Compliance Zen

06 September 2011

Recent 21 CFR 11 Questions & Answers

Since FDA announced its intent to vigorously enforce 21 CFR 11, I've collected various questions posed by attendees at my workshops and speeches on 21 CFR 11 compliance. Now, one year later and a year's track record of Part 11-related FDA Warning Letters, I thought it might be time to walk through a few of the most common questions and answers. Hopefully, this will help you stay on the right track when it comes to validating non-product software, computerized systems and Part 11 validation.

Q: Will the FDA cite you for 21 CFR 11 non-compliance?

Yes...and no. Unfortunately, despite FDA's intent to raise the enforcement profile of Part 11, no Warning Letters actually cite 21 CFR 11, only the predicate rules. That said, the agency is trying to make clear the responsibility of firms to comply with Part 11 rules for electronic information:

You are responsible for the accuracy and integrity of the data generated by your firm. Provide a more comprehensive corrective action plan to ensure the integrity of all data used to assess the quality and purity of all drugs manufactured at your facility, including any registration lots. (Warning Letter to Cadila Healthcare, June 2011)

Or this one:

You are responsible for the accuracy and integrity of the data generated by your firm. A firm must maintain all raw data generated during each test, including graphs, charts, and spectra from laboratory instrumentation. These records should be properly identified to demonstrate that each released batch was tested and met release specifications. Appropriate record retention policies should also be in place. … Should product quality or safety concerns arise in the future, the original records pertaining to batches listed in an application may be integral in providing reasonable assurances to the Agency regarding a product and integrity of data submitted to support it. (Warning Letter to Ningbo Smart Pharmaceutical Co., February 2011)

As should be clear from the above Warning Letter excerpts, FDA’s enforcement emphasis for Part 11 compliance is all about how companies ensure — or fail to ensure — record integrity (including, as in the Ningbo situation, appropriate FDA records and document retention).

Q: Does the FDA conduct random 21 CFR 11 only inspections?

No. The FDA does not conduct random Part 11-only inspections. The only reason a stand-alone, "for cause" or PAI-type of Part 11 audit occurs is because the agency has very serious concerns regarding data integrity directly impacting product safety (i.e., impacting public safety). Since 1997, the only examples of stand-alone Part 11 audits that I know of involved one the following:

whistleblower complaint alleging data fraud (triggered a "for cause" inspection)
submission with serious data integrity issues (triggered a pre-approval inspection)
meta-analysis of adverse event reports, clinical trial data, etc. led to a "for cause" inspection of a contract research organization

The problem, of course, is that these situations ended up blind-siding the firms involved and their management. Thus it seemed like it was random. Executives had zero idea that these inspections would occur because the data in question was in a submission, in an adverse event report, or was part of a whistleblower complaint from a disgruntled former employee. This was all data and historical documents that the firm thought it was "done with" and there were no more risks when the FDA knocked on the door.

As I point out to my clients when I help them put in place lean Part 11 controls, the records and documents that trigger Part 11 concerns tend to be all the stuff that people have completed. You are no longer paying attention to such historical info. Ironically, once you're "done with" the processes and projects that generated the data, that's when FDA actually starts paying attention. So the key is to have Part 11 controls such as validation, qualification, electronic security, qualified IT vendors, and a FDA records retention policy that work for both active and archived records.

Q: Do I need to validate commercial software like Microsoft Word or Excel?

No. Nor will you be able to without significant input from Microsoft - input you will not get unless you can write a multi-million dollar check (and not have it bounce). Here's what George Smith, the chair of FDA's internal Part 11 working group has to say on this:

Validation is to intended use. Thus, the exact same two computers or two exact same software installations at two different companies produce two different sets of records.

In other words, you validate the process in which you use Word or Excel (or any other commercial software) for its intent (production and maintenance of a record, computation of a formula, etc.). The degree of risk associated with the process/data will drive the level of validation needed and the degree of Part 11 controls necessary on the automation involved and the records generated.

Thus, if I use a spreadsheet macro in order to calculate a critical quality attribute of temperature, then I'd validate the macro itself and ensure a significant number of controls on the macro (so it wasn't accidentally messed up if an Excel patch is auto applied) and on the data results. I would not go about trying to validate Excel as a piece of software. Incidentally, a good resource on spreadsheet macro validation in laboratory environs is Ludwig Huber's LabCompliance.com site.

Likewise, if I use Word to author SOPs, I would not validate Word per se but rather validate my SOP process that happens to rely upon Word to automate some aspects (spelling, etc.). In this light, my validation efforts will likely be very light (afterall, how many of us have the money and time to spend conducting process validation on our SOP of SOPs process?).

