Compliance Management / QRM Process

Pharma’s door to QRM success

The maturation of the cloud makes adoption of proactive quality risk management possible.

By Mike Jovanis VP of Quality, Veeva Systems

Historically, regulators’ approach to quality has been reactive. There are numerous examples of situations where major regulatory agencies including the U.S. Food and Drug Administration (FDA) have reacted with new legislation or guidelines after a major quality event caused serious public health issues or even a tragedy. Likewise, pharma companies have typically approached quality management retrospectively. They investigate an issue, determine the cause, find a solution, and then remediate. But this pattern of reactivity is starting to change, driven by increased globalization, operational complexity and regulatory pressures.

The pharma industry is now taking proactive, quality-focused actions and building a global enterprise-wide culture of quality. More companies are adopting quality risk management (QRM) strategies and interconnecting these strategies with quality management processes. QRM enables faster, more effective allocation of resources across the organization to proactively reduce risk and improve efficiency. By collecting data globally across products and processes and continuously reviewing for signs of potential issues, QRM helps companies prevent disaster before it occurs.

“While QRM has been defined for many years in the ICH Q9 guidelines, just recently has it become a major factor in inspections. Regulators are expecting companies to incorporate QRM into the ongoing processes for clinical trials, validation, investigations and quality,” explains Jan Paul Zonnenberg, principal, PwC. “This is especially evident with the recent adoption of the ICH E6 R2 guidelines.”

One of the challenges in fully adopting QRM is that companies typically rely on the generic governance, risk management, and compliance (GRC) tools used in other regulated industries. These common solutions do not meet the unique needs of pharmaceutical quality management. Another challenge is the fragmented, manual approach to collecting and organizing quality data, which limits the global view of risk and hinders collaboration among stakeholders. Information is also not organized in a standard format, so companies struggle to share information efficiently and provide visibility across an increasingly diverse group of both internal and external stakeholders.

Advanced cloud technology can provide a more holistic approach to view, understand, and benefit from risk management and make better quality decisions. All global internal and external stakeholders can have access to the system for greater visibility and consistency around the entire process. Additionally, the cloud makes it much easier to bring all relevant parties into the QRM process at the right time for faster and more comprehensive assessment of risk.

Companies are moving to modern systems designed for the risk management needs of the pharma industry and, in particular, are looking for quality applications on a unified platform to enable every stakeholder — including every functional area of a company, regional site, contract partner, and supplier — to keep processes in sync and securely access each other’s risk register.

Here are three key benefits the cloud brings to QRM, enabling organizations to improve collaboration, identify potential problems, and resolve issues early in the process.

1. Enterprise-wide visibility with a global risk register

A cloud-based QRM built on a unified quality management platform provides the foundation to create a global risk register or enterprise-wide “inventory of risks.” Each risk can have mitigation actions to reduce the overall risk score, calculated by a combination of severity of risk, likelihood of reoccurrence, and detectability. Knowing the risk score helps companies prioritize actions to reduce risk. Currently, most companies handle this at a site level or by functional area, limiting visibility. In the cloud, companies can manage it all in a single system globally for greater consistency in risk scoring and faster risk identification and mitigation.

For example, a quality manager might notice a risk at a plant in India. In the cloud, other plants can see this simultaneously and check to see if the same risk exists at their locations while also applying the same successful mitigation strategy. With a singular view of all risks and associated mitigation actions across the organization in real time, management can more efficiently allocate the right resources based on intelligence for more effective risk reduction.

2. Increased consistency and standardization

A cloud-based QRM solution centralizes all quality information to maintain a single, authoritative source of truth that helps ensure consistency in risk assessment and mitigation globally. It also enables greater standardization of process so companies can establish a standard way to measure risk, allowing the quality leader to view information objectively and prioritize risk consistently.

Different geographies, for instance, have different levels of comfort with risk so where one region may want to take major action, another may deprioritize the risk as it may not be applicable. One globally harmonized system in the cloud allows organizations to establish a standard process for assessing risk, and creates consistency in determining the severity of that risk. And, as risk management is a continuous process, a global view enables intelligent prioritization of resources to address and mitigate risks as things change.

3. Greater transparency and collaboration

Providing all stakeholders with streamlined access to a common QRM model allows for greater collaboration around processes across stakeholders. All relevant product teams, functional areas, sites, and other parties have greater transparency into the process with the ability to globally track and review risk. Predefined workflows help everyone stay on task with approvals, reviews and withdrawal processes. Compliance managers can monitor status and collect metrics through dashboards and reports (see exhibit 1) to identify risks and bottlenecks for immediate remediation. Finding a red flag, stakeholders can collaborate at the right time to resolve an issue immediately rather than wait later in the cycle when it’s more expensive and time-consuming to resolve.

Unified QRM

When QRM is built in to a company’s quality management system, the result is a unified QRM framework that supports day-to-day decisions to create a stronger culture of quality. When a problem arises, employees are equipped to consistently make better decisions.

Further, employees build confidence in both understanding the impacts of risk across the company as well as applying a solution that delivers the outcomes for not just their goal, but the overall goal of the company.

“In order to become an effective management tool, QRM will need to be integrated in the overall enterprise risk management plan (supply risk, cyber risk, vendor risks, etc.). Moreover, QRM processes must be integrated directly into the QMS system, rather than have separate tools. This unified approach allows for a standard risk matrix to be adopted across the organization,” explains Zonnenberg.

And, as evidenced by the long list of potential applications for quality risk management outlined in Annex II of International Conference on Harmonization (ICH) guideline Q9, Quality Risk Management, a successful application of QRM principles and tools could positively affect every level of drug development.

As health authorities pay more attention to risk management programs, they are asking life sciences companies to incorporate more robust risk management programs. Many regulatory bodies globally have embraced QRM and integrated it at the regional level. Some examples include:

  • Inclusion of a new annex to the EU GMPs (Annex 20, which has since been retired and the QRM requirements moved to Chapter 3 of the GMPs), as well as revisions to other directives, annexes, and guidelines to incorporate the principles and practices of quality risk management
  • Inclusion of a new annex to the PIC/S GMP Guide (also Annex 20) to adopt ICH Q9 for all member countries
  • Publication of the WHO guidelines on quality risk management

“QRM will become a key area of focus in the 2020s, just like Part 11 was the hot topic in the 2000s,” says Zonnenberg.

New focus on quality

Even as pharma companies are taking initiatives to manage risk, the processes and legacy tools they are using are outdated and fragmented, preventing a real-time global view of risk. In addition, companies need processes and systems that harmonize risk management across the enterprise in the face of greater globalization, outsourcing, and regulation. A cloud-based quality management platform with QRM built in delivers a global and more accurate view of risk while facilitating standardization to simplify the risk management process. And, its ease of use can support greater adoption of users across different parties for consistency in processes.
There’s a greater emphasis on quality in pharma today, especially in the wake of heightened consumer awareness. In this environment, modern software designed for the needs of life sciences companies operating in the 21st Century can be a differentiator that transforms quality management efforts and results. Many top companies like Celgene are retiring legacy processes and tools and adopting new quality management solutions natively designed to enable proactive QRM.

The maturation of the cloud makes full adoption of QRM a reality. It will fundamentally help pharma companies improve quality — and reduce costs — by proactively eliminating risks in their operations.