Good day and Hello,
Once again comments have appeared
regarding that utopian existence – the no blame culture society.
I was with a company as a
consultant who at middle management level declared they operated within a no
blame culture. It only took days to
realize that the department head was incompetent (his incompetence turned out to
be the reason my presence was required).
So does the incompetence of the perpetuators of this type of culture,
drive them into trying to remove accountability, and hence responsibility?
The regulations governing and
controlling the pharmaceutical industries are peppered with “must”, “will” and
“shall”, all definite instructions to conform or comply with some rule or
regulatory requirement. There
seems little or no option to interject and add “if you don’t, don’t worry about
As for the regulators, at an FDA
debrief, we were informally told that the penalty from deliberate miss-use of
passwords should always be dismissal.
That sounds pretty blame free, does it not.
High on the list this month has
been the subject of Vendor Auditing.
I have audited some of the largest companies around and some times with
multimillion dollar contracts hanging in the balance.
You have got to be well
documented. You are going to face
some of the most able sales guys in the world, backed up with highly qualified
However, your client, on your
recommendation, is going to spend these vast sums purchasing a system that must
be delivered, installed, commissioned and successfully validated, to a strict
Use a reputable known quality
Have a written justification for
every audit question.
Demand document evidence of
conformity for every question.
Use an analysis tool to reduce
the audit summation to a percentage figure.
At the end debrief give them an
honest overview (not detailed).
Accept verbal assurances – if
they cannot show you documents they haven’t got it.
Allow them to set the pace - you
know what you have to get through.
Stray from your approved
Accept hospitality until the
audit is finished.
There may be considerable sums
There maybe reputations and even
You could be challenged
personally or professionally.
You could be ask to justify your
audit by your client.
You may have to justify your
audit in a court of law.
The Vendor audit document
has been used and developed over several years and was the actual document
developed to audit all of the companies selected for the proposed DCS
standardised system for Pfizer.
There seems to be a lot on new
people dealing with Part 11. We are
getting queries that I thought had been argued out four or five years ago. However here we go.
Regarding software systems that
the vendor states are part 11 compliant.
I could name and shame several large equipment companies that have and
still are making such claims.
However, you cannot make system part 11 compliant if it does not have the
basic functionality (as detailed in the rule). When we are talking to clients, we
usually advise that the software functionality comprised perhaps 66% of the
requirement and procedures 33%, obviously very approximate estimates. On the initial (for part 11) regulatory
inspections, I was taken by surprise with the rigor applied to some of the
security procedural aspects of the rule.
The biggest single problem with
Part 11, is that it usually (definitely not always) applies to data, that if
adultered, would adversely affect product quality. We all know that this requires the
equipment software validation, to be in accordance with requirements for Full
Life Cycle Validation (FLCV).
Now the problems start, there is
an almost endless list of laboratory, building management, ERP, planning,
process and test equipment that uses developed software. i.e. when software became available it
was used as a nice aid to the user.
The software was then developed over the years – until suddenly Part 11
was required. In some cases they
went back to the drawing board, however in the majority of cases they patched
basic Part 11 compliance, into a system that had evolved.
With no concept, development,
testing, or modification history or records it was and still is impossible to
satisfy the FLSV requirements.
There are ways to get round this, but they are to protracted to detail
Before the purchase of any such system the buyer must have a
detailed URS, and vender must unequivocally guarantee fulfilling all of this URS