US: (888) 231-0816

Tips for Start-Ups: How to Build a Cohesive, Integrated QMS

In 2019, deficiencies that the FDA identified most frequently during inspections were directly related to omission of policy governance and procedures.

Start-up life science companies often develop their Quality Management System (QMS) from the bottom up, creating SOPs and policies as needed throughout the company’s R&D and clinical stages. This organic approach, although convenient, will not produce a QMS that is cohesive, integrated or strategically aligned with the company’s long-term plans. The frequent result is gaps in essential coverage, a web of unworkable complexity, or both. These issues tend to become more limiting as the company approaches its commercial stage.

The discussion includes:

  • Regulatory context of Quality Management Systems
  • Key pitfalls to avoid in developing your Quality Management System
  • Roadmap for building your Quality Management System framework
  • Key benefits of developing a framework roadmap
  • Recommendations for QMS framework approach

About the Presenters

Roger Davy, Project Management Lead-Emerging Life Sciences
Roger has 18 years of operations and IT project management experience in both consulting and industry roles in the pharma, biotech, engineering, and semiconductor industries. Working with both small and large life sciences firms, he has managed successful projects to address operations, quality, compliance, and regulatory challenges. Roger has led small biopharmaceutical company teams through implementations of a wide variety of cloud-based enterprise IT solutions, supporting successful regulatory submissions and inspections. He has also managed post acquisition integration activities.

Chris Merriam-Leith, Director of Emerging Regulatory & Quality
Chris Merriam-Leith has 25 years of experience working with regulated life sciences companies. He holds a M.S. degree in Regulatory Affairs of Drugs, Biologics and Medical Devices from Northeastern University. He holds a M.S. degree in Quality Assurance of Biopharmaceuticals from California State University Dominguez Hills. He is Regulatory Affairs Certified (RAC) for the US and globally. He is also PMP certified by the Project Management Institute (PMI). He is available to consult with your company to help you navigate the complex regulatory challenges that your firm may be facing.


In this webinar, Tips for Start-ups: How to Build a Cohesive, Integrated QMS, our presenters provide an overview of how quality management systems directly support your organization’s global quality objectives, and how you can identify areas in your QMS that may need improvement. This transcript has been edited and condensed for clarity.

What is a Quality Management System (QMS)
Regulatory context of Quality Management Systems
QMS objectives and component hierarchy
The four primary QMS subsystems
Risk Management Practices
Roadmap for Implementation


Roger Davy: Many of you will be aware of this, but there are multiple drivers for quality systems and we’ll try and address some of those in this presentation. One of the most fundamental drivers we face is that the U.S. Food and Drug Administration (FDA) and all other global regulatory agencies enforce these quality practices that require your organizations to integrate QMS and risk management into your operational processes. There’s an old adage that you can’t test in quality, so the goal is to encourage quality by design with the objective of making products that are safer for the patient. The QMS needs to be integrated with everything you do using a phased approach. An effectively implemented QMS combined with product knowledge and manufacturing processes provides support for increased safety and continuous process improvements.

What is a Quality Management System?

Chris Merriam-Leith: My area of interest is in quality management systems and, more specifically, globally strategic quality management systems.

The target audience for this webinar is emerging clients and that’s the area I focus on. One of the main goals of this presentation is to provide an overview of how quality management systems directly support your organization’s global quality objectives. And secondly, how USDM can partner with your company to provide support for any of your QMS program needs.

I hope by the end of this presentation you can identify some areas where you may need some improvement and hopefully USDM can partner with you with solutions.

What is the quality management system? A QMS is a set of interrelated and interacting elements of an organization that establishes the formalized governance structure, policies, procedures, and processes that will be followed in order to achieve your company’s primary quality objectives. That’s the ISO 9001 textbook definition.

The purpose is to keep control over four critical managerial functions: quality planning, quality assurance, quality control, and quality improvements. The key components that make up an effective QMS include an organization’s quality objectives, management oversight, risk management practices, governance structure, planning and operations, roles and responsibilities, policies and procedures, and quality focused IT systems.

