Deviation Management - The way forward

In continuation of the Risk driven approach towards dealing with QMS concerns, today I shall be discussing about Deviation Management.  These are one of the areas of interest to the auditors. 

Deviation is a common phenomenon.  In fact Deviations provide us an opportunity to improve by reviewing & enhancing the Controls, if these are investigated in depth and taken with Serious & Holistic approach.  Handling any Deviations with a Global perspective only adds value.

Deviations cost the organizations, stunning losses in terms of productivity, compliance and finance.  In my opinion, average COST OF A DEVIATION should be calculated and shared with the group in the MANAGEMENT REVIEW MEETINGS, so as to make the group understand what the organization has lost due to A DEVIATION. 

Discussing below certain factors, if we consider, we will be able to make Deviation as a strong forte towards growth.

WHY SHOULD WE WAIT FOR A DEVIATION TO OCCUR

I always emphasize that we must understand the INHERENT RISK involved in whatever we do.  Monthly, quarterly, and annual QMS review meetings provide us a very good platform for review of any incidents. 

Historical data is a valuable treasure of information for diagnosis and is the best tool to proactively take care to mitigate the RISK in future.

If we expand the scope of the evaluation of a deviation, beyond its face value, it gives us a good insight not only to :

a.       Understand the number of deviations with similar pattern, (Frequency of deviations)

b.      Understand the derived Root cause analysis

c.       Decide a proper CAPA,

But also provides an opportunity to discuss if;

a.       A deviation happens repeatedly, why is it recurring.

b.      RCA, it requires further investigations

c.       RC was correctly identified, does it require to further strengthen CAPA.

d.      CAPA was correctly identified, then

e.       It was not implemented & monitored effectively to prevent recurrence.

A deviation means a gap in the system or function.  It should draw our immediate attention.   If not addressed timely, it may lead to more such incidents in future, leading to an uncontrolled chain reaction.

A PROACTIVE  RISK based Approach will help us in deriving a Correct RC as well as deriving strong CAPA. 

WHAT WILL HAPPEN IF DEVIATIONS ARE LEFT PENDING & WE PROCEED?

Sometimes, organizations may miss-out on addressing the Deviations ON-LINE.   

If a Deviation is not addressed “On-Line & On-Time”,  we miss the real time facts, which could help us in identifying the exact Root cause & other Risks, which resulted into the Deviations.  The outcome is;

a.       Incorrect Root cause

b.      Poor CAPA

c.       Invitation to recurrence of failures

The historical data collected with Off-line review of deviations, will not add much value for deciding corrective & preventive actions for future. 

MAN IS A SOFT TARGET (HUMAN ERROR)

Commonly said, if we review the Deviation history, and screen the Root Cause Analysis (RCA), then in most of the incidents we observe, ‘HUMAN error’, is the most commonly documented RCA.  The poor man is a SOFT TARGET, probably easy to address through Trainings.

But it leads us to a Big Question?

Looking at recurring human error, sends a BAD signal to the Management & the Auditor.   The doubts come on:

a.       Our people are not adequately trained to operate.  The organization is not Training driven and therefore invites risks resulting into Deviations.

b.      QMS is not strong enough, to in depth investigate a Deviation and find out a PRECISE Root cause hence, CAPA will not be good enough to address the underlying reasons. 

c.       The organization doesn’t have a proper monitoring system to ensure adequate implementation of CAPA and monitor its effectiveness. 

 In my opinion, “Important is to find a correct, underlying root cause and to transform it in terms of practically implementable Action Plan.” 

DEALING WITH THE SITUATION - NOT ABLE TO REACH A ROOT CAUSE

Though, No regulatory standard requires that all investigation should end with the identification of a ‘definitive’ root cause. Finding the true root cause is very important as it surfaces the fundamental reason that allowed the deviation to occur.   It is our accountability to arrive at a concrete and/or a most probable root cause based on available sufficient scientific data.  

Different tools are available for identification of RCA and can be used to identify the RC.  For example, ‘Ishikawa & 5 why analysis’, are very good tools to investigate an incident and arrive a RC.

Majority of the deviations are always linked to a concrete root cause, however, there may be a few situations where we may not reach a root cause at all. 

