Segment: Compliance Assurance

Audits, Inspections, and CDMOs

In this episode of the Ask the Expert video series hosted by Pharmaceutical Technology®, Susan J. Schniepp, Regulatory Compliance Associates (RCA), Siegfried Schmitt, Parexel, and Anita Michaels, RCA, explain how CDMOs can best handle regulatory inspections and client expectations.

 

Link to the Video and Article on Pharmaceutical Technology

 

Contract development and manufacturing organizations (CDMOs) typically have multiple clients who each have specific needs. When regulators perform audits and inspections of CDMOs, it is sometimes unclear who is responsible for any deviations the inspector might have. However, ultimately, the sponsor company is responsible for ensuring that any contract organizations are following good manufacturing practices.

 

But what happens when a CDMO has a client that has specification and/or requirements that infringe on that contractor’s ability to work with other clients? How should the CDMO respond to audits and their clients? In this episode of Ask the Expert, Susan J. Schniepp, distinguished fellow at Regulatory Compliance Associates, a Nelson Labs company (RCA); Siegfried Schmitt, vice president Technical at Parexel, and Anita Michaels, executive pharma compliance expert and principal consultant at RCA, give advice on how contractors and clients can work together to prepare for inspections and address regulatory actions.

 

“A lot of CDMOs utilize their clients’ inspections to prepare for inspection. But I think you could level up, level that up higher,” Michaels says. “The first thing is you want to have a robust quality system. And you also want to integrate the other five systems into your facility. Then you’ll receive, if it’s a regulatory authority like the FDA, they could come to inspect you for a GMP or pre-approval inspection, which will be specific to the product they’re covering. And then the GMP portion, if you have been approved for a United States product, would cover the six systems. So, I think holistically, a CDMO should prepare, number one, to handle a GMP covering the six systems and have a robust quality system, such as policies in place for your CAPAs [corrective and preventative actions], investigations, deviations, your KPIs, your tracking, and trending holistically across your facility. And then also understanding the approach for a preapproval inspection for your clients.”

 

Click the video above to watch Sue, Siegfried, and Anita answer the following question:

“How does a CDMO organization handle multiple client input and perspective with regard to general GMP inspections without compromising or setting up different standards within their Quality Management System?

 

 

Strengthen your inspection readiness with a partner who understands the full regulatory landscape.

RCA supports pharmaceutical and medical device organizations with comprehensive audit preparation, supplier oversight, CDMO qualification, remediation planning, and ongoing quality system optimization. Whether you’re scaling operations or navigating complex regulatory expectations, our experts help you reduce risk and ensure confidence in every inspection.

 

Take the next step toward true compliance readiness.

Explore our full range of services here: Compliance Assurance Services

Or connect with our team to discuss your tailored compliance strategy today.

Ask the Expert: Commenting on Draft Regulations

In this episode of the Ask the Expert video series published by Pharmaceutical Technology®, Susan J. Schniepp, Regulatory Compliance Associates, and Siegfried Schmitt, Parexel, give their opinions on why those working in the pharmaceutical industry should lend their voices to draft regulations.

 

 

Regulatory agencies, such as FDA and the European Medicines Agencies, and other industry standard setting bodies, such as the International Council for Harmonisation and the US Pharmacopeia, often publish draft versions of the guidance documents they are developing to gather feedback from the public, which includes those scientists and engineers working in the pharmaceutical industry. But who should comment and why?

 

“You know, there’s an opportunity before regulations get approved for industry to participate and offer their comments on the regulation. This has worked in many cases where, for instance, in the US, way back in 2013, 2014, there was a proposal for metrics. And it was through the commenting period that was open to the public, where industry was able to put forth a case to get the agency to consider some other metrics that we thought were important, that they were not originally in the proposal,” explains Susan J. Schniepp is distinguished fellow at Regulatory Compliance Associates. “So, the way it works is anytime there’s a new regulation or a change to an already existing regulation, the FDA will announce it in what we call the Federal Register. It’s kind of like the daily newspaper for the government. It’s that time when they open it up for comments from industry. And so, it’s very important because you can change the final regulation before it becomes official by putting your comments in through this vehicle.”

 

“Absolutely anyone can comment,” stresses Siegfried Schmitt, PhD, is vice president, Technical at Parexel. “You don’t have to be the ultimate expert. If you feel you have something to say, absolutely, you can. Now, perhaps it is advisable or sensible to not just comment as an individual but perhaps comment through your company. Perhaps your company as such is interested in providing comments.”

 

Both Schmitt and Schniepp also suggest commenting through a trade association, such as the Parenteral Drug Association. “I like commenting through industry associations because usually, they gather a group of experts together proposed regulation topic, And you get to hear not only your perspective voiced, but other experts’ perspectives voiced,” Schniepp says.

 

 

 

How EU and US Cybersecurity Regulations Are Aligning

Posted on by Brandon Miller

As connected medical devices become more prevalent, cybersecurity regulations are evolving rapidly across global markets. Manufacturers must now navigate complex requirements from both the United States Food and Drug Administration (FDA) and the European Union (EU) to ensure compliance and protect patient safety. Fortunately, recent updates show promising signs of alignment between these regulatory bodies, making it easier for companies to adopt unified cybersecurity strategies.

 

Understanding the Regulatory Landscape

The FDA has introduced new cybersecurity requirements under Section 524B of the Omnibus Law, mandating Software Bill of Materials (SBOMs), coordinated vulnerability disclosure, and secure product development practices. Meanwhile, the EU is updating its Medical Device Regulation (MDR) and introducing the Cyber Resilience Act, which, although not directly applicable to medical devices, sets the tone for broader cybersecurity expectations.

 

Key Areas of Alignment

Both the FDA and EU regulators emphasize the importance of early threat modeling, SBOM transparency, and postmarket vulnerability management. They also encourage manufacturers to adopt global cybersecurity standards such as ISO/IEC 27001 and IEC 62443 to ensure consistent security practices across markets.

 

Benefits of Regulatory Harmonization

As the FDA and EU move toward harmonized cybersecurity expectations, manufacturers can benefit from streamlined product development, reduced compliance costs, and faster market access. Unified standards also help improve device security and patient trust across international markets.

 

How to Stay Ahead of Regulatory Changes

To stay ahead, manufacturers should monitor regulatory updates, engage in early cybersecurity planning, and collaborate with experts who understand both FDA and EU requirements. Proactive planning and secure design practices are essential for meeting current and future cybersecurity expectations.

 

Partner with Regulatory Compliance Associates®

Navigating the evolving cybersecurity landscape requires deep regulatory expertise and strategic planning. Regulatory Compliance Associates® (RCA) specializes in helping medical device companies align with global cybersecurity regulations, from SBOM development and threat modeling to FDA submissions and EU MDR compliance.

 

Contact RCA today to schedule a consultation and ensure your connected medical device is secure, compliant, and ready for global market access.