1 Supply Chain Control Framework Agreementforumauditorias.org/.../uploads/2016/06/Supply-Chain-Control-Frame… · SStteepp 55 Supply Chain Control Framework Agreement Page: 5 / 23

SStteepp 55

1

Supply Chain Control 2

Framework Agreement 3

4

5

6

7

8

9

10

11

12

Ref. document: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01

Status: Step 5. 18/06/2012

Adoption by SCCF Work Group: 22/12/2011

Public presentation: May 4th 2012

Number of pages: 1 of 23

13

SStteepp 55

Supply Chain Control Framework Agreement

Page: 2 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01

14

DOCUMENT HISTORY 15

16

Step 1. Draft: Issued on 30/09/2011 for the review of the SCCF Work Group 17

Step 2. Draft: Issued on 21/11/2011 including the comments from the Work Group meeting celebrated in Barcelona on 18 October 28

th, 2011 19

Step 3. Draft: Issued on 09/12/2011 including the comments from the Work Group meeting celebrated in Barcelona on 20 December 2

nd, 2011. 21

Step 4. Draft: Issued on 22/12/2011 after the Work Group approval and for the consultation of all the interested 22 companies. 23

Step 5. Final document on 18/06/2012 after the period of public consultation 24

25

SStteepp 55



26

SUPPLY CHAIN FRAMEWORK WORK GROUP AND ADHERED COMPANIES 27

28

Work Group Members: 29

30

Name Company

Carolina Coronas Indukern, S.A.

César Molina Laboratorios Dr. Esteve, S.A.

Daniel Folqués / Lourdes Campillo Laboratorios Salvat, S.A.

Georgina Pujals / Xavier Casterad Department of Health. Generalitat de Catalunya

Jacobo López-Riobóo / Irene Cantos IMCD España Especialidades Quimicas, S.A

Joan Marfil AECQ, Asociación Española del Comercio Químico

Josep Ramon Muñoz Instituto Grifols, S.A.

Josep Carles Oliver Synthon Hispania, S.L.

Manuel Rodríguez Brenntag Química, S.A.

Mercedes Carrera Azelis España, S.A.

Ramon Saumell Laboratorios Inibsa, S.A.

Carles Subirà Zeus Química, S.A.

Vanessa Rozas Merck, S.L.

Dr. Octavi Colomina , Urbici Cardona and Dr. Eduard Cayón* Forum Auditorías. (Leading)

*Contact person ([email protected] ) 31

32

Adhered Companies: 33

34

Company

35

mailto:[email protected]

SStteepp 55



36

37

CONTENTS 38

39

40

1. INTRODUCTION ...................................................................................................................................5 41

1.1 PURPOSE ........................................................................................................................................5 42 1.2 SCOPE ............................................................................................................................................5 43 1.3 BACKGROUND ..................................................................................................................................5 44

2. GLOSSARY OF TERMS .......................................................................................................................7 45

3. RAW MATERIALS SUPPLY CHAIN RISK MANAGEMENT ...............................................................8 46

3.1 STEP 0. CHARACTERISATION OF THE SUPPLY CHAIN .........................................................................9 47 3.2 STEP I. RISK ASSESSMENT ...............................................................................................................9 48 3.3 STEP II. RISK CONTROL ....................................................................................................................9 49 3.4 STEP III. RISK COMMUNICATION ..................................................................................................... 10 50 3.5 STEP IV. RISK REVIEW .................................................................................................................. 10 51 3.6 RISK MANAGEMENT TOOL. FAILURE MODE AND EFFECTS ANALYSIS (FMEA). .................................. 10 52

4. SUPPLY CHAIN CONTROL ACTIVITIES ......................................................................................... 12 53

4.1 SUPPLY CHAIN FLOW DIAGRAM ............................................................................................. 12 54 4.2 QUALITY MANAGEMENT SYSTEMS ACCEPTABLE AS RISK MITIGATING MEASURES ..... 12 55 4.3 TECHNICAL AGREEMENTS (TA) ............................................................................................. 14 56

4.3.1 TA BETWEEN PHARMACEUTICAL COMPANIES AND DISTRIBUTORS 14 57 4.3.2 TA BETWEEN DISTRIBUTORS AND THE REST OF THE SUPPLY CHAIN 15 58 4.3.3 TA BETWEEN DISTRIBUTORS AND GOODS MANUFACTURER, RE-PACKERS OR RE-59 LABELLERS 16 60

4.4 DISTRIBUTORS AUDITS: SCOPE AND EXTENT OF THE AUDIT ........................................... 17 61

5. RESPONSIBILITIES DISTRIBUTION & TASKS DELEGATION ...................................................... 18 62

5.1 PHARMACEUTICAL COMPANIES ............................................................................................ 18 63 5.2 AGENTS ..................................................................................................................................... 18 64

