©2004 Deloitte Development LLC. All rights reserved. 2004 Pharmaceutical Regulatory and Compliance Congress Beyond Compliance 2.04 Product Quality and.

Slides:



Advertisements
Similar presentations
Radiopharmaceutical Production
Advertisements

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
Internal Control–Integrated Framework
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Chapter 10 Accounting Information Systems and Internal Controls
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
Criminal Justice Organizations: Administration and Management
Introduction to Enterprise Risk Management (ERM)
©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
 DB&A, Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.
What’s New in the FDA’s Pharmaceutical Inspectorate and Risk Based Systems Inspection Rick Perlman Chair Food, Drug, and Cosmetic Division ASQ.
Implementing SMS in Civil Aviation: the Canadian Perspective.
Laboratory Personnel Dr/Ehsan Moahmen Rizk.
IT Governance and Management
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
The Australian/New Zealand Standard on Risk Management
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
Purpose of the Standards
Industry Coalition on 21 CFR Part 11 Recommendations for Achieving Compliance with the Electronic Records and Electronic Signatures Regulation.
Manufacturing Subcommittee of the Advisory Committee for Pharmaceutical Science July 20-21, 2004 Ajaz S. Hussain, Ph.D. Deputy Director Office of Pharmaceutical.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
11/2/991 CDER’s 21 CFR Part 11 Implementation Study Greg Brolund Associate Director, Office of Information Technology, CDER/FDA.
FDA’s Perspective Continued - Where We Are ?. GMP Task Groups.
MGT-555 PERFORMANCE AND CAREER MANAGEMENT
Internal Auditing and Outsourcing
Executive summary prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY RISK MANAGEMENT.
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
MethodGXP The Solution for the Confusion.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
ISMMMO, Antalya April Internal Audit, Best Practices Özlem Aykaç, CIA,CCSA CAE Coca-Cola İçecek.
Security and Privacy Services Cloud computing point of view October 2012.
1 IS 8950 Managing and Leading a Networked IT Organization.
Implementing and Auditing Ethics Programs
Colorado Springs Utilities Environmental Services Functional Assessment Presentation for the American Public Power Association’s 2001 Engineering & Operations.
1 Directorate of Industry Relations, Analysis and Policy (DIRAP) Paul Herring, Director “CASE FOR CANADIAN DEFENCE INDUSTRIAL POLICY” 27 February 2012.
FDA Docket No. 2004N-0133 Themes for Renewal of 21 CFR Part 11 Rule & Guidance by Dr. Teri Stokes, GXP International
Ajaz S. Hussain, Ph.D. Deputy Director Office of Pharmaceutical Science, CDER, FDA ACPS Subcommittee on Manufacturing Science: Identification and Prioritization.
Internal Control in a Financial Statement Audit
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 PAT and Biological Products Tom Layloff FDA-SGE Management Sciences for Health The views expressed here are those of the author and not necessarily.
PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.
FDA’s Perspective on the “Pharmaceutical cGMPs for the 21st Century” Initiative David J. Horowitz, Esq. Director, CDER/FDA, Office of Compliance Advisory.
A Focus on CME and Grants Nancy Coddington, PhD Senior Director, Compliance Operations AstraZeneca Pharmaceuticals LP And Terry Hisey Deputy Managing Principal.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Connecting the Dots A Practical Approach to Integrating Compliance, Risk and Quality Jody Ann Noon RN, JD Partner Health Care Regulatory Practice.
FDA Public Meeting on Electronic Records and Signatures June 11, 2004 Presentation of the Industry Coalition on 21CFR Part 11 Alan Goldhammer, PhD Chair.
Chapter 7 Developing a Core Knowledge Framework
Example Incident Mgmt Initiation No recording of Incidents Users can approach different departments Solutions of previous incidents are not available.
MDIC 1 George Serafin Deloitte & Touche LLP MDIC Open Forum Quality System Maturity Model Update.
2015 Pipeline Safety Trust Conference November 20 th, 2015 | New Orleans, LA API RP 1175 Pipeline Leak Detection Program Management – New RP Highlights.
Progress in FDA’s Drug Product Quality Initiative Janet Woodcock, M.D. November 13, 2003.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
ITIL VS COBIT 06 PLM - Group 9
CDER / Office of Compliance ACPS October 5, 2006 Joseph C. Famulare Acting Deputy Director Office of Compliance CDER / FDA.
1 A Seminar On Pharmaceutical Outsourcing A Seminar On Pharmaceutical Outsourcing.
Examining Drug Quality Regulation Douglas C. Throckmorton, MD Deputy Director Center for Drug Evaluation and Research Public Meeting on 21 CFR February,
Provost’s Report Global Penn State: Our Ongoing Efforts to Be a Truly Global University Dr. Nicholas P. Jones Meeting of the Board of Trustees Friday,
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Data Minimization Framework
Identify the Risk of Not Doing BA
Quality System.
Define Your IT Strategy
Radiopharmaceutical Production
Presentation transcript:

