The product license holder must have a supplier oversight system in place, says Siegfried Schmitt, PhD, vice president, Technical, Parexel.
Q. According to our quality management system, we assess the suitability of all our suppliers in one way or another. Is this sufficient with regards to supplier oversight?
A. The supply chain for pharmaceutical products is complex and involves many actors, often in different countries and jurisdictions. Importantly, the ultimate responsibility for the product and its quality always remain with the Marketing Authorization Holder (MAH) (i.e., the license holder). Therefore, the MAH must have a supplier oversight system in place that assures that any materials (e.g., excipients), equipment (e.g., laboratory instruments), or services (e.g., transport and storage) meet the appropriate quality requirements and specifications. Such a supplier oversight system, which obviously is part of the pharmaceutical quality system (PQS) (1), must comply with the applicable rules and regulations for the good practices (e.g., good manufacturing practices). That this is by far not always a given is demonstrated by the regulatory agency inspection observations, such as those made public in warning letters by FDA (2).
The question is not whether we can trust a supplier, but what controls one must put in place to be able to trust said supplier. A risk-based approach (3) is required. This is where companies can do too little (non-conforming with the regulations) or too much (waste of valuable resources). This is best demonstrated with two examples.
Company A relies on the Certificates of Analysis (CoAs) from their suppliers for raw materials, including excipients and APIs without performing any incoming tests. The company argued that they only buy from reputable suppliers. However, FDA insists on at least identity testing and additional testing depending on the criticality of the material: “Without adequate testing, you do not have scientific evidence that your raw materials conform to appropriate specifications prior to use in the manufacture of drug products. As a manufacturer, you have a responsibility to sample, test, and examine drug components before use in production to assure adequate product quality” (4).
Whereas, Company B performs a large amount of testing. For example, the microbiology laboratory purchases media and performs several incoming tests, including identity and mycoplasma testing. The media is in use with a large number of pharmaceutical companies globally and comes with a CoA that covers mycoplasma testing. The company needs to assess if the risk from the media warrants mycoplasma testing. A review of testing data showed that there never had been an issue with the media. Equally, an Internet search found no evidence of any issues with that media. Furthermore, the supplier is qualified by the contract giver, and an identity test is always performed when the media is received. Thus, this testing is not necessary.
It requires experience and expertise to devise a supplier oversight system that is compliant and optimized. Such a system assures that all activities, including supplier audits, material testing, etc., are risk-based, meet the minimum legal requirements, and are of a manageable complexity. This means, for example, that suppliers are assigned to risk categories. Therefore, risk assessments don’t have to be performed for each supplier, only for each supplier category. Such systems need to be reviewed, revised, and updated based on the company’s evolving needs and any changes in the regulations and their interpretation.
Siegfried Schmitt, PhD, is vice president, Technical at Parexel.
Pharmaceutical Technology®
Vol. 48, No. 11
November 2024
Page: 34
When referring to this article, please cite it as Schmitt, S. The Importance of Appropriate Supplier Oversight. Pharmaceutical Technology 2024 48 (11).