REACTIVE COMPLIANCE

Fact is, we all are Risk driven hence, it is always worthwhile to practice a ‘Risk based approach’ at work.  Risk based approach prompts us to act proactively.  It is not a new aspect, use of risk as a tool goes back to 1960s, when it was first used in the Aerospace industry. 

Now the point is, “what is a Reactive compliance?” An incident takes place, we investigate, find the risks associated with it, concludes a root cause and plan to prevent the repetitions in future.  It is true even at home or at work place, we usually react once the incident happens.  Or in other words, we wait for the incidents to happen, to react and then comply, this is what is a ‘Reactive compliance’.    

RISK & REACTIVE COMPLIANCE

It is evident that we can work in compliance mode, only when we proactively address the risks or gaps associated with a process or a system.  To understand the risks, we need to review our processes & systems as a part of detailed review procedure, this is the first step towards proactive compliance. Dilemma is that Self-inspection/Internal audit procedures restricts the scope to the level of ensuring compliance with the existing systems.  It is always recommended to have a procedure as a part of Quality Assurance system, so we are able to assess the risks at defined intervals, which might still be left unnoticed.

Risk & reactive compliance are two sides of a coin.  Risk is integral; we can always put our best to maintain it to its minimum. A proactive approach to understand the potential risks in the process & systems, may help us to plan Preventive actions in advance, i.e. a Proactive compliance mode. 

DISADVANTAGE OF REACTIVE COMPLIANCE

1.      Live with the Risk

Take a simple example of balance used for dispensing of raw materials in a warehouse.  In its calibration is not reviewed critically, it may lead to the Risk of adding incorrect quantity of raw materials to the batch, resulting in quality concerns.

There may be many such examples, failure to have a proactive identification of the risk or gap in the system or process will have far reaching consequences, which will impact the quality of the end result.

 2.           Wait for the incidents to happen. 

Fact is that a reactive approach makes us to sit with the risks and we become used to wait for the undesirable events to take place.  It not only delays the timely actions but also makes the situations complicated.

A typical example to this can be a checklist in the warehouse, to facilitate the inspection of incoming materials.  If it doesn’t state the verification of weight of the Active raw material bags (25kg each), received in bulk, as well as Identification test is also not performed on all 100% bags.  It always leads to a scope for incorrect dispensing not only with respect to weight but also mixing of any other material in the batch, as identification test has been conducted on a few bags only.

Missing a proactive approach will take us to an undesired situation leading to a critical quality problem, and a long list of QMS incidents.  This will follow an investigation, diverting resources for uninvited problems to find out the root cause and a reactive compliance.

3.      As incidents result in losses, we lose productivity, time and credibility. 

A QMS incident and its remediation, requires extra resources, time and not only results in loss of qualitative & quantitative attributes but also affects the credibility of the team to deliver right quality product.

Compliance has certainly been made, but at a higher cost, with negative ‘Returns on Investment’ (ROI).  Consequently, a reactive approach is not a plan but a mechanics. 

Finally, it all bounces during an external review.  We listen about the companies with ZERO – 483 audits.  It is not a miracle, it is possible, we need to discourage the practice of Reactive compliance and encourage a proactive mode.  A monthly review of ROI on the cost of product for the failures to identify risks will certainly help in streamlining the process.

FOLLOW PROACTIVE COMPLIANCE

‘Proactive Compliance’ is the process of investigating inconsistencies in a system or process, to understand the risks & identify the gaps in advance.  It works on Predictive maintenance principles.  It requires, an in-depth understanding & study to predict the situations where systems & process may be at risk and can lead to trouble.  This allows us to proactively address the situations before they become critical.

It enhances Productivity

It is an illusion that following the cGMP Principles, require higher cost of productivity and hence a many of the manufacturing facilities might not strictly adhere to these.  Try to calculate the actual cost of the product against the cost incurred on getting OOS, reprocessing etc. Are we not a loser?  

If we aspire to enhance the productivity, follow the rules of Proactive compliance, by adopting the rules of Predictive maintenance.  Following Proactive compliance with CGMP is like making “1 + 1 equals ELEVEN”.

Enhances Product quality & credibility

Following Predictive compliance, will not only help us in assuring a ‘Trouble free working & right Product quality’ but also elevate our confidence levels & credibility towards working for highly regulated markets.

ASSURE A BETTER TOMORROW

Proactive Compliance through an established procedure at certain defined intervals to identify the risks & gaps in the process & systems can be the Best tool for a better tomorrow.  We require good systems & processes with NO or least risks/deficiencies, so as to target good business markets by being a fully Regulated manufacturing facility. 

It will allow us to plan a better future and opportunities for a vertical growth. 

Root Cause Analysis

It is the RISK, which provides us a scope for thinking one step ahead, so that we can be safe.   We all are RISK driven; at our home and or at a work place.  If we think a little deeper, “are we not using Risk management in all the arenas of our lives, knowingly or unknowingly”.

It is imperative that RISK, if not addressed adequately in time, will lead us to various Risk zones, resulting into the undesirable incidents.   An insincere glance & redressal of the RISK will add to chronic problems.   A makeover will never help us to address the risk & reach the real root cause.    The question is, “are we putting our optimum best efforts to identify all possible risks (known & unknown) in order to arrive at the most appropriate Root cause” (RC).

Risk assessment & Root cause analysis (RCA) are the two most important components of Quality Management System (QMS), irrespective of the nature of the organization.  A detailed Risk assessment is required to effectively address any gaps in the systems, which could lead to undesirable incidents.  Any deviations, Out of Specifications, Out of Trends and or failures, if not investigated in depth to comprehend the underlying causes & risks and the root cause for the incident, they will lead to inadequate Root cause identification and our efforts towards designing the “Corrective and Preventive actions” (CAPA) will not add value towards improving the working conditions and mitigating the risk.  It  is evident that, in the absence of an Effective RCA, CAPA won’t have an adequate value addition. 

WHY RCA IS NOT EFFECTVE

Effectiveness of an identified Root cause, supplemented with a strong CAPA, can be well reflected in the repetition of the incidents of similar kind.  In case the similar incidents are repeated, it reflects on poor RCA & a weak CAPA.  Why?

Why are we not able to perform an Effective RCA? 

ü  Everyone of us is over occupied with work and hence we are in a HURRY to conclude an incident?    Leading to inadequate review of the peripheral activities, which can add to the risk and hence they go un-noticed.  Result is “Root cause will be based on limited data”. 

ü  One possibility is that the team engaged in performing the RCA is not experienced and trained enough.  Absence of an in-depth understanding of the operations, won’t allow a detailed & adequate Risk assessment & so the RCA.  It is preferred that Subject Matter Experts (SMEs) and or First/second line are a part of the RCA activity, as it requires assessment of Risk followed by reaching a conclusion, for identification of probable Root cause. 

ü  Another possibility is that all the relevant functions might not have participated in the Risk assessment & RCA activity, leading to ineffective identification of RCA, i.e. cross functional inputs are missing. 

ü  Other important aspect to the RCA is, even if the incident has been assessed for its RCA in-depth but as an isolated incident, it won’t give us an assurance of effective CAPA.  If we require an effective implementation of the CAPA derived out of a RCA, it must be viewed as a Universal approach.  It is required to increase the SCOPE of the RISK and assess the impact on other similar activities, so as to have a comprehensive evaluation of all the risk factors, so as to reach the most appropriate Root cause.

As mentioned above, an in-effective RCA will result is Repetition of incidents with similar Root cause and will not only reflect on poor RCA but also will put a question mark on the capabilities of the Technical team. 

TOOLS TO PERFORM RCA

An effective RCA is a must, as discussed above.  We need to perform a detailed RCA using available RCA tools, for example Fault Tree Analysis (FTA), Ishikawa & 5 Why.  We can use either of these tools for RCA.   In principle there is not much difference among these, however the presentation differs. 

