A Compliance Management System for the Pharmaceutical Industry



Similar documents
MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

4Sight Calibration Management Software

SUPPLIER QUALITY MANAGEMENT SYSTEM QUESTIONNAIRE

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

ICH guideline Q10 on pharmaceutical quality system

ORACLE CONSULTING GROUP

PHARMACEUTICAL QUALITY SYSTEM Q10

GMP Training Course Quality Control October Lesley Graham Senior Inspector (UK)

Quality Manual. UK Wide Security Solutions Ltd. 1 QM-001 Quality Manual Issue 1. January 1, 2011

Guidance for Industry. Q10 Pharmaceutical Quality System

Auditing as a Component of a Pharmaceutical Quality System

Pharmaceutical, Biotech and Medical Device Manufacturers. Be Compliant and Audit Ready - Implement an LMS!

Quality Management System Manual

The purpose of this Supplier Quality Standard is to communicate the expectations and requirements of Baxter Healthcare Corporation to its suppliers.

KMG Healthcare IT Solutions Case Studies

ISO 9001 Quality Systems Manual

How To Know If A Mobile App Is A Medical Device

Company Quality Manual Document No. QM Rev 0. 0 John Rickey Initial Release. Controlled Copy Stamp. authorized signature

Regulatory Compliance and its Impact on Software Development

Chapter 13 Configuration Management

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT

TrackWise - Quality Management System

B i o s o l u t i o n s

New changes to cleanroom & clean air device classifications: ISO & 2

Open EMS Suite. O&M Agent. Functional Overview Version 1.2. Nokia Siemens Networks 1 (18)

GLP vs GMP vs GCP Dominique Pifat, Ph.D., MBA The Biologics Consulting Group

LabChip GX/GXII with LabChip GxP Software

Chapter 13 Configuration Management

QUALITY ASSURANCE MANUAL JPM OF MISSISSIPPI, INC.

How to implement a Quality Management System

Title:: Effective GMP AUDITS for APIs and Formulation Pharma Companies By G.Sundar-Director/Consultant PharmQA Compliance solutions

Improving Interoperability in Mechatronic Product Developement. Dr. Alain Biahmou, Dr. Arnulf Fröhlich, Dr. Josip Stjepandic

JOURNAL OF MEDICAL INFORMATICS & TECHNOLOGIES Vol. 21/2012, ISSN

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Sargent Controls & Aerospace 5675 West Burlingame Rd. Tucson AZ PHONE: (520) FAX: (520)

Using Workflows in a Content Management System

Financial Management TRANSACTION CONTROL AND APPROVAL

The Application and Inspection Process What to Expect

CORPORATE QUALITY MANUAL

Working Party on Control of Medicines and Inspections. Final Version of Annex 15 to the EU Guide to Good Manufacturing Practice

DIGITAL COMMUNICATIONS

Emerging Device Topics for Regulatory Consideration.. Janine Jamieson May 2015

Quality Agreement. by and between. Supplier Name. Address: and. Client Name: Address:

ASSESSMENT OF QUALITY RISK MANAGEMENT IMPLEMENTATION

II. PREVIOUS RELATED WORK

Access Control and Audit Trail Software

MHRA Data Integrity Guidance and Expectations Document

Biotech Concerto #3. European Clinical Trial Environment

How To Write Software

IBM asset management solutions White paper. Using IBM Maximo Asset Management to manage all assets for hospitals and healthcare organizations.

Migrate from Exchange Public Folders to Business Productivity Online Standard Suite

Annex 7 Guidelines on pre-approval inspections

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

How companies leverage quality and quality certifications to achieve competitive advantage

Quality Risk Management The Pharmaceutical Experience Ann O Mahony Quality Assurance Specialist Pfizer Biotech Grange Castle

Monitoring manufacturing, production and storage environments in the pharmaceutical industry

Biopharmaceutical Portfolio Management Optimization under Uncertainty

How CMOs are Turning Their Training Programs into Market Differentiators

Presented by Rosemarie Bell 24 April 2014

Enterprise Content Management with Microsoft SharePoint

Program Advisory Committee (PAC) Agenda. December 14, :00am 3:00pm PST. Agenda Items:

Guidance for Industry: Starting Material Supplier Management

There is no Silver Bullet to complying with the US FDA GMPs by Alan Schwartz

Conducting a Gap Analysis on your Change Control System. Presented By Miguel Montalvo, President, Expert Validation Consulting, Inc.

The Software Development Life Cycle (SDLC)

IBM Business Process Manager Version 8 Release 5. Hiring Tutorial IBM

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

Optimization of Preventive Maintenance Scheduling in Processing Plants

SEMINAR. Content Management System. Presented by: Radhika Khandelwal

Implementing Lifecycle Validation Practices at Contract Manufacturing Organizations

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

A Control Framework for e-invoicing

GUIDELINES FOR FOOD IMPORT CONTROL SYSTEMS

Configuring Firewalls An XML-based Approach to Modelling and Implementing Firewall Configurations

Ontology and automatic code generation on modeling and simulation

Guidance for registered pharmacies providing pharmacy services at a distance, including on the internet

PRODUCT CERTIFICATION REQUIREMENTS

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009

Considerations for Management of Laboratory Data

How To Manage An Accident In A Car

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Calibration & Preventative Maintenance. Sally Wolfgang Manager, Quality Operations Merck & Co., Inc.

INSTRUCTIONS TO THE BONDVISION MTF MARKET RULES INSTRUCTIONS TO TITLE I OF THE RULES (GENERAL INSTRUCTIONS)

Qualified Persons in the Pharmaceutical Industry Code of Practice 2009, updated August 2015

SCIENTIFIC SUBSTANTIATION OF STANDARD OPERATIONAL PROCEDURES ROLE IN QUALITY ASSURANCE SYSTEM IN CLINICAL DRUG TRIALS

Quality Management Systems Manual

Cartel Electronics. AS 9100 Quality Systems Manual

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents

Implementation of ANSI/AAMI/IEC Medical Device Software Lifecycle Processes.

RTP s NUCLEAR QUALITY ASSURANCE PROGRAM

ISO 9001:2008 Audit Checklist

Transcription:

18 th European Symposium on Computer Aided Process Engineering ESCAPE 18 Bertrand Braunschweig and Xavier Joulia (Editors) 2008 Elsevier B.V./Ltd. All rights reserved. A Compliance Management System for the Pharmaceutical Industry Julie Fisher a, Arantza Aldea a, René Bañares-Alcántara b a School of Technology, Oxford Brookes University, OX33 1HX Oxford, UK b Department of Engineering Science, University of Oxford,OX1 3PJ, UK Abstract The management of compliance with rules, policies, guidelines, practices, and standards is largely done through a manual and labour-intensive process. This process can be facilitated through the use of a computer-based Compliance Management System (CMS). A CMS identifies compliance tasks, tracks the performance of these tasks with respect to a set of requirements and documents their compliance status. The output from a CMS can be used to satisfy a variety of reporting requirements and initiate alerting mechanisms. A CMS can be particularly useful in managing regulation change and overlap. This paper presents the first step in the development of a decision and compliance management tool, in particular, a prototype CMS for the pharmaceutical industry is described. The CMS has been tested with a simulated case study. Keywords: Compliance Management, Regulation, Information System, Pharmaceutical Industry. 1. Introduction The regulatory authorities are empowered to issue and enforce regulations for the manufacture of pharmaceutical products with the aim to strike a balance between the therapeutic advantages of a drug and its possible risks to the patients. The regulatory authorities approve the sale of only those drugs produced with manufacturing processes that comply with the regulations. As a result, individual pharmaceutical companies produce a set of internal guidelines, rules, and policies to implement the regulation imposed by the regulatory authorities. The development and maintenance of these internal guidelines, rules and policies is an arduous and tedious process that requires substantial human resources. To begin with, the regulations must be interpreted to make them applicable to a specific manufacturing process. However, quite often regulations are vague, subjective and ambiguous, and thus with the potential to produce inconsistencies. A second complication is that there are national and international regulations, and products and processes must comply with all regulations of the places where they are produced and sold. Lastly, regulations change in time and companies must update their procedures accordingly. The process of interpretation finishes when all the regulations have been translated into a set of tasks to be performed with a given frequency and by individuals with specific roles. A Compliance Management System can be used to keep track of these tasks. A CMS identifies compliance tasks, tracks the performance of these tasks and documents their compliance status; the output can be used to satisfy a variety of reporting requirements and initiate alerting mechanisms.

