Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2004 Deloitte Development LLC. All rights reserved. 2004 Pharmaceutical Regulatory and Compliance Congress Beyond Compliance 2.04 Product Quality and.

Published byJewel Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: "©2004 Deloitte Development LLC. All rights reserved. 2004 Pharmaceutical Regulatory and Compliance Congress Beyond Compliance 2.04 Product Quality and."— Presentation transcript:

1 ©2004 Deloitte Development LLC. All rights reserved. 2004 Pharmaceutical Regulatory and Compliance Congress Beyond Compliance 2.04 Product Quality and Organizational Compliance Michael Breggar Director, Life Sciences & Health Care Regulatory Practice Deloitte & Touche LLP November 16, 2004

2 Copyright © 2004 Deloitte Development LLC. All rights reserved. 1 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 1 2004 Pharmaceutical Regulatory and Compliance Congress FDA’s Changing Perspective FDA has recently begun changing its approach, lending additional value to an upfront investment in problem avoidance rather than remediation FDA moving to more of a risk-based approach* –Focuses more agency resources on identified risk companies –Strongly encourages upfront investment in IT quality systems to avoid appearing to FDA as “high risk” company- stay off the radar! –Risk avoidance investment helps minimize the experience of some companies-- enduring multi-month/year reviews and intense scrutiny FDA replacing traditional “validation task” focus with a quality systems management (QSM) approach –Reviews focusing on overall quality systems management framework; assumption is robust QSM infers quality and compliance across company –Validation tasks still required but will be less focus These points highlight the large gaps many companies have today in the areas of QSM and selected system compliance requirements; risks exist but can be effectively managed through an appropriate investment *Source: USFDA Pharmaceutical cGMPs for the 21st Century: A Risk-Based Approach

3 Copyright © 2004 Deloitte Development LLC. All rights reserved. 2 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 2 2004 Pharmaceutical Regulatory and Compliance Congress cGMP Guidance (Pharmaceutical) –“Systems should be appropriately qualified and validated …” –“GMP-related computerized systems should be validated. The depth and scope of validation depends … on your assessment of risk…” cGMP Guidance (Devices) –“Alternative approaches that accomplish full compliance with the quality system regulation are acceptable. While it is clearly intended for medical device manufacturers, the guidance may also be useful to the pharmaceutical industry and other industries regulated by FDA.” –General Principals of Software Validation; Final Guidance to Industry and Staff –The FDA is changing and trying to move industry along with them. –“For processes that are well understood, opportunities exist to develop less restrictive regulatory approaches to manage change. Thus, a focus on process understanding can facilitate risk-based regulatory decisions and innovation.” –FDA PAT Guidance (08/2003) FDA Regulations/Guidance – Computer Systems

4 Copyright © 2004 Deloitte Development LLC. All rights reserved. 3 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 3 2004 Pharmaceutical Regulatory and Compliance Congress FDA Regulations/Guidance Risk Management is the systematic application of management policies, procedures, practices to the tasks of: –Analyzing risk –Evaluating risk –Controlling risk –Communicating risk (new) Part 11 Guidance regarding validation –Must comply with predicate rules –If no predicate rule requirements, base validation scope decisions on: Any predicate rule requirements for accuracy and reliability of the RECORDS contained in the system. A justified and documented risk assessment A determination of the potential (likelihood) of the system to affect product quality and safety, and record integrity. Since risk can be measured and quantified, it can be factored into your overall business strategy.

5 Copyright © 2004 Deloitte Development LLC. All rights reserved. 4 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 4 2004 Pharmaceutical Regulatory and Compliance Congress Current Environment Many Companies are faced with appreciation and understanding of compliance as inconsistent and creating unrealistic (or unknown) expectations “Validation and Change Control policies and procedures are inconsistent across [the divisions] and their interface with [any one specific division]” “The current organization facilitates no consistent Quality Standards” “Our various divisions contain fragmented ownership and understanding of Quality and validation. This leads to inconsistent expectations at our department by the various divisions” “Many small and proprietary applications and systems exist within the company … with little or no known documentation. This also creates enormous issues in regards to Sarbanes” “Most regulated systems were validated independently by a department. These regulated systems currently operate under separate change control and quality policies.” “Nothing is standard … or managed standardly.”

6 Copyright © 2004 Deloitte Development LLC. All rights reserved. 5 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 5 2004 Pharmaceutical Regulatory and Compliance Congress Approaching Compliance and Quality as Business Risk (an Information Management example) Many companies have recognized the need to leverage system compliance across business units: the “IM Quality and Compliance Program”. IM “reputation” … missed schedules, over budget, systems do not meet requirements FDA requirements for current projects Sarbanes-Oxley requires similar controls, oversight and planning “Compliance” has been previously been defined inconsistently within the organization; though its scope is much broader as regulatory needs are introduced –Validation –Quality control and assurance practices –21 CFR Part 11 –21 CFR 210 and 211 –21 CFR 820 (Quality System Regulations) –Sarbanes-Oxley –ISO standards –Security and Access standards –Internal corporate policy standards Process Excellence and Six Sigma initiatives within business departments… will require more of IM (performance, resources, $, etc.) Unless fully integrated, the compliance costs (meeting proper standards) could exceed 50-100% of total installed costs.* * Current industry estimates (ISPE, GAMP)

