1 / 20

Building a Culture of Compliance and Risk Management

Building a Culture of Compliance and Risk Management. Geoffrey Levitt Chief Counsel, Regulatory and Research. August 26, 2005. Compliance. Compliance With What? Law and regulation Good manufacturing practices Agency expectations Internal rules How Is Compliance Achieved?

kerry
Download Presentation

Building a Culture of Compliance and Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building a Culture of Compliance and Risk Management Geoffrey Levitt Chief Counsel, Regulatory and Research August 26, 2005

  2. Compliance • Compliance With What? • Law and regulation • Good manufacturing practices • Agency expectations • Internal rules • How Is Compliance Achieved? • Setting expectations • Measuring attainment • Enforcing compliance

  3. Compliance: Ultimate Goals • Patient Health • Quality Product • Adequate Supply • Regulatory Compliance • Pass inspections • Stay out of trouble • Business Success • Sell product • Make money

  4. Risk Management • What “Risks” Are We “Managing”? • How do we assess risks? • How do we compare risks? • How do those assessments and comparisons guide our behavior? • What Does Risk Management Have To Do With Compliance?

  5. Basic Rules: FDA GMP Requirements • Food, Drug, and Cosmetic Act: 1938: Safety • Factory Inspections • Legal Authority for GMP Requirements: 1962 • Major GMP Regulations: 1978 • Major Court Test: 1993 • Risk-Based Quality Initiative: 2002 • Tension: Compliance vs. Flexibility

  6. Principles • Purpose: “Assure that all members of the drug industry are made aware of the level of performance expected of them to be in compliance with the act.” • Goals: • General enough to be suitable for essentially all drugs; • Flexible enough to allow sound judgment and innovation; • Explicit enough to provide clear understanding of the rules • Approach: Describe what needs to be done, provide latitude as to how.

  7. FDA Enforcement: Modern Era • Sea change: regulators (pre-1990) to enforcers • NAFs and Reg Letters replaced by the Warning Letter (1991) • Explicit notice of violation and threat of regulatory action without further notice • Barr Case (March 1993) • Aggressive FDA vs. combative company • Negotiations break down; Barr pre-empts • FDA strikes back; PI to shut Barr down • Surprise: FDA Wins! • GMPs are what FDA says they are • Courts will enforce • Lesson: Don’t Take FDA On Over GMPs

  8. Consent Decrees: Features • Responsible Individuals Named • Additional Inspection Authority • Enhanced Powers: Recall, Shutdown • Outside Auditor - Reports and Certification • Timelines With Financial Penalties • Contempt Penalties • Disgorgement (Optional) • A Private Regulatory “Micro-Regime” for Company

  9. Beyond The Enforcement Model: A Risk-Based Approach • Concerns About The Enforcement Model: • Stifling innovation • Misallocating FDA and industry resources • Solution: Calibrate Compliance Intensity Based On Risk Factors • Complexity of product/process • Lack of defined process variables • Potential impact of an error on product quality • Public health impact • Manufacturer’s compliance status

  10. Beyond The Enforcement Model: A Risk-Based Approach • Focus On The Patient • View quality elements from perspective of ultimate goal: ensure safe, effective, pure product for the patient • Guides how expectations are set (regulations and requirements) and how compliance is checked (audits and inspections) • Significance of process issues is measured against health impact, medical need, and product availability • Sets a framework that encourages technological advances • FDA inspections are targeted and focused based on inherent risk of product and process steps as well as compliance status

  11. Culture of Compliance • What Does It Mean In A Risk-Based Environment? • Good information • Balanced communication • Effective analysis: root cause of problems • Risk assessment • Corrective action • Evaluation

  12. Managing A Compliance Culture • Demonstrated Senior Management Commitment • Establish explicit plans, goals, objectives • Put resources into quality and compliance • Align metrics with quality and compliance • Participate actively in designing and overseeing quality and compliance • Create an appropriate management structure with clear lines of responsibility • Actively seek out and act upon quality/compliance information

  13. Policies and Plans • Robust Structure of Written Policies, Standards, SOPs • Built on explicit quality objectives • Align Quality Objectives With Business And Manufacturing Priorities • Reduce complexity • Decrease variability • Be Specific • “Design processes to ensure real-time release of quality product” • “Use electronic batch records” • “Reduce number of SOPs”

  14. Training • Systematic And Structured • Needs assessment • Training curricula • Testing and certification • Documented • Comprehensive • Policies and procedures • Regulatory requirements • Job functions • Work culture

  15. Audits • How Often and How Deep? • Complexity of the process • Complexity of the product • Compliance status and history • Experience • Major product/facility changes • For Regulators As Well As Regulated

  16. Corrective Action • Adequate Information • Periodic reports • Manufacturing/lab investigations • Customer complaints • Internal audits • Agency inspections • Effective Follow-up • Investigate • Correct • Evaluate effectiveness

  17. Safety Valves • Robust Investigative Capability • Adequately resourced • Plugged in to management • Compliance Hot Line • Publicized • Anonymous • No retaliation • Vigorous follow-up

  18. What About Risk Management? • System for assessing vulnerabilities: chances of a problem X severity of consequences • Health • Compliance • Supply • Business • System Effectiveness • Right resources • Right questions • Right information

  19. Risk-Based Compliance: Outcomes • Better, more informed risk decisions • Better relationship with regulators • Put compliance resources where most needed

More Related