- Compliance, Epista, FDA, Inspections, life science, Oticon
How do I prepare my company to comply with FDA inspections?
According to Mikael Yde, Principal Consultant at Epista Life Science, who spoke at our Inspection-Readiness event June 8th, your company must be in control of the following 8 aspects to be ready for FDA inspection:
- Data classification is one of the key elements in taking control which makes data integrity a very important aspect of your business
- Roles and responsibility split between System Owner, Line of Business and IT
- It is important that your applications are running in a defined and controlled technical environment
- To be in control requires defined, approved and followed ways of working
- Make sure to evaluate all suppliers, contractors, and consultants in accordance with your quality requirements – and remember documentation
- Documented evidence
- You need to be able to provide documented evidence – “not documented, not done”
- IT compliance
- Create an IT compliance plan to take responsibility for the maturity of your compliance procedures and controlling system
- Compliance should not be a department of its own, but rather a way of thinking within your business. Make sure to train employees and create awareness.
His most important advice is to find the right level of compliance to make sure your effort is just right – if you do too much it will be too expensive, however, if you are not doing enough you might be at great risk. Hear his comments for yourself here: https://www.youtube.com/watch?v=IPUNYp-QeW8
There are 3 different types of FDA inspections:
To make sure your company is ready for inspection, you might want to do a mock inspection to identify strengths and weaknesses. This helps remove the fear and helps your team feel how important it is that each of them can describe their processes.
Mikael advises that you know your gaps and be “consciously incompetent”. Be prepared to show the FDA your documentation. It doesn’t all necessarily have to be on paper, use your electronic data in your controlled systems instead of printing long reports. Show you are acting “in good faith”.
“Describe what you are doing – and do what you describe!”.
A good practice is to use ITIL – IT Infrastructure Library which many large companies use to structure their IT processes.
An IT Compliance Plan can be used to show inspection officers that you know what stage you are at, what your gaps are and your mitigation plan. It’s not a regulatory requirement but can be extremely valuable.
Change your company’s view of “Compliance as a department” to “Compliance as a mindset”, as illustrated below.
Ole has had success applying Kotter’s 8 steps for change:
A good practice is to have a skilled communicator on your team, who can create materials that help the company understand the importance of the compliance mindset. Here are Ole Markersen’s key findings from Oticon:
His most important advice is to be accountable for your ownership. Get a brief elaboration here: