An alternative way to look at uncertainty is offered by Klir, which adds discord to the mix.
Work-As-Prescribed can be a real avenue for all three of these uncertainties. But by using risk management to examine the possibilities of these uncertainties we can truly interrogate. This is one of the things we mean by risk management and knowledge management being bound at the hip as enablers.
To do this we need to make sure that:
There is the management of information quality. Management of information quality is crucial in risk management because uncertainty is prevalent. Uncertainty, as a state for which we lack information, means that uncertainty analysis should play an integral part in risk management to ensure that the uncertainty in the risk management process is kept at a feasible level.
There is explicit management of either existing knowledge that can be applied to improve the quality of the analyses or to improve the knowledge acquired in the process that can be used in the follow-up process. Knowledge management is pivotal to ensuring an effective risk management process by providing context and learning possibilities. In essence, risk management is not just about managing risks – the entire context surrounding the risks must be understood and managed effectively.
In the current world scenario, which is marked by high volatility, uncertainty, complexity, and ambiguity (VUCA), threats are increasingly unforeseen. As organizations, we are striving for this concept of Resilience.
Resilience is one of those hot words, and like many hot business terms it can mean a few different things depending on who is using it, and that can lead to confusion. I tend to see the following uses, which are similar in theme.
The property of a material to absorb energy when deformed and not fracture nor break; in other words, the material’s elasticity.
The capacity of an ecosystem to absorb and respond to disturbances without permanent damage to the relationships between species.
An individual’s coping mechanisms and strategies.
Organizational and Management studies
The ability to maintain an acceptable level of service in the face of periodic or catastrophic systemic and singular faults and disruptions (e.g. natural disasters, cyber or terrorist attacks, supply chain disturbances).
For our purposes, resilience can be viewed as the ability of an organization to maintain quality over time, in the face of faults and disruptions. Given we live in a time of disruption, resilience is obviously of great interest to us.
In my post “Principles behind a good system” I lay out eight principles for good system development. Resilience is not a principle, it is an outcome. It is through applying our principles we gain resilience. However, like any outcome we need to design for it deliberately.
We gain resilience in the organization through levers that can be lumped together as operational and organizational.
The attributes that give resilience are the same that we build as part of our quality culture:
Knowledge management is a key enabler for quality, and should firmly be part of our standards of practice and competencies. There is a host of practices, and one tool that should be in our toolboxes as quality professionals is the Community of Practice (COP).
What is a Community of Practice?
Wenger, Trayner, and de Laat (2011) defined a Community of Practice as a “learning partnership among people who find it useful to learn from and with each other about a particular domain. They use each other’s experience of practice as a learning resource.” Etienne Wagner is the theoretical origin of the idea of a Community of Practice, as well as a great deal of the subsequent development of the concept.
Communities of practice are groups of people who share a passion for something that they know how to do, and who interact regularly in order to learn how to do it better. As such, they are a great tool for continuous improvement.
These communities can be defined by disciplines, by problems, or by situations. They can be internal or external. A group of deviation investigators who want to perform better investigations, contamination control experts sharing across sites, the list is probably endless for whenever there is a shared problem to be solved.
The idea is to enable practitioners to manage knowledge. Practitioners have a special connection with each other because they share actual experiences. They understand each other’s stories, difficulties, and insights. This allows them to learn from each other and build on each other’s expertise.
There are three fundamental characteristics of communities:
Domain: the area of knowledge that brings the community together, gives it its identity, and defines the key issues that members need to address. A community of practice is not just a personal network: it is about something. Its identity is defined not just by a task, as it would be for a team, but by an “area” of knowledge that needs to be explored and developed.
Community: the group of people for whom the domain is relevant, the quality of the relationships among members, and the definition of the boundary between the inside and the outside. A community of practice is not just a Web site or a library; it involves people who interact and who develop relationships that enable them to address problems and share knowledge.
Practice: the body of knowledge, methods, tools, stories, cases, documents, which members share and develop together. A community of practice is not merely a community of interest. It brings together practitioners who are involved in doing something. Over time, they accumulate practical knowledge in their domain, which makes a difference to their ability to act individually and collectively.
The combination of domain, community, and practice is what enables communities of practice to manage knowledge. Domain provides a common focus; community builds relationships that enable collective learning; and practice anchors the learning in what people do. Cultivating communities of practice requires paying attention to all three elements.
Communities of Practice are different than workgroups or project teams.
What’s the purpose?
What holds it together?
How long does it last?
Community of Practice
To develop members’ capabilities. To build and exchange knowledge
Members who share domain and community
Commitment from the organization. Identification with the group’s expertise. Passion
As long as there is interest in maintaining the group
Formal work group
To deliver a product or service
Everyone who reports to the group’s manager
Job requirements and common goals
Until the next reorganization
To accomplish a specific task
Employee’s assigned by management
The project’s milestones and goals
Until the project has been completed
To collect and pass on business information
Friends and business acquantainces
As long as people have a reason to connect
Types of organizing blocks
Establishing a Community of Practice
For a Community of Practice to thrive it is crucial for the organization to provide adequate sponsorship. Sponsorship are those leaders who sees that a community can deliver value and therefore makes sure that the community has the resources it needs to function and that its ideas and proposals find their way into the organization. While there is often one specific sponsor, it is more useful to think about the sponsorship structure that enables the communities to thrive and have an impact on the performance of the organization. This includes high-level executive sponsorship as well as the sponsorship of line managers who control the time usage of employees. The role of sponsorship includes:
Translating strategic imperatives into a knowledge-centric vision of the organization
Legitimizing the work of communities in terms of strategic priorities
Channeling appropriate resources to ensure sustained success
Giving a voice to the insights and proposals of communities so they affect the way business is conducted
Negotiating accountability between line operations and communities (e.g., who decides which “best practices” to adopt)
Communities of Practice need organizational support to function. This support includes:
A few explicit roles, some of which are recognized by the formal organization and resourced with dedicated time
Direct resources for the nurturing of the community infrastructure including meeting places, travel funds, and money for specific projects
Technological infrastructure that enables members to communicate regularly and to accumulate documents
It pays when you use communities of practice in a systematic way to put together a small “support team” of internal consultants who provide logistic and process advice for communities, including coaching community leaders, educational activities to raise awareness and skills, facilitation services, communication with management, and coordination across the various community of practices. But this is certainly not needed.
