Leverage the CPGP for Quality Maturity

The ASQ’s Certified Pharmaceutical GMP Professional Certification is under-valued. The ASQ really needs to step up and place itself in the forefront of quality culture and maturity, utilizing this certification, as a center-piece. I don’t think there is really a comparable certification on the market and I am continually puzzled why there has not been more adoption.

Let’s break down the ten-points in the St Gallen’s FDA Quality Metrics project and how they link to the body of knowledge behind the CPGP.

Optimized set-up and cleaning procedures are documented as best practice process and rolled out throughout the whole plant.

Cleaning is pretty strong within section IV, Infrastructure: Facilities, Utilities, Equipment, starting with C. Equipment which includes:

Equipment layout. Determine the layout of equipment to minimize the risk of errors, to facilitate effective cleaning and maintenance, and to avoid contamination or any other undesired effect on product quality. (Apply)
Equipment cleaning and maintenance. Review procedures and schedules for equipment cleaning, maintenance, and, where necessary, sanitization to ensure that they meet requirements. (Apply)
Equipment cleaning validation or verification. Evaluate the need and methodology for product-contact cleaning validation and/or verification. (Evaluate)
Equipment change control. Verify that change control has maintained the qualified state of equipment. (Apply)

And section F, General Cleaning, Sanitization, and Sterilization Systems

Cleaning procedures. Review cleaning procedures in accordance with cleaning validation, whenever validation is required and performed. (Apply)
Sanitization procedures. Review sanitization procedures for facilities and equipment, and ensure all are in accordance with any required validation studies, including details on cleaning schedules, methods, equipment, materials, sanitizers, disinfectants, sporicides, and sterilants. (Apply)
Pest control. Review and verify that a pest control program is in place and that it uses authorized rodenticides, insecticides, fungicides, fumigating agents, and appropriate traps for pest elimination. (Apply

A large percentage of equipment on the shop floor is currently under statistical process control.

Section VIII. Product Development and Technology Transfer, is strong here, though I recommend that section IV, Infrastructure: Facilities, Utilities, Equipment have material added here.

For root cause analysis, the firm has standardized tools to get a deeper understanding of the influencing factors for problems.

Section II, Quality Systems. The ASQ is strong in root cause analysis, and this is one of those areas where thinking of the CPGP as a industry specific to add to a problem solving certification pathway. Subsection F. “Investigations and Corrective and Preventive Action (CAPA)” covers this well with:

Trigger events. Identify events that require: investigation, root cause analysis, and impact assessment both directly and indirectly related to the event. (Evaluate)
Response actions. Define immediate action, corrective action, preventive action, management responsibility, and methods of implementing them. (Evaluate)
CAPA feedback and trending. Describe how CAPA trending is used to modify appropriate quality system elements. (Create)

Goals and objectives of the manufacturing unit are closely linked and consistent with corporate objectives and the site has a clear focus.

Operational controls and monitoring is throughout the CPGP. This is also a great tie-in with the CMQ/OE.

Manufacturers have joint improvement programs with suppliers to increase performance.

Section 2, K Supplier and Contractor Quality Management breaks this nicely down into Supplier Quality Systems, Supplier Controls and Supplier Evaluation.

All potential bottleneck machines are identified and supplied with additional spare parts.

Section 4, C 1 Equipment planning which covers “Equipment planning Review equipment location, design, construction, installation, and maintenance based on the operations to be conducted. (Apply)” and 3 Equipment cleaning and planning “Review procedures and schedules for equipment cleaning, maintenance, and, where necessary, sanitization to ensure that they meet requirements. (Apply) “

For product and process transfers between different units or sites,standardized procedures exist that ensure a fast, stable and compliant knowledge transfer.

Section VII Product Development and Technology Transfer covers this very thoroughly.

Charts showing the current performance status such as current scrap rates and current up times are posted on the shop floor and visible for everyone.

