ICH Q12 “Technical and Regulatory Considerations for Pharmaceutical Product Lifecycle Management” was adopted by the ICH in Singapore, which means Q12 is now in Stage 5, Implementation. Implementation should be interesting as concepts like “established conditions” and “product lifecycle management” which sit at the core of Q12 are still open for interpretation as Q12 is implemented in specific regulatory markets.
This draft guidance is now in a review period by regulatory agencies. Which means no public comments, but it will be applied on a 6-month trial basis by PIC/S participating authorities, which include the US Food and Drug Administration and other regulators across Europe, Australia, Canada, South Africa, Turkey, Iran, Argentina and more.
This document is aligned to ICH Q10, and there should be few surprised in this. Given PIC/S concern that “ongoing continual improvement has probably not been realised to a meaningful extent. The PIC/S QRM Expert Circle, being well-placed to focus on the QRM concepts of the GMPs and of ICH Q10, is seeking to train GMP inspectors on what a good risk-based change management system can look like within the PQS, and how to assess the level of effectiveness of the PQS in this area” it is a good idea to start aligning to be ahead of the curve.
“Changes typically have an impact assessment performed within the change control system. However, an impact assessment is often not as comprehensive as a risk assessment for the proposed change.”
This is a critical thing that agencies have been discussing for years. There are a few key takeaways.
The difference between impact and risk is critical. Impact is best thought of as “What do I need to do to make the change.” Risk is “What could go wrong in making this change?” Impact focuses on assessing the impact of the proposed change on various things such as on current documentation, equipment cleaning processes, equipment qualification, process validation, training, etc. While these things are very important to assess, asking the question about what might go wrong is also important as it is an opportunity for companies to try to prevent problems that might be associated with the proposed change after its implementation.
This 8 page document is really focusing on the absence of clear links between risk assessments, proposed control strategies and the design of validation protocols.
The guidance is very concerned about appropriately classifying changes and using product data to drive decisions. While not specifying it in so many words, one of the first things that popped to my mind was around how we designate changes as like-for-like in the absence of supporting data. Changes that are assigned a like-for-like classification are often not risk-assessed, and are awarded limited oversight from a GMP perspective. These can sometimes result in major problems for companies, and one that I think people are way to quick to rush to.
It is fascinating to look at appendix 1, which really lays out some critical goals of this draft guidance: better risk management, real time release, and innovative approaches to process validation. This is sort of the journey we are all on.
Gilbert’s Behavior Engineering Model (BEM) presents a concise way to consider both the environmental and the individual influences on a person’s behavior. The model suggests that a person’s environment supports impact to one’s behavior through information, instrumentation, and motivation. Examples include feedback, tools, and financial incentives (respectively), to name a few. The model also suggests that an individual’s behavior is influenced by their knowledge, capacity, and motives. Examples include training/education, physical or emotional limitations, and what drives them (respectively), to name a few. Let’s look at some further examples to better understand the variability of individual behavioral influences to see how they may negatively impact data integrity.
Good article in Pharmaceutical Online last week. It cannot be stated enough, and it is good that folks like Kip keep saying it — to understand data integrity we need to understand behavior — what people do and say — and realize it is a means to an end. It is very easy to focus on the behaviors which are observable acts that can be seen and heard by management and auditors and other stakeholders but what is more critical is to design systems to drive the behaviors we want. To recognize that behavior and its causes are extremely valuable as the signal for improvement efforts to anticipate, prevent, catch, or recover from errors.
By realizing that error-provoking aspects of design, procedures, processes, and human nature exist throughout our organizations. And people cannot perform better than the organization supporting them.
Human Error Considerations
Define the Scope of Work
·Identify the critical steps
·Consider the possible errors associated with each critical step
and the likely consequences.
·Ponder the "worst that could happen."
·Consider the appropriate human performance tool(s) to use.
