Implementing a
Holistic Approach to your
Quality Management System
Steven R. Cagle
V.P. of Marketing & Product Development
Sparta Systems, Inc.
�Agenda
Session Objectives
Quality Management System Overview
Traditional Challenges
Re-defining CAPA
Implementing a Quality Management
Software Solution
Conclusion
Q&A
�Session Objective
Discuss critical components of an effective
Quality Management System (QMS),
challenges with current systems, and
solutions to overcome these challenges by
implementing a holistic Quality Management
Software solution.
�General Introduction
�Defining CAPA ISO 13485:2003
8.5.2 Corrective Action Corrective actions shall be
appropriate to the effects of the nonconformities
encountered. A documented procedure shall be
established to define requirements for
a)
b)
c)
d)
reviewing nonconformities (including customer complaints)
determining the cause of nonconformities
evaluating the need for action to ensure that nonconformities to not recur
determining and implementing action needed, including, if appropriate,
updating documentation
e) recording of the results of any investigation and of action taken, and
f) reviewing the corrective action taken and its effectiveness
�Defining CAPA ISO 13485:2003
8.5.3 Preventive action The organization shall
determine action to eliminate the causes of potential
nonconformities in order to prevent their occurrence.
Preventive actions shall be appropriate to the effects
of the potential problems.
It is also determine potential nonconformities and their
causes
a)
b)
c)
d)
evaluating the need for action to prevent occurrence of
nonconformities
determining and implementing action needed
recording of the results of any investigations and of action taken,
and
reviewing preventive action taken and its effectiveness
�Quality Regulation 21 CFR 820.100
U.S.
Food and Drug Administrations regulation governing
medical device manufacturers quality systems:
(a) Each manufacturer shall establish and maintain procedures for
implementing corrective and preventive action:
(1) analyzing processes, work operations, concessions, quality audit reports,
quality records, service records, complaints, returned products, and other
sources of quality data to identify existing and potential causes of
nonconforming product, or other quality problems
(2) investigating the cause of nonconformities relating to product, processes,
and the quality system
(3) identifying the actions needed to correct and prevent recurrence of
nonconforming product and other quality problems
(4) verifying or validating the corrective and preventive action
(5) Implementing and recording changes in methods and procedures needed
to correct and prevent identified quality problems
(6) Ensuring that information related to quality problems or nonconforming
product is disseminated to those directly responsible for assuring the
quality of such product or the prevention of such problems; and
(7) Submitting relevant information on identified quality problems, as well as
corrective and preventive actions, for management review
�Quality Regulation 21 CFR 211.22
Very similar is the U.S. FDAs regulation for pharmaceutical
manufacturers 21 CFR Part 211.22 (Quality Control Unit)
responsibilities of a quality control unit...to assure that no errors
have occurred or, if errors have occurred, that they have been fully
investigated.
The quality control unit shall have the responsibility for approving
or rejecting all procedures or specifications impacting on the
identity, strength, quality, an purity of the drug product
and in Part 211.92 (Production Record Review)
Any unexplained discrepancyor the failure of a batch or any of
its components to meet any of its specifications shall be thoroughly
investigatedThe investigation shall extend to other batches of
the same drug product and other drug products that may have
been associated with the specific failure or discrepancy. A written
record of the investigation shall be made and shall include the
conclusions and follow-up.
�Quotes from Current FDA WarningLetters
Each manufacturer shall establish procedures for quality audits
and conduct such audits to assure that the quality system is in
compliance with the established quality system requirements and
to determine the effectiveness of the quality system . Quality
audits shall be conducted by individuals who do not have direct
responsibility for the matters and shall be taken when necessary. A
report of the results of each quality audit, and reaudit(s) where
taken, shall be made and such reports shall be reviewed by
management having responsibility for the matters audited. The
dates and results of quality audits and reaudits shall be documented
as required by 21 CFR 820.22 . internal quality audits conducted by
your firm failed to verify that the quality system was effective in
fulfilling quality system objectives (FDA 483, Item #2).