Discussed throughout the body of knowledge is operational controls and failure rates.

The firm regularly surveys customers’ requirements.

Not explicit in the body of knowledge. Much stronger in other certifications, such as CMQ/OE. Probably a good area to get added.

The firm ranks its suppliers and conducts supplier qualifications and audits.

Section 2, K Supplier and Contractor Quality Management breaks this nicely down into Supplier Quality Systems, Supplier Controls and Supplier Evaluation.

ASQ Audit Conference – Day 2 Afternoon

“Risk: What is it? Prove it, show me” by Larry Litke

At this point I may be a glutton for sessions about risk. While I am fascinated by how people are poking at this beast, and sometimes dismayed by how far back our thinking is on the subject, there may just be an element that at an audit conference I find a lot of the other topics not really aligned to my interests.

Started by covering high level definition of risk and then moved into the IS (001:2015’s risk based thinking at a high level, mostly by reading from the standard.

It is good that succession planning is specifically discussed as part of risk-based thinking.

“Above all it is communication” is good advice for every change.

It is an important point that the evidence of risk-based thinking is the actual results and not a separate thing.

This presentation’s strengths was when it focused on business continuity as a form of risk-based thinking.

“Auditing the Quality System for Data Integrity” by Jeremiah Genest

My second presentation of the conference is here.

Overall Impressions

This year’s Audit Division conference was pretty small. I was in sessions with 10 people and we didn’t fill a medium size ballroom. I’m told this was smaller than in past years and I sincerely hope this will be a bigger conference next year, which is back in Orlando. My daughter will be thrilled, and I may be back just to meet that set of user requirements.

I think this conference could benefit from the rigor the LSS Conference and WCQI apply for presentation development. I was certainly guilty here. But way too many presentations were wall-to-wall text.

ASQ Audit Conference – Day 2 Morning

Jay Arthur “The Future of Quality”

Starts with our “Heroes are gone” and “it is time to stand on our two feet.”

Focuses on the time and effort to train people on lean and six sigma, and how many people do not actually do projects. Basic point is that we use the tools in old ways which are not nimble and aligned to today’s needs. The tools we use versus the tools we are taught.

Hacking lean six sigma is along a similar line to Art Smalley’s four problems.

Applying the spirit of hacking to quality.

Covers valuestream mapping and spaghetti diagrams with a focus on “they delays in between.” Talks about how control charts are not more standard. Basic point is people don’t spend enough time with the tools of quality. A point I have opinions on that will end up in another post.

Overcooked data versus raw data – summarized data has little or no nutritional value.

Brings this back to the issue of lack of problem diagnosis and not problem solving. Comes back to a need for a few easy tools and not the long-tail of six sigma.

This talk is very focused on LSS and the use of very specific tools, which seems like an odd choice at an Audit conference.

“Objectives and Process Measures: ISO 13485:2016 and ISO 9001:2015” by Nancy Pasquan

I appreciate it when the session manager (person who introduces the speaker and manages time) does a safety moment. Way to practice what we preach. Seriously, it should be a norm at all conferences.

Connects with the audience with a confession that the speaker is here to share her pain.

Objective – where we are going. Provide a flow chart of mission/vision (scope) ->establish process -> right direction? -> monitor and measure

Objectives should challenge the organization. Should not be too easy. References SMART. Covers objectives in very standard way. “Remember the purpose is to focus the effort of the entire organization toward these goals.” Links process objectives to the overall company objectives.

Process measures are harder. Uses training for an example. Which tells me adult learning practice is not as much as the QBOK way of thinking as I would like. Kilpatrick is a pretty well-known model.

Process measures will not tell us if we have the right process is a pretty loaded concept. Being careful of what you measure is good advice.

“Auditing Current Trends in Cleaning Validation” by Cathelene Compton

One of the trends in 2019 FDA Warning letters has been cleaning. While not one of the four big ones, cleaning validation always seems relevant and I’m looking forward to this presentation.