2 J. Fisher et al. This paper describes the initial approach in the development of a CMS for the pharmaceutical industry. The case study is built around rules regulating pharmaceutical production; however, the purpose of this research is more general: to create a domain independent CMS that operates for different regulations retrieved from a library. The principles of this research are applicable to any other regulated activity such as trading, construction, and industrial SHE (Safety, Health and Environmental) compliance. The CMS under development consists of a MySQL database that stores the information related to the compliance tasks and a JAVA front end that displays the data and interacts with the different users. XML (extensible Markup Language) will be used in the future so the CMS can communicate with other applications. Specifically, XML will be used to store the tasks to be read by the CMS and the reports it generates. The generic features of a Compliance Management System are described in the next section. Section 3 focuses on the pharmaceutical industry and how a CMS can help to cope with the regulations imposed in this domain. The implementation of our CMS for the pharmaceutical industry is described in Section 4 and the preliminary results with a test case are presented. The future steps in our research are discussed in Section 5. 2. Compliance Management Systems A Compliance Management System (CMS) should be able to identify compliance tasks, track their performance and document their compliance status; its output being amenable to be used to satisfy a variety of reporting requirements [Boland 06]. Science based industries are increasingly using CMSs because competitive and regulatory pressures push them to consider the role that automation can play in converting data to useful knowledge [Conley 00]. The number of regulations with which companies have to conform nowadays is so vast that automating their compliance is a natural progression. There are three main components in a basic CMS: a library of applicable requirements, another library of tasks created to meet those requirements, and a set of means to administer status reporting and record keeping. Tasks can be defined in terms of a vocabulary of actions (e.g. monitor, collect, perform, review, document, verify) applied to objects (e.g. materials, equipments, reports) at a required frequency (e.g. once, daily, weekly) done by an individual with a role (e.g. technician, process engineer, plant manager). Compliance with a regulation can be assessed in terms of checkpoints [Yip et al. 06]. Other types of information are goals/intentions and criteria, which are necessary to evaluate task compliance [Boland 06]. Additional CMS features are e-mail notification, escalation and recurring tasks. An e-mail notification system sends e-mails to the employees due to carry out the tasks prior to the due date, whereas an escalation system sends additional warning e-mails to the employee s supervisors when a task is either overdue or has failed. [Conley 00] looked at automating regulatory compliance, focusing on the NuGenesis Scientific Data Management System, when the acceptance of electronic record keeping was relatively new to the Food and Drug Administration (FDA). NuGenesis does not appear to store information about regulations and their associated data, and so does not have the functionality to notify when these regulations are due to be carried out. [Yip et al. 06] presented XISSF, an XML-based compliance audit system that enforces rules

A Compliance Management System for the Pharmaceutical Industry 3 and information security policies. However, many of the functions associated to a CMS, such as describing a regulation in terms of tasks and roles, are not included. [Boland 06] investigated how CMSs aid business and compared the features of some commercial available CMSs in the market. The common features of all those systems are e-mail notification and escalation. Many of the commercial CMSs do not appear to be business specific; however there are some expressly aimed at the pharmaceutical industry. For example EtQ for Pharmaceuticals/Biotechnology (see www.etq.com), which is an integrated FDA CMS. This system includes several modules, allowing to tailor its application to a company s needs, e.g. for archiving, escalation/delegation and monitoring. The EtQ system is aimed for companies that want to put their products in the American market. 3. A CMS for the Pharmaceutical Industry An important concern in the pharmaceutical industry is the large volume of regulations and their constant update. The regulations need to be analysed and validated to create a set of task, rules and procedures. 3.1. Regulations in the Pharmaceutical Industry All licensed medication put onto the market has to comply with a regulatory body to ensure it is effective and safe. It is essential for any company that all the criteria imposed by the regulatory body are met, as a rejection of the application can be very costly. However, regulation does not end after the approval of the manufacturing process; there is a continuous monitoring of the medication during its market lifetime. The most important regulatory bodies for the UK are MHRA (Medicines and Healthcare products Regulatory Agency) at the UK level, EMEA (European Agency for the Evaluation of Medicinal Products) at the EU level, and FDA (Food and Drug Administration) for the American market. Each regulatory body provides a number of principles and guidelines such as GMP (Good Manufacturing Practice) and GLP (Good Laboratory Practice). These are written at an abstract level and their aim is to provide guidance to the company. To aid in the management of the large volume of guidelines there are books that collate all the relevant information, e.g. Rules and Guidance for Pharmaceutical Manufacturers and Distributors 2007 [Pharma Press 02], commonly referred to as the orange guide. The orange guide is produced in association with MHRA and has all the guidance required for a company wanting to sell their products in the UK or EU. There are also books that aid in the compliance with the FDA guidelines, e.g. Pharmaceutical Master Validation Plan [Haider 01] and Validation Standard Operating Procedures [Haider 06]. The first book describes how a pharmaceutical company can put together a compressive plan to achieve the validation requirements, while the second looks into every aspect of validation for each of the guidelines. Our aim is to create a tool that facilitates the validation process and hence the translation of the regulations imposed by the regulatory bodies into a specific set of tasks. The CMS is used to manage the tasks and the people involved in them. This paper focuses on the first part of a prototype.

