how digital can improve regulatory compliance …...how digital can improve regulatory compliance...
TRANSCRIPT
How Digital Can Improve Regulatory Compliance for Life Sciences
Life sciences organizations should apply digital tools and techniques to define, refine or redefine IT process documents, plus provide meaningful training, to ensure employee awareness and boost regulatory compliance.
Executive Summary
In today’s world, where pharmaceuticals and
medical device organizations — collectively called
life sciences organizations (LSOs) — are increas-
ingly working with global partners and service
providers, it is critical that employees are fully
aware of, and adhere to, all regulatory compliance
requirements. Even though regulatory compli-
ance training is mandatory before the start of any
LSO’s IT project, the mandate often stops at the
“how” part of the compliance process rather than
including the “why.”
The issue assumes greater significance in con-
tract research organizations (CROs)/contract
manufacturing organizations (CMOs) and IT ser-
vice providers. Here, individuals often move from
varied and nonregulated industries into LSOs,
wherein the lack of “control” over their activities
and deliverables can result in noncompliance.
To effectively ensure that critical applications
which manage food, drugs, patient and clinical
data (GxP applications) comply with industry
and government regulations, LSOs must focus
Cognizant 20-20 Insights | June 2018
COGNIZANT 20-20 INSIGHTS
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 2
on established standards such as Title 21 Code
of Federal Regulations (CFR) Part 11 (Electronic
Records and Electronic Signatures) in process-
ing electronic data that U.S. FDA predicate rules1
require. They must also maintain good automated
manufacturing practices (GAMP) and validate IT
applications to comply with industry and manda-
tory regulation.
This white paper identifies and describes the
actions LSOs must take regarding their people
and process documentation to ensure sustained
compliance.
REGULATORY COMPLIANCE CHALLENGES
Employees responsible for regulatory compli-
ance, particularly in start-ups and LSOs with
less-than-optimal quality management sys-
tems, may have different interpretations of the
established processes. When mandatory process
documents and trainings designed to achieve
regulatory compliance do not consider user
experiences, they can lead to inconsistencies,
disinterest, frustration, deviations and dissatis-
faction for end users.
The U.S. Food and Drug Administration (FDA)
is serious about noncompliance. In 2017, it had
issued 2362 Good Manufacturing Practices (GMP)
warning letters (see Figure 1).
How the FDA Treats Noncompliance
Warning Letters Issued by the U.S. FDA
• Violation: Failure to establish and follow appropriate written procedures, designed to prevent microbiological contamination in drug products purporting to be sterile (21 CFR 211.113(b).
• Failure to thoroughly investigate any unexplained discrepancy or failure of a batch or any of its components to meet any of its specifications, whether or not the batch has already been distributed (21 CFR 211.192).
Company: *** Ltd. (Date: Jan. 19, 2017)
• Violation: Failure to establish and maintain procedures for validating device design as required by 21CFR 820.30(g).
• Failure to develop, conduct, control, and monitor production processes to ensure that a device conforms to its specifications, as required by 21 CFR 820.70(a).
• Failure to establish and maintain procedures for receiving, reviewing and evaluating complaints by a formally designated unit, as required by 21 CFR 820.198(a).
Company: *** (Date: Aug. 23, 2017)
• Violation: Failure to establish and maintain procedures for verifying the device design to confirm that the design output meets the design input requirements, as required by 21 CFR 820.30(f).
• Failure to establish and maintain a Design History File (DHF) for each type of device, as required by 21 CFR 820.30(j).
• Failure to establish and maintain procedures to control the design of the device in order to ensure that specified design requirements are met, as required by 21 CFR 820.30(a).
Company: *** Inc. (Date: Sept. 25, 2017)
Figure 1
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 3
The best way to incorporate UX into IT process documentation and regulatory compliance training is to include simple examples of how any activity needs to be performed, as well as the adverse impact of violations.
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 4
Regulatory agencies, such as the U.S. FDA, follow
an investigation operations manual and the rel-
evant compliance program guidance manual to
inspect LSOs. If the aforementioned noncom-
pliance examples resulted from the way the IT
systems are governed and managed (or the lack
thereof), then it may result in adverse impacts
like the following:
• Compromised patient safety or loss of thera-
peutic effect.
