, ,

AI in the pharmaceutical industry: Annex 22 & EU AI Act – current obligations and practical implementation

The use of artificial intelligence (AI) is rapidly gaining importance in the pharmaceutical industry – from increasing efficiency in everyday office work to complex applications in GMP-relevant processes. At the same time, regulatory requirements are increasing significantly. The EU AI Act and the planned Annex 22 to the EU GMP guidelines will provide a clear regulatory framework for the use of AI in regulated environments for the first time.

This article summarizes the key content of the Experts Talk “AI in the pharmaceutical industry – Annex 22 & EU AI Act as a framework for quality and efficiency”, which took place on 27 November 2025. The discussion focused on what these regulatory developments mean in concrete terms for pharmaceutical companies, what obligations already apply today and how the path from risk analysis to regulatory compliance can be successful.

EU AI Act

Why the EU AI Act and Annex 22 are relevant now

The EU AI Act is the first comprehensive European regulation for the use of AI. It takes a risk-based approach and differentiates between AI applications according to their potential impact on people, safety and fundamental rights. The AI Act is particularly relevant for pharmaceutical companies, as many AI applications can be classified as high-risk.

At the same time, the planned Annex 22 specifies the authorities’ expectations for the use of AI in the GMP environment. Even though Annex 22 had not yet been finally adopted at the time of the Experts Talk, it was clear from the exchange with the speakers that the regulatory direction is clear – and companies should prepare now.

Annex 22 & EU AI Act at a glance: Which regulations apply to which AI use cases – from office chatbots to AI in the GMP process?

A central topic of the Experts Talk was the clear demarcation of the various regulations and their areas of application. This is because not every AI application is subject to the same requirements. The decisive factors are the context of use, risk potential and impact on product quality, patient safety and human rights.

Two sets of rules – two perspectives

  • EU AI Act: The EU AI Act is a horizontal, cross-sector regulation that addresses the use of AI throughout the entire company. It applies not only to GMP processes, but also to AI applications in HR, IT, office areas and management. The aim is to protect fundamental rights, safety and health and to create trust in AI systems.
  • Annex 22 (Draft): Annex 22 is a vertical, GMP-specific supplement to the EU GMP guideline. It focuses exclusively on AI applications in the regulated manufacturing environment and particularly addresses systems with an impact on product quality, patient safety and data integrity. The annex is strongly oriented towards GAMP 5 principles and supplements existing regulations such as Annex 11 and Chapter 4.

Typical AI use cases and their regulatory classification

1. office and support applications (low to minimal risk)
Examples:

  • Office chatbots for text creation or translation
  • Spelling and formulation aids
  • AI-supported ticket or document sorting

These applications generally have no direct influence on GMP decisions or patient safety. Nevertheless, there are already requirements arising from the EU AI Act, particularly with regard to:

  • Transparency about the use of AI
  • Employee training (AI literacy)
  • Clear internal rules on the use and handling of data

2. decision-supporting AI systems (limited to high risk)
Examples:

  • AI-based decision support in QA or production
  • Forecast models for maintenance, deviations or capacity planning

Regulatory requirements are increasing significantly here. Relevant factors include

  • Structured risk assessment and classification
  • Documentation of models, data basis and decision logics
  • Clear governance structures and responsibilities
  • Concepts for human control (human-in-the-loop)

The more decisions are automated or prepared, the closer these systems come to the high-risk area of the EU AI Act.

3. AI in the GMP core process (high risk / Annex 22 relevant)
Examples:

  • AI-supported process monitoring
  • Automated quality assessments
  • AI systems with influence on approval decisions

These applications are clearly the focus of Annex 22, as the draft makes clear:

  • Critical AI systems must be deterministic, validatable and explainable (XAI)
  • Dynamic learning systems and generative AI are not currently intended for critical GMP applications
  • Human-in-the-loop is absolutely essential
  • Data quality, traceability and life cycle documentation are key success factors

The Experts Talk clearly showed that the EU AI Act and Annex 22 are not alternatives, but complement each other. Companies must consider both perspectives in order to use AI in a compliant and sustainable manner.

What pharmaceutical companies already have to consider today

A key conclusion of the Experts Talk: waiting is not an option. Even without the final adoption of Annex 22, there are already specific requirements from existing GMP regulations, the EU AI Act and general quality assurance principles.

It was particularly emphasized that companies must obtain a structured overview of all AI applications used or planned. Regardless of whether these are used in the GMP core process, in supporting areas or in everyday office work.

The key requirements include in particular

  • Transparency and traceability of AI systems
  • Risk assessment and classification of AI use cases
  • Documentation and governance over the entire life cycle
  • Training and qualification of employees

Shadow AI poses a particular risk here – i.e. the uncontrolled use of generic AI tools such as ChatGPT in day-to-day work. Without clear rules, approvals, training and documentation, this can quickly lead to deviations and compliance risks.

