An insight that presents best practices that organizations require to adopt for enhancing product safety and quality
Peter Murray - Quality Assurance and GMP Compliance Expert
Keri Dawson - VP, ComplianceOnline Advisory Services, MetricStream Inc
As markets become more connected and globalized, supply chain outsourcing has increased, especially in industries such as Pharmaceuticals, Life Sciences, Medical Devices, Healthcare, nd Consumer Products. Several factors are contributing to this trend. Firstly, organizations are looking for more capacity without major capital investment or access to a specialized capability to meet specific consumer demand. Often, they require a local market presence to help customers access their products at an economically acceptable cost. Cost containment also has to be actively managed by all businesses. Whatever the reason, supply chain outsourcing is gaining increasing popularity.
Yet there are many complexities involved - particularly with relation to product safety and regulatory compliance issues. Large organizations may manage hundreds of suppliers who, in turn have their own supply chains. Monitoring and managing product safety and regulatory compliance across this complex network challenging, to say the least. If not effectively handled, it can adversely affect consumers and patients, and result in negative business impacts such as recalls, withdrawal of licenses, financial penalties, and reputational damage.
It is critical, therefore, to have robust practices and systems to proactively manage supplier risks and to ensure product safety and regulatory compliance.
Building Robust Supplier Relationships
Safety and quality issues are like banana skins. Slip on them, and it is almost inevitable that the business will be adversely affected. Anticipation and effective risk management are the best ways to avoid these “banana skins.”
It all starts with keeping the end in mind - the end being the needs of the patients or consumers. They need and expect products that are safe, effective, consistently available, and affordable.
Choosing a supplier who has the facilities and capabilities to meet those requirements is a critical step. The process should start with an evaluation of the market. Inputs for this evaluation can be gleaned from previous experiences with various suppliers, as well as structured questionnaires.
After credible candidates have been identified, organizations should conduct due diligence visits to help shortlist the preferred suppliers with whom they can commence detailed contract discussions. Since organizations are entrusting their Intellectual Property (IP) and reputation to another company, it’s important to choose a supplier who can be trusted.
Many organizations make the mistake of thinking that they can easily hire a new supplier who is better than their existing one. They underestimate the time, effort, and costs needed to build relationships and manage the additional complexity of new suppliers. Retention of existing suppliers may be the most costeffective option unless their quality, regulatory compliance, or service levels are a persistent cause for concern.
Once a supplier has been shortlisted, the customer organization should make sure that all expectations are well communicated and understood by both parties. The suppliers should be willing to work with the customer towards accepting and managing supply chain complexities, ensuring regulatory compliance, and delivering safe products.
The levels of cooperation should be clearly defined, with finite boundaries set around commitment. Misunderstandings between either party about what is and isn’t on offer can lead to unpleasant future disputes which, in turn, could impact safety, regulatory compliance, and product supply.
Contracts with suppliers should clearly set forth the agreements regarding service, quality, and costs. One of the most critical elements in any contract is the quality agreement which defines requirements for product safety, quality, and compliance with organizational policies. It is an explicit legal requirement in many jurisdictions.
Quality agreements typically have two key components:
- General principles of Current Good Manufacturing Practices (cGMP) compliance applied to all products
- Market-specific compliance commitments for processes, specifications, and shelf life
Regulators are very interested in quality agreements, and often review them in regulatory inspections. They want to ensure that the agreement defines robust systems to make the contract giver is well-aware of anything that could potentially affect product safety and efficacy in the supply chain. Regulators also require evidence that these systems are being routinely used.
Technology can play a key role in managing and organizing contracts and agreements. It helps streamline the entire contract management process - right from defining contracts and service level agreements, to identifying contract issues, and monitoring their remediation. Technology also helps improve the efficiency and effectiveness of individual tasks such as managing contract risks, and tracking contract compliance.
Conducting Approval Audits
In line with regulatory requirements, third-party suppliers should be assessed through approval audits.
These audits help determine if:
- Supplier systems are able to consistently deliver products that meet certain standards of safety, quality, and efficacy
- Staff are well-qualified and have the required experience
- Facilities meet the required quality standards and have the required capacity
- Appropriate measures for validation and control of change (both planned and unplanned) are in place
Risk scorecards, surveys, and certification tools are extremely useful in supplier approval audits. They help ensure consistency in supplier evaluations based on various factors such as quality, delivery, cost, responsiveness, innovation, risk, and Corporate Social Responsibility (CSR).The resulting information assists organizations in confidently approving or rejecting a particular supplier, while also identifying potential areas of concern or improvement.
Ensuring Clarity of Communication
American politician and businessman, Donald Rumsfeld, once said, “…I don’t know what I said, but I know what I think, and, well, I assume it’s what I said…”
Clearly, there could be a stark difference between what people say, or thought they said, and what listeners comprehend. Such gaps in communication can often lead to catastrophes. For instance, an organization may fail to communicate new regulatory requirements to a supplier, while the supplier may avoid telling the organization about the quality issues they have been facing. This can have an adverse, cascading effect on quality across the supply chain, typical in outsourcing.
The challenge is compounded when different corporate and national cultures come together in the supply chain. They can potentially, adversely, and significantly affect the clarity and timeliness of communication. Therefore, it is critical to be careful about how quality or regulatory requirements are communicated, especially with suppliers spread across other countries. Even with a universal language such as English, there may be differences in idioms across geographical boundaries which could result in miscommunication. Communication lines and responsibilities should be well-defined, and organizations should check at regular intervals that the information shared with their suppliers has been clearly understood.
