USDM Life Sciences: August 2017

Monday, August 21, 2017

Top 5 Ways to be Successful with Salesforce and GxP

Notes from a Lonely Life Sciences Digital Transformation Junkie (A.K.A Bryan Coddington)

Salesforce is an amazing platform that has remained one of the most innovative and disruptive technologies since its inception in 1999. Along with CRM, customers are finding new ways to extend the platform throughout their organizations to take advantage of its powerful feature-set, such as collaboration, workflow, mobile, and reporting – to name a few.

Using Salesforce for GxP applications is a relatively new and exciting area for Life Sciences professionals. For compliance reasons, users tend to be more cautious because they are relying on someone outside of their organization to provide and maintain elements of the application. We are committed to helping people successfully and compliantly move to the cloud, optimize their processes, and digitally transform their businesses. Here are 5 tips I’ve found lead to success when using Salesforce for GxP:

1. Qualify the platform: Salesforce, as a cloud vendor, is responsible for various compliance elements such as change control, audit history, and software development SOPs. As a customer, you are responsible for obtaining proof of these procedures. Depending on your own compliance requirements, this may require an onsite audit. You are also required to test and document the core features of the Salesforce platform such as security, permissions, object/field configuration, audit history tracking, and many others. Sound daunting? It can be if you haven’t done it before. The good news is that if it’s done correctly, the Salesforce platform qualification creates a baseline for incredibly powerful, user-friendly GxP applications that are available to purchase or can be created to your exact requirements.

2. Have a process for the 3-releases per year: Every year Salesforce releases new versions in the spring, summer, and winter. Along with these releases come enhancements, fixes, and new features that make the system better than before. These releases are not voluntary and are pushed out on a schedule (check it out here: //trust.salesforce.com). The majority of changes are not GxP, but some are, and require testing and documentation. To best prepare for these releases, you can obtain the release notes as soon as they come out, evaluate each change to determine GxP risk, and then test and document accordingly. Having documentation that is not up to date with the latest Salesforce release will take you out of compliance if there’s a GxP element that YOU haven’t proven to work as expected.

3. Don’t just put your existing process in Salesforce: Taking your as-is process and moving it over to Salesforce without changing anything is easy, but it’s not the best way to go. The fact that you’re selecting a new technology and platform makes it the perfect time to update and optimize your process. Perhaps your process was developed 5-10 years ago, or even a few years ago, and at the time was the best way to do things. Now your business has changed, new guidelines are being enforced, new people and skill sets have entered your organization, and the Salesforce platform has tool and capabilities that you haven’t had access to. Make sure to take the time to identify areas that need improving or can take advantage of additional workflow, collaboration, mobile, and real-time reporting.

4. Start with 1 or 2 GxP processes at a time: Salesforce is powerful and flexible enough to do almost anything or integrate with any other system. The key is to focus on 1 or 2 high priority items such as QMS, doc control, or even just pieces of these larger applications. Configuration of Salesforce can happen quickly but really developing the solution, having the right user-interface development, possible integrations, and training, takes time. Don’t try to do it all at once. For medical device, perhaps start with a product registration process. For clinical, perhaps optimizing sites evaluation. Once you have built and validated a few processes, you can quickly add more and with that, add incredible value and ROI to your organization.

5. Have a centralized governance team for all things Salesforce GxP: The fun thing about Salesforce is once you get those first few apps released, word is going to spread and more users are going to want it for their teams. Because it’s GxP, more rigor is required to properly document requirements, test the end-use, and approve the final product. These can pile up and remain in a “draft-state” if there’s not a team dedicated to their completion. Also with Salesforce, more and more teams and processes are going to be in the same system. This lends itself to sharing common objects and workflow, which requires a team with awareness and visibility to the entire system. Otherwise, you have multiple groups in there duplicating efforts or worse, breaking things or erroneously changing settings that negatively affect other users. Right from the get-go, this governing body or “Center of Salesforce GxP Excellence,” can establish SOPs and maintenance schedules, and create a living, breathing roadmap to bring on new processes and users.

Until next time!

