OR WAIT null SECS
The quality assurance environment is forcing pharmaceutical companies to face new challenges. In light of this, the authors conducted a study of professionals from some of the world's top pharmaceutical companies to identify key QA concerns.
The study on quality assurance (QA) stems from a related project we conducted for a client in 2008/2009 on QA organization in pharmaceutical companies, which raised questions regarding QA. The study, conducted earlier this year, aimed to understand pharmaceutical employees' thoughts relating to QA and to highlight some of their key concerns with respect to implementing QA processes and techniques. We intend to conduct the study again at a later date to obtain further information on upcoming trends.
(Getty Images/Image Source)
We surveyed one or two persons (mainly heads of corporate QA) from 14 pharmaceutical companies (10 of which are in the top 20 worldwide pharmaceutical companies) — representing more than $300 billion net sales in 2008. Once we understood some of the key issues relating to QA implementation amongst our survey respondents, we were able to provide some recommendations that would allow pharmaceutical companies to adhere to good QA practice.
Four key areas of concern relating to the implementation of QA techniques in the pharmaceutical industry were highlighted at the study's conclusion:
In summary, based on the results of the study and, in particular, the four key areas highlighted above, we recommend five key actions that should be taken by management to ease the transition to QA excellence:
To adhere to these recommendations, the QA units at corporate level (CQA) will have to play a leading role; each recommendation has strategic importance and will have a corporatewide impact.
The study group identified four important tasks that CQA units should undertake to ease QA implementation across a company (Figure 1):
The role of a CQA manager is akin to a strategic architect who develops the basic quality and compliance standards, and monitors their successful implementation. As QA compliance continues to gain importance, so too will the need for a communication platform that enables the effective exchange of knowhow and continuous improvement concepts.
This rising importance of communication platforms is a common sense approach, given that successful implementation is only sustainable when all QA employees fully understand and identify with the quality strategy and resulting concepts. Furthermore, a networked, teamoriented organization should be more efficient and innovative, and more inclined to avoid traditional, hierarchical company structure. Corporatewide communication platforms offer one key method of knowledge management; most of the corporations that participated in the survey expect a higher need in the future — particularly with respect to adequate IT support that helps avoid human error or inconsistencies in daily practice.
The way in which management supervises QA implementation will soon be subject to GMP inspections, following on from the results of a confidential agency audit that confirmed a distinct lack of quality monitoring at management level in pharmaceutical corporations. This, therefore, raises question marks regarding whether the management and supervision of QA is sufficient or whether the quality culture of a corporation is the right one. Most survey respondents confirmed that their company needed to place a greater emphasis on improving managerial supervision and quality monitoring — especially in light of the latest regulations set out in ICH Q10 and Q8 (revision 2).1,2 The areas in which management lacked effective quality supervision processes varied amongst survey respondents, but the supervision of several key processes was highlighted as being largely neglected by management: functional performance, compliance, quality performance of products, quality culture and guidance.
Audits are the most effective tools for monitoring and tracking quality and performance within a manufacturing facility, but only half of the companies surveyed admitted to having harmonized audits between all GxP practices. Most of the participating corporations felt there was a distinct need for better integration of GxP practice across all levels of the corporation, particularly in the future. However, the lack of knowledge of auditors for the various GxP areas was perceived as an obstacle to harmonizing the methodology and the audit process itself.
Riskbased auditing techniques are judged as a must for the efficient use of resources in the future. The main requirements of a riskbased approach include good technology, and a good level of experience and knowledge amongst both third-party sites and inhouse employees. Consequently, it is of paramount importance that CQA managers pay particular attention to thirdparty sites to ensure that inhouse and external QA processes can be harmonized. To overcome any possible resource bottlenecks in implementing thorough riskbased auditing, it may be important to use shared audits, mutual recognition agreements, outsourcing of audit activities or use of certified thirdparty auditors.
Furthermore, the quality check for inlicensed or incontracted products, regardless of where they are manufactured, was considered by half of the corporations surveyed as a vital task for CQA.
Product validation remains topical in light of the dynamic lifecycle approach of ICH Q10's new quality system and the adapted validation guideline of the FDA.3 Many GMP audits conducted by the FDA and the EMEA have discovered that original validations have never been updated, trending is not carried out and that product quality reviews fail to consider the lifecycle management of a pharmaceutical product.
