Sharing Supply-Chain Security

Published on: 
Pharmaceutical Technology, Pharmaceutical Technology-11-02-2009, Volume 33, Issue 11

A panel of industry and regulatory experts, including FDA, discuss efforts to secure the global pharmaceutical supply chain. This article contains bonus online-exclusive material.

Listen to the individual audio transcripts from this story, featuring Susan J. Schniepp of Javelin Pharmaceuticals, Martin Van Trieste of Rx-360, Janeen Skutnik of IPEC, Tom Buggy of DSM Anti-Infectives, and Susanne Keitel of EDQM, in PharmTech’s special podcast series.

Martin Van Trieste on Rx-360 and shared audits

Van Trieste is vice-president of quality at Amgen (Thousand Oaks, CA) and interim director of Rx-360, the recently established international pharmaceutical supply-chain consortium.


We have learned some recent lessons the hard way. The tragedies related to economically motivated adulteration of glycerin in Haiti, Panama, and Nigeria as well as heparin used in the United States and Europe, and melamine found in various products throughout the world, have taught us that unethical individuals and criminals have entered the pharmaceutical supply chain with tragic consequences. The US Food and Drug Administration estimates that at least 800 individuals have died throughout the world [because of] adulterated glycerin. The number of deaths and serious injuries related to the other events mentioned is in the thousands.

As regulators and industry professionals, we wake up every morning and decide how our ideas and work will help patients. This is all undermined by another group of individuals that wakes up every morning to develop methods to pass off cheap substandard materials to make a quick profit.

Van Trieste

About a year ago, FDA and PDA, the Parenteral Drug Association, collaborated to develop a conference series to increase awareness of this problem and to solicit ideas from industry about how to fight back. Several quality leaders from within our industry quickly realized that the problem was not due to a failure of good manufacturing practices (GMPs) but was a result of criminal activity. We also recognized that this problem was global and very complex, requiring a big bold response that no one company could solve on its own. At the second conference, in December 2008, we decided the best response would come if the industry joined forces. We decided to form a consortium, which grew into Rx-360.

Rx-360 now has more than 25 members representing pharmaceutical and biotechnology companies, their suppliers, and various professional organizations. Rx-360 does not intend to compete or duplicate the efforts of other organizations such as the International Pharmaceutical Excipients Council (IPEC), but rather to collaborate with these organizations to reduce patient risk as quickly as possible.

There are four functions of Rx-360. First, we are adopting standards and best practices. The consortium will scan external sources for the best available standards today that will assist in improving the performance of the supply chain. After implementation, the consortium will look to identify any gaps in the standards aimed at improving these standards.

Second, Rx-360 will conduct supply-chain surveillance. The consortium will act as a clearinghouse for vital market supplier and supply-chain information. Consortium members will report suspicious and pertinent events to the consortium, which will disseminate the initial information, evaluate the impact of the information on its members, and develop potential proactive solutions for its members to consider adopting. By creating an effective surveillance system, we will know about shortages and other critical events earlier than the criminals.

Third, we will develop technology to prevent or detect adulteration. The consortium will work with research organizations to develop new technologies that will ... detect if there has been tampering within the supply chain. Finally, we are developing a process for sharing audit information. We are working on the standards we should adopt, what those standards are, and how to qualify our auditors. Our goal is to begin sharing audit data between member companies by year s end.

It is important to remember that it is still the responsibility of each member company to make its own decision on a supplier s acceptability based on its individual product requirements and its own company policies and procedures.

The shared-audit program should reduce the number of audits at common suppliers, eliminating what is known as "audit fatigue." What we will ask for in return from the suppliers is to allow Rx-360 to conduct longer, more thorough audits that not only cover GMP but that also look at environmental health and safety, risk management, supply-chain security, and other activities.

Janeen Skutnik on IPEC guidelines and IPEA's third-party audits

Skutnik is director of quality and regulatory policy at Pfizer (New York) and chair of the International Pharmaceutical Excipients Council of the Americas (IPEC-Americas).


IPEC, which represents pharmaceutical manufacturers, excipient suppliers, and distributors, has been focusing on developing voluntary guidance for excipients and white-papers for the past 15 years, all focusing on the safety and security of pharmaceutical supply chains. We believe that to ensure the security and integrity of the pharmaceutical ingredient supply chain, we must have a comprehensive, multifaceted, risk-based approach to this issue.


[One growing approach is] geopolitical environmental scanning, which focuses on what is going on globally from an economic perspective, a political perspective, and [within] other industries so that we can be better prepared to look at potential vulnerabilities. If we look at the case study of heparin, we know that heparin is (sourced) from pigs and that the majority of the world s pig population happens to be in China. We also know that it takes about 50 million pigs to supply the US market for a single year. Prior to the heparin incident, we had several years where the price of pigs was increasing due to demand as well as a disease that ransacked the pig population. Had we, as industry, been more in tune to those changes—economic changes—we may have been better able to predict potential issues.

