· 16 min read
This webinar aims to help you understand five critical factors in helping you sustain your GMP compliance. It also aims to help you understand the criticality of those factors.
Firstly, if one were to look at the last three years data on the FDA website and look at the issues that arose during inspections, you will see that there is a consistent thread in terms of where the deficiencies are coming from.
Deficiencies primarily relate to quality systems. Most citations relate to standard operating procedures or the lack of it. After that, the next most cited area is deviations management relating to investigations and how firms handle nonconformances and corrective actions. The third most cited area is laboratory controls, testing, test methods, and the documentation pertaining to laboratory.
The top three issues relate to quality and SOPs.
In recent times, we have seen a shift from people looking at Operational Excellence to looking at Quality Excellence. For many companies, this has been an area that has drawn an intense focus. We are seeing people look at quality and quality excellence. The intensification of focus is due, in part, to the findings of the FDAs drug shortage report, which shows that between 2013 and 2017 that 62% of drug shortages were related to manufacturing and product quality issues.
A further issue raised in the report is that of quality system capability and its maturity. Covid-19 related lockdowns and issues such as ‘The Great Resignation’ have put significant pressure on manufacturers. As such, the maintenance of a quality system, rather than spending time developing the system, was the main priority of a company. However, the FDA and the Office of Product Quality have started piloting a quality management system maturity rating system. This is something that many in the industry feel will become a recurring topic in the coming years.
What are the benefits of a quality management maturity system? It will help people to understand the maturity of the compliance framework of a particular firm. In turn, this will aid suppliers, customers, and regulators. This framework will be the future of regulatory oversight i.e., the intent is to move towards a risk-based decision-making system that is based on the maturity ratings of a particular site. While the FDA are looking at that issue now, we at NSF have always considered it when assessing an organization's quality system.
One of the first, and most frequent things that we encounter, is a lack of self-realization by companies that have been hit with a Form 483. In a recent webinar, John Johnson referenced that identifying the issues by a regulatory body often generates feelings of disbelief and denial.
There are various stages of maturity, and they are progressive in nature. Take a moment to read it and to consider where your company sits:
We have developed these five factors by looking at previous projects that we, at NSF, have worked on and by researching publicly available documents relating to remediation.
Standard Operating Procedures are the bedrock of a quality system. They reflect your quality system and how you want to run your process. The concept of document hierarchy is regarded as common knowledge to people in the industry. However, what people sometimes fail to understand is that a document hierarchy exists for a reason. A document hierarchy is a delineation of how you record information or how you articulate your instructions. It is important to categorize your documentation so you can understand how to deal with distinct categories of information.
A documentation management system is critical and a must-have. Likewise, it needs to be user-centric and easy to use. The ease-of-use concept must be built into what you do. SOPs must be easy to follow. Doing so, reduces risk of human error.
SOPs need to cover every stage of the process. Too often, we encounter SOPs that cover the steady state process, but fail to cover out of the ordinary occurrences or when something fails. You must detail what to do when something goes wrong.
Documents are important, however, ensuring that staff members are trained on these documents is pivotal. Typically, we see three types of training: read and understand, classroom training and on-the-job training.
Finally, within this section, there needs to be an effective change management procedure for adapting SOPs to changing circumstances. We suggest asking the following questions:
Deviations can often be caused by deep rooted systemic failures. Deviations often regarded as the visible part of an issue, whereas ‘what lurks beneath’ is routinely ignored. Unless, you have an effective deviation management process, you will not be able to identify any of the underlying problems. Failure to deal with these could cause a compounding problem. It is always best to deal with them.
Deviations are often caused by multiple contributing factors, and they should always be investigated proportionate to their risk. You need to be able to understand that not every issue needs to be investigated. If you are not investigating something, do you have controls and detection mechanisms in place to be able to mitigate the risk in the first place? Investigating everything might place undue stress on your system. Therefore, it is important to understand what is worth investigating and what is not.
Deviations cannot be solved from behind a desk. Get to where the action is and engage with the people involved in the process under investigation.
When it comes to ownership of deviation investigations, we are seeing many companies adopting a new method where the user is responsible for deviations within their business unit and Quality would function as a facilitator and provide oversight for the review/approval process. If you want to move to such a model, you need to be able to understand that deviations must be part of the workload calculation when estimating the amount of workforce for your user group. One of the early flaws that we are seeing with such a method is that the number of personnel resources required for such an operation are not being factored into workforce calculations. Therefore, factor the time needed into your planning.
