By Jeff Clark, 7P Solutions™, LLC
The transportation and logistics world is accustomed to complying with regulations, from the Department of Transportation (DOT), to the International Air Transport Association (IATA) and country-specific import and export regulations. With the implementation of Good Distribution Practices (GDP) in the European Union, it is inevitable that the US will follow suit and the Food and Drug Administration (FDA) will adopt GDP as well. This is the foundation for securing the "identity, strength, quality and purity" of all pharmaceutical products as defined in 21 CFR Part 211, Current Good Manufacturing Practices for Finished Pharmaceuticals (cGMP).
New Law HR3204 And Compliance
In addition to cGMP and GDP, the Drug Quality and Security Act passed into law the 27th of November 2013. Title I of this act is focused on compounding pharmacies' quality and is outside the scope of this article. Title II is the Drug Supply Chain Security Act, creates a uniform national standard for drug supply chain security to protect Americans against counterfeit drugs. The ultimate goal is tracking of pharmaceutical products at the unit level within ten years. Licensure standards would be created for wholesale distributors and 3PLs, with the states holding the authority for issuance of licenses and fee collection.
Ten years may sound like a long time, but considering the scope of the requirements, the time to begin the process toward compliance is now. The range in expertise and compliance across logistics and transportation companies is incredibly broad. Some companies are working in paperless environments with well developed quality systems, while other companies have all paper-driven processes and no formal quality system.
The first step toward regulatory compliance of any kind is the implementation of a quality system. As every quality assurance professional in the US knows, from the FDA's perspective if it isn't documented, it didn't happen. The basis of the quality system can be cGMP/GDP, or can be ISO based since many of the fundamental aspects of both are similar. A quality manual and standard operating procedures (SOPs) should be developed meeting the basic requirements of personnel, quality management, training, equipment, premises, organizational structure, documentation and operations as described in the regulations.
Training, Equipment And CAPA
All training including on-the-job, classroom, individualized study, and external should be documented, as well as the job description and resume to prove that the employee has the proper training, education, experience or combination thereof to perform their duties. All equipment qualifications and maintenance should be documented. Any measuring devices such as thermometers used for climate controlled shipments must be calibrated to NIST traceable standards or similar local standards for non-US companies. Any software used for the tracking of shipments or reporting of environmental data should be validated prior to use.
Companies must document and investigate all complaints and deviations to determine root cause and develop corrective action. If a weakness is found in the quality system during internal or external audits, that weakness should be addressed with preventive action. Corrective and preventive action are known collectively as CAPA.
Implementing Security In The Supply Chain
Once the quality system is established and implemented throughout the organization, the security aspects of transportation and logistics can be incorporated into it. Companies may wish to meet the Freight Security Requirements (FSR) or Trucking Security Requirements (TSR) of the Transported Asset Protection Association (TAPA). The FSR sets minimum standards for facilities that store and handle high value/high security assets such as pharmaceuticals. FSR certification is available at the facility level, and requires the successful completion of an audit by a TAPA auditor, including payment of the associated fees. These are voluntary requirements, but are very comprehensive and each company can determine the level that best meets their customer's needs. Checklists for the requirements are available on the TAPA website, www.tapaonline.org.
The physical security of the cargo can be managed with a layered approach. A procedure or policy should be in place and be very specific in describing the routes a driver should take, where stops may be made, steps to take when suspicious vehicles are spotted and who may enter the vehicle or trailer. Obviously physical deterrents such as locks, hard sided trailers and seals should be used as well. The last and not as widely used layer should consist of tracking devices for the equipment and the cargo. GPS devices can be used on the truck and can provide information about the driver such as speed, hard driving, idle time and some can provide engine diagnostics as well. Separate GPS devices can be attached to the trailer either overtly or covertly. Using these two devices together, it will be very easy to track when the truck and trailer are not moving together and a potential diversion has occurred. A third portable device can also be embedded in the cargo itself, providing the user information and notification when the cargo has separated from the trailer. The possibilities are endless with the use of geo-fences around the equipment and cargo, and real-time notification of breaches. Cargo embedment of these devices is the launching point for tracking of the cargo at the unit level as described in the Drug Quality and Security Act. The technology will continue to evolve to meet the requirements, and companies who can already perform the task at a pallet level will be ahead of the curve.
Compliance is not optional. Companies who wish to participate in the transportation of pharmaceuticals must meet the regulatory requirements. Pharmaceutical companies are responsible for ensuring their vendors meet the requirements, therefore transportation companies can expect audits to be performed by their potential customers before shipments begin. Building the quality system and partnering it with a robust security protocol are the first steps in building a compliant and mutually beneficial relationship.