Product validation is mainly based on annual product reviews (APR) in the US and/or product quality reviews (PQR) in the EU. Other instruments such as out of specification (OOS) reports or product design studies are used less frequently. Product quality design studies go beyond APR and PQR; they follow the philosophy of 'continuous improvement' and the idea of 'integrated quality risk management'; both do not differentiate between new and old products; both try to make products fit for the future. They can also highlight potential formulation problems relating to excipients and intermediates, and identify unknown impurities. Because of the limited use of OOS and product design studies, however, questions regarding the validation of legacy products remain. According to survey respondents, there is neither 'grandfathering' of products nor 'grace periods' to bring them to an adequate quality or compliance level. In fact, only 60% of interviewed companies report that product validations are updated regularly and only onethird consider this an issue with growing importance in the future.
Contrary to popular belief, we have found that the use of riskbased tools is widespread; the most dominant method is the failuremodeandeffects analysis (FMEA), followed by hazard analysis and critical control points (HACCP), and the causeandeffects diagrams (Ishikawa), according to the results of our study. All companies should employ a stricter and more intensive use of tools for preventive risk management; however, our study concluded that efficiently integrated quality risk management concepts, as set out in ICH Q9,4 have not yet been widely implemented.
A quality control and validation strategy that is both in accordance with ICH standards and meets FDA guidelines is an important target for most of the companies surveyed. The challenge is to find the balance between 'timetomarket' to guarantee patients fast access to new drugs and the lack of experience in production methods, which may lead to deviations from registered quality specifications. A good quality strategy should ensure product safety and efficacy for the patient, whilst also ensuring quality and compliance by implementing a flexible management approach to QA for commercial production. The pharmaceutical industry is still on a learning curve in this regard, and engaging the involvement of crossfunctional teams to develop an enhanced risk-based control strategy is ongoing.
Product integrity is a key element in supply chain protection. The survey results revealed that the main tools used by pharmaceutical companies to protect product integrity include overt and covert physical security features embedded into labels, barcodes and tamper-proof packaging. There is no dominating safety or quality standard governing supply chain protection as yet; however, combining these security elements could be an option for the mid to longterm future.
As the legal aspects of product security and protection have yet to be defined, testing is ongoing and technical standards are still in discussion, the industry is hesitant about investment in any one method of security on a large scale. Questions remain over the ease of integration into the supply chain and cost of investment for all available solutions. In spite of this uncertainty, however, all pharmaceutical companies surveyed confirmed that the issue of product integrity and supply chain protection is well and truly on their radar — and is being dealt with.
Supply chain integrity has four core elements: supplier certification scheme, auditing — of suppliers and for the entire supply chain — track and trace (RFID) and special distribution methods. Most corporations still rely exclusively on supplier audits. Currently, there is no single solution, but a combination of several approaches will probably apply in the future. New technologies in this area are, however, emerging; track and trace technology is showing increasing importance and it appears that it will supplement the 'traditional' concepts. The effectiveness of product serial numbers and tamper evidence has been demonstrated in several other markets and will gain wider acceptance in the pharmaceutical market, whilst pilot projects for coding/track and trace technologies have been initiated.
Global technical standards for all these new approaches are required to enable their successful penetration and to act as a guide for the industry; for example, standards to guarantee interoperability of global security codes with existing local code systems established for reimbursement or other purposes, would be beneficial.
The sourcing of pharmaceutical materials represents one major quality risk that is currently not fully addressed; only a minority of the corporations surveyed have fully implemented quality control processes for all thirdparty sourced products. Sourced materials believed to require the strictest level of quality control are APIs, followed by intermediates and excipients. According to survey respondents, packaging material requires the weakest level of quality control amongst all third-party sourced materials.
Most of the companies surveyed felt that the importance of sourcing pharma materials will significantly increase in the future. This rising use of sourced materials will naturally lead to a rise in interest in quality control methods. In line with this, a recent draft US importer guidance calling for tighter measures to control the risks of sourced materials is urging pharmaceutical companies to invest more in this area.3 Recent highprofile cases, where lack of quality standards have had devastating effects; including the fatalities associated with tainted heparin and infant deaths associated with milk contaminated with melamine, have also caused the industry to pay more attention. Figure 2 outlines some verbatim comments made by survey respondents regarding the detection of impurities.
The key message in the US guideline is "know your supplier". As such, conceptual work for creating an integrated and strategic risk management is needed; business processes, audit schemes and certification schemes must be installed.
