February 4, 2012

Can the U.S. Maintain its Leadership Position in Medical Devices?

According to a recent PwC study, the U.S. medical device industry is facing stiffer competition by rival countries – mainly Brazil, China and India. However, the U.S. innovation edge may face more threats from an inefficient American regulatory system, according to AdvaMed.

Unveiling its “Competitiveness Agenda” at device maker Stryker in Kalamazoo, MI, today, AdvaMed detailed six policy initiatives that would allow medical device companies to thrive.

AdvaMed’s Competitiveness Agenda proposes specific recommendations under six broad policy imperatives:

  1. Innovation in the life sciences must be a government priority, including requiring an innovation impact statement for significant new regulations that affect the health sector;
  2. The FDA review process must be reformed to reduce total review times. American patients should have as prompt access to new treatments as European patients do;
  3. Payment policies of Medicare, Medicaid and private insurers must support medical innovation and not penalize early adopters of new treatments and cures;
  4. A vigorous trade policy must support export growth and provide a level playing field for U.S.-based manufacturing;
  5. Strategic tax policies to level the playing field must be implemented, including improvements to the R&D tax credit to keep it competitive with other countries;
  6. The American research and development infrastructure must be sustained and improved. Special emphasis should be placed on creating research structures that support commercialization of the R&D.

“America is the acknowledged world leader in medical technology, but that leadership is being challenged,” said Stephen J. Ubl, president and CEO of AdvaMed. “We know medical technology has a bright future. The question is: will that future be made in America—or somewhere else? Without the right public policies in place to provide a level playing field between the U.S. and foreign competitors, America’s leadership will be lost.”

In addition to protecting jobs and helping patients, Stryker Chairman, President and CEO Stephen P. MacMillan stressed that device manufacturing is an important driver of current and future economic growth.

“Our industry plays such a great role in improving patients’ lives around the world, and we are a great source of producing good manufacturing jobs. As the markets for our products grow around the world, we want U.S. policies to be encouraging job creation here,” said MacMillan.

Read the entire release here.

Related post: ‘Crescendo of Complaint’ Calls for FDA to Improve Medical Device Regulation

 

 

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

Everyone Agrees the FDA 510(k) Process Needs to be Fixed

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Both sides played it pretty nice at yesterday’s press conference unveiling a new study analyzing the FDA’s 510(k) review process, but there’s a tension underneath it all: Industry generally thinks the FDA is way too slow and inconsistent in its 510(k) review process and threatens medical device innovation in the US, and FDA seems to agree that the review process needs some tinkering but isn’t so bad and that much of the problem lay with industry anyway.

While he thanked the Institute for Health Technology (InHealth) for conducting the survey and putting together this forum, FDA Director of CDRH Jeffrey Shuren cautioned that its findings should not be accepted without putting them in some perspective. He noted that the survey was only answered by about 10% of industry, and that those respondents were those who tended to have more complicated than average 510(k) situations.

That said, Shuren acknowledged that CDRH has to do a better job preventing high levels of employee turnover. InHealth’s survey found that one of six or seven reviewers left during the 510(k) review process they were working on, which clearly slows the process and makes life more difficult for medical device companies, especially smaller ones.

Shuren also said FDA and CDRH should and will produce more guidances and will work to address consistency issues. He also said that CDRH should do a better job of identifying those 510(k) applications that won’t be approved as early in the process as possible, therefore spending less time on those.

But Shuren also noted that industry, especially smaller device companies, isn’t doing such a hot job on its 510(k) submissions. For example, a recent FDA study found that about half of all submissions arrived at the agency missing key information out of the gate. He also challenged companies, again especially smaller ones, to take more advantage of pre-submission meeting opportunities with FDA.

The survey is part of “A Comprehensive Analysis of the FDA 510(k) Process: Industry Practice and the Implications for Reform,” a study funded by the Institute for Health Technolog (InHealth), a nonprofit foundation that supports research and analysis into the role of medical technology in advancing healthcare and patient quality of life. Bottom-line, it found that the vast majority of respondents (68%) say it is critically important that the regulatory process be predictable, and that 85% said they’d seen “substantive changes” from FDA in its 510(k) review process in the past three years.

The survey offered a number of recommendations it said would improve the process:

Enhance predictability

  • Increase number of guidance documents
  • Timely update of guidance documents
  • Clear and timely communication of new FDA expectations before publication in guidance

Increase process consistency

  • Increase training (particularly implementation of current regulations)
  • Reduce perceived differences in agency follow-through (by enhanced communication)
  • Reduce reviewer turnover

Ensure efficient review process

  • Preparation of clear and complete submissions
  • Eliminate repeat requests of information already provided
  • Timely access to meetings
  • Increased use of interactive review concept

Close gap with international systems

  • Continued harmonization efforts (GHTF)
  • Sharing best practices (particularly on process side), while acknowledging differences in regulatory requirements

Increase attention to specific needs of small companies (while maintaining a level playing field)

  • Improve opportunities for interaction
  • Provide training support in areas where small companies tend to face particular challenges

Monitor effect of process changes

  • Evaluate impact of any process changes through appropriate performance metrics
  • Work with industry to monitor process performance over time

It appears that FDA and industry agree that the 510(k) process is broken. But things get more complicated when they begin to discuss how badly its broken, and what’s needed to fix it.

 

 

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

Taking a Utility From a Culture of Complacency to a Culture of Compliance

Vice President, Energy & Utilities Compliance

As the Electric Reliability Organization (ERO) continues to mature and provide leadership for electric reliability, there have been many changes over the last four years. One of the most recent NERC initiatives is working with the industry on reliability excellence with a risk-based approach. Gerry Cauley, President and CEO of NERC, has continuously emphasized the “Five Key Success Factors” for building a foundation of public trust. These five key success factors include:

  1. Risked based approach, with reliability performance measurably improving
  2. Reliability-learning, self-correcting industry
  3. Culture of compliance, enforcement backstop
  4. Commitment to security/resilience of grid
  5. Positive relationships and reputation

NERC and the Regional Entities will start conducting more reviews and assessments on registered entities regarding “Risk Based Compliance Monitoring.” All Regions are moving toward evaluations of internal compliance programs based on the FERC “13 questions” provided in the 2005 orders. Some Regional Entities are already sending surveys to their entities trying to learn more about the internal compliance culture in these organizations. They will be reviewing internal processes and procedures. They will also review such things as: the number of violations discovered via audits or investigations, repeat violations, number of mitigation plans, etc.

FERC Orders

Policy Statement on Enforcement Docket No. PL06-1-000, 113 FERC ¶ 61,068 (October 20, 2005)

Revised Policy Statement on Enforcement Docket No. PL08-3-000, 123 FERC ¶ 61,156 (May 18, 2008)

Policy Statement on Compliance Docket No. PL09-1-000,125 FERC ¶ 61,058 (October 16, 2008)

Policy Statement on Penalty Guidelines Docket No. PL10-4-000, 130 FERC ¶ 61,220 (March 18, 2010)  suspended on April 15, 2010

Revised Policy Statement on Penalty Guidelines Docket No. PL10-4-000,132 FERC ¶ 61,216 (October 17, 2010)

Many businesses in a regulated industry such as financial, life sciences, and nuclear industry have lived through these changes and have continuously improved their internal compliance and regulatory programs. Many have built strong Culture of Compliance programs. I have seen and been a part of some very strong Culture of Compliance programs. Some of the key elements of these programs are senior management involvement that provides strong leadership and holding individuals accountable. This is so important when implementing the critical elements of a Culture of Compliance.

Another important part of building a better compliance culture is establishing an organization that self-identifyies and self-corrects issues. One of the most important aspects of this internal initiative is implementing a robust corrective and preventive action (CAPA) program. Every individual in an organization must be trained on the process and tools of this program; management must continuously support the employees identifying issues; and preventative steps must be assigned and completed.

Corrective and Preventive Action (CAPA) Workflow

AssurX has developed a white paper on how to build the key elements of the “Culture of Compliance” program. Download your copy here to learn more.

You can also follow Trey on Twitter.

 

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

Handling a Warning Letter: If At First You Don’t Succeed…

Last year, we blogged about the most common drug and device GMP 483 items and how to respond to them in writing.  But what if your response is judged inadequate or the FDA otherwise issues a Warning Letter? First off, understand that the agency even at this point is strongly hoping you will voluntarily take the corrective action required so they can settle this case and move on to something else. They are intended to elicit voluntary correction.

However, if you fail to address the issues raised in a Warning Letter, your company can face some serious repercussions, including: recall, seizure, injunction, monetary fine, debarment, disqualification, license suspension or revocation, and prosecution.

The issuance of a Warning Letter certainly raises the stakes after a 483. The violations it contains represent concerns not only of an investigator, but of the District and/or Center Compliance Officers.

Responding to a Warning Letter

Your first action after you receive a Warning Letter should be to immediately notify top management of the letter and give them an idea of the scope of the problem. You should also contact the FDA’s District Director or Compliance Officer. In your written response to them, you should acknowledge your obligation to comply with the law, discuss the impact the issues raised will have on product quality, address any broader or systemic corrections the Warning Letter may have raised, and offer your corrective actions and timetable for completing them.

Ask to meet with the FDA. That meeting is important for a number of reasons, including:

  • Ensuring there is common understanding of GMP concerns
  • Verifying the adequacy of proposed corrections
  • Revealing if further action is planned by the FDA
  • Achieving agreement on how to proceed
  • Providing a written summary, including any clarifications and additional commitments from either side
  • Setting a timetable for periodic updates on progress

Your company can avoid “unnecessary problems” with the FDA as long as your response avoids the following: unrealistic goals, blaming everything on a lack of training, trivializing the product complaints, failing to proofread your correspondence, citing other firms’ practices as an excuse for your own, and failing to implement promised corrections.

Attorney Peter Reichard with Sheppard Mullin works closely with drug and device companies and former FDA officials. He stressed that your Warning Letter response should focus on how you are addressing the problem. “Companies have a tendency to try and explain something, but the FDA is not interested in that,” he says. “They just want to know your plan and that you followed up,” he says.

Part of that plan, Reichard says, is to put together a Warning Letter response team that goes beyond regulatory personnel. Include those involved in business and legal issues and those who keep a handle on resources and expenditures, he advised.

Avoiding Warning Letters

The only proven technique for avoiding enforcement actions [is] establishing an effective Quality System.  And the FDA defines “establish” in this instance as a Quality System that is defined, documented and implemented.

Companies that have SOPs and teams in place to handle process problems tend to do a better job of avoiding Warning Letters, agreed Adam Bloom, an attorney in Reed Smith’s Life Sciences practice.

But the absolute “worst-case” scenario is to become a repeat offender in the eyes of the FDA, he said. “If you said you would fix something, and they come back a year or two later and find the same problems,” they will view you harshly, he added.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

Chicken Little Was Right: FDA Will Enforce Part 11 "Soon"

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

I’ve got to admit, despite months (or years?) of hearing from those inside and close to the FDA that the agency intended someday to begin actual enforcement of 21 CFR Part 11, I was beginning to have my doubts.

No one likes to be told he’s crying wolf or acting like Chicken Little squawking about the sky falling.

Finally, however, the FDAs CDER division issued a blandly worded release that may have some serious repercussions for regulated drug companies:

The FDA “will be conducting a series of inspections in an effort to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the August 2003 ‘Part 11, Electronic Records; Electronic Signatures — Scope and Application’ guidance (Guidance). The Agency intends to take appropriate action to enforce Part 11 requirements for issues raised during the inspections that do not fall under the enforcement discretion discussed in the Guidance.”

That’s about all they said publicly, but it’s a mouthful after waiting a long long time for any agency activity backing the Part 11 rule.

While this announcement focuses on drugs, don’t be surprised to find a similar action coming soon on the device side.

