Editor’s Note: This article is the second in a two-part series. The first installment appeared in our February/March issue.
In the first part of this article, we discussed why supplier quality has been a prime topic at recent industry conferences, in the media, and in legislation. Supply chain has evolved into a complex process of global sourcing, manufacturing, and distribution. With increasing levels of media exposure for recalls, companies have to be responsive to the growing pressures from regulatory agencies and customers to develop, implement, and maintain a supplier management program that integrates compliance, oversight, and strong supplier relationships into business practices and quality systems. In this article, we’ll look at the key areas that companies should focus on for an overall improvement in quality in the supply chain.
A supplier management program can help improve profitability by decreasing the cost of quality. Additional emphasis should be placed on the control/oversight of suppliers as outsourcing activities increase. Remember, poor cost of quality results in rework, waste, delays in product approval, resource inefficiencies, corrections and removals, enforcement actions, and other problems that impact profitability. A good supplier management process should include:
- Supplier selection, evaluation, and approval to determine the appropriate supplier level (risk) for products, materials, and services/consultants; the appropriate contracts and agreements to meet the needs of the business; good rationalization of the supplier base, with segmentation based on strategic importance, people, information sharing, competitive factors, quality, ethics, culture, stability, longevity, and history; and sound quality and business/financial systems. Such processes will secure access to more/better sources of supply and reduce the cost of procurement.
- Monitoring/maintenance that will include the initial review, ongoing reviews, and annual evaluations (audits, internal and external nonconformance data, on-time delivery data, and so on) and keeping suppliers on track by communicating company strategy, performing quarterly business reviews, having annual supplier conferences, and keeping supplier score cards. Such processes will increase compliance and decrease risk.
- Appropriate removal/inactivation controls for noncompliance and inactivity. Such processes will reduce the cost of quality.
- Real-time data that demonstrate control over suppliers—metrics, data analysis, and action items. Such systems will provide better control over the supplier base with increased collaboration, resulting in standardized practices and processes and improved transparency and auditability.
To ensure that quality is maintained, there must be a risk management process that covers the entire life cycle. This requires strong supporting audit processes and internal and third-party audit resources and information management systems that allow in-company resources and external supply chain partners and auditors to share information. The risk assessment process must include an execution of pre-qualification processes for new suppliers and accompanying follow-up audits. Given the limited resources available for numerous audits, a risk-based approach is essential. In addition, supply chain visibility has become a key issue. The heparin problem revealed the complexity of a multi-tiered, global supply chain. Companies may not be too concerned with their supplier’s suppliers, but when it comes to business risk, visibility becomes essential.
Key issues for supplier risk management include:
- aligning multiple stakeholders;
- applying risk management through the entire supply chain;
- prequalifying suppliers;
- having audit standards;
- ensuring visibility across the entire supply chain (primary and sub-tiers); and
- implementing the right systems for data collection.
The first requirement is to unify the goals and objectives with regard to suppliers and contractors across all functional groups. Cross-functional collaboration is necessary to reduce the risk to the corporation. A failure of quality or significant disruption of supply has a major impact on a company. Hidden costs of manufacturing failures, which can be attributable to suppliers or contractors, can become significant.
A comprehensive risk management system, extending over the complete product life cycle, needs to start in the early phases of product development with a rough risk assessment based on the immediate data available, including the evaluation of raw materials and services, along with appropriate functions involved such as quality, environmental health and safety, and procurement. With appropriate follow-through on actions identified, the risk assessment will help ensure cross-functional alignment.
Given the scarce resources typically available for audits, there must be agreement across functions on how to best deploy the audit resource, including the use of third-party and shared audits. Because such resources can be a severe constraint, a rigorous risk assessment is needed before deployment.
Information and data management is another essential component involved in managing the risk process over a lengthy product life cycle. Without access to a cross-functional and collaborative supplier system, it is almost impossible to achieve a unified approach to managing risks across multiple stakeholders.
Supplier Sourcing and Qualification
Each manufacturer establishes and maintains requirements, including quality requirements that must be met by suppliers, contractors, and consultants. It is the responsibility of the original equipment manufacturer to ensure that the materials used in products are of acceptable quality, regardless of the geographical and logistical challenges involved in evaluating manufacturers and suppliers in remote countries. Supplier qualification must be performed for each material and supplier combination. These expectations are explicitly stated for pharmaceutical components at risk for melamine contamination in an August 2009 Food and Drug Administration current good manufacturing practice guidance that goes beyond CFR Part 211, stating that manufacturers need to know and monitor their supply chain for any at-risk components.