Implementing AI governance in practice: Tool to support regulatory requirements

It became clear that regulatory requirements such as the EU AI Act, Annex 22 (Draft) and ISO/IEC 42001 can only be implemented effectively if they are translated into clear, practicable structures.

This is where an AI governance solution from Goodly Technologies comes in, which is currently being developed specifically for regulated industries. The tool supports companies in managing AI systems in a structured and traceable manner throughout their entire life cycle: from planning and deployment to continuous monitoring.

Among other things, the focus is on:

  • Systematic recording and classification of AI applications
  • Documentation of responsibilities, risks and controls
  • Illustration of key requirements from Annex 22
  • Integration of SOPs, training and proof of audit and inspection capability

The aim is not to limit AI, but to make it usable in a controlled manner as a basis for innovation and regulatory security. If you have any questions about the tool, please contact Robert Hoffmeister: robert.hoffmeister@goodly-technologies.com

Conclusion: Set the course for compliant AI now

The Experts Talk on November 27, 2025 made it clear that the EU AI Act and the planned Annex 22 are not abstract future topics, but are already having a concrete impact on the day-to-day work of pharmaceutical companies.

Companies that already use AI or are planning to use it should act early:

  • Identify AI use cases
  • Assess risks
  • Clarify responsibilities
  • Define processes
  • Train employees

Structured preparation makes it possible to use regulatory requirements not as a brake, but as a foundation for the safe, efficient and sustainable use of AI.

How the Experts Institute can support you

The Experts Institute supports pharmaceutical companies in the classification of regulatory requirements, the practical implementation of AI governance as well as training courses and workshops on the EU AI Act, Annex 22 and AI in the GMP environment. Get ahead and get in touch with us: info@expertsinstitut.de

The Experts Talk series will also be continued. The next Experts Talk will take place on January 22 at 10:30 a.m. on the topic of “Pharmaceutical-grade use of generative AI”. To register for the event:
https://academy.experts-institut.de/ExpertsTalkmitChristophKthRobertSpariPharmatauglicherEinsatzvongenerativerKI

You can find more articles in our newsroom:
https://experts-institut.de/newsroom/

And feel free to follow us on LinkedIn to make sure you don’t miss any more Experts Talks:
https://de.linkedin.com/company/expertsinstitut

/by
,

The most important GMP findings for 2025 and forecasts for 2026

The regulatory requirements in the GMP environment have changed noticeably in recent years. In 2025, it is clearer than ever that it is no longer enough to formally fulfill requirements. Authorities expect comprehensible decisions, stable processes and quality that is actually practiced in day-to-day work. For many companies, this means a fundamental organizational, technical and cultural rethink.

GMP is increasingly understood as an integrated system in which processes, people, data and technology are closely interlinked. Individual measures or isolated corrections are not enough to remain audit-proof in the long term.

GMP

From documentation to active GMP compliance

Inspections and audits are increasingly focusing on how quality systems actually function in day-to-day business. Deviation management, change control and CAPA processes are no longer viewed in isolation, but in the context of responsibilities, interfaces, escalation paths and decision-making logic.

2025 has shown that inspectors are increasingly questioning who makes decisions, on what professional basis they are made and how consistently they are implemented. Processes that appear conclusive on paper but are interpreted or applied differently in everyday life quickly come into focus.

A key learning: Consistency is a decisive GMP factor. Differences between shifts, locations or areas of responsibility are increasingly seen as a systemic risk. Especially if they are not recognized, evaluated or justified.

CAPA, change control and deviations considered in context

Current FDA warning letters make it clear that a purely formal processing of deviations and CAPA measures is no longer accepted. The FDA is particularly critical of so-called “testing to compliance”, in which tests are repeated without identifying the actual cause of a problem and eliminating it sustainably.

Instead, the FDA expects robust root cause analyses with a broader perspective: affected and adjacent batches, comparable products, shared facilities and historical trends must be systematically included. A comprehensible effectiveness test of the CAPA measures is also required.

Prompt and visible action is required when risks are high or unacceptable. Delays – even if they are corrected later – weaken confidence in the quality system from the FDA’s perspective. At the same time, there is a greater focus on the responsibility of the quality unit and management: effective CAPA requires active quality oversight, continuous trend analyses and clear decision-making processes.

Data integrity remains a critical checkpoint

Data integrity continues to be one of the most sensitive issues in the GMP environment – and 2025 has further intensified this development. Authorities are paying more attention to complete audit trails, consistent data flows, clear role and access concepts and the handling of exceptions and manual interventions.

It is striking that data integrity is increasingly understood not only as an IT issue, but as a cross-organizational task. Training, awareness and leadership play just as big a role as technical controls.

Technology, processes and quality units in interaction

Technical weaknesses – for example in system qualification, maintenance, cleaning or monitoring – continue to lead to frequent complaints. However, it is less and less the individual defect that is decisive, but rather the question of how systematically companies deal with such issues.