Solely focusing on GMPs is not going to solve the [problems we face.] IPEC is working to convert our GMP and good distribution practice (GDP) standard into ANSI standards, which would make them voluntary consensus-based standards in lieu of government-unique standards. This way, they can serve as a tool for industry... that FDA would find acceptable.

We need to make sure we have procedures for the good distribution of excipients and how they're received. We need to make sure that we have a periodic audit. From IPEC's perspective, it is no longer acceptable to accept your excipient suppliers based on paper audit. Anyone can tell you anything on a piece of paper. You need to have first-hand knowledge... from either your individual company or from a third party.

We should make sure that we're aware whether any of our contractors subcontract out work. We need to confirm that the agreed-upon supply chain is being used. And we need to start thinking differently about how can we ensure the integrity of packaging and seals and also work with our distributors and excipient suppliers so we know how things are supposed to be received.

A quality agreement is something that we need to think about a little bit more for excipients. Quality agreements for excipients in the past have not been an item of focus for most pharmaceutical manufacturers. [But they provide a very] important way to delineate what is important, what expectations [of the supplier] are, and how the two parties can work together. IPEC has developed [free quality agreement] templates for use with excipient suppliers and distributors.

IPEC [also has] an excipient qualification guidance, which lays out what is important from the perspective of the excipient manufacturer as well as the excipient user. It focuses on things like only using excipients from high-quality suppliers and ensuring that you have a [comprehensive] vendor/supplier qualification program. It's no longer acceptable just to look at a vendor qualification program for the top 10% of your suppliers.

US Food and Drug Administration responds to supply-chain security concerns and proposals.

We need to make sure that we have improved communications between users, makers, and distributors. If we, as pharmaceutical manufacturers are more open and transparent with excipient suppliers, they can better help meet our needs.

Another piece of... supply chain security for excipients is the importance of the audit. It is critical to have audit information for all of your excipients. And we have seen that the expectations of regulators are changing. We need to reassess our audit programs, our priorities, and how we define risk. We may want to consider that the risk is not necessarily the highest with the companies with the highest volume that you've been working with for 10 or 20 years. Perhaps there's a higher risk with some of the smaller companies that you've never actually visited.

We need to rethink our audit questions as well. Inquire about your subcontractors, and make sure that your suppliers have their own qualification systems.

International Pharmaceutical Excipients Auditing (IPEA) is one tool. A subsidiary of IPEC, its mission is to facilitate site assessment for the qualification of excipient suppliers with [the goal of] reducing cost for makers and users. The report provides you with the full details of an audit so, as a company, you can decide, does this meet my needs? The audits are done [under] the GMP guide for pharmaceutical excipients developed by IPEC.

Overall, IPEC has numerous initiatives driving at excipient and pharmaceutical ingredient supply-chain security and safety. We really are trying to work together with the key parties to ensure the safety and security of excipients.

Tom Buggy on Europe's audit program

Buggy is international quality manager of DSM Anti-Infectives in The Netherlands and part of the Quality Working Group of the European Chemical Industry Council's Active Pharmaceutical Ingredients Committee (APIC). He is also a key member of the APIC Audit Program Task Force.

Tom Buggy, PhD

As the European API manufacturers association, APIC fully understands the risks to patients if non-GMP or counterfeit APIs are used as starting materials in the manufacture of medicinal products. We recognize the importance of supplier qualification as an effective quality system to approve new suppliers and to periodically evaluate suppliers and manufacturers for ongoing manufacture. In fact, APIC is preparing a supplier-qualification guidance that should be published in November 2009.

Figure 1: The APIC compliance triangle. QP is qualifed person. (FIGURE IS COURTESY OF T. BUGGY)

One key element we've been dealing with at APIC in terms of supplier qualifications is the on-site audit. When you look at the overall audit requirements in the pharmaceutical industry and the international requirements ... the audit burden on the industry is overpowering. APIC has developed a third-party audit program... that is available for the pharmaceutical industry to use whenever they see the need for a third-party audit that can be shared with many medicinal-product manufacturers (see Figure 1). The option of a credible independent third-party audit is acceptable to the European authorities as long as certain principles are followed. Key elements of the APIC audit program are:

  • Coordination of the audits by the API Compliance Institute to avoid any potential conflict of interest with APIC members

  • A standardized six-step procedure for performing the third-party audit

  • A standard approach for an audit of an API manufacturer, which involves two days with two auditors to make sure there is an effective assessment of GMP compliance

  • Most importantly, only APIC-certified auditors are involved.

