Automotive Industry "Treading" on Regulations
The issues of quality and safety in the automotive industry have recently become about more than simply complying with such regulatory requirements as the Automotive Right-to-Repair bill. Rather, for companies in the automotive industry, these issues are about maintaining consumer confidence, making certain companies have a more competitive supply chain, and making profitable growth possible in spite of the big original equipment manufacturers' (OEM's) arbitrary price pressures on the supply chain.
With sound, industry-oriented, and compliance-ready enterprise applications systems, OEMs and suppliers stand a better chance at achieving their coveted quality objectives of zero defects and safety incidents. In addition, such applications systems may allow OEMs, suppliers, and dealers to reduce warranty costs and to ensure that vehicles are safer and cheaper to drive.
For more information on compliance issues in other industries, please see previous parts of this series: Thou Shalt Comply (and More, or Else): Looking at Sarbanes-Oxley, Important Sarbanes-Oxley Act Mandates and What They Mean for Supply Chain Management, and Sarbanes-Oxley Act May Be Just the Tip of a Compliance Iceberg.
Automotive Compliance Issues
In addition to having to comply with each mighty OEM's proprietary communication standards and protocols, one of the latest key automotive regulations is the US Transportation Recall Enhancement, Accountability, and Documentation (TREAD) Act. This regulation requires greater control and traceability of safety-related automotive components, and aims to protect lives by detecting failure patterns in automotive parts.
The current regulation requires two types of reports. The first collects data relating to production, consumer complaints, property damage claims, warranty adjustments, and field reports. The other involves data on claims and notices of death or injury. Management and analysis of a great deal of data (both structured and unstructured) is needed with TREAD reporting. The law also requires integration with new and legacy transactional systems. Logically, a sound enterprise infrastructure platform should address these governance and accountability requirements through data that is reasonably easy to access for reporting and analysis purposes. In addition, such a platform should clear audit trails for critical quality, procurement, and dealer management systems.
Further, the International Organization for Standardization (ISO) TS 16949 specification aligns international automotive quality standards, defining quality-system requirements for the design, production, installation, and servicing of automotive products. This section of ISO emphasizes that companies must ensure that both the parts and the processes meet customer requirements. This process approach to quality is not centered solely on documentation, but rather it focuses on customer satisfaction. Suppliers are required to show the processes' interactions from end to end, including inputs, outputs, and overall effectiveness.
For instance, users should be able to automate paper-intensive revision processes within a document control module (or capability). A document control module offers tools that should help users gain real time visibility into the key documents so that the right people can view the right documents as changes occur. Such a feature should provide secure document control throughout the enterprise, with documents stored in secure libraries that can then be linked and viewed throughout the enterprise resource planning (ERP) system. At the same time, the system can automatically keep revisions for future access.
Such a module typically uses a workflow management facility with a Web- and e-mail-based collaboration, routing, and approval process, including support for personnel outside the organization. The facility alerts team members of issues that require attention, whereby e-mail notifications contain a hyperlink displaying the document, changes, and approval information. At the same time, the underlying security mechanism should control tracking of edits, notes, and ideas through authorizations and authentication means. A growing number of automakers now require, or will soon demand, compliance with ISO and TS 16949.
These requirements are typically addressed through the quality management and new product development and introduction (NPDI) capabilities of product lifecycle management (PLM) suites. Such applications must support collaborative product development processes, including advanced product quality planning (APQP) and its obligatory products part approval process (PPAP), for both OEMs and suppliers.
For visibility into quality processes at the component level, user enterprises can use the APQP-enabled modules (provided by some ERP or PLM providers that focus on the automotive industry) with integrated templates for automotive requirements based upon, for example, the Ford or General Motors (GM) APQP programs. This should help users tremendously to link and manage APQP process-related, component-level documents.
DRM Associates' Failure Modes and Effects Analysis (FMEA) explains the process this way:
One of these would be to design according to the Failure Modes and Effects Analysis (FMEA) methodology for analyzing potential reliability problems early in the development cycle where it is easier to take actions to overcome these issues, thereby enhancing reliability through design. FMEA is used to identify potential failure modes, determine their effect on the operation of the product, and identify actions to mitigate the failures. A crucial step is anticipating what might go wrong with a product. While anticipating every failure mode is not possible, the development team should formulate as extensive a list of potential failure modes as possible.
