A dynamic global life sciences market, coupled with disruption to international supply chains, has seen new turbulence and consolidation for brands and manufacturers – both at an industry level and third-party suppliers. This is adding multiple layers of complexity in terms of the controls companies have in place to ensure end-to-end quality and safety. Arriello’s Helen Lowe considers how drug companies can ensure quality without boundaries and build new confidence in their end-to-end safety profile.
Key insights:
- Licence holders are responsible for ensuring the continuous monitoring of the safety profile of a medicinal product throughout the drug authorisation process and the marketing authorisation lifecycle.
- Each potential third party should be assessed for potential safety profile impact, the current supply/contract status and any monitoring, and required next steps.
- Everyone in the organisation should be aware of the vendors used so that if they become aware of any related developments, they can report them to safety/PVQA to investigate the potential risk of those changes.
Throughout the drug authorisation process and right across the marketing authorisation lifecycle, licence holders are responsible for ensuring the continuous monitoring of the safety profile of a medicinal product. This includes accountability for all third parties and contractors with a potential impact on that safety profile. Relevant suppliers could include anyone from local distributors or qualified persons to IT system partners, security providers and even auditors themselves.
Disruption and turbulence in the global life sciences market is adding to that complexity, with changes to the line-up of suppliers and service providers, all of which affects the vendor records and controls companies must maintain to ensure end-to-end quality and safety. Where control slips, there is a real risk of problems occurring and, if these are exposed during inspections, that could lead to fines, or even product withdrawal from affected markets.
Scenarios potentially triggering an inspection could include a distributor failing to flag an effective product recall in a particular market; a local partner failing to implement additional risk minimisation measures (aRMMs); or a local qualified person being unreachable by the relevant authority due to out-of-date contact details or the vendor going into liquidation.
So how can marketing license holders take back control?
Identify the impact that third parties have on the current safety system
It’s important to start by identifying ALL suppliers with a potential bearing on a products’ safety profile, however tenuous. Once a definitive list has been compiled, each supplier can be reviewed for potential risk/safety impact and appropriate due diligence. Ideally, such factors should form part of the risk-based evaluation conducted before entering into a contract with a new supplier or service provider.
Relevant third parties could range from sales and marketing companies which capture data and could come across adverse events (AEs); outsourced service providers – e.g. of data management; biostatistics; medical writing; pharmacovigilance (PV) service providers; IT providers that host the company’s safety database or ensure the safety data being stored; and independent PV or clinical safety contract auditors.
Once all the potential third parties for assessment have been noted down, each can be assessed for potential safety profile impact, the current supply/contract status and any monitoring, and required next steps.
Consider the authorities’ perspective & how it’s evolving
As the life sciences ecosystem continues to change in shape and make-up, and as globalisation is counterbalanced by supplier consolidation and supply chain restructuring, regulators are expected to issue firmer guidance on vendor management controls sooner rather than later.
In the meantime, robust vendor management is an expectation under EU GxP requirements. So if drug developers or license holders fall short, they could risk their reputations as well as significant fines and ultimately product withdrawals.
Identify & adopt best practice
A robust vendor management system (VMS) is every bit as important as a robust quality management system (QMS). Ultimately it should form an integral part of the QMS, and awareness, training and buy-in to vendor management practices should be formalised with appropriate communication and training.
Governance and the sharing of business decisions with the Safety/Pharmacovigilance Quality Assurance (PVQA) department prior to contract emerge as important, positive practices, too. Additionally, all contractual arrangements with PV agreements, clauses or a PV section should be reviewed by the Safety/PVQA department.
Perform initial due diligence
When considering new third parties, it’s important that the R&D, MAH, CRO or service provider organisation assesses how much impact that vendor will have on the safety profile based on the services it is going to provide.
For instance, a third party that is providing services that are critical to the delivery of the safety profile, maintenance, evaluation of the product (e.g. CRO, PV service provider, medical information provider, outsourced clinical services) will require greater vigilance than one that does not have a direct impact on the safety profile, maintenance or delivery of product and whose failure would not disturb clinical or PV operations. In between these two extremes are suppliers posing a ‘significant’ if not critical risk, in that their failure could disrupt the business.
Once the new partner has been classified, the associated risk level must be assessed through a process of due diligence. The objective here is to gather and review all relevant information to facilitate an informed, risk-based decision as to whether your organisation should enter into a contractual relationship. Performing an audit or risk-based questionnaire on all critical and significant third parties is suggested best practice.
Extend the same vigilance throughout the lifecycle of the agreement
From a post-marketing perspective, under GVP Module IV.B.1. (Pharmacovigilance audit and its objective) there must be ongoing due diligence and assessment, alongside an audit program based on risk. This should reflect evolving factors such as changes to legislation and guidance, or a major reorganisation/restructuring of the PV system (e.g. following a merger/acquisition).
Everyone in the organisation should be aware of the vendors used so that if they become aware of any related developments, they can report them to safety/PVQA to investigate the potential risk of those changes.
All license holders should have all responsibilities clearly documented in an appropriate agreement, to avoid misunderstandings around relative responsibilities. Across the lifetime of the contract, it will be important to review any contractual changes made. Regular testing of the contact details to ensure they are still valid and correct are measures offers one simple way to uncover changes that may not have been identified otherwise through routine process.
8 actions to take
To stay on the right track with vendor management, follow these steps:
- Be proactive. This needs the buy-in from everyone – from business development and contract management, to marketing and beyond.
- Educate everyone concerned about the impact of all kinds of third-party suppliers and service partners on safety.
- Start the process for vendor selection due diligence before the contract is signed, and get the relevant safety team involved.
- Practise good, ongoing communication and open sharing of information - all paramount to a good third-party relationship.
- Conduct an ongoing review of potential risk factors, to ensure ongoing compliance – and maintain strong, consistent communication.
- Be clear in contracts, setting out respective responsibilities to ensure there is no misunderstanding of responsibilities around sharing changes to information.
- Be discerning. The VMS, like a good QMS, should reflect the given company’s own organisational complexity.
- Don’t assume everything is fine until told otherwise. Audits are not the definitive solution to effective vendor monitoring and management. Foster good relationships with relevant third parties, and keep re-evaluating them.