Few of the reasons for not able to reach the root cause might be;

a.       Not committing adequate time and resources for investigation.

b.      Not able to collect all the facts and relevant details

c.       People are not trained sufficiently to conduct an effective investigation

On the other hand, we might have put our best efforts, still we didn’t succeed to identify a root cause. It will lead to a situation, that a “definitive” root cause could not be established, regardless of availability of detailed investigation report and the investigation remained conclusion less.

It is not the conclusion.  Please follow the next blog to find, how should we conclude a Deviation investigation. 

ALIGNING WITH AUDIT READINESS

The Auditor KNOCKS at the factory gate, Hello, we are from FDA.  And it leads to increasing BP, lots of stress, tension & sweating inside the premises.  What will happen?  There are gaps, many unattended open issues, and all sorts of nightmares start floating in front of our eyes.  

Why does this happen?

In my earlier BLOG, I discussed about RISK.  In fact our existence depends on our ability to cope up with RISK effectively.  Less are we vigilant to identify the risk around us, more will be the opportunities, the auditor(s) will have to screw us.  

We are the key to decide the outcome of an audit as, Good or bad.  Don’t we think so?  It is as simple as; during our studies, if we were well prepared for examinations, then we were confident of getting a good percentage and in case of any loop holes in the preparation, we were under stress.  Isn’t that so?   

Factors to consider for maintaining all time compliance:

1. Proactive approach & Planning

Proactive approach, quick planning & its execution is the key to success.  Sometimes, we miss the proactive approach and allow the issues to crop up, if planning is done, then its execution should be immediate as per the schedule and monitored by seniors.  We need to develop tools for monitoring. This will help us keeping up with the pace of the activities and in a state of all time audit preparedness.    

2. We should ONLY be data driven

Our decisions should be based on the review of relevant data.  In case the data for review is not adequate, collect more data to scientifically support our decision.  

When we say that ‘Data is not adequate.’  What does that mean?  As I always emphasize on the Risk driven approach, it will help us in identifying all the possible dimensions of studies & data required to scientifically justify the concern.  

Any matter supported by Risk assessment, followed by documents to mitigate the risk and a suitable CAPA, we will be able to effectively address the problem.  Also it will help in adding auditor’s confidence in us. 

An audit is DATA driven along with the risk.  Data integrity is a Branded deficiency in many audits now.  Auditors, during the review of documents or activities, try to get assured that there is no data integrity issue.  A gap in availability of data results in issuance/generation of a Critical Non-compliance. 

3. On line documentation 

We document the activities on line, but sometimes when we miss it may result in availability of inadequate information. Documentation done back dated, is not only a concern for the Regulatory inspectors, but also a concern for the Management, as it will not allow us to understand the root cause of any incident, as we won’t have a real time data.  Result will be a Weak CAPA.  

Recent guideline on Data integrity recommends that the data should follow ALCOA principles.

Accordingly, the DATA should be

Accordingly, the DATA should be
A	Attributable
L	Legible
C	Contemporaneous
O	Original (True copy)
A	Accurate

For example, if we don’t follow the principles of Data integrity, don’t address the problem at the time it happens and leave it for tomorrow, or the document for the sake of completion, with a planning that we will have to review it before the audit.  THEN, we have lawfully invited the problems for us.

4. Quality Management System (QMS)

Walk through the Non-compliance observations during any inspection, QMS is at the TOP, because QMS directly reflects our expertise in Technical & other matters. At Day one of the inspection, an auditor collects all the data of our Deviations, OOS, OOT, Failures, Change controls and CAPA.  A quick review of the list of these creates an image at his mind.  In fact that is one of the turning points during the audit.  If our QMS data can speak for itself, our Technical persons have interacted effectively with the auditor, then be assured that, half of the battle is won.  

A simple approach of On line addressing the QMS incidents, with defined time frame, using Trained & expert Technical team, with a proper risk assessment and scientifically derived CAPA will help to fortify this area. 

5. Trainings

Training is another area of serious concern not only for auditors but also for the Management.  Some might think that Training is a waste of time, but truly speaking it is an investment for our better future.

Less focus on trainings will increase more focus on problem solving.  So we need to decide, where we should focus.  It is like a principle of LEARNING & then EARNING.  

