Quantify Risk to Boost CAPA Efficiency

Quantify Risk to Boost CAPA Efficiency

Kari Miller, Regulatory and Product Management Leader, IQVIA Quality Compliance

Corrective and Preventive Action (CAPA) systems provide a wealth of information regarding the quality of a product or process. However, few companies fully leverage the power of this tool to realize its positive impact to the bottom line.

For instance, it is not uncommon for a CAPA to be initiated for each product quality-related complaint regardless of scope or severity. Over time, the system becomes laden with records of varying degrees of severity, which are often vetted by issuance order for aging reasons, rather than priority. As a result, the organization cannot optimally allocate resources to correct events that have the most impact on the business as a whole. (more…)

ISO/IEC 27001 and the Value of Certified Life Sciences Services Providers

ISO/IEC 27001 and the Value of Certified Life Sciences Services Providers

Davor Milosevic, Quality Assurance Manager, IQVIA Quality Compliance

With data being one of the most valuable assets that an organization owns, information security management is an essential business practice. Protection of confidential data, particularly personal data with the introduction of GDPR in 2018, is critical for compliance and a business’ trust and reputation.

As highly risk-averse as the Life Sciences industry is, it is safe to say that most Life Sciences organizations will have some form of controls in place to manage information security. However, the degree of information protection and the delivery of real benefits to the market are incumbent on the effectiveness by which these controls are organized and monitored. ISO 27001 certification is the gold standard in demonstrating that effectiveness.

What is ISO 27001?

ISO 27001 is a security standard that outlines the suggested requirements for building, monitoring and improving an information security management system (ISMS). An ISMS is a set of policies for protecting and managing an enterprise’s sensitive information, e.g., financial data, intellectual property, customer details and employee records.

The ISO/IEC 27001:2013 international information security standard outlines the suggested requirements for building, monitoring and improving an ISMS. Its ISMS is built on a holistic, tailored approach to protecting and managing an enterprise’s sensitive information.

As a risk-driven standard, ISO 27001 focuses on helping organization’s build a culture of security, reducing the likelihood of security incidents and supporting the ability to meet additional compliance requirements. (Source: A-LIGN The ISO 27001 Certification Process)

Why is it important for Life Sciences organizations?

ISO 27001 can help Life Sciences organizations fully assess the risk to the privacy of their information assets, including patient and product data, through the implementation of security controls that mitigate information security risk. This is critical when proprietary, confidential data is being accessed or managed by a third-party provider.

Those providers that have been ISO 27001 certified have demonstrated that they can identify risk, assess their potential implications and put in controls to limit damaged caused by information risk incidents. Through a systematic security framework, the provider and its customer’s company data and information remain secure.

In addition to helping organizations ensure their security risks are managed, the adherence to a globally recognized best practice standard protects their corporate reputation and demonstrates credibility and trust with the industry, customers and partner organizations.

Key Benefits of ISO 27001 Certification

Unlike written standards that provide generalized guidance that isn’t applicable to the unique risks and assets of a particular organization, ISO 27001 helps organizations implement controls specific to its unique profile. Key benefits of this approach include:

  • Data and platform integrity – protection from data breaches
  • Protection of privacy such as patient data
  • Client confidence that information is protected
  • Better transparency of potential information risk
  • Cost savings through reduction of information security incidents
  • Alignment with customer requirements
  • Improved status as a preferred Life Sciences organization
  • Protect reputation and demonstrate credibility and trust

What does it take to get certified?

While the benefits are many, the process of achieving ISO 27001 certification is intensive. After implementing the standard’s requirements, organizations seeking certification must undergo multiple audits by an accreditation body. In the initial audit, the auditor ensures that the applicant’s ISMS has been developed in accordance with the standard. The applicant is expected to present evidence of all key aspects of the ISMS.

If the organization passes the initial stage, the auditor will conduct a more detailed examination, including analyzing the organization’s policies and procedures, and conduct an on-site investigation to assess how the ISMS is actually working in practice. This includes staff interviews and deep document reviews.

To maintain certification, companies must go through an annual external review process and 3-year recertification during which they must demonstrate continual improvement in the ISMS. When a new revision of the standard is published by ISO, certified providers must transition to the new version to retain compliance. The rigorous nature of ISO 27001 certification validates their ongoing commitment to maintaining confidentiality, integrity, availability and privacy of customer data.

IQVIA Quality Compliance is Certified and Committed

ISO 27001 certification is a good indication that a technology solution provider is taking security seriously. It reflects that the provider houses a robust infrastructure built to store and process data in a safe and secure manner. IQVIA Quality Compliance recently achieved certification, making it one of only a few quality management solution (QMS) providers in the world who are currently ISO 27001:2013 certified. Our customers can be confident in IQVIA’s ongoing commitment to information security management and protection of their most precious asset – their data.

IQVIA Quality Compliance

Fact Sheet

Learn how IQVIA can help you advance your quality maturity by supporting your people, processes and technology.