The selection process should occur as early as possible in the product life cycle process and should include cross-functional team members from purchasing, quality assurance, engineering, and manufacturing, as applicable. Evaluations should be conducted based upon the type and extent of control needed over the product, material, or service to be provided and should take into account risk management principles. Use risk management principles to determine supplier risk during the selection process. Some things to consider include:
- supplier level (type and extent of control);
- sole source; and
- single source.
Develop different audit types: on-site audits, quality assessment questionnaires, and business/financial assessments examining the stability of the supplier, including ability to deliver, potential for growth, safety stock for product/materials, and cost and volume. Determine the extent of the suppliers: frequency, facility locations, training, volume, cost, and ability to meet acceptance criteria. Finally, determine the results of the evaluation and the approval status of each supplier: accept/reject.
Choose a potential supplier based upon the company’s ability to provide consistent product, material, and/or services. Determine the stability of the potential supplier by:
- Establishing and/or reviewing quality systems and data, including compliance, contracts, and quality agreements;
- Developing contracts/quality agreements with clear expectations and well-defined acceptance criteria, which should include quality system requirements such as control of material; audits by the manufacturer and/or by an external agency; notification of changes to location, process, or materials; nonconformance control; complaint handling; and corrections and removals; and
- Finalizing an approved supplier list, a formal controlled list of suppliers that includes pertinent information such as name, location, type, level, and current status.
As companies look for ways to improve procurement cost and lead times, the focus in supplier partnerships is shifting from one of price reduction to relationship value and total cost of management.
Supplier Audits and Testing
Auditing your suppliers is a key part of quality and compliance improvement. A pharmaceutical company needs to insist on a confidential in-depth audit of every part of the facility, operations, and quality systems relating to the material it wants to purchase, including manufacturing and testing details. In addition to regular, thorough manufacturing facility audits, the company should actively ensure that it or its brokers have reliable, up-to-date knowledge and verification of the drug substance upstream to ensure that materials really do come from approved sources. If manufacturing and supply chain integrity cannot be verified regularly, the initial cost savings from a cheaper source cannot compensate for increased risk.
Companies must determine how often and to what extent suppliers will be reevaluated. Risk-based measurements should be determined for data analysis in reviewing suppliers, including assuring meaningful data is captured; configuring data so that problems can be identified; and identifying data-driven status changes.
Audits must be conducted by skilled, experienced auditors who are technical experts and are, preferably, fluent in the local language, with enough time to look carefully at suppliers’ operations and records. Given the complexity of the supply chain—numerous partners and geographic locations—industry is responding by developing a consortium approach to audit execution and information collaboration.
Rx-360, a nonprofit international pharmaceutical supply chain consortium seeking efficient and effective approaches to supplier risk management, has combined the efforts of leading pharmaceutical companies to implement audit standards, auditor training, and auditor certification, providing the capability to support over 1,000 audits. With the goal of a consortium supplier certification program, suppliers can start sharing critical data with transparency to the manufacturer and the distribution channel. In addition, the consortium expects to implement additional standards for good distribution practices; good importer practices; good storage practices; quality agreements; certificate of analysis; tamper-evident packaging; and pre-audit questionnaires.
Traditionally, manufacturers get inspection records once the material physically arrives at the manufacturers’ premises. A good inspection system allows for the creation of different types of sampling plans. One is the American National Standards Institute/American Society of Quality Control’s standards and guidelines for sampling characteristics used in testing incoming inventory for meeting acceptable quality levels. The receiving inspection system, using inspection capabilities and based on inspection results, allows companies to prevent out-of-spec supplied materials from entering the production environment.
Even if the tests are made more specific, however, the risk of contamination for materials can be significant. Even third-party testing is not enough to ensure the quality of pharmaceuticals. It is not possible to test quality into a pharmaceutical product, because good quality must be built into the product with appropriate materials and validated processes that ensure the product’s safety and efficacy. There is a risk that the modification of even a single processing step can change the by-products or impurities of even the materials used. As with a final drug substance or API, testing is a confirmation of a material quality but may not be enough on its own, without manufacturing records showing that each batch was made according to a validated process that complied with the final product specifications.