4 J. Fisher et al. 3.2. Requirements for a CMS The CMS must be able to track the performance of compliance tasks and document their status; notification of pending tasks and an escalation process to flag overdue tasks are also required. To make the system more robust a regulation should be associated with a role rather than a specific employee. The quantity of data that a CMS is required to manage is large and must be preserved accurately, ensuring that only those with the appropriate permission access it. Easy and quick access to data is also desirable. Lastly, the system must be able to create accounts for users with different levels of access and functionality. No prior knowledge of the underlying software technologies should be expected of the users, who will interact with the CMS using a Graphical User Interface (GUI). This GUI needs to be simple and convenient for the user. 4. Implementation and Initial Results The CMS has been developed in JAVA and all the information about tasks, regulations and personnel was stored in a MySQL database. A JAVA GUI was also developed to facilitate the introduction of all the information and the communication with each one of the operators. More details about the system can be found in [Fisher 07]. Once the company has identified the set of task required to comply with the regulations, those tasks and regulations must be introduced in the CMS. At the moment the tasks are introduced manually through the CMS GUI (see Figure 1). In the near future we are planning to introduce a connection between the output of a validation process tool based on an organisational memory system (OMS) and the CMS. When a regulation is entered, the type of personnel that will be in charge of the regulation must be identified as well as the domain. After a regulation is successfully introduced into the database, the CMS asks the user to input the associated tasks and displays the ADD TASK panel (see Figure 1). By declaring tasks consecutively the user can ensure that prerequisite tasks are entered previously. If there are concurrent users adding regulations and associated tasks at the same time, the system is able to cope by storing the IDs of the regulation or task that has just been created to be used in the creation of subsequent tasks. Figure 1. Windows used to enter regulations and their associated tasks.

A Compliance Management System for the Pharmaceutical Industry 5 Figure 2a. Customised To Do list for an employee. supervisor when tasks are overdue. 2b. Warning sent to the Tasks can be assigned to employees by the manager, and the employees will have then access to a window that lists all the tasks that need to be completed as shown in Figure 2. The CMS keeps track of all the tasks and their assigned employees and will make sure that all the tasks are completed on time by highlighting the pending tasks and sending regular emails to the employees (see Figure 2a). If the employee does not carry out a task, a report is generated and the corresponding line manager will be informed (see Figure 2b). To showcase the CMS some information was created for a small fictitious company, e.g. there are employees in three different roles (administrators, supervisors and analysts). Examples of regulations were taken from Chapter 18 of [Haider 2001] Qualification of Process Equipment. Figure 3. Example results written after performing some verification tasks.

6 J. Fisher et al. In particular, the regulation in the example applies to a Commuting Mill process, with each of its functions split into tasks. No frequencies for carrying out the tasks are suggested in the guidelines, as they depend on the manufacturer s manual for the machine; weekly tasks were set for this example. With further knowledge about the machine, such as its calibration system or details about its workings, the tasks could have been made more specific. The interface developed to introduce the results from the tasks is shown in Figure 3. 5. Conclusions and Future Work This paper has presented the initial results in the development of a CMS for the pharmaceutical industry. The CMS has been tested with a case study built around rules regulating pharmaceutical production. The purpose of this research is more general: to create a domain independent CMS as the principles of this research are applicable to any other regulated activity. We are investigating the creation of a support decision making tool based in Compendium [Shum et al. 06]. Given a set of regulations and guidelines, this tool will support a quality assurance expert to parse those regulations (also policies, rules and procedures) into tasks that need to be performed to comply with the regulations. These tasks will then be saved in a XML ontology and incorporated in the CMS system; XML will be the communication language with other applications. Specifically, XML will be used to store the tasks to be read by the CMS and the reports it generates. References Boland, R. 2006. Reduce business risk with a CMS. Chemical Engineering Progress 102 (10), pp. 39-44. Conley, J. 2000. Automating regulatory compliance. Scientific Computing and Instrumentation 17(3), pp. 25-26. Fisher, L. 2007. Development of a Compliance Management System for the Pharmaceutical Industry. MSc dissertation in Computing. Oxford-Brookes University Haider, S. I. 2001. Pharmaceutical Master Validation Plan: The Ultimate Guide to FDA, GMP, and GLP Compliance. Florida: CRC Press LLC, pp. 1-3 and 115-146. Haider, S. I. 2006. Validation standard operating procedures: a step-by-step guide for achieving compliance in the pharmaceutical, medical device, and biotech industries. 2 nd ed. Florida: CRC Press LLC, pp.3-18. Pharmaceutical Press. 2007. Rules and Guidance for Pharmaceutical Manufacturers and Distributors. 2007 ed. London: Pharmaceutical Press, pp. xvii-8. Shum, S. J. B., Selvin, A. M., Sierhuis, M., Conklin, J., Haley, C. B. and Nuseibeh, B. 2006. Hypermedia Support for Argumentation-Based Rationale: 15 Years on from gibis and QOC. In: Dutoit, A.H., McCall, R., Mistrik, I. and Paech, B. (eds.) Rationale Management in Software Engineering. Berlin: Springer, pp. 111-132. Yip, F., Ray, P. and Paramesh, N. 2006. Enforcing Business Rules and Information Security Policies through Compliance Audits; XISSF - A Compliance Specification Mechanism. In: The First IEEE/IFIP International Workshop on Business-Driven IT Management (BDIM 2006)- Information Technology Management from a Business Perspective. pp. 81-90

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information