The Future is Now for Computer-Based Quality Systems
Click here to read Jack’s article in GxP Lifeline by Master Control on “The Future is Now for Computer-Based Quality Systems”
Text of Article Follows:
The Future is Now for Computer-Based Quality Systems
John C. (Jack) Garvey, Esq., Principal
Compliance Architects LLC
Especially for users of paper-based quality systems, it’s hard to believe that it’s been close to 25 years since companies first began using computers to facilitate their regulatory obligations for maintaining quality systems. Throughout this 25 year period, there has been extraordinary progress in technology, features, functionality, and scope of the solutions; along with an equal amount of disappointing results and unrealistic expectations. Many companies over the years have spent small (and some not so small) fortunes on systems that sometimes just didn’t work, or if they did, didn’t work the way the organization expected them to. The great news for FDA-regulated companies of all sizes is that the future is finally here, and there are now highly-effective, highly configurable, computer-based system options for small, medium and large FDA-regulated manufacturers, with solutions to fit every budget. To understand how important these systems can be to your company’s compliance (and business) outcomes, let’s take a look at the regulatory basis for these systems, the history of the solutions, and why now may be the time to take the plunge into facilitating your quality management operations with computer based systems.
For pharmaceutical and medical device manufacturers, although the applicable regulations governing their operations differ, there is much commonality in how regulated companies organize to meet the regulations and corresponding FDA expectations. At the core of each company’s efforts is the development of a Quality System. On the Device side, the Quality System Regulation, 21 CFR 820, defines a Quality System (in 820.3) as “the organizational structure, responsibilities, procedures, processes, and resources for implementing quality management.” Though the Pharmaceutical GMPs do not explicitly define the term quality system – yet – this gap has recently been addressed by FDA Guidance, Q10 Pharmaceutical Quality System, dated April 2009.
Broader Business Benefits
In addition to being required by regulation and regulatory expectation, there are substantial business benefits to maintaining a quality system. Although paper-based systems are better than no system at all, the following benefits can be more fully realized with an efficient, effective, computer-based quality system:
Achievement of cost-effective product realization & fulfillment activities;
- Efficient establishment and maintenance of a state of control;
- Enablement of a data-driven approach to quality management and performance tracking;
- Facilitation of data-driven continuous improvement; and
- Reduced fixed-cost structures that permit increases in scale without corresponding increases in cost.
In addition, other advantages to the use of robust, computer-based quality systems to facilitate operational effectiveness include:
Expedited commercialization activities;
- More reproducible supply chain activities;
- Greater assurance of safety and control of changes permits more effective risk management; and
- Feedback from production operations and field complaints captures opportunities for improvement in the design and manufacturing process.
From Islands to Enterprise
It has taken a very long time to achieve the full benefit of the foregoing advantages, despite extensive expenditures, and much effort. Quite simply, to achieve the full promise of the potential has required the technology to evolve from isolated islands of computing power to its current collaborative, internet-based state. Figure 1 shows the general progression of computer-based quality systems from the mid-1980s to the present.
In the beginning, adoption of largely PC-based software was done department by department, function by function. At a time when the enterprise IT/IS function was highly accounting-centric, the value of PC applications were driven by early adopters and power users. It was mostly individual departments and functions looking to achieve greater efficiency that embraced tools such as word processing (using early iterations of e.g., Microsoft Word and WordPerfect) for document management. Other early functions that embraced the technology included technical services and quality engineering, using products like dBase II and Lotus 1-2-3. These groups saw quickly how activities like tracking deviations, non-conformities, batch failures, complaints, etc. could help operating departments with improved product knowledge and product experience information.
As time went on, the business value of the computing capability became apparent far beyond accounting, and users’ familiarity with computers in general, and the value of the systems, drove users to demand more from their solutions, and from their IT/IS departments. The landscape migrated from individual PCs in departmental systems to facility and eventually, early corporate systems. The user familiarity corresponded with advances in network technology, including the introduction of email and client-server solutions. This mid-period of client-server systems included products like Lotus Notes for email and simple database applications, and products like Documentum, Qumas, and early versions of SAP. A number of software functions were introduced during this period that carry through to today, albeit with much greater features and functionality. These include: integrated document management, distribution, routing and change; version control and audit trails; and email notification integration. During this period, the routing of information from place to place was common. Information was considered “document-centric” and the concept of distributed, data-centric applications was only beginning to develop.
