With disruption to the traditional supply chain, managing quality and safety in today’s complex and ever-changing global Life Sciences market can be a challenge. In this article, Helen Lowe from Arriello examines how drug companies can ensure quality without boundaries and deploy vendor management processes to build new confidence in their end-to-end safety profile.
Throughout the drug authorisation process and right across the marketing authorisation lifecycle, licence holders are responsible for ensuring the continuous monitoring of the safety profile of a medicinal product. This includes accountability for all third parties and contractors with a potential impact on that safety profile. Relevant suppliers could include anyone from local distributors or qualified persons to IT system partners, security providers and even auditors themselves.
Disruption and turbulence in the global Life Sciences market is adding to that complexity, with changes to the line-up of suppliers and service providers, all of which affects the vendor records and controls companies must maintain to ensure end-to-end quality and safety. Where control slips, there is a real risk of problems occurring and, if these are exposed during inspections, that could lead to fines, or even product withdrawal from affected markets.
Scenarios potentially triggering an inspection could include a distributor failing to flag an effective product recall in a particular market; a local partner failing to implement additional risk minimisation measures (aRMMs); or a local qualified person being unreachable by the relevant authority due to out-of-date contact details or the vendor going into liquidation.
So how can marketing license holders take back control?
Review all suppliers for potential risk
It’s important to start by identifying ALL suppliers with a potential bearing on a products’ safety profile, however tenuous. Once a definitive list has been compiled, each supplier can be reviewed for potential risk/safety impact and appropriate due diligence. (Ideally, such factors should form part of the risk-based evaluation conducted before entering into a contract with a new supplier or service provider.)
Relevant third parties could range from sales and marketing companies which capture data and could come across adverse events (AEs); outsourced service providers – e.g. of data management; biostatistics; medical writing; pharmacovigilance (PV) service providers; IT providers that host the company’s safety database or ensure the safety data being stored; and independent PV or Clinical Safety contract auditors.
Once all the potential third parties for assessment have been noted down, each can be assessed for potential safety profile impact, the current supply/contract status and any monitoring, and required next steps.
As the Life Sciences ecosystem continues to change in shape and make-up, and as globalisation is counterbalanced by supplier consolidation and supply chain restructuring, regulators are expected to issue firmer guidance on vendor management controls sooner rather than later.
In the meantime, robust vendor management is an expectation under EU GxP requirements. So if drug developers or license holders fall short, they could risk their reputations as well as significant fines and ultimately product withdrawals.
Formalise vendor management
A robust vendor management system (VMS) is every bit as important as a robust quality management system (QMS). Ultimately it should form an integral part of the QMS, and awareness, training and buy-in to vendor management practices should be formalised with appropriate communication and training.
Governance and the sharing of business decisions with the Safety/Pharmacovigilance Quality Assurance (PVQA) department prior to contract emerge as important, positive practices, too. Additionally, all contractual arrangements with PV agreements, clauses or a PV section should be reviewed by the Safety/PVQA department.
When considering new third parties, it’s important that the R&D, MAH, CRO or service provider organisation assesses how much impact that vendor will have on the safety profile based on the services it is going to provide.
Once the new partner has been classified, the associated risk level must be assessed through a process of due diligence. The objective here is to gather and review all relevant information to facilitate an informed, risk-based decision as to whether your organisation should enter into a contractual relationship. Performing an audit or risk-based questionnaire on all critical and significant third parties is suggested best practice.
Post-marketing due diligence and assessment
From a post-marketing perspective, under GVP Module IV.B.1. (Pharmacovigilance audit and its objective) there must be ongoing due diligence and assessment, alongside an audit program based on risk. This should reflect evolving factors such as changes to legislation and guidance, or a major reorganisation/restructuring of the PV system (e.g. following a merger/acquisition).
Everyone in the organisation should be aware of the vendors used so that if they become aware of any related developments, they can report them to safety/PVQA to investigate the potential risk of those changes.
All licence holders should have all responsibilities clearly documented in an appropriate agreement, to avoid misunderstandings around relative responsibilities. Across the lifetime of the contract, it will be important to review any contractual changes made. Regular testing of the contact details to ensure they are still valid and correct are measures offers one simple way to uncover changes that may not have been identified otherwise through routine process.
Steps to effective vendor management
There are a number of critical success factors related to vendor management. First, get buy-in from everyone – from business development and contract management, to marketing and beyond. Then educate everyone concerned about the impact of all kinds of third-party suppliers and service partners on safety.
It’s important to start the process for vendor selection due diligence before the contract is signed, and get the relevant Safety team involved. Be clear in contracts, setting out respective responsibilities to ensure there is no misunderstanding of responsibilities around sharing changes to information. The VMS, like a good QMS, should reflect the given company’s own organisational complexity.
Conduct an ongoing review of potential risk factors, to ensure ongoing compliance. Practise good, ongoing communication and open sharing of information. Audits are not the definitive solution to effective vendor monitoring and management. Foster good relationships with relevant third parties, and keep re-evaluating them. As the Life Sciences ecosystem continues to evolve and experience supplier consolidation and supply chain restructuring, effective vendor management will become ever more key to safety and quality. It is essential to take a proactive approach sooner rather than later.
About the author
Helen Lowe is Auditing and Quality Assurance Director at Arriello. As well as advising on best practices as a PV and Clinical auditor, Helen works proactively with the Research Quality Association (RQA) to develop clearer guidelines for drug license holders around vendor management. Arriello, a leading consultancy and solutions provider of risk management and compliance services to the pharma industry, addresses end-to-end supplier selection and vendor management across the product lifecycle. That could be by managing and maintaining PV agreements (vendor contracts); managing and checking on vendors’ evolving status and details; working with a manufacturer to create an audit strategy; and performing audits or running those audit programs. Arriello also offers CAPA management and consultancy advice on QMS/VMS best practices.