Tag: accountability

The GAMP5 System Owner and Process Owner and Beyond

Defining the accountable individuals in a process is critical. In GAMP5, the technical System Owner role is distinct from the business Process Owner role, which focuses more on the system’s business process and compliance aspects.

The System Owner

The System Owner is responsible for the computerized system’s availability, support, and maintenance throughout its lifecycle. The System owner is the technical side of the equation and is often an IT director/manager or application support manager. Key responsibilities include:

  • Defining, reviewing, approving, and implementing risk mitigation plans
  • Ensuring technical requirements are documented
  • Managing change control for the system
  • Conducting evaluations for change requests impacting security, maintainability, data integrity, and architecture
  • Performing system administration tasks like user and privilege maintenance
  • Handling system patching, documentation of issues, and facilitating vendor support

Frankly, I think too many organizations make the system owner too low level. These lower-level individuals may perform system admin tasks and handle systems patching, but the more significant risk questions require extensive experience.

The System Owner focuses on the technical aspects of validation and ensures adequate procedural controls are in place after validation to maintain the validated state and protect data integrity.

The system owner requires learning and understanding new products and complex system architectures. They are the architect and need to be in charge of the big picture.

The Process Owner

In the context of GAMP5, a Process Owner plays a crucial role in the lifecycle management of computerized systems used in regulated industries such as pharmaceuticals and biotechnology. The Process Owner is ultimately accountable for the system’s implementation, validation, and ongoing compliant use.

I’ve written a lot about Process Owners. This use of process owner is 100% aligned with previous thinking.

Key Responsibilities of a Process Owner

  1. System Implementation and Validation: The Process Owner ensures the system is implemented and validated according to regulatory requirements and company policies. This includes overseeing the creation and maintenance of validation documentation and ensuring the system meets its intended use.
  2. Ongoing Compliance and Maintenance: The Process Owner must ensure the system remains validated throughout its lifecycle. This involves regular reviews, updates, and maintenance activities to ensure continued compliance with regulatory standards.
  3. Data Integrity and Quality: As the data owner maintains the system, the Process Owner is responsible for its integrity, administration, operation, maintenance, and decommissioning. They must ensure that data integrity and quality requirements are met and maintained.
  4. Decision-Making Authority: The Process Owner should be at a level within the organization that allows them to make business and process decisions regarding the system. This often includes roles such as operations director/manager, lab manager, or production manager.
  5. Collaboration with Other Teams: The Process Owner must collaborate with various teams, including Quality (QA), IT, Computer System Validation (CSV), training, HR, system vendors, and system development teams, to ensure that all necessary compliance activities are performed and documented promptly.

Skills and Knowledge Required

  • Detailed Understanding of the System: The Process Owner should have a comprehensive understanding of the system, its purpose, functions, and use within the organization.
  • Regulatory Knowledge: A good grasp of regulatory requirements is crucial for ensuring the system complies with all relevant guidelines and standards.
  • Validation Practices: The Process Owner will sign off on validation documents and ensure that the system is fit for its intended use.

Comparison with the Molecule Steward

While the Molecule Steward, the ASTM E2500 SME role, is not directly equivalent to the GAMP 5 roles, it shares some similarities with both the system owner and process owner, particularly in terms of specialized knowledge and involvement in critical aspects of the system. It’s best to think of the Molecule Steward as the third part of this triad, ensuring the robustness of the scientific approach.

System OwnerProcess OwnerMolecule Steward
Primary FocusTechnical aspects and maintenance of the systemBusiness process and compliance aspectsSpecialized knowledge of critical aspects
Typical RoleIT director/manager or application support managerHead of functional unit or department using the systemSubject matter expert in specific field
Key Responsibilities– System availability, support, and maintenance
– Data security
– Risk mitigation plans
– Technical requirements documentation
– Change control management
– Evaluating change requests		– Overall system integrity and compliance
– Data ownership
– User requirements definition
– SOP development and maintenance
– Ensuring GxP compliance
– Approving key documentation
– User training		– Defining system needs
– Identifying critical aspects
– Leading quality risk management
– Developing verification strategies
– Reviewing system designs
– Executing verification tests
ExpertiseStrong technical backgroundBusiness process knowledgeSpecialized technical knowledge
AccountabilitySystem performance and securityBusiness use and regulatory complianceCritical aspects impacting product quality and patient safety
Involvement in ValidationFocuses on technical validation aspectsEnsures validation meets business needsLeads verification activities
Comparison of SO, PO and ASTM E2500 SME

Scale of the System

People make the system too small here. This isn’t equipment A or computer system X. It’s the entire system that produces result Y. For example, it is the manufacturing process for DS (or upstream DS), not the individual bioreactors. Lower-level assistants can help with wrangling, but there should be overall accountability. The system, process, and ASTM E2500 SME must have the power in the organization to be truly accountable.

