Tag: Risk

Crisis Management Playbook

Posted on by Brandon Miller

crisis management playbookDeveloping a crisis management playbook designed for the challenges of the pharmaceutical industry sector is vital to ensuring long term business continuity. Below are a few critical risk management elements you should consider for your team during crisis handling & developing a crisis management playbook.

 

Risk Management

 

Being able to identify factors that impacted product safety or regulatory compliance is one of the most important elements during the risk assessment phase. During RCA’s risk management services process, operational risk management is one of the first remediation steps to consider.

 

Identify Risk

 

Being able to identify the product hazards that caused the crisis is critical to understand scenario planning. Conduct due diligence to ensure that your product design outputs include no risks that are unnecessary to the consumer. Hazards that do include one or more risk factors must be analyzed why the patient benefit exceeds the financial risk.

 

Measure Risk

 

During scenario planning, identify the critical elements to measure your team and results by via a risk management framework. A risk profile for each product in question can support evaluating, reporting and monitoring adverse events. Systemic risk should be analyzed for product risk profiles with longer term, reoccurring events or specific pharmacovigilance indicators identified as proactive crisis control.

 

Mitigate Risk

 

Being able to work clearly and concisely with your regulatory agency is critical for the due diligence solutions presented for review. Examining all hazards that have been identified during the risk mitigation phase is essential to success during the risk management process. Consider any of the threats that are regarded as acceptable with known risks and document unusual activity in your risk management plan.

 

Crisis Management Communications

 

An initial step recommended by RCA’s medical device consulting team is to identify and evaluate the regulatory compliance dangers and situations. For example, assessing the vulnerability of medical device cybersecurity must consider internal and external threat modeling. Any type of cyber breach that might impact your operations team, business reputation, or stakeholder relationships should have a detailed communication strategy.

 

Crisis Communication Plans

 

A veteran RCA medical device consultant suggests developing a universal shared space where team members can bookmark & access the crisis comms document. A communication strategy would then be shared with communication partners engaged in the public relations and crisis management campaign.

 

Risk Management Communications

 

Inside a successful crisis communication team, everyone knows their role and responsibilities. RCA’s regulatory consulting Experts often designate a process leader who clearly understands the team stakeholders and functions they represent. Refine your approval process so that messaging not only meets external approved communications from these stakeholders, but also legal concerns.

 

Crisis Control

 

A detailed risk management communication plan helps specify different examples for sharing risk messaging to either internal audiences or external stakeholders. Design your communication plan templates so that information is easy to understand for multiple audiences. Different types of tactics to be considered for templates (e.g. press release, social media) to confirm the messaging reliability of the crisis communication strategy.

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

FDA Guidance: Data Integrity

Posted on by Brandon Miller

The Food and Drug Administration (FDA) recently announced a new guidance program for the life science industry regarding data integrity. This FDA guidance draft is currently open & available for the industry to comment on and provide feedback. Additionally, the FDA regulatory process that looks to be initially targeted by the food and drug authority includes:

 

  • Investigational New Drug Application (IND)
  • New Drug Application (NDA)
  • Abbreviated New Drug Application (ANDA)
  • Biologic License Application (BLA)

 

Code of Federal Regulations

 

The guidance draft cites several different code of federal regulation (CFR) that are being reviewed and analyzed during this process. Specific CFR federal regulations mentioned include:

 

  • 21 CFR 11
  • 21 CFR 50
  • 21 CFR 56
  • 21 CFR 58
  • 21 CFR 210
  • 21 CFR 211
  • 21 CFR 312
  • 21 CFR 601
  • 21 CFR 820

 

Data Integrity

 

Specific use cases mentioned by FDA include data integrity throughout the clinical data management process in bioavailability (BA) & bioequivalence (BE) studies. Further, the FDA guidance provides initial suggestions to optimize data integrity success by focusing on three specific drivers:

 

  • Users or applicants in clinical trial
  • Site management of clinical trial
  • Quality management system for clinical trial

 

Finally, FDA provides best practices & recommendations for risk control and risk management. Understanding how to maintain good lab practice & clinical research success is essential for all participants.

 

FDA Guidelines

 

One of the primary objectives of the data integrity draft is to align FDA expectations with the clinical data being submitted in pharmacologic studies. Additionally, clinical data submitted by a drug sponsor for FDA drug approval must be:

 

accurate, complete, and reliable, and that industry maintain data integrity throughout the data lifecycle of the product(s) or biologic therapeutic(s).”

 

Finally, new concerns are being raised about the evaluation of bioequivalence and bioavailability study data submitted during the FDA regulatory process. FDA highlights specific comments about regulatory concerns during in vivo pharmacology studies. The regulatory documentation lists specific areas adding to the erosion of data integrity based on FDA inspection experiences in the field:

 

  • Patient testing sites
  • Clinical testing sites
  • Analytical testing sites

 

Legal Regulation

 

The FDA guidance begins with reminding drug sponsors that they bear the responsibility of quality assurance even if a contact manufacturing organization (CMO) is engaged. Additionally, confirming a contract development and manufacturing organization (CDMO) has confidentiality processes in place is essential. 

 

For drug sponsors who are submitting a FDA new drug application, ICH guidelines and FDA guidance should be followed by external vendors who are conducting the elements of study-related activity. Finally, clinical data being generated through bioavailability and bioequivalence studies must be durable & reliable in nature, and properly documented in a quality management system (QMS).

 

Testing Site

 

The regulatory guidance goes on to elaborate about the monitoring and oversight strategy needed for clinical testing. Specific drivers listed for analysis when selecting a drug manufacturing partner include:

 

  • Personnel Education
  • Personnel Experience
  • Personnel Training

 

Manufacturing standards and expectations should be documented clearly in a formal agreement. Additionally, FDA highlights that regulatory requirements for clinical study activities should be documented and followed, including:

 

  • Clinical study protocol
  • Clinical study procedure
  • Clinical study process

 

Finally, FDA recommends that bioanalytical analysis should include closer oversight and monitoring. Any CMO or CDMO must have documented analytical methods in their quality management system. Further, all analytical methodologies must follow applicable FDA regulations and be included in the QMS standard operating procedures (SOP).

 

Quality Management System

 

The FDA guidance transitions to describe database integrity and why any clinical services provider you choose must “use a quality management system to help ensure data integrity”. This includes testing sites managing a quality management system and efficacy of “data governance throughout the data lifecycle”.

 

Records Management

 

The operations team supporting the clinical research management should review the QMS using a pre-planned schedule, per the FDA guidance. All data governance used to store and retrieve information in the clinical trial management system should replicate the reliability & durability of the QMS. 

 

Additionally, data integrity across the QMS would focus on each unique phase of the collection process. FDA recommends employees responsible for quality updates consider isolating job responsibilities between the separate data lifecycle phases to help reduce unintentional mishaps.

 

Clinical Technology

 

Using modern technology is recommended for all employees who are responsible & can impact data quality. Specific systems mentioned in the regulatory guidance that can improve data integrity include:

 

  • Computer hardware or related systems
  • 362 software for security or performance
  • Peripheral devices, networks or cloud infrastructure for connectivity
  • Any associated IT documents for usability (e.g. SOP manual)

 

Metadata

 

The guidance goes on to explain more about classification & ensuring that metadata is correct. Metadata, as described by FDA, is “data about data” and provides clarifying information to the agency. Common types of metadata quality concerns are listed as examples:

 

  • Missing date/time stamp for when data was acquired
  • Incorrect measurement units or documentation
  • Missing user ID’s of the team who conducted data testing or data analysis

 

Sample Analysis

 

An important facet of the FDA guidance discusses sample analysis & if the clinical evaluation is completed at a location different from the original testing site. Employees conducting the clinical evaluation should be familiar with good clinical practice & fully understand the study protocol, various test methods that were used, and any quality management system SOPs to follow.

 

Further, different types of instruments & clinical equipment used during the sample analysis should be “calibrated, maintained and serviced” per FDA. The regulatory guidance cites several examples that should follow manufacturer service guidelines, including:

 

  • Balances & pipettes
  • Centrifuges & spectrometers
  • Liquid chromatographs
  • Refrigerators & storage freezers

 

Quality Assurance and Quality Control

 

Managing the risk associated with a QMS is an important facet of the FDA guidance. A quality assurance program should be implemented, including standard operating procedures that limit access control & processes to isolate a data breach. Further, implementing a quality control program can help find and remedy data integrity flaws. An efficient quality control program should include:

 

  • Mapping of standard processes & risk control
  • Employee training & knowledge gaps
  • Difference between unintentional & intentionally compromised data

 

Corrective Action and Preventative Action

 

If data integrity deviations are identified in a quality control analysis, FDA recommends a corrective and preventative action (CAPA) program be launched. Additionally, the CAPA would look at all relevant processes and tasks as a whole rather than isolating a repeat occurrence. The recommended best practices for a quality control plan include:

 

  • Assemble & examine information for review
  • Identify real & possible problems during the review
  • Explore problems & create appropriate CAPA
  • Verify & validate the success of the CAPA
  • Communicate updated CAPA success to applicable teams
  • Document activity & intelligence for management review

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Waterfall Methodology

Posted on by Brandon Miller

Click now to watch Regulatory Compliance Associates® Dr. Stephen Coulter explain how design controls and risk management play an intricate role in the Waterfall methodology:

 

 

The Waterfall methodology incorporates the usage of FDA design controls into the medical device design process. It serves as the primary connection between quality system requirements (QSR) and current good manufacturing practices (CGMP).

