In previous series of articles Part I and Part II, we discussed the benefits of using a closed-loop process for managing regulatory compliance (pictured below). I also showed how setting up Key Performance Indicators (KPIs) that monitor performance to goals is a good way to Check that processes are working properly, thus reducing the need to perform manual audits of a given operation.

Let’s now take a closer look at the Track Problems step. The primary goal of this step is to collect and analyze data related to operational problems. This is a vital prerequisite for the next step in the process: Improve. Remember our overall goal is to systematically and continuously improve regulatory compliance. So let’s first take a look at collecting data.

Collecting data about operational problems sounds like an easy task, but it turns out to be anything but. First of all, there is a cultural stigma associated with anything that is labeled as a problem. This is because, where there is a problem, there is blame. And where there is blame, there are consequences. Given the fact that we are talking about consequences associated with someone’s livelihood, this is not something to take lightly. Therefore it is important to set a “tone from the top” that let’s employees know that the data will be used to improve operational processes and not punish employees. It is also helpful to ask employees to suggest improvement ideas. I’ve even seen some companies acknowledge and reward employees for suggestions that result in positive actions.  These are all good ways to encourage problem reporting. You want to tip the scale in favor of logging problems as shown in the illustration.

The next question is, “What data should we be collecting?” Let me start by pointing out that some data is better than no data. Waiting to create the perfect system will result in the loss of valuable information that could have alerted you to looming problems. So at the very least, start collecting data any way that you can.

I have seen hundreds of problem tracking forms spanning many processes and many industries. I’ve created product issue forms, process problem forms, out of spec forms, suggestions forms for industries regulated by the FDA, NERC and the SEC. I’ve summarized four design tips in the next illustration.

Now that you are collecting problem data, what should you do with that data? The high level steps for processing issues are: Identification, Investigation, Immediate Actions, Analysis and Planning for Further Action.

This is a summary of what each of these steps involves:

Identify: Collect problem data from all sources. Route these to someone that can determine immediate actions and investigate the problem.

Investigate: Look into the problem beyond the initial problem report. Look for trends from other sources (employees, vendors, customer) and from similar product and problems.

Immediate Actions: This step may be performed in parallel with or before the Investigate step. Determine if there are any immediate actions that need to be taken to contain the problem. While you are looking for root causes you don’t want the problem to grow or continue to do damage.

Root Cause Analysis: This is different from the initial investigate step in that you now are trying to determine what actually caused the problem. During the investigation you may determine that the problem was a result of operator error. But the root cause analysis may reveal that the operating procedure is unclear and is in fact the root cause of the problem.

Plans for Further Action: Once you have established the root cause you can take actions to Improve operations. In this step you would plan out what those improvement actions will entail, who will implement them, and how long they will take to enact. Typically this Corrective Action project requires management approval to allocate the required resources.

One benefit of this process is that a single Corrective Action project can address multiple problems. See the following illustration.

The next step is to Improve operations through implementing the corrective action project. We will take look at that step in the next article.

Sal Lucido is Vice President, Enterprise Solutions at AssurX, Inc. You can follow him at http://twitter.com/ComplianceTips

“There’s nothing to see here folks, move along. Nothing to see here.”

That’s what police usually say when a crowd gathers to watch something new, unusual or just plain interesting.

Reminds me of an article I recently ran across declaring that Software as a Service (SaaS) technology was indeed configurable.  The jist of it was that NetSuite CEO Zach Nelson was attempting to shatter some of the common misperceptions about SaaS during his keynote address at a company’s partner conference in San Francisco last week.

The WebCPA article covering Zach’s speech went on, “Addressing claims that most SaaS solutions are not customizable, Nelson claimed that there are currently 6,600 users utilizing NetSuite’s enterprise resource planning functions, the majority of which are customizable features.”

Extra! Extra! Read all about it: SaaS is configurable, says Zach.  And we’ve blogged about this before, too.

But is this news to anyone?

Apparently it is in some circles. So why has SaaS gotten a bad rap as inflexible?

Blame it on the early days of SaaS, when some providers offered more rigid, “pigeon-holed” solutions, says AssurX Operations Manager Karl Kleinkauf, who’s been in this business nearly twenty years. “In the old days there was something of a ‘take it or leave it’ attitude,” Karl adds.

But that’s all changed in recent years, Karl notes. For starters, the technology has improved and ample bandwidth is more widely available today. Both factors help make SaaS more configurable. But consumer demand also helped make it happen, Karl notes.