About the Author

Bryan Coddington is the Vice President of Cloud Technology at USDM Life Sciences. For almost a decade, Bryan has been a senior executive in the Cloud space with in-depth knowledge of sales, marketing, and service and support processes and best practices, helping companies maximize their investment in cloud-based CRM applications.

About USDM Life Sciences

USDM Life Sciences is a global life science and healthcare services company, providing strategy and compliant technology solutions to regulated industries. If you work in Life Sciences or Healthcare, partnering with USDM Life Sciences makes it easy to accelerate innovation and maximize productivity. USDM Life Sciences only focuses on regulated industries and has built trusted partnerships with the most innovative technology companies in the world, and boast a staff of industry leading experts in the areas of technology and compliance.

Thursday, August 10, 2017

The UDI Database Rodeo…Time to Ride!

by Jay Crowley

As I mentioned in my last post, I believe our goal of a “globally harmonized” approach to UDI appears to be on a path to relative success. Though not our intent in developing the Global Harmonization Task Force (GHTF) and International Medical Device Regulators Forum (IMDRF) UDI guidance documents, the majority of the EU Medical Device Regulations (MDR)/In Vitro Diagnostic Regulations (IVDR) UDI System requirements are literally copied and pasted from the IMDRF guidance document (please send an email to usdm@usdm.com if you would like a copy of the comparison). More importantly, other regulators have also committed to following the principles in these guidance documents. So maybe a word of caution to other regulators: these documents provide “guiding principles” that need to be incorporated into the appropriate regulatory framework. They are not intended to be out-of-the-box regulatory text.

The one area where we do see (necessary) diversion is in the UDI Databases. Each country or regulator manages the regulation of devices differently – and, in many cases, has different (or additional) purposes for UDI. For example, in the US, we are focused on identifying a device through distribution and use to facilitate more accurate adverse event reporting; reducing medical errors; documenting device use in, for example, electronic health records; improving post market surveillance; better recall management; and helping to address counterfeiting and diversion. The EU system is also intended, for example, to “…improve purchasing, waste disposal policies and stock-management by health institutions.” Those needs necessarily require certain (additional) data attributes to be provided.

To “borrow” a phrase from my friend Dennis Black, what we are seeing now is an exponential growth in the data (the “attribute rodeo”) that is required for each UDI Database. For example, although there are 17 data attributes that appear to be common between the Global UDI Database (GUDID) and the European Database of Medical Devices (Eudamed), close to half may need to be provided differently to Eudamed than they are to GUDID. Eudamed also has 10 additional data attributes that are not in GUDID (GUDID has about 15 that are not in Eudamed). Moreover, there are likely to be at least 6 data attributes in Eudamed that will need to be translated (and submitted) into the 24 official languages of the EU. And all that data will need to be created, stored, submitted, updated and managed over the life-cycle of the device. You do the math…

About the Author

Jay Crowley is the Vice President of the UDI Services and Solutions at USDM Life Sciences. Jay was most recently Senior Advisor for Patient Safety in the Food and Drug Administration’s Center for Devices and Radiological Health. Jay developed the framework and authored key requirements for FDA’s Unique Device Identification system.

About USDM Life Sciences

Wednesday, August 9, 2017

Are You Prepared for Your Next Customer Audit?

by Bob Lucchesi

Welcome to my first in a series of auditing blogs. I hope you find them interesting, useful, and sometimes entertaining, because if you are like me, I am bombarded with information surrounding the Life Sciences industry and I am always seeking relevant information to aid in my career. First, allow me to introduce myself. I am a long-time consultant who has spent the majority of his life helping customers with a variety of both complicated and not-so-complicated problems and issues in the areas of compliance, regulatory, validation, and all things Pharmaceutical, Medical Device, and Biotech. I also play in a rock cover band, and have been doing so for years. My broad-based background, keen insight into industry trends, the variety of clients I have worked with, and my reputation in the industry should hopefully serve well to ensure that what I am saying is real, relevant, and most critical – important to you! I like to weave stories into my blogs, so I hope you enjoy and welcome to my world.