The more we will Learn through training, the less we will have problems to handle, and we will be able to invest our resources for improvements.  It implies increased rate of growth, w.r.t quality & quantity both.

Training should be planned by visualizing our SOPs & operations, considering smallest possible activity, which we might miss.  Equally important is the time to time evaluation & effectiveness checks of training.   Every organization should develop tools to ensure the effectiveness of training. Record of the same should be maintained. 

6. Keep control on Emotions

Being emotional, having healthy relations and emotions is good, but when it comes to our workplace, we should learn to keep our emotion apart. A workplace isn’t a place for emotions but a place for actions.

You shouldn’t just casually ignore something, “Yarr Chalta Hai, Aage se Dhyaan Rakh (it’s fine but take care from next time onwards)”, because someone’s close to you.  Also, since it was just a friendly advice, you never know how much that ‘friend’ is going to implement it in the future.

Once the audit is in progress and you’re caught in a loop, you think, “O YAAR, MARVA DIA (Auditor almost killed me for that one)”. 

So just keep it professional, not emotional.  Follow Profession, NOT Emotion. 

Purpose of starting writing this blog is to share my thought process with the industry. I am sure this blog will certainly add value to our thought process. I’ll see you guys next time, with some more value addition. 

CRITICAL THINKING

    

Critical thinking is a key element of the new paradigm to keep our working standards higher than the expectations.   It is essential towards successful management of growth & progress of an organization. 

Working in a Healthcare industry is not a Piece of Cake.  With time the expectations & working conditions have changed significantly.  We are growing at a very fast pace.  For example, Indian pharmaceuticals market has grown at a Compound annual growth rate (CAGR) of 17.46 per cent during 2005-16, with the market growth from US$ 6 billion in 2005 to US$ 36.7 billion in 2016 and is expected to expand to US$ 55 billion by 2020.

Therefore, regardless of the colossal potential growth, sustenance will be a big challenge for everyone in view of the expectations by 2020.  It doesn’t differ for a small scale &/or a multinational company.  Working with the highest values is the demand of time.  Time requires us to work SMART rather than just working hard, and Smart working requires Critical thinking. 

What exactly is this Critical thinking?

Thinking with a RISK based approach.  Different guidelines have been published on Risk Management.  For instance, ICH-Q9 provides a very good model for Analysis & management of risk.   What these models want us to do?  Are these not the tools, which make us to forcibly think with critical brainstorming?

This approach is certainly helpful in changing the mind-sets in industry.  Thought process in the industry is changing, absence of a Risk based or critical thinking has led us to the unpredictable situations. 

How can we survive the growing expectations of industry and the Regulatory agencies? The requirement is everything that we must do to ensure the Quality, Safety & Efficacy of the product. 

To assure this we follow Quality Management systems & conduct Trainings.  These provide us a very strong platform to effectively address any deviations, failures, changes around us and protect the Quality, Safety & Efficacy of the product.  But, “What if we come across similar deviations repeatedly, What if the Root cause of OOS & Failures is same at most of the occasion?”.  It is a direct or indirect indication of our ability to critically think & act.

Critical thinking means – Risk driven thinking & analysis of the situation.   Fact is that we all are, – RISK Driven.  But we need to understand the Application of Risk analysis.  We know risk, but we need to decide, to what level it needs to be analysed & addressed, to keep it to minimum. 

I always share with the people that, cGMP is nothing but the application of common sense.   But it should now be spiced up with a Critical risk based thought process. 

Purpose of me writing this blog is to instigate a Risk based Critical thinking in whatever we do to make our lives a lot easier.

In future, I shall be sharing some mind provoking thoughts and articles on Technical matters.  

Hi, I am Vikram V Kulshrestha a Sr. Professional in Pharmaceuticals, with over 25 years experience in Quality Assurance & Regulatory Affairs.

I have invested many years in the Healthcare industry as an employee and as a FREE LANCER (For, QA & RA).   The integration of RA with QA has helped me in taking the matters with a different adept, w.r.t. handling of Quality Management issues.

Current expectations of the Healthcare industry are changing and the life of a QA person is like walking on the edge of a Sword.   Through this blog, I will be sharing my experience and thought process on various matters related to QMS issues.

I believe that my posts shall be useful for the Healthcare Professionals and help the industry to explore the activities with a different perspective.