2025, it became clear that authorities are evaluating more closely whether processes are understood, monitored and continuously improved or whether they are merely reacting to deviations. A reactive approach is increasingly considered insufficient.

At the same time, the role of the quality unit is becoming more central. Quality units are no longer seen primarily as an approval office, but as an active control and monitoring unit. What is expected is technical depth, decision-making power and the ability to clearly address risks – also in relation to operational areas.

Lessons learned 2025: Recurring patterns from audits

Across many audits, a number of overarching findings can be identified for 2025:

  • Unclear responsibilities are a frequent starting point for GMP deviations
  • Decisions without documented professional justification are increasingly being questioned
  • Training alone is not enough, application and understanding count
  • Quality systems must function as a whole, not just in individual modules

Companies that recognize and address these patterns at an early stage are in a much better position than those that only react selectively.

Outlook: GMP will be even more digital, risk-based and networked in 2026

Looking ahead to 2026, it can be assumed that these developments will continue to intensify. GMP practice is clearly moving in this direction:

  • more integrated digital quality systems
  • Data-based trend analyses and key figures
  • Predictive quality assurance instead of pure error correction

Risk-based approaches are finally no longer a “nice to have”, but the regulatory standard. At the same time, the requirements for transparency, traceability and system understanding are increasing, especially for complex manufacturing processes, biologics and novel therapies.

Companies that take a holistic approach to their GMP organization today not only create audit security, but also long-term stability in an increasingly complex regulatory environment.

How the Experts Institute supports you

We support companies throughout the entire GMP life cycle: from GMP assessments and audit preparations to hands-on support in projects, interim management and practical training for specialists and managers. Our focus is always on practicable solutions, regulatory safety and quality that works in everyday life.

Our claim: GMP compliance that doesn’t just exist on paper, but withstands audits and strengthens processes in the long term. Contact us if you want to future-proof your GMP organization. Get ahead and in touch with us – info@expertsinstitut.de

Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

/by

Mastering GMP audits successfully: What really matters

GMP audits are one of the key quality assurance tools in the pharmaceutical and life science industry. They check whether manufacturing processes, documentation, systems and working methods comply with regulatory requirements at all times. This is not just about compliance with formal requirements, but also about ensuring product safety, process stability and quality in practice. Successful GMP audits therefore make a significant contribution to patient safety, corporate risk minimization and a sustainable compliance culture.

GMP audits

Why GMP audits are of strategic importance

An audit is much more than just an inspection. It signals quality, transparency and a sense of responsibility towards customers, authorities and patients. Companies that establish audit stability as part of their organizational culture not only benefit from regulatory security, but also from better internal processes, clear responsibilities and increased efficiency. Findings are not a failure, but a valuable indicator for further development.

Audit preparation

Preparation for a GMP audit does not just begin in the days leading up to the date, but is part of continuous compliance management. An audit-compliant company is characterized by complete and up-to-date documentation, clear responsibilities, uniform standards and structured training and competence management. Internal communication is also an important building block: employees should understand why audits take place, what expectations exist and how they can communicate in a secure and fact-based manner. Many companies use internal mock audits or Q&A training to create security and practice typical situations in a realistic manner.

Audit implementation

During the audit, the focus is on clarity, traceability and integrity. Auditors not only evaluate documents and processes, but also the organization as a whole: Do employees know how processes work? Can decisions be explained? Is there a visible quality culture? Successful audit participants answer precisely, based on facts and only within their area of responsibility. Equally important is structured on-site support for the audit: a defined process, prepared rooms, clean accompanying documentation and professional communication support a positive result.

Follow-up

The phase after the audit determines the long-term benefit. Findings should be analyzed systematically and not viewed in isolation. Root cause analyses help to identify structural weaknesses instead of merely remedying symptoms. Action plans should be realistically scheduled, have clear responsibilities and then be checked for their effectiveness. This creates a learning system that continuously optimizes quality.

Typical audit risks and how companies can prevent them

In many GMP-regulated organizations, audit deviations are not caused by a lack of expertise, but by process gaps, inconsistent implementation and poor documentation quality. Common risk factors are:

– Incomplete, contradictory or outdated documents
– Process knowledge that only exists verbally (“tribal knowledge”)
– Lack of justification or risk considerations in decisions
– Training certificates without verifiable competence assessment
– Poor data integrity or unclear roles and responsibilities

An effective approach therefore does not lie in short-term “polishing up” before an audit, but in operational routine quality: processes must be designed in such a way that they are auditable at all times and are transparent, reproducible, risk-based and compliant with data integrity. Audit stability is achieved when documents reflect reality and reality is lived in accordance with the rules.

Support from the Experts Institute

We support companies in all audit phases, from the initial assessment to the implementation of practical mock audits and the sustainable implementation of corrections. Our work is practice-oriented, based on regulatory requirements and geared towards the individual level of maturity. In doing so, we pursue the goal of permanently anchoring audit stability and making quality tangible, comprehensible and measurable.

