03.16.2020 Judy Carmody

    A Risk-based Approach: The Best Way to Begin to Tackle Data Integrity and Vendor Oversight

    What are the two inspectional focus areas of regulatory agencies? Vendor oversight and data integrity. And agencies expect companies to take a risk-based approach, making them both quite daunting tasks. 

    But they don’t have to be.

    We are all familiar with the phrase “risk-based approach,” but what does it mean and how do we implement it when we are trying to meet the regulatory requirements around data integrity and vendor oversight? It’s a lot to unpack. >

    Where In The Process Does Risk Assessment Occur?

    judyblogIs it at formulation or IMP manufacturing? Or perhaps at protocol synopsis or final protocol before FPI? 

    The answer is all of the above. 

    Risk assessment is a continuous process throughout the product life cycle. It is vital to identify and address risks in key processes critical to patient safety and data integrity that can be avoided and managed, including vendor oversight. This is the beginning of instilling quality into your company’s products as well as the culture.

    The Benefits Of A Risk-Based Approach

    There are many benefits to this approach. Companies can understand and positively influence factors (i.e., hazards) that regulators are required to examine. This approach also allows you to provide assurances that risks are adequately managed. It also can enhance compliance on external and internal requirements. Finally, it creates awareness and a culture that works to support effective proactive behavior, open and factual dialog (so we solve problems rather than assign blame), and decisions that are traceable and consistent.

    There will always be risk. But this approach helps you identify risk and determine its severity, detectability, and the likelihood of occurrence so you can prioritize risk and develop plans to address it. If you start with this approach you clear away superfluous issues. Such efforts can tell the story of how your organization avoids and manages risk for the benefit, ultimately, of patients.

    A Word About SOPs And Their Role In Risk Management

    SOPs are one of the basic building blocks that lead to better risk management. Well-written, concise SOPs improve processes by providing clear direction that can be implemented consistently. This can decrease churn, noncompliance, and questionable data. Consistent implementation of procedures allows staff (whether internal or vendors) to better focus on activities that help mitigate risk. 

    SOPs can be created to outline tasks such as how to identify the processes and data that are critical to ensure patient safety. They can include process mapping to identify risks, prioritize risks, and conduct due-diligence activities for vendor selection. You can also create SOPs for event investigations and Corrective and Preventative Actions (CAPAs). When such an SOP exists and can be followed in times of crisis, it can remove much of the emotional angst associated with such events, allowing people to focus on finding a solution.

    Managing Risk Is A Behavior

    Remember that “The investigation of risks is at once a scientific activity and an expression of culture [Kasperson, Renn, Slovic et al. (1988)]. There are ways to make it part of your company culture through education and a commitment to change behaviors for the benefit of patients.

    Final Questions To Reflect On

    So in terms of a risk-based approach, ask yourself:

    • How do you currently measure risk?
    • How do you assess risk around your vendors?
    • What procedures do you have in place for risk management?


    Judy Carmody, Ph.D., is the Founder and Principal Consultant of Carmody Quality Solutions, LLC (CQS). She as 20+ years of expertise in applied technology, bench chemistry, analytical development, validation, quality management and senior leadership. She has built quality management systems for both start-up and Fortune 500 companies. She holds a Ph.D. in Analytical Chemistry from Clark University in Worcester, Massachusetts. Connect with her on LinkedIn.

    Published by Judy Carmody March 16, 2020
    Judy Carmody