For your success, it’s necessary that these components all be clearly defined, aligned, and then reinforced by your internal quality practices so that your organization can achieve its quality objectives. Having full alignment of these components will translate into better quality management practices, in general, across your operations.

Another important role that your QMS serves, which is often overlooked, is that it provides regulators with greater transparency into the internal workings of your company, which helps facilitate their ability to assess your overall compliance with GXP requirements.

Regulatory Context of Quality Management Systems

Chris Merriam-Leith: What is the regulatory context of the quality management system? Modern QMS practices have evolved and are based on the ISO 9001 standards. Within the pharmaceutical industry, the compliance requirements of GLP, GCP, and GMP have a much longer history, but they have not always aligned with modern ISO QMS standards. As a result, FDA and other regulatory authorities have been working on harmonizing global GxP practices with QMS standards of the international organization for standardization (ISO).

GxP practices are now more cohesively integrated with the ISO standards through the publication of guidance documents from the International Council for Harmonization (ICH). And that’s the organization that is working globally with regulators to implement consistent standards.

A little bit of background on the regulatory context; a brief history

Modern GMP and GxP regulations evolved during the 1970s and earlier, whereas ISO 9000 standards came into existence in roughly the 1980s. There was a decade or two difference between the evolution of GxP practices and ISO standards. Those earlier GxP practices never actually aligned with modern QMS standards. Next, the FDA quality system regulations were introduced in 1996. And some of you might know those as 21 CFR 820 or the medical device regulations. I’m doing air quotes around that term because technically they are known as the quality system regulations and not specifically the medical device regulations. The reason they’re titled the quality system regulations is because they emerged in the late nineties and that body of regulations was able to be aligned with the ISO QMS standards. When you look at those regulations, you’ll see a much clear breakdown of what the FDA is looking for from a quality management system standpoint.

The FDA introduced their 21st century initiative in 2002. The emphasis of the 21st century initiative was to shift over to risk-based approaches and integrate with modern QMS practices. For the last 18 years, that’s what the impetus has been to move in the direction of quality management systems being integrated within operations.

The next thing to emerge was the quality vision for regulatory global harmonization that started to emerge in 2003, which came as a result of globalization.

Prior to that time, domestic regulatory agencies were aligned for domestic distribution and manufacturing of their products. But as globalization started to take hold, the industry started to recognize that whenever it wanted to introduce a product into a new jurisdiction, it had to jump through a new set of hoops, so it would be nice to have some consistency. So that was the impetus for why the International Council on Harmonization (ICH) was formed.

In about 2006, the FDA introduced their first quality system guidance document. And that was the first brush with domestic quality management system practices. Later, ICH Q10 was introduced, which is known as the pharmaceutical quality system guidance, and was adopted by the European Medicines Agency (EMA) in 2008 and then the FDA in 2009.

In April of 2017, the FDA published the final review report about the ICH guidance documents where they concluded that both agencies (the EMA and the FDA) are strongly aligned on the implementation of quality by design concepts that are included in the ICH Q8, the ICH Q9, and the ICH Q10, which are the quality systems management guidelines. I’ll go into more detail about the ICH Q9 risk management guidance document later on in the presentation.

Who is the ICH?

Chris Merriam-Leith: The ICH is the International Council of Harmonization. It’s a consortium of regulatory authorities, which was originally formed between the United States, the European Union, and Japan. Now, ICH standards are adopted by participating countries beyond the original founding members. Globally, there are 16 member nations and 28 observer nations for a total of 44 nations. It benefits organizations to start looking at these global standards because it aligns your practices with a large market.

The ICH standards apply across all product classifications, including drugs, biologics, medical devices, and combination products. Medical devices are governed under ISO 1345 standards. The scope of QMS requirements should be inclusive of all stages of the product’s life cycle from preclinical studies in human trials to commercial manufacturing, through product discontinuation.

