Enterprise quality management systems can help shift the quality emphasis from corrective to preventive actions.
Having a robust corrective action and preventive action (CAPA) system in place is essential to ensure that the drug products are safe and effective. Inadequate CAPA procedures, however, continue to be a top compliance observation cited by FDA during inspections and warning letters.
CAPA started as an International Organization for Standardization (ISO) term and has been adopted by FDA as well as other global regulatory authorities. ICH Q10, a global guidance document from the International Conference on Harmonization (ICH) regarding quality systems for the pharmaceutical industry, has been adopted as the standard by most nations’ regulatory authorities. ICH Q10 defines the four elements of a pharmaceutical quality system: process performance and product quality monitoring system; CAPA system; change management system; and a process for management review of quality issues. Core to these four elements is the CAPA system, because this is the source of information for the other three.
A CAPA process begins with an event that may indicate that there has been a product related non-conformance event. These events can be discovered if a deviation happens during the manufacturing process, an issue is discovered during an audit or laboratory testing, or from customer complaints. Complaints are particularly troubling because they mean a potential product problem has been released to the market.
In many companies, auditing, manufacturing and laboratory issues, and complaints are tracked and managed in unconnected systems. These disparate processes may be managed differently by R&D, manufacturing, and supply chain management. Sometimes processes may vary from product to product. Also, it is not uncommon for companies to have different systems in place in different regions. These point solutions are disconnected and make it difficult to provide accurate quality information for the required management review.
Some companies have created global standard operating procedures (SOPs) for their quality processes, but still track and manage these processes in different systems. SOPs provide more control than a disparate system described previously, because management is able to understand where in the process issues are happening. With the data in different systems designed by different groups, however, these companies are not always comparing apples to apples.
More mature companies have implemented related quality processes on a single platform, following a single process. This integration allows global visibility into potential problems and makes management review easy because there is a global system following the same processes for a single source of truth. An enterprise quality management system (EQMS) provides for fact-based decision making.
Some companies have taken EQMS systems a step further and integrated them with the other core strategic platforms. An example of an integrated approach is a laboratory information system (LIMS) that detects a non-conformance event in a manufactured product. The LIMS system automatically creates a deviation record in the EQMS system. If the deviation is related to a batch, the EQMS can automatically put a quality hold on the product in the company’s enterprise resource planning (ERP) system, where product release is controlled. Once a quality investigation is concluded in EQMS, the results can automatically update ERP to release, remanufacture, or destroy the batch in question. A quality system maturity model is illustrated in Figure 1.
In many companies, quality is thought of as a necessary evil, the internal police force that stands in the way of a product release. In fact, companies that are at level 3 or 4 in the maturity model in Figure 1 have shown dramatic and measurable cost savings. When the root cause of a quality event is discovered, companies can fix it at the point where the issue was discovered, query other systems to see where else in the enterprise those same conditions may exist, and prevent the reoccurrence elsewhere. The ultimate goal of a CAPA system is to be proactive and take more preventive actions than corrective actions, turning the CAPA system into a preventive action/corrective action (PACA) system.
The concepts discussed to this point work well for processes managed and controlled within a pharmaceutical company. Today, outsourcing of materials, research, and manufacturing are the norm. According to FDA, more than 80% of the raw materials used in drugs sold in the US are from offshore (1). Using contract research organizations (CROs) to manage clinical trials has become common practice. As the use of contract manufacturing organizations (CMOs) has risen, so have the number of pharmaceutical product recalls as some companies use CMOs to make part or all of their products (2). According to a Deloitte study across multiple industries (2), the root cause of 52% of all recalls are due to issues at CMOs and third parties, including CROs, packagers, and raw material suppliers.
The pharmaceutical industry relies on quality agreements and contracts to ensure that these third-party suppliers and CMOs are manufacturing according to GMPs and reporting quality issues. To collect information and data from third parties for CAPAs, investigations, and analysis, companies may use emails, phone calls, and other correspondence. Then, someone in the pharmaceutical company must accurately enter this information into a system so it can be used in the CAPA process. This same information is also critical to scoring suppliers and for the required management review of product quality issues.
The Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012 changed the rules for oversight and inspection of the pharmaceutical industry and, along with existing regulations, pays closer attention to outsourcing and the global supply chain. FDA and the European Medicines Agency expect pharmaceutical companies to assure that suppliers are following GMPs and have CAPA processes in place with written proof through audits. FDA has cited companies for not extending their quality and CAPA systems to their supplier and contractor network. In a warning letter dated Sept. 3, 2014, a pharmaceutical company was cited for not investigating or putting CAPAs in place with effectiveness checks for deviations at a CMO. FDA found the company had no procedures in place to manage quality issues at suppliers. The company also was found to be out of compliance for not measuring complaints or having a CAPA process related to complaints; in addition, these complaints were not part of key performance indicators in the management review process. Finally, it was found that the company was not auditing key suppliers and contract manufacturers according to its SOPs (3).
Companies can continue to be at risk by manually handling CAPA and quality information from suppliers. An alternative is to use technology to extend an EQMS to their network of suppliers and contractors. A cloud-based system can include third parties in a CAPA process without giving them access to a company’s internal systems and network. The third parties can perform investigations, CAPAs, respond to audit observations, and more by entering data in a secure system that is automatically entered it in the company’s EQMS. EQMS is the system of record and the single source of truth. All of the quality data can be managed and analyzed in one place. Mobile applications allow data to be entered remotely via smartphone or tablet. Figure 2 shows an EQMS can look; a CAPA system that delivers critical quality information from within the company’s four walls, as well as its supply chain of third parties.
References
About the Author
KR Karu is industry solution director of Sparta Systems, Inc., marketing@spartasystems.com.