Quality and Regulatory Alignment for Audit Readiness

Full transcript below:

Wendy Levine

Welcome to today’s webinar, exploring “Quality and Regulatory Alignment for Audit Readiness.” I’m Wendy Levine here at Rimsys and I’ll be moderating the session today.

Before we get started, I just have some quick housekeeping items. We will be recording today’s session and we’ll send a link to the recording as well as a copy of the slides to everyone who has registered.

We have a lot of people online with us today. If you’d like to take a minute to let us know where you’re joining us from, you can use the chat feature that’s in your webinar toolbar there. Please feel free to do that now and throughout the presentation if you need to talk to me, or you have any technical issues, please feel free to use chat.

We are going to encourage you to ask questions through using the Q & A function. So if you have questions for our panelists, which we will get to mostly at the end of the session, please use the Q & A function to submit those questions and we will get to as many of those as we possibly can.

We have two great presenters for you today: Christine Pompa from Arena, and Bruce McKean from Rimsys. Christine is a Customer Success Coach with Arena and has over 30 years of experience in industrial medical aerospace, food service, and startup environments, responsible for both manufacturing and quality. Christine has a passion for building processes from scratch and making things better, faster, and more controlled. So we’re really excited to have her joining us today.

Bruce is the Director of Regulatory here at Rimsys. He has more than 25 years of experience as a regulatory professional in the medical device industry, specializing in quality and regulatory compliance, design controls, and quality and regulatory related mergers and acquisitions. During his career, Bruce has been focused on implementing and maintaining design controls, product submissions, quality management systems, internal to his company and for newly acquired companies, and also performing quality and regulatory due diligence audits on target companies.

Today we are going to take just a second to let Christine and Bruce introduce Arena and Rimsys to you. To get started, we’re going to talk a little bit about the types of audits we’re going to address and then dig into leveraging QMS features to be audit ready, get yourselves audit ready, and also the role of regulatory teams in audit. We’re going to cover some audit best practices. And then we will leave time at the end for questions and answers. All right, so I see that someone has requested closed captioning also. I’m going to try to get that turned on as we get started here. I apologize for that.

All right. Christine, I’m going to hand it over to you, let you introduce Arena and then we’ll go to Bruce. He can introduce Rimsys.

Christine Pompa

Awesome, thank you so much Wendy. So, Arena is a cloud-native system that controls product lifecycle as well as your quality processes. So you can really focus on driving continuous improvement throughout your organization. Our solution connects product development and quality processes in one platform so everyone can understand how these functions work together.
Since all of your data is in one place, it’s really easy for teams to collaborate. Since everyone has the same access to the same information, you can manage all of the quality activity related to your product in one validated solution.

Now, Arena supports compliance with FDA, ISO, European, and other international regulations. It’s business ready and has a proven, low risk implementation. It is extremely configurable without having to learn custom code and do any programming. I like to think if I can do it, anyone can.

We also have built-in analytics to help report out metrics to key stakeholders and Arena is really well integrated with other platforms such as CAD programs and ERP systems. Think about Arena as being the total package for your engineering, manufacturing, and quality teams to take your product from inception all the way through to end of life. Now, looking at the image on the right, each circle represents a module in Arena, and the beauty of it is they are all connected.

I’ve been using Arena for about 10 years and after implementing it twice, I can tell you it’s a real game changer for businesses to create and have better audit results and make them run more smoothly. Now I’ll hand it off to Bruce to talk a little bit about Rimsys.

Bruce McKean

Okay, thank you Christine. Rimsys, we are one of the first RIM solutions regulatory information management solutions dedicated to the med-tech industry. We’re a system, a SaaS-based system that’s been created by regulatory professionals for regulatory professionals. We take a very product-centric approach that brings all the regulatory deliverables and items together to form a holistic solution around your product. We automate and we standardize regulatory workflows, so it really takes away a lot of that administrative burden that regulatory professionals are struggling with. And really takes away that task and allows the regulatory professional to really focus on the actual regulatory work.

