Guest Column | August 20, 2021

The 5-Step Checklist For A More Mature, Robust Quality Management System

By Tobias Kuners of Koenders, managing consultant, Tob Management

Expert Network

Whether you are preparing for a pre-approval inspection, have the corporate desire for continuous inspection readiness, or are engaged in a LEAN initiative to clean up and strengthen your quality management system (QMS), further maturing your QMS can be helpful to ensuring a robust, comprehensive, and compliant QMS.

This article provides an approach for achieving a mature QMS that is advanced to your desired level of maturity.

A mature QMS is not equivalent to having a QMS that has aged over the years. In most cases, a QMS is set up at the start of a site and extends and expands with the growth of that site as new equipment is brought in, processes are introduced, or capabilities are enhanced. Typically, with every introduction, new procedures, work instructions, and forms are added to the QMS. Combining existing systems, procedures, work instructions, and forms with new ones is done very rarely. Even more rare is assessing the QMS and evaluating its level of maturity, compared against corporate expectations and evolving regulatory insights.

Having too few procedures is not good, as it leaves too much to chance, which is unacceptable. Too many procedures are equally not good, as that might create confusion as to which ones to use when. It also requires an excessive amount of recurring training and exposes procedures to being missed for a scheduled review or referenced in another procedure, to name but a few potential problems.

The starting point for any QMS are the regulations in your region and the guidance from corporate (where applicable).  When your QMS needs to be set up, the model described below is a great framework to determine which modules are mandatory, which need to be developed in the short run, and those for which a schedule and plan are enough to start with.

1. Integrate Procedures, Systems, And Documents In A Single Repository

The QMS as the repository of GMP procedures is strictly governed by the QA department. At many organizations, another repository exists for business procedures, systems, and documents, as well as the requirements to be followed, maintained, and archived. Instead, it is recommended that you integrate all procedures, systems, and documents in one single repository and, within that repository, use the rigor by which each procedure, system, and document is managed to differentiate them. For example, the procedure to select, book, and cater a meeting room is just as important as any other procedure, but it doesn’t affect patient safety, product quality, or regulatory compliance. As a consequence, the governance for such a procedure may lie solely with the facilities team and doesn’t require approval signature from QA or their oversight. On the other hand, the procedure for access to the facility, including general office areas, non-controlled areas (e.g., goods receipt area and waste out area in the warehouse), and classified areas (e.g., laboratory space and manufacturing suites) by employees, temporary staff, consultants, contractors, and visitors, ideally linked with the learning management system, may be prepared and submitted by facilities but does need alignment and buy-in from all affected departments and requires appropriate QA oversight. In the setup of a repository, such differentiation in QA oversight and rigor provides more consistency and allows for easier internal audits and self-inspections to maintain a high degree of compliance.

An integrated approach for QA and non-QA governed procedures, systems, and documents in a single repository not only drives consistency but allows for a unified repository and a single home for all procedures, systems, and documents.

2. Follow The 5-Stage Systems Maturity Model

The systems maturity model is based on five-stages, with stage three being the stable state. For each of the stages, maturity assessment criteria need to be established first.  Assessment criteria cover all activities of the site and show the differentiation between the levels. Graduation and assessment for maturity development are not a mathematical exercise but need a candid governance, meaningful prioritization (matching strategic direction), and comprehensive understanding of functional interdependencies and boundaries.

This structure and approach enable consistent communication, transparent accountability, and opportunity for guided change.

The system architecture for a combined repository has a GMP column for operations, one for quality, and one for business procedures, systems, and documents, also covering non-GMP. Within each column there are subdivisions detailing the different elements. Each of the elements can be made up of multiple procedures covering the activities at the location, the processes, and the systems.

As part of the gap assessment, the current maturity needs to be determined for each element in each of the columns.  To establish the gap, agreed maturity assessment and system graduation criteria need to be established first. What does each maturity level look like? How is graduation from one level to the next agreed upon? Graduation criteria need to be clearly defined, agreed on, and matched with the level of development. The three final stages of maturity are depicted in the figure above.

3. Assign Management Champions

The management champion for each of the columns should not be the column expert, for two reasons. First, this is an easy trap in which the champion demonstrates “I know it all” and limits innovation and new insights. Second, the champion will be exposed to parts of the business previously less known and get a better and broader understanding of the full business.

Each of the systems owners should be an expert, allowing them to be the required change agent, engage with the user community, and drive awareness of system application, functionality, and value. Further responsibilities include developing and driving systemic improvements and maintaining and advancing system maturity.

With agreed upon criteria for graduation, the governance council decides how progress is made in the maturity model. The governance council has local and regional leadership in attendance and the champions and sponsors participating, with the system owners presenting the progress achieved and soliciting support to overcome barriers. In a well-developed organization, graduation requires sponsorship from peer systems owners at the graduation level and approval from the column champions and system user managers. For graduation to the ultimate level, site leadership sponsorship is required, along with divisional VP approval, apart from the pillar champions. At level five, the site will be the new benchmark within the division; site leadership needs to be able to articulate that appropriately and the divisional VP needs to be the active sponsor.

4. Conduct A Gap Assessment

At the end of the gap assessment, the current status may be something like the diagram below and be the starting point of a journey, involving everybody from the site to enhance procedures, systems, work instructions, and forms.

In the given example, growing to a stable level three means that the organization matures in 29 steps in 23 areas, a significant accomplishment not to be taken lightly. With a couple of procedures, work instructions, and other documents per area, this easily encompasses well over 100 activities. Each of those activities requires alignment among participants, drafting of documents, and reviewing, updating, and approving them. The timeline for initiation, execution, and conclusion of the project needs to be appropriate, realistic, monitored, and guarded, covering a time span aligned with other initiatives ongoing simultaneously.

The rollout of the initiative starts with extensive training for the governance council, the column champions, the systems owners, the project members, and the systems users. Training needs to be geared and delivered smartly to the audience and be fit for purpose.

5. Measure & Report On Your Progress

Metrics come in many different shapes. For example, each of the elements required at a level denotes one point. With such an agreement, the project can commence and more elaborate metrics can be developed during the initial stages of the project.

As part of a continuous inspection readiness program, the feedback from your own or external inspections may serve as benchmarks and reality checks for the quality improvement and the progress made.  As part of a pre-approval inspection, a breakdown of procedures, systems, and documents in categories such as “must-do,” “have a first version in place,” and “planned for and scheduled to do” may be required to level the load and balance demand in overall planning. In a LEAN initiative, it can be broken down into several yellow belt or green belt initiatives and integrated into performance plans.

Depending on the life cycle of the organization and the systems, the pre-approval inspection may be the spark, the LEAN initiative the ongoing continuation, and the continuous inspection readiness the ultimate goal.

The resulting outcome when maturing a QMS is a compliant, comprehensive, and robust repository of systems, procedures, and documents meeting regulatory requirements.

About The Author:

Tobias Kuners of Koenders is managing consultant at Tob Management, a Netherlands-based consulting firm providing business and technical expertise to the pharmaceutical, biotech, medical device, and FSMP (food for special medical purpose) industries. He has worked with Biogen, Ipsen, Thermo Fisher, Kite Pharma, and Danone, among other companies, gaining hands-on experience in engineering services, equipment qualification, maintenance, supply chain, warehousing, and distribution. He has led design, engineering, and construction of multiple facilities to meet cGMP requirements. He performs audits, identifies gaps, and develops remediation plans, working within organizations to assist with deviation investigations and CAPA implementation and to develop scientific, risk-based solutions. You can contact him at tobias.kunersofkoenders@tobmanagement.nl.