Conclusion: Audit strength comes from practiced quality

Successful GMP audits are no coincidence, but the result of a professional quality culture, clear responsibilities and continuous improvement. Companies that see audits as an opportunity rather than a burden strengthen their competitiveness, increase their compliance level and promote sustainable, process-oriented corporate development.

If you would like to increase your audit stability or develop your processes to the next level of maturity, we will be happy to support you. Get ahead and in touch with us – info@expertsinstitut.de

Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

/by

Business continuity management: How companies strategically secure their resilience

In a world where disruption has long since become the norm, business continuity management (BCM) is no longer an option, but a necessity. Whether cyber attacks, natural disasters, supply chain disruptions or IT failures: Crises affect companies today faster and more complex than ever before. The key question is therefore not if, but when a disruption will occur – and how well the company is prepared for it.

Business Continuity

Why business continuity management is so important

Effective BCM protects the existence of a company by ensuring that critical business processes can continue even under exceptional circumstances. The goal: operational continuity, protection of employees, safeguarding of data integrity and minimization of financial losses.

BCM is therefore much more than just crisis management. It is a strategic discipline that helps companies to identify risks at an early stage, create structures and be prepared for unexpected scenarios, with clear instructions for action instead of improvised reactions.

From risk analysis to practicing resilience

A strong BCM is based on a systematic approach. The process begins with a Business Impact Analysis (BIA): Which processes are critical to the continued existence of the company? Which resources – such as IT systems, personnel, suppliers or infrastructure – are required for this?

On this basis, a risk assessment is carried out that evaluates possible threats (e.g. cyber attacks, power outages, pandemics) and translates them into scenarios. Emergency strategies and restart plans are then developed to determine how quickly and to what extent processes should be restored after a disruption.

However, a practical BCM does not end on paper. Regular tests and exercises are crucial to ensure that everyone involved knows what to do in an emergency. These exercises not only promote the ability to react, but also create a shared awareness of responsibility and safety throughout the company.

BCM as part of modern management systems

Today, a professional BCM does not stand alone, but is part of an integrated management system. The requirements are particularly high in regulated sectors such as the pharmaceutical, biotech and medical technology industries.

The integration of BCM into existing systems such as:

  • ISO 9001 (quality management),
  • ISO 27001 (information security management),
  • ISO 22301 (Business Continuity Management Systems)
    enables synergies, avoids duplication of work and creates a holistic view of corporate risks.

In addition, regulatory requirements such as NIS2, DORA (Digital Operational Resilience Act) and the Cyber Resilience Act (CRA) are becoming increasingly important. These require companies – particularly those in critical infrastructures – to provide structured proof of their crisis and resilience.

Digitalization and BCM – new requirements for crisis resilience

Increasing digitalization brings new opportunities, but also new vulnerabilities. Cloud systems, AI-based applications and automated supply chains increase complexity and require adapted BCM strategies.

Modern business continuity management therefore uses digital monitoring tools, risk management software and automated communication systems in order to be able to react quickly and precisely in the event of a crisis. It is important that cyber resilience and business continuity are interlinked. A cyber incident must not automatically bring the entire business to a standstill.

Training, communication and corporate culture

A functioning BCM depends on the people who implement it. Training and awareness measures are therefore essential to ensure that employees know their role in the event of a crisis. In addition to clear processes, a culture of mindfulness is needed in which risks are openly addressed and continuously assessed.

Communication is therefore also a key component, both internally and externally. Those who act transparently during a crisis gain the trust of customers, business partners and authorities.

Services of the Experts Institute in the area of Business Continuity Management

The Experts Institute supports companies in the development, implementation and optimization of their BCM. Our services include

  • Analysis of existing processes and systems (gap analysis)
  • Development and implementation of BCM systems according to ISO 22301
  • Development of emergency and restart concepts
  • Integration of BCM into quality and information security management systems
  • Simulations and crisis exercises for realistic testing
  • Training and awareness programs for employees and managers
  • Advice on meeting regulatory requirements such as NIS2 or DORA

Our aim is to position your company in such a way that it remains stable, capable of acting and trustworthy even in extraordinary situations.

Conclusion: Stability can be planned

Business continuity management is not a theoretical exercise, but resilience in practice. Those who take a strategic approach to BCM strengthen their competitiveness, reduce risks and gain the trust of their stakeholders in the long term. Whether for medium-sized companies or international corporations, strong BCM means being prepared before things become critical.

Would you like to take your business continuity management to the next level? Get ahead and in touch with us – info@expertsinstitut.de

Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

/by
, ,

Continuous manufacturing: future trend in the pharmaceutical industry

The pharmaceutical industry is at a turning point. For decades, traditional batch processes characterized the production of pharmaceuticals. Although these have proven their worth, today they are often considered rigid, slow and resource-intensive. Continuous manufacturing opens up a new path: production no longer takes place in individual batches, but continuously and without interruption. This not only changes the speed of production, but also the quality, flexibility and sustainability of pharmaceutical processes.