The Role of Quality

The Quality Unit is responsible for ensuring the right process and procedure are in place, that regulatory requirements are met, and that the system is fit for use and fit for purpose. The Quality Unit in GAMP5 is crucial for ensuring the safety, efficacy, and regulatory compliance of pharmaceutical products and computerized systems.

  1. Ensuring Compliance and Product Quality: Quality is vital in ensuring that computerized systems used in pharmaceutical manufacturing meet regulatory requirements and consistently produce high-quality products. The Quality Unit helps organizations maintain high-quality standards in the various processes.
  2. Risk Management: The Quality Unit champions a science-based risk management approach to system validation and qualification. Quality ensures the identification and assessment of potential risks.
  3. Lifecycle Approach: The Quality Unit ensures that validation activities are conducted throughout the system’s lifecycle, from concept to retirement.
  4. Documentation and Traceability: The Quality Unit oversees comprehensive documentation and traceability throughout the system’s lifecycle. Detailed records enable transparency, facilitate audits, and demonstrate compliance with regulatory requirements.
  5. Change Management: The Quality Unit evaluates and controls system changes to ensure that modifications do not compromise product quality or patient safety.
  6. Data Integrity: Quality is crucial in maintaining data integrity and ensuring records’ accuracy, reliability, and completeness.
  7. Supplier and Internal Audits: Quality regularly audits suppliers and internal processes to ensure compliance and quality. These audits help identify gaps and areas for improvement in system development, implementation, and maintenance.

Beyond GAMP5

I consider this the best practice for handling an ASTM E2500 approach.

Compassionate Accountability

Compassionate accountability involves maintaining a balance between showing empathy and understanding toward employees while holding them responsible for their tasks and performance. This approach fosters a supportive yet results-driven work environment.

Key Principles

Clear Expectations: Establishing clear expectations is foundational. Ensure that each team member understands their role, responsibilities, and goals. This clarity fosters a sense of direction and purpose, promoting accountability.

Compassionate Coaching: Provide frequent, low-impact coaching and feedback to help team members overcome challenges and grow. This approach allows leaders to offer support without taking away the team members’ ownership of responsibility.

Psychological Safety: Create an environment where team members feel safe taking risks, admitting mistakes, and learning from them. This fosters a culture of trust and collaboration, ultimately leading to better business outcomes.

Empathy and Understanding: Understand each team member’s unique needs, challenges, and aspirations. Use one-on-one meetings to build rapport and tailor your management approach to accommodate individual differences.

Constructive Feedback: Provide feedback constructively, focusing on growth rather than blame. This promotes a learning mindset and helps employees see mistakes as opportunities for development.

Lead by Example: Demonstrate the values and behaviors you expect from your team. In your actions, model compassion and accountability, showing that these qualities are not mutually exclusive but complementary.

    Practical Strategies

    Setting Clear Expectations

    • Communicate Goals and Roles: Clearly communicate goals, roles, and responsibilities to prevent misunderstandings and ensure that everyone knows what is expected of them.
    • Transparent Communication: Be transparent about the challenges and obstacles the team might face. Work together to brainstorm solutions and anticipate challenges.

    Providing Support and Feedback

    • Regular Check-ins: Conduct regular check-ins to understand your team members’ challenges and provide timely feedback. This helps in addressing issues before they escalate.
    • Celebrate Efforts and Results: Recognize and celebrate both efforts and results. This helps maintain motivation and reinforce positive behaviors.

    Fostering a Collaborative Environment

    • Encourage Collaboration: Foster a culture of collaboration and support among team members. Encourage them to help each other and share knowledge.
    • Joint Accountability: Create an environment of joint accountability where team members can rely on each other for help and show care for one another instead of blaming.

    Balancing Compassion and Accountability

    • Empathy as a Foundation: Use empathy to understand your team’s strengths and guide them toward growth. Empathy helps build trust and makes difficult conversations easier.
    • Accountability with Compassion: Hold team members accountable in a way that demonstrates care and support. This involves being honest about performance issues while providing the necessary support to overcome them.

