1 supply chain control framework...
TRANSCRIPT
SStteepp 55
1
Supply Chain Control 2
Framework Agreement 3
4
5
6
7
8
9
10
11
12
Ref. document: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
Status: Step 5. 18/06/2012
Adoption by SCCF Work Group: 22/12/2011
Public presentation: May 4th 2012
Number of pages: 1 of 23
13
SStteepp 55
Supply Chain Control Framework Agreement
Page: 2 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
14
DOCUMENT HISTORY 15
16
Step 1. Draft: Issued on 30/09/2011 for the review of the SCCF Work Group 17
Step 2. Draft: Issued on 21/11/2011 including the comments from the Work Group meeting celebrated in Barcelona on 18 October 28
th, 2011 19
Step 3. Draft: Issued on 09/12/2011 including the comments from the Work Group meeting celebrated in Barcelona on 20 December 2
nd, 2011. 21
Step 4. Draft: Issued on 22/12/2011 after the Work Group approval and for the consultation of all the interested 22 companies. 23
Step 5. Final document on 18/06/2012 after the period of public consultation 24
25
SStteepp 55
Supply Chain Control Framework Agreement
Page: 3 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
26
SUPPLY CHAIN FRAMEWORK WORK GROUP AND ADHERED COMPANIES 27
28
Work Group Members: 29
30
Name Company
Carolina Coronas Indukern, S.A.
César Molina Laboratorios Dr. Esteve, S.A.
Daniel Folqués / Lourdes Campillo Laboratorios Salvat, S.A.
Georgina Pujals / Xavier Casterad Department of Health. Generalitat de Catalunya
Jacobo López-Riobóo / Irene Cantos IMCD España Especialidades Quimicas, S.A
Joan Marfil AECQ, Asociación Española del Comercio Químico
Josep Ramon Muñoz Instituto Grifols, S.A.
Josep Carles Oliver Synthon Hispania, S.L.
Manuel Rodríguez Brenntag Química, S.A.
Mercedes Carrera Azelis España, S.A.
Ramon Saumell Laboratorios Inibsa, S.A.
Carles Subirà Zeus Química, S.A.
Vanessa Rozas Merck, S.L.
Dr. Octavi Colomina , Urbici Cardona and Dr. Eduard Cayón* Forum Auditorías. (Leading)
*Contact person ([email protected] ) 31
32
Adhered Companies: 33
34
Company
35
SStteepp 55
Supply Chain Control Framework Agreement
Page: 4 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
36
37
CONTENTS 38
39
40
1. INTRODUCTION ...................................................................................................................................5 41
1.1 PURPOSE ........................................................................................................................................5 42 1.2 SCOPE ............................................................................................................................................5 43 1.3 BACKGROUND ..................................................................................................................................5 44
2. GLOSSARY OF TERMS .......................................................................................................................7 45
3. RAW MATERIALS SUPPLY CHAIN RISK MANAGEMENT ...............................................................8 46
3.1 STEP 0. CHARACTERISATION OF THE SUPPLY CHAIN .........................................................................9 47 3.2 STEP I. RISK ASSESSMENT ...............................................................................................................9 48 3.3 STEP II. RISK CONTROL ....................................................................................................................9 49 3.4 STEP III. RISK COMMUNICATION ..................................................................................................... 10 50 3.5 STEP IV. RISK REVIEW .................................................................................................................. 10 51 3.6 RISK MANAGEMENT TOOL. FAILURE MODE AND EFFECTS ANALYSIS (FMEA). .................................. 10 52
4. SUPPLY CHAIN CONTROL ACTIVITIES ......................................................................................... 12 53
4.1 SUPPLY CHAIN FLOW DIAGRAM ............................................................................................. 12 54 4.2 QUALITY MANAGEMENT SYSTEMS ACCEPTABLE AS RISK MITIGATING MEASURES ..... 12 55 4.3 TECHNICAL AGREEMENTS (TA) ............................................................................................. 14 56
4.3.1 TA BETWEEN PHARMACEUTICAL COMPANIES AND DISTRIBUTORS 14 57 4.3.2 TA BETWEEN DISTRIBUTORS AND THE REST OF THE SUPPLY CHAIN 15 58 4.3.3 TA BETWEEN DISTRIBUTORS AND GOODS MANUFACTURER, RE-PACKERS OR RE-59 LABELLERS 16 60
4.4 DISTRIBUTORS AUDITS: SCOPE AND EXTENT OF THE AUDIT ........................................... 17 61
5. RESPONSIBILITIES DISTRIBUTION & TASKS DELEGATION ...................................................... 18 62
5.1 PHARMACEUTICAL COMPANIES ............................................................................................ 18 63 5.2 AGENTS ..................................................................................................................................... 18 64
6. REFERENCES ................................................................................................................................... 18 65
7. ANNEX 1. FMEA RISK MANAGEMENT ........................................................................................... 19 66
7.1 RISK CRITERIA .............................................................................................................................. 19 67 7.2 RPN (RISK PRIORITY NUMBER) CALCULATION ................................................................................ 20 68 7.3 FMEA RISK MANAGEMENT TABLE .......................................................................................... 21 69
8. ANNEX 2. SUPPLY CHAIN CHARACTERIZATION AND TASKS DISTRIBUTION MODEL ......... 22 70
71 72
SStteepp 55
Supply Chain Control Framework Agreement
Page: 5 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
73
1. INTRODUCTION 74
1.1 Purpose 75
The purpose of this document is to establish the basis for the control of the supply 76
chain of raw materials to the pharmaceutical industry. 77
The main objective is to develop an approach, which can contribute to the control of the 78
supply chain with rigour, maximum simplicity (focusing on the real risks), acceptability 79
for all three involved parties: Distribution companies, Pharmaceutical companies and 80
Health Authorities (regulatory compliance). 81
The specific objectives of this document are: 82
To harmonize the nomenclature used in identifying the agents involved in the 83
supply chain. 84
To establish the methodology for Risk Management for each stakeholder involved 85
in the supply chain. 86
To identify and establish those Quality Management Systems acceptable for 87
agents and distributors as risk mitigating measures. 88
To establish the responsibilities framework while looking for the best approach 89
where each part is responsible for those tasks that are closer to their business 90
activities, while avoiding any conflict of interests. 91
To set forth the basis for developing a template for Technical Agreement (TA) 92
between Pharmaceutical and Distribution companies. 93
1.2 Scope 94
The Supply Chain Control Framework (SCCF) project is taken as collaboration 95
between Pharmaceutical Companies and Distribution companies including the Health 96
Authorities overview. The agreements reached at the SCCF project shall apply to the 97
entire supply chain. 98
This document is intended to be used by any Pharmaceutical or Distribution company 99
and should not be restricted to the initial group of companies that are leading this 100
initiative. 101
1.3 Background 102
In recent years, there has been a major effort in the Pharmaceutical sector regarding 103
the evaluation and monitoring of Good Manufacturing Practices (GMP) compliance of 104
manufacturers of active pharmaceutical ingredients. This effort has been made by the 105
Pharmaceutical Industry and by the Health Authorities in the context of the European 106
directive that regulates the manufacture of medicines (2004/27/EC, "Amending 107
Directive 2001/83 / EC on the Community Code Relating to medicinal products for 108
human use "). 109
SStteepp 55
Supply Chain Control Framework Agreement
Page: 6 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
Distribution companies have performed an important effort as well, implementing a 110
quality system in accordance to the Good Distribution Practices (GDP), and looking to 111
add value to the goods supply, avoiding a broker concept and going to a “confident 112
distributor” concept that guarantees the safety of the supply chain. 113
However, the closer to attaining the initial objectives, the greater the concerns 114
regarding the identification, evaluation and control of agents of the supply chain were 115
coming up. These concerns have been emphasized by the public health problems in 116
recent years, and resulted in the extension of the GMP & GDP compliance monitoring 117
beyond the raw materials manufacturers, to the entire supply chain of such materials. 118
Related to this point, the European Directive 2011/62/EC 1 amending Directive 119
2001/83/EC was published on July 2011. There is also a related draft guidance of the 120
Guide to the European Medicines Agency (EMA) for the declaration of the Qualified 121
Person (QP)2, which also introduces some considerations in this subject. 122
The Pharmaceutical Industry started looking for a solution to this problem and, in this 123
preliminary stage, one of the conclusions is that, for the nature of its own activity and 124
the complexity of the Supply Chain management, it is very difficult, and probably 125
ineffective, to try to solve the problem only from one side, without the collaboration of 126
the different parties and experts involved in the Supply Chain Control. 127
At this point, finding a solution that establishes the framework to involve the distributors 128
in the control of Supply Chain is required; however, the ultimate responsibility should 129
remain within the Pharmaceutical Industry, which should always look after the 130
assurance of the quality, efficiency and economical viability of each decision taken. 131
132
133
134
135
136
137
138
139
140
1 Directive 2011/62/EC Amending the Community code on medicinal products for relating to human use, as regards the prevention of the entry into the legal supply chain of counterfeit medicinal products. 2 EMA / CHMP / CVMP / QWP / 696270/2010 "Template for the Qualified Person's Declaration Concerning the GMP compliance of active Substance Used as starting material and its supply chain verification" The QP declaration template ".