Whatever tool(s) we use, our SOP should mention this precisely.  It should be formalized in the form of a Formal document as a part of the SOP.

WHAT SHOULD WE DO TO ENSURE EFFECTIVE RCA

1.     Availability of all relevant data for review and analysis.

2.     A trend of incidents in the past, related RCA & CAPA effectiveness, so as to understand if it is a repetitive occurrence and earlier identified RCA & CAPA were adequate.

3.  Understand the difference between SPORADIC & Chronic problems, so as to plan CAPA accordingly.

4.  Only Trained & experienced personnel from cross-functional areas should be a part of the RCA process.

DON'T GET TRAPPED IN THE EASY FRUITS

There are situations, when we come across a Root cause and sometimes we are not able to arrive a suitable root cause.    

Important is that, we should not get trapped into the easy fruits, i.e. the direct cause.  Addressing a Direct cause, means taking up the RCA at its face value.   This process will remove the early warning indicator, thus making it little difficult to identify next time it happens.

Conclusively, we must understand the importance of in-depth Risk assessment & Root cause analysis, so that it can help us in making our Practices & processes robust.  Also it will ensure fixing  the problems effectively, the first time they occur, so as to ensure availability of more time to invest in other activities.

DELEGATE

I am very BUSY, highly occupied. 

This is a NORMAL expression, we come across in any organization.  Over the years of my experience with industry, I found many of the people living with this notion.  Staying late in the evening, and uttering Oh My God, so much of work to do, is quite common. 

And The MANAGEMENT talks about the WORK LIFE BALANCE.

How can we address this stress?   It is definitely not that we are less efficient?  What is meant by efficient here?  Are we able to deliver our work within the stipulated time frame, with desired Quality output? 

COMMON MIND-SET:

I have observed that most of the people try to work themselves, considering that others are not efficient enough and will make mistakes, resulting in delays.  But these are our team and, at least they deserve the opportunity to perform.

Often we may not do so, as many of us might believe that I am the best to do this correctly in the first go.  So we do it ourselves.  It is good to do a work ourselves, because we know, how to address this, but by doing this,

a.       We are missing a leadership quality.

b.      We are not giving opportunity to our team to perform & develop for future. 

c.       We are creating more stress for our future.

DELEGATE THE WORK:

Many middle management persons don’t delegate the work, or if delegate, not effectively delegate.

What is effective delegation?  We should:

a.    Explain work requisites as per our work plan. Basically it is like scanning our thoughts into the mind of our team. 

b.  Explain the work properly with desired outcome.  If we require it in certain specific framework, better share that framework.

c.    Share any other details or information/resource, if can help them to attend the task to our expectations.

d.    Ask for their understanding of our requirements correctly.

WHAT WE GAIN FROM DELEGATION?

1.  We save our time & can engage ourselves with other priorities?  It will improve our efficiency to do more works.  We will be able to contribute more for organization growth.

2.  We give an opportunity to others to develop, otherwise they will never develop.  It is possible that team will perform the task incorrectly at the first time, 2^nd time, 3^rd time, but at a point he will understand the standards, and will be able to deliver.  Thus we will reduce our workload & stress. 

3.      We will be mentoring and developing SECOND Line(S). 

4.      We just require to invest our time for reviewing. So plenty of time for us.

5.      We will develop trust of our team in us.

In case during the process we find that one of the team member is not able to deliver as per the expectations, suitable corrective actions can be taken.

Trust the above will help in improvement of efficiency and help easing our stress. 

Deviation Management - The way forward

In continuation of the Risk driven approach towards dealing with QMS concerns, today I shall be discussing about Deviation Management.  These are one of the areas of interest to the auditors. 

Deviation is a common phenomenon.  In fact Deviations provide us an opportunity to improve by reviewing & enhancing the Controls, if these are investigated in depth and taken with Serious & Holistic approach.  Handling any Deviations with a Global perspective only adds value.