ICH Q10 Quality Management System Model

Chris Merriam-Leith: The ICH Q10 pharmaceutical quality system guidance describes a comprehensive model for an effective pharmaceutical quality system that is based on ISO quality concepts and includes good manufacturing practices (GMPs). So this goes back to the decade difference between the emergence of GxP practices versus ISO QMS standards.

The Q10 presents a model design for a pharmaceutical quality system that can be implemented throughout all stages of a product life cycle. And the Q10 model is intended to augment a GMP regulations and provides a general framework by which organizations can implement quality management systems in parallel with GMP. That’s an important point that this is meant to augment or to extend on top of existing GMP, as well as GxP practices in general.

Although the Q10 models are oriented toward GMP practices, they can be more widely extended across all GxP domain. So you can apply it in GCP, you can apply it in some GLP areas, medical devices, and other industry areas that are newly emerging. ICH Q10 is complemented by two other ICH guidance documents: the QA pharmaceutical development guidance and the ICH Q9 quality risk management guidance.

It’s important to point those two out because all three of these work in harmony, but the Q9 quality risk management guidance is at a very high level because the industry wants quality risk management practices to be more widely integrated throughout your quality management system practices. It is an important driver for your quality management system.

I want to introduce what I call the Safe Harbor clause. I don’t know what else to name it, but you may have encountered this. It’s important to note that in ICH Q10 and other ICH guidance documents, they contain language that state that ICH guidance documents are not intended to create any new regulatory expectations beyond current regulatory requirements.

Every time I read that, I scratch my head and wonder what that really means. It means that they’re technically not creating any new regulations. None of these guidance documents introduce new regulations down in the regs themselves, but their overall objective is to provide clarification and, in some cases, they’re broadening their understanding and interpretation of those regulations. But in practice, even though they’re not actually introducing new regulations, compliance with ICH guidance do get indirectly enforced through how regulatory authorities perform their inspections. And that’s important because, although they’re not regulatory driven, they are enforced through practices. Another important point is that generally it’s the effectiveness of your QMS that is being evaluated during a regulatory inspection. If you want to have good results, then your focus should be on building up your quality management system, in addition to enforcing your normal GxP practices.

Because of that report released by the FDA stating that the United States and the EMA recognize the ICH guidance documents, we have mutual recognition agreements in place between the United States and many of the participating countries where, if you get an inspection performed by the EMA, the FDA will honor those inspection findings. It’s not like your risks are limited to a geographical region anymore; they have harmonized that, so all of your target markets are potentially at risk.

Objectives of a QMS

Chris Merriam-Leith: What are the quality objectives of the quality management system? The ICH Q10 model defines three primary objectives: 1) To achieve product realization, 2) to establish and maintain state of control, and 3) to facilitate continuous improvements. The Q10 focuses on achieving these three objectives, which are the key requirements for an effective quality management system. The FDA and other global regulatory authorities further recommend that pharmaceutical and life sciences organizations implement quality management systems to improve their overall quality operation. They further recommend that organizations establish, document, and maintain a QMS to control the quality, safety, and monitoring of all GxP-related activities. It’s important to note that your organization’s quality management system will be subject to regulatory inspections and independent audits, and that statement comes directly out of the FDA’s operations manual.

QMS Component Hierarchy

Chris Merriam-Leith: What does the QMS component hierarchy look like? This QMS component hierarchy, or you might call it the quality management system pyramid. All layers within the QMS hierarchy are important and essential.

  • Quality objectives
  • Management oversight and risk management practices
  • Governance structure
  • Planning & operations
  • Policy & procedures, and roles & responsibility
  • Operational processes and quality focused IT systems
  • Quality records, control documents, and forms
  • Product quality realization, state of control, and continuous improvements

Governance provides the support structure for the quality planning, quality assurance, quality control, and quality improvement areas. A QMS should provide a platform for the organizational governance structure that will support your organization’s long-term health and growth. IT systems play a tactical role like gaps may exist in key operational areas. These can sometimes create red flags for inspections. Companies may also need to develop a technology roadmap to align their quality focused it systems with their global quality strategy—and you need to be thinking globally at this stage. Integration of IT systems within QMS practices strengthens and reinforces the QMS. A technology alone does not equal a QMS and this is an area where a lot of customers have some confusion. Not all solutions are IT related; there’s a combination of processes, policies and procedures, and a whole lot of other things that are defined within this structure that come into play. It’s very important that these QMS components work in harmony and that they’re able to support these appropriate QMS practices.