Process Owners and Communities of Practice go hand-in-hand. Often it is either the Process Owner in a governance or organizing role; or the community of practice is made up of process owners across the network.
Communities of Practice allows its participants to build reputation, a crucial asset in the knowledge economy. Such reputation building depends on both peer and organizational recognition.
Peer recognition: community-based feedback and acknowledgement mechanisms that celebrate community participation
Organizational recognition: rubric in performance appraisal for community contributions and career paths for people who take on community leadership
The US Food and Drug Administration (FDA) last month warned Indian generic drugmaker Lupin Limited over three good manufacturing practice (GMP) violations at its facility in Maharashtra, India that identified issues with the company’s written procedures for equipment cleaning, its written procedures for monitoring and controlling the performance of processing steps and the “failure to investigate all critical deviations.”
The FDA said the company “performed multiple risk assessments with the purpose to verify whether existing cleaning procedures and practices eliminate or reduce genotoxic impurities … generated through the manufacture of [redacted] drugs after you detected [redacted] impurities in your [active pharmaceutical ingredient] API.” The company also performed risk assessments to determine whether its cleaning procedures reduced the risk of cross-contamination of intermediates and API. However, FDA said the risk assessments “lacked data to support that existing equipment cleaning procedures are effective in removing [redacted] along with residual API from each respective piece of equipment to acceptable levels. “The identification of genotoxic impurities in quantities near their established limits suggests excursions are possible. All intermediates and API manufactured on non-dedicated equipment used to manufacture [redacted] drugs should be subject to validated sampling and analytical testing to ensure they are not contaminated with unacceptable levels of genotoxic impurities,” FDA said.
At heart this warning letter shows a major weakness in many company’s risk management approach, they use the risk assessment to replace technical inquiry, instead of as a tool to determine the appropriateness of technical understanding and as a way to manage the uncertainty around technical knowledge.
A significant point in the current Q9 draft is to deal with this issue, which we see happen again and again. Risk management cannot tell you whether your cleaning procedures are effective or not. Only a validated testing scheme can. Risk management looks at the aggregate and evaluates possibilities.
Companies both large and small grapple with how and when to create standard work at the global level, while still having the scalability to capture different GXP activity families and product modality.
Puts the focus on the process and not an individual or team
Makes improvements easier and faster
Global versus Local Process and Procedure in the Document Hierarchy
Most Quality Hierarchies look fairly similar.
Excluding the Program level (which becomes even more important) we can expand the model in the process band to account for global versus local.
Quality Manual and Policy remains global with local input and determine the overall structure of the quality management system.
Global Process is created when a process is majority task and role driven at a global level. It is pan-GXP, pan-modality, pan-geography. It is the standard way of work to drive consistency across and through the organization.
Local Process is created when a process is specific to a specific GXP, product modality, geography.
Procedure, which describes the tasks, can be created off of local or global process. When the global process has localizations (a CAPA is a CAPA but how I build action items may differ across sites), I can build local versions off the global process.
For an example, Document and Record Management.
This approach takes real vision among leaders to drive for consistency and simplicity. This activity is a core component in good system design, no matter the size of the organization.
The system creates value for the multiple stakeholders. While the ideal is to develop a design that maximizes the value for all the key stakeholders, the designer often has to compromise and balance the needs of the various stakeholders.
The value of standard work really shines here.
The degree to which the system components are aligned and consistent with each other and the other organizational systems, culture, plans, processes, information, resource decisions, and actions.
We gain congruence through ensuring key processes are at the global level.
The system is designed to be as convenient as possible for the participants to implement (a.k.a. user friendly). System includes specific processes, procedures, and controls only when necessary.
The discussion around global versus local will often depend on how you define convenience
System components are interconnected and harmonized with the other (internal and external) components, systems, plans, processes, information, and resource decisions toward common action or effort. This is beyond congruence and is achieved when the individual components of a system operate as a fully interconnected unit.
How we ensure coordination across and through an organization.
Complexity vs. benefit — the system includes only enough complexity as is necessary to meet the stakeholder’s needs. In other words, keep the design as simple as possible and no more while delivering the desired benefits. It often requires looking at the system in new ways.
Keep this in mind as global for the sake of global is not always the right decision.
Knowledge management, with opportunities for reflection and learning (learning loops), is designed into the system. Reflection and learning are built into the system at key points to encourage single- and double-loop learning from experience to improve future implementation and to systematically evaluate the design of the system itself.
Building the right knowledge management into the organization is critical to leverage this model
Pillars of Good System Design for Gloval and Local Process
Utilizing the eQMS to drive
The ideal state when implementing (or improving) an eQMS is to establish global processes and allow system functionality to localize as appropriate.
So for example, every CAPA is the same (identify problem and root cause, create plan, implement plan, prove implementation is effective. This is a global process. However, one wants specific task detail at a lower level, for example GMP sites may care about certain fields more the GCP, medical device has specific needs, etc. These local task level needs can be mainted within one workflow.
The Key is Fit-For-Purpose Fit-for-Use
A fit for purpose process meets the requirements of the organization.
A fit for use process is usable throughout the lifecycle.
Global and localizing processes is a key part of making both happen.