…

The American Society for Quality (ASQ) defines an audit as “…the on-site verification activity, such as inspection or examination, of a process or quality system, to ensure compliance to requirements. An audit can apply to an entire organization or might be specific to a function, process, or production step.” I define it as a pain in the behind, but lo and behold, there are ways to prepare for these audits to make them as painless and efficient as possible. Statistically speaking, I have found that over 90% of my audits contain some type of failure. So even the best preparation will probably not prevent a completely “clean” audit, but it should significantly reduce the number of findings. And to be clear, these findings are typically not “show stoppers.” Over the past 6 years, I have only had 3 audits where the findings were critical enough to cause my client to cease from using that vendor’s services. And to be even clearer, I am NOT one to use a checklist and then consider the number of findings as the basis of a good audit. I have had a few audits with absolutely no findings or recommendations.

That said, the first thing you need to do to prepare for an audit is get your own house in order well before audit requests come flooding in. If you have recently added a functionality to your core business and it’s aligned with your sales and marketing activities, then there is a good chance you will be hosting audits for those customers that will be using these new services. But along with this is the simple fact that you will most likely be audited by your current customer base. Pretty obvious, right? You should already know this based upon experience and history. But as your customers evolve into more mature external qualification programs, there will be an increasing number of audit requests. I dealt with one client who made one simple change to their portfolio that caused an increase of vendor qualifications by over 60%! If you have a history of audits from one particular customer, look at their frequency. If they are on a two-year cycle, then there is a good chance you will continue to be audited every two years. Sounds simple, right? But you will be surprised how many firms I contact requesting an audit that are shocked to hear from me! Why? Because they are either not prepared, or there is someone new in that position. Since 2010, the turnover rate for the Life Sciences sector–quality, in particular–has jumped about 6% to a staggering 19%! If you are new to your position and responsible for hosting audits, then please do your research when you are hired. Know what to expect for the upcoming year.

The other most glaring area that I see that results in unprepared audits concerns the agenda. I recently sent out an agenda to a vendor requesting very specific items, including a list of documents for me to review. Upon arrival, there were no documents staged and the host took all morning to find what I requested. Finally, at noon, I gave up and informed the auditee that I was coming back the following morning, and proceeded to write several things I needed to see on the white board. I told the person that if I did not have these when I came in, that I would recommend to my client that they stop using their services because they failed to comply. When I came in the next morning, there was a stack of documentation on the table. Apparently, the host spent the entire night gathering this, which could have been avoided by taking the agenda seriously! So do yourself a favor and pay attention to the agenda. Don’t think that what YOU want to give an auditor is what THEY want.

Other areas of preparation include conducting internal or mock audits, research everything pertaining to your customer (recent complaints, history of purchases, interactions with other departments), and notifying other departments of the audit. This last one always fascinates me in that so many times I ask to speak to other departments (environmental monitoring, laboratory, warehouse, and others), and the personnel seem surprised that they have to answer questions from an auditor. A trick I always use with my customers is to have a flip chart or white board available in the conference room, and write down everything I need to see that day. If this is done fairly early on in the process, then affected departments can be notified and ready by early afternoon. Trust me, this works! And it keeps the auditee and the auditor on the same page. I really do not like keeping people from their jobs and keeping them after hours. The worst part of an unprepared audit is to review the action items at the end of the day and realize that you still need to provide a litany of items! Don’t be that auditee!

OK, I’ve kept you from your job long enough…More next time!

About the Author

Bob Lucchesi is the Vice President of Global Regulatory Compliance, Quality Assurance and Auditing at USDM Life Sciences. Bob offers nearly 30 years of experience in quality assurance and regulatory compliance in pharmaceuticals, bio-tech, medical device, engineering and nuclear industries. Bob has led audit teams for Quality, mock FDA, policies and procedures, Part 11, NIST, supplier-vendor (internal, external, sterile, non-sterile, manufacturing, logistics), mock recalls, and major life sciences assessments. Bob is also an expert in risk based validation methodologies, GAMP, enterprise content management, data and content migrations as well as overall pharmaceutical and medical device regulatory issues.