Deviations cost the organizations, stunning losses in terms of productivity, compliance and finance.  In my opinion, average COST OF A DEVIATION should be calculated and shared with the group in the MANAGEMENT REVIEW MEETINGS, so as to make the group understand what the organization has lost due to A DEVIATION. 

Discussing below certain factors, if we consider, we will be able to make Deviation as a strong forte towards growth.

WHY SHOULD WE WAIT FOR A DEVIATION TO OCCUR

I always emphasize that we must understand the INHERENT RISK involved in whatever we do.  Monthly, quarterly, and annual QMS review meetings provide us a very good platform for review of any incidents. 

Historical data is a valuable treasure of information for diagnosis and is the best tool to proactively take care to mitigate the RISK in future.

If we expand the scope of the evaluation of a deviation, beyond its face value, it gives us a good insight not only to :

a.       Understand the number of deviations with similar pattern, (Frequency of deviations)

b.      Understand the derived Root cause analysis

c.       Decide a proper CAPA,

But also provides an opportunity to discuss if;

a.       A deviation happens repeatedly, why is it recurring.

b.      RCA, it requires further investigations

c.       RC was correctly identified, does it require to further strengthen CAPA.

d.      CAPA was correctly identified, then

e.       It was not implemented & monitored effectively to prevent recurrence.

A deviation means a gap in the system or function.  It should draw our immediate attention.   If not addressed timely, it may lead to more such incidents in future, leading to an uncontrolled chain reaction.

A PROACTIVE  RISK based Approach will help us in deriving a Correct RC as well as deriving strong CAPA. 

WHAT WILL HAPPEN IF DEVIATIONS ARE LEFT PENDING & WE PROCEED?

Sometimes, organizations may miss-out on addressing the Deviations ON-LINE.   

If a Deviation is not addressed “On-Line & On-Time”,  we miss the real time facts, which could help us in identifying the exact Root cause & other Risks, which resulted into the Deviations.  The outcome is;

a.       Incorrect Root cause

b.      Poor CAPA

c.       Invitation to recurrence of failures

The historical data collected with Off-line review of deviations, will not add much value for deciding corrective & preventive actions for future. 

MAN IS A SOFT TARGET (HUMAN ERROR)

Commonly said, if we review the Deviation history, and screen the Root Cause Analysis (RCA), then in most of the incidents we observe, ‘HUMAN error’, is the most commonly documented RCA.  The poor man is a SOFT TARGET, probably easy to address through Trainings.

But it leads us to a Big Question?

Looking at recurring human error, sends a BAD signal to the Management & the Auditor.   The doubts come on:

a.       Our people are not adequately trained to operate.  The organization is not Training driven and therefore invites risks resulting into Deviations.

b.      QMS is not strong enough, to in depth investigate a Deviation and find out a PRECISE Root cause hence, CAPA will not be good enough to address the underlying reasons. 

c.       The organization doesn’t have a proper monitoring system to ensure adequate implementation of CAPA and monitor its effectiveness. 

 In my opinion, “Important is to find a correct, underlying root cause and to transform it in terms of practically implementable Action Plan.” 

DEALING WITH THE SITUATION - NOT ABLE TO REACH A ROOT CAUSE

Though, No regulatory standard requires that all investigation should end with the identification of a ‘definitive’ root cause. Finding the true root cause is very important as it surfaces the fundamental reason that allowed the deviation to occur.   It is our accountability to arrive at a concrete and/or a most probable root cause based on available sufficient scientific data.  

Different tools are available for identification of RCA and can be used to identify the RC.  For example, ‘Ishikawa & 5 why analysis’, are very good tools to investigate an incident and arrive a RC.

Majority of the deviations are always linked to a concrete root cause, however, there may be a few situations where we may not reach a root cause at all. 