6. REFERENCES ................................................................................................................................... 18 65

7. ANNEX 1. FMEA RISK MANAGEMENT ........................................................................................... 19 66

7.1 RISK CRITERIA .............................................................................................................................. 19 67 7.2 RPN (RISK PRIORITY NUMBER) CALCULATION ................................................................................ 20 68 7.3 FMEA RISK MANAGEMENT TABLE .......................................................................................... 21 69

8. ANNEX 2. SUPPLY CHAIN CHARACTERIZATION AND TASKS DISTRIBUTION MODEL ......... 22 70

71 72

SStteepp 55



73

1. INTRODUCTION 74

1.1 Purpose 75

The purpose of this document is to establish the basis for the control of the supply 76

chain of raw materials to the pharmaceutical industry. 77

The main objective is to develop an approach, which can contribute to the control of the 78

supply chain with rigour, maximum simplicity (focusing on the real risks), acceptability 79

for all three involved parties: Distribution companies, Pharmaceutical companies and 80

Health Authorities (regulatory compliance). 81

The specific objectives of this document are: 82

To harmonize the nomenclature used in identifying the agents involved in the 83

supply chain. 84

To establish the methodology for Risk Management for each stakeholder involved 85

in the supply chain. 86

To identify and establish those Quality Management Systems acceptable for 87

agents and distributors as risk mitigating measures. 88

To establish the responsibilities framework while looking for the best approach 89

where each part is responsible for those tasks that are closer to their business 90

activities, while avoiding any conflict of interests. 91

To set forth the basis for developing a template for Technical Agreement (TA) 92

between Pharmaceutical and Distribution companies. 93

1.2 Scope 94

The Supply Chain Control Framework (SCCF) project is taken as collaboration 95

between Pharmaceutical Companies and Distribution companies including the Health 96

Authorities overview. The agreements reached at the SCCF project shall apply to the 97

entire supply chain. 98

This document is intended to be used by any Pharmaceutical or Distribution company 99

and should not be restricted to the initial group of companies that are leading this 100

initiative. 101

1.3 Background 102

In recent years, there has been a major effort in the Pharmaceutical sector regarding 103

the evaluation and monitoring of Good Manufacturing Practices (GMP) compliance of 104

manufacturers of active pharmaceutical ingredients. This effort has been made by the 105

Pharmaceutical Industry and by the Health Authorities in the context of the European 106

directive that regulates the manufacture of medicines (2004/27/EC, "Amending 107

Directive 2001/83 / EC on the Community Code Relating to medicinal products for 108

human use "). 109

SStteepp 55



Distribution companies have performed an important effort as well, implementing a 110

quality system in accordance to the Good Distribution Practices (GDP), and looking to 111

add value to the goods supply, avoiding a broker concept and going to a “confident 112

distributor” concept that guarantees the safety of the supply chain. 113

However, the closer to attaining the initial objectives, the greater the concerns 114

regarding the identification, evaluation and control of agents of the supply chain were 115

coming up. These concerns have been emphasized by the public health problems in 116

recent years, and resulted in the extension of the GMP & GDP compliance monitoring 117

beyond the raw materials manufacturers, to the entire supply chain of such materials. 118

Related to this point, the European Directive 2011/62/EC 1 amending Directive 119

2001/83/EC was published on July 2011. There is also a related draft guidance of the 120

Guide to the European Medicines Agency (EMA) for the declaration of the Qualified 121

Person (QP)2, which also introduces some considerations in this subject. 122

The Pharmaceutical Industry started looking for a solution to this problem and, in this 123

preliminary stage, one of the conclusions is that, for the nature of its own activity and 124

the complexity of the Supply Chain management, it is very difficult, and probably 125

ineffective, to try to solve the problem only from one side, without the collaboration of 126

the different parties and experts involved in the Supply Chain Control. 127

At this point, finding a solution that establishes the framework to involve the distributors 128

in the control of Supply Chain is required; however, the ultimate responsibility should 129

remain within the Pharmaceutical Industry, which should always look after the 130

assurance of the quality, efficiency and economical viability of each decision taken. 131

132

133

134

135

136

137

138

139

140

1 Directive 2011/62/EC Amending the Community code on medicinal products for relating to human use, as regards the prevention of the entry into the legal supply chain of counterfeit medicinal products. 2 EMA / CHMP / CVMP / QWP / 696270/2010 "Template for the Qualified Person's Declaration Concerning the GMP compliance of active Substance Used as starting material and its supply chain verification" The QP declaration template ".