Some common gaps we see:

  • Management oversight and risk management practices. These are specifically called out in the Q10 guidance, but what we see is that they are not always effectively integrated—in particular risk management practices.
  • Governance structure is a key component for the QMS success, and it’s often not well defined. As merging companies, it’s understandable; you’re moving from an R&D phase into preclinical and then clinical and sometimes that governance is all over the place.
  • IT systems play a tactical role in supporting the QMS, but not consistently integrated within the quality management system

Chris Merriam-Leith: In my opinion the higher up in the hierarchy where you have gaps, the more risk you have because those gaps will cascade down through the rest of the hierarchy. That creates areas of blindness; you don’t know what they don’t know. If you have gaps at the higher levels, then you’re missing a lot of things in those lower tiers.

I’ll be addressing management oversight and risk management later in this presentation. This is an important topic for the audience.

Phase Appropriate QMS Practices

Chris Merriam-Leith: What are phase appropriate QMS practices? Product development and optimization activities are very dynamic throughout the development life cycle; its processes and methods are evolving. The design and implementation of the QMS must be phase appropriate, main purpose for the next few slides I’m going to discuss, and today’s appropriate QMS practices ensure that products will meet appropriate safety and quality standards throughout the product’s life cycle.

Phase Appropriate QMS Maturity Model

Chris Merriam-Leith: The phase appropriate QMS maturity model has on its X axis the product development phases: R&D preclinical, the various clinical phases, and commercial. On the Y axis, we have the QMS maturity level. Inside the diagram, we have the big phases of product development: pharmaceutical development, technology transfer, and manufacturing.

Two S curves represent the quality management system and GxP practices. The curves are not drawn to scale, but I think I can make my point here. The QMS S curve precedes and leads your GxP practices, which means that, as you’re scaling up your GxP practices, you should be equally focused on scaling up your quality management system practices. In the ideal scenario, your QMS should be leading your GxP practices. What we often see, though, is that emerging clients in particular have a good handle on their early GxP practices because they’re usually engaging in clinical studies and they have to stand those up pretty quickly. As they start to accelerate their GxP growth curve, sometimes the QMS maturity is not keeping pace.

As a company starts to reach late Phase III trials, they’re looking at potentially introducing a product at that stage. Maybe their GxP practices are up to par, but their quality management system practices may be at Phase I.

Phase appropriate QMS practices are intended to augment your GxP practices. Your QMS should support a science and risk-based approach to quality. And that is part of the 21st century thrust that the FDA has been trying to push for the last 18 years.

Your QMS should span all stages of the product life cycle, not just the latter stages when you’re going commercial. The QMS should be the embodiment of your GxP practices with all the supporting infrastructure such as governance, policy and procedures, operational processes, and quality focused IT systems. Risk management and risk assessment capabilities must be an intrinsic feature within the QMS hierarchy, but they’re often not consistently implemented. And this is a big gap that we see and not just the emerging; we see it across the whole spectrum, even with mature companies.

The Four Primary QMS Subsystems

Chris Merriam-Leith: There are four primary subsystems defined within the QMS guidance:

  • Management review and risk management practices
  • Process performance and product quality monitoring
  • Corrective action and preventative action (CAPA) system
  • Change management system

These are only four out of seven subsystems that compose a standard quality management system. The other three that are not depicted here and that are not actually mentioned in the Q10 are design control subsystem, the material control subsystem, and the equipment and facility control subsystem. From the ICH perspective, these four are the most important and take center stage.