Deviations needs to be classified. Most companies categorize as follows: critical, major, and minor. The most important aspect to this is to explain what each category means. Doing that, will ensure a consistency of approach when classifying a deviation. Then, employees can look at a deviation and its classification and immediately understand how pressing the matter is.
Having a risk assessment process is essential. Also, having a repository of risk assessments enables you and your colleagues to access previously done work to see if the issue has occurred previously, therefore saving time when the issues need to be looked at again.
The other important aspect in assessing risk is, again (as stated with deviations) is to have a method of categorizing and handling the issue. And again, we recommend that a company should use a consistent methodology to enable staff to understand the criticality of the issue.
Here is an example: If you have human errors, the first thing most companies do, is to conduct an interview. However, many companies do not have a standard template or guidance document to guide the interviewer. Not having such a document, can result in ineffective questioning and the interviewers receiving uninformative Yes/No answers.
The most successful companies have a pool of qualified investigators within the company. Most importantly, they have a recognised leader of investigations who manages a team consisting of Subject Matter Experts, Technical Writers, and other experts.
Human performance is the biggest variable in this heavily regulated industry. Therefore, we need to understand how humans operate and react. This is an area that NSF has excelled in over many years. We have developed training courses, human error webinars, long read articles, and more about the issue.
When looking at the human performance issue, you need to be able to ask, and answer, the following questions:
It is just as important to have the right operating environment in place to enable your high performing teamwork in the best possible way. In this instance, you should be asking, and answering, these questions:
Repetitive tasks run the risk of human error. As people complete the task repeatedly, their concentration or attention to detail might slip, thereby creating the possibility of error occurring.
Human errors are an important part of human performance, and it is something that needs to be dealt with. It is something that needs to have a specific focus. Often, when we see companies conducting investigations that conclude human error as a root cause, they do not go beyond the surface. And, by failing to do that they are missing an inherent risk or a systemic risk that could happen again. Something that is not considered, is that human error is not individualistic. If someone makes an error, there is a chance that another person can make the same error. Therefore, it is important to understand that human error is the consequence, but rarely the cause of mistakes. Human error must be the starting point and not the conclusion.
One pharma company estimated the cost of human error to be approximately $2.2 million per year, and another put the figure more than $150 million. Can your company really afford your “error bill”?
Aside from the issues listed above, there are intangible costs such as the reputational damage and the fact that a company might come under increased regulatory scrutiny.
Is important to understand again that errors can be caused by active or latent failures. To deal with errors effectively, you need to be able to understand the causative factors. There are two types of failures that could cause these human errors. There is the active failure and latent failure. Active failures are mistakes made by people. There are just straight mistakes.
For example, a person might forget to perform a particular step. That is an active failure. A latent failure is a system weakness. For example., if there is no guidance in the SOP there is a chance that a technician might use their tribal knowledge or experience to figure out what needs to be done. That latent failure is happening because of the design of the process. In this case, you are allowing a mistake to happen.
Latent failures are harder to spot and fix.
So always focus on looking for the error chain, identify the true root cause, identify the true root cause, and hunt down the latent system errors.
Finally, for now, 80% of your actions should be preventative and only 20% should be corrective.
Covid-19 has turned the employment market on its head and brought about an unprecedented upheaval in how we work and approach the work that we do.
One of the findings in a recent report (here) is that 35% of workers turned down a new role because of the lack of remote working options. Remote work is, for many people, a work life balance issue, and it plays an important part in deciding what to do with their career. Remote work, shifts in life plans, and the current increase in the costs of living, are all impacting on manufacturers abilities to recruit and retain qualified staff.
Through our work, we have found that the companies that have handled this issue best are those that have had clear communications with the staff on what is expected. Also, companies that invest in staff and facilitate their upskilling are doing better than others. Our earlier point about the Quality Maturity Model has a role to play in our third point: addressing burnout. Burnout can come from constantly feeling the need to ‘firefight’ in situations. Companies that are automating, and eliminating latent failures are, again, doing better than others.
Do you know where you and your company are in the compliance process?
Are you aware of the inherent risks?
Having an effective internal audit program will allow your company to understand the risks that exist and give you the opportunity to deal with them. Being your own toughest critic can reap rewards and ensure better outcomes. Again, as with our point on investigators in your team, you need to have a competent and professional team of internal auditors consistently checking for issues.
The benefit of empowering an internal audit team is that they will consistently stress test process, procedures, and documentation to ensure that they stand up to the rigors of an external agency inspection.