The key is to view any commercial software as a tool. When it comes to off-the-shelf software, think of Part 11 validation as automated process validation rather than computer validation. The Part 11 controls then largely center around ensuring data integrity (i.e., data integrity tips or steps).

Q: How do I deal with a software vendor who issues automated patches (such as virus scan engine updates, bug fixes, hotfixes, etc.) and won't agree to notify us ahead of time?

This is why you cannot validate commercial software - you have zero control over it. Without control, there is no validation.

And yet you still have to manage changes to the environment in which your electronic records exist. Remember, your personnel perform various regulated actions, undertake specific processes, and make decisions using those records (which are, in turn, reliant upon an IT infrasctructure that is in a "state-of-control"). This is how IT compliance, and 21 CFR 11 compliance in particular, goes awry. Where do you start? How do you control an IT environ over which your vendors exert considerable influence?

In general, the best answer is make the decision that my clients have taken - to bring an outside expert to either run a Part 11 workshop for the firm, to help draft 21 CFR 11 validation protocols, to conduct a mock Part 11 audit, or some other means by which your site specific questions can be addressed.

In the context of dealing with a vendor who issues automated software updates, the best approach that I've seen over the past decade take a three-phase tact:

Compile a "pre-approved" change list that then goes through normal change control
Conduct quick, basic, retrospective testing when such updates are noticed AND they may have an impact to the electronic data
Have Quality audit to the above.

Number two - the quick, basic, retrospective testing - can get tedious and potentially allow for IT and Quality to start arguing over what should have been noticed, what should have been retrospectively tested, etc. Avoid this by agreeing on some common criteria. For instance, any patch that states upfront it "affects data stability" (from an old Microsoft patch for Windows a few years back), should get some testing. Another example is large service packs (in other words, if the patch is big enough for the vendor to change its CD/DVD press labels, it's large enough for you to do some testing).

Next Steps

When was the last time you cringed after reading an email regarding Part 11 by someone in your organization? Or listened as someone listed off all the expensive, costly ways in which Part 11 was too much for your company? Maybe it was last week or last month. It’s not that your colleagues and team members don’t care about Part 11, it’s that they just don’t know how to move from last century’s misinterpretations and frustrations to today’s lean Part 11 compliance.

Your Quality, Regulatory Affairs, IT, Records Management and other operational employees must know how to work effectively and productively under Part 11 rules.

I started Cerulean Associates LLC to provide this type of practical, lean compliance advice on 21 CFR 11 compliance. As an FDA inspector-trained Part 11 expert, I have 20 years of business expertise being accountable for regulatory compliance (and the costly mistakes to prove it). If you'd like to learn more about avoiding FDA Part 11 and business trouble, visit my Part 11 consultant page or simply contact me directly.

I look forward to your feedback.

Posted at 04:37 PM in Audits & Inspections, IT Compliance (Part 11), Records Management & Retention | Permalink | Comments (0) | TrackBack (0)

15 August 2011

Results from Annual FDA Supplier Quality Congress

Supplier quality management is complicated enough. Yet, too often, we shoot ourselves in the foot, making supplier qualification and oversight more complicated, more removed from business realities than necessary. This was the common theme amongst speakers and attendees at FDAnews' third annual Supplier Quality Management Congress.

I was fortunate enought to chair the three day event, from August 9th-11th, with speakers from FDA, pharma and device firms, and suppliers to the industry. To start the conference, my friend, Dan O'Leary, and I provided a half-day workshop on practical approaches to cost-effective supplier qualification and management. A standing-room only event, the workshop went extremely well and far too quickly, with a good mix of conversation, Q&A, and laughter. Below are two slides excerpted from our workshop:

We provided attendees with a set of implementation tools in PDF, Word and Excel format:

Supplier quality ranking radar chart
Overall process map for supplier qualification
Sample SOP for supplier selection and qualification
Audit checklist
Base questionnaire for all suppliers
A more comprehensive questionnaire for more critical suppliers
Supplier re-evaluation form

Throughout the half-day pre-con workshop, we worked through various excercises and questions, and provided copies of multiple regulatory guidance documents as well as items used internally by FDA to train their inspectors. The workshop was very lean compliance-minded. We focused on how to actually implement compliant and effective vendor qualification and oversight to meet FDA, GHTF, and ICH harmonized requirements (with a little ISO thrown-in).

We also discussed differences and expectations - including cost ranges - for mock FDA audits versus more laser-focused, single process audits. While many of us are aware of mock FDA inspections, one tactic I'm increasingly advocating as a more cost-effective, more risk-based approach for supplier oversight is critical process audits. As I conceive of it, a critical process audit of a supplier is much like a mock FDA audit or third-party supplier qualification audit, but is ONLY focused on one or two critical processes at the supplier. Thus, it provides the same level of third-party, independent verification, but at lower cost because it only looks at supplier processes critical to your product or compliance status.