SStteepp 55
Supply Chain Control Framework Agreement
Page: 7 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
2. GLOSSARY OF TERMS 141
This section describes the most common terms in the management of the supply chain. 142
In some cases, in order to name a particular participant in the supply chain several of 143
the described terms are needed to define the functions this participant performs. 144
Pharmaceutical company: Company that manufactures the drug products using the 145
goods received from the supply chain. 146
Raw materials: Active Substances Ingredients, Excipients and Packaging Materials. 147
Agent: Entity or individual acting on behalf of another, or representing another in a 148
specific business activity. This term is the most generic one; any participant in the 149
supply chain is an agent. 150
Broker: Entity performing broker activities that is, all activities in relation to the sales or 151
purchase of medicinal products, which do not include physical handling and consist of 152
negotiating independently and on behalf of another legal or natural person. 153
Trader: Entity or individual engaged in trading (buying – selling, re-selling process) 154
Distributor: Entity or individual that receives, holds, and distributes goods (wholesale 155
or retail) supplied to him by a manufacturer or any agent, without any re-packaging 156
or/and re-labelling operations. 157
Re-packer: Entity or individual fractioning from big to small containers, while opening 158
and manipulating the product. 159
Re-labeller: Entity or individual re-labelling the original containers without opening the 160
containers. 161
Transport Agency: Entity or individual providing transportation services for goods. 162
Carrier: Entity or individual physically transporting goods from one site to another. 163
Warehouse: Centre where goods are stored, waiting for their distribution. 164
Distribution hub: Distribution centre with no storage capability. Residence time is no 165
longer than 24 hours. 166
Custom agent: A person or company that is paid to make the formal arrangements for 167
imported goods to go through customs. 168
GMP: Good Manufacturing Practices 169
GDP: Good Distribution Practices. 170
ICH: International Conference on Harmonization 171
DMF: Drug Master File 172
FMEA: Failure Mode and Effects Analysis 173
Incoterms: The Incoterms rules or International Commercial terms are a series of pre-174
defined commercial terms published by the International Chamber of Commerce (ICC) 175
widely used in international commercial transactions. A series of three-letter trade 176
terms related to common sales practices, the Incoterms rules are intended primarily to 177
clearly communicate the tasks, costs and risks associated with the transportation and 178
delivery of goods. 179
The terms related to the risk management are taken from the ICH Q9, Full description 180
can be found therein. 181
182
SStteepp 55
Supply Chain Control Framework Agreement
Page: 8 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
183
3. RAW MATERIALS SUPPLY CHAIN RISK MANAGEMENT 184
Risk management applied to the raw materials supply chain is shown in the following 185
flow chart, according to the scheme proposed by ICH Q9 (Part III EUGMP). 186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
Risk Identification
Identification of potencial damage sources
Critical indicators & acceptance criteria definition
Decision making whether to audit the agent or not
Risk Analysis
Agent Function & Activities Criticallity Assessment
Audit (if necessary) Assessement on site of the criticalindicators
Risk Evaluation
Evaluation of the overall risk related with the agent takinginto consideration available information
I – Risk Assessment
Risk Reduction.
Probability reduction.
Improvement plan agreement with the agent
Technical Agreement and Supply ChainCharacterization and control.
Detectability increasing
Monitoring plan of the supply process
Control of the goods received
Risk Acceptance
Evaluation of residual risk assuming the risk reductionactions
Acceptance of the residual risk ?
II – Risk Control
Result of the Quality RiskManagement Process
Improvement plan follow up
Events evaluation and management
Follow up audit (if necessary)
IV- Risk Review
Failu
reM
ode
Effe
ctsAnaly
sis(F
MEA)
III–Ris
kCom
munic
ation
Unacceptable
Risk
Identification of agents in the supply chain of all the raw materials
Identification of the functions and activities of each agent
0.- SUPPLY CHAIN CHARACTERIZATION
Acceptable Risk
SStteepp 55
Supply Chain Control Framework Agreement
Page: 9 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
3.1 Step 0. Characterisation of the Supply Chain 210
As represented in the above flow chart, the process encompasses an initial exercise of 211
characterization of the supply chain. This includes the identification of all the involved 212
agents. The functions and activities that the agent performs should be specifically 213
identified as well. It is possible to define “profiles” of supply chain so that every profile 214
will cover several products that follow the same supply chain. 215
3.2 Step I. Risk Assessment 216
Every agent identified in the Step 0 should be included in the risk management 217
process, starting with the risk assessment. This assessment shall consider the 218
following three stages: 219
Risk Identification is a systematic use of information to identify hazards referring 220
to the risk question or problem description. Information can include historical data, 221
trend analysis, informed opinions, and the concerns of stakeholders. Risk 222
identification addresses the “What might go wrong?” question, including identifying 223
the possible consequences. 224
At the light of the functions and activities previously characterized, the potential 225
sources of damage for the integrity and quality of the goods should be assessed, 226
and in consequence, any risk for the patient. 227
Critical indicators should be defined according the potential sources of damage 228