Starting with the fact that 15% if all observations on 483 forms related to leaning validation and documentation.

Reviews the three stages from the 2011 FDA Process Validation Guidance and then delvers into a deeper validation lifecycle flowchart.

Some highlights:

Stage 1 – choosing the right cleaning agent; different manufacturers of cleaning agents; long-term damage to equipment parts and cleaning agent compatibility. Vendor study for cleaning agent; concentration levels; challenge the cleaning process with different concentrations.

Delves more into cleaning acceptance limits and the importance of calculating in multiple ways. Stresses the importance of an involvement of a toxicologist. Stresses the use of Permitted Daily Exposure and how it can be difficult to get the F-factors.

Ensure that analytical methods meet ICHQ2(R1). Recovery studies on materials of construction. For cleaning agent look for target marker, check if other components in the laboratory also use this marker. Pitfall is the glassware washer not validated.

Trends around recovery factors, for example recoveries for stainless tell should be 90%.

Discusses matrix rationales from the Mylan 483 stressing the need to ensure all toxicity levels are determined and pharmaceological potency is there.

Stage 2 all studies should include visual inspection, micro and analytical. Materials of construction and surface area calculations and swabs on hard to clean or water hold up locations. Chromatography must be assessed for extraneous peaks.

Verification vs verification – validation always preferred.

Training – qualify the individuals who swab. Qualify visual inspectors.

Should see campaign studies, clean hold studies and dirty equipment hold studies.

Stage 3 – continuous is so critical, where folks fall flat. Do every 6 months, no more than a year or manual. CIP should be under a periodic review of mechanical aspects which means requal can be 2-3 years out.

Risk Based Data Integrity Assessment

A quick overview. The risk-based approach will utilize three factors, data criticality, existing controls, and level of detection.

When assessing current controls, technical controls (properly implemented) are stronger than operational or organizational controls as they can eliminate the potential for data falsification or human error rather than simply reducing/detecting it.

For criticality, it helps to build a table based on what the data is used for. For example:

For controls, use a table like the one below. Rank each column and then multiply the numbers together to get a final control ranking. For example, if a process has Esign (1), no access control (3), and paper archival (2) then the control ranking would be 6 (1 x 3 x 2).

Determine detectibility on the table below, rank each column and then multiply the numbers together to get a final detectability ranking.

Another way to look at these scores:

Multiple above to determine a risk ranking and move ahead with mitigations. Mitigations should be to drive risk as low as possible, though the following table can be used to help determine priority.

Risk Rating	Action	Mitigation
>25	High Risk-Potential Impact to Patient Safety or Product Quality	Mandatory
12-25	Moderate Risk-No Impact to Patient Safety or Product Quality but Potential Regulatory Risk	Recommended
<12	Negligible DI Risk	Not Required

In the case of long-term risk remediation actions, risk reducing short-term actions shall be implemented to reduce risk and provide an acceptable level of governance until the long-term remediation actions are completed.

Relevant site procedures (e.g., change control, validation policy) should outline the scope of additional testing through the change management process.

Reassessment of the system may be completed following the completion of remediation activities. The reassessment may be done at any time during the remediation process to document the impact of the remediation actions.

Once final remediation is complete, a reassessment of the equipment/system should be completed to demonstrate that the risk rating has been mitigated by the remediation actions taken. Think living risk assessment.

ASQ Audit Conference – Day 1 Afternoon

I presented on change management and then I spent the afternoon focusing more on ASQ member leader stuff. So not much to report on sessions.

My session, Lessons on Change Management went well. I probably should have cut the slides way back instead of re-purposing slides from a longer presentation, but I think I hit a lot of key points and hopefully it was valuable for folks.

I ended up working the FDC Division table after that, so I skipped the final session of the day. Probably best, after presenting its always hard for me to focus for a little while.

Tomorrow is a full day, and I present on data integrity.