Those of us in the competitive and highly regulated pharmaceutical, biotechnology and medical device industries understand the need to balance operational efficiency with regulatory compliance. We must find ways to reduce complexities, eliminate redundancies and streamline operations while staying compliant with an array of regulations, guidance documents and regulatory expectations (some explicit, others less so). Making changes to our processes requires overcoming challenges arising from these often competing interests.
When publishing guidance documents, the FDA includes language implying that industry can use an alternative approach if it satisfies the requirements of the applicable statutes and regulations. Using this language as a stick by which to measure well-intentioned process optimization proposals, this article will explore considerations for creating desired efficiencies while maintaining compliant processes.
For illustrative purposes, let’s look at a common process optimization example of streamlining a supplier audit program.
OPTIMIZING THE SUPPLIER AUDITS PROGRAM
Onsite audits are an important and well established tool for assessing suppliers. Still, there are ways to optimize supplier audit programs.
At this point, you have already sliced and diced your list of suppliers by establishing risk-based categorizations of the types of services and/or goods they provide. While retaining other supplier oversight mechanisms, you have eliminated onsite audit requirements for suppliers with no potential impact to your products. You have also reduced onsite auditing frequencies for the suppliers with a lower potential for product impact.
Nonetheless, the list of annual required audits remains daunting. Many have dwelled for the millionth time on the fact that they are not the only one auditing each supplier. The dozens of times each year that other entities audit a supplier can make you wonder: Is there a way to leverage those activities to reduce onsite auditing requirements?
A process optimization idea is born. Fewer onsite audits mean:
• Spending less time on scheduling and audit preparation
• Reduced execution and reporting activities
• Decreased travel time and costs
• Fewer findings to track to resolution
• Simplified metrics and management reporting
PURCHASE AN AUDIT REPORT?
Various industry proposals for leveraging common audit reports have been circulating for years. Typically a third party audits a supplier, prepares a report and sells it to companies that want to avoid conducting their own audit.
There may be a place for common audit reports, particularly with regard to low-risk suppliers. Before taking such an approach, though, consider the following factors:
• The report may not adequately address the scope needed, but one likely won’t realize that until after it has been purchased. You alone know the importance of the services and/or goods that the supplier is providing; the auditor might not have placed sufficient emphasis on what is critical to you.
• Even if it does satisfy the scope required, the report may grow stale. The supplier may experience impactful regulatory inspections and/or changes to procedures, personnel, facilities, equipment, etc. Will a window into the past suffice?
• Perhaps a proprietary process is involved, and the third party would not have had access to audit those processes. And if the third party did have access, it would not be prudent to share those details with other companies.
Assessment: Purchasing common audit reports can fulfill some of one’s needs. Let’s call this option a “Maybe.”
LEVERAGE QUALITY SYSTEM CERTIFICATIONS?
Leveraging your suppliers’ quality system certifications to certain standards such as ISO 13485 (applicable for medical devices) may be an option. To gain and maintain that certification, quality system experts must audit the suppliers routinely.
Whether your organization makes medical devices, pharmaceuticals or biologics, many may potentially benefit from this approach. However, be sure to consider the following questions:
• Who issued the certificate? There are vast differences in the weight that certificate-issuing organizations carry. For the harmonized European version (EN ISO 13485), the certificate should be issued by a group with rigorous standards called an authorized notified body. Organizations with similarly rigorous qualification requirements exist to audit and issue quality system certificates to ISO 13485 for other regions, such as Canada (recognized registrars).