For example, one should be able to access and maintain Gage repeatability and reproducibility (Gage R&R) studies to identify and reduce measurement variation, capability studies, set up instructions, or computer aided design (CAD) and computer aided manufacturing (CAM) files and forms. With timely information, one can thereby reduce data entry efforts, identify substandard quality much earlier, and keep the customers happy.
A PPAP-enabled module typically provides tools for planning and controlling part production information, including the ability to outline the sampling process, provide checkpoints for adherence to plans, and ensure a process has the potential to consistently manufacture product and meet or exceed customer quality requirements. Typically, the module is directly linked to inventory items and customer information; it has a built-in control plan, and FMEA management and reporting facilities. For more pertinent information, see Benefits of a Single Database Solution: Improved Enterprise Quality Management from IQMS.
Food Safety—Not to Be Treated Lightly
Resembling the automotive traceability requirements to a degree, food safety and traceability too must be about more than simply complying with regulatory requirements. Maintaining consumer confidence, ensuring a more competitive supply chain, and enabling profitable growth are also key motivators for enterprises in the food industry. Food manufacturers need solutions that will afford them the capabilities they need to comply with the growing amount of government legislation and safety initiatives affecting the food and personal care industries today. These solutions should also help them avoid costly product recalls, build trusted brands, and create shareholder value.
The following section from Food Safety, Government Regulations, and Brand Protection sheds more light on the issue:
The US Centers for Disease Control (CDC) reports that as many as 76 million illnesses are caused by food contamination every year in the US. In addition to the public cost, the impact of food safety lapses can be devastating within the food industry. While many food industry executives think of regulatory penalties as a risk, the major risks are potential plant shut downs or, even worst, more permanent damage to brands and companies.
Food safety is a global issue, and the present-day threats and potential costs associated with food safety have never been higher. As companies seek to increase their control and in turn, minimize the risks, they discover that many varied activities, both within and outside the organization and both upstream and downstream the supply chain, must be considered and addressed. Most countries have governmental agencies, such as the US Food and Drug Administration (FDA) and US Department of Agriculture (USAD), that are responsible for regulating food products. These agencies help to ensure that foods are safe to eat and do not contain any harmful additives. To that end, correct labeling of food products is strictly enforced and some countries now exercise strict guidelines relating to product advertising. Food control and safety will only increase with the closer linking of food supplies among countries and regions, especially in light of illnesses such as mad cow disease and avian (bird) flu, which can spread to humans through food consumption.
The rules typically cover all food products sold in the country and therefore, any product imported into the country is covered by the regulations. For all members of the food supply chain, the import, export and domestic impacts of the worldwide regulations must be considered. As concerns for food safety continue to rise, it should be not surprising that industry regulations and enforcement are becoming more stringent. Many food producers regulated by the FDA and USDA have thus implemented hazard analysis and critical control point (HACCP) programs to standardize their practices in food quality and safety, with the aim of streamlining the business processes and reducing the risks of compliance while keeping the operational costs down as much as possible.
Impact of US and EU Markets
The two markets with the most impact worldwide are those of the US and the European Union (EU). These markets are among the largest in the world, and are major importers and exporters of food. Food industry-oriented enterprise solutions should enable compliance with the following food regulations:
- "The U.S. Public Health Security and Bioterrorism Preparedness and Response Act of 2002 requires organizations to track the immediate sources of raw materials of their food products and the immediate recipients of any products they produce. The Bioterrorism Act also requires that organizations notify the U.S. FDA before they import food products into the United States." See SAP's Consumer Product: Regulatory Compliance for more.
The regulation has created a new requirement for consumer goods manufacturers, whereby they must track the source of raw materials as well as the destination customer of the finished goods. The participants in the entire supply chain have to maintain inventory attributes, such as lot numbers, revision codes, manufacturing dates, expiration dates serial numbers, etc., all of which should help everyone involved to combat bioterrorism threats and to manage product recalls should they occur.
"Most of the bioterrorism security regulations require food manufacturers, distributors, and logistics companies to establish and maintain records that would allow inspectors to conduct a trace investigation to protect the food and animal feed supply." See Manufacturing & Logistics IT's Food industry QA managers influence technology selection for more information.
