I am a huge fan of a SIPOC which stands for suppliers-inputs-process-outputs-customers. A SIPOC diagram is a quick broad overview of all the elements of a process and serves as a great visual scope.
Start with the process
Provide the key steps of the process in the middle column
and briefly describe its key steps. A
SIPOC diagram is a high-level process map and is designed to get a birds-eye
overview of the process. Do not include decision points or feedback loops.
Identify the outputs of the process
Focus on the key outputs of the process. In this step, write
down the three or more main outputs. Use nouns for the most part and avoid
categorizing your outputs into good or bad ones – that’s not the point of the
Identify the customers
List the people who benefit from the process. These don’t
have to be the literal “customers.” E.g., if you are working on a diagram for
an internal process, the “customers” are your coworkers. Think of who benefits
from this process. Who would be upset if the process is not complete?
List the inputs for the process
List the inputs required for the process to function
properly. Just like with every previous step, focus on the most important ones.
Three to six main inputs should do.
Identify the suppliers of the inputs
List the suppliers based on what inputs the process uses. Be
sure to mention any specific suppliers whose input has a direct influence on
Google does not share search terms for privacy reasons, so it is rare that a search term stands out on my blog.
So here you go.
This is purposefully a high level process.
Quality Review of Records: Batch Record, Packaging Record, the like
Lot Assessment: Evaluation of deviations, of change control and test results; but also of other inputs such as Critical Utilities and Environmental Monitoring Review. Ideally a holistic view.
Lot Disposition: Decision that the product meets all requirements of the GMPs and the market authorization.
Some important regulatory requirements:
United States: 21 CFR 211.22(a); 211.22(d)
EU: 1.4(xv); 1.9(vii); EU Annex 16
World Health Organization: Annex 3-GMP 1.2(g); Annex 3-GMP 9.11, 9.13, 9.15
One of the drivers for digital transformation, and a concept at route of the ICHs, is the idea of release by exception. Our systems will be tight enough, our design space robust enough, that most products are automatically released and sent into the market.
“If it isn’t documented, it didn’t happen” is an often-repeated and heavily loaded phrase. One that I want to unpack in a lot of ways on this blog.
Here I want to focus on the interaction between change management and document control, as I think the two are closely intertwined, and that close relationship can confuse you.
Change Management is all about how we assess, control and release our changes. Document control is how we create, review, modify, issue, distribute & access documents. Document control is part of knowledge management (an enabler of the enabler), it is a tool for change control, and is often a deliverable, but it is important to understand that change management is broader than document control, and the principles of change management should enwrap and permeate a document control system.
Let’s start with a SIPOC.
Change Management here is all about the how of the change:
Assess – What is the impact of our changes
Handle – Implementing our changes
Release- Using the change
All three of these are a risk-based approach, the amount of effort and rigor depends on how risky the change is. There are a few principles to keep in mind when developing that risk-based approach:
Changes come in different sizes
Keep your type of change control mechanisms to a manageable minimum.
Have a consistent way of performing that assessment and moving between your change control mechanisms.
When I review 483s and other inspection trends one of the consistent areas is changes not going through a rigorous enough change management. They faltered on assessment, handling and/or release. It is pretty easy to put everything in the document control system and then miss a lot. (For example, those specification changes that don’t end up being filed in all appropriate markets).
So what do I recommend?
Ensure change management sits around and through document control. Build a set of standardized decision-making principles that allow a document revision to end up in the right size change control process (which can just be a document change) and then ensure there is a way to document and review those decisions. This allows us to drive continuous process improvements in this decision making.
Always start with a SIPOC is a mantra many of us steeped in Six Sigma have heard a lot. There is some truth to having a good visual diagram that helps define a system or project. As this blog will be discussing change management and change control quite a bit, here is a SIPOC that governs change control.
This SIPOC represents change control from the perspective of a pharmaceutical manufacturing plant. But this will apply to many manufacturing industries, though the focus on regulatory might shift.