybe other systems in need of help. So off we went.

Apparently, over the last few weeks the PM had had a great idea.  He linked pay for performance to the number of deviations in  the department.  And immediately (for the last two weeks at least), there had been a 20% reduction in deviations.  The first thing I did was to go to the lot disposition department to see how things were and talked to the staff there.  They immediately reported that over the last week or so there had been an increase in the number of batch records arriving with serious errors and deviations that had not been highlighted. Previously, the Production department were encouraged to self report deviations and highlight them to QA. Now it was up to QA to try and find the errors.  Clearly a step backwards.  So the metric of reducing deviations had not decreased the number but rather the reporting of the deviations.  The deviations were still there but not reported.  We all want less deviations but this is not how to get it.

In both these incidents, the metric had driven the wrong behavior.  So how do you set up metrics that work.  I recommend this simple process.

1. First identify the system that you want to work on. In these cases, the investigation system.
2. Define the out come you want.
   1. In the first, closure of investigations.  While timeliness is important, surely, getting it right so we have a good chance of an effective CAPA to prevent recurrence is the real goal.
   2. In the second case, of course, you want to get no deviations, but if they have occurred, you want them reported, so they can be investigated properly so we can get effective CAPAs so they don’t appear again.
3. Based on the input of point 2, set up metrics to drive the right behavior.
   1. For example one, you can have a metric of no repeat observations.  That indicates that the investigation was thorough and the CAPA directed to the right thing.  Hence, it solves the problem.
   2. For example 2, we want batch records to arrive in QA – right first time (RFT).  That is completed, checked and all deviations highlighted and put into the system for resolution.

Both these sets of metrics looks in to the future versus simply the immediate.

Are these the only examples or areas.  Of course not, but if you follow these principles, you will get improved operations.  Before any metric is established, ask the questions”will this metric drive the behavior and result I really want?”  And be careful what you ask for.  It might not be what you really want.

Posted in Commercial Manufacturing, Contract Manufacturing, GMP, News, Quality Management Systems, regulatory citations| Tags: Services, SOPs|Leave a comment

I am often called into companies to identify opportunities for improvement in processes, products and also the Quality Management System as well. These projects give an opportunity to learn how an organisation ticks, its strengths and its weaknesses. Often management initiates the process by giving me their list of systems that they believe are broken or at least not operating as efficiently as they would like. But not always.  They want these worked on but sometimes are reluctant to consider the systems they consider working well.  Or maybe these “working systems” are the ones without the loud squeaky wheel attached.  That is, the one flying under the radar and silently deficient.

I usually take these lists and negotiate with the company that I should look broader than those that they have identified.  That is not to create billable hours but rather because of efficiency. While they may have identified some of the deficient systems, they may not have all.  Also it may be that the ones they consider working well are in fact not working well at all or they may have a system with overkill in place.  Now, if there are some very good systems, you can learn a lot about an organisation if you can understand why some are good and others not.  What causes this?  it can be an uneven management or a pocket of progressive people who are 100% dedicated in the face of adversity.

The key is to bring me in once to identify all the opportunities rather than bring me in twice.  It costs more.  It adds months to the timeline if I have to do it twice.

So what do I usually find?  First, management often does have a good perspective of the “bad” systems.  Often they have identified the very painful ones – the ones in dire need of improvement.  But not always.  This has to be teased out by careful interview of process owners and stakeholders and users alike.  In the interview, it is critical that it is the system that is examined and not the person who runs it.  These people are trying their hardest (in most cases), its just the tools, resources and environment that prevents them from running a successful process.  In 90% of the time it’s not people but the environment they are working in that causes the problem.  Most of these organisations are working at 100 mph with compulsory overtime needed to just get the basics done.  There is no time for future thinking, the fires are burning out of control and there are just not enough firemen to keep the place from burning down to the ground.

What I also find are organisations that are reluctant to change.  The last time somebody took a risk and it failed, they were punished.  You can bet the next time they don’t risk going out on a limb.  When I talk with these folk, I often find processes that are unwieldy, overly complex.  It’s not uncommon to see SOPs of 40, 50, 60 pages long.  No wonder there is a deviation at every turn.  These deviations then flood the investigation system.  With a 30 day to complete the investigation and a backlog, what happens next.  Well, they wait to day 28 or 29 because they are working on other things and are caught between a rock and a hard place.  Got to get it completed or I miss my goal of 30 days.  Get it signed off and off my desk and get the CAPA in place.  And what is the CAPA?  It’s usually retrain operator or rewrite SOP.  These are easy to think up and everybody is familiar with these.