The QMS subsystems are intended to function as a top-down control structure and that’s important to understand. Lower-level quality management practices and product quality issues are intended to be aggregated upwards through the QMS as a result of the monitoring and reporting processes that should be built in to your QMS subsystems.

If any of these primary subsystems have limitations or deficiencies, or are not under a state of control, then this will manifest itself as quality related issues and potentially present itself as a red flag during inspections. This is generally how the regulators find your gaps. It’s very important that all these subsystems are operating effectively and maintained under a state of control.

Most companies seem to have a pretty good handle on CAPA and change management systems. Where things start to get a little foggy are management reviews and risk management practices, and process performance and product quality monitoring; these tend to be high-risk areas.

I’m going to provide a more detailed description on how these requirements are meant to be understood and implemented.

Management and Process Performance Subsystems

Chris Merriam-Leith: Management reviews must confirm that process performance and product quality standards are being maintained throughout the product life cycle. Risk management practices must be consistently integrated throughout the QMS and product life cycle. The S curves I mentioned earlier represent the linkages between your QMS and GxP practices, which include your risk management practices that should be occurring throughout the whole growth cycle of these two systems.

Effective management oversight and reporting must be defined within the governance structure of the QMS. Depending on the type of quality issues that get identified, management oversight must include reviews at various levels of the organization and must include a timely and effective communication and escalation process. Quality issues should be escalated to appropriate levels of management for review and resolution. Those are key aspects of a good and effective running QMS.

Process performance. The QMS should include effective systems and processes to monitor product quality performance, and ensure that a state of control is always maintained. Effective monitoring provides assurances that things are operating within the state of control. Risk management practices play an important role in process performance. Maintaining the state of control provides a higher level of certainty that production processes that are operating and production output at the expected level of quality. Process performance monitoring also serves to identify the areas that may require a corrective actions, therefore supporting continuous improvement practices.

CAPA and Change Management Subsystems

Chris Merriam-Leith: The QMS should have an effective system for implementing CAPA. The investigation process should apply structured approaches for identifying root causes. The level of effort, formality, and documentation of the investigation should be commensurate with the level of risk related to any equality related events. Again, there’s risk management coming into play.

The QMS should have an effective change management system to evaluate, approve, and properly implement changes. Results from process performance, product quality monitoring, and CAPAs will drive continuous process improvement changes. That is one of the top three goals that the regulators are looking for.

So what should CAPA cover? Investigations should cover the scope of quality related events such as complaints, product rejections, nonconformances, recalls, deviations, audits, inspection findings, out of specification (OOS) trends, process performance and product quality monitoring, change management. It’s important that change management systems ensure that changes are implemented in a timely manner. That is one of the number one drivers. And second, it must also provide a high level of assurance that there’ll be no unintended consequences from any changes. The implication in that statement is that risk management practices are being applied. Effective change management supports the primary objective of implementing continuous process improvements.

Summary of Phase Appropriate QMS Practices

Chris Merriam-Leith: Let’s summarize some of the key points regarding phase appropriate QMS practices. Each of these subsystems must be fully functional within the QMS for its effective and successful operation. Management reviews and risk management practices are a common requirement of all four subsystems. Having adaptable QMS practices will allow you to maintain quality as you scale up processes throughout the product’s life cycle.

It’s also essential that the QMS satisfies the following elements:

  • Have a clearly defined governance structure with roles and responsibilities
  • Be fully integrated with planning and operations
  • Have clearly written policies and procedures
  • Be fully supported by QMS focused IT systems

The effect of integration of these elements will assist your efforts with the successful implementation of appropriate QMS practices.

Chris Merriam-Leith: When we see “in progress” and “not mature,” very often they are an emerging company and they don’t normally have the internal experts on staff. They have limited funding capabilities to be able to bring on qualified staff and to build out these processes.

Quality management systems are complicated. They’re time consuming to implement. You can’t do this in a three month or six month period; these things take time. If you’re also going to be layering in IT system technology, then double that time because it’s complicated. On top of that, to be able to stand up a fully compliant quality management system, there’s not a lot of external expertise out there. It’s not often that you can find people who have done this, who have actually built quality management system structures and frameworks.