�Quotes from Current FDA Warning Letters
Your firm fails to implement and maintain corrective and preventive action
(CAPA) procedures that include requirements for analyzing processes,
work operations, concessions, quality audit reports, quality records,
service records, complaints, returned product, and other sources of
quality data to identify existing and potential causes of nonconforming
product, or other quality problems as required by 21 CFR 820.1 00(a)(1).
Your firm fails to establish and implement corrective and preventive action
(CAPA) procedures that include requirements for identifying the
action(s) needed to correct and prevent recurrence of non-conforming
product and other quality problems as required by 21 CFR 820.100(a)(3)
All activities required by 21 CFR 820.100 must be verified or validated to
ensure that such action is effective and does not adversely affect
finished devices, and the results of these activities shall be documented as
required by 21 CFR 820.100(a)(4) and (b). Your firm's CAPA procedures fail
to document how analysis is done and fails to require verification/validation
that CAPA does not adversely affect finished devices (FDA 483, Item #8).
10
�Commission Directive 2003/94/EC
Preamble
Having regard to the Treaty establishing the European
Community, All manufacturers should operate an effective quality
management system of their manufacturing operations, which
requires the implementation of a pharmaceutical quality
assurance system.
Article 13 - Complaints
Any complaint concerning a defect shall be recorded and
investigated by the manufacturer
Article 14 - Inspections
The manufacturer shall conduct repeated self-inspectionsin
order to monitor the implementation and respect of good
manufacturing practice and to propose any necessary corrective
measures. Records shall be maintained of such self-inspections
and any corrective action subsequently taken.
11
�More than just corrective actions
CAPA is much more than just
corrective actions and
preventive actions.
Any opportunity to improve quality
in your organization is a CAPA!
12
�Holistic QMS Defines CAPA Sources
Supplier
Audits
Regulatory
Audits
Adverse
Trends
Nonconformance
Complaints
Adverse
Events
Out of
Specification
Deviations
Internal
Inspections
Incoming
Inspections
Out of
Specification
And more
Numerous source areas for CAPA
Scope of problems that drive CAPAs go beyond
nonconforming product
Any process that affects product quality is included
13
�CAPA Process best practices
Regardless of where the problem originates, or what
type it is, it must follow a process
Metrics and Reporting
Identify & Triage
Identify
problem
Assess
impact
Quality
/
Regulatory /
Management
Notification
Investigation
Process?
Change Control
Investigate,
Root Cause,
Action Plan
Assess
Complete
Investigation
Determine
Review &
Approve Plan
Root
Cause
Proposed
Corrective /
Preventive
Actions
changes
Ensure
no
impact to
product quality
Consensus
SMEs
from
Implement
Actions
Implement
Actions
Verify
completed
Verify
Effectiveness
Measure
to
ensure problem
has been
resolved
Monitor
Inform
stakeholders
Approval
Plan
effectiveness
14
to
ensure it is not
re-occurring
�Addressing QMS Challenges
�Typical QMS Challenges
Challenges in Problem Identification
Missing view of the big picture
Lack of ownership and accountability
Inability to link related problems
Insufficient tools for trending and analysis
Problem
Identification
Challenges in Investigation
Identify &
Investigate Root
Cause
Quality of investigations is poor
Missing & incomplete information
Inability to easily review similar past investigations
Inconsistent investigation process & Root Cause
Not determining root cause
Past due investigations, not being closed, get lost
Challenges in Planning
Vague root cause analysis
Confusion over what is corrective and what is
preventive action
Inability to relate corrective actions to source problems
Lack of integration to Change Control System
Create
Action Plan
16
�Typical QMS Challenges (cont.)
