Data Integrity Signals in Ongoing Review


Published on 29/11/2025

Data Integrity Signals in Ongoing Review

In the pharmaceutical industry, ensuring compliance and quality standards across the supply chain is paramount. This requires not only a stringent supplier qualification process but also an effective ongoing review mechanism. This tutorial provides a comprehensive step-by-step guide for pharma professionals involved in ongoing reviews and risk assessments of suppliers, CMOs, and other partners. The aim is to facilitate sound decision-making regarding vendor audits, quality agreement clauses, and validation deliverables.

Understanding Ongoing Review in the Context of Risk Assessment

Ongoing review is a crucial aspect of pharmaceutical quality systems as stipulated by ICH Q10. It is the process of continuously monitoring a supplier’s performance and compliance. The goal is to ensure that the quality of materials and services provided by suppliers or CMOs/CDMOs remains consistent over time. This is particularly important in highly regulated environments such as those governed by the FDA, MHRA, and EMA, where the failure to maintain data integrity can lead to significant repercussions.

To structure the ongoing review effectively, it is necessary to establish a clear understanding of risk. Risk can be defined as the potential for failure in meeting the specified quality, compliance, or performance criteria. In a supplier qualification context, this means evaluating risk on various levels, including:

  • Operational risk: Assessing the supplier’s ability to deliver materials on time and in line with requirements.
  • Compliance risk: Evaluating adherence to regulatory standards such as 21 CFR Part 11 relating to electronic records and electronic signatures.
  • Quality risk: Understanding the historical quality of the products supplied and any issues that have arisen in the past.

By emphasizing risk during the ongoing review, organizations can prioritize their resources and attention toward suppliers with the highest potential for impact on product quality and patient safety.

Step 1: Define Quality Agreement Clauses

Establishing clear quality agreement clauses is vital for setting expectations with suppliers, CMOs, and other partners. A quality agreement should outline the responsibilities of each party with respect to quality assurance and compliance. Key components include:

  • Definitions: Clear definitions of critical terms, roles, and responsibilities.
  • Product Specifications: Detailed information about the products or services being supplied.
  • Risk Management: Procedures for escalating issues related to quality or compliance.

Incorporating risk-sharing clauses can also facilitate better collaboration during times of unexpected issues. For instance, if a non-conformance is identified, the agreement should specify how the parties will collaborate to resolve it.

Step 2: Implement Vendor Audits

Vendor audits are essential for assessing the compliance and quality of suppliers and CMOs/CDMOs. A structured vendor audit program allows organizations to identify potential risks proactively. The audit process should encompass the following:

  • Audit Planning: Define the scope and objectives of the audit based on risk assessments.
  • On-Site Evaluation: Review records, observe processes, and interview staff to evaluate compliance with established quality standards.
  • Non-Conformance Tracking: Document any findings and assign actions to address these issues within an agreed timeframe.

Following an audit, a report must be generated, highlighting findings, observations, and recommendations. The audit management team should then track remediation efforts to ensure that the issues are resolved timely and adequately.

Step 3: Evaluate Validation Deliverables

This step involves reviewing the validation deliverables to ensure that all systems, processes, and equipment are properly validated in accordance with regulatory expectations. The validation process must be documented and include the following:

  • Validation Protocols: Define the methodologies used for validation, including installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ).
  • Change Control: A well-structured change control system must be in place to manage any changes that may impact validated systems.
  • Periodic Review: Regularly scheduled reviews of validation status to ensure continued compliance throughout the lifecycle.

Validation deliverables are not static; they require continuous oversight to adapt to technological advancements and changes in regulatory requirements. Tracking and assessing these deliverables is essential for ensuring ongoing compliance.

Step 4: Conduct a Thorough Risk Scoring

Risk scoring is a critical component in the ongoing review process. It involves assessing each supplier or CMO/CDMO based on a set of predetermined criteria that reflects the risks associated with that entity. Criteria typically include:

  • Historical Performance: Review historical data related to quality, compliance issues, and failures.
  • Regulatory History: Any past inspections or audits by relevant regulatory agencies.
  • Market Position: The overall reliability of the supplier in the market.

Once the risk assessment is completed, scoring models can be developed which will allow for the prioritization of suppliers based on their risk profiles. This enables organizations to allocate resources effectively and focus attention where it is most needed.

Step 5: Implement Method Transfer Equivalence

For organizations that are engaging in tech transfer with suppliers or CMOs/CDMOs, the concept of method transfer equivalence is critical. This ensures that analytical methods used for testing, whether transferred internally or externally, yield consistent and reproducible results. Steps in this process include:

  • Method Validation: Conduct rigorous method validation studies to confirm that the analytical methods conform to predefined criteria.
  • Transfer Protocols: Establish clear protocols for the transfer process, defining roles and responsibilities.
  • Documentation: Ensure that comprehensive documentation supports the process, including transfer reports and equivalence metrics.

The rigor in method transfer equivalence is essential for maintaining product quality and regulatory compliance, which is why it must be meticulously executed.

Step 6: Ongoing Monitoring and Review

The ongoing review process should not be seen as a one-time initiative but rather as an integral part of the quality management system (QMS). Continuous monitoring of supplier performance can unveil emerging risks and allow organizations to swiftly adapt strategies to mitigate these risks. Key activities include:

  • Key Performance Indicators (KPIs): Establish KPIs to measure supplier performance, such as on-time delivery rates and defect rates.
  • Regular Review Meetings: Schedule periodic review meetings with stakeholders to evaluate supplier performance against established metrics.
  • Documenting Changes: Ensure that any changes in supplier performance or capabilities are documented and assessed for risk.

Engagement with suppliers should be maintained to promote transparency in operations. A proactive and collaborative relationship fosters accountability and mutual benefit.

Conclusion: Driving Excellence through Effective Ongoing Review

Implementing an effective ongoing review process is essential for managing risk in the pharmaceutical supply chain. By following these systematic steps, organizations can enhance their supplier qualification processes, ensure compliance with regulatory expectations, and maintain product quality. The integration of risk management within ongoing review practices solidifies an organization’s commitment to excellence in their partnerships with vendors, CMOs, and tech providers.

To summarize, continuous improvement in quality assurance and thorough risk assessments will lead to robust vendor management and heightened trust in the pharmaceutical supply chain.