An integrated web-based supplier management system with multi-language capabilities significantly assists organizations in bringing together suppliers from across the globe, in a common framework. It enables them to establish consistent policies and procedures for communicating with suppliers. It also helps them collate data on compliance with these procedures, which helps in improving collaboration with suppliers, and achieving the goal of better supplier performance.
Dealing with Regulatory Scrutiny
Regulators want to know if the products provided by suppliers conform to applicable laws and registered commitments. If a product quality issue arises, it isn’t only the suppliers who are targeted by regulators. The organization which selected the supplier (and who often has the legal responsibility for the product in the market) will also be a target. Therefore, it is up to these organizations to closely monitor all their suppliers, and ensure that they are effectively managing product quality and compliance. They should be in a position to provide evidence of the mechanisms that are in place to manage product quality or safety incidents. Regulators want to see clear reporting lines and procedures, prompt and thorough product investigations, welldefined responsibilities for decision-making, and effective recall procedures.
While interacting with regulators, it is important to “gift wrap” complex details about processes, issues, and systems to minimize the chances of misunderstanding which may lead to adverse regulatory citations. Organizations should be well-prepared for regulatory examinations, with all relevant compliance areas regularly reviewed in advance.
For most regulatory findings, a plan for Corrective Action/Preventive Action (CAPA) is required by regulators. The CAPA document should be clearly worded, with complete details of the issues raised. If the document is unclear or incomplete, it might suggest a lack of commitment which could be fatal.
Once the CAPA plan is agreed upon, it should be implemented and monitored against a predefined timetable. Failure to meet commitments on time and in full could invite regulatory sanctions.
Electronic CAPA management systems can be of assistance to large organizations for effective management of multiple CAPA activities spread over a complex supply chain.
Managing Regulatory Intelligence
Regulatory requirements around product safety and quality are constantly changing in response to trends in the business environment. Tracking these changes and updates can be extremely difficult. But this is where technology can help. It bridges the gap between internal compliance programs and the dynamic regulatory environment. More importantly, it can help to ensure timely implementation of the right set of activities to align the compliance program with regulatory changes.
A whole range of elements need to be monitored and managed for supplier risk, including financial stability, technical capability, delivery performance, regulatory compliance, quality, and IP. If these risks are not effectively managed, they can result in serious supplier failures, which in turn, can have a devastating impact on the customer organization’s profitability and reputation.
While there is no one-size-fits-all approach to managing supplier risk, there are certain important risk management principles such as defining key qualitative and quantitative risk factors. Using technology, these risk factors can be closely mapped to a library of risks to clearly outline the organization’s risk profile.
Not all risks are equally important - for each risk in the profile, risk ranking prioritizes risks, while “what-if” analyses allow organizations to efficiently manage the potential consequences of future uncertainties.
Risk mitigation strategies need to be defined, including control implementation, monitoring, and testing, and supplier audits. A centralized technology framework helps in streamlining and systematizing these processes. It also helps save time and resources while enabling ongoing monitoring and reporting of the effectiveness of the risk mitigation strategies.
Addressing Product Safety Incidents
It isn’t enough to simply respond to a safety incident when, and only when it occurs. Regulators expect and will check for evidence that robust processes and systems have been implemented to monitor the incidence of safety incidents, investigate their root causes, implement corrective actions, and follow up.
There are three types of incidents where effective safety management is critical - adverse drug events, recalls, and customer complaints. Managing these incidents effectively requires a common understanding of responsibilities between the customer and the supplier - who is responsible for the product, who is responsible for decision-making, and who is responsible for communicating with regulators, customers, and the media.
If a recall is required, there are often legal obligations related to the timing of responses/ action. Incident management systems should ensure that these obligations are consistently met.
A robust formal system helps manage product safety incidents effectively. The system must be able to enforce clear lines of authority for decision-making, and clarify who will be responsible for communication, how, and within what timescale. The system should also be able to provide enterprise-level visibility into each safety incident, so that it can be effectively prioritized, investigated, and tracked to closure. Ideally, it should enable information sharing across suppliers to ensure that the root causes of an incident identified at one point of the supply chain are eliminated from all supply chain elements, preventing future issues.
If a product needs to be recalled, the system should be able to establish a closed-loop approach to capturing recall details, collaborating with the responsible suppliers, assigning tasks, finalizing an action plan, and accelerating the preparation of reports for review and submission to the appropriate regulatory authority. This helps ensure that nothing slips through the gaps, and that the recall management process is as efficient as possible.
Best Practices for Enhancing Product Safety and Quality
- Recognize the potential complexity of a supply chain
- Take the time to involve all stakeholders in supplier selection and contract definition
- Accurately communicate expectations to suppliers
- Ensure that the standards implemented at the supplier location are at least as good as those in your organization
- Remember that risks change over time. Regularly review your systems and processes to ensure that they remain current
- Leverage technology to:
- Streamline supplier selection, ensure consistency, and enable collaboration
- Track and interpret regulations
- Pre-empt risk, and implement appropriate controls
- Define and implement action plans for adverse events such as product recalls and customer complaints
- Streamline audit programs, and identify gaps
Building and maintaining a brand that is reputed for its reliability in today’s complex business environment requires a consistent and safe supply of products with no unpleasant surprises. Achieving this objective requires robust and collaborative supplier governance processes, enabled by technology, and focused on continuous improvement. Such an approach improves visibility into product safety and quality at the enterprise level. It also aligns supplier governance with business strategy to enhance decisionmaking, and improve business performance and profitability.