Process Architecture

Building a good process requires clear ownership and a deliberate plan. There is a fair amount of work that goes into it, which can be broken down as follows:

   
Category   
   
Sub-category   
   
Basic theme   
   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   
Planning   
   

   

   

   
Process
   
Measurement   
   
Identify,   design, and implement balanced   process metrics and measurement   
   
Implement process   metrics and   measurement reporting mechanisms   
   
Identify and implement KPIs   (And KRIs)    aligned   to process   
   
Evaluate cycle times   and identify potential wastes   
   
Align   level and recognition of people involved in the   process to align with process   
   

   
Customer
   
Experience   
   
Process design   with customer interaction trigger mechanisms   
   
Design process in line with customer expectations   
   
Identify customer process performance expectations   
   
Design customer entry points and   define transaction types   
   

   

   

   
Process Change   
   
Identify incremental and re-engineering process   enhancement opportunities with staff involvement   
   
Design process with minimal process   hand-off’s   
   
Create and execute process improvement plans   
   
Identify process   automation opportunities   
   
Pilot process   design to ensure meeting performance objectives   
   
Governance   
   
Design efficient process with   governance & internal control considerations   
   
Capacity   
   
Conduct demand   and capacity planning   activities   
   

   

   
Staff Training   
   
Develop and conduct staff   training initiatives in line with customer,
   
process, product, and systems expectations   
   
Develop skills   matrix and staff capability requirements in line with process design   
   
Technology   
   
Define technology enablers   
   
Alignment   
   
Align process objectives with organizational goals   
   
Change
   
Management   
   
Engage impacted stakeholders on process changes   
   

   

   

   

   

   
Control   
   

   

   
Process
   
Measurement   
   
Process performance monitoring   
   
Report on process and staff performance with utilization of visual management tools   
   
Obtain continuous customer satisfaction and expectation of process   
   
Active management of process exceptions   
   
Monitor staff performance metrics   
   

   
Process Change   
   
Identify process   improvement opportunities on a continuous basis   
   
Focused process hand-off management and   tracking   
   
Capacity   
   
Demand and capacity planning and monitoring   
   

   

   
Governance   
   
Process Change   
   
Process maintenance and continuous update   
   
Define and conform to process documentation standards   
   
Change
   
Management   
   
Process communication and awareness   
   
Staff Training   
   
Utilize process documentation knowledge to facilitate staff training   

Like any activity, it helps to document it. I use a template like this.

Managing Events Systematically

Being good at problem-solving is critical to success in an organization. I’ve written quite a bit on problem-solving, but here I want to tackle the amount of effort we should apply.

Not all problems should be treated the same. There are also levels of problems. And these two aspects can contribute to some poor problem-solving practices.

It helps to look at problems systematically across our organization. The iceberg analogy is a pretty popular way to break this done focusing on Events, Patterns, Underlying Structure, and Mental Model.

Iceberg analogy

Events

Events start with the observation or discovery of a situation that is different in some way. What is being observed is a symptom and we want to quickly identify the problem and then determine the effort needed to address it.

This is where Art Smalley’s Four Types of Problems comes in handy to help us take a risk-based approach to determining our level of effort.

Type 1 problems, Troubleshooting, allows us to set problems with a clear understanding of the issue and a clear pathway. Have a flat tire? Fix it. Have a document error, fix it using good documentation practices.

It is valuable to work the way through common troubleshooting and ensure the appropriate linkages between the different processes, to ensure a system-wide approach to problem solving.

Corrective maintenance is a great example of troubleshooting as it involved restoring the original state of an asset. It includes documentation, a return to service and analysis of data. From that analysis of data problems are identified which require going deeper into problem-solving. It should have appropriate tie-ins to evaluate when the impact of an asset breaking leads to other problems (for example, impact to product) which can also require additional problem-solving.

It can be helpful for the organization to build decision trees that can help folks decide if a given problem stays as troubleshooting or if it it also requires going to type 2, “gap from standard.”

Type 2 problems, gap from standard, means that the actual result does not meet the expected and there is a potential of not meeting the core requirements (objectives) of the process, product, or service. This is the place we start deeper problem-solving, including root cause analysis.

Please note that often troubleshooting is done in a type 2 problem. We often call that a correction. If the bioreactor cannot maintain temperature during a run, that is a type 2 problem but I am certainly going to immediately apply troubleshooting as well. This is called a correction.

Take documentation errors. There is a practice in place, part of good documentation practices, for addressing troubleshooting around documents (how to correct, how to record a comment, etc). By working through the various ways documentation can go wrong, applying which ones are solved through troubleshooting and don’t involve type 2 problems, we can create a lot of noise in our system.