identified. Acceptance criteria should be established for the critical indicators 229
(examples; temperature or time limits) 230
The definition of risk factors and the evaluation of the need to perform an audit to 231
assess the criticality should be also part of this stage. This provides the basis for 232
further steps in the quality risk management process. 233
Risk Analysis is the estimation of the risk associated with the identified hazards. It 234
is the process of linking the likelihood of occurrence, severity of harms and 235
detectability. In some cases, an audit will be necessary to complete this 236
assessment. 237
Risk Evaluation compares the identified and analyzed risk against the given risk 238
criteria. 239
3.3 Step II. Risk Control 240
Risk control includes the decision making to reduce and/or accept risks. The purpose 241
of risk control is to reduce the risk to an acceptable level. The amount of effort applied 242
to control a risk should be proportional to the significance of the risk. Decision makers 243
might use different processes, including benefit-cost analysis, for understanding the 244
optimal level of risk control. Risk control might focus on the following questions: 245
o Is the risk above an acceptable level? 246
o What can be done to reduce or eliminate risks? 247
o What is the appropriate balance among benefits, risks and resources? 248
SStteepp 55
Supply Chain Control Framework Agreement
Page: 10 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
o Are new risks introduced as a result of the previous identified risks being 249
controlled? 250
Risk Reduction. 251
The risk could be minimized by the reduction of the probability of its occurrence and / 252
or increasing its detectability. 253
Probability of occurrence reduction: Actions taken that could reduce the probability of 254
occurrence, which normally are focussed but not limited to the Quality System 255
improvements and the clarification of the role and responsibilities of the different actors. 256
Detectability improvement: Detectability is normally improved through monitoring and 257
controlling plans 258
Risk Acceptance. 259
After the implementation of the Risk Reduction measures, their efficacy should be 260
evaluated. The acceptance of the residual risk should be assessed. In case that the 261
residual risk is unacceptable, the supply chain should be revised and changed. 262
3.4 Step III. Risk Communication 263
Risk communication is the sharing of information about risk and risk management 264
between the decision makers and others. Parties can communicate at any stage of the 265
risk management process. The output/result of the quality risk management process 266
should be appropriately communicated and documented. Communications might 267
include those among interested parties. The included information might relate to the 268
existence, nature, form, probability, severity, acceptability, control, treatment, 269
detectability or other aspects of risks to quality. 270
3.5 Step IV. Risk Review 271
Risk management should be an ongoing part of the quality management process. A 272
mechanism to review or monitor events should be implemented. The output/results of 273
the risk management process should be reviewed to take into account new knowledge 274
and experience. Once a quality risk management process has been initiated, that 275
process should be applied to events that might impact the original risk management 276
decision, irrespectively these events are planned (e.g. results of product review, 277
inspections, audits, change control) or unplanned (e.g. Root cause from failure 278
investigations, recall). The frequency of a risk review should be based upon the level of 279
risk. Risk review might include reconsideration of risk acceptance decisions. 280
3.6 Risk Management tool. Failure Mode and Effects Analysis (FMEA). 281
The tool chosen to perform the risk assessment for the raw materials Supply Chain 282
Control is the FMEA (Failure Mode and Effects Analysis) 283
FMEA (see IEC 60812) provides a methodology for an evaluation of potential failure 284
modes for processes and their likely effect on outcomes and/or product performance. 285
Once failure modes are established, risk reduction can be used to eliminate, contain, 286
reduce or control the potential failures. FMEA relies on product and process 287
understanding. FMEA methodically breaks down the analysis of complex processes 288
SStteepp 55
Supply Chain Control Framework Agreement
Page: 11 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
into manageable steps. It is a powerful tool for summarizing the important modes of 289
failure, factors causing these failures and the likely effects of these failures. 290
FMEA might be extended to incorporate an investigation of the degree of severity of 291
the consequences, their respective probabilities of occurrence, and their detectability, 292
thereby becoming a Failure Mode Effect and Criticality Analysis (FMECA; see IEC 293
60812). In order for such an analysis to be performed, the product or process 294
specifications should be established. FMECA can identify places where additional 295
preventive actions might be appropriate to minimize risks. 296
In the Annex 1 how to implement the FMEA methodology in the raw materials Supply 297
Chain Risk Management is described. 298
299
300
SStteepp 55
Supply Chain Control Framework Agreement
Page: 12 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
301
4. SUPPLY CHAIN CONTROL ACTIVITIES 302
The previous risk management exercise shall be carried out when the supply chain is 303
comprehensively ascertained and known. According to this risk the manufacturer shall 304
determine the risk control activities applicable to each link of the supply chain. 305
The supply chain for active ingredients, Excipients and packaging materials can be 306
depicted by the following scheme: 307
4.1 SUPPLY CHAIN FLOW DIAGRAM 308
309
310
311
312
313
314
