WHAT QA DEPARTMENTS CAN DO
QA departments can do a number of things to help create a culture of quality, instead of reactive compliance. These include:
Use enterprise risk assessment to uncover potential vulnerability to regulations. Most companies perform annual GMP audits, but few companies simultaneously
examine the costs associated with fixing the identified deficiencies. Even fewer extend the data to consider the enterprise-wide
risks and costs associated with those deficiencies.
Consistently seek to improve inter-department communications. This can include, for example, enhancing operating procedures, reducing documentation review time, training, and auditing.
Auditing helps identify gaps between the procedure and the actual or desired business process. Training and amended SOPs can
bridge these gaps effectively if the review or release process encourages authors to make enhancements.
Eliminate (not just reduce) redundancies in the corporate QA environment. At many companies, procedures are layered in their development. For example, most companies add SOPs to groups rather than
simultaneously revising groups of SOPs, resulting in the duplication of material and redundancy in tasks.
Understand what should and should not be outsourced. Should you outsource such things as a biologics license application, IT, or manufacturing? There are a number of things that
can be outsourced, which can reduce headcount, but before doing so, it's important to understand both pros and cons.
Standardize outsourced efforts through vendor auditing (or some pre-approval process) and early communication of compliance issues to prospective vendors. The FDA regularly requests
vendor audit reports, and specifically mentions consultants and vendors in the GMPs (21 CFR 211.34). Companies must set standards for consultants and vendors.
Despite the need for a high level of control and coordination among IT systems, many companies remain wary of the costs and
efforts involved in developing such capabilities. For many, this is because FDA validation guidelines and enforcement procedures
seem vague and capricious, which makes it harder to make prudent investment decisions. Nevertheless, the evolution from compliance
to quality must include the ability to identify compliance-management investments with a strong payback potential. In turn,
that ability requires a strong understanding of regulatory requirements and the strategic context of the business so that
money is not misspent.
A robust document-management system—combined with work processes that effectively use the system—can dramatically improve
compliance activities, including tracking and trending adverse reactions, reporting and documenting manufacturing problems,
and maintaining standard SOPs needed for compliant operation.
Unfortunately, many companies purchase expensive document-management systems and then neglect to use their workflow features.
As a result, the system simply functions as a big, expensive electronic filing cabinet. Before purchasing such systems, companies
should understand their overall IT strategy for compliance and what they expect from the document-management process to help
achieve it. Then, an informed decision can be made about which system to buy.
In some cases, the company's existing technology may suffice. For example, most companies use business intelligence software,
which is neutral when it comes to what kind of data it can handle. It is therefore possible to use that software to manage
toxicology or adverse events.