SStteepp 55



2. GLOSSARY OF TERMS 141

This section describes the most common terms in the management of the supply chain. 142

In some cases, in order to name a particular participant in the supply chain several of 143

the described terms are needed to define the functions this participant performs. 144

Pharmaceutical company: Company that manufactures the drug products using the 145

goods received from the supply chain. 146

Raw materials: Active Substances Ingredients, Excipients and Packaging Materials. 147

Agent: Entity or individual acting on behalf of another, or representing another in a 148

specific business activity. This term is the most generic one; any participant in the 149

supply chain is an agent. 150

Broker: Entity performing broker activities that is, all activities in relation to the sales or 151

purchase of medicinal products, which do not include physical handling and consist of 152

negotiating independently and on behalf of another legal or natural person. 153

Trader: Entity or individual engaged in trading (buying – selling, re-selling process) 154

Distributor: Entity or individual that receives, holds, and distributes goods (wholesale 155

or retail) supplied to him by a manufacturer or any agent, without any re-packaging 156

or/and re-labelling operations. 157

Re-packer: Entity or individual fractioning from big to small containers, while opening 158

and manipulating the product. 159

Re-labeller: Entity or individual re-labelling the original containers without opening the 160

containers. 161

Transport Agency: Entity or individual providing transportation services for goods. 162

Carrier: Entity or individual physically transporting goods from one site to another. 163

Warehouse: Centre where goods are stored, waiting for their distribution. 164

Distribution hub: Distribution centre with no storage capability. Residence time is no 165

longer than 24 hours. 166

Custom agent: A person or company that is paid to make the formal arrangements for 167

imported goods to go through customs. 168

GMP: Good Manufacturing Practices 169

GDP: Good Distribution Practices. 170

ICH: International Conference on Harmonization 171

DMF: Drug Master File 172

FMEA: Failure Mode and Effects Analysis 173

Incoterms: The Incoterms rules or International Commercial terms are a series of pre-174

defined commercial terms published by the International Chamber of Commerce (ICC) 175

widely used in international commercial transactions. A series of three-letter trade 176

terms related to common sales practices, the Incoterms rules are intended primarily to 177

clearly communicate the tasks, costs and risks associated with the transportation and 178

delivery of goods. 179

The terms related to the risk management are taken from the ICH Q9, Full description 180

can be found therein. 181

182

SStteepp 55



183

3. RAW MATERIALS SUPPLY CHAIN RISK MANAGEMENT 184

Risk management applied to the raw materials supply chain is shown in the following 185

flow chart, according to the scheme proposed by ICH Q9 (Part III EUGMP). 186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

Risk Identification

Identification of potencial damage sources

Critical indicators & acceptance criteria definition

Decision making whether to audit the agent or not

Risk Analysis

Agent Function & Activities Criticallity Assessment

Audit (if necessary) Assessement on site of the criticalindicators

Risk Evaluation

Evaluation of the overall risk related with the agent takinginto consideration available information

I – Risk Assessment

Risk Reduction.

Probability reduction.

Improvement plan agreement with the agent

Technical Agreement and Supply ChainCharacterization and control.

Detectability increasing

Monitoring plan of the supply process

Control of the goods received

Risk Acceptance

Evaluation of residual risk assuming the risk reductionactions

Acceptance of the residual risk ?

II – Risk Control

Result of the Quality RiskManagement Process

Improvement plan follow up

Events evaluation and management

Follow up audit (if necessary)

IV- Risk Review

Failu

reM

ode

Effe

ctsAnaly

sis(F

MEA)

III–Ris

kCom

munic

ation

Unacceptable

Risk

Identification of agents in the supply chain of all the raw materials

Identification of the functions and activities of each agent

0.- SUPPLY CHAIN CHARACTERIZATION

Acceptable Risk

SStteepp 55



3.1 Step 0. Characterisation of the Supply Chain 210

As represented in the above flow chart, the process encompasses an initial exercise of 211

characterization of the supply chain. This includes the identification of all the involved 212

agents. The functions and activities that the agent performs should be specifically 213

identified as well. It is possible to define “profiles” of supply chain so that every profile 214

will cover several products that follow the same supply chain. 215

3.2 Step I. Risk Assessment 216

Every agent identified in the Step 0 should be included in the risk management 217

process, starting with the risk assessment. This assessment shall consider the 218

following three stages: 219

Risk Identification is a systematic use of information to identify hazards referring 220

to the risk question or problem description. Information can include historical data, 221

trend analysis, informed opinions, and the concerns of stakeholders. Risk 222

identification addresses the “What might go wrong?” question, including identifying 223

the possible consequences. 224

At the light of the functions and activities previously characterized, the potential 225

sources of damage for the integrity and quality of the goods should be assessed, 226

and in consequence, any risk for the patient. 227

Critical indicators should be defined according the potential sources of damage 228

identified. Acceptance criteria should be established for the critical indicators 229