Few of the reasons for not able to reach the root cause might be;

a.       Not committing adequate time and resources for investigation.

b.      Not able to collect all the facts and relevant details

c.       People are not trained sufficiently to conduct an effective investigation

On the other hand, we might have put our best efforts, still we didn’t succeed to identify a root cause. It will lead to a situation, that a “definitive” root cause could not be established, regardless of availability of detailed investigation report and the investigation remained conclusion less.

It is not the conclusion.  Please follow the next blog to find, how should we conclude a Deviation investigation. 

ALIGNING WITH AUDIT READINESS

The Auditor KNOCKS at the factory gate, Hello, we are from FDA.  And it leads to increasing BP, lots of stress, tension & sweating inside the premises.  What will happen?  There are gaps, many unattended open issues, and all sorts of nightmares start floating in front of our eyes.  

Why does this happen?

In my earlier BLOG, I discussed about RISK.  In fact our existence depends on our ability to cope up with RISK effectively.  Less are we vigilant to identify the risk around us, more will be the opportunities, the auditor(s) will have to screw us.  

We are the key to decide the outcome of an audit as, Good or bad.  Don’t we think so?  It is as simple as; during our studies, if we were well prepared for examinations, then we were confident of getting a good percentage and in case of any loop holes in the preparation, we were under stress.  Isn’t that so?   

Factors to consider for maintaining all time compliance:

1. Proactive approach & Planning

Proactive approach, quick planning & its execution is the key to success.  Sometimes, we miss the proactive approach and allow the issues to crop up, if planning is done, then its execution should be immediate as per the schedule and monitored by seniors.  We need to develop tools for monitoring. This will help us keeping up with the pace of the activities and in a state of all time audit preparedness.    

2. We should ONLY be data driven

Our decisions should be based on the review of relevant data.  In case the data for review is not adequate, collect more data to scientifically support our decision.  

When we say that ‘Data is not adequate.’  What does that mean?  As I always emphasize on the Risk driven approach, it will help us in identifying all the possible dimensions of studies & data required to scientifically justify the concern.  

Any matter supported by Risk assessment, followed by documents to mitigate the risk and a suitable CAPA, we will be able to effectively address the problem.  Also it will help in adding auditor’s confidence in us. 

An audit is DATA driven along with the risk.  Data integrity is a Branded deficiency in many audits now.  Auditors, during the review of documents or activities, try to get assured that there is no data integrity issue.  A gap in availability of data results in issuance/generation of a Critical Non-compliance. 

3. On line documentation 

We document the activities on line, but sometimes when we miss it may result in availability of inadequate information. Documentation done back dated, is not only a concern for the Regulatory inspectors, but also a concern for the Management, as it will not allow us to understand the root cause of any incident, as we won’t have a real time data.  Result will be a Weak CAPA.  

Recent guideline on Data integrity recommends that the data should follow ALCOA principles.

Accordingly, the DATA should be

Accordingly, the DATA should be
A	Attributable
L	Legible
C	Contemporaneous
O	Original (True copy)
A	Accurate

For example, if we don’t follow the principles of Data integrity, don’t address the problem at the time it happens and leave it for tomorrow, or the document for the sake of completion, with a planning that we will have to review it before the audit.  THEN, we have lawfully invited the problems for us.

4. Quality Management System (QMS)

Walk through the Non-compliance observations during any inspection, QMS is at the TOP, because QMS directly reflects our expertise in Technical & other matters. At Day one of the inspection, an auditor collects all the data of our Deviations, OOS, OOT, Failures, Change controls and CAPA.  A quick review of the list of these creates an image at his mind.  In fact that is one of the turning points during the audit.  If our QMS data can speak for itself, our Technical persons have interacted effectively with the auditor, then be assured that, half of the battle is won.  

A simple approach of On line addressing the QMS incidents, with defined time frame, using Trained & expert Technical team, with a proper risk assessment and scientifically derived CAPA will help to fortify this area. 