We’re really trying to get rid of those spreadsheets, those color-coded spreadsheets that you’re trying to maintain to understand where my products are registered and when they expire. As well as all that searching for regulatory documents that, based on my experience, is pretty much all over the company in different file cabinets, different SharePoints within your PLM systems, and really bringing all that information in to our system so the regulatory professionals can do their jobs more effectively.

We have many modules within our system. They’re all connected, like product registration submissions, UDI, creation of essential principles, and standards management. We also have the ability, similar to Arena, to be able to link to other systems within your quality management system, like a PLM system, also with your ERP system. We have the ability to control selling status and really provide detailed reports and the overall status of your products, their overall state when it comes to a registration. Whether they’re expired or active. And be able to really produce a lot of reports in regards to workflow management, resourcing in regards to all the upcoming work that needs to be managed by the regulatory teams.

And from here, I’d like to go to the next slide, and, really, the topic of what we’re trying to cover here today is audits and audit readiness.

Based on my experience in my career, I’ve had a lot of experience in audits, hosting audits, and actually working in front rooms, back rooms, whether that be FDA inspections, surveillance audits, or internal quality audits. For this presentation today, we’re really going to focus on the external audits. Those being the regulatory authority inspections, unannounced audits, your typical certification, surveillance audits. And we really won’t be going into audits that are related to third party, like customer or supplier audits and internal quality audits.

Wendy Levine

All right, thank you guys. We wanted to start, before we dig into the details of the presentation, with a poll question: Who is responsible at your organization for audits? The quality team, the regulatory team, or is that typically shared responsibility between those? And I am going to launch this poll here.

You should be able to see that on your screen and answer. We’ll show you the results in just one second. We’ll give everyone just a minute to answer those.

All right. And I know, Bruce and Christine, this isn’t always just, usually, not completely black and white, but I think in some companies, one department takes more of the responsibility than the other.

And it looks like … let me share the results here. So you should be able to see those results now on 34% quality team, 9% regulatory team, and 57% sharing the responsibilities. Did you guys want to comment on that before we move on to the rest of the presentation?

Christine Pompa

I think that is pretty standard where it’s either the quality team or a shared. I think the regulatory might get into as you get into more of a registration or regulatory FDA audit. Bruce, what do you think?

Bruce McKean
Yeah, I’m not too surprised by the results. I thought maybe the quality team would be a little bit more, just based on my experience.

But yeah. And like we’ll talk about in our presentation, I typically see the quality and regulatory teams go hand in hand and help each other out. And by default, we’re typically the ones that are responsible for ensuring that these audits run smoothly, and our overall goal is to complete the audit without any nonconformances, and it’s really a joint effort in ensuring that.

Wendy Levine
All right, let’s move on. We’re going to talk about, first, the role of quality teams in audit preparation. Christine, I’m going to hand it over to you here.

Christine Pompa

Awesome. I’ve been participating in audits for the past 30 years, and I know firsthand they can be stressful, anxiety filled, and nerve-wracking, but over the years after moving to Arena as an eQMS system, I’ve learned that they can also be satisfying. And I think by the end of this presentation you’ll agree that moving to an eQMS will allow you to be more organized and have less stress as you move throughout your audit.

Now, think about the old days. The auditor would ask for documents and records and everyone scrambled to run around like chickens with their head cut off looking for documents in books, file cabinets, people’s desks, and what would the auditor do? They would just sit and wait and wait and wait. Now imagine a world where you can find everything you need in a few clicks of the mouse. If you structure your data correctly, you will be able to amaze auditors by managing and navigating through your system at lightning speed.

Now, they’re going to ask you for your quality documents, your manual, your policy, your org chart, procedures. If you link them all together, you can pull them up all at once and have easy access to everything.

Now, auditors love to see audit results. If you categorize them correctly and store the reports in your eQMS, you can be able to pull up as many as you like and have the auditors pick and choose which ones they want to review.