And do you really believe that these two CAPAs are going to work and prevent a recurrence?  Absolutely not.  I was auditing a company recently and over 80% of CAPAs were retrain operator or rewrite SOP and that was for a set of recurring issues that did not go away over a 4 year period.  Complacency had set in.  Are we really that bad at training and writing that it does not solve the problem?  Or is the CAPA not directed at the right thing?  I think we all know the answer.

So what is my job?  First to look at systems and get them into three categories.

1. Ones that are clearly deficient – these need major surgery.  Or they may not even be in place.
2. Ones that are overkill – look for ways to back off what is being done
3. Ones that meet the need – they are adequate although they may not be world class or one that you can proudly say are a 10/10 system.  At this stage, if it works at the right level, leave it. It does not have to be perfect.

Category 1 and 2 need the major work. These systems are really tools in a tool box to allow us to operate our business and these tools have lost the vision of what they were intended.  Instead of serving us to help us get the work done, they take on a life of their own.  These tools now control us and make us jump through hoops.

However, as my father once said, “If you can identify a problem, you are 50% on the way to the solution” And that is when the fun begins with getting these overworked people together to look for opportunity to eliminate non-value added work which will free up resources to put on the other Towering Inferno areas.  And its contagious.  Solve a problem once and the next problem is much easier to solve.

It’s these moments I really cherish.  When I see surgery on an overly complex process that brings a breath of fresh air to the people involved, those are the moments I look forward to.  The look in the eyes of the staff is what this job is all about.  And its fun.

Posted in audits, Clinical Manufacturing, Commercial Manufacturing, GMP, News, Quality Management Systems, Risk Management| Tags: Services, SOPs|Leave a comment

There appears to be a continual debate as to where we need to set the bar for quality and compliance in the Pharma industry.  There are a number of strategies I have seen over the years but they all fall into the following in reality;

1. We will meet what the regulations tell us – no more, no less – it’s what is required.
2. We will exceed what the regulations say – they are minimum requirements – it will give us a business advantage over our competitors.
3. We will not meet the requirements to save money and if we get caught we will pay the price.  It is the cost of doing business.

You can probably guess  which your company fits into.  If not, it might be worth thinking this through because, if they have a different strategy than the one you are comfortable with, it might be a frustrating place to work.

The logic, I believe, these strategies use is the following:

The higher we raise the bar, the more cost it is to operate!

But is that hypothesis true? Does it cost more to operate higher on the curve?  I contend – not necessarily so.

This came out when I was teaching a course on the cost of quality recently and one of the attendees was arguing that in their business, margins were small so everything they spent on quality was directly from the bottom line.  Spend more and profits go down.

While this appears logical on the surface, I do not believe it tells the whole story.  It assumes that money spent on quality to raise the bar is simply an overhead and does not impact anything else.  In other word, spend money on quality and it has no impact on efficiency or losses etc.

Rather, I believe that if you spend money on quality systems, it will result in decrease cost of operation, higher throughput in the plant and will lead to a more efficient operation.  One example might be to improve the way investigations are performed.  This should result in more efficient and effective investigations.  This results in true root causes being identified and hence more effective CAPAs which lead to less repeat deviations.  The improved investigation system would require less resources to operate, be done quicker and hence cost less.  And if the investigation actually got to the root cause the CAPA has a higher probability to prevent repeat observations. That is to name just one system.  You could construct scenarios for complaints, change control, lot disposition and validation with similar conclusions.  I believe investing in quality improvements (raising the bar), should be viewed as an investment rather than an overhead.

It took  about three days in the class before the proverbial light bulb went off in his head.  I don’t know if he will take that message back to the plant and even if he does, will they believe and introduce some of this thought process into their operations.  Time will tell.

Posted in Commercial Manufacturing, GMP, News, Quality Management Systems, Risk Management| Tags: Services|Leave a comment