    Continuous Improvement

    • Reflect and Adapt: Continuously reflect on your approach’s outcomes and adapt as necessary. Seek feedback from your team and be open to making changes that enhance compassion and accountability.

    Acountable People

    We tend to jumble forms of accountability in an organization, often confusing between a people manager and a technical manager. I think its very important to differentiate between the two.

    People managers deal with human resources and team dynamics, while technical managers deal with managing design, execution, and improvement. They can be the same person, but we need to recognize the differences and resource appropriately. Too often we blur the two roles and as a result neither is done well.

    I’ve talked on this blog about a few of the technical manager types: Process Owners, the ASTM E2500 SME/Molecule Steward, and Knowledge Owners. There are certainly others out there. In the table below I added two more for comparison:

    • a qualified person from OSHA, because I think this is a great generic look at the concept
    • The EU Qualifed Person. Industry relevant and one that often gets confused in execution.
    AspectQualified Person (OSHA Definition)Qualified Person (EU)Knowledge OwnerASTM E2500 SMEProcess Owner
    Primary FocusEnsuring compliance with safety standards and solving technical problemsCertifying that each batch of a medicinal product meets all required provisionsManaging and maintaining knowledge within a specific domainEnsuring manufacturing systems meet quality and safety standardsManaging and optimizing a specific business process
    Key ResponsibilitiesSolve or resolve problems related to the subject matter, work, or projectCertify batches meet GMP and regulatory standardsMaintain and update knowledge baseDefine system needs and identify critical aspectsDefine process goals, purpose, and KPIs
    Design and install systems to improve safetyEnsure compliance with market authorization requirementsValidate and broadcast new knowledgeDevelop and execute verification strategiesCommunicate with key players and stakeholders
    Ensure compliance with laws and standardsOversee quality control and assurance processesProvide training and supportReview system designs and manage risksAnalyze process performance and identify improvements
    May not have the authority to stop workConduct audits and inspectionsMonitor and update knowledge assetsLead quality risk management effortsEnsure process compliance with regulations and standards
    Skills RequiredTechnical expertise in the areaDegree in pharmacy, biology, chemistry, or related fieldSubject matter expertise in specific knowledge domainTechnical understanding of manufacturing systems and equipmentLeadership and communication skills
    Certification, degree, or other professional recognitionSeveral years of experience in pharmaceutical manufacturingAnalytical and validation skillsRisk management and verification skillsAnalytical and problem-solving skills
    Ability to solve technical problemsRegistered with the competent authority in the EU member stateTraining and support skillsContinuous improvement and change management skillsAbility to define and monitor KPIs
    AuthorityAuthority to design and install safety systemsAuthority to certify batches and ensure complianceAuthority over knowledge management processes and contentAuthority to define and verify critical aspects of systemsAuthority to make decisions and implement changes in the process
    Interaction with OthersCollaborates with production and quality control teamsWorks with quality control, assurance, and regulatory teamsWorks with various departments to ensure knowledge is shared and utilizedCollaborates with project stakeholders and engineering teamsCommunicates with project leaders, process users, and other stakeholders
    Examples of ActivitiesReviewing batch documentation and certifying productsCertifying each batch of medicinal products before releaseValidating new knowledge submissionsConducting quality risk analyses and verification testsDefining process objectives and mission statements
    Ensuring compliance with GMP and regulatory standardsEnsuring compliance with GMP and regulatory standardsProviding training on knowledge management systemsReviewing system designs and managing changesMonitoring process performance and compliance
    Overseeing investigations related to quality issuesOverseeing quality control and assurance processesUpdating and maintaining knowledge databasesLeading continuous improvement effortsIdentifying and implementing process improvements
    Industry ContextPrimarily in construction, manufacturing, and safety-critical industriesPharmaceutical and biotechnology industries within the EUApplicable across various industries, especially information-heavy sectorsPrimarily in pharmaceutical and biotechnology industriesApplicable in any industry with defined business processes
    Comparison table
    • Qualified Person (OSHA Definition): Focuses on ensuring compliance with safety standards and solving technical problems. They possess technical expertise and professional recognition and are responsible for designing and installing safety systems.
    • Qualified Person (EU): Ensures that each batch of medicinal products meets all required provisions before release. They are responsible for compliance with GMP and regulatory standards and must be registered with the competent authority in the EU member state.
    • Knowledge Owner: Manages and disseminates knowledge within an organization. They ensure that knowledge is accurate, up-to-date, and accessible, and they provide training and support to facilitate knowledge sharing.
    • ASTM E2500 SME: Ensures that manufacturing systems meet quality and safety standards. They define system needs, develop verification strategies, manage risks, and lead continuous improvement efforts.
    • Process Owner: Manages and optimizes specific business processes. They define process goals, monitor performance, ensure compliance with standards, and implement improvements to enhance efficiency and effectiveness.