Senior Management Responsibilities

Chris Merriam-Leith: We’re going to take a slightly deeper dive into senior management responsibilities. Senior management is responsible for overseeing the implementation of the organization’s QMS. Senior management must actively demonstrate direct accountability to and commitment for support of a QMS. And senior management must ensure sufficient resources and funding for the effective implementation and operation of QMS.

How does senior management fulfill these responsibilities? First by ensuring the organization quality objectives are defined and implemented and they continue to be suitable and effective. You see that quality objectives is at the apex of the pyramid. The next layer is management oversight. So that’s why those are up there at the very top.

The second thing they can do is implement a company-wide management review and monitoring process to identify any quality issues, perform regular reviews of the CAPA system, and make sure that processes for continuous improvement are consistently being implemented in a timely manner.

Third, by implementing a formal governance structure supported by appropriate policies and procedures and roles and responsibilities. That is where the most critical breakdowns occur. If you have gaps here, they cascade all the way down and create huge unknown risks throughout the rest of the structure. So that’s where I would say, once you get the first two tiers figured out, “Hey, let’s build out our governance structure and figure out what we’re doing here.”

I emphasized the requirement to demonstrate direct accountability, So I want to expand on that specific topic with a little bit more detail as well.

Senior Management Accountability

Chris Merriam-Leith: During inspections, authorities will look for supporting materials where senior management have been directly involved in supporting the QMS. What should management be doing? They should be participating in the design, implementation, monitoring, and oversight of the QMS. That doesn’t mean delegating it down to the lowest levels of the employees down at the lower tiers. That’s not going to work. That’s known as a bottom-up approach; you want to take a top-down approach.

Secondly, management should ensure that all roles and responsibilities are clearly defined and understood at all levels of the organization.

Third, they need to establish timely and effective communication and escalation processes for quality issues to be elevated.

Senior management has the primary responsibility for establishing appropriate accountability, authority, inter-relationships of all personnel who manage or who are responsible for quality—which I want you to know, by definition, is everyone in your organization. Designated employees must have clear lines of authority and be empowered to make key quality decisions within the quality operation. Designated employees must have the independence and authority necessary to perform their defined quality roles.

The key takeaways regarding senior management, accountability, and responsibility are that senior management has the ultimate responsibility for driving the development of the quality management system and its overall governance structure.

Risk Management Practices

Chris Merriam-Leith: Risk management and risk assessment capabilities must be an intrinsic feature of your organization’s quality management system. This management process must provide consistency when applying the organization’s formalized risk management approach and the organization’s QMS framework must empower stakeholders to make informed decisions regarding risk assessment outcomes. The ICH Q9 quality risk management guidance provides a recommended approach for performing quality risk management. It’s so important to regulators that they called risk management out and developed its own specific guidance document. And it provides a lot of risk management methodologies that you can implement. Risk management practices are intended to be a core capability of effective an QMS and should directly support decision making related to quality.

Note that risk management can be very challenging and it’s very hard to implement consistently and correctly; that’s why it’s ranked high up there in those poll numbers. It is hard. It’s very hard and it’s not just hard for the little companies. It’s hard for the big companies as well. Because of that, a formalized risk management approach should be driven from the top down to improve its integration throughout the QMS structure as a whole. Management needs to take leadership and ownership of this risk management and push that downward. And by doing that, you will feel any cascading gaps and remember, all of this is driven by risk management. If you don’t get that right, you’ve got problems. Risk management is critical to a quality process that can make or break your quality management system, so it is very important to get this right.