©2004 Deloitte Development LLC. All rights reserved Pharmaceutical Regulatory and Compliance Congress Beyond Compliance 2.04 Product Quality and Organizational Compliance Michael Breggar Director, Life Sciences & Health Care Regulatory Practice Deloitte & Touche LLP November 16, 2004

Copyright © 2004 Deloitte Development LLC. All rights reserved. 1 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress FDA’s Changing Perspective FDA has recently begun changing its approach, lending additional value to an upfront investment in problem avoidance rather than remediation FDA moving to more of a risk-based approach* –Focuses more agency resources on identified risk companies –Strongly encourages upfront investment in IT quality systems to avoid appearing to FDA as “high risk” company- stay off the radar! –Risk avoidance investment helps minimize the experience of some companies-- enduring multi-month/year reviews and intense scrutiny FDA replacing traditional “validation task” focus with a quality systems management (QSM) approach –Reviews focusing on overall quality systems management framework; assumption is robust QSM infers quality and compliance across company –Validation tasks still required but will be less focus These points highlight the large gaps many companies have today in the areas of QSM and selected system compliance requirements; risks exist but can be effectively managed through an appropriate investment *Source: USFDA Pharmaceutical cGMPs for the 21st Century: A Risk-Based Approach

Copyright © 2004 Deloitte Development LLC. All rights reserved. 2 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress cGMP Guidance (Pharmaceutical) –“Systems should be appropriately qualified and validated …” –“GMP-related computerized systems should be validated. The depth and scope of validation depends … on your assessment of risk…” cGMP Guidance (Devices) –“Alternative approaches that accomplish full compliance with the quality system regulation are acceptable. While it is clearly intended for medical device manufacturers, the guidance may also be useful to the pharmaceutical industry and other industries regulated by FDA.” –General Principals of Software Validation; Final Guidance to Industry and Staff –The FDA is changing and trying to move industry along with them. –“For processes that are well understood, opportunities exist to develop less restrictive regulatory approaches to manage change. Thus, a focus on process understanding can facilitate risk-based regulatory decisions and innovation.” –FDA PAT Guidance (08/2003) FDA Regulations/Guidance – Computer Systems

Copyright © 2004 Deloitte Development LLC. All rights reserved. 3 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress FDA Regulations/Guidance Risk Management is the systematic application of management policies, procedures, practices to the tasks of: –Analyzing risk –Evaluating risk –Controlling risk –Communicating risk (new) Part 11 Guidance regarding validation –Must comply with predicate rules –If no predicate rule requirements, base validation scope decisions on: Any predicate rule requirements for accuracy and reliability of the RECORDS contained in the system. A justified and documented risk assessment A determination of the potential (likelihood) of the system to affect product quality and safety, and record integrity. Since risk can be measured and quantified, it can be factored into your overall business strategy.

Copyright © 2004 Deloitte Development LLC. All rights reserved. 4 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress Current Environment Many Companies are faced with appreciation and understanding of compliance as inconsistent and creating unrealistic (or unknown) expectations “Validation and Change Control policies and procedures are inconsistent across [the divisions] and their interface with [any one specific division]” “The current organization facilitates no consistent Quality Standards” “Our various divisions contain fragmented ownership and understanding of Quality and validation. This leads to inconsistent expectations at our department by the various divisions” “Many small and proprietary applications and systems exist within the company … with little or no known documentation. This also creates enormous issues in regards to Sarbanes” “Most regulated systems were validated independently by a department. These regulated systems currently operate under separate change control and quality policies.” “Nothing is standard … or managed standardly.”