315
316
4.2 QUALITY MANAGEMENT SYSTEMS ACCEPTABLE AS RISK MITIGATING 317
MEASURES 318
Risks identified in the supply chain can be mitigated by appropriate Quality 319
Management Systems applied to different levels of the chain. Although the certification 320
by a standard cannot be interpreted as the absence of risk, the availability of an ISO or 321
other quality standards certification on a quality system applicable to the 322
pharmaceutical supply chain to mitigate the identified risks can be considered as a 323
good starting point. 324
In that respect, references which should be considered, among others: 325
Good Manufacturing Practices (GMPs) 326
EUGMP Part II - Basic Requirements for Active Substances used as Starting 327
Materials. 328
ICH Harmonised Tripartite Guideline- Good Manufacturing Practice Guideline for 329
Active Pharmaceutical Ingredients (ICH Q7). 330
WHO. Quality assurance of pharmaceuticals Volume 2. 2007. 331
Good Manufacturing Practices. WHO Technical Report Series. 332 http://www.who.int/medicines/areas/quality_safety/quality_assurance/production/en/ 333
Starting material manufacturer
API manufacturer
Drug productmanufacturers
Release by theQualified Person
Risk Management
Excipient manufacturer
Packaging material manufacturer
Agents
SStteepp 55
Supply Chain Control Framework Agreement
Page: 13 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
The Joint IPEC-PQG Good Manufacturing Practices Guideline for 334
Pharmaceutical Excipients (2006). 335
ISO 15378:2006 Primary packaging materials for medicinal products — 336
Particular requirements for the application of ISO 9001:2008, with reference to 337
Good Manufacturing Practice (GMP). 338
Good Distribution Practices (GDPs) 339
Directive 2011/62/EU of the European Parliament and of the Council of 8 June 340
2011. 341
WHO Good Distribution Practices (GDP) for pharmaceutical products 342
(QAS/04.068/Rev2). 343
The IPEC Good Distribution Practices for Pharmaceutical Excipients (2006). 344
Guía de bones pràctiques en el transport de medicaments (Direcció general de 345
recursos sanitaris- Generalitat de Catalunya). 346
Annex 9 Guide to good storage practices for pharmaceuticals- WHO (World 347
Health Organization) Expert Committee on specifications for pharmaceutical 348
preparations. 349
ISO standards 350
ISO 9001:2008 - Quality management systems – Requirements. 351
ISO 9004:2009 - Managing for the sustained success of an organization -- A 352
quality management approach. 353
ISO 9000:2005- Quality management systems -- Fundamentals and vocabulary. 354
ISO 28000 standards. 355
ISO 28000:2007- Specification for security management systems for the supply 356
chain. 357
ISO 28001:2007 - Security management systems for the supply chain -- Best 358
practices for implementing supply chain security, assessments and plans -- 359
Requirements and guidance. 360
ISO 28003:2007 - Security management systems for the supply chain -- 361
Requirements for bodies providing audit and certification of supply chain security 362
management systems. 363
ISO 28004:2007 - Security management systems for the supply chain -- 364
Guidelines for the implementation of ISO 28000. 365
ISO 28005-2:2011 - Security management systems for the supply chain -- 366
Electronic port clearance (EPC) -- Part 2: Core data elements. 367
Others 368
Cefic’s Safety and Quality Assessment Systems (SQAS). Standard 369
Questionnaires for evaluating the safety, security, quality and environmental 370
standards of their logistics service providers. 371
The aforementioned references are considered to be as the basis of the existence of a 372
Quality System in place that should be reviewed in terms of scope and application to 373
be accepted as effective risk mitigation control measures. 374
375
SStteepp 55
Supply Chain Control Framework Agreement
Page: 14 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
4.3 TECHNICAL AGREEMENTS (TA) 376
Technical Agreement (TA) is one of the important documents to guarantee the 377
traceability and the safety of the Supply Chain. TA allows defining the task sharing in 378
between the related parties and its content will depend on the parties establishing the 379
TA and those defined in the Incoterms. The need of TAs will be determined by the risk 380
management exercise, as the TA is one of the tools for the risk reduction. In addition, a 381
TA is requested by the Health Authorities in certain cases. Pharmaceutical Companies 382
should be aware about the current legislation on this respect. 383
4.3.1 TA BETWEEN PHARMACEUTICAL COMPANIES AND DISTRIBUTORS 384
When necessary, a TA should be drawn up between the Pharmaceutical Companies 385
and the Distributors, which specify their respective responsibilities relating to the control 386
of the supply chain and the integrity of the supplied goods. The technical aspects of the 387
contract should be drawn up by competent persons who are suitably knowledgeable in 388
Pharmaceutical Technology, Good Distribution Practices and Good Manufacturing 389
Practice. 390
The TA should clarify, case by case, which tasks are delegated to distributors and the 391
evidences that should be collected to ensure the traceability of the operations and the 392
GDP compliance. As a starting point, but not limited to, the contents of the TA shall 393
consider the following issues: 394
1. Commitment from the distributor of GMP/GDP compliance, when applicable. 395
2. Willingness to undergo periodic GMP and/or GDP audits or even regulatory 396
inspections. 397
3. To provide to the Pharmaceutical Company the complete characterization of the 398
specific supply chain for each received good (see annex 2 of this document for a 399
model). 400
4. All traders and brokers should be registered in the European Union. 401
5. Transportation and storage ensuring environmental conditions appropriate to the 402
nature of the product from the previous link of the supply chain and to the final 403
user, in case that this transportation lies under the responsibility of the 404