Implementation of Risk Management Practices

Chris Merriam-Leith: The question is, how do you implement risk management practices within your organization? A QMS risk management framework must be capable of systematically defining risks based on process management and scientific knowledge, and that’s key. A governance structure that correctly aligns subject matter experts with specific GxP domain will support more accurate risk assessments, and a QMS risk management framework should not be crafted as a “one size fits” all approach or a checkbox approach. Because risk management must be formed throughout the whole product life cycle, it is critical that it be applied consistently and correctly. More often than not, what we see are gaps in risk management practices throughout our client base. The gaps include everything from following no risk management at all, spotty applications of risk management, improper applications of risk management, differing or inconsistent methodologies of risk management, and very often, a complete lack of understanding of risk management. This is why it’s so hard to implement: inconsistency, different levels of expertise around it, it’s very complicated. If there’s one area that you need to really nail down, it’s your risk management practices.

A top-down risk management approach should be aligned with your organization’s strategic quality objectives; therefore, providing consistent application for properly identifying risk and hazards inherent within your operational processes, systems, and business models.

Your QMS framework should include appropriate policies, procedures, and supporting technologies, and be capable of promoting proper risk management practices.

Bottom-Up vs. Top-Down QMS Approaches

Chris Merriam-Leith: I want to discuss the bottom-up versus top-down QMS approaches. Many emerging life sciences companies have typically developed their QMS program using a bottom-up approach of intermittently creating SOPs on an as-needed basis throughout the organization’s product development life cycle stages.

The bottom-up approach, although convenient and practical, may lack the strategic vision or cohesive integration, which is needed to support your organization’s long-term global expansion.

It’s important to understand the risk disparity between how a typical QMS may evolve using a bottom-up approach versus how regulatory authorities performance inspections using the top-down approach. A misalignment between these two approaches can increase your compliance risks.

A top-down QMS approach is a centrally organized QMS structure that starts at the top of the pyramid and defines each component layer working downwards. So think about that component hierarchy we reviewed previously. It’s necessary to define in a status, the higher-level elements first, before moving down within the structure and developing the next layers. Taking this approach is more of an intentional and strategic way to define and then create a consistent top-down QMS control structure. The more clearly defined the upper layers are then the more effective the lower layers will be. The integration becomes more synergistic as you build on each subsequent layer. A top-down QMS structure supports a higher standard of quality by designing quality directly into the process itself, and this goes back to the QBD—quality by design. The layers are better integrated because of the coordinated design, and this is how the quality by design was and is intended to be implemented. There are huge benefits to be gained by applying a top-down strategically driven approach versus that of a less structured organic bottom-up approach of developing your QMS. The primary benefits will be greater transparency and higher overall QMS effectiveness resulting in higher product quality and maintaining state of control and supporting continuous improvement methods.

Compliance Inspection Approach

Chris Merriam-Leith: A top-down QMS structure better aligns with the top-down inspection practices. The FDA uses a top-down inspection approach to evaluate an organization’s conformance with GMPs. Their inspection process includes a mandatory inspection of the QMS. No matter when they come in, they’re always going to inspect your QMS. They have two general inspection approaches: a full inspection and an abbreviate inspection. The full inspection is an audit of at least four of the sub-systems, one of which must be the quality system. The abbreviated inspection is an inspection of at least two of the subsystems, one of which must be the quality system. So quality management system, the definition from the FDA is the system and processes that assure your overall compliance with GMP and internal procedures and specifications. I pulled that out of the FDA’s documents to show how they view what a quality management system is.

Some of the strengths of the regulators top-down subsystem inspection approach from their perspective is that it quickly identifies gaps within an organization’s QMS and then allows regulators to focus their resources and attentions on the specific defects within the underlying supporting policy, procedures, and processes. This is how they’re able to so quickly hone in on where the issues are. The effectiveness of the top-down inspection approach is that it provides the FDA the ability to independently assess each subsystem and determine if it is operating within a state of control. So it’s important to maintain that state of control.

Inspections of the quality system will include everything from change control, CAPA, validation, protocols, complaints, product defect evaluations, returning salvage products, investigation of discrepancies, your written procedures, missing procedures, and a host of other things I could list, but I won’t go through them.

