The amount of quality assurance detail included in Standard Operating Procedures (SOP) may help a company stay QA compliant, says Susan J. Schniepp, Distinguished Fellow at Regulatory Compliance Associates, Inc.
Q. I am responsible for updating my company’s standard operating procedures (SOPs). My company has been cited several times in audits for not following them, and this situation has worsened since the onset of the pandemic. What advice do you have for me to make sure the SOPs are being followed for now and in the future?
A. You are not alone. Not following or having adequate procedures in writing continues to be one of the top SOP observations for the industry in 2021. Companies usually use their SOP to show that they have control over manufacturing processes, thereby demonstrating compliance with regulatory expectations. Both QA testing and QA engineering have even more stringent expectations in SaMD (software as a medical device) products.
The problem you are having with your SOPs seems to be an ongoing issue not necessarily related to the pandemic. It would seem this situation is exacerbated by the pandemic but not caused by the pandemic. My advice to you would be to take a holistic look at how you create, implement, and modify your SOPs.
There are four simple concepts to keep in mind for having compliant SOPs: Say what you do, do what you say, prove it, improve it. The ‘say what you do’ phrase equates to the written SOP that defines the steps to achieve compliance to a regulatory requirement.
‘Do what you say’ equates to following the SOP. ‘Prove it’ means that you need to collect and be able to present data that indicate you have followed the instructions in your SOP and have investigated any incidents where you have deviated from those instructions.
SOP Process Improvements
Once you have mastered these concepts, you can begin to work on the ‘improve it’ concept by revising and updating your SOPs to reflect current practice and process improvements. These concepts are simple enough to follow, so the being cited by regulators for not following SOPs is disappointing.
Previously in this column, we have discussed the elements of Standard Operating Procedures. The problem you are having seems to be related to the SOP content.
To address this particular problem, you need to be aware of some of the pitfalls companies encounter when writing SOPs. Writing an SOP with the correct amount of information in it—neither too restrictive nor too ambiguous—is not an easy task. It takes time and effort to create an SOP with the right balance of information.
The three most common pitfalls when writing an SOP are providing too much information, providing too little information, and providing unneeded specific information. Quality assurance is always built upon a foundation of clear and concise data. Quality control engineering necessitates that a quality assurance inspection would fail without it.
Providing too much information in Standard Operating Procedures results in a restrictive process with deviations. An example of too much information in an SOP would be listing the serial number for a piece of equipment. Should the piece of equipment need to be changed for any reason, the result is a deviation and an SOP that can’t be followed.
When listing equipment requirements in an SOP, a Quality Analyst should be able to describe the piece of equipment but not necessarily to the serial number. It would be best to provide a list of the equipment needed with a general description of its function and capability. Additionally, the QA Manager should have a deeper level of knowledge about the QA process and be able to speak to the equipment validation.
When an SOP provides too little information, it results in an out-of-control operating process that generates deviations. When there is lack of clarity, it allows for interpretation by the operator.
There is the potential for each individual executing the process to interpret the instructions in their own unique way resulting in deviations that need to be investigated and the potential for the regulatory citation of insufficient SOPs.
An example of a quality assurance program with too little information for operators includes not specifying the order reagents need to be added to generate a reaction. If it is critical to add the reagents in a certain order, that information needs to be specified in the Standard Operating Procedures.
Quality control plans with SOPs that provide unneeded specific information are also problematic. An example of unneeded specific information might be how dates are recorded in a document. A company needs to be consistent in the way the date is recorded. The order of the day, month, and year can be flexible regarding the information being separated by hyphens or slashes. There is no difference between DD/MM/YY and DD-MM-YY. Specifying hyphens versus slashes sets you up for deviations that waste time and resources.
Other potential pitfalls for QA teams to avoid are providing ambiguous information. Similarly, restricting access to SOPs or allowing access to obsolete SOPs can lead to data integrity issues. Finally, having unnecessary SOPs or not providing clear instructions for recording data inhibits the culture of quality.