• Issuance of a consent decree3 enforced by
federal courts.
• Financial and reputational risks.
• Product recalls.
• Expensive remediation efforts.
RECOMMENDATIONS FOR ACHIEVING REGULATORY COMPLIANCE
Achieving regulatory compliance is mandatory,
not optional. If all your resources must con-
sistently adhere to predefined processes, we
recommend that you relook at your current way
of documenting IT processes and training to min-
imize the chance of deviation and increase the
likelihood of regulatory compliance.
Compliance Starts with Quality Culture and User Experience
High regulatory compliance can be achieved only
by designing/redesigning QMS processes and
trainings with user experience (UX) in mind (see
Figure 2). A robust UX can help an organization
ascend the ladder of quality culture from nascent
to mature.
The best way to incorporate UX into IT process
documentation and regulatory compliance train-
ing is to include simple examples of how any
activity needs to be performed, as well as the
adverse impact of violations.
Although regulations and mandates drive the
regulatory compliance processes, we recom-
mend LSOs leverage UX as an additional lever
for designing compliance training processes that
deliver favorable outcomes.
Processes that are tedious and confusing for end
users will lead to:
• Disinterest.
• Frustration.
• Inconsistencies.
• Deviations.
• Dissatisfaction.
Designing in Compliance from the Get-Go
Key Driver Adapting to RequirementMaintaining the ConnectBridge The Gap
Processes should be defined/
refined/redefined considering
the user experience, rather
than the quality management
perspective alone.
It is imperative that training
programs/processes be redesigned
from a people’s perspective so
that everyone understands the
principles behind regulatory needs.
A platform for regular interaction
between the compliance expert
and participants to address
queries in real-time scenarios.
Relying more on process
automation using digital tools.
Use gamification techniques.
User Experience (UX)
Redesign Training Programs/Processes
Mentorship Sessions
Leverage Digital
Figure 2
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 5
Focus on Redesigning IT Process Assets
Beyond IT systems, LSOs must also consider
compliance from a people perspective. Pro-
cesses impacting regulatory compliance should
be designed/redesigned with UX in mind, rather
than merely a quality management point of view.
This can be achieved by the following means:
• Simplify existing processes to optimize ease-
of-use.
• Keep the UX in mind and customize the pro-
cess FAQs.
• Make the process model responsive for con-
tinuous user feedback.
• Focus on real-time examples while redesign-
ing processes.
Simplified, Easy-to-Use Processes
The success of any process is in implementation
and compliance. To achieve these goals, doc-
uments should be simple and easy to use. For
example, change management processes should
be designed to make it easy to understand the
relevance of each step and to follow the process
properly. The importance of each step, in addi-
tion to the effort/time involved in completing it,
should also be considered when designing/rede-
signing processes.
Availability of Process FAQs
FAQs should be designed after discussion with
teams/stakeholders for each process to minimize
dependence on experienced trainers/mentors.
This will substantially reduce effort subsequently,
allowing increased focus on core activities.
Making Process Model Responsive to Continu-ous User Feedback
Existing processes should be reviewed with all
stakeholders every three years at minimum,
unless there is a significant need to change in the
meantime due to regulatory mandates. This pro-
cess model should be flexible enough to take the
inputs from stakeholders and to refine/redefine
the processes using interactive online forums, as
needed.
Use Real-Life Examples/Scenarios When Redesigning Processes
IT process documents should incorporate plen-
tiful real-life examples, including bottlenecks or
exceptions, acceptable durations of activities,
and details about ownership or responsibilities of
tasks and activities.
In an IT change management process document,
for example, the change management workflow
using swim lanes, actors, list of actions, approval
time frames, etc. should be included, along with
details about managing this workflow in the tool.
This will make users fully aware of details in the
change management process, including actors,
actions, and how to avoid or minimize adverse
consequences.
How Digital Can Improve Regulatory Compliance for Life Sciences | 6
Cognizant 20-20 Insights
Focus on Redesigning Training Programs
Orientation Programs: A Regulatory Prerequisite
To bridge the gap between the “how” and “why”
of any compliance-related process, it is imper-
ative that all IT personnel attend orientation
sessions on the principles behind regulatory
needs, in addition to mandatory training.