Now, how about training? Keeping training plans and records in your system allows you to show the auditor exactly what’s required to have someone become trained and to show evidence that the users are actually trained. Now, some systems like Arena actually allow you to quiz users on the training content to take it even a step further.

Next slide, please. Let’s talk design controls and product launches. They’re really hard to document.

In an eQMS though, you can create templates and have scheduled reviews and gates that move from one phase to the other. Now these templates can be actually linked to released items when the design is complete. Think easy access—you can pull up your item and have your quality plan or have your design plan attached directly to it. In the middle box, one thing that always tripped me up was how do that. Your SOPs are up-to-date and accurate compared to what the operators are actually doing? You can get creative with your eQMS to have it prompt regular reviews and audits of these procedures to ensure full compliance.

To build on that, if you let your operators into your system so that they have read-only access, you can prove that your employees have the latest and greatest information at all times. Evidence of contractor review—that has been one thing that has plagued me for years. It is so hard to prove to an auditor that you’ve actually reviewed a customer’s contract.

Enter, eQMS. We created a template to build an approval process around contract review. We uploaded the order to the system, sent it around to quality, engineering, manufacturing, and sales, and we didn’t acknowledge the order until everyone accepted it as is. It was a huge win-win. Not only did the auditors love it, we made sound, good business decisions and only accepted the orders that we truly could manufacture and accept.

Purchasing and supply chain. Auditors always ask about your approved vendors, how do you evaluate their quality system? Why not store all of your records in your eQMS? That way you can pull up your self-evaluations, QMS certifications, supplier audits, all under the specific approved vendor.

Now, thinking about what we talked about before, not only is it important that you share the latest and greatest information with your employees, it is critical that you share it with your vendors as well. Allowing your vendors into your eQMS system with secure and controlled access will show your auditors that you have open collaboration with them. Not to mention that the product you receive in will be exactly what you want, per your specification.

Now let’s talk about calibration and preventive maintenance. How often did we have to walk all the way down to the maintenance shop to get the book that has all of the information we need, to prove that our equipment was calibrated, up-to-date, maintained properly, et cetera? If you control your equipment and the corresponding records right in your eQMS, that all goes away. Now, nonconforming material and corrective action go hand in hand. Imagine yourself on your shop floor, in your MRB area, being able to pull up your NCMR for a particular nonconforming product, straightaway. Rather than having to go to the quality department to get it. Taking it one step further, if you link your corrective action to your NCMR, you now have one-stop shopping to show all of the action taken to resolve that discrepant material.

Next slide, please. Now, my FDA and med device friends, you are very familiar with the device master record, which drives the device history record. I used my eQMS to build out exactly what the DMR consists of, so that there was no question on what needed to be included in the DHR. It was a really beneficial thing for me to have it all located there so that you knew exactly what was needed. Next slide, please.

Some bonus items. Now, let’s think about customer complaints. If you have customer complaints documented in your eQMS, you can tie them directly to your corrective action system.
So you have a closed loop solution on getting that problem solved. We talked a little bit about supplier audits earlier, but imagine tracking corrective actions that come from those audits right in your eQMS. Since your supplier has direct access into your system, why not assign the corrective actions right to them? Track corrective actions through your eQMS and close them out right there and then. Rather than having to email forms, get forms back, transfer information, et cetera.

Finally, service and maintenance procedures can also be controlled in your eQMS system and given to the auditors when asked. A lot of times these service and maintenance procedures can be forgotten and lost in the shuffle of a lot of what you’re doing as you move and refine and build your quality system.

To be perfectly honest, at the end of an audit, before we went electronic, I never felt like it went smoothly, and I was embarrassed that it took so long to get the information that we needed to our auditors in a timely fashion. Once we moved to an electronic QMS system, I was really proud of what the team accomplished. Everything seemed very much more organized, and it just seemed to go a lot smoother.
Arena was our saving grace to make our quality teams feel a lot more comfortable during our audits. Now, quality teams and regulatory teams both collaborate to make audits go smoother and to get better results. Like Bruce said, you never want a nonconformance. So using your eQMS to create that and to get that to come to fruition was really a game changer for us.