The CQA unit has an important role to play here and must become involved early in the process (i.e., during supplier pre-selection). They must also convince suppliers of their responsibilities and ensure there is true cohesion and understanding between both companies. Management must take responsibility for controlling sourcing risks and this requires a cross-functional approach that involves QA, purchasing, supply chain management and the manufacturers. Half of all pharmaceutical companies surveyed confirmed that this cross-functional network of experts was in place in their corporation.
Each company should also perform a complete overview of their entire sourcing structure so that clear roles and responsibilities for the company as well as its suppliers are defined. This, unfortunately, is rarely the reality and is one cause of broken lines of communication and inefficiencies.
According to the survey results, third-party supervision is mainly performed using classical audits or in the form of classical quality agreements. Only a few of the corporations have a fully implemented quality management system for third parties in place, but at least 35% intend to develop one in the future. This quality management system is expected to be shaped by the expectations of regulatory agencies, which is likely to allocate the responsibility for quality problems or non-compliances to both parties; the marketing authorization holder, as well as the manufacturer.
Different levels of quality control, based on a risk-based approach with risk indicators related to the age of products, maturity level of technology used, level of experience, audit trail and so on, exist in approximately 60% of the companies surveyed. We believe that this concept will, however, not be used by all of the corporations in the future. If there is more consolidation across the industry and fewer third-party manufacturers, this picture is likely to change.
Detection of impurities is one of the unsolved problems in the pharmaceutical industry. The requirement is very clear: a quality system must be sufficiently robust to provide a high degree of assurance. But how is this done? Testing to registered specifications will not solve the problem, neither will CEPs (certificate of suitability to European Pharmacopoeia). Rigorous monitoring of impurities based on a strict supplier qualification/management might be a better approach.
Well-described and efficient crossfunctional business processes are the foundation of any quality system and are also the starting point for a more systematic, integrated and strategic risk management system.
The main corporate functions that need to be aligned and involved in a company's risk management system are product development, medicine, regulatory affairs and marketing. This is mainly because the focus of regulatory agencies will be increasingly system- and business processoriented, giving CQA a leading role to play.
Excellent specifications must cover processes themselves, workflows (i.e., dynamic interlinking of processes), roles and their responsibilities regarding content and system. Most of the companies involved in this survey expect this topic to gain significant importance in the future.
Continuous improvement is an essential way to achieve excellent business processes. Continuous improvement concepts based on, for example, Six Sigma, ICH Q10 or ISO/TS 16949, need to be applied in line with the idea from quality control to quality systems in defined quality excellence.
KPI reporting is an essential element of a sophisticated quality system — the majority of companies surveyed confirmed that they obtain a set of KPIs forming a 'quality dashboard' out of their quality systems. However, the quality of the KPIs themselves can be improved — there can be too many KPIs and it can be doubtful as to whether they are suitable to drive change. Are they really risk indicating, and are they interesting for the top management? There should be both lagging and leading KPIs. With lagging indicators, an organization can learn from the past while leading indicators are futureoriented and show how effective preventative quality and compliance management is.
In spite of the fact that all companies surveyed have a KPI-based reporting structure, their reactions and processes for dealing with inspections and warning letters is not yet fully in place. Current KPIs mainly measure performance; riskindicating KPIs for an upcoming inspection or warning letter are still missing. Assuming they are in place, these indicators would take precedence over the classical KPIs as the majority of corporations surveyed predict a significant increase in the need to develop such indicators.
Of course, experience from the past forms the basis for future learning. Nearly all surveyed corporations see the need to do some development here: quality systems must be risk-based, as this is the only way to bring cost under control and to qualify a quality system; and senior experts are needed in particular for the first step of risk management —risk identification — as it is pointed out in ICH Q9.
Norbert Skubch is Managing Director at JSC Management und Technologieberatung AG (Germany). firstname.lastname@example.org
Thomas Zimmer is Head of Global Quality and Environmental Health & Safety at Boehringer Ingelheim GmbH.
1. ICH Harmonised Tripartite Guideline: Pharmaceutical Quality System Q10; June 2008. www.ich.org
2. ICH Harmonised Tripartite Guideline: Pharmaceutical Development Q8(R2); August 2009. www.ich.org
3. FDA www.fda.gov
4. Final Concept Paper, Q9: Quality Risk Management; November 2003. www.ich.org