Core to the quality system is trending, looking for possible signals that require additional effort. Trending can help determine where problems lay and can also drive up the level of effort necessary.

Underlying Structure

Root Cause Analysis is about finding the underlying structure of the problem that defines the work applied to a type 2 problem.

Not all problems require the same amount of effort, and type 2 problems really have a scale based on consequences, that can help drive the level of effort. This should be based on the impact to the organization’s ability to meet the quality objectives, the requirements behind the product or service.

For example, in the pharma world there are three major criteria:

  •  safety, rights, or well-being of patients (including subjects and participants human and non-human)
  • data integrity (includes confidence in the results, outcome, or decision dependent on the data)
  • ability to meet regulatory requirements (which stem from but can be a lot broader than the first two)

These three criteria can be sliced and diced a lot of ways, but serve our example well.

To these three criteria we add a scale of possible harm to derive our criticality, an example can look like this:

ClassificationDescription
CriticalThe event has resulted in, or is clearly likely to result in, any one of the following outcomes:   significant harm to the safety, rights, or well-being of subjects or participants (human or non-human), or patients; compromised data integrity to the extent that confidence in the results, outcome, or decision dependent on the data is significantly impacted; or regulatory action against the company.
MajorThe event(s), were they to persist over time or become more serious, could potentially, though not imminently, result in any one of the following outcomes:  
harm to the safety, rights, or well-being of subjects or participants (human or non-human), or patients; compromised data integrity to the extent that confidence in the results, outcome, or decision dependent on the data is significantly impacted.
MinorAn isolated or recurring triggering event that does not otherwise meet the definitions of Critical or Major quality impacts.
Example of Classification of Events in a Pharmaceutical Quality System

This level of classification will drive the level of effort on the investigation, as well as drive if the CAPA addresses underlying structures alone or drives to addressing the mental models and thus driving culture change.

Mental Model

Here is where we address building a quality culture. In CAPA lingo this is usually more a preventive action than a corrective action. In the simplest of terms, corrective actions is address the underlying structures of the problem in the process/asset where the event happened. Preventive actions deal with underlying structures in other (usually related) process/assets or get to the Mindsets that allowed the underlying structures to exist in the first place.

Solving Problems Systematically

By applying this system perspective to our problem solving, by realizing that not everything needs a complete rebuild of the foundation, by looking holistically across our systems, we can ensure that we are driving a level of effort to truly build the house of quality.

Q9 (r1) Risk Management Draft

Q9 (r1) starts with all the same sections on scope and purpose. There are slight differences in ordering in scope, mainly because of the new sections below, but there isn’t much substantially different.

4.1 Responsibilities

This is the first major change with added paragraphs on subjectivity, which basically admits that it exists and everyone should be aware of that. This is the first major change that should be addressed in the quality system “All participants involved with quality risk management activities should acknowledge, anticipate, and address the potential for subjectivity.”

Aligned with that requirement is a third bullet for decision-makers: “assure that subjectivity in quality risk management activities is controlled and minimised, to facilitate scientifically robust risk-based decision making.”

Solid additions, if a bit high level. A topic of some interest on this blog, recognizing the impact of subjectivity is critical to truly developing good risk management.

Expect to start getting questions on how you acknowledge, anticipate and address subjectivity. It will take a few years for this to work its way through the various inspectorates after approval, but it will. There are various ways to crack this, but it will require both training and tools to make it happen. It also reinforces the need for well-trained facilitators.

5.1 Formality in Quality Risk Management

“The degree of rigor and formality of quality risk management should reflect available knowledge and be commensurate with the complexity and/ or criticality of the issue to be addressed.”

That statement in Q9 has long been a nugget of long debate, so it is good to see section 5.1 added to give guidance on how to implement it, utilizing 3 axis:

  • Uncertainty: This draft of Q9 utilizes a fairly simple definition of uncertainty and needs to be better aligned to ISO 31000. This is where I am going to definitely submit comments. Taking a straight knowledge management approach and defining uncertainty solely on lack of knowledge misses the other element of uncertainty that are important.
  • Importance: This was probably the critical determination folks applied to formality in the past.
  • Complexity: Not much said on complexity, which is worrisome because this is a tough one to truly analyze. It requires system thinking, and a ot of folks really get complicated and complex confused.

This section is important, the industry needs it as too many companies have primitive risk management approaches because they shoe-horn everything into a one size fits all level of formality and thus either go overboard or do not go far enough. But as written this draft of Q9 is a boon to consultants.

We then go on to get just how much effort should go into higher formality versus lower level of formality which boils down to higher formality is more stand alone and lower formality happens within another aspect of the quality system.

5.2 Risk-based Decision Making

Another new section, definitely designed to align to ISO 9001-2015 thinking. Based on the level of formality we are given three types with the first two covering separate risk management activities and the third being rule-based in procedures.