Wendy Levine

Thank you, Christine. We’re going to move on to discussing the role of the regulatory teams now in audit preparation, and I’ll hand it over to Bruce.

Bruce McKean

Thanks, Wendy. So what are the primary responsibilities of the regulatory team? Well, one, and like I previously stated before, that typically quality and regulatory go hand in hand.
And by default, we are the organization that is responsible for coordinating and hosting the different types of external audits. Basically, regulatory works with the quality team to implement and execute the audit procedures that have been established at your company. We’re really there to help and assist and understand the role each team will play.

In preparation, we really need to have it clear on who is going to be the audit host, perhaps who would be the scribe. And when I say scribe, who would be in the front room taking the notes of the audit? Who would also be involved in record and documentation prep? So really understanding the role that you play before these audits happen is one key aspect of being ready for these different audits.
And who takes on these roles? Again, it could be anyone in the company, but typically it’s in the responsibility of quality and regulatory to be able to take on these roles. From a regulatory standpoint, we’re really there to help quality and ensure that we have an efficient, successful audit. From a regulatory standpoint, other than actually working in the audit, conducting the audit, helping quality manage the audit. We’re also responsible for our element within the quality management system.

One big part of that is our market authorization, and we need to make sure that the records are up-to-date and readily accessible as needed. Again, based on my experience from a regulatory standpoint, this was a very difficult task and could take a lot of time to be able to ensure that we have accurate spreadsheets with all the right colors and that our registrations are still current and not expired.
And it was just very manual in keeping all these records. And one thing a RIM solution would provide, or does provide, is actually automating a lot of this to help you in regards to your audits.

But really what I’d like to focus on is some of these elements here. So, auditors want to look at your product and facility registrations. Again, making sure that they’re up-to-date and that you have registrations, licenses, DLCS in place for the various products that you distribute. They typically like to look at your distribution list from a ERP system, and then compare to ensure that we have actual records showing that you can place your device on that market and it’s still up-to-date.

Submission records. Based on my experience, typically, auditors don’t go into your submission records for the initial introduction of that product placing it on the market. Where they really like to go is they want to go and look at those sustaining changes. They want to see did you assess the regulatory impact that those changes may have on your products and on those registrations, and what actions do you need to take? They want to see that basically you’ve taken action or you have decisions made that you are not going to take action, and you have those justifications available to show that you’ve done your due diligence in assessing that impact.

They also like to look at your letters to file. And if you, let’s say in regards to FDA, you have a 510 but you have 50 letters files to that product, they may question, is this really the same device that was originally cleared? And would want to understand the rationale and justification where you have 50 or so letters to file and how can you justify as the same product? So that’s just something we need to look out for.

In regards to GSPs central principles. They want to look to see—are they being maintained? These, hopefully by everyone that’s on this call, know that these GSPs are very lengthy and can be very difficult to be able to maintain and keep up-to-date as things change.

Standards. Again, this is another area where standards are changing and have you actually done your due diligence of when a standard has changed? What is the impact that has to my product and to my registrations? So we want to make sure that we have records that we’ve assessed this. And then, based on that assessment, justifications of not doing something or actually going and implementing and seeing that objective evidence.

And then the other thing they like to also look at is quality agreements. Because from a regulatory standpoint, we typically outsource for different countries. Especially outside of the U.S., where we may outsource to an in-country sponsor that’s a third party, as well as we may outsource to a unit within our company if they’re part of a different organization within our company. In my experience, we have in-country market employees that were working, providing a service to a business within that same company. But they expect to see quality agreements around that activity, whether it be internal or external, outlining the roles and responsibilities of those activities.

And then of course, audit basic is your documentation, your procedures, SOPs, and are they in place? Are they current? Are people trained, and are people actually implementing those procedures?
Next slide. Here’s another gray area, and it would be another interesting poll question, is to really find out who has the responsibility within your organization for post-market surveillance. I’ve seen this go both ways where it’s the responsibility of quality or it could be the responsibility of regulatory. I’m seeing more and more a shift where this is now falling under the regulatory responsibility, especially with the introduction of MDR and IVDR.

