A Framework For Managing The Quality And cGMP Compliance Capability Of Your CMOs
By Grant Mordue
Many firms choose to contract out manufacturing activities, either because they don’t have internal manufacturing
available or because they believe that it’s the cheapest (and best) option. However, when it comes to current good manufacturing practice (cGMP) compliance, many firms lose sight of their responsibility to ensure that each gram or dose of externally derived output fully meets its registered parameters and has been demonstrated by the contract manufacturing organization (CMO) as manufactured in full compliance with the requirements of cGMP. Additionally, many firms do not effectively track the added cost of non-compliance during routine manufacturing operations and the impact (risk) of inadequate or incomplete quality management by their CMO. The objective measurement of the quality and cGMP compliance capability can be used both during supplier selection and to incentivize approved suppliers to deliver improvements and reduced risk.
Tracking The Cost Of CMO Non-Compliance
After the CMO’s QA function reviews and releases each lot of output, many firms (the sponsors or CMO clients) perform an additional review and release before they accept and receive the output material into their inventory for supply to customers. The CMO will invoice an agreed price per unit of output; however, this might not be the only cost associated with the supply.
If non-compliance is identified by the sponsor during its review of the history, documentation, and data for a specific lot, e.g., documentation completion errors, missing or inadequate deviation management, errors on certificates of analysis, etc., the sponsor might have to spend time, at additional cost, working with the CMO to remediate the problems before a lot can finally be dispositioned for supply to customers. This additional time/cost should be tracked as follows:
Additional cost = additional sponsor time (hours) spent working on the remediation of non-compliance identified after release by the CMO x cost per hour of the sponsor personnel involved
This additional cost can be even higher if the sponsor chooses to also step in to work with the CMO on the real-time remediation of non-compliance experienced during the manufacturing and testing of the material, i.e., before the final review and release by the CMO. A similar approach should also be used to track this additional cost.
Tracking The Risk Of Non-Compliance
Evidence and examples of non-compliance during manufacturing and during the QA review and release process used by the CMO present a risk of further non-compliance, additional costs, delayed supply, and potentially observations and failures during audits and inspections. It is therefore important that the evidence is recorded and used to evaluate and determine where actions should be completed to prevent further non-compliance from happening.
A structured risk modelling approach is one way of doing this. The risk modelling should provide a stepwise quantitative assessment of the risk of non-compliance using a 1 (low risk) to 5 (high risk) approach. This 1 to 5 structure of increasing risk provides a more accurate and objective indication of the risk (and the opportunities for improvement) than a simple 1 to 3, or low, medium, and high structure, which tends to become subjective and redundant during use. The structure and content shown below illustrate how a description of increasing risk can be used to compile a suitable modelling tool. The aim is to evaluate the actual data and evidence, starting at risk level 1 and progressively moving toward level 5 until the appropriate level is identified as the best fit for the available evidence and data. The evidence and data can be collected either during audits or using an aligned and appropriately structured data collection form, which is completed by the CMO and returned together with the data required to complete the assessment.
The Risk Of Non-Compliance Indicated By Audits And Inspections
The modelling structure shown below provides a baseline design for the use of audit and inspection data to model the risk of further non-compliance by the CMO.
![[Insert Table 1]](https://vertassets.blob.core.windows.net/image/92909e2a/92909e2a-d4ec-41e1-9222-cc92cf584b6e/cmo_risk_modeling_table1.png)
Objective data should be used to assign the relevant risk level for each risk area. If the allocation of the selected risk level is subsequently challenged, the data should fully justify the allocation of the level and score of 1 to 5 to counter the challenge.
The Risk Of Non-Compliance Indicated By Operational Performance
The modelling structure shown below provides a baseline design for the use of operational compliance data to model the risk of further non-compliance by the CMO.
![[Insert Table 2]](https://vertassets.blob.core.windows.net/image/995e6080/995e6080-6ccf-437a-95aa-8997ce9b282f/cmo_risk_modeling_table2.png)
Again, objective data should be used to assign the relevant risk level for each risk area. If the allocation of the risk level is questioned, the data should fully justify the allocation of the level and the score of 1 to 5.
Risk Of Non-Compliance Indicated By Management Capability
Modelling and evaluating the capability of a firm’s management to deliver cGMP compliance, successfully prevent non-compliance, and continuously improve cGMP compliance can be difficult. However, as above, a well-structured scale of assessment criteria can be used as shown below.
![[Insert Table 3]](https://vertassets.blob.core.windows.net/image/599a57dc/599a57dc-9108-4a17-8c62-24329193bf93/cmo_risk_modeling_table3.png)
Using The Scoring To Reduce Risk And Drive Improvements
The scoring of each risk area from 1 to 5 should be captured in a tabulated form of the assessment model to identify areas of strength and opportunities for improvement. A weighting multiplier can also be included for each risk area to emphasise the relative risk between the different areas used for the assessment. For example:
![[Insert Table 4]](https://vertassets.blob.core.windows.net/image/7a6040e3/7a6040e3-5080-43a1-b223-6fffcce4fc4c/cmo_risk_modeling_table4.png)
During supplier selection, the highest current comparable output from the CMO can be chosen as an example for scoring. During supplier capability management assessment, the scoring, together with the assessment of the additional cost of non-compliance, should be used to incentivize the CMO to deliver the improvements required. The improvements will improve the business security of the CMO and also deliver less risk and a better level of service for the sponsor/client.
An example of an incentive would be awarding “preferred supplier” status to the CMO and, in return, providing an increase in business compared to CMOs that do not deliver improvements and thus represent a higher risk. Over a sustained period of improved performance, a share of the cost saved could be awarded to the CMO as a bonus.
Developing The Best Approach
The structure and principles presented in this article serve as an illustration and starting point for implementing a structured CMO oversight and quality and cGMP compliance risk management system. Customization is necessary to adjust and determine the structure and content applicable for specific business situations.
About The Author:
Grant Mordue is the director of Pro-Active GMP Consulting Ltd., a U.K.-based consultancy founded in April 2020 to help companies to successfully implement a proactive level of quality management and cGMP compliance. Mordue has more than 30 years of management experience across the cGMP compliance of manufacturing and supply operations at local (national) and global levels, including the management of regulatory inspections. He has a BSc (Hons) degree in applied chemistry and is a Chartered Chemist and Member of the Royal Society of Chemistry in the U.K. You can connect with him on LinkedIn.