7 Copyright © 2004 Deloitte Development LLC. All rights reserved. 6 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 6 2004 Pharmaceutical Regulatory and Compliance Congress Decentralized Approaches Create Inconsistencies Differing standards and approaches to validation such as –Vendor supplied pre-certification of validation / compliance (poor idea) –System owner’s interpretation of GxP guidelines (poor – good idea) –Structured approach based on Corporate standards and formalized SOPs (excellent idea!) Documentation is not always accessible –Components of validation documentation may be stored in multiple places –No standard approach to CSV document management –No change control over CSV documentation Computerized environment may be perceived to be out of control –Inventory of systems can grow without organizational awareness –Complex network of responsibilities for system compliance and validation Inconsistent interpretation of regulatory requirements –Differing standards for security, archiving, signatures and procedural documentation –Differing standards for which applications need to be validated

8 Copyright © 2004 Deloitte Development LLC. All rights reserved. 7 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 7 2004 Pharmaceutical Regulatory and Compliance Congress … and Inconsistencies can result in risk FDA’s interest in Computer Systems Validation, etc. –Part 11 and relationship to CSV “Bad” business practices –Data security and reliability –Ability to produce data for audits and internal reviews Inefficient processes –Time spent debating ‘what and how’ for validation on each system –Excessive validation for some systems –Delayed implementations caused by poor validation planning –Redundant efforts attempting to maintain ‘up to date’ understanding of international and domestic regulatory considerations Global regulatory requirements may be inadvertently ignored

9 Copyright © 2004 Deloitte Development LLC. All rights reserved. 8 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 8 2004 Pharmaceutical Regulatory and Compliance Congress There are four key components of a successful Validation and CSV program Clear and consistent foundational procedural documentation –Policy level documents –Procedural level documents –Tools and templates Good validation document management practices –Document security –Audit trail for documentation changes –Organized and easily retrievable –Sanity in testing Control of systems and environment –Identification and evaluation of systems before installation –Periodic evaluation of systems for the identification of changes or upgrades and the need for new validation Process and tools to maintain up to date regulatory program –Pragmatic usage of enabling technology –Interpretation updates as regulatory interpretation or requirements change –Coordination with other divisions – decentralized IT resources –Keeping track of changes in FDA guidelines, and enforcement actions –Maintaining working relationships with the regulatory community

10 Copyright © 2004 Deloitte Development LLC. All rights reserved. 9 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 9 2004 Pharmaceutical Regulatory and Compliance Congress Evolution of Quality Systems Hierarchy “partnering” mentality technical and business tools are used to enhance competitive advantage maximizes budgeted resources because tasks are better planned and coordinated maximum flexibility: “anticipatory” participates w/ FDA setting standards and policies Mature “planning” mentality adopting more open approach w/ FDA flexible to withstand and learn from regulatory situations more integrated with other operational units Evolving Emerging “puts out fires” mentality minimum level of compliance inflexible No Quality Systems Where are you? ReactiveProactiveStrategic

11 Copyright © 2004 Deloitte Development LLC. All rights reserved. 10 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 10 2004 Pharmaceutical Regulatory and Compliance Congress The Goal Create a leveraged risk-modulated Compliance Program that: –Supports a culture of quality Must be integrated into day-to-day work In staff performance and development plans Has a strong recognition and rewards system Creates an environment of knowledge sharing and continuous process improvement Tied into current Six Sigma or Process Excellence programs Is always proactive…not reactive –Meets all compliance standards and is consistent with standards set by corporate –Demonstrates clear, realistic and achievable metrics Consistent with metrics from corporate IM Compliance –Synergistic with: SDLC Standardized project management approaches Quality controls (verification and testing) and assurance (process) –Is a model for other corporate departments and other companies

12 Copyright © 2004 Deloitte Development LLC. All rights reserved. 11 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 11 2004 Pharmaceutical Regulatory and Compliance Congress Dr. Michael M. Breggar Director, Life Science and Health Care Regulatory Practice Deloitte & Touche LLP mbreggar@deloitte.com (610) 479-3848 Dr. Breggar leads the Life Sciences Regulatory segment for Deloitte. He has over twenty- five years of professional experience in health care consulting. He is a recognized industry leader and speaker in the fields of, technology optimization in R&D, computer-related system compliance, pharmaceutical e-Business, quality systems and product development issues. His strong background in drug development, regulatory and industry affairs complements years of hands-on experience of analyzing pharmaceutical operations and processes for compliance with pragmatic business drivers and relevant regulatory bodies.

13 Copyright © 2004 Deloitte Development LLC. All rights reserved. 12 Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 12 2004 Pharmaceutical Regulatory and Compliance Congress

Download ppt "©2004 Deloitte Development LLC. All rights reserved. 2004 Pharmaceutical Regulatory and Compliance Congress Beyond Compliance 2.04 Product Quality and."

Similar presentations

Radiopharmaceutical Production

Radiopharmaceutical Production
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
Criminal Justice Organizations: Administration and Management

Criminal Justice Organizations: Administration and Management
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.

©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
 DB&A, 2002-2012 Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.

 DB&A, Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.
What’s New in the FDA’s Pharmaceutical Inspectorate and Risk Based Systems Inspection Rick Perlman Chair Food, Drug, and Cosmetic Division ASQ.

What’s New in the FDA’s Pharmaceutical Inspectorate and Risk Based Systems Inspection Rick Perlman Chair Food, Drug, and Cosmetic Division ASQ.
Implementing SMS in Civil Aviation: the Canadian Perspective.

Implementing SMS in Civil Aviation: the Canadian Perspective.
Laboratory Personnel Dr/Ehsan Moahmen Rizk.

Laboratory Personnel Dr/Ehsan Moahmen Rizk.
IT Governance and Management

IT Governance and Management
PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Similar presentations

Ads by Google