“An ounce of prevention is worth more than a pound of cure” ~Benjamin Franklin
Although this quote is generally attributed to human health issues, it can also apply when one is considering the “health” of your laboratory computer systems and business processes. Just as taking care of yourself (i.e. eating healthy, exercising, and getting sufficient sleep) can prevent poor health outcomes, so too will establishing and maintaining the proper systems, processes, and quality culture help prevent poor audit outcomes.
Interestingly, in the complete version of the quote, Franklin actually addressed fire safety and wrote how tending live coals properly (i.e. covered) during transport, a preventative action, could mitigate the risk of a house fire while also reducing the risk of personal harm. Why did people of the day not use their warming pans with lids to transport live coals, hence prompting the penning of the now famous quote? Perhaps there was a cost or time savings factor for carrying live coals up and down wood stairs in whatever happened to be at hand, but why take these risks?
Unfortunately, it is not unusual to find companies that do not take preventative measures to maintain and improve the “health” of their laboratory computer systems or business processes. These companies tend to go down the road of “quantity over quality”, accepting higher levels of risk and taking shortcuts to save costs to improve their bottom line. Inevitably, these organizations get their comeuppance and are stopped in their tracks when the FDA auditors come for a visit.
Can an organization know for sure that their laboratory computer systems and business processes will pass or fail an FDA audit? Well, one can’t really tell for sure because it can be somewhat dependent on the auditor. But, there are risky behaviors and warning signs, just like carrying live coals up and down wooden stairs using open shovels and subsequently smelling smoke, that need to be addressed. So, without further ado, let’s dive in and look at some of those poor behaviors and warning signs.
Lack of integrated quality systems
A classic poor behavior is when an FDA regulated laboratory organization does not have an integrated quality system in place and being actively utilized. This lack of an integrated solution can lead to data integrity challenges, inconsistencies and a lack of standardization among various internal departments’ key documentation, training, and Corrective and Preventive Action (CAPA) processes. Notification, tracking, and deployment of CAPAs will also become difficult without a fully integrated QMS.
Lack of a risk based software validation approach
Using a generic, one-size-fits-all, Computer System Validation (CSV) approach is a huge warning sign that your upcoming FDA audit is not going to go well. A generic CSV approach doesn’t reflect your organization’s appetite for risk or make use of the benefits that a Risk Based Approach affords, such as tailored software testing to meet your specific needs, and effectively leveraging what software vendors may already provide. The use of a generic CSV approach will be apparent to an auditor and if the validation of your laboratory computer systems doesn’t consistently produce results that meet your predetermined specifications and quality attributes, you will definitely run into trouble when during an audit.
A major warning sign of something being off to an auditor is an inordinate number of customer complaints. It is well known that a complaint which poses a major health risk will get immediate attention. But multiple, or repeat minor complaints, like the incorrect number of cough drops in a box, can begin to put your lab organization on the FDA’s audit radar. Additionally, not having a clear procedure in place that is followed and monitored (see #5) to address these types of complaints also raises a red flag.
→ Additional Reading: 7 Validation Mistakes You Don’t Know You’re Making
Weak documentation (SOPs, audit plan, validation plans, etc.)
- Not followed
- Doesn’t match how things are actually done
- Not under change control and are consistently not up-to-date
- Referenced, but doesn’t exist
Now take a moment and look around your organization. Do you see any of these warning signs or poor behaviors? If so, do you have a plan on how to address these shortcomings?