With regard to auditors, they must have a good background in terms of qualification in chemistry or a related science and appropriate experience in the pharmaceutical industry. To become an APIC-certified auditor, the individual must pass a five-day course covering the GMP requirements for APIs, including a workshop on auditing techniques related to APIs. The API Compliance Institute ensures that the auditors chosen to perform the audit are independent of the customer and the auditee to avoid potential conflicts of interest. Auditors must also sign a confidentiality agreement.

Auditors [assess] GMP compliance based on the International Conference on Harmonization Q7 Good Manufacturing Practice for Active Pharmaceutical Ingredients guideline. Any findings that come out of the audit are explained in full in the closing meeting with the auditee. The auditors classify the findings using a similar classification system used by the European member-state inspectors and include detailed evidence for their findings in the audit reports. At the end of the audit, there will be a clear indication whether the GMP-compliance level has been assessed as satisfactory by the auditors. The APIC audit report can also be shared with other medicinal-product manufacturers.

The key advantage of the APIC audit program is that it is based on the guidances of the European authorities relating to third-party audits. We think this audit program can contribute significantly to assessing overall supply-chain security of medicines for the protection of patients. We also agree that the program provides only one option for effective audits. If the industry as a whole can work together, we can do more to ensure the safety and integrity of the medicines used worldwide.

Susanne Keitel on certification standards and sharing inspection information

Keitel is director of the European Directorate for the Quality of Medicines and Healthcare (EDQM) of the Council of Europe in Strasbourg, France. EDQM is also responsible for the European Pharmacopoeia (PhEur).

Susanne Keitel, PhD

EDQM developed a program to certify suitability of the monographs of PhEur to adequately control the quality of a substance from a specific source (i.e., certification of suitability [CEP]), which has been running since 1994. This procedure provides active substance manufacturers as well as brokers and distributors with the option of filing their quality documentation for the active substance with EDQM for a centralized assessment, rather than filing individual drug master files in different European Union member states or including the information in individual marketing authorization applications.

The focus of the procedure is to ensure that impurities are adequately controlled. Hence, a certificate will often include additional tests and specifications to be conducted for a given active substance from a specific source in addition to the mandatory pharmacopeial tests.

In 1997, it was decided that it would be prudent not only to rely on paper assessment, but also to include inspections of manufacturing sites and processes. Based on a mandate from the European Commission, EDQM is now running GMP inspections for APIs—these inspections also assess compliance with the dossier. Inspections are normally conducted by a team of inspectors from EDQM and European national competent authorities. These inspections completely follow EU rules. This means that inspections of API manufacturing sites are not done routinely, but following a risk-based selection of sites according to the triggers identified at a European level and published... on the EMEA website.

Table I: Legislation and programs targeting the global pharmaceutical supply chain.

EDQM today faces a situation where the vast majority of inspections are conducted outside of Europe, predominantly in India and China, reflecting the global shift in API production. The outcome of the inspections indicates the need for closer surveillance. In 2008, EDQM conducted 28 on-site inspections, leading to 16 certificates (CEPs) being suspended. Between January 209 and June 2009, EDQM performed 17 inspections, leading to 8 certificate suspensions. This means that 35% of the sites covered were found to be non-GMP compliant. It is important to stress that this is not representative of the entire API market. In contrast, it does indicate that the triggers used in the risk-based approach in the selection of inspection sites are the right ones.

In the case of a negative inspection outcome, European competent authorities and the local competent authority of the country where the inspection took place are informed (local inspectorates are routinely invited to participate in any inspection performed in their respective country). The competent authorities then take appropriate action.

As demonstrated by the number of suspended CEPs, there is a clear need for a broader coverage of inspection sites. EDQM therefore welcomes EMEA's pilot project to exchange information on API inspections with the FDA and Australia's Therapeutic Goods Administration. In fact, EDQM participates in this exercise on the European side.... Due to the absence of mutual recognition agreements, it will not be possible to take action based on information received from the partners in this pilot project. However, the information received from the partners will be very useful when applying risk-based selection of sites for inspection. For example, why should a site already covered by a partner and found to be GMP-compliant be high on the priority list of another partner?

Industry qualified importers proposal

Current EU pharmaceutical legislation requires the qualified person (QP) of the holder of the manufacturing authorization certify that all API used in the product has been manufactured according to GMP.

This has to be certified in every single marketing authorization application or subsequent variation. Based on the outcome of inspections carried out in the framework of EDQM's certification scheme, I have the impression that not all QPs really take their responsibility serious enough to ensure an audit—else it would be difficult to explain why we still see so many deficiencies. The planned revision of the pharmaceutical legislation, the EU Pharmaceutical Package, is [expected] to explicitly require the performance of audits. The draft legislation requires that any contracted auditor be accredited by the national competent authority of a member state. Hence, the draft legislation foresees more stringent requirements for the future. Based on our experience in conducting inspections of API manufacturing site, we consider this a move into the right direction.