In the musical “Oliver!” based on Charles Dickens’ novel, a poor child draws the ire of his caretakers when, after a meager portion of food, he famously holds out his bowl and says, “Please, sir, I want some more.”

Consumer advocates and others would argue today that we don’t necessarily need more food  – but they would hold out their bowl for more food regulation, especially from the FDA.

It’s not as if we need reminders that there are some serious shortcomings when it comes to how some food manufacturers operate (and how the FDA regulates them), but a recall of more than 200 million eggs this week gives us one whether we’d like it or not.

There’s been growing pressure on the agency to tighten its regulation of food, and it is starting to look like proposed federal legislation is going to deliver just that.

Most Capitol Hill watchers are predicting the Food Safety Modernization Act will come to a vote after the Labor Day recess. It’s likely to pass, though there is some debate about a few proposed amendments including one that would ban outright the usage of BPA, the plastic lining found in cans and in other packaging. Some pundits say attaching the BPA ban would kill the whole bill.

The FSMA would give the FDA greater authority regulate food and place a greater legal burden on food manufacturers to be more transparent when it comes to how they control their product from conception to landing on your dining room table. In other words, food manufacturers would have a lot more quality control work on their, well, plate.

A timely summit last week featured representatives from the Pennsylvania Dept of Agriculture and Dept of Health as well as the Grocery Manufacturing Association.  Led by Dr. Rene Massengale, Associate Professor of Biotechnology, who heads Food Safety and Quality Assurance Academic program at Harrisburg University of Science and Technology, Dr Massengale said industry has generally reacted positively to the potential changes coming from Capitol Hill.

While industry is supportive in principle to the idea of increased food regulation, Dr. Massengale said there is some nervousness out there about what kind of regulations finally emerge from any new Congressional law. Another wrinkle: Some manufacturers of relatively lower risk items, say candy versus eggs, are saying to feds “leave us alone, we already do this well,” she says. Her event attracted representatives of companies and organizations participating in the food supply system including agricultural growers and producers, food processors, food distributors/wholesalers/ retailers and members of related trade associations, as well as middle and upper-level managers from small and medium-sized organizations and managers, directors or owners responsible for food safety and product quality, such as HACCP, QA/QC, and process control professionals.

So, is “more” on the way?

It’s beginning to look that way.  Watch this space in the coming months as track the FSMA’s progress on Capitol Hill.

For more information

Request “The New FDA Drive for Food Safety” paper here.

Blog:  http://foodsafetyquality.blogspot.com/

You can follow Dr. Massengale’s frequent updates on Twitter here:  http://twitter.com/RDMassengale

I’ve got to admit, despite months (or years?) of hearing from those inside and close to the FDA that the agency intended someday to begin actual enforcement of 21 CFR Part 11, I was beginning to have my doubts.

No one likes to be told he’s crying wolf or acting like Chicken Little squawking about the sky falling.

Finally, however, the FDAs CDER division issued a blandly worded release that may have some serious repercussions for regulated drug companies:

The FDA “will be conducting a series of inspections in an effort to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the August 2003 ‘Part 11, Electronic Records; Electronic Signatures — Scope and Application’ guidance (Guidance). The Agency intends to take appropriate action to enforce Part 11 requirements for issues raised during the inspections that do not fall under the enforcement discretion discussed in the Guidance.”

That’s about all they said publicly, but it’s a mouthful after waiting a long long time for any agency activity backing the Part 11 rule.

While this announcement focuses on drugs, don’t be surprised to find a similar action coming soon on the device side.

“I’d expect FDA inspectors to focus on Part 11, too, when they inspect device manufacturers,” agrees former FDA inspector Ken Miles.

When it comes to preparing for FDA inspections, Ken says he’s a big fan of the Boy Scouts motto: Be prepared.

We’ve heard in the past that many FDA inspectors weren’t comfortable yet inspecting or enforcing Part 11 provisions. The result: Very few inspections, and some inconsistent inspectors.

In the coming weeks, we’ll report back on what kind of inspections FDAers are conducting, and how you can best prepare for them.

In previous series of articles Part I and Part II, we discussed the benefits of using a closed-loop process for managing regulatory compliance (pictured below). I also showed how setting up Key Performance Indicators (KPIs) that monitor performance to goals is a good way to Check that processes are working properly, thus reducing the need to perform manual audits of a given operation.

Let’s now take a closer look at the Track Problems step. The primary goal of this step is to collect and analyze data related to operational problems. This is a vital prerequisite for the next step in the process: Improve. Remember our overall goal is to systematically and continuously improve regulatory compliance. So let’s first take a look at collecting data.

Collecting data about operational problems sounds like an easy task, but it turns out to be anything but. First of all, there is a cultural stigma associated with anything that is labeled as a problem. This is because, where there is a problem, there is blame. And where there is blame, there are consequences. Given the fact that we are talking about consequences associated with someone’s livelihood, this is not something to take lightly. Therefore it is important to set a “tone from the top” that let’s employees know that the data will be used to improve operational processes and not punish employees. It is also helpful to ask employees to suggest improvement ideas. I’ve even seen some companies acknowledge and reward employees for suggestions that result in positive actions.  These are all good ways to encourage problem reporting. You want to tip the scale in favor of logging problems as shown in the illustration.

The next question is, “What data should we be collecting?” Let me start by pointing out that some data is better than no data. Waiting to create the perfect system will result in the loss of valuable information that could have alerted you to looming problems. So at the very least, start collecting data any way that you can.