    Common Themes

    Subject Matter Expertise

    • All roles require a high level of subject matter expertise in their respective domains, whether it’s technical knowledge, regulatory compliance, manufacturing processes, or business processes.
    • This expertise is typically gained through formal education, certifications, extensive training, and practical experience.

    Ensuring Compliance and Quality

    • A key responsibility across these roles is ensuring compliance with relevant laws, regulations, standards, and quality requirements.

    Risk Identification and Management

    • These roles are all responsible for identifying potential risks, hazards, or process inefficiencies.
    • They are expected to develop and implement strategies to mitigate or eliminate these risks, ensuring the safety of operations and the quality of products or processes.

    Continuous Improvement and Change Management

    • They are involved in continuous improvement efforts, identifying areas for optimization and implementing changes to enhance efficiency, quality, and knowledge sharing.
    • They are responsible for managing change processes, ensuring smooth transitions, and minimizing disruptions.

    Authority and Decision-Making

    • Most of these roles have a certain level of authority and decision-making power within their respective domains.

    Collaboration and Knowledge Sharing

    • Effective collaboration and knowledge sharing are essential for these roles to succeed.

    While these roles have distinct responsibilities and focus areas, they share common goals of ensuring compliance, managing risks, driving continuous improvement, and leveraging subject matter expertise to achieve organizational objectives and maintain high standards of quality and safety. They are more similar than dissimilar and should be looked at holistically within the organization.

    Accountability does not go away to be Psychologically Safe

    A common and distorted application of psychological safety is that it is somehow a shield from accountability. Non-performing employees tend to invoke it as an excuse for poor performance, insisting that a focus on psychological safety means valuing people and building relationships. That’s true, but stretching the premise, they claim that we should give them a pass when they don’t perform.

    The flawed logic seems to be along the lines of because we may have used fear and intimidation, command and control, and manipulative and coercive tactics with people in the past, in an attempt to hold folks accountable, we must shed the artifacts that drive accountability in order to have an environment of psychological safety.

    In my experience, this is especially prevalent when discussing metrics around overdue quality systems records and training. How to discuss what is late, can you even publish a list of folks with overdue training?

    I want to be very clear, psychological safety is not a kind of diplomatic immunity from having to deliver results. It is not a shield from accountability.

    Being held accountable can be looked at as transparency in progress. Psychological safety allows us to be vulnerable and to trust that the organization will take the problems seriously and address them.

    Common Ownership Challenges

    Process Ownership Challenges

    Governance and ownership challenges often arise in an organization for four reasons:

    1. Business stakeholders who resist assuming ownership of their own processes, data and/or knowledge, or have balkanized/siloed accountability
    2. Turf wars or power struggles between groups of stakeholders
    3. Lack of maturity in one or more areas
    4. Resistance to established governance rules

    The Business Struggles with Accountability

    Processes often have a number of stakeholders, but no apparent owners. This results in opportunity costs as compulsory process changes (e.g. legislative requirements, systems capacity, or company structural changes) or process improvements are not implemented because the business process owner is unaware of the change, or no clear business process owner has been identified which leads to an increase in risk.

    Sometimes processes have a number of stakeholders who all think they are the owners of parts of the process or the whole process. When this overlap happens, each supposed owner often identifies their own strategy for the process and issues their own process change instructions to conform to their understanding of the purpose of the business process. These conflicting instructions lead to frustration and confusion by all parties involved.

    Lack of accountability in process and system leads to inefficient processes, organizational disharmony, and wasted energy that can be better spent on process improvements.

    Turf Wars

    Due to silo thinking there can be subdivided processes, owned by different parts of the organization. For example, count how many types of change control your organization has. This requires silos to be broken down, and this takes time.

    Lack of Maturity

    Governance is challenging if process maturity is uneven across the organization.

    Failure to Adhere to Governance

    It can be hard to get the business to apply policy and standard consistently.