The amount of quality assurance detail included in Standard Operating Procedures (SOP) may help a company stay QA compliant, says Susan J. Schniepp, Distinguished Fellow at Regulatory Compliance Associates, Inc.
Q. I am responsible for updating my company’s standard operating procedures (SOPs). My company has been cited several times in audits for not following them, and this situation has worsened since the onset of the pandemic. What advice do you have for me to make sure the SOPs are being followed for now and in the future?
A. You are not alone. Not following or having adequate procedures in writing continues to be one of the top SOP observations for the industry in 2021. Companies usually use their SOP to show that they have control over manufacturing processes, thereby demonstrating compliance with regulatory expectations. Both QA testing and QA engineering have even more stringent expectations in SaMD (software as a medical device) products.
The problem you are having with your SOPs seems to be an ongoing issue not necessarily related to the pandemic. It would seem this situation is exacerbated by the pandemic but not caused by the pandemic. My advice to you would be to take a holistic look at how you create, implement, and modify your SOPs.
Looking for Help Writing SOPs? Contact Us Now →
There are four simple concepts to keep in mind for having compliant SOPs: Say what you do, do what you say, prove it, improve it. The ‘say what you do’ phrase equates to the written SOP that defines the steps to achieve compliance to a regulatory requirement.
‘Do what you say’ equates to following the SOP. ‘Prove it’ means that you need to collect and be able to present data that indicate you have followed the instructions in your SOP and have investigated any incidents where you have deviated from those instructions.
SOP Process Improvements
Once you have mastered these concepts, you can begin to work on the ‘improve it’ concept by revising and updating your SOPs to reflect current practice and process improvements. These concepts are simple enough to follow, so the being cited by regulators for not following SOPs is disappointing.
Previously in this column, we have discussed the elements of Standard Operating Procedures. The problem you are having seems to be related to the SOP content.
To address this particular problem, you need to be aware of some of the pitfalls companies encounter when writing SOPs. Writing an SOP with the correct amount of information in it—neither too restrictive nor too ambiguous—is not an easy task. It takes time and effort to create an SOP with the right balance of information.
The three most common pitfalls when writing an SOP are providing too much information, providing too little information, and providing unneeded specific information. Quality assurance is always built upon a foundation of clear and concise data. Quality control engineering necessitates that a quality assurance inspection would fail without it.
Providing too much information in Standard Operating Procedures results in a restrictive process with deviations. An example of too much information in an SOP would be listing the serial number for a piece of equipment. Should the piece of equipment need to be changed for any reason, the result is a deviation and an SOP that can’t be followed.
When listing equipment requirements in an SOP, a Quality Analyst should be able to describe the piece of equipment but not necessarily to the serial number. It would be best to provide a list of the equipment needed with a general description of its function and capability. Additionally, the QA Manager should have a deeper level of knowledge about the QA process and be able to speak to the equipment validation.
When an SOP provides too little information, it results in an out-of-control operating process that generates deviations. When there is lack of clarity, it allows for interpretation by the operator.
There is the potential for each individual executing the process to interpret the instructions in their own unique way resulting in deviations that need to be investigated and the potential for the regulatory citation of insufficient SOPs.
An example of a quality assurance program with too little information for operators includes not specifying the order reagents need to be added to generate a reaction. If it is critical to add the reagents in a certain order, that information needs to be specified in the Standard Operating Procedures.
Quality control plans with SOPs that provide unneeded specific information are also problematic. An example of unneeded specific information might be how dates are recorded in a document. A company needs to be consistent in the way the date is recorded. The order of the day, month, and year can be flexible regarding the information being separated by hyphens or slashes. There is no difference between DD/MM/YY and DD-MM-YY. Specifying hyphens versus slashes sets you up for deviations that waste time and resources.
Other potential pitfalls for QA teams to avoid are providing ambiguous information. Similarly, restricting access to SOPs or allowing access to obsolete SOPs can lead to data integrity issues. Finally, having unnecessary SOPs or not providing clear instructions for recording data inhibits the culture of quality.
Writing effective Standard Operating Procedures and keeping it current is not an easy task. It requires time, effort, and cooperation with the users to achieve the correct balance. Both quality control and quality assurance take time to develop and improve toward the end state.
Employees must use a process that is easily followed, specifies the correct data, records the current operations, and can be improved. Taking a critical look at the level and detail provided in your SOPs involves right sizing the information. For example, accurately reflecting your operations will help in eliminating an audit observation. Above all, not following SOPs or having insufficient SOPs must be addressed to help improve your compliance position.
Volume 44, Number 10
Pages: 74, 73
Regulatory Compliance Associates® (RCA) provides worldwide services to the following industries for resolution of compliance and regulatory challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA-and globally-regulated companies.
As your partners, we can negotiate the potential minefield of regulatory compliance and private equity due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
- Founded in 2000
- Headquartered in Wisconsin (USA)
- Regional offices in Florida, Colorado and Europe
- Expertise backed by over 500 industry subject matter experts
- Acquired by Sotera Health in 2021