Copyright © 2004 Deloitte Development LLC. All rights reserved. 5 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress Approaching Compliance and Quality as Business Risk (an Information Management example) Many companies have recognized the need to leverage system compliance across business units: the “IM Quality and Compliance Program”. IM “reputation” … missed schedules, over budget, systems do not meet requirements FDA requirements for current projects Sarbanes-Oxley requires similar controls, oversight and planning “Compliance” has been previously been defined inconsistently within the organization; though its scope is much broader as regulatory needs are introduced –Validation –Quality control and assurance practices –21 CFR Part 11 –21 CFR 210 and 211 –21 CFR 820 (Quality System Regulations) –Sarbanes-Oxley –ISO standards –Security and Access standards –Internal corporate policy standards Process Excellence and Six Sigma initiatives within business departments… will require more of IM (performance, resources, $, etc.) Unless fully integrated, the compliance costs (meeting proper standards) could exceed % of total installed costs.* * Current industry estimates (ISPE, GAMP)

Copyright © 2004 Deloitte Development LLC. All rights reserved. 6 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress Decentralized Approaches Create Inconsistencies Differing standards and approaches to validation such as –Vendor supplied pre-certification of validation / compliance (poor idea) –System owner’s interpretation of GxP guidelines (poor – good idea) –Structured approach based on Corporate standards and formalized SOPs (excellent idea!) Documentation is not always accessible –Components of validation documentation may be stored in multiple places –No standard approach to CSV document management –No change control over CSV documentation Computerized environment may be perceived to be out of control –Inventory of systems can grow without organizational awareness –Complex network of responsibilities for system compliance and validation Inconsistent interpretation of regulatory requirements –Differing standards for security, archiving, signatures and procedural documentation –Differing standards for which applications need to be validated

Copyright © 2004 Deloitte Development LLC. All rights reserved. 7 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress … and Inconsistencies can result in risk FDA’s interest in Computer Systems Validation, etc. –Part 11 and relationship to CSV “Bad” business practices –Data security and reliability –Ability to produce data for audits and internal reviews Inefficient processes –Time spent debating ‘what and how’ for validation on each system –Excessive validation for some systems –Delayed implementations caused by poor validation planning –Redundant efforts attempting to maintain ‘up to date’ understanding of international and domestic regulatory considerations Global regulatory requirements may be inadvertently ignored

Copyright © 2004 Deloitte Development LLC. All rights reserved. 8 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress There are four key components of a successful Validation and CSV program Clear and consistent foundational procedural documentation –Policy level documents –Procedural level documents –Tools and templates Good validation document management practices –Document security –Audit trail for documentation changes –Organized and easily retrievable –Sanity in testing Control of systems and environment –Identification and evaluation of systems before installation –Periodic evaluation of systems for the identification of changes or upgrades and the need for new validation Process and tools to maintain up to date regulatory program –Pragmatic usage of enabling technology –Interpretation updates as regulatory interpretation or requirements change –Coordination with other divisions – decentralized IT resources –Keeping track of changes in FDA guidelines, and enforcement actions –Maintaining working relationships with the regulatory community

Copyright © 2004 Deloitte Development LLC. All rights reserved. 9 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress Evolution of Quality Systems Hierarchy “partnering” mentality technical and business tools are used to enhance competitive advantage maximizes budgeted resources because tasks are better planned and coordinated maximum flexibility: “anticipatory” participates w/ FDA setting standards and policies Mature “planning” mentality adopting more open approach w/ FDA flexible to withstand and learn from regulatory situations more integrated with other operational units Evolving Emerging “puts out fires” mentality minimum level of compliance inflexible No Quality Systems Where are you? ReactiveProactiveStrategic

Copyright © 2004 Deloitte Development LLC. All rights reserved. 10 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress The Goal Create a leveraged risk-modulated Compliance Program that: –Supports a culture of quality Must be integrated into day-to-day work In staff performance and development plans Has a strong recognition and rewards system Creates an environment of knowledge sharing and continuous process improvement Tied into current Six Sigma or Process Excellence programs Is always proactive…not reactive –Meets all compliance standards and is consistent with standards set by corporate –Demonstrates clear, realistic and achievable metrics Consistent with metrics from corporate IM Compliance –Synergistic with: SDLC Standardized project management approaches Quality controls (verification and testing) and assurance (process) –Is a model for other corporate departments and other companies

Copyright © 2004 Deloitte Development LLC. All rights reserved. 11 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress Dr. Michael M. Breggar Director, Life Science and Health Care Regulatory Practice Deloitte & Touche LLP (610) Dr. Breggar leads the Life Sciences Regulatory segment for Deloitte. He has over twenty- five years of professional experience in health care consulting. He is a recognized industry leader and speaker in the fields of, technology optimization in R&D, computer-related system compliance, pharmaceutical e-Business, quality systems and product development issues. His strong background in drug development, regulatory and industry affairs complements years of hands-on experience of analyzing pharmaceutical operations and processes for compliance with pragmatic business drivers and relevant regulatory bodies.

Copyright © 2004 Deloitte Development LLC. All rights reserved. 12 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved Pharmaceutical Regulatory and Compliance Congress

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.