The scope of this session should cover important
regulations and compliance needs mandated by
various agencies. This session should do the fol-
lowing:
• Be instructor-led.
• Comprise real-life examples to improve user
engagement.
• Explain how and why examples are imple-
mented in LSOs.
• Highlight the risks or failures of noncompli-
ance.
The Merit of Mentorship Sessions
Mentorship sessions provide a platform for regu-
lar interaction between experts and participants.
The key benefits include the following:
• Address compliance-related queries using
real-time project scenarios.
• Ensure that mentees understand their roles in
regulatory compliance.
• Provide feedback on existing processes.
Mentorship sessions will enable participants to
adapt to specific regulatory requirements and
improve compliance to QMS processes.
Customized Process Training
Internal process regulators/reviewers should be
assigned to identify and handle regulatory compli-
ance trainings, at the initial level. Since different
users are at different levels of understanding,
process training should do the following:
• Be simple and clear.
• Elaborate how an activity needs to be
performed.
• Explain why the process is designed in a
particular way.
• Elucidate all (basic to complex) queries on
regulatory compliance.
Taking an Optimized Approach to Training
A comprehensive and effective approach to
training is critical to ensure alignment with pro-
cess and governance. This includes the following:
• Full support and endorsement by manage-
ment.
• Properly designed and coordinated courses.
• Designation of an accountable individual as
training leader.
• Recognition of training programs as continu-
ous education opportunities.
To bridge the gap between the “how” and “why” of any compliance-related process, it is imperative that all IT personnel attend orientation sessions on the principles behind regulatory needs, in addition to mandatory training.
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 7
To assess and refine the training programs, and
ensure agility and scalability, we recommend
the following steps to the training management
team:
• Build a training assessment plan:
» Mandate role-based training.
» Specify average training hours
(e.g., 60 to 70 hours per year).
» Reward participation.
» View nonparticipation seriously and
initiate consequence management.
• Define a training objective by ensuring that
the strategy’s “why” is communicated clearly,
and ensure the availability of a best-in-class
training team. Include experts from:
» Within the department.
» Outside the department.
» External to the company
(from the industry).
All possible orientation aids, including presenta-
tions and active interactions, should be leveraged
and deployed by the instructor.
APPLY ‘DIGITAL’ TO ACHIEVE YOUR OBJECTIVES
To reach the organization’s regulatory compli-
ance objectives, we suggest the following steps:
• Automate processes using digital tools:
Automating key processes will reduce manual
intervention and minimize errors. For exam-
ple, manual user access management will
be error-prone and lead to noncompliance,
exposing organizations to unwarranted risks.
Automating the user access management
process mitigates these risks and enhances
compliance.
• Employ gamification: To make the processes
and trainings more interesting, design/rede-
sign QMS processes and training curricula
using gamification concepts and techniques.
• Use swim-lane techniques to pictorially rep-
resent process workflows.
• Create e-learning modules for refresher
courses, in addition to classroom sessions and
mentors.
• Enable course access through mobile
devices.
• Leverage smartboards in classrooms and
brainstorming sessions to capture ideas for
further analysis and improvement.
The benefits of improved regulatory compliance
can be measured by:
• Enhanced compliance with regulations and
mandated processes — leading to no (or mini-
mal) risks to IT systems and end users.
• Reduced risk of financial penalties, adverse
impact on market share and unannounced
agency audits.
• Greater compliance levels can be attained
when process adherence is a pleasant expe-
rience.
• Higher organizational alignment can be
achieved when users get compliance right,
the first time.
• Loss avoidance, both financial and reputa-
tional.
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 8
Quick Take
Turning Adherence Observations & Data into ResultsA global leader in pharmaceuticals product R&D was hard-pressed to trans-
late data quality observations and hard data into insights during monthly
audits of its IT incident/problem management process. The company found
that the team members lacked the clarity on the “why” aspect of the compli-
ance process, which undermined its ability to build a fact-based assessment
of adherence levels. To reduce the gaps, the following actions were taken:
• Redesigned IT process: » Workflows were created on the IT incident/problem management pro-
cess, with examples.
» User feedback sessions on IT processes were organized to happen every six months.