About USDM Life Sciences

We Won the Battle – But What About the War? The Next (BIG) Challenge for a Globally Harmonized UDI System

by Jay Crowley

As I mentioned in my last post, we were focused not only on developing a US UDI System, but maybe more importantly on a globally harmonized approach to UDI. There were a number of reasons for this; the first, and hopefully obvious one, is that a global UDI would allow all to have visibility across the global supply chain and be better able to share data among regulators about the safe and effective use of devices and, for example, be able to identify problems more quickly or address recalls across borders. Moreover, the device industry often labels and packages a single product for many (most/all) markets. And – unlike the pharma industry – we did not want (nor did we think we could afford) to have “national” or regional labels/packages (which would be required if there was national/regional device identifiers). Therefore, a “global” UDI – one that could be put on the labels and packages of devices and used anywhere in the world that UDI was required – was a paramount concern during the development of UDI.

Among the many activities undertaken to support this, including many bilateral discussions between FDA and other regulators, was the development of first the Global Harmonization Task Force (GHTF) and then the International Medical Device Regulators Forum (IMDRF) UDI guidance documents (see here and here). The goal of these documents, as stated in the Introduction, is to “… [provide] a framework for those regulatory authorities that intend to develop their UDI Systems that achieves a globally harmonized approach to the UDI.” To a VERY large extent, the US FDA UDI System regulation, as well as the recently published EU MDR/IVDR UDI System requirements, follow the guiding principles in these documents. Other regulators (e.g., Canada, Taiwan, Saudi Arabia) who have indicated a desire to develop their own UDI requirements have also indicated their willingness to follow these guidance documents.

So, from an identifier and label/package perspective, we can see that the goal of these guidance documents has largely been realized. With some (mostly) minor differences, we should be able to assign device identifiers to labels/packages and use that to meet global device identification requirements. The rules for assignment, changes, and construct are also largely aligned. What is NOT aligned, however, is the data that each country/regulator will want associated with each device identifier. Each country/regulator regulates devices differently and has different purposes for UDI, and therefore has specific (and different) national data needs. This means the new (and exponentially more complicated) challenge for the device industry is understating how to develop and maintain the ever-increasing (and different) data set associated with a single product distributed in multiple markets. More on master data management and UDI databases next time…

About the Author

About USDM Life Sciences

The Evolving Global UDI Landscape

by Jay Crowley

It is hard to imagine that, what I started in 2002 as an idea to better identify the specific medical devices potentially involved in adverse events, has – over the past nearly 15 years – become the globally recognized and accepted concept of Unique Device Identification – or UDI. The term and concept did not exist before this point. There were of course other concerns to address – the better identification of devices subject to a recall, availability of devices for public health emergency response, supporting anti-counterfeiting efforts, and the need to identify devices specifically in the emerging Medical Device Epidemiologic Network (MDEpiNet). But the beginning was focused on knowing specifically which device was potentially involved in an event – and having quality information about the manufacturer and the brand name – and other important information – such as how the device was on the market (e.g., its 510k or PMA number). It is hard to imagine now that we didn’t have this already.

And now looking back – it is amazing what the past 15 years has brought us. A bit more than a decade was spent working with the vast number of stakeholders to understand how UDI (and GUDID) could work and what could be its benefits – and developing what is now the UDI regulation and its associated Global UDI Database (GUDID). And though we all thought that we understood a lot – in reality, that was just the beginning. Since the publication of the final rule on September 24, 2013 – we have, sometimes painfully, continued to learn and evolve our understanding of both UDI and how it could or should work for the VERY broad (and diverse) array of medical products regulated as devices (including combination products and HCT/Ps) – and, more maybe interestingly, to address the myriad of issues that, while not directly related to UDI, sometimes significantly affect how UDI can or should be implemented.

We also realized very early on that the ultimate objective was not a US based UDI system (as we have for example with pharmaceutical products with the NDC) – but rather a GLOBAL system that allowed us to have visibility across the global supply chain and be able to easily share data about the safe and effective use of devices globally. And now we are starting to realize that vision – we have the EU MDR/IVDR and its UDI requirements – as well as many other countries and regulators looking to leverage UDI to address a host of other safety, cost, and access issues. In subsequent posts we will address both the specific (e.g., labeler, accessories, kits) and the broad (master data management, GUDID, global regulatory convergence/harmonization). We look forward to the conversation and welcome any feedback or thoughts about topics.

About the Author

About USDM Life Sciences