Mike Zanette, Vice President, Compliance Services, Verista
Quality management and auditing are significant drivers for continuous improvement, compliance and organizational success. This blog discusses ways of thinking about how quality teams can evaluate their processes and implement transformative best practices.
The purpose of a Quality Management System (QMS) is to improve processes, reduce waste and lower costs by facilitating and identifying training opportunities, aligning staff on regulatory expectations and setting organization-wide direction. These areas of emphasis lead to more efficient and ultimately higher quality operations. Quality Management Systems impact every aspect of an organization deeply by setting the cultural standard.
When designing a robust QMS, think about how you can best fulfill the company’s business and quality requirements, but also how you can impact the company’s culture and audit readiness to produce consistent readiness and results.
Primary elements and requirements of a QMS comprise of the following:
- Quality policies and objectives
- Internal process management
- Process improvement quality analysis and metrics
- Data management
- Customer satisfaction and procedures
- Records management
Although a QMS has many objectives that apply across an organization, a primary focus is the optimization of IT management (systems, processes, structure, etc.). As IT systems continue to progress towards Software as a Service (SaaS) models, many companies find themselves outsourcing system implementation/validation and ongoing operational management to external vendors. QMS processes such as those for vendor management become a crucial activity in the control of an organization’s quality. The results of the vendor management and auditing processes define a pivotal step for ensuring an adequate risk-based approach to controlled system implementation and ongoing compliance. Another benefit of a well-defined quality system for IT, whether it’s managed internally or with a partner, is adequate project demand management, which affords controlled oversight of project classification and prioritization during budget planning.
A QMS demands governance for continuous process monitoring and improvement to ensure appropriate execution. The following criteria feed into the governance of the QMS:
- Enforcement practices
- Process outcome review
- Strategic objective definition and criteria
Organizations should invest in adequate review and planning activities when looking to implement or update their QMS. A focused, fit-for-use QMS is proven to be beneficial as it helps to control the things that are best suited for the organization. It permits a minimal amount of risk tolerance to the organization, which allows operations to operate smoothly while driving compliance with regulatory standards. The common components of a QMS are often referred to as “modules”.
There are, however, key common modules that are essential to building a QMS, which include:
- Service management
- Security and access management
- Change management configure management
- Supplier management
- Resource management
- Document and record management
- Backup/restore, archiving, business continuity and disaster recovery
These modules are often implemented and controlled through a combination of procedures, and one or more software platforms to manage the module business process. Verista partners with our customers to first help define these processes, and then select a right-sized solution available in the market that can satisfy the process needs. In many cases, especially in smaller organizations, these processes may be managed solely through a paper process defined in the procedure itself.
System validation, as it applies to a QMS, refers to validation considerations for a software system implemented to control one or more of the QMS module processes. Verista places these software systems through the same validation controls that every other GxP software system must go through (e.g., manufacturing, laboratories, enterprise level systems, etc.).
The Importance of Being Audit-Ready
Auditing is an oversight and monitoring activity that ensures a company’s QMS is effectively implemented, adequate and adhered to. Without a person or team governing and reviewing the QMS itself, it would be difficult to detect potential issues and correct them. Without an effective quality audit function, the QMS program is incomplete.
When it comes to quality audits in general, Verista incorporates a holistic approach by considering key perspectives from a customer’s GxP standpoint. This often includes several different types of audits, including those focused on products, systems implementation/validation, as well as management controls (i.e., the overall control of the organization, compliance, departmental management and regulatory and clinical management). Quality audits can be used as a basis for Corrective and Preventative Actions (CAPAs) throughout an organization and provide concrete evidence and tracking that the QMS and associated deliverables (including validation activities) adhere to the company’s requirements. Quality auditing must be implemented not only internally, but externally, for supplier and partner oversight as well.
As previously noted, the CAPA process is essential in the management of improvements identified during the auditing process. It is a key process that aids organizational optimization by providing controlled escalation, visibility and management approvals for ongoing improvements. CAPA is highly integrated into many QMS processes, such as performance monitoring, incident and problem management, change management and, of course, the auditing program.
Verista. “Quality Management & Auditing.” 2021, https://youtu.be/i7_rxXdszEg. Accessed 2021.
Mike Zanette has been working in the pharmaceutical field for approximately 26 years. He was employed in many facets of the industry, working in the lab with industry-leading equipment to performing bench chemistry and microbial identification. Mike began working in systems compliance over 20 years ago, where he initially specialized in laboratory computer systems operation, automation, validation, and regulatory compliance.