One of the big areas that auditors like to focus on, because this really gives you a good sense of how your quality system is functioning, is around post-market surveillance and what are we doing in regards to post-market surveillance. In regards to collecting that information and doing different trends and taking different actions. Auditors typically want to see, especially now with MDR, they want to look at your post-market surveillance plans as well as your reports, including your periodic safety update reports. And what they want to look at and what we typically see is that this information, the reports are basically showing a lot of reactive information. And when I say reactive is that we’re taking steps to correct based on customer complaints. Rather than looking proactively at doing literature searches, looking at customer or competitor information that’s on the various government websites. Looking at customer feedback as well as social media and understanding what’s going on with our products out in the market. And then taking action to address those, prior to actually getting complaints or a adverse event happening on your product.

Proactively, we’re seeing what’s happening in the market and we’re taking action internally. So they’re really looking for not only that reactive piece, which is typically what you see in post-market surveillance, but what have you done from a proactive standpoint? And that should be detailed in your plans and, of course, the evidence within your reports. And then how does this all loop back to risk management? Are you updating your risk management based on the information you’re seeing from your post-market surveillance activities? They love adverse events. They love to look at adverse events to see—did you make a right decision on whether to report or not? Your HHEs, your health hazard evaluations. They sometimes want to challenge the decisions made on whether this is really an impact to the safety of patients and users. And based on the results of your HHE, do you have justification for not taking action? And is that justification backed up by engineering analysis, clinical analysis, to really support the decision made based on a situation with your product? And then for actions you do take, have those been reported and the ones you’ve classified as non-reportable, should those have been reported?

So these are all things that we really need to focus on when we’re being audited in regards to post-market surveillance. And then how all this information links back to your CAPA system risk management system, as well as management review. And again, ensuring that you have procedures for post-market surveillance, that current and team members are trained. Next slide.

Wendy Levine

Thank you, Bruce. I think we’re going to dig into some best practices now, and I think you have the first couple slides in there.

Bruce McKean
Okay. Unscheduled audits. These are our favorite types of audits. Typically, these come in the form of an inspection as well as with the introduction of unannounced audits by our notified bodies.
I think the key thing here is that one, you come in, you want to start your day, you have your to-do list. And no one wants to get that call from reception that there’s an inspector here, whether that be FDA or notified body, to conduct an audit.

Typically, these audits are a result of … well, one, from an inspection standpoint, something that is probably not good. It could be a result of product issues, some trends the country’s seeing, direct complaints, MDRs submitted to in this case the FDA, or you could have a whistleblower, which is a disgruntled employee that perhaps communicated with FDA that there’s something going on within that company. These types of inspections typically run a little bit differently than your standard surveillance audit or your MDSAP audit, and they’re really there for a certain issue, and you need to be ready for these. So really, regardless of it’s a surveillance audit or a unscheduled audit, you need to be ready at all times.

Audits readiness really shouldn’t be something that’s all hands on deck, people scrambling around trying to figure out where the skeletons are. Correct the information that we need to correct, hide the skeletons. You really need to be ready. The best thing I’ve seen on my experience is to conduct practice sessions. Do mock audits, do mock audits with someone coming in the door with maybe a few people in the know about having this audit.

So you can really test your organization. You should also have key quality documentation readily available. Whether it’s within an electronic system or a file cabinet, however you manage, ideally within an electronic system, because that, typically, it’s always being kept up-to-date and it’s readily available.

The real takeaway here is you need to be ready at all times to be able to host a audit, and people need to understand their role when hosting these audits. Where we have your typical surveillance audits, there’s a lot more preparation you can do because you typically know when it’s coming, whether it be months away or within five days or so, so you can be ready. But the unannounced ones, you need to be ready at all times. You should have procedures in place on what needs to occur when these types of audits happen.

