How responsible should the sponsor be for the outsourcing provider’s success?
When assessing the competencies of an outsourcing service provider such as a contract manufacturing organization (CMO), sponsor companies must pay a great deal of attention to the cGMP compliance level – and capabilities – of the provider. There are four very important reasons:
1. Regulatory enforcement – this is the obvious reason because regulatory health agencies, most famously the FDA, see no difference between the sponsor and the supplier
2. Financial loss – if the drug is produced in a way that is deficient, the sponsor may have to recall the drug or even keep it off the market for an extended time while the deficiencies are corrected or a new outsource CMO is found and qualified
3. Litigation – both product liability lawsuits and disgruntled investor lawsuits are on the rise; so, for instance, if a sponsor has contracted out clinical trial product production to a CMO, and the CMO has compliance problems during the time it was producing clinical trial drugs, then a sequence of “too late to fix” issues unfold:
- First, the regulatory health agency may decline a marketing submission by saying that the trial data was unreliable as was the clinical trial production;
- Investors now sue claiming executive incompetence, negligence, fraud, intent to deceive, etc. (note that anyone in senior management is likely to be named personally in such lawsuits); and then
- Patients who took the now “deemed unsafe” trial drug may decide to seek damages because the sponsor’s quality personnel did not do their jobs to ensure the clinical trial product met minimum standards (e.g., cGMPs);
- And finally, we can start adding the worst case: due to litigation discovery (where the plaintiff can force sponsors to reveal publicly the sponsor’s internal documents, reports, emails, presentations, and so on), more lawsuits get filed, individual personnel in the company get named, and public reputations are ruined
4. Reputations – this is the most subtle of all, but the one that ruins careers and companies. Stories of CMOs having compliance problems don’t really make headlines; the stories of the sponsors having compliance problems due to a CMO – now that makes headlines. Thus, it’s the people at the sponsor company who have the most to worry about when it comes to bloggers and the press criticizing the sponsor company mistakes.
Furthermore, all firms should be cognizant of the recent recommendation that the FDA is considering, that warning letters and other regulatory enforcement actions against a CMO or a CRO also be applied to the sponsor.
Should sponsors be involved in the audit process?
When it comes to the audit process, I believe it completely depends on each individual case as to whether the sponsor should be expected to be involved in the process or whether the outsourcing provider should be expected to deal solely with the inspection. Let me provide three situations from three different clients of mine with three different answers:
- Client A is a small pharma company with less than 30 personnel and who has outsourced production of their new molecule to a CMO. Client A has 1 full-time quality person and 1 full-time regulatory affairs person. It is not realistic to assume that they will be able to provide much assistance to the outsourced CMO especially since, given all the activities that are required to bring a new drug to market, both the quality and the regulatory affairs individuals are already working 50-60 hours a week. Thus, the expectation of Client A is that the CMO would handle the regulatory agency inspection.
- Client B is a huge, multi-national firm with quarterly revenues in the billions. And while it may seem that they would have the resources to help their outsourced providers, we also need to recognize that the bigger the sponsor company, the more the products, and thus the more the suppliers. Thus, it may not be realistic to assume that the multi-billion dollar firm has the resources to send audit support teams to all its CMO vendors; it may have to confine its support activities to those CMOs in high-risk categories or where the sponsor can get its largest return on investment.
- Client C is a mid-sized firm just getting into the international marketplace. They have the staffing to provide an audit support team to their CMOs (two people), but do not have the knowledge or the expertise to provide their new international CMO in Japan with an effective audit support team. Thus, the assumption started out that Client C would not provide an audit support team. However, because of the business criticality of the international expansion strategy, Client C had to figure out how to support and help their CMO succeed in the inspection.
How can the sponsor help its partner pass inspections?
There are a number of ways that sponsor can help its outsourcing partner to pass regulatory inspections, but first, as part of any quality or technical agreement, the sponsor needs to clarify two items:
- The ability to audit the outsourcing partner using an independent auditor, not just sponsor personnel. In this way, the sponsor can hire an independent auditing expert experienced in the type of audit the outsourced provider can expect (e.g., for a CMO in the US, the sponsor can hire a firm that conducts mock FDA audits, for a CMO in Germany, the sponsor can hire a firm that conducts mock EMA audits, etc.).
- The creation of a regulatory responsibility matrix that clarifies who – the sponsor or the outsourced provider – is responsible for what specific section of the regulation. In this way, the inspection scope can be quickly narrowed down.
Next, the sponsor may want to work with the outsourced provider to assemble a standing “audit package.” This is a set of documents such as a Site Master File, a current listing of SOPs, a copy of the summary of the most recent quality system management review, and so on, that can be given to any regulatory health agency inspector. I’ve found this type of default audit package, properly kept current of course, can be of much help to the sponsor, the outsourced provider, and the inspector.
Third, the sponsor should consider hiring an independent third-party to conduct a sort of “bulletproof yourself against inspections” type of corporate workshop. The key for this workshop would be to really show the outsourced provider was the inspector actually looks for (e.g., it’s a lot less about SOPs and a lot more about looking at records – or the lack thereof – which prove compliance with SOPs and regulations), what agency inspectors use to develop their questions, have some role-play on answering inspector questions so the outsourced provider can see how it works in the real-world, and so on. I’ve had a number of clients tell me over the years how much a just a one-day workshop on this has yielded hug dividends over the years, as well as how it reduced their own anxieties and risks when it came to regulatory inspections.
When issues need rectifying
So what happens when problems are identified by the sponsor during the course of the agreement or are identified by a regulatory agency inspector during the course of an inspection? What should the sponsor be expected to do in these scenarios?
Naturally, it depends on the nature of the deficiencies and the business goals of the sponsor. As a simple example, a sponsor looking for justification to break a contract with an outsourced provider with whom it is unhappy may not want to help the sponsor resolve any issues, but rather use the regulatory findings to justify finding a new outsourced provider.
That said, in general, the sponsor should expect to perform some level of help. Setting situational specifics aside, here’s how I suggest my clients set about determining the level of help they will provide, or at least offer, the outsourced provider:
- If the deficiencies found deal specifically with the activities and processes contracted for by the sponsor (e.g., the actual production process for the sponsor’s product rather than more general CMO processes such as training records maintenance), the sponsor needs to offer as much help as possible. This could be sending personnel, this could be helping to hire an outside consultant (keep in mind that a lot of outsourcing providers operate on tight margins and may not be able to afford an outside expert themselves), this could be working together to redesign process, etc.
- If, on the other other, the deficiencies are more systemic and clearly affect all of the clients of the outsourced provider (maybe the clean room gowning area is deficient or the overall training records are deficient), the sponsor will want to be more cautious about direct involvement. At this point, the focus needs to switch back to the sponsor. The sponsor needs to ascertain what other controls it has in place that mitigate the risks posed by the outsourced provider’s deficiencies. If there are no controls, can some be put in place? If not, then the sponsor needs to step up and at least become involved through the mutual CAPA or change control review processes as spelled out in the quality or technical agreement.
Finally, if the sponsor’s personnel recognize that the outsourced provider could use some guidance on the how to go about resolving any deficiencies, the sponsor should not be shy about suggesting helpful Internet sites (such as a listing of relevant drug or device regulations and statutes), published articles, recorded compliance seminars, or even independent outside compliance experts for the outsourced provider to consider.
These types of lean compliance supplier management strategies work well with outsourced providers and internal activities as well.Originally published September 2010 in Pharmaceutical Technology