As an example, think of a supplier such as a contract sterilizer. Do you really need to know about their CAPA process and their training procedures? Maybe. But put this in the context of what you're using that supplier for - sterilization services - and the context of your business and available budget. Is it better to spend your budget on one big mock FDA audit of a single supplier, OR spend your money on multiple audits of the critical processes that you are using multiple suppliers for? In other words, should you spend $10K on a mock FDA audit of a contract sterilizer when, for that same $10K, you could hit five different suppliers by spending $2K to audit the contract sterilizer's sterilization processes, then another $2K on a different supplier's critical activity for you, then another $2K on a third supplier and their critical activity, and so on.

By relying on a judicious mix of remote qualification (e.g., a supplier qualification), contractual agreements and monitoring, and laser-focused audits of the critical processes actually directly relevant to your product, you minimize your risk, meet FDA, GHTF and ICH requirements, AND maximize your funds. It's a win for you, a win for your company (and your management team), a win for compliance, AND a win for the suppliers (because they don't need to devote multiple days to hosting your audit team).

The key is to select processes strictly on the basis of current and/or intended use of the supplier using a risk-analysis of their impact to your product (and your compliance).

Some of the other key learnings fro the conference included:

FDA has really stepped up its border enforcement and product holds (and such holds can be based solely upon "appearance")
When it comes to supplier agreements, FDA is increasingly examining the concept of "authority" - did the person approving and signing the quality agreement have the authority to commit the company and the capability to enact the terms of the agreement
Counterfeiting of medical devices is growing (as anticipated in Get to Market Now!, pp. 106-108)
Do not write into your SOPs that all suppliers will have a quality agreement as some suppliers will simply refuse (even if you are the 800-pound gorilla in the relationship) and you will then be in non-compliance with your own SOPs
Courts are increasingly looking at the preamble of the regulations as a means test to determine the intent behind the written regulations
FDA is growing increasingly frustrated with companies who hire consultants whose only qualification is that they are "ex-FDA" or "former FDA" (as one FDA safety officer noted, "Just because someone worked for FDA does not mean they are experts or that they understand current rules and expectations - how many of your former employees would you suggest someone pay as an 'expert' on your company?")
When dealing with virtual suppliers, your internal supplier controls are paramount
In any agreement with a supplier make sure you work with your legal department to define a "material breach" - is a material breach a deficiency in the supplier's quality system? Is it more than 3 days of a shipping delay? Is it a reject rate greater than 20%?
For any supplier qualification process and supplier management process, plan ahead to determine what documented evidence you will want to retain to prove compliance AND limit your liability
Make sure you understand the document retention requirements for both FDA and other associated regulations - firms need to have an FDA records retention policy, and ideally one that can also meet EU lifecycle document management expectations

Obviously, in three days' time, with a dozen different expert speakers, there was far more information and insight into compliant supplier qualification than I can cover here. More analysis and recommendations will be in several of my regulatory intel newsletter issues later this year.

Posted at 01:23 PM in Event & Publication Calendar, FDA Intel, Lean Compliance, Supplier Management | Permalink | Comments (0) | TrackBack (0)

20 July 2011

FDA Strengthens Global Supplier Oversight

FDA Commissioner Hamburg has created a new FDA enforcement directorate, the Office of Global Regulatory Operations and Policy, under Deb Autor. The goal is to strengthen FDA oversight and enforcement of global supplier controls regardless of whether the product in question is a medical device, diagnostic equipment, drug, biologic, or nutritional supplement. As Hamburg noted in her announcement letter, "We have seen the dramatic transformation of globalization – more products, more countries, more access by consumers and companies to global supplies – and this presents an enormous challenge to FDA in ensuring the safety and quality of the products we regulate. In an ever more complex world, products and services do not fit into a single category [such as a drug or a device]."

This dovetails with what I wrote two years ago in Get to Market Now! Turn FDA Compliance in a Competitive Edge:

There should be little doubt that FDA regulations governing pharmaceuticals and biologics will look increasingly like the regulations governing medical devices and diagnostics, with an emphais on risk-based controls, quality by design, and international cooperation. ... For the drug, biologic, or device executive, experience with FDA regulations is no longer enough. ...traditional approaches to compliance-related issues, from FDA enforcement responses to the submission of applications to market a new drug or device, are increasingly out of date. Executives who fail to adapt their 20th century philosophies to the new realities of the 21st century regulatory landscape will find the odds increasingly stacked against them (excerpted from pp. 26-29).

So what will this new FDA office look at when it comes to international supply chain enforcement in the 21st century?

According to Hamburg, the new directorate has "A mandate from me to make response to the challenges of globalization and import safety a top priority in the years to come." Well, what does that mean in the day-to-day faced by industry?