distributor. 405
6. Availability of original documentation from the manufacturer corresponding to the 406
delivered batch including not less than what it is requested in the EUGMP Part II 407
Chapter 17.20 “Traceability of Distributed APIs and Intermediates”. 408
17.20 Agents, brokers, traders, distributors, re-packers, or re-labellers should 409 maintain complete traceability of APIs and intermediates that they distribute. 410 Documents that should be retained and available include: 411
Identity of original manufacturer 412 Address of original manufacturer 413 Purchase orders 414 Bills of lading (transportation documentation) 415 Receipt documents 416 Name or designation of good 417 Manufacturer’s batch number 418 Transportation and distribution records 419 All authentic Certificates of Analysis, including those of the original 420
manufacturer 421
SStteepp 55
Supply Chain Control Framework Agreement
Page: 15 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
Retest or expiry date 422
7. Commitment to collaborate in the management of the logistics for the audit to the 423
manufacturer/s and/or re-packers and re-labellers. 424
8. Full transparency and traceability of documentation of the supplied materials that 425
should unquestionably allow, the final user, knowing the manufacturer of the 426
supplied product and whether or not the containers have been manipulated, re-427
labelled, blended or fractioned. 428
In case of re-labelling operations, re-labellers must prepare records to 429
ensure their traceability and GMP compliance. 430
In case of sampling and/or fractioning (re-packing) operations that entail 431
the manipulation of opened goods. The operations should be carried out in 432
appropriate facilities, following established procedures and through a batch 433
record that should be kept and reviewed before the good release. 434
9. Rigorous change control of the supply chain. Any significant change should be 435
notified to the pharmaceutical company. The TA should clarify what “significant” 436
means. 437
10. Commitment to be aware about any change in manufacturing site or process 438
that could affect the content of the DMF (when applicable). Changes should be 439
notified to the involved pharmaceutical companies. 440
11. Commitment to manage the complaints and recalls derived to the supplied 441
materials. 442
The responsibilities should be clearly defined in a TA. The TA could cover more than 443
one product. The supply chain characterization could be an annex of the TA. 444
Several annex are also possible, covering all the products and their respective 445
supply chains. 446
4.3.2 TA BETWEEN DISTRIBUTORS AND THE REST OF THE SUPPLY CHAIN 447
In case that the supply of goods is not direct from the distributor to the 448
pharmaceutical company, or between the manufacturer and the distributor, each 449
distributor should establish the controls and the need of TAs according to the results 450
of the risk analysis of the agents involved and the functions that they perform. 451
The contents of the TA will depend on the risk identified for each link, while the 452
same considerations on the pre-requisites mentioned on the former section should 453
be made. 454
In the case of brokers or even other distributors located in non-EU countries, the TA 455
between the EU distributor and the non-EU distributor will consider the same issues 456
regarding documentation and batch traceability as detailed in the previous section, 457
with the unique exception of sampling and fractioning, which will not be acceptable 458
in any of the links of the supply chain, unless it is known and approved by the final 459
user of the supplied product. In any case, the basic principle set forth in the 460
statement number 8 from the former section will prevail. 461
462
463
SStteepp 55
Supply Chain Control Framework Agreement
Page: 16 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
4.3.3 TA BETWEEN DISTRIBUTORS AND GOODS MANUFACTURER, RE-PACKERS OR 464
RE-LABELLERS 465
The distributor should establish a TA with the goods manufacturer, re-packer or re-466
labeller in order to be able to guarantee the following points to the Pharmaceutical 467
Company: 468
1. Commitment of GMP compliance from the manufacturer, re-packer or re-labeller 469
(according to the nature of the product). 470
2. Willingness to undergo periodic GMP audits or even regulatory inspections. 471
3. Establishment of the transportation responsibilities (INCOTERMS). 472
4. Transportation and storage ensuring environmental conditions that are 473
appropriate to the nature of the product from the manufacturing site to the 474
agreed distribution point. 475
5. Availability of original documentation from the delivered batch, including not less 476
than: 477
Identity of original manufacturer, re-packer and re-labeller. 478
Address of original manufacturer (manufacturing site, re-packing and re-479
labelling site). 480
Name or designation of good. 481
Manufacturer’s batch number traceability. 482
Transportation and distribution records (when applicable). 483
All original Certificates of Analysis including the original from the 484
manufacturer. 485
Retest or expiry date. 486
6. Full transparency and traceability of documentation of the supplied materials that 487
should unquestionably allow the distributor knowing the manufacturer of the 488
supplied product and whether or not the containers have been manipulated, re-489
labelled, blended or fractioned. 490
In case of re-labelling operations, re-labellers must prepare records to 491
ensure their traceability and GMP compliance. 492
In case of sampling and/or fractioning (re-packing) operations that entail 493
the manipulation of opened goods. The operations should be carried out in 494
appropriate facilities, following the established procedures and through a 495
batch record that should be kept and reviewed before the good release. 496
7. Rigorous change control of the supply chain. Any significant change should be 497