Continuous Manufacturing

What does continuous manufacturing mean?

In contrast to the traditional batch process, continuous manufacturing enables end-to-end production in a closed system. While intermediate storage and waiting times used to be unavoidable, continuous manufacturing allows for constant production and monitoring. As a result, companies benefit from shorter production times, consistent product quality and more efficient use of resources. At the same time, the technology makes it possible to react more flexibly to fluctuations in demand and avoid supply bottlenecks. Continuous manufacturing is therefore much more than a technological innovation; it represents a fundamental paradigm shift in the pharmaceutical industry.

Digitalization as a driver for process stability

The benefits of continuous manufacturing can only be exploited through consistent digital transformation. Modern sensor technology, Process Analytical Technology (PAT) and Advanced Process Control (APC) make it possible to monitor production processes in real time. This ensures process stability and deviations can be detected and corrected immediately. At the same time, end-to-end data acquisition ensures that quality information is seamlessly documented and integrated into regulatory systems. The result is not only stable and safe production, but also greater transparency with regard to GMP compliance.

Focus on regulatory requirements

The authorities have also recognized the potential. The FDA is considered a pioneer and has already granted the first approvals for continuous manufacturing processes. In Europe, the EMA is also taking a closer look at the topic. For companies, this means that investing in continuous manufacturing at an early stage not only makes it easier to obtain approval later on, but also puts them in a strategic position with regard to future inspections. Pilot projects are a valuable way of gaining experience and taking regulatory expectations into account from the outset.

Impact on supply chains and sustainability

An often underestimated aspect of continuous manufacturing is its contribution to sustainability. Reduced energy and material consumption results in less waste. At the same time, continuous production enables production “on demand”, which reduces stock levels and makes medicines available more quickly. Continuous manufacturing therefore offers a decisive advantage, particularly in crisis situations or in the event of supply bottlenecks. For the global supply chains of pharmaceutical companies, this means greater flexibility, shorter response times and overall greater security of supply.

Challenges on the road to implementation

Of course, the switch to continuous manufacturing is associated with hurdles. High initial investments, complex interfaces between IT, automation and quality management as well as the lack of qualified specialists present companies with major challenges. However, this is precisely why it is advisable to proceed step by step: Pilot projects offer the opportunity to minimize risks and build up expertise before the technology is introduced on a large scale. Those who consciously plan this path can actively shape the learning curve and anchor the change in the long term.

Conclusion: Experts Institut as a partner for your transformation

Continuous Manufacturing is not a trend, but the future of pharmaceutical production. Companies that take this step at an early stage not only secure advantages in terms of efficiency and quality, but also with regard to regulatory acceptance and market position.

The Experts Institute supports you with practical advice, tailored training and support for your digitalization and modernization projects. From the feasibility analysis and the development of an implementation plan through to regulatory-compliant implementation, we accompany you on your path to continuous production.

Contact us for customized solutions, together we will make your production future-proof. Get ahead and in touch with us – info@expertsinstitut.de

Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

/by
,

How to create an effective quality management system (QMS) in accordance with ISO 9001

A quality management system (QMS) in accordance with ISO 9001 is much more than a formal set of rules – it is a strategic tool that companies can use to make their internal processes transparent, reliably meet customer expectations and build lasting trust with employees, partners and customers. Those who see quality management not as an obligation, but as a lived practice, lay the foundation for sustainable efficiency, risk minimization and genuine market success.

In an increasingly complex business world with global supply chains, stricter regulatory requirements and growing competitive pressure, the question of reliable quality is coming into focus. Companies that want to be future-proof in particular need structured systems to systematically meet requirements and at the same time actively exploit potential for improvement. The ISO 9001 standard provides the globally recognized framework for this, but it only unfolds its full benefits when it is integrated into everyday working life and actively lived.

QMS

What ISO 9001 requires and why it is relevant for you

A central idea of ISO 9001 is understanding the context of your organization. What internal and external factors influence your company? What are the requirements of customers, regulatory authorities, partners or your own employees? If you take a close look at these questions, you will create the basis for a tailor-made QMS that is not only based on standards, but also on the reality of your company.

The standard also requires opportunities and risks to be systematically analyzed and specific measures to be derived from this. It requires a clear definition of the scope of the quality management system and a regular review of the strategic orientation.

Leadership begins with responsibility for quality

ISO 9001 emphasizes the role of top management in quality management. Quality is not a task that can be delegated, it must be actively exemplified. This means that management should not only formulate a binding quality policy, but also communicate it in order to involve employees and anchor the topic in everyday life.

