If you receive errors when attempting to view this white paper, please install the latest version of
" Technology Evaluation Centers, Inc. (TEC) is the first web-native technology research enterprise. TEC provides decision support systems (DSS) that enable stakeholders to objectively identify the software products that best fit their company's unique business and systems requirements, and that contribute most effectively to superior business performance."
Source: Technology Evaluation Centers
"As a security-specialized system, DEACOM ERP Software for pharmaceutical manufacturing provides the security and audit trails required by 21 CFR Part 11 and other current Good Manufacturing Practices (cGMP), and also utilizes a SQL Server® database to insure data integrity and prevent data corruption."
Source: Deacom, Inc.
Market Insight: Strategies for Overcoming Compliancy Issues in the Pharmaceutical Industry
is also known as :
Strategies for Compliance
Strategies for Overcoming Compliancy Issues
Strategies for Compliancy Issues
FDA Food and Drug Administration
Developing a Compliance Strategy,
Success of a Compliance Strategy,
Communication of the Compliance Strategy,
Execution of the Compliance Strategy,
Benefit Compliance Strategy,
New Compliance Strategy,
Effective Compliance Strategy,
Company Wide Compliance Strategy,
Regulatory Compliance Strategy,
Compliance Strategy Requires,
Compliance Strategy Process,
Compliance Strategy Solutions.
This white paper features insight from Deacom, Inc. into the compliance challenges facing
pharmaceutical companies today-and recommendations for how drug manufacturers can
avoid them. Also featured in this white paper: TEC's guidelines for developing a compliance
strategy, and a detailed checklist for vetting enterprise software solutions to meet regulatory
Pharmaceutical manufacturing executives today are all too familiar with industry regulations
such as Title 21 CFR Part 11 and current good manufacturing practices (cGMPs). However,
many drug companies still struggle to comply with these and other U.S. Food and Drug
Administration (FDA) requirements.
In 2008 alone, the FDA issued 43 warning letters to pharmaceutical companies for regulatory
infractions. Among the violations were production records that lacked second-person
verifications, manufacturing procedures without validated processes for detecting and
removing drug impurities, and a laboratory computer system without security features-all
issues that could have been prevented with the proper controls. Given the size of the US
pharmaceutical market, worth more than an estimated $280 billion (USD) last year, these
surely aren't isolated incidents.
The potential costs of such noncompliance have been illustrated by recent high-profile cases,
such as a 2002 fine of $500 million (USD) for one drug maker's cGMP infractions. Violating
the Federal Food, Drug, and Cosmetic Act could result in product seizures, injunction, and
criminal prosecution with penalties of up to a year in jail and a $100,000 (USD) fine for each
noncompliant shipment or act.
So the obvious question is: Why, if FDA regulations are well known and noncompliance is so
costly, are pharmaceutical manufacturers still making avoidable compliance mistakes?
The problem for many companies often lies in the reality of running a business within the
limitations of systems that have not kept up with the changes of the industry. Many drug
development companies are still using a mix of siloed systems, legacy systems, and manual
processes-including spreadsheets and paper-based solutions-to manage their operations,
according to a 2005 Pharmaceutical Manufacturing magazine survey. Unfortunately, siloed
systems and manual processes make it difficult for companies to enforce process controls,
avoid mistakes, and ensure data integrity and security. More than 80 percent of the survey's
respondents did not have systems in place to help users proactively avoid mistakes, for
example. Multiple systems and processes capturing a manufacturer's data can compound
the difficulties in ensuring data integrity and avoiding the costly results of noncompliance.
This white paper discusses some of the compliance challenges faced by pharmaceutical
manufacturers. It provides guidelines for creating and implementing a sound compliance
plan to ensure your company isn't the next to receive a warning letter. Finally, in support
of compliance processes, this report includes a checklist of some of the functionality your
company should seek from pharmaceutical enterprise software vendors.
With the pervasive nature of electronic data in the early 90s in regulated industries, the FDA began to lay
the foundation for mandating the integrity and security of all captured data. In the creation of regulatory
requirements around electronic data, the FDA defined an electronic record as "any combination of text,
graphics, data, audio, pictorial, or other information represented in digital form that is created, modified,
maintained, archived, or distributed by a computer system." In 1997, the agency issued Part 11 of Title 21 of
the Code of Federal Regulations (CFR) to ensure the security, traceability, and integrity of electronic records
and electronic signatures.
Although 21 CFR Part 11 has been under review by the FDA since 2003, the rule has remained in effect
while a final version is being crafted. The regulation imposes several requirements on pharmaceutical
- Protect records to enable their "accurate and ready retrieval."
This implies data integrity and speed. Pharmaceutical companies using siloed systems may struggle
here because data is stored in several places, such as separate accounting, formulation, and inventory
systems. Duplicate data entry increases the chances for data conflicts and errors, because despite a
company's best efforts, data in two places will eventually be different. Data retrieval is cumbersome
in this environment as well, as it requires companies to pull data from multiple places and compile it
- Use computer-generated, time-stamped audit trails to record the date and time of record
creation, modification, or deletion.
Traceability and accountability: with disparate systems, this is a major hurdle. Even if the systems
document the date and time of record changes, it's difficult to pull a unified report containing accurate
information from across your organization. It's also difficult to prohibit workarounds, such as allowing
negative inventory. The problem with negative inventory is when a company ships items before
entering lot data into an inventory system, it's diverting from a traceable order of operations. In the
event of a recall, it's forced to search paper shipping records and batch tickets to track lot histories.
Theoretically, it's possible-but true lot tracking and negative inventory cannot coexist.
- Establish authority checks to ensure only authorized personnel can access the system and
electronically sign or alter a record.
Security in a multisystem environment is complicated, if not impossible. Separate security clearances
and controls are required for each program, and companies using any type of spreadsheets or manual
systems may not be able to limit data access, enforce the use of electronic signatures, or track record
changes. Custom-written programs or add-on modules might be needed to secure these processes.
Those programs require additional IT support and maintenance to keep them in working order as
processes change, users are added, or bridged systems are updated.
The solution to these compliance issues is integrating all business processes under a single umbrella
solution. With formulation, regulatory reporting, production, inventory control and lot tracking, sales, and
accounting data managed in a single repository, companies can easily eliminate duplicate data entry and
speed the data retrieval process. The idea is to allow manufacturers to track all data in real time, creating
seamless audit trails that can be viewed in a unified report. Moreover, with only one system to secure,
manufacturers can establish security clearances and signatures on a user-by-user and process-by-process
basis without the need for additional IT support.
Current Good Manufacturing Practices
Other regulations plaguing manufacturers are cGMPs, which require companies to establish and follow
written procedures controlling every aspect of their operations-from the sanitation of buildings and
equipment, to how returned drug products are handled. Among the requirements affected by the systems
a company uses:
- Production Process Controls: Manufacturers must have one person calculate and another person
verify yields at the conclusion of each manufacturing, processing, packaging, or holding phase. They
also must have procedures for testing in-process materials for each batch to ensure uniformity and
integrity, such as tests for tablet or capsule weight variation.
With disparate systems, process control enforcement can break down easily. When there are gaps
between systems-one for production and one for packaging and labeling, for example-there's no
easy way to prevent workers from packaging items before satisfying all batch tests and verifications.
Workers can work around tests or approvals with spreadsheets or handwritten processes.
- Laboratory Controls: Manufacturers must establish and follow acceptance and rejection criteria
for sampling and testing each drug batch to ensure it meets "each appropriate specification and
appropriate statistical quality control criteria" before approval and release.
Similar to process controls, laboratory controls are hard to master with siloed systems because they
allow for workarounds, such as entering quality control (QC) test values after a product is shipped.
- Labeling: Procedures are also required for 1) identifying drug products with a lot or control number
that provides a complete manufacturing history, 2) examining packaging and labeling for correctness,
and 3) documenting that examination in the batch production record.
When using disparate systems, lot labeling may include handwriting lot numbers as items are received.
Achieving a complete history of that lot is challenging because, as previously mentioned, there is no
single place to document that lot's movement throughout production and shipment. Similarly, if
labeling is performed in a system outside formulation data, that disconnection could allow for costly
data entry errors or omissions.
Compliance is more easily reached by accessing information through the use of a single, integrated system.
When all processes are interconnected, manufacturers can require electronic signatures to verify each step
of a process-that QC tests were performed and passed and batch yields were recorded, for example-
before it's possible to move on to shipping or other processes. The system could also generate bar code
stickers or prompt radio frequency identification (RFID) tagging upon item receipt, so lot histories are
tracked as items move through the manufacturing process and recorded in a lot tracking report. It could
also apply the appropriate formula, batch, and lot data to labels automatically-reducing a manufacturer's
margin of error.
An Integrated Approach to Compliance
The bottom line: Pharmaceutical manufacturers are responsible for making sure their companies are
always in compliance with FDA regulations, or they could face recalls, fines, seizures, or injunction. When
companies use siloed systems or manual processes, there is an increased chance of data integrity problems,
process control failure, and data corruption. Keeping these programs working, secure, and in compliance
requires additional IT maintenance and support.
Implementing a strategy centralizing all business processes in one repository creates a more easily secured
and maintained system with improved data integrity, traceability, and controls.
1. Define company objectives for achieving compliance-In order to successfully meet compliance
demands, an organization needs to carefully define the parameters and policies to ensure the execution
of its objectives. As part of the process of defining a company's objectives, a strengths, weaknesses,
opportunities, and threats (SWOT) analysis will take into account key internal and external factors impacting
the success of a compliance strategy. Some of the questions a company should ask: How can it leverage its
strengths to its advantage? How can it eliminate weaknesses in its plan? How can it use each opportunity to
achieve its objectives? How can it reduce each threat?
Furthermore, these policies need the appropriate stakeholder buy-in for their sound implementation. In
order to achieve buy-in, an effective stakeholder management strategy is recommended. The following
steps can be taken:
- Stakeholder identification-Identify who are the stakeholders and how they will be affected by
the compliance objectives.
- Stakeholder prioritization-Once the stakeholders are identified, prioritizing stakeholder
influence will enable the organization to develop a clear view of who is responsible for ensuring the
compliance objectives are widely accepted across the company.
- Stakeholder analysis-Direct contact with stakeholders is required to confirm collaboration and
communication of the compliance strategy among all parties.
2. Decide how to monitor company objectives and who will handle it-Implementing a governance
framework is key to accurately tracking and monitoring a company's progress when complying with
government regulations. As part of the framework, it is critical to include the appropriate resources
responsible for tracking and executing the work to meet necessary compliance demands.
An effective governance framework should provide the following core components:
- Implementing strict controls-Stakeholders need to align their objectives with strict controls for
the planning and execution of their compliance strategy.
- Executing best practices-Stakeholders should provide a means to document and train resources
on best-practice methodologies outlined by the governance framework.
- Assessing performance and cost-Stakeholders need to include a system to evaluate the true
cost and benefit of the compliance strategy, and a process to incorporate these metrics into the best
practices and standard processes put in place.
3. Develop an implementation plan, including employee training and education-One of the most
difficult challenges that occur when implementing a plan is changing old working habits. In addition to
setting up the appropriate training, companies need to consider a change management strategy to allow
the plan to flourish.
A successful change management strategy for implementing a new compliance plan requires three key
- The drivers of change involve their stakeholders in building the change management plan.
- The drivers of change place a high priority on their actions in implementing the new compliance
- A system must be in place to communicate change to all parties.
4. Assess the company's success in achieving compliance objectives-As compliance regulations and
company infrastructures are in constant flux, it is necessary to evaluate the compliance plan at its various
milestones. This evaluation process allows organizations to always have the most optimal plan in place to
avoid the steep penalties incurred by noncompliance. Implementing the right reporting and auditing tools
are critical to maintaining an effective compliance strategy by continuously assessing company objectives
and responding to potential problems.
Similar to any established process, a compliance strategy requires the use of key performance indicators
(KPIs) to alert and inform management of the plan in place. However, accurate and relevant KPIs require an
- have a documented business process in place for its compliance strategy
- have both quantitative and qualitative metrics of the results and comparable milestones,
- have the flexibility to modify the system or resources for short-term goals.
Software Functionality in Support of Compliance Processes
A significant part of an integrated approach to compliance with governmental regulations includes
integrated solutions designed for the pharmaceutical industry. These solutions usually include enterprise
resource planning (ERP), manufacturing control and execution systems, supply chain management (SCM),
and laboratory information management systems (LIMS). Although all types of these systems can be
deployed at a company, a single-database enterprise application is an optimal choice for pharmaceutical
manufacturers to comply with federal requirements. This system would include functionality for inventory
management, sales management, and process manufacturing planning and execution, along with
formulas/recipes and routings control, supply chain management, and financials.
In order to provide the required level of compliance, it is crucial to implement and exploit systems that
provide the necessary support for FDA and cGMP requirements. Another big challenge here is to select the
right system for your business.
Based on research into pharmaceutical and food industry requirements, the following is a structured
checklist of software functionality you should consider to address your regulatory compliance needs.
Functional criteria related to regulatory compliance are grouped into the following two sections:
- record restrictions
- good manufacturing practices (GMPs)
A) Record Restrictions
These criteria address FDA requirements for pharmaceutical and food manufacturing companies, including:
"Protect records to enable their ‘accurate and ready retrieval'"; "Use computer-generated, time-stamped
audit trails to record the date and time of record creation, modification, or deletion"; and "Establish authority
checks to ensure only authorized personnel can access the system and electronically sign or alter a record."