In fact, as his own customers get more adept using SaaS for regulatory compliance, they often see other uses for it. “I’ve helped many use our SaaS system for document control and customer complaint handling after they’ve gotten comfortable with it on the compliance side,” Karl says.

So let’s recap: SaaS is flexible, multi-faceted and configurable.

Remember, you didn’t read it here first.

They say that change is about the only constant in life (we’ll leave out death and taxes for the sake of this discussion).

And we all got an excellent reminder of that earlier this month when the FDA smacked Boston Scientific by saying the agency would not speed up the review of manufacturing changes required for Boston Scientific to resume selling its implantable heart defibrillators.

 As first reported by The Wall Street Journal, the medical-device maker recalled all seven brands of its defibrillators in March after having failed to receive FDA approval for the manufacturing changes. The company had earlier told physicians that it expected the review to take less time than the typical 30 days, according to the WSJ.

 Boston Scientific submitted the changes to the FDA for approval on March 15 and 16, according to an email sent by a Boston Scientific sales representative to a physician on March 17 that was reviewed by WSJ.

What’s at the core of Boston Scientifics’ problem here? Well, at least part of it is change control failures. As noted in the Journal report, “The Natick, Mass., company’s failure to report the manufacturing changes to the FDA was the latest in a string of problems in following reporting requirements. The FDA is investigating the company’s failure in this recent case as well as past lapses,” an FDA official said.

But Boston Scientific is by no means the only company out there with a shaky hand on change controls. If you are reading this blog and your gut is starting to churn a little, you know who you are.

It may be time to review your change control program, right?

We thought it might help a little to review exactly what change control is, while we’re at it.

Good old Wikipedia defines change control within Quality management systems (QMS) and Information Technology (IT) systems as “a formal process used to ensure that changes to a product or system are introduced in a controlled and coordinated manner. It reduces the possibility that unnecessary changes will be introduced to a system without forethought, introducing faults into the system or undoing changes made by other users of software. The goals of a change control procedure usually include minimal disruption to services, reduction in back-out activities, and cost-effective utilization of resources involved in implementing change.”

And that’s a great definition — as far as it goes. What it leaves out is what can go wrong when change control isn’t handled properly.

But we already know what the consequences are when change control isn’t properly managed, don’t we?

ADDITIONAL RESOURCES

For more on the FDA’s change control requirements, go here:

Boston Scientific sees it all a little bit differently. In a March 18 release the company notes that the FDA did recommend approval of an expanded indication of its heart medical devices. However, Boston Scientific has thus far declined to address the FDA’s decision not to review it more quickly.

AssurX will host a complimentary webinar on this important topic April 8, 2010 at 10am PDT. Click here to register.

Gotta give the FDA some credit here. In addition to its transparency initiative we’ve talk about before, the agency is also trying to remove some of the mystery about how it handles inspections and other inner workings at the FDA. From where I sit, it appears to be a sincere effort and I believe it is helping outsiders better understand what the FDA is trying to do – and how it is trying to do it.

For example, at the second in a new series of monthly online webinars, FDA’s Michael C. Rogers, deputy director, Office of Regional Operations, said today (March 25, 2010)  tried to outline how an FDA inspection tends to work, and what drives inspectors before, during and after an inspection.

As an aside, Rogers also said that the agency currently has about 1,800 total inspectors across its full portfolio, though food gets the bulk of the bodies. He also said there will be more foreign inspections this year, and that the number should continue to grow.

Inspections are based on risk, Rogers said. In other words, the riskier the potential drug, device or food item, the more likely they will be inspected.

Most inspections are unannounced, Rogers said. Before they go on-site, the inspector on inspection team will look at previous inspection reports and identify what corrective actions were promised during prior inspections. They also prepare inspection tool kits with sampling equipment, info to drive inspection based on guidance documents and the Investigation Operations Manual. They also carry a camera to document evidence.

They also conduct “for cause” inspections driven by consumer complaints or other outside activity.

Typically, the inspection begins with a discussion with management to explain the purpose of the inspection, and they try to learn about the corporate structure and any changes made since last inspection. They also ask about complaints, positive tests or returns. Answers to those questions help FDA inspectors focus their on-site efforts.

Next, they go to the physical manufacturing area. They try to observe and understand the on-site process. They ask about acceptance criteria and want specifics on failures, especially the reasons.

Inspectors also draw a diagram of the facility showing the manufacturing process from start to finish. They’re looking for problems in the system and looking to identify critical control points in the manufacturing process.

FDA inspectors then identify procedures in place and assess if company is actually following them. They also look for controls in place to mitigate any contaminated products.