·Identify other controls, contingencies, and relevant operating
When tasks are identified and prioritized, and resources
are properly allocated (e.g., supervision, tools, equipment, work
control, engineering support, training), human performance can flourish.
These organizational factors create a unique array of job-site conditions
– a good work environment – that sets people up for success. Human error increases
when expectations are not set, tasks are not clearly identified, and
resources are not available to carry out the job.
The error precursors – conditions that provoke error – are reduced.
This includes things such as:
·Departures from the routine
·Need to interpret requirements
Properly managing controls is
dependent on the elimination of error precursors that challenge the
integrity of controls and allow human error to become consequential.
Apply proactive Risk Management
When risk is properly analyzed we can take appropriate action to
mitigate the risks. Include the criteria in risk assessments:
·Adverse environmental conditions (e.g. impact of gowning,
noise, temperature, etc)
·Confusing displays or controls
Addressing risk through engineering and administrative controls are a
cornerstone of a quality system.
Strong administrative and cultural controls can withstand human error.
Controls are weakened when conditions are present that provoke error.
Eliminating error precursors
in the workplace reduces
the incidences of active errors.
Utilizing error reduction tools as part of all work. Examples
Engineering Controls can often take the place of some of these, for
example second-person verifications can be replaced by automation.
Appropriate process and tools in place to ensure that the
organizational processes and values are in place to adequately support
Because people err and make mistakes, it is all the more important
that controls are implemented and properly maintained.
Feedback and Improvement
Continuous improvement is critical. Topics should include:
·Surprises or unexpected outcomes.
·Usability and quality of work documents
·Knowledge and skill shortcomings
·Minor errors during the activity
·Unanticipated workplace conditions
·Adequacy of tools and Resources
·Quality of work planning/scheduling
·Adequacy of supervision
Errors during work are inevitable. If we strive to understand and
address even inconsequential acts we can strengthen controls and make future
Vulnerabilities with controls can be found and corrected when management
decides it is important enough to devote resources to the effort
The fundamental aim of oversight is to improve resilience to
significant events triggered by active errors in the workplace—that is, to
minimize the severity of events.
Oversight controls provide opportunities to see what is happening, to
identify specific vulnerabilities or performance gaps, to take action to
address those vulnerabilities and performance gaps, and to verify that they
have been resolved.
“Risk: What is it? Prove it, show me” by Larry Litke
At this point I may be a glutton for sessions about risk. While I am fascinated by how people are poking at this beast, and sometimes dismayed by how far back our thinking is on the subject, there may just be an element that at an audit conference I find a lot of the other topics not really aligned to my interests.
Started by covering high level definition of risk and then moved into the IS (001:2015’s risk based thinking at a high level, mostly by reading from the standard.
It is good that succession planning is specifically discussed as part of risk-based thinking.
“Above all it is communication” is good advice for every change.
It is an important point that the evidence of risk-based thinking is the actual results and not a separate thing.
This presentation’s strengths was when it focused on business continuity as a form of risk-based thinking.
“Auditing the Quality System for Data Integrity” by Jeremiah Genest
This year’s Audit Division conference was pretty small. I was in sessions with 10 people and we didn’t fill a medium size ballroom. I’m told this was smaller than in past years and I sincerely hope this will be a bigger conference next year, which is back in Orlando. My daughter will be thrilled, and I may be back just to meet that set of user requirements.
I think this conference could benefit from the rigor the LSS Conference and WCQI apply for presentation development. I was certainly guilty here. But way too many presentations were wall-to-wall text.
A quick overview. The risk-based approach will utilize three factors, data criticality, existing controls, and level of detection.
When assessing current controls, technical controls (properly implemented) are stronger than operational or organizational controls as they can eliminate the potential for data falsification or human error rather than simply reducing/detecting it.
For criticality, it helps to build a table based on what the data is used for. For example:
For controls, use a table like the one below. Rank each column and then multiply the numbers together to get a final control ranking. For example, if a process has Esign (1), no access control (3), and paper archival (2) then the control ranking would be 6 (1 x 3 x 2).