(examples; temperature or time limits) 230

The definition of risk factors and the evaluation of the need to perform an audit to 231

assess the criticality should be also part of this stage. This provides the basis for 232

further steps in the quality risk management process. 233

Risk Analysis is the estimation of the risk associated with the identified hazards. It 234

is the process of linking the likelihood of occurrence, severity of harms and 235

detectability. In some cases, an audit will be necessary to complete this 236

assessment. 237

Risk Evaluation compares the identified and analyzed risk against the given risk 238

criteria. 239

3.3 Step II. Risk Control 240

Risk control includes the decision making to reduce and/or accept risks. The purpose 241

of risk control is to reduce the risk to an acceptable level. The amount of effort applied 242

to control a risk should be proportional to the significance of the risk. Decision makers 243

might use different processes, including benefit-cost analysis, for understanding the 244

optimal level of risk control. Risk control might focus on the following questions: 245

o Is the risk above an acceptable level? 246

o What can be done to reduce or eliminate risks? 247

o What is the appropriate balance among benefits, risks and resources? 248

SStteepp 55



o Are new risks introduced as a result of the previous identified risks being 249

controlled? 250

Risk Reduction. 251

The risk could be minimized by the reduction of the probability of its occurrence and / 252

or increasing its detectability. 253

Probability of occurrence reduction: Actions taken that could reduce the probability of 254

occurrence, which normally are focussed but not limited to the Quality System 255

improvements and the clarification of the role and responsibilities of the different actors. 256

Detectability improvement: Detectability is normally improved through monitoring and 257

controlling plans 258

Risk Acceptance. 259

After the implementation of the Risk Reduction measures, their efficacy should be 260

evaluated. The acceptance of the residual risk should be assessed. In case that the 261

residual risk is unacceptable, the supply chain should be revised and changed. 262

3.4 Step III. Risk Communication 263

Risk communication is the sharing of information about risk and risk management 264

between the decision makers and others. Parties can communicate at any stage of the 265

risk management process. The output/result of the quality risk management process 266

should be appropriately communicated and documented. Communications might 267

include those among interested parties. The included information might relate to the 268

existence, nature, form, probability, severity, acceptability, control, treatment, 269

detectability or other aspects of risks to quality. 270

3.5 Step IV. Risk Review 271

Risk management should be an ongoing part of the quality management process. A 272

mechanism to review or monitor events should be implemented. The output/results of 273

the risk management process should be reviewed to take into account new knowledge 274

and experience. Once a quality risk management process has been initiated, that 275

process should be applied to events that might impact the original risk management 276

decision, irrespectively these events are planned (e.g. results of product review, 277

inspections, audits, change control) or unplanned (e.g. Root cause from failure 278

investigations, recall). The frequency of a risk review should be based upon the level of 279

risk. Risk review might include reconsideration of risk acceptance decisions. 280

3.6 Risk Management tool. Failure Mode and Effects Analysis (FMEA). 281

The tool chosen to perform the risk assessment for the raw materials Supply Chain 282

Control is the FMEA (Failure Mode and Effects Analysis) 283

FMEA (see IEC 60812) provides a methodology for an evaluation of potential failure 284

modes for processes and their likely effect on outcomes and/or product performance. 285

Once failure modes are established, risk reduction can be used to eliminate, contain, 286

reduce or control the potential failures. FMEA relies on product and process 287

understanding. FMEA methodically breaks down the analysis of complex processes 288

SStteepp 55



into manageable steps. It is a powerful tool for summarizing the important modes of 289

failure, factors causing these failures and the likely effects of these failures. 290

FMEA might be extended to incorporate an investigation of the degree of severity of 291

the consequences, their respective probabilities of occurrence, and their detectability, 292

thereby becoming a Failure Mode Effect and Criticality Analysis (FMECA; see IEC 293

60812). In order for such an analysis to be performed, the product or process 294

specifications should be established. FMECA can identify places where additional 295

preventive actions might be appropriate to minimize risks. 296

In the Annex 1 how to implement the FMEA methodology in the raw materials Supply 297

Chain Risk Management is described. 298

299

300

SStteepp 55



301

4. SUPPLY CHAIN CONTROL ACTIVITIES 302

The previous risk management exercise shall be carried out when the supply chain is 303

comprehensively ascertained and known. According to this risk the manufacturer shall 304

determine the risk control activities applicable to each link of the supply chain. 305