The regulation requires companies to have the means to provide the required reporting mechanisms beyond traditional lot traceability. With the US FDA's authority over approximately 80 percent of the US food supply, the Bioterrorism Act will likely have more impact on the worldwide food and beverage industry than all other regulations combined.
While limited exemptions exist, the law is intended to be broadly applied to all companies that manufacture, process, pack, hold, transport, distribute, or receive regulated food product. It is estimated that the US Bioterrorism Act covers over 400,000 US and foreign facilities.
- The EU's General Food Law Regulation 178/2002 establishes similar requirements and procedures for food safety, including the ability to trace materials back to the source producer. The US Bioterrorism Act is being replicated throughout the EU to ensure the food supply's safety from terrorist attack by applying an integrated approach from "farm to table," covering all sectors of the food chain, including feed production, primary production, food processing, storage, transport, and retail sale. This clearly indicates that food safety concerns impact all members of the food supply chain.
The European Food Safety Authority (EFSA), setting forth the basic conditions for safeguarding food, established EU Regulation 178/2002. Article 18 of the regulation specifies that the traceability of food must be established at all stages of production, processing, and distribution, or from "farm to fork," including growers, processors, manufacturers, and distributors, plus retail and food services.
Indeed, the stricter new EU regulations make food processors legally bound to have traceability systems, even if their customers do not necessarily require them. This is applicable to the entire supply chain (production, storage, purchasing, quality control, and so forth), and to everything that contributes to food safety (including packaging, closures, seals, bottles, jars, and the like). This is in contrast to the former requirement of identifying only the source of an ingredient. Backward traceability is also needed for multiple ingredients, as well as forward traceability for recall purposes. For more information, see Food and Beverage "Delights".
Using technology to accept and track the origins of the food supply is becoming of paramount importance. Rising fears over bioterrorism and concerns about product safety and integrity are generating new government regulations that require food and beverage companies to track products from "as devised to as planned to as produced." These new regulations are driving the sector to invest in technologies that synchronize product labeling with formulation systems. Stated plainly in Infor's Food & Beverage,
as regulations become more stringent and global safety concerns grow, all aspects of the food and beverage product lifecycles must integrate internal best practices, customer requirements and regulatory compliance.
These requirements are thus often addressed through the quality management feature of industry-specific and compliance-abiding product lifecycle management (PLM) systems and the coordination feature of the supply chain management (SCM) ones. The export and import notifications can be delivered electronically by global trade management (GTM) and international trade logistics (ITL) systems. See International Trade Logistics Challenge Automated Global E-Trading.
Do Not Mess with Drugs Either
Life sciences organizations must deal with a broad range of peculiar regulatory issues as a core part of their business for much the same reasons as those in the automotive and food industries. These companies must comply with a growing number of government legislation and safety initiatives that affect the life sciences industry to avoid costly penalties, optimize processes, and build trusted brands. Life science and pharmaceutical manufacturers face possibly the toughest restrictions of all, as strict adherence is required to the so-called "good manufacturing practices" in addition to the comprehensive and highly enforced FDA regulations.
The FDA's public health protection role, as defined in its mission statement, includes ensuring that "human and veterinary drugs are safe and effective, while there is reasonable assurance of the safety and effectiveness of devices intended for human use." Likewise in its sister food industry, the need to audit processes concerned with human health has nowadays become an even greater issue in light of current fears of bioterrorism. To ensure that life science products are produced in a way that supports its mission, the FDA has defined good manufacturing practices (GMPs). Originally, GMPs were based on the "best practices" of the industry, and as technology and practices improved, the GMPs evolved as well. For instance, in the US, drug GMPs were formally introduced in 1963 and were significantly rewritten in the 1970s.
GMPs define a quality system that drug manufacturers must use as they build quality into their products. For example, approved drug products that have been developed and produced according to GMPs are expected to be safe, properly identified, of the correct strength or potency, pure, and of high quality. At a high level, GMPs address
- the proper design, maintenance, and cleaning of equipment and facilities;
- the development and approval of standard operating procedures (SOPs);
- the need for an independent quality unit (such as quality control or quality assurance); and
- the qualifications and training for personnel and management.
