Implementing compliance regulations can be a costly and time-consuming process. NNIT’s Bjarne Wiboe explains how his team created an ERP system where compliance can be achieved cost-effectively and without risks.

Compliance is in place for a reason; to ensure safe products and the well being of the consumer. Not living up to regulatory requirements can mean significant financial and reputation risks for a pharmaceutical company, such as heavy fines, successful products pulled from the shelves, negative customer perception and delays in the release of new products.

Yet achieving compliance with rigorous documentation of validation activities can be time-consuming, expensive and a significant resource drain. The challenge is how to achieve compliance in a way that reduces risks cost-effectively. For computer systems, part of the answer lies in validation-ready software packages. Using a qualified system with validation-ready documentation, along with a certified IT vendor, is the most efficient and cost-effective way to achieve compliance.

Pre-validation and vendor certification

Forming the backbone of many companies’ operations, an enterprise resource planning (ERP) system is an ideal example of an IT system where qualification can be applied. Most ERP solutions are not specifically geared towards the unique aspects of the life sciences industry, and some ERP vendors may lack knowledge and experience specific to life sciences. However, two trends are evolving that will set a new industry standard: one is providing built-in validation documentation and functionalities in ERP solutions geared towards life sciences; the other is certification of IT vendors to ensure optimal installation of these solutions. Together, these trends give life sciences companies more flexibility and security when achieving compliance.

Case study: Microsoft Axapta for Life Sciences

NNIT’s senior compliance consultant, Bjarne Wiboe, was put in charge of developing an ERP partner certification programme and creating the pre-validation package for the ERP software (Microsoft’s Axapta for Life Sciences). The task was to establish a process that addressed the functional and compliance needs of pharmaceutical companies, as well as the needs of the IT vendors implementing the solution.

To create this platform, Wiboe and his team first looked at the original objectives and development methodology of Axapta to decide which qualification activities were required. The next step was to ensure that the functionality of Axapta was in compliance with GMP requirements. From there, the required changes were implemented by adding key life sciences-specific functionalities, the most important of which was the electronic signature to comply with the FDA’s 21 CFR Part 11 regulations. Parts of Axapta’s configurable standard functionality were eliminated to ensure the right level of control over key processes.

A testing plan was developed for the functionality to make sure it worked accordingly. A key element was establishing the qualification documentation, a task that life sciences manufacturers have often paid huge amounts of money to have validation consultants perform. The team then introduced e-signatures to eliminate the need for batch records on paper. The European Medicines Agency (EMEA) and the FDA have allowed the use of electronic signatures, which makes compliance faster and easier. More ERP systems will benefit from having electronic signatures built in. Some companies may be reluctant to switch to e-signature because of the work and investment involved. But e-signature saves time and resources, and enables more data accuracy, better tools for analysing data and faster data registration and handling. All these benefits can easily offset the costs of switching.

Tougher partner certification

Once Microsoft had created their new offering with specific life sciences functionalities, it was necessary to make sure that Microsoft Axapta partners had the necessary skills to implement Axapta for Life Sciences, which included the ability to customise, configure and conduct maintenance in compliance with rules and regulations. The result was the Certification Programme for Axapta for Life Sciences partners. Companies can use this as a tool for choosing a qualified, competent IT vendor.

Many IT vendors do not have experience in life sciences and need additional capabilities to support quality management and validation requirements. A logical three-step approach to creating the certification programme was chosen. First, create a certification standard based on the regulatory requirements for QM and validation requirements. Second, create an audit process of IT vendors looking to become certified. Third, create a validation package to train vendors in validation.

The certification standard is based on rules and regulations for computer systems from the EMEA and FDA, as well as industry guidelines on achievement of compliance, such as GAMP4. These regulations only aim to establish general principles and are not detailed. So Wiboe’s team created a certification standard that was specific to Microsoft Axapta. It explains the purpose and context for every requirement and provides specific requirement needs, including checklists. They also addressed issues beyond just hardware and software, considering processes and personnel issues and establishing appropriate guidelines.

Some vendors are highly skilled in life sciences solutions while others are less so. A programme had to be created that would result in a strong certification. The first two steps are the most important: the on-site audit based on the certification standard whereby vendors are assessed on 126 detailed topics and the remedy phase closing the gaps on non-compliant points. This varies from vendor to vendor. If a vendor has much to learn, the audit report gives an overview and a detailed account of all non-compliant points, and recommendations on how processes can be improved. Vendors are assisted in understanding what they need to do. This is then followed by a final assessment. If only minor changes are needed, these can be assessed remotely. For major changes, a new on-site audit is performed. If successful, the certificate is issued. This is a Microsoft/NNIT certificate, combining the stamp of approval from the technology provider and the industry-experienced programme developer. Similar to the original audit, an annual re-certification takes place. This is an on-site assessment where the vendor’s deliveries are checked throughout the year to make sure they are still following their own procedures established during the programme.

As a part of the certification programme, a validation package was created to provide the right level of training, ensuring that vendors have the necessary implementation skills. It includes guidelines that explain how to install a validated system, with templates for the 15 most important validation documents and a two-day training course divided into two parts. The validation package also provides IT vendors with guidelines and tools that help them operate professionally in life sciences.

Benefits for life sciences

For life sciences companies, there are many benefits in using certified vendors: a certified vendor offers a faster, smoother implementation of the IT solution. This helps life sciences companies to reach their end goal more efficiently, giving them the functionality and level of documentation needed. Companies will spend less time and money on regulatory requirements and there will be no need for costly and time-consuming independent vendor audits, so they can focus on running their businesses. They will also have the security of using a qualified IT vendor who understands the industry. Their systems will be configured, implemented and maintained properly, resulting in greater ROI and guaranteed compliance.

Certification is the future for life sciences. Companies will gain flexibility, scalability, greater control over all processes and better quality data, resulting in safer products and faster approvals from regulatory authorities. A good example is the Parental Drug Association, which launched an initiative to standardise audit processes and audit reporting. Well-implemented certification programmes can create more consistent assessments to serve this type of initiative. Vendor audits vary in quality, but strict certification standards can help raise the bar for audit standards industry-wide. end

Benefits of using certified vendors include:

  • Efficient implementation of the IT solution
  • Reduced time and money spent in meeting regulatory requirements
  • Security of a qualified IT vendor