The supply chain for active ingredients, Excipients and packaging materials can be 306

depicted by the following scheme: 307

4.1 SUPPLY CHAIN FLOW DIAGRAM 308

309

310

311

312

313

314

315

316

4.2 QUALITY MANAGEMENT SYSTEMS ACCEPTABLE AS RISK MITIGATING 317

MEASURES 318

Risks identified in the supply chain can be mitigated by appropriate Quality 319

Management Systems applied to different levels of the chain. Although the certification 320

by a standard cannot be interpreted as the absence of risk, the availability of an ISO or 321

other quality standards certification on a quality system applicable to the 322

pharmaceutical supply chain to mitigate the identified risks can be considered as a 323

good starting point. 324

In that respect, references which should be considered, among others: 325

Good Manufacturing Practices (GMPs) 326

EUGMP Part II - Basic Requirements for Active Substances used as Starting 327

Materials. 328

ICH Harmonised Tripartite Guideline- Good Manufacturing Practice Guideline for 329

Active Pharmaceutical Ingredients (ICH Q7). 330

WHO. Quality assurance of pharmaceuticals Volume 2. 2007. 331

Good Manufacturing Practices. WHO Technical Report Series. 332 http://www.who.int/medicines/areas/quality_safety/quality_assurance/production/en/ 333

Starting material manufacturer

API manufacturer

Drug productmanufacturers

Release by theQualified Person

Risk Management

Excipient manufacturer

Packaging material manufacturer

Agents

http://www.who.int/medicines/areas/quality_safety/quality_assurance/production/en/

SStteepp 55



The Joint IPEC-PQG Good Manufacturing Practices Guideline for 334

Pharmaceutical Excipients (2006). 335

ISO 15378:2006 Primary packaging materials for medicinal products — 336

Particular requirements for the application of ISO 9001:2008, with reference to 337

Good Manufacturing Practice (GMP). 338

Good Distribution Practices (GDPs) 339

Directive 2011/62/EU of the European Parliament and of the Council of 8 June 340

2011. 341

WHO Good Distribution Practices (GDP) for pharmaceutical products 342

(QAS/04.068/Rev2). 343

The IPEC Good Distribution Practices for Pharmaceutical Excipients (2006). 344

Guía de bones pràctiques en el transport de medicaments (Direcció general de 345

recursos sanitaris- Generalitat de Catalunya). 346

Annex 9 Guide to good storage practices for pharmaceuticals- WHO (World 347

Health Organization) Expert Committee on specifications for pharmaceutical 348

preparations. 349

ISO standards 350

ISO 9001:2008 - Quality management systems – Requirements. 351

ISO 9004:2009 - Managing for the sustained success of an organization -- A 352

quality management approach. 353

ISO 9000:2005- Quality management systems -- Fundamentals and vocabulary. 354

ISO 28000 standards. 355

ISO 28000:2007- Specification for security management systems for the supply 356

chain. 357

ISO 28001:2007 - Security management systems for the supply chain -- Best 358

practices for implementing supply chain security, assessments and plans -- 359

Requirements and guidance. 360

ISO 28003:2007 - Security management systems for the supply chain -- 361

Requirements for bodies providing audit and certification of supply chain security 362

management systems. 363

ISO 28004:2007 - Security management systems for the supply chain -- 364

Guidelines for the implementation of ISO 28000. 365

ISO 28005-2:2011 - Security management systems for the supply chain -- 366

Electronic port clearance (EPC) -- Part 2: Core data elements. 367

Others 368

Cefic’s Safety and Quality Assessment Systems (SQAS). Standard 369

Questionnaires for evaluating the safety, security, quality and environmental 370

standards of their logistics service providers. 371

The aforementioned references are considered to be as the basis of the existence of a 372

Quality System in place that should be reviewed in terms of scope and application to 373

be accepted as effective risk mitigation control measures. 374

375

http://www.iso.org/iso/rss.xml?csnumber=41014&rss=detail





SStteepp 55



4.3 TECHNICAL AGREEMENTS (TA) 376

Technical Agreement (TA) is one of the important documents to guarantee the 377

traceability and the safety of the Supply Chain. TA allows defining the task sharing in 378

between the related parties and its content will depend on the parties establishing the 379

TA and those defined in the Incoterms. The need of TAs will be determined by the risk 380

management exercise, as the TA is one of the tools for the risk reduction. In addition, a 381

TA is requested by the Health Authorities in certain cases. Pharmaceutical Companies 382

should be aware about the current legislation on this respect. 383

4.3.1 TA BETWEEN PHARMACEUTICAL COMPANIES AND DISTRIBUTORS 384

When necessary, a TA should be drawn up between the Pharmaceutical Companies 385

and the Distributors, which specify their respective responsibilities relating to the control 386

of the supply chain and the integrity of the supplied goods. The technical aspects of the 387

contract should be drawn up by competent persons who are suitably knowledgeable in 388

Pharmaceutical Technology, Good Distribution Practices and Good Manufacturing 389

Practice. 390

The TA should clarify, case by case, which tasks are delegated to distributors and the 391

evidences that should be collected to ensure the traceability of the operations and the 392