notified to the distributor. The TA should clarify what “significant” means. 498
8. Commitment to notify any changes in manufacturing site or process that could 499
affect the content of the DMF when applicable. 500
9. Commitment to manage the complaints and recalls derived to the supplied 501
materials. 502
503
504
505
SStteepp 55
Supply Chain Control Framework Agreement
Page: 17 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
4.4 DISTRIBUTORS AUDITS: SCOPE AND EXTENT OF THE AUDIT 506
The risk analysis performed by Pharmaceutical companies will determine which 507
distributors, re-packers and re-labellers, and for which products, should be audited. 508
The audits, when necessary, will be performed by himself or, without prejudice to his 509
responsibility, through entity acting on his behalf under contract. Shared audits in 510
between several Pharmaceutical companies performed by an independent third party 511
entity are also possible. 512
The scope of the audit performed to the distributor by the end user will depend on the 513
operations and responsibilities agreed among them and the results of the risk 514
assessment previously performed. 515
When any re-packer or re-labeller is involved in the supply chain, the distributor and 516
pharmaceutical companies should agree on how the audit is managed. An independent 517
third party entity could perform the audit to cover the need of both parties. 518
In case of APIs, the audit will include in any case the on-site checking of the degree of 519
fulfilment of the agreements settled in the TA. In addition, the following subjects can 520
constitute a basis to prepare the audit agenda: 521
Organisation, markets served and Quality System. 522
Review of the Quality Manual and related procedures with the Quality 523
responsible person. 524
Field inspection of the site, following the flow of the operations included 525
in the supply agreement and TA. 526
Identification of the complete supply chain agents and their 527
correspondent functions. 528
Risk Assessment of the supply chain and the correspondent measures 529
to mitigate the risk. 530
Documentation and records related to the supplied materials. 531
Traceability of batches. 532
Relationships and TAs with other links of the supply chain. Evidence of 533
the required GDP compliance of these links. 534
When several products are supplied by the same distributor, one audit can cover all 535
them as the audit will be focussed in the GDP compliance and in the assessment of the 536
capability to guarantee the commitments included in the TA. 537
538
SStteepp 55
Supply Chain Control Framework Agreement
Page: 18 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
539
5. RESPONSIBILITIES DISTRIBUTION & TASKS 540
DELEGATION 541
5.1 PHARMACEUTICAL COMPANIES 542
Pharmaceutical companies which manufacture drugs and release them to the market 543
are responsible for the quality of the final product and therefore, they are responsible of 544
the GDP compliance of the raw material manufacturers, handlers, manufacturers of 545
intermediates and finished product. Risk for the goods related with the transportation 546
and storage operations should be also under control. 547
5.2 AGENTS 548
Distributors play a crucial part in the Supply Chain. They are experts in the Supply 549
Chain management and control. Although the responsibilities described in the previous 550
chapter are clearly defined and therefore the responsibility of the Supply Chain Control 551
lies on the drug product manufacturers, the distributors can assume the task related 552
with the Supply Chain Control. 553
This delegation process should be based in a mutual confidence and in the 554
establishment of the technical criteria and the agreed methodology to perform the 555
delegated tasks. Technical Agreements are essential to clarify what is necessary and 556
who has to do it. 557
Other agent’s tasks and responsibilities should be established by contract or Technical 558
Agreement with the Distributors or the Pharmaceutical Companies. The terms should 559
be agreed according to the risk identified related with the agent activities. 560
6. REFERENCES 561
Part I and II of EUGMP. 562
EMA/CHMP/CVMP/QWP/696270/2010. Template for the Qualified Person’s 563
declaration concerning GDP compliance of the active substance used as starting 564
material and verification of its supply chain. 565
Directive 2011/62/EU of the European Parliament and the council. Amending 566
Directive 2001/83/EC on the Community code relating to medicinal products for 567
human use, as regards the prevention of the entry into the legal supply chain of 568
falsified medicinal products. 569
Part III of EUGMP. ICH Q9. “Quality Risk Management”. 570
IEC 60812 Analysis Techniques for system reliability — Procedures for failure mode 571
and effects analysis (FMEA). 572
The IPEC Good Distribution Practices Guide for Pharmaceutical Excipients. 2006. 573
CEFIC. Safety and Quality Assessment Systems (SQAS). Standard Questionnaires 574
for evaluating the safety, security, quality and environmental standards of their 575
logistics service providers. 576
SStteepp 55
Supply Chain Control Framework Agreement
Page: 19 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
7. ANNEX 1. FMEA RISK MANAGEMENT 577
The FMEA Risk Management is the chosen tool for the management of the Supply 578
Chain as described in the chapter 3 of this document. 579
The following criteria could be used for the Risk Evaluation as described in the 580
subchapter 3.2. 581
7.1 Risk criteria 582
S = Severity 583
It is a measure of the possible consequence of the hazard. It is focused on the impact 584
the hazard may have on the product safety or efficacy, patient safety and critical data 585
integrity. The severity is defined in terms of four different levels, such as: 586
SEVERITY DESCRIPTION
CRITICAL (4) Direct impact on product integrity, safety or traceability that may result in a risk for the patient.
HIGH (3) Indirect or avoidable impact on product integrity, safety or traceability that may result in a risk for the patient.
MEDIUM(2) Low impact on product integrity, safety or traceability that do not result in a risk for the patient
LOW (1) No impact expected for product integrity, safety or traceability.
587
P = Probability 588
It measures the probability the hazard may occur. The value is obtained looking for 589
the possible causes of the hazard and it is defined as follows: 590
PROBABILITY DESCRIPTION
VERY HIGH (4) It will easily occur according to the profile of the agent and its related function.
HIGH (3) It will occasionally occur according to the profile of the agent and its related function.
MEDIUM (2) It will rarely occur according to the profile of the agent and its related function.
LOW (1) It is not expected to occur according to the profile of the agent and its related function.
591
SStteepp 55
Supply Chain Control Framework Agreement
Page: 20 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
D = Detectability 592
It measures the likelihood that the fault is detected before the hazard occurs. The value 593
is obtained based upon the accumulated experience, the knowledge of the 594
process/operations and critical indicators, complexity or objective data that the team 595
can provide. To establish an agreed baseline, the following categories have been 596
identified: 597
DETECTABILITY DESCRIPTION
VERY LOW (4) The failure cannot be detected.
LOW (3) There are only periodical manual controls, not covering all cases.
MEDIUM (2) There are routine manual controls applied to each case.
HIGH (1) Automated control mechanisms exist to monitor the failure occurrence or the user of the system can detect it in the moment it occurs.
598
7.2 RPN (Risk Priority Number) calculation 599
The RPN calculation is obtained by multiplying each of the different factors: severity, 600
probability and detectability (RPN = S*P*D). 601
The resulting risk level will determine the subsequent decision making, as follows: 602
Risk Level Definition
HIGH
RPN > 16
Unacceptable risk, which requires changes to the supply chain or additional control measures to eliminate the risk or bring it to a lower Risk Level.
MEDIUM
16 ≥ RPN ≥ 8
The identified risk may require mitigating actions to bring it to an acceptable level. A cost-benefit evaluation of the possible control measures should be made.
LOW
RPN ≤ 7
The identified risk will be considered acceptable and no specific control measures will be taken to reduce its grade.
603
High risk levels due to a severity 4 should be eliminated or reduced to a maximum of 8 604
RPN.605
DDRRAAFFTT SStteepp 33
Supply Chain Control Framework Agreement
Page: 21 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
7.3 FMEA RISK MANAGEMENT TABLE 606
607 608
SUPPLY CHAIN CHARACTERIZATION
RISK ASSESSMENT RISK CONTROL
AGENT FUNCTION HAZARD
DESCRIPTION EFFECT S CAUSE P
DETECTION MECHANISM
D RPN RISK
LEVEL CONTROL ACTIONS
ASSESSMENT OF CONTROL
ACTIONS AND RESIDUAL RISK
S P D
FINAL RPN
FINAL RISK
LEVEL
ACCEPTANCE
(YES/NO)
609 610 S: Severity / P: Probability of occurrence / D: Detectability 611 612
DDRRAAFFTT SStteepp 33
Supply Chain Control Framework Agreement
Page: 22 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
613
8. ANNEX 2. SUPPLY CHAIN CHARACTERIZATION AND 614
TASKS DISTRIBUTION MODEL 615
This section includes a model of supply chain characterization to be used in the 616
preparation of technical agreements (as an annex), between drug manufacturers and 617
distribution companies. 618
The purpose of this annex is to characterize the supply chain and establish the controls 619
to be performed for each agent. The definition of these controls is the result of the 620
detailed risk analysis performed by the distributor for each case. The responsibility of the 621
execution of each task is also included to guarantee their performance. 622
This annex could cover several products including as many characterization tables as 623
needed to cover all the products and their related supply chains. The annex has its own 624
version life system to make easy and fluent the change control management. 625
626
627
DDRRAAFFTT SStteepp 33
Supply Chain Control Framework Agreement
Page: 23 / 23 Ref: SUPPLY_CHAIN_CONTROL_FRAMEWORK_01
628
629