Clues can be found in the regulatory harmonized GHTF guidance, Audits of Manufacturer Control of Suppliers. As I wrote in a regulatory analysis article, "FDA Inspectors, the GHTF & Supplier Controls," in the SmarterCompliance newsletter last year:

Firms that outsource to a CRO or a CMO should plan for the FDA inspector to spend his/her primary efforts on scrutinizing the firm's supplier selection, evaluation, qualificaiton and oversight processes.

Specifically, as part of global supplier oversight, FDA will look at how a firm conducts:

supplier management, oversight and re-evaluation
supplier selection and qualfication
change management of materials and suppliers
risk evaluation and mitigation associated with materials and suppliers
incoming materials inspections
corrective and preventative actions associated with materials and suppliers
supplier audits - both internal suppliers (i.e., subsidiaries) and external suppliers
internal quality audits and follow-up actions

Add to this the recently released draft of an ICH guideline on quality system expectations for suppliers of drug ingredients, ICH Q11 Development and Manufacture of Drug Substances, and the FDA's new membership in PIC/S, and we can easily foresee a heightened level of scrutiny on industry's qualification and oversight of their global supply chains over at least the next two years.

Next week, I'm presenting a teleconference on how to take advantage of FDA, GHTF, ICH, and PIC/S documents for inspectors to strengthen and streamline your global supplier management processes. I'll be reviewing in detail:

critical FDA requirements and expectations
recent FDA supplier oversight enforcement actions
a six-step supplier qualification and oversight process compliant with FDA, GHTF, ICH and ISO
additional lean compliance aspects to consider

And, of course, throughout the teleconference, lots of practical tips and lessons-learned suggestions. Attendees at the live teleconference will also receive 18 different inspector training documents with questions and points of inspector interest that can easily be adapted into your quality system's internal audits and supplier qualification audits. Learn more and register online at: FX Teleconferences.

Posted at 02:29 PM in FDA Intel, Supplier Management | Permalink | Comments (0) | TrackBack (0)

29 June 2011

Data Mining and FDA: What's Missing?

The FDA recently awarded Johns Hopkins University a three-year contract to develop advanced analytical strategies to mine the data residing within multiple FDA databases. The goal is to find ways to allow drug and diagnostic firms access to anonymous premarket data (from submissions, failed clinical trials, etc.) related to safety and efficacy for specific patient subpopulations. The project will, as FDA's Dr. Seyfert-Margolis notes, allow the agency to use "data mining with an eye towards sub-stratification of patients for efficacy and toxicity predictors."

Meta-analysis and data mining is actively encouraged in other product development fields outside of the life sciences. New product development specialists even have a term for such endeavors, "bookshelving." The intent is to flag previously gathered data from past products, experiments, failed innovations, consumer feedback, and so on, in order to take one of three possible actions: skip portions of the development process, avoid dead-ends, or better target a product toward a specific set of consumers. In my book, Get to Market Now! Turn FDA Compliance into a Competitive Edge in the Era of Personalized Medicine, I walk readers through how to incorporate this type of meta-analysis and data mining in preclinical and clinical development, as well as include it in quality by design implementation and submissions.

A study published by the Tufts Center for the Study of Drug Development found that less than half of pharmaceutical and biotechnology firms today are pursing personalized medicine projects in their pipeline. Given the slow - admittedly steady - progress of the FDA to publish guidelines associated with various aspects of personalized medicine development and commercialization, it is a testament to the industry's belief in personalized medicine that so many projects are underway without firm FDA rules in place.

Unfortunately, FDA's contract with Johns Hopkins University does not also cover all the postmarket data in FDA's possession. While some postmarket data is available already publicly, there is little doubt that the agency has access to a great deal more. And to realize the greatest return on investment in data mining, bookshelving and personalized medicine development, as much data as possible needs to be included in any meta-analysis. Forcing firms to seek out other individual postmarket databases will not only slow their meta-analysis, it will jeapordize the integrity of any results. Afterall, what if the one postmarket database containing critically relevant information is ommitted from the data mining? How will firms know?

Until the FDA can make all of its premarket and postmarket personalized medicine-related data available, firms may need regulatory affairs data specialists, adept in finding, collating, synthesizing, analyzing data across multiple sources - but do such experts exist?

Posted at 11:15 AM in FDA Intel, Quality by Design | Permalink | Comments (0) | TrackBack (0)

13 June 2011

Building Compliance in India

This Spring I was invited to an International Informatics summit in Hyderabad, India with the aim of discussing global harmonization as a means to a competitive edge, especially when it comes to lab informatics. Hosted by the Waters corporation out of Germany, the two-day summit was an enlightening experience in which to participate and observe the sharing of knowledge about FDA-regulated data integrity inspections, informatics best practices, and the challenges faced by laboratories and manufacturers in an increasingly globalized marketplace.