GDP compliance. As a starting point, but not limited to, the contents of the TA shall 393

consider the following issues: 394

1. Commitment from the distributor of GMP/GDP compliance, when applicable. 395

2. Willingness to undergo periodic GMP and/or GDP audits or even regulatory 396

inspections. 397

3. To provide to the Pharmaceutical Company the complete characterization of the 398

specific supply chain for each received good (see annex 2 of this document for a 399

model). 400

4. All traders and brokers should be registered in the European Union. 401

5. Transportation and storage ensuring environmental conditions appropriate to the 402

nature of the product from the previous link of the supply chain and to the final 403

user, in case that this transportation lies under the responsibility of the 404

distributor. 405

6. Availability of original documentation from the manufacturer corresponding to the 406

delivered batch including not less than what it is requested in the EUGMP Part II 407

Chapter 17.20 “Traceability of Distributed APIs and Intermediates”. 408

17.20 Agents, brokers, traders, distributors, re-packers, or re-labellers should 409 maintain complete traceability of APIs and intermediates that they distribute. 410 Documents that should be retained and available include: 411

Identity of original manufacturer 412 Address of original manufacturer 413 Purchase orders 414 Bills of lading (transportation documentation) 415 Receipt documents 416 Name or designation of good 417 Manufacturer’s batch number 418 Transportation and distribution records 419 All authentic Certificates of Analysis, including those of the original 420

manufacturer 421

SStteepp 55



Retest or expiry date 422

7. Commitment to collaborate in the management of the logistics for the audit to the 423

manufacturer/s and/or re-packers and re-labellers. 424

8. Full transparency and traceability of documentation of the supplied materials that 425

should unquestionably allow, the final user, knowing the manufacturer of the 426

supplied product and whether or not the containers have been manipulated, re-427

labelled, blended or fractioned. 428

In case of re-labelling operations, re-labellers must prepare records to 429

ensure their traceability and GMP compliance. 430

In case of sampling and/or fractioning (re-packing) operations that entail 431

the manipulation of opened goods. The operations should be carried out in 432

appropriate facilities, following established procedures and through a batch 433

record that should be kept and reviewed before the good release. 434

9. Rigorous change control of the supply chain. Any significant change should be 435

notified to the pharmaceutical company. The TA should clarify what “significant” 436

means. 437

10. Commitment to be aware about any change in manufacturing site or process 438

that could affect the content of the DMF (when applicable). Changes should be 439

notified to the involved pharmaceutical companies. 440

11. Commitment to manage the complaints and recalls derived to the supplied 441

materials. 442

The responsibilities should be clearly defined in a TA. The TA could cover more than 443

one product. The supply chain characterization could be an annex of the TA. 444

Several annex are also possible, covering all the products and their respective 445

supply chains. 446

4.3.2 TA BETWEEN DISTRIBUTORS AND THE REST OF THE SUPPLY CHAIN 447

In case that the supply of goods is not direct from the distributor to the 448

pharmaceutical company, or between the manufacturer and the distributor, each 449

distributor should establish the controls and the need of TAs according to the results 450

of the risk analysis of the agents involved and the functions that they perform. 451

The contents of the TA will depend on the risk identified for each link, while the 452

same considerations on the pre-requisites mentioned on the former section should 453

be made. 454

In the case of brokers or even other distributors located in non-EU countries, the TA 455

between the EU distributor and the non-EU distributor will consider the same issues 456

regarding documentation and batch traceability as detailed in the previous section, 457

with the unique exception of sampling and fractioning, which will not be acceptable 458

in any of the links of the supply chain, unless it is known and approved by the final 459

user of the supplied product. In any case, the basic principle set forth in the 460

statement number 8 from the former section will prevail. 461

462

463

SStteepp 55



4.3.3 TA BETWEEN DISTRIBUTORS AND GOODS MANUFACTURER, RE-PACKERS OR 464

RE-LABELLERS 465

The distributor should establish a TA with the goods manufacturer, re-packer or re-466

labeller in order to be able to guarantee the following points to the Pharmaceutical 467