How to host one of these unannounced audits, who are the points of contact, who are the backups? The internal communication process needs to be established and really ensure that all your employees know the role during an audit, whether it be unscheduled or whether a scheduled audit. Next slide.

Some audit best practices, and again, these comply to the unscheduled as well as the scheduled audits. You really need to set your team up for success. You need to establish your audit logistics. Are you going to do just a front room type of audit, or will you conduct the more of the front room/back room type of setup? And ensure that you have the technology ready to go and to be able to support the different types of audits based on that setup. Have some dedicated conference rooms already established that know when an auditor comes in, this is the audit. This is going to be the audit conference room, as well as where that back room would reside, hopefully close by in order to run the audit more efficiently.

Establish your audit team ahead of time. Who’s the host? Who are your SMEs? And make sure that for your SMEs, that they’re trained and that there are backups identified. Who will be scribes, who will work document prep, and who will run the documents back and forth? If you have the front room/back room setup.

Use the pre-established agenda and guidances that are out there to your benefit. This is in the area of documentation and SMEs. For the scheduled audits, what they’re going to be looking at. So, ensure that all this documentation is identified and it’s readily available to be pulled and that the SMEs are ready. They know how to speak to this documentation and can answer the questions in the appropriate manner. You can also attempt to guide the audit direction.

During an opening meeting, typically, you have a company presentation pre-established. In there, put some of the major products that just released. Some of the big QMS changes that may have occurred, as well as having those last two management reviews ready. This helps guide auditors in regards to what they want to look at. And ahead of time before that, make sure, just do a review that that documentation is accurate and complete, and try and prep your audit in that area. Have, like I said, typical documentation, prefilled, pre-polled, or organization charge management reviews. Ensure executive management—they’re aware and prepared, and most likely they will need to at least attend an opening meeting, be able to speak during that meeting.

And practice you through internal audits and mock audits. Practice does make perfect, especially when it comes to audits. Next slide.

Wendy Levine

I think Christine was going to take this slide.

Christine Pompa

Yep, you got it.

Now, additional best practices. Not only is the audit team nervous and stress filled, but everyone else involved in the audit is pretty stressed out as well. What happens when the auditor asks them a question? How are they going to respond? So it’s really important to coach the employees on how to answer questions before the audit. It really helps get their nerves and settle their nerves a little bit. Now, remind them to be cooperative, not defensive. They know their process better than the auditor does.

The auditor is really just there to learn about their process and gather information. Be short and sweet. If they think they’ve answered the question, they probably have. And don’t worry if the auditor wants more information, they will ask questions. Make sure they’re certain that they understand the question. It’s perfectly okay to repeat the question back to the auditor or ask the auditor to repeat the question. We want to make sure that the auditee understands exactly what they need to respond to. And on that note, it’s perfectly okay to say, “I don’t know.” Be open and honest with the auditor.
Don’t make up answers. Don’t try to come up with something that you might not know the answer to. It’s perfectly okay to say, “I don’t know.” And then watch for that silent pause. Auditors use this as a trick to try to get you to give up more information, and a lot of people don’t know that. People don’t like silence and having that silence there, you just want to automatically fill that silence. So let them know it’s okay to just wait for the next question.

Now, if you can, make sure you go through your logistics beforehand. As Bruce was saying, it’s important to get the logistics set up, but let’s make sure we test everything. Is your reception and lobby area set up and does it look professional? Is it all ready for the auditor once they arrive? Are your conference rooms booked, set up the way you want? Are tables there, chairs exactly the way you think it’s going to flow through the agenda?

Let’s test our communication functionality and technology systems. The worst thing could happen is you’re on a Zoom audit and your microphone doesn’t work, or your camera doesn’t work, or your speakers don’t work. Let’s test that out beforehand. And then also, let’s make sure that you get your timing down so that your audit goes as smooth as possible. Test how long it takes you to pull up those records and how long it takes you to get those documents that you need. Have a couple of examples, like Bruce said, at your whim and right in the back of your mind so you can pull them up straightaway to get your timing down and set the pace for the audit.