Waters kindly distributed my latest book on turning FDA compliance to competitive edge to all the attendees as I gave the keynote address. My talk turned on how to take advantage of FDA’s increasing reliance on regulatory harmonization with the ICH, GHTF and PIC/S.

I noted how the FDA and the EMA have begun a pilot program to coordinate their reviews of quality-by-design submissions. Set to last until 2014, the pilot program is designed to ensure regulatory reviewers have calibrated their review criteria. If successful, companies can expect two things:

FDA will require quality by design-based submissions by 2015 or so; and
Companies will then need only compile one core submission (quality by design-based) with minor additions to meet both FDA and EMA requirements for marketing authorization for a new drug or biologic

Thus, given the time the required for a new drug to wend its way through the pipeline, now is the time to start collecting the data in the labs and in pilot plant manufacturing to enable such a harmonized submission.

To understand how important this simplified submission will be, a number of the speakers from local Indian pharmaceutical firms discussed their challenges when it came to informatics in their labs – both nonclinical setting and in manufacturing quality control. Which data rules are important? If a test fails, some regulatory authorities allow a certain number of retests; others allow none. Which to abide by? Going by the most stringent would seem to be the most prudent, but it is also the most costly. And cost is a critical consideration given the revenues of most Indian pharma firms have fallen more than 30% since the worldwide economic struggles began in 2008. With no end in sight to economic malaise in the Western world, Indian pharmas are slowly turning their attention to the developing world and emerging economies of Latin America, Africa and the rest of Asia.

Informal discussions with Indian pharma CEOs and directors made me realize that this shift does not bode well for European and US Big Pharma dreams of entering and dominating these new regions. Indian pharma firms are much better positioned from a cost standpoint and an intuitive understanding of operating in up-and-coming economies than their Western counterparts. And given that most India pharmas are already manufacturing both brand name drugs and their low cost alternatives, the idea of Big Pharma – with its big costs, big overhead, big bureaucracies and 20^th century business practices – competing successfully in 21^st century emerging markets against the more lean, more hungry Indian pharmas must be met with some degree of skepticism.

To succeed, pharmaceutical firms in the US and Europe will need to take a page or two from India. The enthusiasm of Indian pharmaceutical executives, managers, and line workers is palpable. There is a tremendous desire in India to catch up with (and surpass) the West, and to stay at least one step ahead of the Chinese. This double pressure perception, from the top and the bottom, manifests itself in Indian pharmas aggressively scanning the horizon for every advantage they can grab – from new cutting-edge laboratory equipment to simplified, streamlined SOPs designed for ICH, GHTF and PIC/S compliance.

That said, Indian pharmas may – in some instances – be outrunning their compliance infrastructures. The May FDA Warning Letter to Aurobindo Pharma Limited found that environmental monitoring controls and finished product packaging and labeling operations were “inadequate.” While the FDA has few inspectors in India, that the agency can so readily find such inadequacies indicates that Indian pharmaceutical firms still have some ways to go to surpass their US and European counterparts.

From what I saw in Hyderabad, however, such a time is not far off. Indian pharmaceutical firms are taking advantage of India’s decades-old expertise in software development and innovation to re-apply quality lessons learned from IT into drug and biologics innovation. And just as the Indian government provided tremendous subsidies and IT-based R&D tax benefits to Indian firms in the 1980s and 1990s, the Indian government has begun to offer similar such benefits to Indian firms and startups such as the Translational Health Science Technology Institute (THSTI). The THSTI was established in 2009 to speed the development of new drugs using a strategy taken directly from my book: a collaborative drug development strategy, fostering collaborations among healthcare providers, hospitals, academic researchers and biotech companies. This 21^st century development collaboration is already gaining tremendous funding and support from healthcare foundations around the world, the most recent being from the Gates Foundation.

As Big Pharma struggles to shed layers of overhead and redundant sales forces while desperately casting about for ways to invigorate stale pipelines, Indian pharmaceutical firms are racing to succeed in the 21^st century, embracing quality by design, new laboratory equipment, cutting-edge software and lean compliance techniques. I look forward to watching their progress.

Posted at 10:34 AM in FDA Intel, Lean Compliance | Permalink | Comments (0) | TrackBack (0)

24 May 2011

Personalized Medicine and FDA Dance Closer

FDA has taken several more steps toward a 21st century regulatory framework overseeing personalized medicine. In April, FDA's Elizabeth Mansfield confirmed the imminent publication of a draft FDA guidance on the development and labeling of companion diagnostics.