Customer Success

Quality Management and Design Control Requirements for MedTech

Quality Management and Design Control Requirements for MedTech

Todd Neal, Product Manager, IQVIA Quality Compliance

For any MedTech company, understanding and supporting a robust and finely tuned internal Quality Management System (QMS) can be a competitive advantage rather than just a cost of doing business. And it’s imperative. Medical device manufacturers around the globe are required to maintain a Quality Management System to ensure safety and efficacy. Subsequently, they are also required to comply with regulations regarding Design Control for medical devices to ensure that specific requirements for their devices are met.

Whether an organization is adhering to the FDA and its Quality Systems Regulation (QSR), the European Union and its Medical Device Regulation (EU MDR), or other regulatory authorities and standards for Design Control, it is important to manage the ongoing Quality Management process and provide documented evidence that a well-defined, controlled process is in place and has been properly executed. Under EU MDR, not only must technical documentation be current and demonstrate conformance with requirements, but it must also reflect the development stages applied to the design of the device. (more…)

20 Quality Compliance Resolutions for 2020

20 Quality Compliance Resolutions for 2020

The new year is the perfect time to take stock and set goals for the year ahead. Have you defined your compliance plan for 2020? Without a crystal ball to provide “20/20” vision into the next 12 months, making new year resolutions can help align and focus your efforts and energy in your quest for success. Take tips from IQVIA’s Quality Compliance subject matter experts and consider adopting some of these 20 resolutions to help you fuel your organization’s success in the new decade ahead. (more…)

A Guide to Success with Technology Solutions

A Guide to Success with Technology Solutions

Ian Elius, Associate Client Relationship Director, Cloud and Customer Success, IQVIA Quality Compliance

Customer success, particularly in the Life Sciences, depends on developing a collaborative partnership between technology solutions providers and their customers. Many times, this partnership experiences challenges, especially when the responsibilities of both parties are not clearly communicated and understood. This blog examines the areas the customer can focus on to increase the probability of success for the overall partnership and specific engagements. (more…)

Managing Compliance Risk with Integrated Asset Management Software

Managing Compliance Risk with Integrated Asset Management Software

Jim Erickson, President, Blue Mountain Quality Resources

Equipment and instruments touch every aspect of a product throughout the manufacturing process. These assets are a critical component of determining the quality of the product in each stage of the manufacturing process, from raw ingredients to final form, including packaging and shipping.

In addition, assets are capital intense to purchase and maintain over time. No matter the industry, facilities constantly need to increase the utilization and uptime of their assets in order to drive the highest return on investment. However, for Life Sciences manufacturers in particular, operational compliance is critical, and the risk of non-compliance in this area can completely cancel out the potential for realizing any measurable ROI. (more…)

Next on the MedTech QMS Calendar

Next on the MedTech QMS Calendar

Phil Johnson, Senior Principal, IQVIA Quality Compliance

Medical Device and In Vitro Diagnostics (IVD) manufacturers have been busy the last few years ensuring that their Quality Management System (QMS) met the requirements of ISO 13485:2016 and the Medical Device Single Audit Program (MDSAP). It was an interesting time as Notified Bodies (NB) and certification bodies also came up to speed on the new requirements and increased level of surveillance on manufacturers. MDSAP introduced new auditing concepts and non-conformance handling, and also introduced a new level of compliance to Quality systems, resulting in a more rounded system for addressing global regulatory needs. (more…)

Take Charge of your EU MDR Preparedness as Notified Bodies Resources Still Lag

Take Charge of your EU MDR Preparedness as Notified Bodies Resources Still Lag

Caroline Freeman, Principal Consultant, IQVIA Quality Compliance

The MDR affects all medical device manufacturers that sell to the EU, and its economic impact is already being felt, not just in the cost of implementing the new requirements for new products, but ensuring that legacy products meet the MDR, as there is no grandfathering from the current EU Medical Devices Directive (MDD). Manufacturers of all medical devices above simple Class I will need the services of an MDR designated Notified Body at some time between now and May 2024, with the exact timing being dependent on the validity of existing certificates to the MDD or the Active Implantable Medical Devices Directive (AIMDD). (more…)

Considerations to Ready your Organization for the Approaching EU MDR Deadline

Considerations to Ready your Organization for the Approaching EU MDR Deadline

IQVIA Quality Compliance

EU MDR readiness isn’t just a single activity – and is not isolated to a company’s activities in the EU. It requires changes to processes across your organization.

As you prep for the looming EU MDR 2020 compliance deadlines, are you ready? These previously published blogs provide insight into the components of the medical device product lifecycle, from concept to market, that you need to consider in assessing your organization’s preparedness for the May 2020 deadline. (more…)

The Psychology of Change: Optimizing your Technology Deployment

The Psychology of Change: Optimizing your Technology Deployment

Kari Miller, Regulatory and Product Management Leader, IQVIA Quality Compliance

When implementing enterprise software, whether a Regulatory Information Management (RIM) solution, Quality Management System (QMS) or an ERP system, the greatest predictor of its success will be how an organization manages the psychology of change. When an organization decides to implement new processes and/or new solutions, there are four phases of change that the organization is likely to experience: Denial (resistance), confusion, renewal and contentment. Hopefully the organization will experience all four phases if they are managing change properly. (more…)