Challenges in Review & Approval
Not sure who needs to approve
Approvals in serial, not parallel
Approval process takes long time
Lack of key stakeholder input
Review &
Approve Plan
Challenges in Implementation
No way to track issues through workflow
Lack of visibility to open items
Lack of visibility to related items
Changes to plan mid-stream
Compliance risk
Implement
Actions
Challenges in Effectiveness
Easy to forget to measure effectiveness
Difficult to gather necessary metrics
No means to generate metrics
Inability to measure effectiveness does not give us any
assurance if we are addressing the root cause of the problems
17
Verify
Effectiveness
�Solution
Holistic Approach to Quality Management
Globalize (harmonize) around a common philosophy and
approach to CAPA and source Events
Obtain full compliance with cGxPs, as well as regulatory &
customer expectations
Use quality metrics as a basis for continuous improvements
Trending Problem Analysis
Thorough Investigations and Root Cause Analysis
Ensuring CAPA effectiveness
Bring attention to risk areas to prevent problems
Implement a centralized Quality Management System:
Manages all inputs and outputs as well as the actual actions
Scalable to be deployed on a global basis
Functionality / Flexibility to meet business requirements
18
�Re-defining CAPA
�Re-defining CAPA
Definitions
Standardize definitions across the organization
Terms like deviation, event, nonconformance, correction,
corrective action, preventive action, discrepancy must be consistent
for each operating unit
The same term should have the same meaning everywhere, and drive
the same process
CAPA sources include: Complaints, Audits Observations, Trends can
feed CAPA
Determine, scope identification & impact of new
system
Where does the process need to change?
Who will the system affect?
What existing policies may change?
Understand the difference between the what and the who
20
�Define the Inputs & Process
�Record the Event
Capture all related data of any event regardless of
the type
Source
Date & Time of Event
Type
Description
Department
For issues surrounding Events, utilize a quality
evaluation:
Quality Event only
Quality Event + CAPA
Quality Event + Investigation + CAPA + Change Control
Log observations / trends to implement pro-active
changes
22
�Perform Assessment & Investigation
Assign Investigator
Use Push or Pull concept
Assess impact, consider decision tree approach
Create Investigation Plan
Use Parent-Child concepts track each investigation task
Use Investigation Templates
Track & Complete Investigations
Use workflow, due dates and reminders
Escalation of past due investigations
Search & Reporting
User Dashboards
Analyze Root Cause
Structure Root cause Analysis Tree
Use Root Cause to Drive CAPA process
23
�CAPA Plan & Approval
Review currently in progress CAPAs
Create CAPAs and link to root cause
If multiple CAPAs identify which ones resolve which root cause?
Which actions must be closed to close the deviation?
Create an Effectiveness Plan at this time
Determine Approvers
Use pre-set approver functions if possible
Route Investigation & CAPA plan for approval
Email alerts, reminders
Dashboards
Obtain Approval
Ability to reject to various previous workflow states
24
�Implementing CAPA & Effectiveness
Each CAPA record should have its own record
and workflow
Use Parent-child relationships to break up the
process into smaller bites
Action Item Tracking
Track completion and verification of each CAPA
Use workflow, due dates and reminders
Escalation of past due investigations
Search & Reporting
User Dashboards
Measure effectiveness according to the plan ->
evidence that root cause has been eliminated
25
�Important QMS Requirements
�High Level Requirements
Defining the Requirements
Centralized database
Handles all process areas - modular
Workflow driven
Proactive user notification and escalation
Action items management
Querying & Reporting
Elaborate security by user-group
Management reports
Performance Metrics & Trending
Part 11 Compliance
27
�Management of all Data
Modular approach to
handling all source
areas but maintains
individual requirement
Multiple Record Types to
handle all process areas
Ability to create user
defined fields
Configurable data entry
forms
Validation and business
rules
Integration to external
systems
E.g., Create deviations
automatically from ERP
E.g., Create OOS
Investigation from LIMS
Master data (customer,
product/item, etc.)