2019 FDA Inspection Findings

Chris Merriam-Leith: Let’s take a closer look at the types of gaps that may exist within your QMS. This table summarizes the Top 8 2019 FDA 483 inspection findings. This is only the Top 8; not the Top 10, not the Top 20, not the Top 50; but if I were to give you the larger list, the trend would be the same. If we scan through this list, we can see that all these findings, in one way or another, are directly related to some type of faulty or inadequate quality management system requirement. These include findings for procedures not being followed; failure of investigations related to discrepancy; absence of written procedures; laboratory control, sanitation and maintenance practices; control procedures and validations; etc. The root causes for these inspection findings can be linked back to gaps within the organization’s quality management system practice. These are current; you can go out to the FDA’s website and pull up their spreadsheet and look at these firsthand, if you like.

Benefits of Top-Down QMS Framework

Chris Merriam-Leith: Let’s discuss some benefits of implementing an effective QMS. It supports the achievement of quality objectives resulting in safer products for the patient, it helps them maintain a state of control for production processes and systems, it provides direct support for continuous process improvements, it supports the alignment of organizational global strategic quality objectives, and it strengthens internal operations and quality practices.

We have a white paper that you can request from us that provides a lot more depth on this presentation that I’ve given. And there’s a host of other benefits beyond just these top five here.

Roadmap for Implementation of a QMS

Chris Merriam-Leith: How should your organization approach the process of implementing a quality management system? Here are the Top 5 steps to take, but there again, it’s a little bit more complicated than this; it’s a little bit more complex and there are other things involved.

  1. Perform assessment of the existing quality objectives, governance structure, roles and responsibilities, quality manual, policies, procedures, and processes
  2. Assess your organization’s level of compliance and overall QMS, operational maturity
  3. Identify gaps, then scope and define new operational requirements such as governance, titles, roles and responsibilities, scope of deliverables, and regulatory alignment
  4. Determine the risks related to existing gaps and operational urgency to address those high-risk QMS components
  5. Prioritize the new QMS policies, procedures, and deliverables

Our white paper “Quality Management Systems for Emerging Life Science Organizations” provides a much greater level of detail around how to implement a roadmap.

USDM’s QMS Framework

Chris Merriam-Leith: USDM does offer a QMS framework solution. It’s a top-down solution designed to reinforce an organization’s quality goals by implementing a governance structure that will support the operational and procedural practices. It complies with FDA cGMP regulations and other global regulatory authorities. It’s a plug-and-play QMS solution that will save your organization significant time and effort.

As many emerging companies began to reach the commercialization stage, we discovered that they may be encountering gaps within their QMS processes or regulatory government structure. These indications and gaps may become more apparent as your organization starts to experience more accelerated growth and your operational boundaries start to become more obscure or even overlapping. And those are normal growing pains. Any types of gaps can lead to increased compliance risks during inspection. The USDM solution can help your organization align its overall quality mission with its quality objectives and your organizational roles and responsibilities. It will help promote clear delineation of operational boundaries from a regulatory and quality perspective. We sometimes see a lot of overlap there.

USDM’s QMS framework can be selectively implemented to compliment or fill any gaps within your existing QMS program. Most importantly, the framework aligns with industry current best practices and standards such as the ISO, the International Council for Harmonization (ICH) and several other well-recognized industry organizations.

Case Study

Roger Davy: Thank you, Chris. I would like to talk through this case study about how USDM has helped an emerging biopharma company that was approaching their PAI and was uncertain about their quality system. This is a demonstration of USDM applying a very systematic approach to this situation and using a well-established process to remediate this late-stage pre-commercial company in a short period of time in order to prepare their quality systems and make sure there weren’t any gaps that would potentially be an issue during audit. Clearly the time to do this is as soon as possible.

Obviously, you’d rather be in a situation where you’re developing your QMS in a phase appropriate manner as Chris has recommended. However, if you do find yourself in a situation where you do need remediation or suspect that you might, we’d be more than happy to help using a systematic and well-developed approach. With specialists like Chris on board, you can be comfortable that we’ve got a great team to be able to help you.

On-Demand Webinar

Please fill out the form below to watch now.

Want to talk with our
subject matter experts?