In a recent conversation, John Walker, Program Director of Business Enterprise Mapping, Inc., shared his views of ISO 9001 and ICH Q-10, and what they mean for the drug industry.
PM – Are there any lessons that pharma can take from other industries when they were at similar stages in the development of quality systems?
JW – Many pharmaceutical industry professionals incorrectly think their industry is more highly regulated than other industries. But aerospace, military and telecommunications all make ’lifeline’ products that people depend on, and safety is really the same endpoint. Each of these industries is heavily regulated and their regulations contain many elements that would be very familiar to pharmaceutical professionals.
From a process-based perspective, all enterprises are architecturally similar, regardless of the specific goods or services that they deliver. It is this similarity that recent (2000 and later) ISO management standards exploit and which permits those standards to apply, equally, to any enterprise, regardless of industry or sector. This makes it possible to benchmark best practices between industries to create broadly applicable, templates which can be widely adopted as baselines for subsequent detailed customization.
The ISO 9000:2000 family of specifications represents the minimum QMS required to maintain a state of control and predictability over quality. Its emphasis is, however, on effectiveness rather than efficiency. ISO 9004:2000 promotes the subsequent emphasis on performance improvement and maximizing efficiency.
As with ICH Q10, other industries have adopted ISO 9001 as the backbone of an industry-specific QMS. e.g. AS 9100 (Aerospace), ISO 13485 (Medical Devices), ISO/TS 16949 (Automotive), TL 9000 (Telecommunications), Registration to these standards has become table stakes for participation in those industries, including at least first- and second-tier suppliers to the final product/service supplier. I anticipate that similar requirements will soon prevail in the drug industries.
PM – What are the biggest obstacles to change in pharma?
JW – Some companies still feel that complying with current good manufacturing practices (cGMP’s) alone is enough for now without realizing that major benefits can accrue from also implementing a modern, process-based Quality Management System like ISO 9001:2000.
The primary challenge here is that for most organizations to access these benefits there must be a major change from a product and/or departmental silo-based one to the truly process-based one. This transition is essentially impossible to choreograph from inside any organization because of the entrenched beliefs and fiefdoms that currently prevail.
Many companies, regardless of industry, still run non-value-added documentation-based audits and not process-based audits. Process based audits add value, and can contribute significantly to continuous improvement.
PM – Where does ICH Q-10, which is a voluntary global standard, fit into all this?
JW – ICH Q-10 is really a marriage between cGMPs and ISO 9001 but it accommodates the fact that cGMPs themselves are in a state of change. The underpinning belief of the FDA and other proponents of Q10 is that it also represents best business practices that justify its adoption.
This is politically a much easier route to adoption than mandating its use. Many first-movers are already anticipating using it and many courses and conference papers are out there describing it. There are, however, not many articles on exactly how best to achieve compliance.
PM – Should compliance be viewed as a business opportunity?
JW – Yes. Companies that have moved from a document-driven to a process-driven approach to compliance have usually reaped tremendous financial rewards.
There’s an analogy with corporate response to Sarbanes-Oxley (SOX) corporate governance legislation. What became an expensive burden for some became a business opportunity for others.
The former companies regarded the new legislation as an onerous chore and created a new layer of activities to manage SOX compliance. External auditors, themselves unfamiliar with the new legislation and being paid by the hour, erred on the side of caution and thereby maximized the amount of extra work. The overlay process approach significantly increased the effort required during internal and external audits compared to a process-based approach. The result was that SOX compliance for these companies remains a costly, non-value-added and onerous activity.
Other companies, counseled by more compliance-savvy consultants, took the opportunity to convert to a process-based approach to managing their operations and wound up with streamlined processes and documentation that could also simultaneously comply with any number of standards and regulations such as SOX, ISO 9001, OHSAS 18001, ISO 14001 etc. The lesson is that all approaches to compliance are definitely not equal.
PM – Your company promotes the concept of “mapping” a business visually to ensure that strategy is being achieved. How does that work?
JW – Business Enterprise Mapping is designed to transform the maturity level of the organization from wherever it currently stands to a level 4 or greater on the 5-level business/process maturity model defined in ISO 9004.
Many of our programs leverage the fact that verified ‘Current State’ maps of the enterprise serve as a necessary stable and powerful foundation from which to define and launch any of a number of different business initiatives such as compliance to standards and regulations, global standardization, continuous improvement projects (lean, six-sigma, value-stream analysis, kaizen-blitz etc.), major IT projects, future state mapping and outsourcing.
Process audits are critical. You can’t just look at documentation, but must follow processes, using an audit trail of process controls, results that have been achieved in the past, so you’re not just reviewing huge binders or stacks of assays. You then seek to maximize value-added activity to create a continuous improvement loop for your organization. The real test is whether you’re consistently meeting goals. If you’re in true control of your enterprise, you see predictability.
PM – But doesn’t Six Sigma’s DMAIC approach already help you do that?
JW – Attempting major process improvements in an environment below full Level 3 maturity is fraught with significant risks as the system is not yet in demonstrable control.
Also, many six-sigma projects have been called into question because their claimed $200K+ net benefits have not been evident on the enterprise’s overall bottom line. It is believed the siloed cost reduction activity just pushed the cost elsewhere in the organization. To prevent this, thought-leaders are just now starting to recommend capturing and characterizing the whole enterprise’s business process architecture before embarking on major projects. Business Enterprise Mapping has already been supplying this approach for years.
PM – Do you foresee a day when third-party auditing companies like DNV would be able to go out and certify pharma vendors as meeting ICH Q-10 standards?
JW– Right now there’s still a great deal of [vendor] auditing required on the part of the individual pharma company. GAMP is a good example, and ICH Q-10 meets GAMP where risk assessment is concerned.
In theory, the same auditors that do ISO certification today could handle pharma audits based on Q-10 in the future.
To contact John Walker, please email him at email@example.com