The FDA guidance will require firms to validate a diagnostic test - or verify its compliance with a similarly approved diagnostic - before its use in a clinical trial associated with its companion drug. Such validation will need to include verifying the intended genetic sub-population and the diagnostic's ability to consistently and accurately assess the sub-population. The label of the diagnostic will also need to specify its companion drug.

While some in the industry argue that diagnostics should not be tied to specific drugs, experience with Roche's drug Herceptin has encouraged FDA to push for firms to indicate, at least initially, the specific drug for a new diagnostic. In this way, the agency hopes to encourage drug and biologics firms to partner with diagnostic makers as early as possible, preferrably during Phase II clinicals of the new drug.

This emphasis echoes an argument made in Get to Market Now! Turn FDA Compliance into a Competitive Edge in the Era of Personalized Medicine: that over the next ten years, companion diagnostics will play the leading edge of mainstream personalized medicine.

The agency is steadily pressing the development of regulatory science to meet the personalized medicine evolution. If you've not already visited and bookmarked the FDA's genomics section of its website, I encourage you to do so. The information can help you determine the specific genomics information the FDA wants to see in a submission. This, in turn, can provide valuable reverse engineering insight for planning clinical trials and even companion diagnostic partnerships.

Back in early 2010, I wrote an article for BioProcess International entitled Building Compliance for Personalized Medicine, about the internal compliance frameworks that companies need to be establishing to stay ahead of both the FDA and the personalized medicine curve. The advice within the article is just one set of regulatory intelligence that regulatory affairs and quality system executives and professionals need in order to plan and succeed in the decade ahead.

If you'd like regulatory affairs expert or quality systems expert help in setting up a 21st century regulatory intelligence program, contact me today.

Posted at 11:30 AM in FDA Intel, Quality by Design | Permalink | Comments (0) | TrackBack (0)

10 May 2011

60 Helpful Pharma Sites

Based on the acclaim received for my sold-out presentation on the best 60 websites for device professionals earlier this year, FOI Services is hosting me for a special presentation on the best 60 websites for pharma and biotech executives on May 24.

I'll be running through 60 of the most useful sites - including some specific subsections of the FDA site - that I've found over the past 11 years. I'll show you each site and discuss it's most helpful aspects (IMHO). Along the way, I'll impart tips and tricks on how, in less than 15 seconds, to judge if a website is going to be helpful.

For instance, check out laboratoryretriever.com, a site dedicated to contract labs, contract clinical sites, and so on. Here's my slide for laboratoryretriever.com:

As you can see, I'm quickly communicating the key benefits to a site on the slide, leaving me free to discuss some of the more subtler uses of the site and other tips. So, here's the stuff you can quickly deduce from the slide for laboratoryretriever.com - you can use laboratoryretriever.com to:

Find regulatory jobs, quality jobs, and laboratory jobs
Check out potential contract research organization reviews - nonclinical contract labs or clinical sites
View lots of laboratory resources, links, glossaries, etc. (scroll to bottom of any laboratoryretriever.com page)
Help speed time to market with open innovation resources

Not bad, eh? The trick is understanding what a site is useful for, and then how best to share the site and use it in your environment.

I've divvied up the presentation into five main sub-sections:

New drug development and open innovation sites
Marketing insights
Regulatory compliance advice and help
Industry organizational sites
Reference and miscellaneous sites

Plus I have several bonus "creative downtime" sites you can enjoy (at work or at home).

Registration for the special pharma session is now open through FOI Services. Learn more, read testimonials from attendees of the device website session, and register at: http://www.foiservices.com/tc-docs/moreinfo/may2411.html

Between now and then, if you have a favorite site to suggest - pass it along!

Posted at 09:41 AM in Event & Publication Calendar, Leadership Quick Tips | Permalink | Comments (0) | TrackBack (0)

21 April 2011

Cost of Drug Development Criticized

The journal BioSocieties has published a study critical of the cost estimates of new drug development used by PhRMA and the Tufts Center for the Study of Drug Development. The article, Demythologizing the High Costs of Pharmaceutical Research, notes that PhRMA and Tufts claim costs 18 times higher than those analyzed and verified by the authors: $43.4 million versus Tufts' $802 million and PhRMA's $1.3 billion.

While perfectly accurately costs are unlikely to ever appear without an international, agreed-upon set of "R&D accounting standards" followed by completely open books at thousands of small biotechs and Big Pharmas around the globe, the new medicine cost trend is clearly getting worse. But is cost the *real* issue?

Some key facts (from Is Quality by Design Right for My Organization?):

The average time to market for a new biologic or drug is 10-15 years (1-2 years for discovery, 3-6 years for preclinical, 3-6 for clinical, 1-2 years for review and approval)
Only 8% of new biopharma compounds ever make it to market
Less than one-third of all approved new drugs ever recoup their investment costs
And once a generic hits the market, revenue from the drug declines 80%

So let's put this all in investment terms. Pretend I want to offer you stock in a new company I'll call "Miracle Drug Inc" (MDI). Now, there is only an 8% chance of this company (and your investment) surviving more than 10-15 years. Would you like to invest?