 

Waterfall Method

 

Conceptually, the FDA Waterfall model is designed to provide engineers with the flexibility to mitigate product risk, meet regulatory compliance and satisfy customer needs. It is a sequential process based on the quality assurance and medical device engineering principles listed in 21 CFR 820. The methodology itself is conceptualized in the image below from the Medical Device Bureau of Health Canada. 

 

Waterfall Development

 

To increase risk mitigation during the Waterfall methodology, both risk management & design controls are considered. They often become integrated processes during Waterfall product development. Many unique tools that medical device engineers use to define requirements & meet user needs are shared across these processes, even though each is based on a separate standard.

 

While design controls for FDA approval are referred to in 21 CFR 820, medical device risk management is internationally associated with ISO 14971. Three critical elements of risk mitigation strategies clearly focus on avoiding risk during product development:

 

  • Evaluating an associated risk
  • Controlling an evaluated risk
  • Monitoring risk control effectiveness overall

 

Input Requirements

 

The success of the Waterfall development method depends on early research & assessments conducted about input requirements that include strategic risk. Further, spending time documenting the inputs of user interface, user stories and product epics can help increase positive outcomes and reduce requirement risk overall.  Finally, any inconsistencies during the waterfall methodology between the proposed design & input requirements can be corrected across stages. This aligns with one of the primary motivations behind FDA originally developing 21 CFR 820 (e.g. helping medical device manufacturers find design deficiencies earlier in the process).

 

Risk Management

 

By starting the Waterfall process with this end state in mind, design inputs are more likely to pass failure testing & become a manufacturing output. This risk management strategy during a Waterfall project can begin with identifying the publicly known risks of competitive products. Second, the team is challenged to investigate if similar hazards could be associated with your medical device. When working with a Regulatory Compliance Associates risk management consultant, our clients are reassured that Waterfall development should detail how hazards can impact user needs & potential customers.

 

For example, design inputs should consider current regulations and global standards early in the waterfall process. This helps incorporate a risk management perspective even before verification and validation testing begins. Intended uses should consider predicate devices and if any causes for recalls are related to design, materials, or software. 

 

Waterfall Approach

 

So, does this mean risk management & design controls are connected in the waterfall approach? And if they are, how important is one over the other when leading to marketing approval or regulatory compliance? This process is often measured against a combination of factors, including:

 

  • Regulations & standards for clinical approval
  • Risk class of medical device being manufactured
  • Regulatory body reviewing the marketing submission

 

Enterprise risk management would consider all three of these factors individually and in combination when considering how to eliminate systemic risk. The Waterfall project management team can also use various tools and techniques while developing the risk management plan. These risk identification tools include conducting a risk analysis, performing an FMEA, and charting risk tolerance. 

 

Risk Analysis

 

Existing regulations & standards offer various types of risk tools that can be incorporated into design controls. This can include identifying risk levels and creating severity charts during the user needs & design inputs stages. Additionally, each new product will have different hazards and risk tolerance levels associated with the target patient. Being able to analyze the problem, control the problem, and mitigate the risk is essential to define in your risk analysis. Challenge yourself to reduce and identify hazards by analyzing the known data as much as possible.

 

FMEA

 

Failure Mode and Effects Analysis (FMEA) is a controlled technique to detect & concentrate on budding trouble. Each failure is commonly assigned a rating based on the negative effect it may cause. The Waterfall process would then take each rating and project how the marketplace, healthcare systems, or patients can be impacted. FMEAs are one of many risk mitigation tools that can help your team identify the hazards of your severity chart. Each charted hazard is established based on the severe nature of the hazard to the user and project requirements for design control.

 

Risk Tolerance

 

Further, after the severity is defined, all known or projected hazards can be developed into a risk tolerance chart. The risk tolerance chart can then be shared cross-functionally across the team to help everyone understand which design steps can increase user risk. One of the benefits of a risk tolerance chart is being able to show data visualization. The design team should consider how design controls and user needs can reduce the hazard’s impact. Finally, a waterfall chart could also project the negative consequences of adverse events and what the estimated cumulative impact might be during a product crisis scenario.

 

Risk Management Summary

 

Finally, once your team has evaluated the risks and decided on precautions, a risk management summary is developed. It may include involves multiple failure mode analysis types (e.g. product, process, etc.) and risk ratings. These initial ratings are typically based on the types of failures and the severity of the failure itself. Ranges can also be given to determine the risk management strategy and what is the acceptable level of product risk (e.g. high, medium, low).

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].