FUNDAMENTAL #3: MONITORING PERFORMANCE
The risk assessment exercises that have been used in determining quality agreement, notification, and oversight requirements
also can provide insight into the most meaningful performance metrics to be monitored for a contract organization. For example,
a manufacturing activity has been deemed to be high risk given the criticality of the material, degree of detectability of
material non-conformance, limited experience with the contract manufacturer, and outstanding audit issues. Given these particular
risks, oversight activities should focus on verifying that the batch record has been executed properly, and that issues have
been captured and addressed. Oversight requirements for this CMO or activity, at present, have therefore been determined to
include a complete review of the batch record and analytical release data before disposition of the batch by the contracting
party's quality unit. With these oversight requirements, performance metrics to be monitored for this contractor may include
tracking issues noted during batch documentation review, such as missed deviations or any data integrity issues. The focus
should be on monitoring things that would indicate whether the systems and controls used by the contract organization are
working effectively.
Ideally, the metrics used should be developed and agreed on by both sides. Potential actions resulting from noted trends in
the metrics also must be defined. For example, if execution errors are noted, "man-in-plant," oversight may ensue. Conversely,
if documentation is of high quality, reviews may be reduced. As work progresses, additional relevant indicators of performance
may become evident. A learning curve is to be expected, and adjustments to monitoring tactics should be made.
Monitoring performance metrics serves no purpose if they are not reviewed by the involved parties at some interval. Risk assessment
results can help in determining an appropriate review frequency. As with the elements of the first two fundamentals, the frequency
of performance reviews should be in balance with the risk associated with the outsourced activities. Given the high risk and
an anticipated volume of work of five to six campaigns a year, the site may decide a biannual or quarterly review frequency
is appropriate. The outcome of the review process should be shared with the contract organization, whether directly involving
the contract organization and personnel, or performed chiefly as an internal exercise. In some cases, requests for formal
corrective action may be made. Regardless, the information should be shared so that the contract organization can use it to
address any problems. This ideally should be a collaborative exercise so that the contract organization feels free to provide
feedback on how the customer might facilitate successful execution of the contracted activities.
The performance metrics reviewed, actions taken, and any other outcome of the review exercise also should feed back into the
risk assessment process. The risk assessment process should not be thought of as a one-time exercise to be performed initially.
It should be used as a tool, to be repeated at some frequency, because the factors influencing risk continually change. As
new information is received regarding elements composing the risk profile for a contract organization, the risk assessment
should be revisited. Based on changing risk factors, adjustments in contractual requirements, oversight strategy, review or
monitoring frequency, or even qualified status may become necessary.
SUMMARY
In recent years, adopting the principles of Quality by Design has shown us that the more we know about the factors that are
essential to our process and, therefore, truly impact product quality, the more manageable and flexible control of our process
will become. Just as we have used risk assessment and risk management techniques in identifying the critical quality parameters
of our products and processes, we can likewise use them in our efforts to identify those factors essential to monitoring and
managing outsourced activities. The application of risk assessment principles to these supporting fundamentals will help us
realize full benefit of these partnerships, while at the same time ensuring appropriate and adequate oversight of outsourced
activities.
Dawn Schofield is a compliance advisor at Safis Solutions, LLC, Indianapolis, IN, 317.777.6200 (ext. 113), dschofield@safis-solutions.com
.
|