GMPs are defined as regulations that describe the methods, equipment, facilities, and controls required for producing drug products, and these regulations are found in the Congressional Federal Register (CFR) 21 in the following parts:
- Human pharmaceutical products and veterinary products (21 CFR Part 210 and 21 CFR Part 211)
- Biologically derived products (21 CFR Part 600 and 21 CFR Part 620)
- Medical devices (21 CFR Part 820)
- Processed food (21 CFR Part 100)
The set of regulations that are currently in effect are called current good manufacturing practices (CGMPs), emphasizing that they are dynamic and ever-changing. They can change either formally or informally. For instance, the US medical device GMPs were formally changed when the US Congress rewrote them to make them more compatible with the ISO-9001 quality document. The medical devices GMPs were then renamed the quality system regulation (QSR).
The following parts pertain specifically to pharmaceutical products:
||CGMP In Manufacturing, Processing, Packing, Or Holding Of Drugs; General |
||CGMP For Finished Life Science Products|
||Electronic Records; Electronic Signatures |
Title 21 CFR Part 11 specifies further controls for electronic records and electronic signatures. This US FDA regulation establishes requirements for electronic records systems, thereby regulating the use of computer systems, audit trails, lot and serial traceability, change control, archiving, e-signatures, and security. As automation began to replace paper-based systems, the US Congress feared a loss of documented control over safe pharmaceutical production processes. With an initial focus on medical devices and life science products, Congress mandated a verifiable, traceable plan that would allow digital signatures and automated audit trails to replace the volumes of regulatory paperwork.
This plan was published as 21 CFR Part 11, simply known as "Part 11," and the impact of Part 11 on manufacturers will likely be as great, if not greater, than the Y2K issue. One should, however, note that Part 11 is a loosely written regulation that intends to add a layer of security to the production processes of the pharmaceutical industry through audits and authorized sign-offs. Hence, it is not mandatory, and it is only called into play if a company chooses to use electronic records. Conversely, if a company decides to stay with paper-based records, Part 11 does not apply.
However, compliance-aware enterprise solutions for the life science industry should have the functionality user enterprises need to comply with regulations and guidelines related to regional GMPs or electronic records and signatures, including the following:
- EU Directive 91/356 (EU GMP Guideline)—this directive specifies legal requirements for GMP in the EU, and it requires that data be available at the proper time, provided in a readable form, and protected against damage or loss.
- ICH Q7A Guideline—International Conference on Harmonization (ICH) Q7A provides guidelines for active pharmaceutical ingredients in the EU, the US, and Japan.
- PIC/S—The Pharmaceutical Inspection Cooperation Scheme (PIC/S) and the Pharmaceutical Inspection Convention provide guidance on pharmaceutical inspections.
Well-attuned solutions for the industry should also provide capabilities that enable compliance with regulations and guidelines related to radio-frequency identification (RFID), including
- FDA Bar Code Label Requirements for Human Drug Products and Biological Products, since the FDA requires bar codes on most prescription drugs and certain over-the-counter drugs;
- Procedure for Handling Rapid Alerts and Recalls Arising from Quality Defects, since the European Commission has established procedures for the rapid transmission of information related to pharmaceutical recalls;
- RFID Feasibility Studies and Pilot Programs for Drugs, which is an FDA Compliance Policy Guide that describes how the FDA intends to enforce regulations related to labeling, electronic records, and product quality for pharmaceutical manufacturers, re-packers, re-labelers, distributors, and retailers; and
- US state regulations, since several states are establishing mandates that require pharmaceutical wholesalers and distributors to maintain pedigrees for every drug shipped (see Drug Pedigree Guidelines and How Software Can Help).
The enterprise application providers that aspire to address the regulatory requirements of the life sciences industry should do so through the industry-oriented ERP systems. What's more, they should use the underlying infrastructure platform, which should additionally provide functionality and support for advanced security, audit trails, digital signatures, RFID technology, and more. For more information, see RFID in Healthcare—A Whole Industry of Value.
Coming next in this series on how different industries address compliance issues, the electronics, chemicals, and oil and gas industries must deal with regulations based on an entirely different set of principles. Environmental directives are a new generation of industry compliance laws.
Part Four of the series Thou Shalt Comply (and More), or Else