Company: 468

1. Commitment of GMP compliance from the manufacturer, re-packer or re-labeller 469

(according to the nature of the product). 470

2. Willingness to undergo periodic GMP audits or even regulatory inspections. 471

3. Establishment of the transportation responsibilities (INCOTERMS). 472

4. Transportation and storage ensuring environmental conditions that are 473

appropriate to the nature of the product from the manufacturing site to the 474

agreed distribution point. 475

5. Availability of original documentation from the delivered batch, including not less 476

than: 477

Identity of original manufacturer, re-packer and re-labeller. 478

Address of original manufacturer (manufacturing site, re-packing and re-479

labelling site). 480

Name or designation of good. 481

Manufacturer’s batch number traceability. 482

Transportation and distribution records (when applicable). 483

All original Certificates of Analysis including the original from the 484

manufacturer. 485

Retest or expiry date. 486

6. Full transparency and traceability of documentation of the supplied materials that 487

should unquestionably allow the distributor knowing the manufacturer of the 488

supplied product and whether or not the containers have been manipulated, re-489

labelled, blended or fractioned. 490

In case of re-labelling operations, re-labellers must prepare records to 491

ensure their traceability and GMP compliance. 492

In case of sampling and/or fractioning (re-packing) operations that entail 493

the manipulation of opened goods. The operations should be carried out in 494

appropriate facilities, following the established procedures and through a 495

batch record that should be kept and reviewed before the good release. 496

7. Rigorous change control of the supply chain. Any significant change should be 497

notified to the distributor. The TA should clarify what “significant” means. 498

8. Commitment to notify any changes in manufacturing site or process that could 499

affect the content of the DMF when applicable. 500

9. Commitment to manage the complaints and recalls derived to the supplied 501

materials. 502

503

504

505

SStteepp 55



4.4 DISTRIBUTORS AUDITS: SCOPE AND EXTENT OF THE AUDIT 506

The risk analysis performed by Pharmaceutical companies will determine which 507

distributors, re-packers and re-labellers, and for which products, should be audited. 508

The audits, when necessary, will be performed by himself or, without prejudice to his 509

responsibility, through entity acting on his behalf under contract. Shared audits in 510

between several Pharmaceutical companies performed by an independent third party 511

entity are also possible. 512

The scope of the audit performed to the distributor by the end user will depend on the 513

operations and responsibilities agreed among them and the results of the risk 514

assessment previously performed. 515

When any re-packer or re-labeller is involved in the supply chain, the distributor and 516

pharmaceutical companies should agree on how the audit is managed. An independent 517

third party entity could perform the audit to cover the need of both parties. 518

In case of APIs, the audit will include in any case the on-site checking of the degree of 519

fulfilment of the agreements settled in the TA. In addition, the following subjects can 520

constitute a basis to prepare the audit agenda: 521

Organisation, markets served and Quality System. 522

Review of the Quality Manual and related procedures with the Quality 523

responsible person. 524

Field inspection of the site, following the flow of the operations included 525

in the supply agreement and TA. 526

Identification of the complete supply chain agents and their 527

correspondent functions. 528

Risk Assessment of the supply chain and the correspondent measures 529

to mitigate the risk. 530

Documentation and records related to the supplied materials. 531

Traceability of batches. 532

Relationships and TAs with other links of the supply chain. Evidence of 533

the required GDP compliance of these links. 534

When several products are supplied by the same distributor, one audit can cover all 535

them as the audit will be focussed in the GDP compliance and in the assessment of the 536

capability to guarantee the commitments included in the TA. 537

538

SStteepp 55



539

5. RESPONSIBILITIES DISTRIBUTION & TASKS 540

DELEGATION 541

5.1 PHARMACEUTICAL COMPANIES 542

Pharmaceutical companies which manufacture drugs and release them to the market 543

are responsible for the quality of the final product and therefore, they are responsible of 544

the GDP compliance of the raw material manufacturers, handlers, manufacturers of 545

intermediates and finished product. Risk for the goods related with the transportation 546

and storage operations should be also under control. 547

5.2 AGENTS 548

Distributors play a crucial part in the Supply Chain. They are experts in the Supply 549

Chain management and control. Although the responsibilities described in the previous 550

chapter are clearly defined and therefore the responsibility of the Supply Chain Control 551

lies on the drug product manufacturers, the distributors can assume the task related 552

with the Supply Chain Control. 553

This delegation process should be based in a mutual confidence and in the 554

establishment of the technical criteria and the agreed methodology to perform the 555

delegated tasks. Technical Agreements are essential to clarify what is necessary and 556

who has to do it. 557

Other agent’s tasks and responsibilities should be established by contract or Technical 558

Agreement with the Distributors or the Pharmaceutical Companies. The terms should 559

be agreed according to the risk identified related with the agent activities. 560

6. REFERENCES 561

Part I and II of EUGMP. 562

EMA/CHMP/CVMP/QWP/696270/2010. Template for the Qualified Person’s 563

declaration concerning GDP compliance of the active substance used as starting 564

material and verification of its supply chain. 565

Directive 2011/62/EU of the European Parliament and the council. Amending 566

Directive 2001/83/EC on the Community code relating to medicinal products for 567

human use, as regards the prevention of the entry into the legal supply chain of 568

falsified medicinal products. 569

Part III of EUGMP. ICH Q9. “Quality Risk Management”. 570

IEC 60812 Analysis Techniques for system reliability — Procedures for failure mode 571

and effects analysis (FMEA). 572

The IPEC Good Distribution Practices Guide for Pharmaceutical Excipients. 2006. 573