Customer satisfaction is a strategic goal and quality is the instrument for achieving this goal in the long term. An effective QMS supports the company management in fulfilling this responsibility in a structured manner.

Documentation creates structure and reliability

A central element of ISO 9001 is the control and maintenance of documented information. Whether test reports, work instructions or training certificates: All relevant documents must be traceable, versioned, released and stored securely.

Many companies benefit from a digital document management system that enables transparency, consistency and quick access. The goal is clear: processes should not only take place, they should be documented, controllable and continuously improvable.

Anchoring quality in day-to-day business

A quality management system must not be a mere paper tiger construct. ISO 9001 explicitly requires quality to be visible and effective in day-to-day work. This includes, for example, the process-oriented control of procedures, the selection and qualification of external service providers or a well thought-out approach to dealing with deviations and complaints.

Companies that carry out regular internal audits, actively involve their employees and take feedback seriously create a dynamic quality culture and ensure that their QMS also works on a day-to-day basis.

Measure, evaluate, improve – with a system

Only what is measured can be improved. This is why ISO 9001 provides for regular assessments of quality performance based on clear key figures, systematically recorded customer satisfaction and documented audit results.

Management assessments are not an end in themselves, but an important tool for strategic control. They help to make well-founded decisions and identify potential for improvement at an early stage.

Continuous improvement as an attitude

A strong QMS is not a static structure. It thrives on the willingness to improve. Corrective and preventive measures, lessons learned from projects and audits and the active involvement of employees in improvement processes ensure that quality does not stagnate, but grows.

ISO 9001 makes it clear that quality is not a project with a beginning and an end, but a continuous process that must be lived.

Conclusion: Long-term success with a practiced QMS

A quality management system in accordance with ISO 9001 can make all the difference – between reactive troubleshooting and proactive corporate management. It helps to create clarity in complex processes, identify risks, exploit potential and convince customers and employees in the long term.

At a time when trust, transparency and efficiency are crucial to success, a practiced QMS is becoming a strategic success factor – far beyond certification.

Would you like to further develop your quality management?

Whether GAP analysis, audit preparation or operational implementation – we accompany you on the way to an effective quality management system in accordance with ISO 9001. Get ahead and in touch with us – info@expertsinstitut.de

Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

/by

ISMS 2024: What companies need to know now about NIS2, DORA, CRA and ISO/IEC 42001

The demands on information security are increasing rapidly and with them the regulatory pressure. Cyber attacks such as ransomware, supply chain attacks and targeted attacks on critical infrastructures have long been part of everyday life. At the same time, NIS2, DORA, CRA and ISO/IEC 42001 are four key regulations that affect companies of all sizes and from all industries. A structured ISMS (Information Security Management System) thus becomes the indispensable basis for a legally compliant and resilient security architecture. Those who fail to act now risk not only fines, but also considerable competitive disadvantages.

ISMS

NIS2 – The new basic requirement for many companies

The revised NIS2 Directive will apply from October 2024. Companies with 50 or more employees or an annual turnover of over 10 million euros may already be affected, especially if they operate in critical sectors. The most important requirements include the introduction of an information security management system (ISMS), regular risk analyses, business continuity measures and reporting obligations for security incidents. The management bears personal liability. Our tip: Start with a gap analysis to determine your current implementation status.

DORA – Resilience for the financial sector

From January 2025, DORA will be mandatory for all financial companies in the EU. Banks, insurance companies and relevant IT service providers must strengthen their digital resilience, ICT risk management and incident reporting. Here too, an early GAP analysis and review of existing emergency management systems is recommended.

CRA and ISO/IEC 42001 – Security for digital products and AI

The Cyber Resilience Act (CRA) will regulate the entire value chain of digital products – from development to marketing – from 2026. Manufacturers, developers and importers of hardware and software are obliged to implement “security by design” and establish vulnerability management. The new ISO/IEC 42001, in turn, is the international standard for the secure handling of artificial intelligence and addresses AI-specific risks such as bias, lack of transparency and lack of traceability.

Recommendations for a future-proof ISMS strategy

Companies should now prioritize measures, carry out GAP analyses and integrate new standards such as ISO 42001 into existing management systems. Raise awareness among managers and specialist departments, because information security is no longer just an IT task, but a strategic core function.

Conclusion:

A holistic ISMS that integrates IT, OT, AI, data protection and business continuity is the basis for sustainable security and compliance. Those who act early minimize risks and secure clear competitive advantages. We are happy to support you from the GAP analysis to the implementation of practical solutions.

Would you like to find out more or get started right away?
Contact our team – together we can make your company fit for the new information security requirements! Get ahead and in touch with us – info@expertsinstitut.de

Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

/by

Enhancing Process Stability through Effective Deviation Management

Focus topics: Deviation Management, Process Stability, CAPA, Regulatory Compliance, Operational Excellence

In today’s fast-paced, highly regulated industries, maintaining process stability and ensuring product quality are paramount. Deviation management plays a critical role in achieving these objectives, offering a structured approach to identifying, addressing, and preventing non-conformities. This blog post explores key strategies for optimizing deviation management and Corrective and Preventive Action (CAPA) processes, drawing insights from our comprehensive whitepaper.

