Keys to Compliance Success for UDI and Serialization

access_timeNovember 12, 2019
by  Michelle Bonn
Compliance for UDI and Serialization


By Regina Fullin, Sr. Compliance and Validation Consultant, Compliance Team, Inc.

 

Compliance is difficult when you “don’t know what you don’t know.”  In other words, a clear understanding of the regulation you need to comply to is a prerequisite to compliance, and a clear understanding of where your organization stands with regard to the gap between the current state of compliance and the future state.

You already know about the regulations, or you wouldn’t have started reading this article.  Because these requirements are publicly available, I will not discuss them in detail.  In short, the Drug Supply Chain Security Act mandates, by 2024, a system by which pharmaceutical drugs are tracked in the supply chain at the individual package level, to assure authenticity of the medicine by way of an electronic chain of custody.  By contrast, the UDI requires electronic tracking of medical devices to identify the medical device by make/model and production identification, to facilitate recall efficiency and use in electronic medical records.  Both systems employ electronic systems to mark the units.

 

The first wave of the UDI Final Rule, for devices, became effective on September 24, 2015, for Class III and Class II implantable devices.  A second wave later on September 24 for remaining Class II devices takes place this year, and a third wave on September 24, 2017 will take place for Class I devices.  By contrast, the Drug Supply Chain Security Act (DSCSA) is in the process of implementation.  Pharmacy dispensers were supposed to have been able to track custody at the lot level by now, but unforeseen circumstances forced the FDA to give dispensers (i.e. pharmacies) a grace period.  Presently, the FDA is doing a study to understand the data requirements for a worldwide pharmaceutical tracking system, so there is very little companies can do to prepare yet….

Or is there?

The foundation of compliance is always a sound quality management system, with clear, concise SOPs that get everyone in the organization aligned on what needs to happen, why it needs to happen, and how to make it happen.  Notice that I stated that the QMS needs clear and concise SOPs.  I left out the third “C” – comprehensive.  Don’t let your organization run amok with minutiae.   Writing a clear, concise procedure sounds easy, but sometimes it’s easier to have a technical writer handle the task so you can keep your eyes on managing your organization.  Compliance Team has experienced technical writers who can create the procedures that can seamlessly integrate with your existing quality management system, and help train your staff on these newly-created SOPs, so you can focus on production and quality of your product.  Preparing your quality management system for the changes is something you can do to get ahead of the curve (if you are a pharmaceutical manufacturer) or something you need to do now (if you are a medical device manufacturer).

With a policy in place that explains how your organization is going to achieve the mission of compliance, the next step is project management.  Project management should begin early, so you can identify the resources, people and budget in anticipation of execution phase so you avoid rushing.  You see, the DSCSA and the UDI Final Rule have deadlines attached to them.  When it comes to deadlines, planning is key, which means project management.  Think about milestones and activities that are resource-limiting or time-constraining, and be sure to track these somewhere.  Starting early helps you to use the extra time to identify ways to work around resource limitations.  Don’t forget contingency planning, either (because Murphy’s Law says that anything that can go wrong, does).  Then execute to plan.  Such planning can be the difference between a potential project failure and a success.  A Project Manager from Compliance Team can help if you need someone with the objectivity and experience to focus your team on the essentials for the compliance journey.

As noted earlier in this article both the serialization and UDI require using electronic data systems.  Software designers are human beings, and it can be easy to overlook gaps in the data system without a robust commissioning and validation program.  The most important feature, in the FDA’s view, is data integrity, though recently, the FDA de-emphasized the importance of its rule on Electronic Signatures and Electronic Records—21 CFR Part 11—in favor of a more commonsense approach to data integrity.

The DSCA and the UDI Final rule center on the data systems to manage the integrity of medical devices and medicines. It therefore becomes clear, even using the more relaxed approach to Part 11, that these increasingly-complex software systems require validation.  Think about it: these systems must handle large data sets while maintaining data integrity and accurate electronic records over the life of the product.  This means that several types of validations are applicable to a serialization/UDI project:

  1. Validation of the labeling and label printing operations, to ensure accurate, readable labels are applied to the devices and/or packages.
  2. Validation of the inventory tracking methods to identify material locations within the supply chain. (DSCSA only)
  3. Validation of the electronic records that show an accurate chain-of-custody as materials change ownership. (DSCSA only)
  4. Validation of system security, to ensure that sensitive data access/editing is limited to authorized individuals.
  5. Packing process validation, to ensure that identifiers on higher levels of packaging hierarchy (i.e. cases, pallets) maintain integrity through the packaging/distribution process.

These validations can be combined in a single protocol or broken into separate protocols, depending on the ways your organization structures its validation program.  A validation expert can help you identify the most effective way to structure your validation program for serialization/UDI so your testing proceeds smoothly and without incident.

In addition to validations specifically related to compliance to the new electronic tracking requirements, a number of other validations are necessary to ensure compliance to general supply chain requirements.

  1. Temperature mapping studies, or facility IQ/OQs assure that, for temperature-sensitive products, the storage areas and shipping routes for product are maintained at the label-claimed storage parameters until the product reaches the consumer.
  2. Packaging Validation, which ensures that the containers and packages protect product from damage as it works its way through the supply chain. The European Union recently mandated this validation in its most recent revision of Annex 15, for finished medicinal products, which signals that the FDA may soon adopt this viewpoint too.

I hope this article has provided some needed information and will help you on your journey toward compliance to these new FDA requirements.  Feel free to comment, and let me know how Compliance Team can continue to help you stay current.