At a course I was recently teaching at the University of California, Berkeley on Biotech Pharmaceutical Quality and Compliance, the topic of how to implement the ICH Q9 was brought up.  One attendee indicated that his company had tried to implement it and had run into trouble.  They had set up a Quality Risk Management (QRM) department and it just appeared that all they had done was create another function that had to review all work, SOP’s and reports.  It was like a further level of QA.  Processes were operating even slower than normal and it appeared the amount of work had mushroomed.  He indicated that in the presentation, I made it seem so easy.  he posed the question:

Where had we gone wrong? And was it to late to get back on the right path?

In reality, I find many companies that implement QRM do make it too complicated.  It should not be a separate department but rather the tools should be incorporated into your everyday processes so that simply there is just a further step in your pre-existing processes.  These processes could be change control, investigations, CAPA, complaints, environmental monitoring, testing schedules, raw materials programs, vendor qualification.  You get the picture.  Put it where it adds value.

I am reminded of one of the first times I heard an FDA’er articulate on QRM.  A few years ago (quite a few actually) I was at a conference where an FDA’er was describing Quality Risk Management (QRM) and their expectations.  It was a few months after the ICH Q9 was issued.  the speaker described agency expectations and since I knew him very well (having had lunch and a few beers socially), I approached him and indicated that I thought what he was describing was already in place in most progressive companies.

He replied:

You are right, it is.

I continued:

So what is different now?

He replied:

The agency just wants it to become second nature and get it integrated formally into your processes and, of course, document decisions and assumptions.

That was one of the most valuable set of comments I have received on the topic.

So I recommend that when making QRM mainstream, you need to do the following:

1. Learn the tools and examples of where it can fit in.  There are many webinars out there offering the know how.  Tungsten Shield does offer some good ones on this and other topics.
2. Examine all your business processes and incorporate QRM steps into the process that exists.  Try one first and slowly roll out across the other processes.  Change Control is an excellent one to start on.
3. Examine after a period of time to see what works and what does not.  With QRM you have begun continuous improvement so expect changes over time as your skill increases and you find out how the company likes to operate.
4. Remember to document all your decisions and most importantly assumptions.  Be prepared to go back if your assumptions are found to be wrong or new information  surfaces.
5. Do not fall into the trap of setting up a QRM department or you will be mired in bureaucracy.

And, most importantly, enjoy what you are doing.

Posted in Commercial Manufacturing, GMP, Quality by Design, Risk Management, Vendor Qualification, Webinars| Tags: Services|Leave a comment

I was on a panel discussion on Contract Manufacturing in Berlin this last week and the topic of Quality or Technical Agreements produced a vigorous debate. While everybody agreed that the requirements for the documents are codified in the EU by regulations, the FDA does not directly require them by law. However, as most know, if you do not have them in place, you will get a tough time at inspection to assure that you have appropriate oversight of your Contract Manufacturer (CMO).

So what should you have in the document and how should it be controlled?

Firstly, essentially everybody at the session was adamant that the document was one whose purpose was to define expectations between both parties. Again essentially all believed it was a document written by the Quality group to define the quality expectations, obviously involving other disciplines eg, manufacturing, logistics etc for input.

However, who should have control of the document split the group into two camps. The majority believed, that these parties alone needed to review and approve the document. A small minority (including the only lawyer present) believed it should be approved by the legal function, and be formatted by legal. I tend to believe that the value of legal should be advisory in the preparation to assure that no landmines or bombshells are present.

However, it is a document used by both quality and other technical functions. As such it needs to be written in real language that is understood by the doers. So in my experience, I have involved the legal department for advice, which I do take seriously. But I do not let it get hung up in the legal department in their processes which tend to take extraordinarily long timeframes to complete. Usually, I give then a week or so to review with the comment that no communication by the end of the week indicates no problems found. Of course, I do not wait until the department is involved and tied up in some busy critical project or most are on holiday. Rather I plan ahead giving them a heads up that one is coming along. In other words, I play a balanced hand but do not let them become either the gatekeeper or the bottleneck.

That said: what should it contain? The simple answer is “everything that appears relevant”.

Clearly, define the product(s) and steps in manufacture that are covered by the relationship and the markets that will be supplied. This is to assure that the correct GMP’s will be applied.

With this as a preamble, go through each of the quality systems, to assign responsibility to assure who will do what is clearly defined. In some cases, one party will be responsible for all activities. But in most cases while one party will be responsible for most, the other party will play a role even if it is simply to be informed of the result.

So why am I not describing who is responsible, system-by-system? It is because there is no set pattern and it must be defined for your particular circumstance. Who does what is determined by who has the expertise and the risk level you are prepared to tolerate.

One mistake people make is to assume that if I am outsourcing the physical manufacture, I can also outsource the responsibility and the accountability. Truly delegate as much as you can to your CMO. You are paying a highly experienced entity: so use them. However at the end if the day you are responsible for the activities at the CMO. Make sure you are involved in change control, lot disposition, investigations (major or critical), just to name a few.

Communication is critical. Define the who, when, what, where and why. Make sure the contacts are clear to both parties and their communication channels are open. In the world of improved e-communication, while email is exceedingly good, there are times when face to face is critical. Frequency of meetings and reports are important to build expectations. Clearly defined mechanism prevent the data overload of random people called random people in the other company.

Sometimes things go wrong and an audit is need for cause. Define the routine and non routine so it is clear when you can go. Include in that you can use consultants to audit. Put in a section on what to do when you butt heads. You hope you ever need it but if you do, you have it spelled out.

Change controls can be simple for small plant-only activities. It can be more complex if it results in a submission. In the latter cases, make sure you are an active player. Make sure you keep up to date so you can submit supplements quickly and on time. You are releasing product to market, so you must be involved in the operations. You need to know all the issues with the lot and make sure the contractor communicates to you when things go wrong. Definitely be fully aware of all critical deviations or discrepancies including OOS’s.

In general terms, activities that are truly plant specific can be delegated to the CMO with you having the option of auditing periodically or receiving monthly reports. For product specific activities, I recommend you taking a leadership role approving all activities. This applies to validation in particular.

I periodically present webinars on this and other topics in conjunction with Tungsten Shield. Of course a 2 hour webinar will cover much more detail that that described here. Check out their site for upcoming webinars I will be presenting.

Posted in Contract Manufacturing, GMP, Quality Agreements, Webinars| Tags: Services|Leave a comment