Writing effective Standard Operating Procedures and keeping it current is not an easy task. It requires time, effort, and cooperation with the users to achieve the correct balance. Both quality control and quality assurance take time to develop and improve toward the end state.
Employees must use a process that is easily followed, specifies the correct data, records the current operations, and can be improved. Taking a critical look at the level and detail provided in your SOPs involves right sizing the information. For example, accurately reflecting your operations will help in eliminating an audit observation. Above all, not following SOPs or having insufficient SOPs must be addressed to help improve your compliance position.
Volume 44, Number 10
Pages: 74, 73
About RCA’s Pharmaceutical Services
Regulatory Compliance Associates (RCA)® has helped thousands of pharmaceutical companies meet regulatory, compliance, quality assurance, and remediation challenges. With more than 20 years of experience with FDA, Health Canada, EU and global regulatory agencies worldwide, RCA offers leading pharmaceutical consultants that can help you navigate through the challenges associated with evolving industry regulations.
Our team of over 500 seasoned FDA, Health Canada and EU compliance consultants and regulatory affairs experts can understand the complexities surrounding the pharmaceutical industry and the unique inner workings of the regulatory process.
Whether you’re in the product planning, development or pharmaceutical lifecycle management stage or need a remediation strategy for a compliance crisis, RCA® Inc. will guide you through every step of the regulatory process and create a customized approach depending on your product and your pharma company’s individual needs. Our clients include:
- Companies new to FDA, Health Canada or EU regulations and the pharmaceutical industry
- Start-up organizations with novel submissions to 510(k) submissions from multi-national corporations
- Investment firms seeking private equity due diligence for pre-acquisition and post-deal research
- Law firms seeking expertise in the remediation of warning letters, consent decrees, 483’s or import bans
Regulatory affairs is Regulatory Compliance Associates® Inc.’s backbone and we fully understand the complexities of the pharmaceutical and biopharmaceutical industries. Our expertise spans all facets and levels of Regulatory Affairs, from Regulatory Support for New Products to Life Cycle Management, to other services like Outsourced Regulatory Affairs, Submissions, Training, and more.
As your partner, we can negotiate the potential assessment minefield of pharmaceuticals with insight, hindsight, and the clear advantage of our breadth and depth of knowledge and experience. We offer the following four regulatory affairs services for pharmaceutical companies.
- New Product Support
- Product Lifecycle
- Other Regulatory Services
The regulations process surrounding pharmaceutical companies can be tricky for even the most experienced industry veteran to understand, and just one misstep could mean significant and lasting consequences for your business. At RCA® Inc., we offer the experience and resources necessary to guide you in quality compliance.
- Regulatory Agency Response
- Preparation and Training
- Inspection Readiness
Regulatory Compliance Associates® Inc.’s Quality Assurance services include assessments, strategy, implementations, staff augmentations, and identification of quality metrics to ensure continuous improvement, aligning with your business needs and goals. Our consultants are quality experts with experience spanning major corporations and start-ups. We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.
- 21 CFR Part 11
- Data Integrity
- Manufacturing Support
- Facility Support
Regulatory Compliance Associates® Inc. has significant experience and a proven approach to managing FDA Warning Letters, Consent Decrees, Remediation and other serious regulatory situations. We know how to partner with executive, legal, and communication teams, and will assist management with a response that will be accepted by the regulatory agency and be realistic to execute.
We can develop a comprehensive proof book of documented objective evidence demonstrating the corrective actions taken to remediate non-compliant issues. In addition, RCA can help prepare a comprehensive strategy to assist in your remediation efforts, drive continuous improvement, and maintain compliance with the regulations.
- Regulatory Action
- Warning Letter
- 483 Observation
- Oversight Services
Regulatory Compliance Associates® (RCA) provides regulatory compliance consulting to the following industries for resolution of compliance and regulatory challenges:
We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.
As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.
- Founded in 2000
- Headquartered in Wisconsin (USA)
- Expertise backed by over 500 industry subject matter experts
- Acquired by Sotera Health in 2021
About Sotera Health
The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.
Sotera Health Company, along with its three best-in-class businesses – Sterigenics®, Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.
We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.
To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage.