Tag: cdmo

Building Digital Trust: How Modern Infrastructure Transforms CxO-Sponsor Relationships Through Quality Agreements

The relationship between sponsors and contract organizations has evolved far beyond simple transactional exchanges. Digital infrastructure has become the cornerstone of trust, transparency, and operational excellence.

The trust equation is fundamentally changing due to the way our supply chains are being challenged.. Traditional quality agreements often functioned as static documents—comprehensive but disconnected from day-to-day operations. Today’s most successful partnerships are built on dynamic, digitally-enabled frameworks that provide real-time visibility into performance, compliance, and risk management.

Regulatory agencies are increasingly scrutinizing the effectiveness of sponsor oversight programs. The FDA’s emphasis on data integrity, combined with EMA’s evolving computerized systems requirements, means that sponsors can no longer rely on periodic audits and static documentation to demonstrate control over their outsourced activities.

Quality Agreements as Digital Trust Frameworks

The modern quality agreement must evolve from a compliance document to a digital trust framework. This transformation requires reimagining three fundamental components:

Dynamic Risk Assessment Integration

Traditional quality agreements categorize suppliers into static risk tiers (for example Category 1, 2, 2.5, or 3 based on material/service risk). Digital frameworks enable continuous risk profiling that adapts based on real-time performance data.

Integrate supplier performance metrics directly into your quality management system. When a Category 2 supplier’s on-time delivery drops below threshold or quality metrics deteriorate, the system should automatically trigger enhanced monitoring protocols without waiting for the next periodic review.

Automated Change Control Workflows

One of the most contentious areas in sponsor-CxO relationships involves change notifications and approvals. Digital infrastructure can transform this friction point into a competitive advantage.

The SMART approach to change control:

  • Standardized digital templates for change notifications
  • Machine-readable impact assessments
  • Automated routing based on change significance
  • Real-time status tracking for all stakeholders
  • Traceable decision logs with electronic signatures

Quality agreement language to include: “All change notifications shall be submitted through the designated digital platform within [X] business days of identification, with automated acknowledgment and preliminary impact assessment provided within [Y] hours.”

Transparent Performance Dashboards

The most innovative CxOs are moving beyond quarterly business reviews to continuous performance visibility. Quality agreements should build upon real-time access to key performance indicators (KPIs) that matter most to patient safety and product quality.

Examples of Essential KPIs for digital dashboards:

  • Batch disposition times and approval rates
  • Deviation investigation cycle times
  • CAPA effectiveness metrics
  • Environmental monitoring excursions and response times
  • Supplier change notification compliance rates

Communication Architecture for Transparency

Effective communication in pharmaceutical partnerships requires architectural thinking, not just protocol definition. The most successful CxO-sponsor relationships are built on what I call the “Three-Layer Communication Stack” which builds a rhythm of communication:

Layer 1: Operational Communication (Real-Time)

  • Purpose: Day-to-day coordination and issue resolution
  • Tools: Integrated messaging within quality management systems, automated alerts, mobile notifications
  • Quality agreement requirement: “Operational communications shall be conducted through validated, audit-trailed platforms with 24/7 availability and guaranteed delivery confirmation.”

Layer 2: Technical Communication (Scheduled)

  • Purpose: Performance reviews, trend analysis, continuous improvement
  • Tools: Shared analytics platforms, collaborative dashboards, video conferencing with screen sharing
  • Governance: Weekly operational reviews, monthly performance assessments, quarterly strategic alignments

Layer 3: Strategic Communication (Event-Driven)

  • Purpose: Relationship governance, escalation management, strategic planning
  • Stakeholders: Quality leadership, senior management, regulatory affairs
  • Framework: Joint steering committees, annual partnership reviews, regulatory alignment sessions

The Communication Plan Template

Every quality agreement should include a subsidiary Communication Plan that addresses:

  1. Stakeholder Matrix: Who needs what information, when, and in what format
  2. Escalation Protocols: Clear triggers for moving issues up the communication stack
  3. Performance Metrics: How communication effectiveness will be measured and improved
  4. Technology Requirements: Specified platforms, security requirements, and access controls
  5. Contingency Procedures: Alternative communication methods for system failures or emergencies

Include communication effectiveness as a measurable element in your supplier scorecards. Track metrics like response time to quality notifications, accuracy of status reporting, and proactive problem identification.

Data Governance as a Competitive Differentiator

Data integrity is more than just ensuring ALCOA+—it’s about creating a competitive moat through superior data governance. The organizations that master data sharing, analysis, and decision-making will dominate the next decade of pharmaceutical manufacturing and development.

The Modern Data Governance Framework

Data Architecture Definition

Your quality agreement must specify not just what data will be shared, but how it will be structured, validated, and integrated:

  • Master data management: Consistent product codes, batch numbering, and material identifiers across all systems
  • Data quality standards: Validation rules, completeness requirements, and accuracy thresholds
  • Integration protocols: APIs, data formats, and synchronization frequencies

Access Control and Security

With increasing regulatory focus on cybersecurity, your data governance plan must address:

  • Role-based access controls: Granular permissions based on job function and business need
  • Data classification: Confidentiality levels and handling requirements
  • Audit logging: Comprehensive tracking of data access, modification, and sharing

Analytics and Intelligence

The real competitive advantage comes from turning shared data into actionable insights:

  • Predictive analytics: Early warning systems for quality trends and supply chain disruptions
  • Benchmark reporting: Anonymous industry comparisons to identify improvement opportunities
  • Root cause analysis: Automated correlation of events across multiple systems and suppliers

The Data Governance Subsidiary Agreement

Consider creating a separate Data Governance Agreement that complements your quality agreement with specific sections covering data sharing objectives, technical architecture, governance oversight, and compliance requirements.

Veeva Summit

Next week I’ll be discussing this topic at the Veeva Summit, where I will bring some organizational learnings on to embrace digital infrastructure as a trust-building mechanism will forge stronger partnerships, achieve superior quality outcomes, and ultimately deliver better patient experiences.

Managing Change Controls Between a CDMO and a Sponsor/MAH

It is crucial for a Marketing Authorization Holder (MAH) to review and approve changes made by a Contract Development and Manufacturing Organization (CDMO) for several important reasons:

Regulatory Compliance

The Market Authorization Holder (MAH) – or the sponsor for pre-commercial GMP manufacturing – bears the primary responsibility for ensuring compliance with the marketing authorization and regulatory requirements throughout the product’s lifecycle. By reviewing and approving CDMO changes, the MAH can:

  • Ensure changes align with the approved marketing authorization
  • Verify that any variations to the marketing authorization are properly submitted to regulatory authorities
  • Maintain oversight of post-approval change management as required by regulations

Before I go any further on the topic I want you to go and read my post Classification of Changes for GMP/GDP. This post will build on that discussion.

Classification of Changes for GMP/GDP

I think it is better for the CDMO to put a lot of thought into this, and the MAH (the client) to evaluate and adapt. For all but the big players, the volume is going to be on the CDMO’s side. But if you are the client and your CDMO hasn’t taken this into account to the appropriate degree, you need to ensure appropriate steps taken. As such the rest of this post will be written from the CDMO’s side, but the same principles apply to the MAH (and should be included in the audit program).

Remember we have three goals:

  • Fulfill our contractual responsibilities
  • Help the MAH maintain appropriate control as the product owner
  • Ensure alignment between both parties on change implementation

The critical requirement here is ensuring the right changes get to the right client so they can be filled the right way. Returning to basics, we are approaching changes as:

Now it’s easy to apply this to product. Create and/or receive the design space and the control space. Everything that falls into a non-established condition does not get reported to the client at time of execution. If it is “Do and Report” is is in the APQR. If it is “Do and Record” they can see it during the audit.

Where a lot of CDMOs trip up here are facility and quality system changes. My recommendation here is the same, define a design space based on the CMC section of the Common Technical Document which basically boils down to:

The CMC (Chemistry, Manufacturing, and Controls) section of a regulatory dossier typically includes the following key facility-related information:

  • Manufacturing Facilities
    • Names and addresses of all manufacturing, testing, and storage facilities involved in production
    • Description of the manufacturing operations performed at each site
    • Floor plans and layouts of production areas
    • Details on utilities and support systems (HVAC, water, gases, etc.)
    • Information on facility design features for contamination control and product protection
  • Equipment
    • List of major production and laboratory equipment
    • Equipment specifications and capacities
    • Cleaning and maintenance procedures for equipment
  • Environmental Controls
    • Description of clean room classifications and environmental monitoring programs
    • Air handling systems and controls
    • Water systems (purified water, water for injection) and controls
  • Material Flow
    • Personnel and material flow diagrams
    • Segregation of operations to prevent cross-contamination
  • Quality Control Laboratories
    • Description of QC lab facilities and equipment
    • Environmental controls in QC labs
  • Storage Areas
    • Description of storage facilities for raw materials, intermediates, and finished products
    • Storage conditions and controls (temperature, humidity, etc.)

There is a whole lot of wiggle room here in things that fall into “Do and Record.” By building this into your change control system you can delineate what goes to to the client and what doesn’t. I recommend sitting down with this list and deciding what types of changes fall into “Tell and Do” – what you ask permission from clients before doing; “Do and Report” – what goes in the APQR; and, “Do and Record” – what the client sees when they audit.

You know have good rules on what changes go to a client for prior approval and which ones do not. This gets codified in two places: the change control process and the quality/technical agreement.