6. INTEGRATION OF QUALITY RISK MANAGEMENT INTO INDUSTRY AND REGULATORY OPERATIONS

Section 6 gets new subsection “The role of Quality Risk Management in addressing Product Availability Risks,” “Manufacturing Process Variation and State of Control (internal and external),” “Manufacturing Facilities,” “Oversight of Outsourced Activities and Suppliers.” These new subsections expand on what used to be solely a list of bullet points and provide some points to consider in their topic area. They are also good things to make sure risk management is built into if not already there.

Overall Thoughts

The ICH members did exactly what they told us they were going to do, and pretty much nothing else. I do not think they dealt with the issues deeply and definitively enough, and have added a whole lot of ambiguity into the guidance. which is better than being silent on the topic, but I’m hoping for a lot more.

Subjectivity, uncertainty, and formality are critical topics. Hopefully your risk management program is already taking these into account.

I’m hoping we will also see a quick revision of the PIC/S “Assessment of Quality Risk Management Implementation” to align to these concepts.

ICH Q9 Risk Management (r1) in consultation

ICH Q9 (r1) is in step 2, which means it is out for comments.

Section 5, “Risk Management Methodology” is greatly expanded, with a discussion on just what level of formality means in risk management using three criteria of uncertainty, complexity, and importance. Section 5 then goes into risk based decision making to a greater depth than seen previously in guidances.

Section 6 is greatly expanded as well.

I need to read this in more depth before providing a deeper analysis.

Understanding How to Organize Process

Process drives the work we do. We can evaluate processes on two axis – complexity and strategy – that help us decide the best way to manage and improve the processes.

Process by Complexity and Strategy

Process complexity and dynamics are what types of tasks are involved in the process. Is it a simple, repetitive procedure with a few rules for handling cases outside of normal operation? Or is it a complex procedure with lots of decision points and special case rules? Think of this like driving somewhere. Driving to your local grocery is a simple procedure, with few possibilities of exceptions. Driving across the country has a ton of variables and dynamism to it.

While complexity can help drive the decision to automate, I strongly recommend that when thinking about it don’t ask if it can be automated, only ask what would be involved if a human were to do the job or how it is done with current technologies. Starting with the answer of automation leads to automation for automation’s sake, and that is a waste.

Dynamics is how much the process changes – some change rarely while others change rapidly to keep pace in response to changes in product or external factors (such as regulations).

Strategic importance asks about the value the process contributes to meeting requirements. Is the process a core competency, or an enabling process that needs to be accomplished to ensure that you can do something else that meets the core requirements? Needless to say, one company’s strategic process is another company’s routine process, which is why more and more we are looking at organizations as ecosystems.

Processes are in a hierarchy, and we use levels to describe the subdivision of processes. We’ve discussed the difference between process, procedure and task. At the process level we usually have the high-level process, the architecture level, which are the big things an organization does (e.g. research, manufacture, distribute), mid-level processes that are more discrete activities (e.g. perform a clinical study) to even more discrete processes (e.g. launch a study) which usually have several levels (e.g. select sites, manage TMF) to finally procedure and task.

Level of ProcessIncludesKey Ways to Address
High-Level ProcessHow key objectives are met, highly cross functionalOrganization design. System Design
Mid-level ProcessHow a specific set of departments do their major work blocksProcess Improvement
Low-level processHow individuals conduct their work in sub-blocksKnowledge management, task analysis, training
Levels of Process

To truly get to this level of understanding of process, we need to understand just what our process is, which is where tools like the SIPOC or Process Scope diagram can come in handy.

Process Scope Diagram

To understand a process we want to understand six major aspects: Output, Input, Enablers, Controls, Process Flow, People.

Complex and Complicated as Tools for Process Understanding

Simple processes usually follow a consistent, well-defined sequence of steps with clearly defined rules. Each step or task can be precisely defined, and the sequence lacks branches or exceptions.

More complicated processes involve branches and exceptions, usually draw on many rules, and tend to be slightly less defined. Complicated processes require more initiative on the part of human performers.

Complex processes are ones that require a high level of initiative and creativity from people. These processes rapidly change and evolve as time passes. Successful performance usually requires a connection to an evolving body of knowledge. They are highly creative and have a large degree of unpredictability. Most complex processes are viewed at the system level.

Sources

  • Benedict, T. et al. BPM CBOK Version 4.0: Guide to the Business Process Management Common Body of Knowledge. ABMP International, 2019.
  • Harmon, Paul. Business Process Change. Morgan Kaufmann, 2019.
  • Nuland, Y. and Duffy, G. Validating a Best Practice. Productivity Press, 2020