I have seen hundreds of problem tracking forms spanning many processes and many industries. I’ve created product issue forms, process problem forms, out of spec forms, suggestions forms for industries regulated by the FDA, NERC and the SEC. I’ve summarized four design tips in the next illustration.

Now that you are collecting problem data, what should you do with that data? The high level steps for processing issues are: Identification, Investigation, Immediate Actions, Analysis and Planning for Further Action.

This is a summary of what each of these steps involves:

Identify: Collect problem data from all sources. Route these to someone that can determine immediate actions and investigate the problem.

Investigate: Look into the problem beyond the initial problem report. Look for trends from other sources (employees, vendors, customer) and from similar product and problems.

Immediate Actions: This step may be performed in parallel with or before the Investigate step. Determine if there are any immediate actions that need to be taken to contain the problem. While you are looking for root causes you don’t want the problem to grow or continue to do damage.

Root Cause Analysis: This is different from the initial investigate step in that you now are trying to determine what actually caused the problem. During the investigation you may determine that the problem was a result of operator error. But the root cause analysis may reveal that the operating procedure is unclear and is in fact the root cause of the problem.

Plans for Further Action: Once you have established the root cause you can take actions to Improve operations. In this step you would plan out what those improvement actions will entail, who will implement them, and how long they will take to enact. Typically this Corrective Action project requires management approval to allocate the required resources.

One benefit of this process is that a single Corrective Action project can address multiple problems. See the following illustration.

The next step is to Improve operations through implementing the corrective action project. We will take look at that step in the next article.

Sal Lucido is Vice President, Enterprise Solutions at AssurX, Inc. You can follow him at http://twitter.com/ComplianceTips

“There’s nothing to see here folks, move along. Nothing to see here.”

That’s what police usually say when a crowd gathers to watch something new, unusual or just plain interesting.

Reminds me of an article I recently ran across declaring that Software as a Service (SaaS) technology was indeed configurable.  The jist of it was that NetSuite CEO Zach Nelson was attempting to shatter some of the common misperceptions about SaaS during his keynote address at a company’s partner conference in San Francisco last week.

The WebCPA article covering Zach’s speech went on, “Addressing claims that most SaaS solutions are not customizable, Nelson claimed that there are currently 6,600 users utilizing NetSuite’s enterprise resource planning functions, the majority of which are customizable features.”

Extra! Extra! Read all about it: SaaS is configurable, says Zach.  And we’ve blogged about this before, too.

But is this news to anyone?

Apparently it is in some circles. So why has SaaS gotten a bad rap as inflexible?

Blame it on the early days of SaaS, when some providers offered more rigid, “pigeon-holed” solutions, says AssurX Operations Manager Karl Kleinkauf, who’s been in this business nearly twenty years. “In the old days there was something of a ‘take it or leave it’ attitude,” Karl adds.

But that’s all changed in recent years, Karl notes. For starters, the technology has improved and ample bandwidth is more widely available today. Both factors help make SaaS more configurable. But consumer demand also helped make it happen, Karl notes.

In fact, as his own customers get more adept using SaaS for regulatory compliance, they often see other uses for it. “I’ve helped many use our SaaS system for document control and customer complaint handling after they’ve gotten comfortable with it on the compliance side,” Karl says.

So let’s recap: SaaS is flexible, multi-faceted and configurable.

Remember, you didn’t read it here first.

They say that change is about the only constant in life (we’ll leave out death and taxes for the sake of this discussion).

And we all got an excellent reminder of that earlier this month when the FDA smacked Boston Scientific by saying the agency would not speed up the review of manufacturing changes required for Boston Scientific to resume selling its implantable heart defibrillators.

 As first reported by The Wall Street Journal, the medical-device maker recalled all seven brands of its defibrillators in March after having failed to receive FDA approval for the manufacturing changes. The company had earlier told physicians that it expected the review to take less time than the typical 30 days, according to the WSJ.

 Boston Scientific submitted the changes to the FDA for approval on March 15 and 16, according to an email sent by a Boston Scientific sales representative to a physician on March 17 that was reviewed by WSJ.

What’s at the core of Boston Scientifics’ problem here? Well, at least part of it is change control failures. As noted in the Journal report, “The Natick, Mass., company’s failure to report the manufacturing changes to the FDA was the latest in a string of problems in following reporting requirements. The FDA is investigating the company’s failure in this recent case as well as past lapses,” an FDA official said.

But Boston Scientific is by no means the only company out there with a shaky hand on change controls. If you are reading this blog and your gut is starting to churn a little, you know who you are.

It may be time to review your change control program, right?

We thought it might help a little to review exactly what change control is, while we’re at it.

Good old Wikipedia defines change control within Quality management systems (QMS) and Information Technology (IT) systems as “a formal process used to ensure that changes to a product or system are introduced in a controlled and coordinated manner. It reduces the possibility that unnecessary changes will be introduced to a system without forethought, introducing faults into the system or undoing changes made by other users of software. The goals of a change control procedure usually include minimal disruption to services, reduction in back-out activities, and cost-effective utilization of resources involved in implementing change.”

And that’s a great definition — as far as it goes. What it leaves out is what can go wrong when change control isn’t handled properly.

But we already know what the consequences are when change control isn’t properly managed, don’t we?

ADDITIONAL RESOURCES

For more on the FDA’s change control requirements, go here:

Boston Scientific sees it all a little bit differently. In a March 18 release the company notes that the FDA did recommend approval of an expanded indication of its heart medical devices. However, Boston Scientific has thus far declined to address the FDA’s decision not to review it more quickly.

AssurX will host a complimentary webinar on this important topic April 8, 2010 at 10am PDT. Click here to register.