Some other things to build into your change control process:

  1. Documenting when a client requests a change, the reason and the impact on the platform. Remember you have other clients, and more and more CDMO’s are offering a platform, so there needs to be appropriate review and endorsement.
  2. Think through how changes to facility (and other platform elements) are communicated and gated for multiple clients. Have a mechanism to manage client specific activities and to track first-product impacted for multiple products.
  3. Have clear timelines and expectations on change communication and approval with the client in the quality/technical agreement. Hold each other accountable.
  4. Have contingency plans. There will always be that one client who will be in shortage if you make that urgent change just when you want/need to.
  5. Have a method for evaluating requested changes to the change plan by clients and making decisions around it. There will be that one client who doesn’t agree or wants something weird that disagrees with what all the other clients want.
  6. Have rules in place to manage changes inactive for long periods or extensions specific for those changes that rise to client approval. These will have a different flow than internal changes.

I’ve used a bit of commercial headspace for this post, relying on the APQR. For clinical processes, product tends to fall into campaign-mindset, so “Do and Report” ends up being more a clinical campaign change report than an APQR.

Deviation Review for CxO – Best Practice

Regulatory agencies have continually continued to make it clear that when a Contract Manufacturing Organization (CMO) or Contract Research Organization (CRO) experiences a deviation, the sponsor/Marketing Authorization Holder (MAH) has several key responsibilities:

  1. Review the deviation: The sponsor must thoroughly review the deviation to ensure it was appropriately defined and investigated. This review is crucial as the sponsor cannot delegate their responsibility to ensure the drug product is safe, effective, and conforms to specifications and regulatory commitments.
  2. Assess product impact: The sponsor should ensure that the CMO has properly assessed the impact of the deviation on the product. This includes evaluating whether the deviation affected material quality, safety, or efficacy.
  3. Verify appropriate material control: It’s the sponsor’s responsibility to ensure the CMO has appropriately controlled the affected material and extended this control to any other potentially affected materials.
  4. Make disposition decisions: Ultimately, the sponsor is responsible for deciding whether the product should be released, reprocessed, or rejected. This decision is especially critical if the deviation affected material in clinical trials.
  5. Oversee corrective and preventive actions: The sponsor should understand how the CMO’s corrective and preventive action (CAPA) system operates and ensure appropriate measures are taken to prevent recurrence of the deviation.
  6. Maintain oversight: While the quality agreement defines the CMO’s responsibilities, the sponsor retains 100% oversight, including executed batch record review, change control, and deviation review and approval.
  7. Risk-based approach: For major or critical deviations, sponsors should employ a risk-based approach to assess the severity and potential impact.

To simplify the deviation notification process with a Contract Organization (CxO), sponsors and can implement several strategies:

Clear Communication and Documentation

  1. Establish a Well-Defined Quality Agreement: Create a comprehensive quality agreement that clearly outlines the deviation notification process, including timelines, classification criteria, and reporting requirements.
  2. Implement Standardized Templates: Develop and provide standardized templates for deviation reporting to ensure consistency and completeness of information.
  3. Set Clear Notification Timelines: Agree on specific timelines for different deviation categories. For example, critical and major deviations should be reported within one business day.

Risk-Based Approach

  1. Adopt a Quality Risk Management (QRM) Mindset: Approach the partnership with a focus on risk management, ensuring that both parties understand the potential impact of deviations on product quality and patient safety.
  2. Calibrate Risk Classification: Align the deviation classification system between the sponsor and CxO to avoid discrepancies in severity assessment.

Streamlined Processes

  1. Utilize Electronic Quality Management Systems: Implement digital tools to facilitate real-time reporting and tracking of deviations, improving efficiency and transparency. Yes, the sponsor should be taking a risk based approach to tracking deviations in their eQMS that captures the important sponsor/MAH decision making.
  2. Define Clear Roles and Responsibilities: Clearly delineate who is responsible for each step of the deviation management process, from identification to reporting and investigation.

Training and Support

  1. Provide Comprehensive Training: Ensure that CxO staff are well-trained on the sponsor’s quality expectations, deviation reporting procedures, and the use of any specific tools or systems.
  2. Offer Ongoing Support: Establish a dedicated point of contact or support team to assist the CxO with questions or issues related to deviation reporting.

Regular Review and Improvement

  1. Conduct Periodic Reviews: Schedule regular meetings to review the deviation notification process, discuss any challenges, and identify areas for improvement.
  2. Encourage Open Dialogue: Foster an environment where the CMO feels comfortable reporting issues promptly without fear of punitive action.

I strongly believe that a CxO needs to implement these strategies (do not put it only on the MAH’s shoulders) as part of their client onboarding and management process to create a more efficient and effective deviation notification process. This approach not only simplifies the process but also ensures that critical quality information is communicated promptly and accurately, ultimately contributing to better product quality and regulatory compliance. Add some value and don’t make the sponsor beg for information.