I think if you combine all of these together, it will help a lot. Next slide.

Wendy Levine

Yeah, thank you. Before we get to the Q & A, we wanted to ask you all another question. As more and more information is being stored in QMS systems and RIM systems, the question is, does your organization allow auditors any access to those systems directly, or are you only delivering documents in a physical format? Let me launch the poll here so we can ask you that question. There we go. Sorry.

So does your organization allow auditors any access to view records within the software systems the data is stored in? You see the results coming in and so far we have a lot more noes than yeses, which is not surprising. All right, let’s go ahead and share the results here. And then as I’m doing that, remember that if you have a question for our speakers, please put them in the Q & A box in your webinar toolbar, and we’ll make sure to get those answered.

So it looks like we have about a third, to two thirds. What do you think, guys?

Bruce McKean

Yeah, I’m not surprised by those answers. And it’s number one, you never let a auditor access to the system where they’re in there driving that system.

What I have seen work, and I’ve actually had auditors actually request that, “I want to see it within your system.” But the host or a subject matter expert in there driving up on a screen, they are actually in there clicking and showing the records that the auditor wants to see.

With the idea of course, you want to only show the records that they can see, and hopefully there’s not any additional information around that record that the auditor may want to say, “Well, what’s that about?”
“What’s that about?” Really should be there to see the electronic record up on the screen and the host or an SME actually doing the clicking and driving based on some direction from the auditor.

Christine Pompa

I would agree with that, a hundred percent. Yeah. We’ve had instances where there are certain things that are proprietary, and we might need to massage or manage beforehand.

So we’ve done that and we’ve tried to help mitigate that noise before the audit. Sometimes auditors will need to have that physical hard copy to get the information that they might need or to provide evidence and write down or capture that via hard copy. I’ve seen both situations and both scenarios. I agree with you. You never want the auditor to have free rein and just drive through your system.

Bruce McKean

And it’s really up to the company and the policy. I’ve seen it work both ways. What auditors about this is that the quickness of being able to bring a record up and looking at it, rather than have to wait for this complaint record, this CAPA record.

And it also depends on how the tone of the auditor’s going. If it’s an enjoyable audit or if it’s a contentious audit, there could be decisions on whether to go into these systems or not.

Wendy Levine
Great, thank you. We are at the Q & A section. Again, put your questions in the Q & A box, and we will definitely get to those.

First one, do you handle or prepare for audits differently if they are a hybrid audit where there’s a virtual component?

I don’t know, Bruce, if you want to take that one.

Bruce McKean

Yeah, sure. I can take this.

So really with COVID, the introduction of these virtual audits happened. In the past typically, this would never happen. And then with COVID, of course, we had to shift.

I would not treat the readiness, the preparation any differently. What you do need to make sure though, is that the electronic systems and the access that people have within your company to these systems to be able to conduct the virtual audit, are actually working.

But overall, I’ve been through a couple of these remote audits. These were MDSAP audits, and they seem to actually, in my mind, favor a little bit the manufacturer just because of how it’s being covered and what’s … Because you’re on video and how it’s being run and timed. You lose some of the space when you’re in a conference room reading that body language and things like that. In my mind, the virtual audits are here to stay. If anything, I like them. I think they’re more beneficial from a manufacturer’s standpoint in order to have more of a successful audit.

I don’t know, Christina, if you have anything to add.

Christine Pompa

Yeah, I think you’re spot on. I think it’s a little more difficult to get that personal one-on-one when you’re not face-to-face. So you’re absolutely right. It’s difficult to read the tone or it makes it a little more limited on what you can gather from the auditor to see whether it is going well or not going well.

I think it takes a little more diving in and delving in further to get the auditor’s sense of how comfortable he or she is with the information that they’re being given. I think the way that I would handle it is maybe just a little more trying to engage with them, a little further diving, like I said, into the details of it. Just to ask those questions. “Is that satisfying? Did you get everything you need? Can I offer you anything else?” Something like that that would kind of give you a sense that they’re satisfied and that they have everything they need.