Well, what if I told you that IF MDI survived, your stock will only have a 30% chance to be worth as much as you invested or to make money? Otherwise, you have a 70% chance to just lose money. Still want to invest?

And what if I told you that 8-12 years AFTER your stock actually broke even or made money, it would - guaranteed - lose 80% of its value (and never recover).

Which would give you a more reliable return-on-investment for your money? Investing in MDI and its new miracle drug or hiding your money under your mattress?

This is the real problem - not whether it really costs $43.4 million or $802 million or $1.3 billion to bring a new drug to market - but how to improve the odds of success. Ultimately, it doesn't matter how much a new medicine costs to bring to market as long as the company can make money. But how many of us would give our money away with only an 8% chance divided by another 30% chance just to earn it back?

As I note in my latest book, Get to Market Now! Turn FDA Compliance into a Competitive Edge in the Era of Personalized Medicine, there are really eight powerful factors underlying all of this, and cost is only one:

Healthcare Cost. Let's be blunt: with declining birth rates, aging retirement populations, debt laden societies, and struggling economies, Western countries cannot afford the best of everything any longer. And those patients in emerging markets - from Latin America to China and India - do not make up a wealthy enough consumer base yet to reliably provide the revenue Big Pharma (much less Big Biotech) has grown used to. In other words, the industry is facing customers who cannot afford the latest and greatest products.

Knowledge Specialization. In my lifetime alone, we've gone from just general toxicologists to neurotoxicologists to proteomic-neurotoxicologists. Knowledge - and information - has become so complex, so focused, that I count it as a miracle every drug on the market isn't immediately pulled off as every day seems to bring a new scientific advance that questions safety assumptions we held even two or three years ago. This means that putting together a development strategy is like assembling a puzzle that grows more and more pieces every time you sit down.

Virtual Companies. The advent of the Internet has allowed more and more firms to operate without an actual headquarters, without a manufacturing site, and so on; it's all contracted out or doesn't exist. In the real world, how do you ensure that your new medicine is being manufactured safely or its distributors are storing the medicine properly when your manufacturer or distributor has no physical presence other than a website?

Generations and Demographics. Demographics are working against biopharma companies and will continue to do so for the next two decades. It may seem that lobby groups like AARP and other senior citizen associations help advocate for new biopharma drugs, but then you have to look at the articles in their newsletters and magazines to see their ratings of Internet pharmacies to get drugs cheap. And make no mistake, there is a growing knowledge gap as experienced regulatory professionals retire all over the globe just as biopharma demands cutting-edge, personalized medicine regulatory experience. Think of it this way: Is it easier to simply retire or to have to spend your last few years getting up to speed on this new thing called "quality by design" and how it relates to personalized medicine?

Rapid Rate of Technology. Technology is a two-edged sword. On the one hand, it's wonderful that biopharma firms can so rapidly plow through lab testing of new molecular entities. Conversely, because of the rapid rate of technological advancement, two challenges occur: first, automated testing puts people (i.e., future customers) out of work, and second, the regulations can't keep up. For the former, if your customer doesn't have a high-paying job, he/she can't afford your high-priced products. And when it comes to regulations - did you know that when FDA was starting to write 21 CFR 11 on electronic records and computer validation, ALL the computer power on planet earth was LESS THAN the power in today's iPhone? 'Nuff said.

Globalization. Let's face it, we have supply chains that go around the world at least once. And if I can buy a new medicine for LOT less over the Internet, why wouldn't I? How long will it be before a service exists that conducts random quality tests on Internet-purchased medicines to provide a guaranteed level of purity? And let's add to that the dramatic increase in medical tourism. When it's cheaper for customers to fly overseas to get an operation and medicine than it is to get the products and services from the hospital and pharmacy 3 miles down the road, our business model is not on the right path.

Increased Compliance Burden. This isn't about more regulations or less regulations; companies have been complaining about regulations since the days of Hammurabi. This is about the fact that the more I have to customize, tailor and personalize my new products to smaller and smaller sub-populations, the more clinical trials I have to conduct, the more quality audits I have to undertake, the more CAPAs and complaints I'll have to deal with, and so on. In other words, the regulatory affairs and quality system approaches of last century seem increasingly out of touch with today's needs.

Overly Rigid Quality Systems. In light of all of the above, more and more SOPs and policies seem out of step with business requirements in the 21st century: flexibility, cost efficiency, and real risk reduction. My goal with my lean compliance workshops and consulting is to at least tackle and solve this one issue outright (much less try to walk professionals and managers through solving the other challenges associated with FDA, ICH and/or GHTF compliance).