Determine detectibility on the table below, rank each column and then multiply the numbers together to get a final detectability ranking.
Another way to look at these scores:
Multiple above to determine a risk ranking and move ahead with mitigations. Mitigations should be to drive risk as low as possible, though the following table can be used to help determine priority.
High Risk-Potential Impact to Patient Safety or Product Quality
Moderate Risk-No Impact to Patient Safety or Product Quality but Potential Regulatory Risk
Negligible DI Risk
In the case of long-term risk remediation actions, risk reducing short-term actions shall be implemented to reduce risk and provide an acceptable level of governance until the long-term remediation actions are completed.
Relevant site procedures (e.g., change control, validation policy) should outline the scope of additional testing through the change management process.
Reassessment of the system may be completed following the completion of remediation activities. The reassessment may be done at any time during the remediation process to document the impact of the remediation actions.
Once final remediation is complete, a reassessment of the equipment/system should be completed to demonstrate that the risk rating has been mitigated by the remediation actions taken. Think living risk assessment.
Grace Duffy is the keynote speaker. I’ve known Grace for years and consider her a mentor and I’m always happy to hear her speak. Grace has been building on a theme around her Modular Kaizen approach and the use of the OODA Loop, and this presentation built nicely on what she presented at the Lean Six Sigma Conference in Phoenix, at WCQI and in other places.
Audits as a form of sustainability is an important point to
stress, and hopefully this will be a central theme throughout the conference.
The intended purpose is to build on a systems view for preparation for an effective audit and using the OODA loop to approach evolutionary and revolutionary change approaches.
Grace starts with a brief overview of system and process and then from vision to strategy to daily, and how that forms a mobius strip of macro, meso, micro and individual. She talks a little about the difference between Deming and Juran’s approaches and does a little what-if thinking about how Lean would have devoted if Juran had gone to Japan instead of Deming.
Breaking down OODA (Observe, Orient, Decide Act) as “Where
am I and where is the organization” and then feed into decision making.
Stresses how Orient discusses culture and discusses understanding the culture.
Her link to Lean is a little tenuous in my mind.
She then discusses Tom Pearson’s knowledge management model
with: Local Action; Management Action; Exploratory Analysis; Knowledge
Building; Complex Systems; Knowledge Management; Scientific Creativity. Units
all this with system thinking and psychology. “We’re going to share shamelessly because
that’s how we learn.” “If we can’t have fun with this stuff it’s no good.”
Uniting the two, she describes the knowledge management
model as part of Orient.
Puts revolutionary and evolutionary change in light of
Juran’s Breakthrough versus Continuous Improvement. From here she covers
modular kaizen, starting with incremental change versus process redesign. From
there she breaks it down into a DMAIC model and goes into how much she loves
the measure. She discusses how the human brain is better at connections, which
is a good reinforce of the OODA model.
Breaks down a culture model of Culture/Beliefs,
Visions/Goals and Activities/Plans-and-actions influenced by external events
and how evolutionary improvements stem out of compatibility with those. OODA is
the tool to help determine that compatibility.
Discusses briefly on how standardization fits into systems
and pushes a look from a stability.
Goes back to the culture model but now adds idea generation
and quality test with decisions off of it that lead to revolutionary
improvements. Links back to OODA.
Then quickly covers DMAIC versus DMADV and how that is
another way of thinking about these concepts.
Covers Gina Wickman’s concept of visionary and integrator from Traction.
Ties back OODA to effective auditing: focus on patterns and
not just numbers, Grasp the bigger picture, be adaptive.
This is a big sprawling topic for a key note and at times it
felt like a firehose.. Keynotes often benefit from a lot more laser focus. OODA
alone would have been enough. My head is reeling, and I feel comfortable with
this material. Grace is an amazing, passionate educator and she finds this
material exciting. I hope most of the audience picked that up in this big gulp
approach. This system approach, building on culture and strategy is critical.
OODA as an audit tool is relevant, and it is a tool I think we should be teaching better. Might be a good tool to do for TWEF as it ties into the team/workplace excellence approach. OODA and situational awareness are really united in my mind and that deserves a separate post.
After the keynote there are the breakout sessions. As always, I end up having too many options and must make some decisions. Can never complain about having too many options during a conference.
First Impressions: The Myth of the Objective & Impartial Audit
First session is “First Impressions: The Myth of the
Objective & Impartial Audit” by William Taraszewski. I met Bill back at the
2018 World Conference of Quality Improvement.
Bill starts by discussing how subjectivity and first
impressions and how that involves audits from the very start.
Covers the science of first impressions, point to research of bias and how negative behavior weighs more than positive and how this can be contextual. Draws from Amy Cuddy’s work and lays a good foundation of Trust and Competence and the importance in work and life in general.
Brings this back to ISO 19011:2018 “Guidelines for auditing
management systems” and clause 7.2 determining auditor competence placing
personal behavior over knowledge and skills.
Brings up video auditing and the impressions generated from
video vs in-person are pretty similar but the magnitude of the bad impressions
are greater and the magnitude of positive is lower. That was an interesting
point and I will need to follow-up with that research.
Moves to discussing impartiality in context of ISO
19011:2018, pointing out the halo and horn effects.
Discusses prejudice vs experience as an auditor and covers
confirmation bias and how selective exposure and selective perception fits into
our psychology with the need to be careful since negative outweighs.
Moves into objective evidence and how it fits into an audit.
Provides top tips for good auditor first impressions with
body language and eye contact. Most important, how to check your attitude.
This was a good fundamental on the topics that reinforces some basics and goes back to the research. Quality as a profession really needs to understand how objectivity and impartiality are virtually impossible and how we can overcome bias.
Auditing Risk Management
Barry Craner presented on :Are you ready for an audit of your risk management system?”
Starts with how risk management is here to stay and how it is in most industries. The presenter is focused on medical devices but the concepts are very general.
“As far possible” as a concept is discussed and residual risk. Covers this at a high level.
Covers at a high level the standard risk management process (risk identification, risk analysis, risk control, risk monitoring, risk reporting) asking the question is “RM system acceptable? Can you describe and defend it?”
Provides an example of a risk management file sequence that matches the concept of living risk assessments. This is a flow that goes from Preliminary Hazard analysis to Fault Tree Analysis (FTA) to FMEA. With the focus on medical devices talks about design and process for both the FTA and the FMEA. This is all from the question “Can you describe and defend your risk management program?”
In laying out the risk management program focused in on personnel qualification being pivotal. Discusses answering the question “Are these ready for audit?” When discussing the plan asks the questions “Is your risk management plan: documented and reasonable; ready to audit; and, SOP followed by your company?”
When discussing risk impact breaks it down to “Is the risk acceptable or not.” Goes on to discuss how important it is to defend the scoring rubric, asking the question”Well defined, can we defend?”
Goes back and discusses some basic concepts of hazard and harm. Asks the questions “Did you do this hazard assessment with enough thoroughness? Were the right hazards identified?” Recommends building a example of hazards table. This is good advice. From there answer the question “Do your hazard analses yield reasonable, useful information? Do you use it?”
Provides a nice example of how to build a mitigation plan out of a fault tree analysis.
Discussion on FMEAs faultered on detection, probably could have gone into controls a lot deeper here.
With both the PTA and FMEA discussed how the results needs to be defendable.
Risk management review, with the right metrics are discussed at a high level. This easily can be a session on its own.
Asks the question “Were there actionable tasks? Progress on these tasks?”
It is time to stop having such general overviews at conferences, especially at a conference which are not targeted to junior personnel.