External
Systems
Data Management
28
�Workflow Management
Configurable
workflow
Automate review and
approval process based
on meta data
Business-rule based
workflows
Parallel Approvals
Process changing activity
E-mail notifications
Integrated source
areas process to
Corrective Action
process
Workflow
External
Systems
Data Management
Parent child
relationships
Cross referencing
29
�Escalations and Business Rules
Business rules
enforcement
Date Due, Milestone
Dates
Automatically assigning
investigators, reviewers,
approvers
Automatically scheduling
tasks based on type of
Record
Escalation
Reminders of tasks
reaching expected
completion date
Escalation of CAPA past
due
Business
Rules &
Escalation
Workflow
External
Systems
Data Management
30
�Query, Reporting, Trending
Querying
Search,
Report,
Trend
Ability to query on all fields
Full text / search engine
functionality
Ability to save searches
Business
Rules &
Escalation
Reporting
Customizable report format
On screen view, print, email,
save
Status reporting
Trending
Across all sites
Across all source areas
Root cause analysis
Identify occurrence rate
decrease / increase
Ability to detect trends
automatically
Workflow
External
Systems
Data Management
31
�Compliance with Part 11
Does the system conform with your firms Part 11
requirements?
Has the software passed the test, I.e., has it gone through
FDA audits at another firm?
Can it be validated?
How confident are you in the above assessment?
Full audit trail
Reporting features
Configurable security groups
Complete record of created
and modified data
Enforced workflow
sequencing
Password composition rules
Electronic Signatures made
up of two unique
components
Password aging/expiration
Cannot re-use previous
password
Account Locking and Admin
Notification after failed log-in
Attempts
Session time-out
Requirement of reason for data
modification
Administrator / Configuration
Audit Trail
32
�Implement Solution
�Structured Project Organization
Steering Committee
Vendor Administrative
Resources
Project Management
Customer Executive
Sponsor
Sr. Mgmt. Support
Business & IT Project Mgr.
Vendor Project Manager
Quality, Operations, IT
Technical Support
QA & Customer Satisfaction
Customer IT Sponsor
Project Team
Vendor SMEs
Change Management
Validation Partners
Operations management
Customer System Administrator
Implementation Consultant
LAN/WAN
DBA
Servers
Customer. Owner Team
CAPA
:Medtronic
:MedtronicLeads
Leads
Validation Team
Complaints
Audits
RMAs
Others
Internal Computer Systems
Validation
Vendor
3rd Party (recommended)
34
�Rapid ROI - Phased Approach
Critical Systems
Prioritization
Prioritized QMS List and
implementation Project
Plan
Phase-1: FIRST QMS
Configure, Prototype,
Train
Go
Live!
Validation
Roll out
Production
Initial ROI /
Business and
compliance Benefits
Phase-2: Additional QS
Implementation,
Configure, Prototype, Train
Yes
DATA Migration &
Systems Integration
Reduced Validation via
Migration tool
Additional
QS
No
35
Fully integrated
CAPA
�Implementation
ProjectSchedule
Phases
2-3 weeks
4-8 weeks
6-8 weeks
46 weeks per project
Post Release
Requirements /
Configuration
Design
Product Orientation
Detailed As Is of
current processes,
organization and
systems
Visioning session for
to-be concepts
System Configuration
Design
Installation of
Development
Environment
Configure Prototype 1
Project Team
Workshop-1
Configure Prototype 2
Prototyping / Finalize
Configuration /
Documentation
Project Team
Workshop-2
Finalize Configuration
Design
Reports Customization
Train on Validation
Templates
Develop Validation
Protocols
Complete setup of
integration tools
Develop User
Requirement Definition
Functional
specifications
Initial validation
activities
Validation / SOPs /
Training
Go
Live!
Install Production
Execute and approve IQ
Execute and approve OQ
Execute and approve PQ
Complete validation
protocol
Create Training Materials
Revise SOPs
Train Super Users
Train Users
Train Help Desk
Roll out phase
Add additional
Projects /
enhance projects
Support application
Enhance
configuration
Add additional
project areas to
support additional
needs
PQ
Leverage Migrator
for reduced
validation
Roll out phase
36
�Conclusion
�Conclusion (cont.)
QMS encompasses the overall process related to
events / observations from multiple sources, as well as
their investigations, and resolutions
A best practices QMS system requires a single,
scalable system, which uses a holistic approach
Implementing a global QMS system may require your
organization to change how it defines CAPA as well as
it how it conducts the CAPA process
Implementing a system can be successfully
accomplished by using established software, a
harmonized approach, and an organized project
structure
38
�Q&A
39