The Future is Now!
Fast-forwarding to the present, the capabilities available with current offerings of computer-based quality systems is compelling and expansive. Although the features and functionality of many of these systems lagged behind corresponding software applications targeted at consumers and other industries, much of what other industries and we consumers have come to take for granted is now appearing in solutions for FDA-regulated quality and compliance management.
Modern systems are now almost universally web-enabled, with the more advanced systems being completely web-based. This single characteristic accounts for much broader potential user base for computer based quality systems, since virtually all users of these systems will be familiar with the basic interface: a web browser. In addition, by providing web-based applications, local software installation is eliminated, enabling a company to “turn on” system functionality to hundreds or thousands of users virtually instantaneously. The costs and efforts associated with training, security and administration also come down dramatically, resulting in a much lower total cost of ownership.
Due in large part to the capabilities of web based systems comes a much higher proportion of systems that provide complete user configurability. Whereas in the past, even minor modifications to systems required significant expenditures by the company, many of today’s systems are designed out-of-the-box (so to speak) for high-levels of user configurability. This permits rapid deployment of solutions to individual users, departments, executives, etc. while maintaining the common data models and core functionality that is essential to achieving cross-enterprise data visibility and collaboration. Web-based systems can also (typically) be readily scaled to increasing numbers of users with ease, since bandwidth is widely available, data storage costs are steadily increasing, and the addition of capacity is done with incremental increases in hardware and licensing, rather than through changes in coding, infrastructure and/or IT staffing. This scalability, and overall flexibility, is essential for many of today’s FDA-regulated companies that seem to operate in a perpetual state of flux. Regardless of whether change is through organic growth, acquisitions, divestitures, or from the embrace of outsourced or offshore operations, having the ability to quickly tailor access and functionality of systems is now of paramount importance.
Part 11 / CSV Considerations
Since the early 1990s, the 600-pound gorilla in the room when considering computer-based quality systems has been the impact of 21 CFR Part 11 and computer systems validation. The industry as a whole has continued to have a low-level of confidence regarding how the FDA and other regulatory bodies view computer-based systems, and how robust their Part 11 preparations and CSV activities must be. The encouraging news for companies is that much has changed (for the better!) over the last decade, making Part 11 and CSV much less worrisome when considering these sorts of systems. Most of the software suppliers that are “vested” in the industry have built their solutions from the ground up to be architecturally capable to meet Part 11 considerations, and have embraced a software lifecycle development process that is inherently aligned with principles of CSV. Unfortunately, there are occasionally software vendors that are new to the industry that try solution cross-overs, that have not grown up with Part 11 and CSV, and these suppliers will have a much more difficult time with adoption. It is important to ensure that the company you are working with understands these essential foundational principles.
In addition to dealing with the proper suppliers for solutions, a company needs to have a succinct, well-defined, risk-based approach to Part 11 and CSV, and then, rigorously implement and vigorously defend it. The FDA operates within rule-based limits on what systems are within the jurisdiction of Part 11, and the limits should be fairly well understood. Even with a company’s conservative (risk-minimized) interpretation of these limits, there is a significant amount of latitude a company has relative to the use of computer-based quality systems, without fearing the FDA.
A significant development that has derived from the availability of web-based solutions is the ability to access many enterprise-critical business applications “in the cloud.” As a term, cloud-based computing means nothing more than web-based access to a pre-configured computer system (website, application, etc.) where that system is hosted/managed by a separate entity, outside a company’s existing IT/IS infrastructure. Popular, cross-industry examples of cloud-based systems include Hotmail, Gmail, Salesforce.com, Zoho, and GoogleApps. The current availability of these cloud-based solutions within FDA-regulated industry is still somewhat limited; however, a number of companies currently offer cloud-based quality systems, including MasterControl and Dynamic Compliance Solutions. Cloud-based quality management solutions are compelling for a number of reasons:
Greatly reduced initial capital costs;
- Highly scalable as your organization grows;
- Reduced costs of validation from single-instance configuration;
- Highly configurable, due to internet-based technologies;
- Ability to re-configure to dynamic organizational models quickly;
- Reduced Total Cost of Ownership (TCO);
- Reduced training and orientation costs;
- Likely based on open-standard data formats such as XML;
- Easy to forward-migrate as technology/solutions change since minimal investment made upfront.