» IT processes were mandated to be reviewed and amended wherever needed.
• Redesigned training program: » Workflows were used in training sessions, using presentations with
appropriate animations, to enable the team members to comprehend the reasons for the workflow itself.
• Mentorship sessions: » A quality mentorship program was introduced wherein new team mem-
bers could reach out to mentors experienced in QMS for clarification on all compliance-related issues.
Benefits included:
• Internal audit observations were reduced by 50%.
• Risk of noncompliance was reduced by ~20%.
• Rate of first-time compliance was improved by 8%.
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 9
Jancy Mascarenhas Consultant, Cognizant Consulting’s Process & Quality Consulting Practice
Jancy Mascarenhas is a Consultant within Cognizant Consulting’s
Process & Quality Consulting Practice. She is a member of the
International Society of Pharmaceutical Engineering (ISPE) Asso-
ciation, India, is ITIL v3 Foundation certified, and is a ISO20000
lead auditor certified professional. Jancy has over 12 years of IT
experience in service management across the banking and the life
sciences industries, specializing in auditing, software quality assur-
ance, IT quality and regulatory compliance. She can be reached at
ABOUT THE AUTHORS
FOOTNOTES
1 Predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act or any
U.S. FDA regulation other than Part 11.
2 www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm.
3 A consent decree in the life sciences industry is a written order from a judge that prohibits a company from marketing and
selling its new products until its noncompliances on existing products are corrected and the LSO is approved by the federal
agency.
REFERENCES
• www.fda.gov/default.htm.
• www.ema.europa.eu/ema/.
• www.gov.uk/government/organisations/medicines-and-healthcare-products-regulatory-agency.
ACKNOWLEDGMENTS
The authors would like to thank Kenneth Strode, Senior Regulatory Compliance Officer who works in Cognizant’s Life Sciences
Regulatory Compliance Office and Legal, Global Compliance, Privacy & Ethics, for his valuable input and feedback.
Cognizant 20-20 Insights
How Digital Can Improve Regulatory Compliance for Life Sciences | 10
Rajesh Anantharaman Consultant, Cognizant Consulting’s Process & Quality Consulting Practice
Rajesh Anantharaman, CISA is a Consultant within Cognizant Con-
sulting’s Process & Quality Consulting Practice. He has over 13 years
of experience in the medical devices and life sciences industry,
specializing in software quality assurance, quality systems, quality
engineering, supplier development, auditing, IT quality and compli-
ance, regulatory compliance and equipment validation. Rajesh can
be reached at [email protected].
ABOUT THE AUTHORS (cont.)
Ramachandran S Senior Manager, Cognizant Consulting’s Process & Quality Consulting Practice
Ramachandran S is a Senior Manager within Cognizant Consult-
ing’s Process & Quality Consulting Practice. He has decades of
experience in the banking and IT space. Ramachandran’s area
of specialization is setting up the testing processes for cus-
tomers across numerous geographies. He can be reached at
World Headquarters
500 Frank W. Burr Blvd.Teaneck, NJ 07666 USAPhone: +1 201 801 0233Fax: +1 201 801 0243Toll Free: +1 888 937 3277
European Headquarters
1 Kingdom Street Paddington Central London W2 6BD EnglandPhone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102
India Operations Headquarters
#5/535 Old Mahabalipuram RoadOkkiyam Pettai, ThoraipakkamChennai, 600 096 IndiaPhone: +91 (0) 44 4209 6000Fax: +91 (0) 44 4209 6060
© Copyright 2018, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means,electronic, mechan-ical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.
TL Codex 3683
ABOUT PROCESS & QUALITY CONSULTING
We provide digital advisory, architectural and transformational services to enable organizations to innovate and deliver enterprise quality at speed and scale with a focus on transforming IT for scalability and velocity. We enable the customer on assurance of quality, security and regulatory compliance of their business processes and ensure value delivery. We also focus on design strategies and new-age quality architectures for clients’ digital transformation initiatives.
ABOUT COGNIZANT
Cognizant (Nasdaq-100: CTSH) is one of the world’s leading professional services companies, transforming clients’ business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innova-tive and efficient businesses. Headquartered in the U.S., Cognizant is ranked 195 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.