“I’d expect FDA inspectors to focus on Part 11, too, when they inspect device manufacturers,” agrees former FDA inspector Ken Miles.

When it comes to preparing for FDA inspections, Ken says he’s a big fan of the Boy Scouts motto: Be prepared.

We’ve heard in the past that many FDA inspectors weren’t comfortable yet inspecting or enforcing Part 11 provisions. The result: Very few inspections, and some inconsistent inspectors.

In the coming weeks, we’ll report back on what kind of inspections FDAers are conducting, and how you can best prepare for them.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

Big NERC CIP Changes Looming

James Holler, Founder, Abidance Consulting

James Holler, Founder, Abidance Consulting

In less than a year the sweeping changes to the NERC CIP requirements will become effective. The changes will require that all registered facilities be considered, to some degree, a critical asset. There are going to be three levels of criticality when it comes to CIP – High, Medium & Low. According to NERC, the process and criteria currently being used today for identifying critical assets in the electric system are inadequate.  For example, the current system labels less than 5% of the existing generation facilities around the country to be critical assets, so NERC has identified a new approach in the new CIP-010-1 standard.

The scoping process in the existing CIP-002 standard calls for identification of critical bulk electric system assets, then the associated critical cyber assets.  In CIP-010, there are no “out of scope” bulk electric system assets; instead a categorized list of those assets and their related cyber systems is required.

Framework
NERC has decided to use the NIST 800-53 framework when they are developing the CIP requirements from now on. The National Institute of Standards and Technology (NIST) is the U.S. Government’s defacto standard for Information Technology Security. You can download a full copy here. NIST provides standards and technology to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence in Information Technology systems.

The NIST framework:

  • Provides a specification for minimum security requirements for information systems included in the CIP requirements using a standardized, risk-based approach.
  • Defines minimum information security requirements (management, operational, and technical security controls) for information and information systems in each such category that are included in the CIP requirements.
  • Identifies methods for assessing effectiveness of the CIP security requirements.
  • Brings the security planning process up to date with key standards and guidelines developed by your security team using the NIST framework.
  • Provides your security team with assistance in determining what needs to be done and in chronological order.
  • Evaluates security policies and technologies developed by your security team.

Major Changes
Be warned, there are many major changes coming. One of the most interesting is that CIP-002-2 through CIP-009-2 will be removed and replaced with CIP-010-1 and CIP-011-1. CIP-011-1 is almost 30 pages and combines CIP-003-2 through CIP-009-2 into a single requirement and includes new requirements as well. The following is a list of some of the major changes on the horizon:

  • Every requirement will be auditable and not just addressable. This means that you must complete all required tasks in the CIP requirements as they will pertain to you and not be a nice-to-have or addressable.
  • There is currently a 3-year review/audit cycle set up and because the BES does not change too much or too often that cycle is going to be shortened to be between 12 months and 24 months.
  • A new feature in CIP-011 is how the requirements are presented, which is based on applicability/impact on the reliable operation of the BES.  There are several subject areas identified in CIP-011, including: security governance and policy; personnel training, awareness, and risk assessment; physical security; electronic access control; etc.
  • Each requirement has several characteristics identified, and each requirement is assigned to one of the subject areas.
  • The need for more than paper evidence of compliance has lead to actual need to demonstrate compliance in the updated version of the CIP requirements. For example, current requirements call for paper demonstration rather than allow for actual demonstration of the protection system; the latter improves security and therefore an entity will have to demonstrate their compliance rather than state it.

There are many, many other updates, improvements and additions to the upcoming CIP requirements known as Version 4. It is my opinion that a registered entity may want to begin preparing now because the requirements may prove to be difficult to handle.

James Holler is founder of Abidance Consulting.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

Is the FDA getting ready to crack down on medical device clinical trials?

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Well, we told you 2010 was going to be a big year for the FDA.

While most of us were enjoying holiday treats or making new year’s resolutions, a leading FDA official said the agency was developing new guidelines designed to establish stricter standards for the data received from tests with human subjects used by medical device makers when they seek approval for a new or altered device.