- Different administrators for different areas of workforce management
- Encryption capabilities
- User authentication capabilities
- When a record is created or modified, the system records the identity of the person creating or modifying
- Password encryption
- Security functions are implemented by function, transaction, or field
- System provides access to secure data sources, such as password-protected Web site or secure file server
- Entire sections of the application can be secured
- Users can have different roles and privileges for different parts of the application
- Central point of reference for retrieving and controlling enterprise information
- Concurrent access to the data with data locking and check-in and check-out integrity mechanisms
- Guide feature identifies what data is available and where it is used
- Access to business rules and predefined queries for decision support
- Security by user ID, password, and user group
- Master file audit reporting
- Database-level security
- Program-level security
- Multilevel access passwords
- Digital signatures
- User, object, and method access control
B) GMP Compliance
The following functionality includes production process controls, laboratory controls, and labeling
procedures to help manufacturers comply with GMPs.
- Comment field for specified raw materials
- Hazardous materials threshold ranges are based on component percentages and tolerance ranges
- Hazardous materials can be located by expanding formulas
- Prints customized labels containing product and hazardous data
- Conflicting hazard statements are identified and prioritized
- Printed forms contain customer information
- Forms include emergency response procedures
- Receives information on hazardous material from batch history file
- Library of common hazard statements
- MSDS forms can be printed to conform to regional regulation formats and language
- Prints transportation information
- Chemical list and where-used documents conform to US Superfund Amendments and Reauthorization
Act (SARA) reporting and worksheets requirements
- Labeling can be user-defined
- Automatically records and maintains data for LIMS
- Complies to United States Department of Agriculture (USDA) regulations, Hazard Analysis and Critical
Control Points (HACCP), etc.
- Complies to FDA, GMP, or other standards
- Material classifications to prevent use or sale of materials without quality assurance (QA) approval
- Conditional material pre-release classification
- Flow-down of quality requirements from contract or sales order to production floor
- Manages quality sampling procedures
- Provides testing procedures and instructions in real time
- Maintains pass or fail quality tests
- Generates certificates for pass/fail quality testing
- Handles customer requirements for testing
- Releases quarantined items
- Specifies whether a lot is being held due to testing or rejection, or if it requires rework or customer
- Prevents the movement of inventory based on lot hold code
- Date triggers quality procedures, including retest, expiration, creation, aging, effective date
- Stores data for statistical process control (SPC) analysis in a database
- All test definitions reported by raw material, intermediate good, finished good, organization, customer,
supplier, or formulation
- Tests can be verified by parameters selected by authorized users
- Documents repetitive test results
- MSDS meets American National Standards Institute (ANSI)-standard format
- MSDS formats can be changed to formats determined by the user or as mandated by the Occupational
Safety and Health Administration (OSHA), National Institute for Occupational Safety and Health (NIOSH),
Workplace Hazardous Materials Information System (WHMIS), European Chemicals Bureau, or Chemicals
(Hazard Information and Packaging for Supply) Regulations 2002 (CHIP)
- Uses MSDS logic to add standard statements for different materials
- Issues MSDS
- MSDS sheets can be copied and renamed
- Printed copies of full-disclosure MSDS accompanies all raw materials
- Employees can view MSDS or generate reports, online
- Generates worksheets and reports of where-used chemical lists to meet regulatory requirements
To successfully meet compliance demands, pharmaceutical manufacturers must develop, implement, and
track the effectiveness of a company-wide compliance strategy. A central part of that strategy includes
indentifying and adopting an industry-specific enterprise technology solution with functionality that
supports FDA requirements.
Using the above criteria and recommendations as guidelines, pharmaceutical companies can be confident
they're on the right path for reaching compliance.
About Deacom, Inc.
Headquartered in Wayne, Pennsylvania (US), Deacom, Inc. is the producer of DEACOM, a complete
accounting and ERP system for batch process manufacturers, with a specialization in the pharmaceutical
The DEACOM System seamlessly links all departments within a manufacturing company, providing a
comprehensive view of the entire operation. By making complex issues simple, Deacom helps streamline
manufacturing business processes to maximize productivity and profitability.
For more information or to schedule an online demonstration, call 610-971-2278 ext. 15 or
Technology Evaluation Centers is a provider of research and decision support technology designed to help
businesses evaluate and select the software solutions that best fit their particular needs. Its mission is to
reduce the costs, risks, and time associated with software selection and implementation. Decision makers
come to TEC when they want to make informed software selection decisions, rapidly and cost-effectively.
For more information, please visit
Contact TEC's research group at
or +1 514-954-3665
Technology Evaluation Centers Inc.
740 St. Maurice, 4th Floor
Canada, H3C 1L5
Phone: +1 514-954-3665
Fax: +1 514-954-9739
Web site: www.technologyevaluation.com
TEC, ebestmatch, and ERGO are trademarks of Technology Evaluations Centers Inc.
All other company and product names may be trademarks of their respective owners.
© 2009 Technology Evaluation Centers Inc. All rights reserved.