Understanding Deviation Management

Deviation management involves systematically handling unexpected events or variations in processes that could impact product quality or compliance. A robust deviation management system not only addresses immediate issues but also prevents recurrence through thorough root cause analysis and corrective actions.

Key Strategies for Effective Deviation Management

  1. Root Cause Analysis (RCA): Employ structured methodologies such as 5-Why Analysis or Fishbone Diagrams to uncover the underlying causes of deviations. This proactive approach helps prevent future occurrences by addressing the root of the problem.
  2. Standardized Operating Procedures (SOPs): Consistently documented and followed procedures reduce process variability, ensuring a more stable production environment.
  3. Training and Awareness: Regular training empowers employees with the knowledge and skills needed to report deviations accurately and adhere to best practices, fostering a culture of quality and accountability.
  4. Risk-Based Approach: Prioritize preventive measures based on risk assessments, focusing efforts on the most critical process vulnerabilities to enhance overall stability.

Leveraging Technology for Real-Time Monitoring

Utilizing digital tools and automated systems for real-time monitoring can detect early warning signs of deviations, enabling swift corrective actions. This data-driven approach supports continuous improvement and operational excellence by providing actionable insights into process performance.

The Impact of Effective CAPA Management

A well-structured CAPA process transforms deviations into opportunities for long-term process optimization. By addressing deviations proactively, organizations can reduce risks, prevent recurring issues, and achieve greater operational consistency.

Regulatory Compliance and Risk Mitigation

Compliance with global regulatory standards such as EU-GMP and US-FDA is essential for avoiding financial and reputational consequences. Effective deviation management systems ensure systematic reporting, assessment, and investigation procedures, safeguarding product quality and safety.

Achieving Operational Efficiency and Cost Reduction

Integrating data-driven deviation management into operations leads to measurable reductions in compliance-related costs and production downtime. By identifying root causes early and implementing preventive actions, businesses can optimize production efficiency and minimize deviations.

Continuous Improvement and Process Optimization

Embedding deviation management into a continuous improvement strategy fosters a culture of operational excellence. Leveraging insights from past deviations allows companies to enhance processes, reduce waste, and drive long-term improvements.

Conclusion

Effective deviation management is the cornerstone of process stability and quality assurance. By implementing structured RCA, SOPs, and a risk-based approach, organizations can minimize deviations and optimize CAPA processes, ensuring regulatory compliance and operational excellence. For more insights, download our detailed whitepaper and contact our team for expert guidance in enhancing your deviation management strategies.

If you like to know more about Deviation Management, feel free to contact j.siefert@expertsinstitut.de

LinkedIn Posting: https://www.linkedin.com/feed/update/urn:li:activity:7310934145906475008

Experts Institute LinkedIn: https://de.linkedin.com/company/expertsinstitut

www.expertsinstitut.de

/by
,

Untrue Supplier-Audit Reports: The Danger of Ethnocentric GMP-Auditing

If You are in any QA / QU role and are responsible for audits and audit reports in the GxP-context, I encourage You to take time and read this, it will be worth Your while. And if You are a QP (like I have been), this is likely to help You.

Where We Pick Up the Audit Topic

Manufacturers of pharmaceutical products and marketing authorization holders are required to ensure that audits at critical suppliers and service providers are done in a regular basis: active substance suppliers, suppliers of primary and printed packaging materials, and many others. This is basic, everyone knows this. However…

The supply chain is typically globalized and suppliers and manufacturers of materials are located all over the globe. When audits are carried out at suppliers located in a different culture, auditors always bring in their understanding of GMP and quality expectations-and here is the news: these are projected by the auditors on the auditees in culturally driven way and interpretation.

Auditors are Biased and Lack Understanding

Often auditors are trained to ask clear questions, closed questions, sometimes intentionally open questions, hypothetical questions, and often “show me” questions. Auditors expect to hear clear cut answers, yes or no, black or white, clarity – ambiguity is not typically acceptable as an answer.

But this way of auditing and listening in audits is actually called #ethnocentrism and it leads to very inaccurate audit reports. Such inaccuracy is very dangerous for supply chain and product quality asusrance! And this is a danger this industry cannot affort. We don’t produce umbrellas, but medication, we do this for patients, people who have serious needs…

Auditors assume to be heard and understood like they would be in their own birth cultural context, and even in their own company. It is an expectation which auditors bring with them due to their cultural bias in how communication should work. And so they filter what they see and hear in an audit through what they believe everyone uses to communicate.