CEFIC. Safety and Quality Assessment Systems (SQAS). Standard Questionnaires 574

for evaluating the safety, security, quality and environmental standards of their 575

logistics service providers. 576

SStteepp 55



7. ANNEX 1. FMEA RISK MANAGEMENT 577

The FMEA Risk Management is the chosen tool for the management of the Supply 578

Chain as described in the chapter 3 of this document. 579

The following criteria could be used for the Risk Evaluation as described in the 580

subchapter 3.2. 581

7.1 Risk criteria 582

S = Severity 583

It is a measure of the possible consequence of the hazard. It is focused on the impact 584

the hazard may have on the product safety or efficacy, patient safety and critical data 585

integrity. The severity is defined in terms of four different levels, such as: 586

SEVERITY DESCRIPTION

CRITICAL (4) Direct impact on product integrity, safety or traceability that may result in a risk for the patient.

HIGH (3) Indirect or avoidable impact on product integrity, safety or traceability that may result in a risk for the patient.

MEDIUM(2) Low impact on product integrity, safety or traceability that do not result in a risk for the patient

LOW (1) No impact expected for product integrity, safety or traceability.

587

P = Probability 588

It measures the probability the hazard may occur. The value is obtained looking for 589

the possible causes of the hazard and it is defined as follows: 590

PROBABILITY DESCRIPTION

VERY HIGH (4) It will easily occur according to the profile of the agent and its related function.

HIGH (3) It will occasionally occur according to the profile of the agent and its related function.

MEDIUM (2) It will rarely occur according to the profile of the agent and its related function.

LOW (1) It is not expected to occur according to the profile of the agent and its related function.

591

SStteepp 55



D = Detectability 592

It measures the likelihood that the fault is detected before the hazard occurs. The value 593

is obtained based upon the accumulated experience, the knowledge of the 594

process/operations and critical indicators, complexity or objective data that the team 595

can provide. To establish an agreed baseline, the following categories have been 596

identified: 597

DETECTABILITY DESCRIPTION

VERY LOW (4) The failure cannot be detected.

LOW (3) There are only periodical manual controls, not covering all cases.

MEDIUM (2) There are routine manual controls applied to each case.

HIGH (1) Automated control mechanisms exist to monitor the failure occurrence or the user of the system can detect it in the moment it occurs.

598

7.2 RPN (Risk Priority Number) calculation 599

The RPN calculation is obtained by multiplying each of the different factors: severity, 600

probability and detectability (RPN = S*P*D). 601

The resulting risk level will determine the subsequent decision making, as follows: 602

Risk Level Definition

HIGH

RPN > 16

Unacceptable risk, which requires changes to the supply chain or additional control measures to eliminate the risk or bring it to a lower Risk Level.

MEDIUM

16 ≥ RPN ≥ 8

The identified risk may require mitigating actions to bring it to an acceptable level. A cost-benefit evaluation of the possible control measures should be made.

LOW

RPN ≤ 7

The identified risk will be considered acceptable and no specific control measures will be taken to reduce its grade.

603

High risk levels due to a severity 4 should be eliminated or reduced to a maximum of 8 604

RPN.605

DDRRAAFFTT SStteepp 33



7.3 FMEA RISK MANAGEMENT TABLE 606

607 608

SUPPLY CHAIN CHARACTERIZATION

RISK ASSESSMENT RISK CONTROL

AGENT FUNCTION HAZARD

DESCRIPTION EFFECT S CAUSE P

DETECTION MECHANISM

D RPN RISK

LEVEL CONTROL ACTIONS

ASSESSMENT OF CONTROL

ACTIONS AND RESIDUAL RISK

S P D

FINAL RPN

FINAL RISK

LEVEL

ACCEPTANCE

(YES/NO)

609 610 S: Severity / P: Probability of occurrence / D: Detectability 611 612




613

8. ANNEX 2. SUPPLY CHAIN CHARACTERIZATION AND 614

TASKS DISTRIBUTION MODEL 615

This section includes a model of supply chain characterization to be used in the 616

preparation of technical agreements (as an annex), between drug manufacturers and 617

distribution companies. 618

The purpose of this annex is to characterize the supply chain and establish the controls 619

to be performed for each agent. The definition of these controls is the result of the 620

detailed risk analysis performed by the distributor for each case. The responsibility of the 621

execution of each task is also included to guarantee their performance. 622

This annex could cover several products including as many characterization tables as 623

needed to cover all the products and their related supply chains. The annex has its own 624

version life system to make easy and fluent the change control management. 625

626

627




628

629