These eight real challenges inhibit new medicine success in the life sciences today. Don't get sidetracked with just one issue. And while there are no easy answers, I've outlined 113 specific tactics that do work in my latest book, along with the examples and case studies that show why these work.

If you'd like to learn more about the book, the publisher is allowing free downloads of the first chapter. You can download the first chapter free of charge at the book's website, http://www.Get2MarketNow.com. The site has links for ordering, as well as reader resources such as downloadable checklists, templates, mini-tutorials, helpful links and so on.

I look forward to hearing your thoughts.

Posted at 12:59 PM in Lean Compliance, Quality by Design | Permalink | Comments (2) | TrackBack (0)

04 April 2011

FDA Focuses More on Supplier Qualification Enforcement

Compliance of suppliers, and the challenges in all stages of purchasing, product development, manufacturing, distribution, and oversight, is getting more and more focus in the eyes of the FDA just as it becomes more and more complicated. One the hardest challenges is dealing with 10% of the supplier base: virtual suppliers.

Reviewing FDA's warning letters from 2010 reveals that supplier qualification and the management of the supply chain is increasingly an important part of inspections. The main concerns refer to the quality of supplier qualification and oversight as the following excerpts show:

"Your vendor qualification has not provided adequate evidence that the supplier can consistently supply raw materials that meet appropriate quality attributes."
"SOP [...] requires your firm to audit your medical gas supplier every... However, your firm has not conducted audits of your supplier …"
"Suppliers are not monitored and regularly scrutinized to ensure ongoing reliability. Specifically, your firm has not adequately qualified the supplier of […] API. There is no assurance that the API suppliers are in compliance with CGMPs, without supplier qualification."
"You did not specify how you intend to document and implement such audits [of a virtual manufacturer]"

In February, the FDA announced a new secure supply chain regulatory strategy that would strengthen enforcement of supplier oversight and qualification. Given that at least 10% of the vendors in the pharmaceutical and medical device industries are now virtual - they have no physical site that can be audited - how is the industry adapting to this new challenge?

Recognizing complexities associated with qualifying and overseeing virtual vendors, Cerulean and Elsevier have partnered to put together a 90-minute webinar course on qualifying and managing virtual suppliers: Utilizing Virtual Suppliers on 26 April 2011.

I hope you will consider attending.

Posted at 08:32 AM in FDA Intel, Supplier Management | Permalink | Comments (0) | TrackBack (0)

24 March 2011

FDA Expectations of Senior Management Webinar

ExpertBriefings is hosting me giving a 1 hour condensed version of my half-day workshop on FDA expectations of senior management in overseeing quality management systems.

I'll be discussing specific FDA warning citations around poor management oversight, identifying the most common challenges faced by executives and firms, the core components of an effective management oversight program, and then examples of each.

What are the key elements of a management controls SOP?
Which mistakes are so grave that they will generate a warning letter?
How extensive does my involvement need to be?

These and other very logical questions are voiced by executives at many FDA-regulated firms. And this widespread confusion only underscores how regulations do not provide pragmatic answers. Take advantage of this webinar to learn practical answers that FDA inspectors, shareholders and executives alike all agree upon.

The webinar will take place this Tuesday (March 29) at 2:00 PM eastern time. More information from ExpertBriefings follows:

FDA is increasingly citing companies and naming executives for failure to ensure an effective quality system, failure to ensure SOPs are being followed, and failure to enforce policies and procedures. Under FDAAA 2007, the agency has the power to levy civil penalties on individual executives and withhold approval of new drugs and devices.

What You Will Learn:

What the FDA expects of senior management when it comes to quality system and compliance infrastructure oversight

Five crucial challenges to overcome to avoid FDA enforcement action

How the inspector will determine if a quality system is being managed effectively

What will prompt FDA to publicly name you … and how to avoid it

Seven steps to take every year to prove effective oversight of SOPs and policies

How to ethically limit your personal exposure as an officer of the company

You will receive the ICH Q10 guidance with emphasis on management accountability, FDA warning letter samples that cite poor executive oversight, and OIG’s compliance program guidance for executives.
You can register on-line here.

If you can't make the webinar this Tuesday, consider purchasing the recorded version either through ExpertBriefings.com or Ceruleanllc.com.

Find details on my other upcoming FDA compliance speaking events here. And if you'd like to request my speaking services - either at your own event or to run a corporate FDA compliance workshop, you can do so through the Cerulean FDA workshop and training website section.

Posted at 08:00 AM in Event & Publication Calendar, Leadership Quick Tips, Lean Compliance | Permalink | Comments (0) | TrackBack (0)