Wendy Levine

Great. Next question, Christine, I think this would be for you. Regarding management reviews. How do you handle management reviews in the QMS system?

Christine Pompa
Yeah. So management reviews are, again, another one that’s really tough to pin down and control. Our executive management teams are super busy, so they have a lot of things on their plate. The way that I’ve structured it was I actually created templates in my eQMS to put out agenda so that I would have an agenda every meeting. And then a template for the meeting minutes, and then I would create a record for each management review meeting to tie back to those agendas and templates so that they match one-to-one.

The other nice thing, you could track your action items right through your eQMS as well, similar to what you would do for a corrective action, but you could call it, like, a management review action item. Again, tying everything all together so that it all loops back into one nice pretty package. So when you pull up your management review, everything’s there at your fingertips.

Wendy Levine

Great. All right. Let’s see. Give me one sec. Bruce, could you talk a little bit more about the difference between the front room and the back room, how you set those up, what people should be in each?

Bruce McKean

Yeah. So the front room/back room approach to audits is where typically you have your front room, that’s where the auditor resides, and you have your audit host. And with your audit host, you can have a scribe, which takes notes pretty much word for word. A lot of times this is being done on some IM system, or in OneNote, where they’re actually documenting the conversation that is going on to keep the record of the audit. As well as this person can also ask as a document requester. I’ve also seen in the front room where they have a separate person as the document requester.

In the meantime, what’s happening is they’re communicating through IM. You’re seeing the notes of what’s going on in the front room, as well as the documents are being requested, and you have a staff of people. It could be anywhere from one to two people. I’ve seen a back room of almost up to 50 people where they’re in there watching the transcript and trying to predict maybe where the auditor’s going.
As well as they’re in there, getting documents ready, pulling records, reviewing those records. Stamping records, pretty much triaging all the requests. And then you have a runner that brings that record into the front room, gives it to the audit host so they can hand it to the auditor when the auditor’s ready for that.

So it’s really, I’ve seen it a lot with larger companies implementing this, but you can also do it on a smaller scale as well. And it really helps keep the audit moving. As well as you have records, you can prepare your SMEs ahead of time because you see where the audit’s going, so I need to get that SME ready and queued up to be going in the room. So it’s all about preparedness and making the audit run efficiently.

Wendy Levine

Hey, Bruce, that’s a great segue into the next question we have. What are some of the best practices on prepping subject matter experts to come into the front room and answer those questions? Any specific advice there?

Bruce McKean

Well, hopefully during your practice sessions, you’ve figured out your SMEs and which SMEs we’re actually going to use because not everyone is equipped to go into an audit room.
Especially when it comes to engineering. There’s nothing against engineering, but there’s some people that just aren’t equipped to go into the front room, whether they’re too nervous or they just want to tell everything about everything.

So you really want to be able to vet out who would make good SMEs for these different topics. And then again, practice and making sure that they understand how to conduct themselves, as we went over.
But in the moment when they’re asking. Let’s say for a validation record, and you want to bring in your SME around that validation, sit down with them prior to them going in and saying, here’s the issue.
Here’s where the auditor’s going, and probably what they’re going to be asking. So, can you go in and explain this? So have them prepared with what we believe that the question is going to be asked related to this record.

And if there’s any justifications in there, the auditor will definitely want to know about justification, especially if there was any type of failure that you justified is okay to accept the validation.

Wendy Levine

Right, and that’s perfect timing. We are at time. We did have a couple of specific questions about some functionality around Arena and Rimsys.
We’ll reach out to those folks separately to answer those questions. We will get those questions answered, but I think that’s it. Thank you, Christine. Thank you, Bruce.
Appreciated your time today and your expertise.

Christine Pompa

Well, thank you so much for the opportunity.

Bruce McKean

Yes, thank you very much.

Wendy Levine

Thank you everyone for joining us.