Cloud-based solutions generally have pre-defined business process models that provide particular benefits to smaller companies that have not yet fully developed their quality system business processes, and, that likely don’t possess the knowledge or experienced staff to develop these processes. These solutions can help level the playing field against larger competitors. Also, for these smaller organizations, the ability to “turn on” solutions without a significant up front capital investment is very economically compelling.
Computer based quality systems can provide FDA-regulated companies with substantially improved compliance outcomes, at greatly reduced costs. The ability to scale or adapt compliance-affected business operations without increasing fixed costs is extremely important for the new era of fiscal frugality. However, the greatest value comes from the ability to meet FDA requirements and expectations far more easily through the smart use of these systems. Whether enabling day-to-day core quality processes such as document administration, change management, CAPA, or training administration, these systems ensure the right people are interacting with the right processes, collecting the right data. Further, during FDA inspections, information retrieval and reporting is far easier with robust computer-based systems. The ability to quickly locate critical batch or process information and tailor reports and information presented to investigators cannot be over-emphasized. In fact, it can make the difference between an inspection that runs smoothly, or, one that is chaotic and leaves a poor impression with the Investigator. Quite simply, although paper-based quality systems can theoretically be compliant, I would submit that companies can’t effectively comply with FDA requirements and expectations without some base level of computer-based facilitation by computer-based quality systems.
So with all this in mind, what can companies (regardless of size) be doing now to ensure they are well-positioned to take advantage of today’s technology-based solutions:
Look strategically at your compliance architecture. Is it business supporting? Does it meet your expectations relative to outcomes, performance, costs, information, etc.? Are you collecting product quality and process performance data to enable fact-based decisions? If not, identify your strategic compliance roadmap and the outcome gaps that you want to address.
- With the information gained from number 1, ensure your Quality/Compliance function has prepared a Quality Operations IS/IT Master Plan. This document should define your roadmap for systems and technology enablement for 1-3-5 years in the future. Ensure that you keep this plan updated on an annual basis.
- Ensure you have identified expertise that can create a “functional linkage” between the Quality Operations’ functions and IT/IS. Someone or some department needs to understand IT/IS sufficiently to broker the conversation for the operating units, and in return, represent the operating units to be sure that IT/IS gets the department what it needs to be effective.
- Develop an information / data visualization of what data, information, metrics, etc. you need to capture / manage to maximize both business and compliance outcomes (this should be part of your Master Plan).
- At a minimum, enable core quality operations’ business processes (i.e., document administration, training administration, change control and CAPA) with robust, computer-based quality systems.
- Embrace the concept of process facilitation, not cost control.
- Build for the future state, not today’s crisis.
Robust, computer-based quality systems can yield substantial benefits to your enterprise. Properly selected, computer-based quality systems can allow your company to more easily and profitably achieve your company’s business outcomes, while ensuring maximum effectiveness to achieve compliance with FDA requirements and expectations. With proper knowledge, focus and follow-through, today’s technology solutions can make an otherwise complex set of compliance functions and activities manageable and can position your organization for success.
About The Author:
John C. (Jack) Garvey, Esq., is the Founder/Principal of Compliance Architects LLC. Mr. Garvey is a chemical engineer and attorney, and is a former Quality & Compliance executive for a number of leading FDA-regulated companies. He presents widely at industry conferences and has introduced a number of innovative compliance approaches to FDA-regulated industry. Mr. Garvey can be reached at 888-734-9778, or at firstname.lastname@example.org.
 Disclaimer – Compliance Architects LLC has established informal relationships with both companies, to ensure a full range of the best quality systems’ solutions for clients.