Another assumption is that because a standard like GMP is laid down in writing, everyone sort of will understand this the same way, or at least to a contained degree of variability. Another ehtnocentric assumption: keeping in with the text of GMP requirements is what drives quality. As long as everyone else shares this – no problem. But the issue is: not everyone does! As a matter of fact, most cultures in this world do not share the mindset that underlies GMP.

The underlying problem is that GMP and similar quality standards have spawned in a Western cultural framework. This framework is not the majority reality in the world, it is a minority view no matter how important we think we are. Auditors do in almost all cases not know this, and they do not understand how big the impact of this is on what is heard and understood in audits, and what documents and records really mean.

It is needless to say that many drug manufacturing companies care very little about this aspect of audits and audit reports. Since the auditee is perceived as a supplier and only as that, the auditors feel – just like their company – that treating audit situations as an exchange of two business partners is not necessary. Another proof of ethnocentrism.

Real Consequences – Supply Contraction and Patient Risk

Especially in Asia (supplier in China, India, Japan to name a few) this will ultimately lead to a contraction of the supply range, meaning that the supply to European and Western-based companies will be a decreasing market priority to these Asian suppliers. Suppliers in Asia are fine with the Asian market alone, we must not forget that. The West is a very small part of the global village community. If we don’t take this seriously then it is our own fault.

The much bigger issue for the now is though that audit reports most often misrepresent what is going on at the supplier. Miscommunication happens so often without the auditor(s) even noticing it. And it ends up in the audit report, either as a conclusion that a particular audit topic was fine at the supplier (though it wasn’t) or that observations and deficiencies are noted that are simply not true.

The issues that come with ethnocentric auditing, which happens in almost every cross-cultural audit are significant and relevant! And they are essentially unaddressed. Auditors should not be sent into such an audit setting without a proper understandig of this.

Now What?

We seek to train our consultants and audit specialists at EI and our client auditors regarding this issue. And although no person can be truly multicultural, knowing the pitfalls makes a world of difference for the quality that is delivered.

If You are an auditor You cannot guess things in another culture, even in a business or highly regulated setting. Someone needs to show You, teach You, make You understand, and apply it. If not then audit reports will be sub-standard, inaccurate at best. And we will convince ourselves erroneously that we did a good job, and we will deceive ourselves to think that we were the ones who taught the auditee something new, although it is us who had a chance to learn and we did not take it.

Do You want to be an auditor who after 30 or 40 years of work realizes “goodness I got this wrong all my life”? Patient health and safety depend more on accurate auditing than we might think. We owe it to those who depend on medication to do our vey best.

#auditsandinspections #thegoodauditor #interculturalcommunication #GMP #business #activesubstances #api #excipients #supplierqualification #supplychainmanagement

If You like to know more about this, feel free to contact d.gross@expertsinstitut.de or visit www.expertsinstitut.de.

/by
,

Insights into our project experience: Successful implementation of quality assurance agreements (QAA) in the pharmaceutical industry

As part of a project for a pharmaceutical manufacturer and its contract manufacturer, we demonstrated our expertise in the implementation of quality assurance agreements (QAA). The aim of the project was to optimize the quality assurance processes and ensure compliance with the current GMP guidelines.
The project was implemented under challenging conditions, which were characterized by strict regulatory requirements and tight schedules. Our team of experienced GMP consultants and QA specialists developed tailor-made solutions, including the creation, review, updating and negotiation of quality assurance agreements, delimitation of responsibility agreements (VAV), technical agreements and QP agreements – in both German and English.
Close coordination with the client’s internal departments and external contractual partners was a key success factor. Thanks to targeted project management and precise negotiating skills, time-critical contracts were concluded on schedule. We also optimized relevant processes, revised SOPs and templates, thereby achieving significant efficiency gains.
Our expertise in supplier management and supplier qualification was crucial to the success of the project. In addition, we ensured sustainable implementation and compliance with regulatory requirements through targeted induction and training of the teams.
The successful implementation of the project not only led to a noticeable improvement in quality assurance, but also to a deepening of cooperation with the customers. This example illustrates how even complex challenges can be overcome with a clear strategy, sound expertise and a well-coordinated team.

/by

Webpräsenz der Allianz für Cyber- Sicherheit
kununu widget

Business Solutions

GMP / GXP Consulting

EI Academy

New town

Experts Institut Beratungs GmbH
Weinstraße 85

D-67434 Neustadt a. d. Weinstraße

Phone: +49 (0)6321 969210
E-mail: info@expertsinstitut.de

Fax: +49 (0)6321 9692199

Bamberg

Experts Institut Beratungs GmbH
Untere Sandstraße 53

D-96047 Bamberg

Phone: +49 (0)951 51939330
E-mail: info@expertsinstitut.de

St. Gilgen (Austria)

Experts Institut Beratungs GmbH
Helenenstraße 16

A-5340 St. Gilgen, Austria

Tel.: +43 (0)6227 21068
E-Mail: info@expertsinstitut.de