5. Trainings

Training is another area of serious concern not only for auditors but also for the Management.  Some might think that Training is a waste of time, but truly speaking it is an investment for our better future.

Less focus on trainings will increase more focus on problem solving.  So we need to decide, where we should focus.  It is like a principle of LEARNING & then EARNING.  

The more we will Learn through training, the less we will have problems to handle, and we will be able to invest our resources for improvements.  It implies increased rate of growth, w.r.t quality & quantity both.

Training should be planned by visualizing our SOPs & operations, considering smallest possible activity, which we might miss.  Equally important is the time to time evaluation & effectiveness checks of training.   Every organization should develop tools to ensure the effectiveness of training. Record of the same should be maintained. 

6. Keep control on Emotions

Being emotional, having healthy relations and emotions is good, but when it comes to our workplace, we should learn to keep our emotion apart. A workplace isn’t a place for emotions but a place for actions.

You shouldn’t just casually ignore something, “Yarr Chalta Hai, Aage se Dhyaan Rakh (it’s fine but take care from next time onwards)”, because someone’s close to you.  Also, since it was just a friendly advice, you never know how much that ‘friend’ is going to implement it in the future.

Once the audit is in progress and you’re caught in a loop, you think, “O YAAR, MARVA DIA (Auditor almost killed me for that one)”. 

So just keep it professional, not emotional.  Follow Profession, NOT Emotion. 

Purpose of starting writing this blog is to share my thought process with the industry. I am sure this blog will certainly add value to our thought process. I’ll see you guys next time, with some more value addition. 

CRITICAL THINKING

    

Critical thinking is a key element of the new paradigm to keep our working standards higher than the expectations.   It is essential towards successful management of growth & progress of an organization. 

Working in a Healthcare industry is not a Piece of Cake.  With time the expectations & working conditions have changed significantly.  We are growing at a very fast pace.  For example, Indian pharmaceuticals market has grown at a Compound annual growth rate (CAGR) of 17.46 per cent during 2005-16, with the market growth from US$ 6 billion in 2005 to US$ 36.7 billion in 2016 and is expected to expand to US$ 55 billion by 2020.

Therefore, regardless of the colossal potential growth, sustenance will be a big challenge for everyone in view of the expectations by 2020.  It doesn’t differ for a small scale &/or a multinational company.  Working with the highest values is the demand of time.  Time requires us to work SMART rather than just working hard, and Smart working requires Critical thinking. 

What exactly is this Critical thinking?

Thinking with a RISK based approach.  Different guidelines have been published on Risk Management.  For instance, ICH-Q9 provides a very good model for Analysis & management of risk.   What these models want us to do?  Are these not the tools, which make us to forcibly think with critical brainstorming?

This approach is certainly helpful in changing the mind-sets in industry.  Thought process in the industry is changing, absence of a Risk based or critical thinking has led us to the unpredictable situations. 

How can we survive the growing expectations of industry and the Regulatory agencies? The requirement is everything that we must do to ensure the Quality, Safety & Efficacy of the product. 

To assure this we follow Quality Management systems & conduct Trainings.  These provide us a very strong platform to effectively address any deviations, failures, changes around us and protect the Quality, Safety & Efficacy of the product.  But, “What if we come across similar deviations repeatedly, What if the Root cause of OOS & Failures is same at most of the occasion?”.  It is a direct or indirect indication of our ability to critically think & act.

Critical thinking means – Risk driven thinking & analysis of the situation.   Fact is that we all are, – RISK Driven.  But we need to understand the Application of Risk analysis.  We know risk, but we need to decide, to what level it needs to be analysed & addressed, to keep it to minimum. 

I always share with the people that, cGMP is nothing but the application of common sense.   But it should now be spiced up with a Critical risk based thought process. 

Purpose of me writing this blog is to instigate a Risk based Critical thinking in whatever we do to make our lives a lot easier.

In future, I shall be sharing some mind provoking thoughts and articles on Technical matters.