The best suppliers will accept the new reality of increased transparency, and brokers and distributors who can establish and guarantee the level of quality assurance associated with more rigorous auditing and supply chain verification will be invaluable.
Operation and IT Challenges
Technology is critical to securing the global supply chain because it is the only way to provide both visibility into products and assets across extended supply networks and the ability to take action immediately. Senior management should be updated regularly on the security and integrity of critical supply chains. Overall reports usually include:
- metric and data analysis and review;
- inspection results (incoming, production/manufacturing, source inspections);
- nonconformance control/corrective and preventive action (CAPA) oversight;
- complaint handling/corrections/removals;
- business metrics (delivery, lead time, technical support, cost, and strategic initiatives);
- supplier scorecard;
- adherence to contracts/quality/purchasing agreements;
- audit results and responsiveness; and
- cost of quality.
However, current manual processes can limit the integration of applications and data for analysis that is adequate to effectively understand your state of supply chain quality, compliance, and potential risks. While supply chain data may be maintained within a certain quality system, departments, or other manufacturing and procurement automated solutions, in many cases different elements of an organization’s product supply, quality, regulatory, and commercial functions are disconnected.
An integrated quality approach must be embedded into the core business. Ask yourself these questions: How many systems contain some supplier quality data throughout the product life cycle? How much time is spent navigating the maze of data versus using and focusing on problem solving? How much time is spent on the duplication of data entry or searching for data entry errors across different supplier quality systems? Can people at all points in the chain create data that are recognized from end to end? Do any supplier corrective action requests signal not only discrete performance issues (e.g., a failed batch), but also overall degradation to the whole company? With regard to any CAPAs, are all sites aware of the issues that affect them and are they actively looking to make connections? Are holds instantaneous throughout the entire chain? Does information about non-conformances get passed along forward and backward? Have you truly leveraged technology to enable effectiveness, efficiency, and closed-loop processes?
Although these systems provide automation that helps organizations reap the benefits of repeatability and sustainability, you must ask yourself if they are truly complementing your overall supplier quality investments. Integration allows real-time access to data stored within each system, enabling your organization to make informed decisions based on current information. But it’s not just about technology and automation. Automation of inefficient processes will, by default, simply make your inefficiencies happen faster. A comprehensive supplier quality management system helps companies understand the significant impact that poor quality, service, and delivery have on sales and profits. Take what you’ve learned from your process inefficiencies, add that to your understanding of best practices, and architect them into an integrated supplier quality platform across your organization’s value chain.
With such technology enablers in place, reporting and analysis makes it easier for management and all stakeholders to understand the supply chain state of risk, quality, and compliance.
Flexible, Simple, Integrated
Make the supplier management system flexible, simple, risk-based, and easily integrated throughout the organization. Assure that sufficient mechanisms are in place so that all suppliers are managed according to the type of product, materials, or service provided—this includes “consultant” services. Have a selection, maintenance, and reporting process that includes materials, products, and services throughout the product life cycle. Make sure the appropriate functional partnerships are established—engineering, manufacturing, purchasing, quality, and the supplier’s representative functions. Invest in resources to support the internal partnerships among quality, purchasing, engineering, and manufacturing to drive for successful oversight and management of suppliers. Build supplier relationships.
Integrate risk management throughout the supplier selection, maintenance, and data reporting processes. Implement measurement, data analysis tools, and processes for different levels of the organization. Configure data so that problems related to product, process, or quality systems can be identified. Identify and communicate to the supplier results of the analysis and/or any further decision to take action. Drive for the development and ownership of supplier relationships, in other words, accountability.
A good supply chain management program with effective quality processes will help pharmaceutical companies reduce the cost of goods purchased due to improved market access and more effective price negotiations made possible by company leverage. It will also reduce risk due to increased compliance with more thorough specs, better communication with your suppliers, and more rigorous testing and reporting. Such a program will also improve supplier performance with service that is punctual and high quality, meaning there will be no surprises for you. It will also deliver standardized contracts that are easier to monitor and a sustainable competitive advantage with consolidation and visibility throughout the entire supply chain.