I worked for a Chief Quality Officer several years ago who always had this response when our company was contemplating the movement of a large volume of internal production to third parties:
“You can delegate your responsibilities but never delegate your accountabilities.” He was a wise man.
Table of Contents
The Growing Complexity of Third-Party Management
I have experienced the challenges of maintaining accountability for third-party manufacturing in the BioPharma, Pharma, and Consumer segments. The complexities can be overwhelming.
We are seeing increasing guidance from Global Health Authorities, ISO, and ICH on the need for companies outsourcing their responsibilities to third parties to not only have written Quality Agreements and/or Pharmacovigilance Agreements but also establish and document the processes in place to maintain oversight and accountability for their outsourced service providers.
Key Documents Governing Third-Party Relationships
The relationship’s basis is framed in two key documents: the Supply Agreement and the Quality Agreement.
A Pharmacovigilance (PV) Agreement may also be required for third parties potentially impacting pharmacovigilance (e.g., receiving adverse events or product quality complaints from patients, healthcare practitioners, or customers).
- The Supply Agreement is typically managed between the Supply Chain teams in both organizations.
- The quality teams in both organizations manage the Quality Agreement.
- If a separate PV Agreement is required, it is managed between the QA Unit supporting Medical Safety/Pharmacovigilance and the third party.
The Role of the Quality Agreement
The Quality Agreement spells out each party’s detailed Responsibilities and Accountability and when either organization needs to be Consulted or Informed. It may also define which party is the final Decision-maker in specific circumstances.
Many companies include a RACI/RACID document as an attachment to the Quality Agreement to delineate roles:
- R – Responsible
- A – Accountable
- C – Consulted
- I – Informed
- D – Decision-maker (if applicable)
Specific timeframes may be established for critical quality responsibilities. For example, the Quality Agreement may specify that a Third-Party Manufacturer must complete a manufacturing site investigation within 30 days for a quality complaint.
The Challenge of Getting the Quality Agreement Signed
Completing a Quality Agreement and obtaining required approval signatures can take weeks to months.
I have seen multiple ISO Audit Reports or Health Authority Audit Reports citing the lack of a signed Quality Agreement between a company and a third-party manufacturer.
Teams often claimed that the agreement was “in draft” at the time of the audit. However, when asked how long the document had been in a draft, the response was usually months to years.
The Greater Challenge: Executing the Quality Agreement
Getting the Quality Agreement signed is only the beginning—the real challenge is executing it effectively.
For example, most Quality Agreements require that any changes potentially impacting the product be communicated before implementation:
- If a Third-Party Manufacturer makes a change, they must notify the company.
- If the company changes Specifications or Test Methods, they must notify the Third-Party Manufacturer.
This falls under Management of Change (Change Control), one of many quality systems that must function smoothly. Other key QA systems requiring coordination include:
- Annual Product Reviews for drug products
- Annual Marketed Product Stability Testing Results
- Test Method Validation and Transfers
- Deviation Reports for non-conforming lots/batches
- Corrective and Preventive Actions (CAPA)
- Quality Complaint Investigations
- Design Control Documentation (for medical devices)
Executing these processes in a consistent, robust manner is highly complex.
At Its Worst…
At its worst, the Quality Agreement is approved, filed, and forgotten until:
- An audit request surfaces it, or
- A significant quality issue arises, forcing the two companies to resolve the problem together.
In many cases, the execution of the Quality Agreement relies heavily on human-driven processes and outdated tools, such as:
- Emails containing critical information buried in long threads
- Weekly conference calls between a few mid-level Quality staff members
- Hundreds of emails exchanged across multiple Third-Party Manufacturers
This approach increases the risk of miscommunication, leading to:
- Costly errors impacting product supply
- Delays in patient/consumer access
- Financial losses
- Breakdown in trust between the companies
At Its Best…
At its best, companies implement lean, portal-based technical solutions that:
- Enable seamless information exchange
- Provide workflow approvals for various document types
- Establish shared metrics
- Foster collaboration between competent Quality staff in both organizations
This approach strengthens business relationships and enhances quality compliance execution.
If you would like to read and review some real-life examples of the use of lean, portal-based technical solutions deployed between a company and its Third Party Manufacturers, check out our Case Studies at www.compliancearchitects.com
Don’t hesitate to contact us below if you would like to discuss this or other topics further.