Dr. Jeffrey Shuren, the acting director of the Center for Devices and Radiological Health, told The New York Times recently that the FDA most likely will soon urge device makers to take steps like using more sharply defined targets to measure the success of clinical trials. The agency may also urge producers to more closely follow patients enrolled in such trials to determine whether the targets are met, Shuren told The Times.

That sound you hear is the new drumbeat saying that the FDA hasn’t been tough enough on medical devices in the past, at least according to JAMA and an article published in the American Journal of Therapeutics which suggest the agency has to get stricter to better protect the public.

AdvaMed, the big medical device trade group, is taking a “wait and see” approach, at least publicly.

Or as Janet Trunzo, AdvaMed’s executive vice president, technology and regulatory affairs, told us recently, “FDA has not released any formal proposals or guidance regarding changes to the premarket approval (PMA) process.  When the agency does so, we look forward to reviewing and commenting on them.  In general, we support efforts to better clarify FDA submission requirements and to ensure patients have timely access to life-saving and life-enhancing medical technology.

Trunzo went on: “It is important to note that the FDA’s approval process for Class III devices is the agency’s most stringent.  On average, the agency spends roughly 1,200 hours reviewing each application, and has the authority to demand additional data and to refer the application to an expert panel for review.  To obtain FDA approval through the PMA process, a manufacturer must submit a detailed application that contains full reports of all investigations of the safety and effectiveness of the device; a full statement of the components, ingredients, properties, and principles of operation of the device; a full description of the methods used in the manufacture and processing of the device; information about performance standards of the device; samples of the device; specimens of the proposed labeling for the device; and any other relevant information.

“Clinical trial data is but one piece of the overall approval process for medical devices, as the FDA requires data to determine biocompatibility, mechanical strength testing, among others, which are not available through clinical trials.  American patients have access to life-saving, life-enhancing technology because the FDA carefully balances the risks and benefits of each new device or advancement in a given technology.”

But Dan Walsh, a senior member of PA Consulting Group‘s Life Sciences & Healthcare practice, says there will definitely be tougher standards, and some level of more stringent human clinical trial results.  However, he believes there is room for straightforward 510(k) cleared products that make no substantial claims beyond equivalence to currently marketed products.  Dan specializes in technology strategy and acquisition, medical device product development and improving the effectiveness of commercial launch of new medical technologies.

According to Walsh, another repercussion is that the 510(k) will be more narrowly applied, and there likely will be an extended use of ’510(k) with clinicals’ submissions because these trials have not required the same statistical power or clinical depth (high in placebo or alternative therapy arms, etc.)

“If all products were required to obtain PMA approval with robust clinical trials, it would likely impede innovation and use of new technologies,” Walsh told us.

“Since the FDA has mandates for both protection of the public health and the oversight of launch of new therapies for unmet or underserved needs, an all or nothing approach is not feasible or practical,” he adds. “If all submissions required clinicals, one could add at least six months and many millions of dollars to the development time and cost for a medical device, all other things being equal.”

Kim Egan a partner with DLA Piper in Washington, D.C. and an expert in this arena who sits on the advisory board of Life Sciences Law & Industry Report, a publication for lawyers, business executives, directors of research and regulatory specialists practicing in health care-related life sciences fields, gave us some interesting observations, too:

  • This development is not overly surprising given the open letter to President Obama that FDA scientists sent last year alleging corruption in the medical device approval process.  The division head stepped down year as well.  FDA is under strong Congressional pressure to reform.
  • This report is based on a review of cardiovascular devices only — we can expect similar reviews of additional therapeutic areas over the coming months.
  • Industry will want to take an active role in the comment period that will follow FDA’s issuance of draft guidance on new requirements.
  • The impact on industry may be limited to products that require full PMA approval.  Devices that rely on 510(k) approval need not submit clinical data, so providing the predicate device is unaffected by FDA’s review, the bulk of new devices on the market should not be affected by the new guidelines.
  • The NY Times article contains an error regarding personal injury lawsuits.  The reason personal injury lawsuits are limited is not because of the Riegel decision — that decision simply upheld existing law that provides federal preemption to medical device manufacturers, particularly on failure to warn claims.  Because Congress has expressly preempted failure to warn claims for medical device manufacturers, such claims cannot proceed on state law theories.  This is unlike the pharmaceutical area, where there is no Congressional preemption of state law.

It’s a fine line between regulations with teeth that protect the public without slowing valuable new medical devices. Just ask John Hanley, an attorney at Steptoe & Johnson in LA. He represents two medical device companies that have been significantly impacted by the highly conservative approach now being taken by the FDA.

“They have both decided to pursue clinical approval outside of the U.S. before continuing to attempt to navigate the very difficult road to approval here in the U.S.,” Hanley said of the two companies who wished to remain anonymous.

“In fact, it is disappointing to note that even where these companies have had multiple years of clinical data from activities outside the U.S., the FDA has not approved their pursuing expedited routes through the FDA approval process,” Hanley adds.  “Unfortunately, the FDA’s recently adopted strict stances have resulted in the American public being denied the benefit of new medical technologies.  Moreover, it is expected that the FDA’s conservatism will eventually lead to less investment in medical device companies domestically and thus, less medical device innovation in the U.S.”

Yes, 2010 is already shaping up to be an interesting year at the FDA.

Don’t touch that dial, we’ll keep you posted as this story moves ahead.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

Risk Management Matures Beyond the Spreadsheet

RiskMgmt150Risk management is one of those terms that is often used a bit too loosely, warns AssurX’s Sal Lucido. “People say ‘risk management’ but it can mean very different things to people working at different parts of a company.”

For example, the finance and accounting department focuses on documenting and managing risks associated with business financial transactions and reporting as governed by Sarbanes-Oxley (SOX). The information technology group (IT) focuses on cyber security risks, which involves processes such as identity and access management, threat and vulnerability management, and configuration control. The regulatory compliance group is concerned with meeting government regulations, laws and standards applicable to their industry. For example medical device companies must meet regulations imposed by the FDA regarding such activities as quality and incident management. Energy companies must abide by national and state mandated regulations established by NERC, FERC and their respective regions. Noncompliance can lead to fines that sometimes total in the millions.

Across these industries “the Federal Government is actively auditing and levying large fines for those companies found to be out of compliance. The bar is being set higher each year and the penalties are becoming more severe.”

“Having a risk management system that is managed on paper and spreadsheets is just not going to cut it anymore.”

Sal has helped dozens of regulated companies in industries ranging from utilities to medical device manufacturers to better manage their corporate risk data and processes. And he’s observed that they have a lot in common when it comes to handling risk management. Based on his years of experience with many different firms working to address risk, he has some valuable observations and advice.

Across the board, “what we’ve been finding is that information associated with risk management is rarely made available to the departments that need access to it. For example, if the audit department had access to the identified risks and their risk levels, they could use this information to plan their audit activities aiming audits at those that pose the greatest liability to the company. ”

Companies are now looking for tools that “allow for secure collaboration” so that the risk information and data is readily available for all those who need to access it.

”Because each of these departments already have their own processes” companies are looking for applications that allow each group to maintain their own forms and workflows. “It’s critical to have an application that provides processes unique to each group while harmonizing the underlying data” so that each group can access what it needs, when it needs it.

Dashboards and Metrics in CATSWebThe other trend we are seeing is that companies are looking to move beyond just documenting risks and listing mitigation efforts. They are looking for enterprise applications that can manage the associated business processes. For example, risk assessment and mitigation efforts are tasks that need to be assigned to individuals or teams, with due dates and status updates. In order to ensure projects stay on track there is a need for escalation functionality that automatically emails the appropriate personnel when tasks become due and go late. These activities also have associated workflows and approval routings that need to be managed via software. Of course this type functionality goes well beyond the capabilities of simple risk tracking software and spreadsheets.

The other need we are seeing is related to reports and dashboards. Department and process managers are looking for reports that show risk levels, heat maps, late reports and so forth. The executive staff is looking for enterprise dashboards that report on the state of compliance throughout the organization using easy to read traffic light and gauge or thermometer formats.

Finally the solution should also be flexible enough to integrate with data and systems that are already being used within the company. For example, if a system is already being used to document the status of key risk indicators (KRI’s) such as violations or incidents, “that data should be reported within (and accessible from) the risk management system.”

In conclusion, managing risk across the corporation means something different to each department yet it requires the entire organization to work together. It involves documenting and sharing risk data across the enterprise, managing workflows and tasks, while handling escalation and reporting. Yes, risk management has matured beyond the spreadsheet.

Sal Lucido is VP of Enterprise Solutions at AssurX, Inc.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

FDA Takes Food Safety Seriously With Electronic Reporting System

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Is it just me, or does it seem like someone must have reminded the FDA that the first part of its name starts with the word “Food”? In the past several weeks we’ve seen a very public and very aggressive FDA take some big steps to assure consumers that their food is safe after a bad year or two out there in America’s food chain. Remember lettuce? Beef? Tomatoes? The list goes on and on and…

The latest FDA action is the launch of a Reportable Food Registry (RFR) which requires that facilities that manufacture, process or hold food for consumption in the US now must tell the FDA within 24 hours if they find a reasonable probability that an article of food will cause severe health problems or death to a person or an animal.

The FDA rolled it all out with a big press event Sept 8 – the same day that reporting this way becomes the law of the land, said Michael Taylor, Senior Advisor to the FDA Commissioner on food issues. It will “provide a reliable mechanism” for the FDA to track patterns in food problems and help it act more quickly to fix them. “It’s an important step,” Taylor said. “Our first priority is to prevent food safety problems.”

(It doesn’t include infant formula or dietary supplements, those have separate reporting requirements already on the books.)

This latest FDA move is all part of a wider effort, spearheaded by HHS and USDA, which also just unveiled a new consumer web site: www.foodsafety.gov. It’s designed to help consumers get the latest info on food safety and recalls.

The new site will feature information from all the agencies across the federal government that deal with critical food and food safety information, including preventive tips about how to handle food safely, alerts on life-saving food recalls, and the latest news from the key agencies.

Click here for a copy of ”Food for Thought: The FDA Gets Serious on Electronic Records Management”.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare

NERC Standards Management: Beyond the Spreadsheet

ElectricitySunsetBlue150As we all know on August 8, 2005, President Bush signed into law the Energy Policy Act of 2005, which authorized the creation of an electric reliability organization (ERO) with the statutory authority to enforce compliance with reliability standards among all market participants.  The electric industry has had to adjust to the change from a voluntary system of compliance to a mandatory system of reliability standards compliance.  In order to deal with this situation most organizations decided to use their favorite weapon – the spreadsheet. It was a great choice given there was a lot of information that needed to be organized in a very short period of time, including: standards, requirements, entities, measures, subject matter experts, applicable procedures, evidence of compliance and the list goes on.

However, once these spreadsheets were filled up with reams of data on dozens of interconnected worksheets, problems began to surface:

  • Complexity: Documenting the relationships of each applicable requirement to applicable procedure, compliance rationale for each of the registered entities within the organization quickly becomes a rat’s nest of intertwined data.
  • Maintenance: As new and revised standards are released just managing changes to these spreadsheets becomes more then a full-time job.
  • Doesn’t Manage Tasks: Analysis of compliance to requirements usually requires assigning tasks, which implies management of assignees, due dates along with documenting the task and the outcome.
  • Silos of Information: Spreadsheets by their vary nature are typically owned by one person and are located on that individual’s computer. After a while most companies learn that there is more than one spreadsheet. In fact several people in various parts of the organization are maintaining this information with overlapping data and most of the time without knowledge of each other.

This is when it makes sense to use a corporate-wide compliance management system that can deal with the complexity of the data, can be easily maintained with new and revised standards and manage task assignments, due dates (with automatic email reminders) and associated procedures and evidence.

Technorati Profile

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare