Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Managing Risk Through Manufacturing Audits
Paul D’Eramo
VP of Pharmaceutical Regulatory Compliance
Johnson & Johnson
September 16, 2014
1
FDA/PQRI Conference Evolving Product Quality September 16 & 17, 2014 Bethesda North Marriott Hotel & Conference Center
J&J manages compliance risk across the enterprise and
provides a holistic view of J&J compliance profile
550+ Sites 275 Companies
60 countries
3 Sectors: Pharmaceuticals
Consumer Medical Devices &
Diagnostics R&D
Manufacturing Packaging
Quality Systems Distribution
34 Quality Standards
$71.3 billion in sales
(2013)
128,100 employees
Our Challenge:
Identify, prioritize, and act on potential compliance concerns
Independent Audit Program
• Classic audit process augmented with innovative closed loop technique
• Independent identification of issues
• Measurement of site Quality Culture
• Ability to Respond, Remediate and to Sustain
Proactive Compliance
Scan
• Foundational utility based upon comprehensive measurements
• Facilitates identification and prioritization of compliance risk
Measurement Program
• Data captured at the site level
• Independent review and classification
• Aggregated to show sector and enterprise trends
Addressing the Challenge
Our multi-faceted approach is based upon risk management techniques* Independent Audit Program, Proactive Compliance Scan, Measurement Program
Independent Audit Program
Proactive Compliance
Scan
Measurement Program
“The Right Actions” *Identify, Assess, Respond & Monitor Compliance Risk
Proactively Drives
Independent Audit Program
Conduct Audit
Audit Focus Areas Management Responsibility / Organization, Laboratories, Facilities / Utilities / Equipment Quality / Compliance Systems, Material Control, Production / Packaging Systems Validation / Qualification, External Manufacturer / Supplier Mgmt, New Product Introduction
Classify Findings CRITICAL
MAJOR
MINOR
Standard definitions based on risk, determined by independent review outside the Audit group and applied consistently
Site Response
Classify Follow-up Strategy
A Measure of Quality Culture
Includes both interim control and final mitigation plan
A = significant issues that are systemic
B = some critical and major observations
C = majority of observations are major
D = majority observations are minor
Based upon classification of findings and site response acceptability; standard definitions based on risk, determined by independent review outside the Audit group and applied consistently
Monthly status report of all site remediation measuring the site’s and their management’s ability to: • remediate immediate issues and • implement sustainable processes
Independent Audit Program: Why does it work?
Independent Audit Program utilizes independence, skilled resources and
key measures to manage compliance risk
Independence: • Audits conducted by an independent group • Observations classified by an independent resource • Follow-up strategy determined by an independent
resource • The same criteria is used for internal findings as that
used for external events
Qualified Resources: • Trained auditors conduct audits • Subject matter experts with extensive compliance
expertise are independent resources • Resources with business and site knowledge work
closely with the sites engaging in remediation
Engagement: • Measures promote engagement :
• Metrics on observations provide insights for the Site
• A measure of Site Quality provides insight for management
This approach… Promotes consistent risk ranking Effectively identifies and prioritizes risk
to make best use of resources Considers both Site and Management
concerns Provides a measure of Site Quality
Culture
Proactive Compliance Scan
Site Compliance Risk Profile Identify, Assess
Remediation Approach
Assess/ Respond
Remediation and Verification
Monitor
Proactive Compliance Risk Scan is a foundational utility to facilitate
identification and prioritization of compliance risk across the J&J landscape.
• Site compliance and quality metric data are collected • An initial score is calculated based on a weighted risk ranking
• The Site’s risk ranking score is plotted against a J&J Supply Chain Risk Management tiered manufacturing site risk ranking
• A final risk ranking placement is determined and communicated
• Proactive remediation is implemented • Remediation progress is tracked and in
select situations, verified to closure
Proactive Compliance Scan
Legal Action
External Profile
Field Action
Regulatory Inspection
Product Lifecycle
Management
Internal Audit --
Quality System
Quality System Metrics (CAPA, Complaints,
Adverse Events)
Internal Profile
Process Capability
Contracted Services
Leadership Changes
Corporate Governance Profile
JJRC Audit Results
Audit Follow-Up
Results
Turnover/RIF
Internal Audit --
Results
Components of Site Compliance Risk Profile
Ris
k R
an
kin
g S
co
re
Supply Chain Risk Management Tier (Tier 3 to Tier 1)*
Proactive Compliance Scan
*A site prioritization approach for ensuring product supply continuity Considers the site’s product concentration, type of products manufactured, single source supply and Public Health
Self-Directed
Corrective Action Plan with Independent
Oversight
Self-Directed
Corrective Action Plan with Independent
Oversight
Comprehensive
Corrective Action Plan with
Independent verification
Heightened Monitoring
Heightened Monitoring
Self-Directed
Corrective Action Plan with
Independent Oversight
No Action
No Action
Heightened Monitoring
Proactive Compliance Scan: Why does it work?
Proactive Compliance Scan utilizes independence, skilled resources and
comprehensive measures to manage compliance risk
Independence: • Scan is architected by an independent group • Risk ranking score is calculated by independent
resources • Independent oversight provides assurance of
completion
Qualified Resources: • Subject matter experts with extensive compliance
expertise are independent resources • Resources with business and site knowledge
supplement the process findings
Engagement: • Site actively participates in the process providing
many of the metrics • Results provide insight for management highlighting
potential areas for improvement
This approach… Considers a set of comprehensive
measures – both compliance and quality metrics
Promotes consistent risk ranking Effectively identifies and prioritizes risk
to make best use of resources
Measurement Program
Key site compliance indicators are independently reviewed and classified,
prioritized based upon risk and monitored to closure.
Identify
Assess
Respond & Monitor
• External: site recalls, health authority inspections and regulatory actions
• Internal: audit findings, site quality measure
Independent resource reviews both external and internal data for
accuracy and assigns risk classification
Independently monitored to closure: • External: prioritized recalls,
inspections and regulatory actions • Internal: prioritized audit findings
Identify, Assess, Respond & Monitor Compliance Risk
Measurement Program
Recall Severity • S1 - Defect will cause serious adverse health consequences
• S2 - Defect may cause reversible adverse health consequences
• S3 - Defect not likely to cause adverse health consequences
• S4 - Not defective, will not cause adverse health consequences
Health Authority Inspections
Data Analytics
• A Health Authority inspection will be considered significant if any of the following apply: One
or more critical observations are noted; Two or more major observations are noted in the
same audit area; One or more repeat major observations from a previous inspection are
found.
• HA observations are classified in the same manner as the Independent Audit Program:
Critical, Major, Minor
Data Information Intelligence
Structured Data through comprehensive reporting
Provide meaning to information through
Subject Matter Expertise Raw Numbers
Utilizing data from both internal and external perspectives
presents a holistic view of risk
Measurement Program: Why does it work?
Independence: • Risk classification is determined by independent
resources
Qualified Resources: • Subject matter experts with extensive compliance
expertise are independent resources • Resources with business and site knowledge work
closely with the sites engaging in remediation
Engagement: • Site actively participates in the process providing
the external compliance data • Real-time reporting provides insight for
management highlighting potential areas for improvement
This approach… Promotes consistent risk ranking Effectively identifies and prioritizes risk
to make best use of resources Provides intelligence around raw data
for a holistic view of risk that betters support the business
Measurement Program utilizes independence, skilled resources and
data analytics to manage compliance risk
Pulling It All Together: Reporting
Comprehensive reporting up, down and across the J&J landscape
provides transparent awareness to all levels of management
Addressing the Challenge: A Proactive Approach
This multi-faceted approach to addressing our challenge… drives JJRC’s early identification of risk …
leading to “The Right Actions”
A Measure of Site Quality
Holistic View of Site Compliance
Profile
Key Compliance Indicators
“The Right Actions”
Early Identification
Independence
Qualified Resources
Engagement
Reporting
Critical Success Factors
Questions?
1