This white paper features insight from Deacom, Inc. into the compliance challenges facing pharmaceutical companies today—and recommendations for how drug manufacturers can avoid them. Also featured in this white paper: TEC’s guidelines for developing a compliance strategy, and a detailed checklist for vetting enterprise software solutions to meet regulatory compliance requirements.
Pharmaceutical manufacturing executives today are all too familiar with industry regulations such as Title 21 CFR Part 11 and current good manufacturing practices (cGMPs). However, many drug companies still struggle to comply with these and other U.S. Food and Drug Administration (FDA) requirements.
In 2008 alone, the FDA issued 43 warning letters to pharmaceutical companies for regulatory infractions. Among the violations were production records that lacked second-person verifications, manufacturing procedures without validated processes for detecting and removing drug impurities, and a laboratory computer system without security features—all issues that could have been prevented with the proper controls. Given the size of the US pharmaceutical market, worth more than an estimated $280 billion (USD) last year, these surely aren’t isolated incidents.
The potential costs of such noncompliance have been illustrated by recent high-profile cases, such as a 2002 fine of $500 million (USD) for one drug maker’s cGMP infractions. Violating the Federal Food, Drug, and Cosmetic Act could result in product seizures, injunction, and criminal prosecution with penalties of up to a year in jail and a $100,000 (USD) fine for each noncompliant shipment or act.
So the obvious question is: Why, if FDA regulations are well known and noncompliance is so costly, are pharmaceutical manufacturers still making avoidable compliance mistakes?
The problem for many companies often lies in the reality of running a business within the limitations of systems that have not kept up with the changes of the industry. Many drug development companies are still using a mix of siloed systems, legacy systems, and manual processes—including spreadsheets and paper-based solutions—to manage their operations, according to a 2005 Pharmaceutical Manufacturing magazine survey.
Unfortunately, siloed systems and manual processes make it difficult for companies to enforce process controls, avoid mistakes, and ensure data integrity and security. More than 80 percent of the survey’s respondents did not have systems in place to help users proactively avoid mistakes, for example. Multiple systems and processes capturing a manufacturer’s data can compound the difficulties in ensuring data integrity and avoiding the costly results of noncompliance.
This white paper discusses some of the compliance challenges faced by pharmaceutical manufacturers. It provides guidelines for creating and implementing a sound compliance plan to ensure your company isn’t the next to receive a warning letter. Finally, in support of compliance processes, this report includes a checklist of some of the functionality your company should seek from pharmaceutical enterprise software vendors.
With the pervasive nature of electronic data in the early 90s in regulated industries, the FDA began to lay the foundation for mandating the integrity and security of all captured data. In the creation of regulatory requirements around electronic data, the FDA defined an electronic record as “any combination of text, graphics, data, audio, pictorial, or other information represented in digital form that is created, modified, maintained, archived, or distributed by a computer system.” In 1997, the agency issued Part 11 of Title 21 of the Code of Federal Regulations (CFR) to ensure the security, traceability, and integrity of electronic records and electronic signatures.
Although 21 CFR Part 11 has been under review by the FDA since 2003, the rule has remained in effect while a final version is being crafted. The regulation imposes several requirements on pharmaceutical manufacturers:
Protect records to enable their “accurate and ready retrieval.”: This implies data integrity and speed. Pharmaceutical companies using siloed systems may struggle here because data is stored in several places, such as separate accounting, formulation, and inventory systems. Duplicate data entry increases the chances for data conflicts and errors, because despite a company’s best efforts, data in two places will eventually be different. Data retrieval is cumbersome in this environment as well, as it requires companies to pull data from multiple places and compile it manually.
Use computer-generated, time-stamped audit trails to record the date and time of record creation, modification, or deletion: Traceability and accountability: with disparate systems, this is a major hurdle. Even if the systems document the date and time of record changes, it’s difficult to pull a unified report containing accurate information from across your organization. It’s also difficult to prohibit workarounds, such as allowing negative inventory. The problem with negative inventory is when a company ships items before entering lot data into an inventory system, it’s diverting from a traceable order of operations. In the event of a recall, it’s forced to search paper shipping records and batch tickets to track lot histories. Theoretically, it’s possible—but true lot tracking and negative inventory cannot coexist.
Establish authority checks to ensure only authorized personnel can access the system and electronically sign or alter a record: Security in a multisystem environment is complicated, if not impossible. Separate security clearances and controls are required for each program, and companies using any type of spreadsheets or manual systems may not be able to limit data access, enforce the use of electronic signatures, or track record changes. Custom-written programs or add-on modules might be needed to secure these processes. Those programs require additional IT support and maintenance to keep them in working order as processes change, users are added, or bridged systems are updated.
The solution to these compliance issues is integrating all business processes under a single umbrella solution. With formulation, regulatory reporting, production, inventory control and lot tracking, sales, and accounting data managed in a single repository, companies can easily eliminate duplicate data entry and speed the data retrieval process. The idea is to allow manufacturers to track all data in real time, creating seamless audit trails that can be viewed in a unified report. Moreover, with only one system to secure, manufacturers can establish security clearances and signatures on a user-by-user and process-by-process basis without the need for additional IT support.