They also look at training and cleaning programs. They also watch employees while they are actually making the product.

If they find evidence of an adulterated product, they collect evidence based on inspector observations and collect samples to prepare their case for possible legal action in court.

At conclusion of inspection, the FDA team meets again with management. They then inform the top company official what is in the official Form 483. That form documents observations during the inspection but does not include final recommendations. They also ask for the firms corrective actions planned or in place to get into compliance.

These corrective actions are taken into account as agency formulates official recommendations.

After the inspection at the firm, the inspector develops a report back at the home office. It includes evidence collected and what the firm has already agreed to do about any shortcomings.

In some cases firms can offer voluntary corrections. But sometimes the agency decides it needs enforcement action such as a warning letter, and can also impose civil and/or monetary penalties.

The webinar was extremely popular. In fact, it “sold out” so many who tried to join it could not get in to the live event. There will be a recording available on Monday March 29.

UPDATE: Slides are now available from this event here in PDF format.

The FDA continues to signal that food enforcement is back in fashion.

Last week at a press-only briefing the agency tried to demonstrate its proactive side, saying it was “taking steps to protect the public following the early identification of Salmonella Tennessee in one company’s supply of hydrolyzed vegetable protein (HVP) and again last week the agency issued an open letter to the food industry calling for more transparent product labels.

So what’s it all mean?

We spoke recently with Kim Egan, partner in the law firm DLA Piper’s Product Liability practice, and a regular source for us on these and other FDA-related matters.

“The food industry is facing a “perfect storm” — high-profile food-borne illnesses continue to plague the global supply chain, prompting President Obama to create the Food Safety Working Group, and the First Lady has declared war on childhood obesity, including a focus on food industry marketing to children, “junk” food in public schools, and the nutritional content of school lunches,” Kim points out.

I happened to see the harrowing film “A Perfect Storm” at my sister’s house last week and if I am an official in the food industry, an expert like Kim using “Perfect Storm” and “Food Industry” in the same sentence would get my attention.

Kim notes that President Obama said in a March 2009 weekly radio address that “At a bare minimum, we should be able to count on our government keeping our kids safe when they eat peanut butter.  That’s what Sasha eats for lunch.”

The Executive Memorandum announcing the First Lady’s Let’s Move campaign said that “[n]early one third of children in America are overweight or obese — a rate that has tripled in adolescents and more than doubled in younger children since 1980.  “Taken together, the new Administration’s focus on food has in turn pushed FDA to renew efforts to improve food safety and more aggressively enforce existing food labeling regulations,” Kim adds.

It’s all part of a more active FDA across the board, Kim notes.

“FDA has stepped up enforcement of existing regulations.  In August 2009, FDA reorganized its food oversight function and moved the Office of Foods into the Office of the Commissioner, giving food safety and food manufacturing enforcement greater visibility.  FDA appears to be focusing particularly on health claims made by food manufacturers, such as its recent warning letter to General Mills that it had no scientific evidence to support cholesterol claims on Cheerios cereal,” Kim adds.

As Kim explains, FDA said that the General Mills claims that Cheerios reduced cholesterol meant that General Mills was advertising Cheerios as a drug, an unapproved one at that.  FDA has also been focusing on health claims made by dietary supplements, the most notable examples of late being dietary supplement products that purported to be effective against the HINI virus.  There is an effort underway to improve front-of-label nutrition information for all food packages, and Senator McCain introduced legislation in February 2010 to strengthen FDA authority to regulate dietary supplements.

Congress has had food safety legislation in the works for a couple of years now.  Highlights of that bill include:

• The Food Safety Modernization Act that is now making its way through Congress will require foreign suppliers to use “risk-based reasonably appropriate preventative controls” to prevent adulteration and reduce hazards.
• FDA would be required to implement new food safety regulations within a year of enactment.  FDA would also have two years from enactment to “expand the technical, scientific and regulatory capacity of foreign governments,” which could include multilateral agreements and international harmonization of the Codex Alimentarius.  FDA would also be required to expend resources on foreign inspections.
• Having said that, however, the majority of food-borne illness outbreaks since 2006 have been caused by domestic products or other products from North America , including fresh spinach, peanuts, jalapeno peppers, and tomatoes.

“In short, we can expect further pressure on food manufacturers to improve quality control,” Kim says.  “We can also expect continued pressure on food manufacturers to adhere strictly to promotional and nutritional labeling requirements, and we can expect those requirements to change in some possibly meaningful respects in the coming years.”

For more information, request “The New FDA Drive for Food Safety” paper here: