Enhancing Process Stability through Effective Deviation Management

Focus topics: Deviation Management, Process Stability, CAPA, Regulatory Compliance, Operational Excellence

In today’s fast-paced, highly regulated industries, maintaining process stability and ensuring product quality are paramount. Deviation management plays a critical role in achieving these objectives, offering a structured approach to identifying, addressing, and preventing non-conformities. This blog post explores key strategies for optimizing deviation management and Corrective and Preventive Action (CAPA) processes, drawing insights from our comprehensive whitepaper.

Understanding Deviation Management

Deviation management involves systematically handling unexpected events or variations in processes that could impact product quality or compliance. A robust deviation management system not only addresses immediate issues but also prevents recurrence through thorough root cause analysis and corrective actions.

Key Strategies for Effective Deviation Management

  1. Root Cause Analysis (RCA): Employ structured methodologies such as 5-Why Analysis or Fishbone Diagrams to uncover the underlying causes of deviations. This proactive approach helps prevent future occurrences by addressing the root of the problem.
  2. Standardized Operating Procedures (SOPs): Consistently documented and followed procedures reduce process variability, ensuring a more stable production environment.
  3. Training and Awareness: Regular training empowers employees with the knowledge and skills needed to report deviations accurately and adhere to best practices, fostering a culture of quality and accountability.
  4. Risk-Based Approach: Prioritize preventive measures based on risk assessments, focusing efforts on the most critical process vulnerabilities to enhance overall stability.

Leveraging Technology for Real-Time Monitoring

Utilizing digital tools and automated systems for real-time monitoring can detect early warning signs of deviations, enabling swift corrective actions. This data-driven approach supports continuous improvement and operational excellence by providing actionable insights into process performance.

The Impact of Effective CAPA Management

A well-structured CAPA process transforms deviations into opportunities for long-term process optimization. By addressing deviations proactively, organizations can reduce risks, prevent recurring issues, and achieve greater operational consistency.

Regulatory Compliance and Risk Mitigation

Compliance with global regulatory standards such as EU-GMP and US-FDA is essential for avoiding financial and reputational consequences. Effective deviation management systems ensure systematic reporting, assessment, and investigation procedures, safeguarding product quality and safety.

Achieving Operational Efficiency and Cost Reduction

Integrating data-driven deviation management into operations leads to measurable reductions in compliance-related costs and production downtime. By identifying root causes early and implementing preventive actions, businesses can optimize production efficiency and minimize deviations.

Continuous Improvement and Process Optimization

Embedding deviation management into a continuous improvement strategy fosters a culture of operational excellence. Leveraging insights from past deviations allows companies to enhance processes, reduce waste, and drive long-term improvements.

Conclusion

Effective deviation management is the cornerstone of process stability and quality assurance. By implementing structured RCA, SOPs, and a risk-based approach, organizations can minimize deviations and optimize CAPA processes, ensuring regulatory compliance and operational excellence. For more insights, download our detailed whitepaper and contact our team for expert guidance in enhancing your deviation management strategies.

If you like to know more about Deviation Management, feel free to contact j.siefert@expertsinstitut.de

LinkedIn Posting: https://www.linkedin.com/feed/update/urn:li:activity:7310934145906475008

Experts Institute LinkedIn: https://de.linkedin.com/company/expertsinstitut

www.expertsinstitut.de

/by
,

Untrue Supplier-Audit Reports: The Danger of Ethnocentric GMP-Auditing

If You are in any QA / QU role and are responsible for audits and audit reports in the GxP-context, I encourage You to take time and read this, it will be worth Your while. And if You are a QP (like I have been), this is likely to help You.

Where We Pick Up the Audit Topic

Manufacturers of pharmaceutical products and marketing authorization holders are required to ensure that audits at critical suppliers and service providers are done in a regular basis: active substance suppliers, suppliers of primary and printed packaging materials, and many others. This is basic, everyone knows this. However…

The supply chain is typically globalized and suppliers and manufacturers of materials are located all over the globe. When audits are carried out at suppliers located in a different culture, auditors always bring in their understanding of GMP and quality expectations-and here is the news: these are projected by the auditors on the auditees in culturally driven way and interpretation.

Auditors are Biased and Lack Understanding

Often auditors are trained to ask clear questions, closed questions, sometimes intentionally open questions, hypothetical questions, and often “show me” questions. Auditors expect to hear clear cut answers, yes or no, black or white, clarity – ambiguity is not typically acceptable as an answer.

But this way of auditing and listening in audits is actually called #ethnocentrism and it leads to very inaccurate audit reports. Such inaccuracy is very dangerous for supply chain and product quality asusrance! And this is a danger this industry cannot affort. We don’t produce umbrellas, but medication, we do this for patients, people who have serious needs…

Auditors assume to be heard and understood like they would be in their own birth cultural context, and even in their own company. It is an expectation which auditors bring with them due to their cultural bias in how communication should work. And so they filter what they see and hear in an audit through what they believe everyone uses to communicate.

Another assumption is that because a standard like GMP is laid down in writing, everyone sort of will understand this the same way, or at least to a contained degree of variability. Another ehtnocentric assumption: keeping in with the text of GMP requirements is what drives quality. As long as everyone else shares this – no problem. But the issue is: not everyone does! As a matter of fact, most cultures in this world do not share the mindset that underlies GMP.

The underlying problem is that GMP and similar quality standards have spawned in a Western cultural framework. This framework is not the majority reality in the world, it is a minority view no matter how important we think we are. Auditors do in almost all cases not know this, and they do not understand how big the impact of this is on what is heard and understood in audits, and what documents and records really mean.

It is needless to say that many drug manufacturing companies care very little about this aspect of audits and audit reports. Since the auditee is perceived as a supplier and only as that, the auditors feel – just like their company – that treating audit situations as an exchange of two business partners is not necessary. Another proof of ethnocentrism.

Real Consequences – Supply Contraction and Patient Risk

Especially in Asia (supplier in China, India, Japan to name a few) this will ultimately lead to a contraction of the supply range, meaning that the supply to European and Western-based companies will be a decreasing market priority to these Asian suppliers. Suppliers in Asia are fine with the Asian market alone, we must not forget that. The West is a very small part of the global village community. If we don’t take this seriously then it is our own fault.

The much bigger issue for the now is though that audit reports most often misrepresent what is going on at the supplier. Miscommunication happens so often without the auditor(s) even noticing it. And it ends up in the audit report, either as a conclusion that a particular audit topic was fine at the supplier (though it wasn’t) or that observations and deficiencies are noted that are simply not true.

The issues that come with ethnocentric auditing, which happens in almost every cross-cultural audit are significant and relevant! And they are essentially unaddressed. Auditors should not be sent into such an audit setting without a proper understandig of this.

Now What?

We seek to train our consultants and audit specialists at EI and our client auditors regarding this issue. And although no person can be truly multicultural, knowing the pitfalls makes a world of difference for the quality that is delivered.

If You are an auditor You cannot guess things in another culture, even in a business or highly regulated setting. Someone needs to show You, teach You, make You understand, and apply it. If not then audit reports will be sub-standard, inaccurate at best. And we will convince ourselves erroneously that we did a good job, and we will deceive ourselves to think that we were the ones who taught the auditee something new, although it is us who had a chance to learn and we did not take it.

Do You want to be an auditor who after 30 or 40 years of work realizes “goodness I got this wrong all my life”? Patient health and safety depend more on accurate auditing than we might think. We owe it to those who depend on medication to do our vey best.

#auditsandinspections #thegoodauditor #interculturalcommunication #GMP #business #activesubstances #api #excipients #supplierqualification #supplychainmanagement

If You like to know more about this, feel free to contact d.gross@expertsinstitut.de or visit www.expertsinstitut.de.

/by
,

Insights into our project experience: Successful implementation of quality assurance agreements (QAA) in the pharmaceutical industry

As part of a project for a pharmaceutical manufacturer and its contract manufacturer, we demonstrated our expertise in the implementation of quality assurance agreements (QAA). The aim of the project was to optimize the quality assurance processes and ensure compliance with the current GMP guidelines.
The project was implemented under challenging conditions, which were characterized by strict regulatory requirements and tight schedules. Our team of experienced GMP consultants and QA specialists developed tailor-made solutions, including the creation, review, updating and negotiation of quality assurance agreements, delimitation of responsibility agreements (VAV), technical agreements and QP agreements – in both German and English.
Close coordination with the client’s internal departments and external contractual partners was a key success factor. Thanks to targeted project management and precise negotiating skills, time-critical contracts were concluded on schedule. We also optimized relevant processes, revised SOPs and templates, thereby achieving significant efficiency gains.
Our expertise in supplier management and supplier qualification was crucial to the success of the project. In addition, we ensured sustainable implementation and compliance with regulatory requirements through targeted induction and training of the teams.
The successful implementation of the project not only led to a noticeable improvement in quality assurance, but also to a deepening of cooperation with the customers. This example illustrates how even complex challenges can be overcome with a clear strategy, sound expertise and a well-coordinated team.

/by

Test

/by

GMP standards for medicinal cannabis: guaranteeing quality in an emerging industry

The medical use of cannabis is gaining increasing recognition and legal approval worldwide, leading to growing demand and increased regulation. In this dynamic environment, Good Manufacturing Practice (GMP) standards are crucial for the production of safe, high-quality products. However, the implementation of GMP standards is a challenge for the medical cannabis industry, as many companies first need to establish the necessary structures and skills. Specialized consulting can make a significant contribution to the efficient implementation of GMP-compliant processes.

GMP standards and their importance in medical cannabis production

GMP standards, implemented by the Food and Drug Administration (FDA) and further developed by the World Health Organization (WHO) and adapted to the global market, are a global quality benchmark for the pharmaceutical industry. These standards require strict specifications for the documentation, control and monitoring of production processes in order to ensure product safety and efficacy [1]. In the medical cannabis industry, these standards are of fundamental importance, as there are no guidelines specifically developed for cannabis production, although cannabis products are also used as medicines and can affect vulnerable patient groups. Instead, reference is made to the general processing of herbal substances [2], which is particularly important in the drying and preparation of plants. GMP ensures that all products are manufactured in a hygienic environment under controlled conditions to avoid contamination and ensure the safety of the final products [3].

Challenges of GMP implementation in the cannabis industry

GMP implementation in cannabis production poses specific challenges. For example, ensuring consistent product quality requires precise control over the entire manufacturing process – from raw material extraction to bottling. Medical cannabis products must have consistent concentrations of active ingredients to ensure therapeutic effects, which requires precise process control and laboratory testing [4]. In many cases, however, companies lack comprehensive knowledge of GMP standards and their specific application to cannabis production.

GMP compliance is complex and requires not only the establishment of suitable processes, but also the training of personnel and the implementation of quality assurance systems. In addition, regulatory requirements vary from country to country and are constantly evolving. Strategic advice can help to overcome specific challenges and ensure ongoing compliance with GMP requirements.

Good manufacturing practice (GMP) in practice: important steps and measures

1. production environment and hygiene: GMP guidelines require a strictly controlled production environment to prevent contamination by microorganisms, heavy metals or pesticides. Cannabis products must not contain any undesirable residues that could impair efficacy or safety [5].

2. quality control and laboratory testing: Each production batch of medicinal cannabis must undergo rigorous testing to confirm the active ingredient content and rule out impurities. These laboratory tests ensure that the final product meets quality standards and that consumers are not exposed to any risks [3].

3. documentation and traceability: GMP compliance requires comprehensive documentation and complete traceability of products in order to be able to act quickly in the event of quality problems or recalls. Every production stage, every test and every release must be documented in detail in order to prove conformity [1].

4. staff training: GMP standards require continuous training and education of employees to ensure that all processes are carried out and documented correctly. For many companies in the cannabis industry, this poses an additional challenge, as specific GMP knowledge is often not sufficiently available in the team [4].

The added value of specialized consulting for GMP-compliant processes

Strict compliance with GMP standards is essential for companies in the medical cannabis industry in order to be successful on international markets and build trust with consumers. However, especially for companies that are new to the market, the implementation of these standards requires considerable organizational and financial effort.

Our consulting expertise supports you in all phases of GMP implementation – from the development of a customized quality management system to employee training and complete documentation. We also offer regular audits and support in preparing for inspections to ensure continuous GMP compliance.

Conclusion: GMP as a guarantee of safety and trust in the medical cannabis industry

The requirements for medical cannabis are constantly increasing, as patient safety is a top priority and regulatory requirements are growing. The implementation and maintenance of GMP standards are a basic requirement for any company that wants to establish itself in this market in the long term.

We are happy to support you in achieving GMP compliance cost-efficiently and sustainably, strengthening your market position and guaranteeing the safety of your products. Get ahead and in touch with us – info@expertsinstitut.de

Sources

1. Good Manufacturing Practices for Pharmaceutical Products: Main Principles. World Health Organization (WHO).

2. cannabis Q&A for the public

3. Quality Standards and Practices in the Medical Cannabis Industry. International Journal of Drug Policy.

4. WHO Guidelines on Good Agricultural and Collection Practices (GACP) for Medicinal Plants. WHO, 2003.

5. Good Distribution Practice for Medical Cannabis Products. European Commission, 2017.

Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

/by

Top talent out of reach? Discover 7 situations in which a recruitment consultancy is your ace up your sleeve!

In today’s world of work, talent is often hard to find, especially when it comes to specialized positions or discreet new appointments. But when is it really worth hiring a recruitment consultancy? Here are some key situations where using experts not only saves time, but also ensures success – from targeting rare skills to strategic workforce planning. Read on to find out how a recruitment consultancy can give your business a real advantage.

1. difficult or specialized positions:

  • Narrow candidate market: If the position to be filled is very specialized and the job market is tight, a recruitment consultancy can help you find the right candidates.
  • Rare qualifications: For positions that require very specific knowledge and skills that are rare to find.

2. lack of time and efficiency:

  • Scarcity of resources: When the company does not have the internal resources or time to carry out the recruitment process itself.
  • Fast filling: If the position needs to be filled quickly and the internal team cannot speed up the process.

3. discretion and confidentiality:

  • Confidential appointments: When the search for a new employee needs to be handled discreetly, for example when replacing managers, without the current workforce or competitors finding out.

4. access to a broader network:

  • Recruitment consultancy network: Recruitment consultancies often have a large network and access to passive candidates who are not actively looking for a job, but could still be open to new opportunities.

5. professional expertise:

  • Industry knowledge: Recruitment consultancies often have deep insights and experience in certain industries and are therefore better able to identify suitable candidates.
  • Market knowledge: Consultants know the current market trends and salary levels and can help companies to remain competitive.

6. minimization of incorrect appointments:

  • Careful selection: Professional methods and comprehensive interviews, tests and reference checks can reduce the risk of wrong appointments.
  • Long-term retention: HR consultancies often also support the integration and induction of new employees, which promotes long-term retention.

7. strategic personnel planning:

  • Growth phases: In phases of company growth or expansion, HR consultancies can help to strategically plan and recruit the required talent.
  • Restructuring: In the event of restructuring or changes in corporate strategy, consulting can help to find the right managers or specialists.

    Overall, it makes sense to hire a recruitment consultancy if the company has specific requirements that are difficult to fulfill internally, if discretion and professionalism are required or if the internal capacities and networks are not sufficient to find the best possible candidates.

    We are happy to be at your side when it comes to the decision to hire a personnel consultancy. Contact us without obligation! Get ahead and in touch with us – info@expertsinstitut.de

    Read our entire blog: https://experts-institut.de/newsroom/
    And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

    /by
    ,

    GxP audits: How important are they and how are they conducted?

    In the highly regulated pharmaceutical industry, audits are more than just a control mechanism – they are an indispensable tool for ensuring the quality and compliance of processes. Audits play a key role in ensuring that companies adhere to the strict requirements of Good Manufacturing Practice (GMP) and other GxP standards. The aim is not only to identify errors, but also to continuously improve processes and eliminate weaknesses before they lead to errors or quality problems. The role of audits in quality management can therefore not be overestimated. They help to meet regulatory requirements and at the same time strengthen the trust of customers and authorities in the company.

    Below you will find out what a GxP audit is, why it is so important for companies in regulated industries and how it can be carried out optimally.

    What is a GxP audit?

    An audit is a systematic, independent and documented review that serves to determine whether activities and results meet the planned requirements. So much for the theory.

    In the GxP area, audits are particularly important in practice, as they ensure that all processes actually meet the strict requirements of GMP, GLP and GCP standards. These audits not only check compliance with regulations, but also whether processes are used for continuous improvement and risk reduction and actually make this contribution.

    Why are audits in the GxP area so important?

    Audits fulfill a central function in the so-called Pharmaceutical Quality System (PQS) and offer many advantages that are important for the entire industry:

    • Audits guarantee that companies comply with and implement the legal and regulatory requirements in such a way that the medicines produced are of truly impeccable quality and also safe.
    • Audits make it possible to identify potential errors in operations and production at an early stage so that measures can be taken to minimize risks. This prevents critical errors or weaknesses in the production process from leading to serious problems and questionable medicines from reaching the market and patients.
    • Audits offer the opportunity to evaluate existing processes and identify optimization potential. In this way, companies can increase their efficiency and improve quality at the same time.
    • Regular audits strengthen the trust of customers, partners and regulatory authorities. A well-documented and executed audit shows that the company is able to critically scrutinize itself in order to reliably deliver high-quality products to the market.

    The audit process: step by step

    An audit in the GxP area follows a structured procedure that enables the auditor to thoroughly examine the processes in the company. Typically, an audit consists of six main phases:

    1. Planning: Audit preparation is crucial for success. The parties involved must ensure that all relevant people and documents are available. Thorough planning ensures a smooth process.
    2. The initial meeting: In this step, the auditors and the representatives of the company to be audited meet at the start of the audit. The audit plan or the audit agenda is discussed again. Questions are also clarified here and expectations are defined if they have not already been clearly understood before the audit.
    3. Conducting the audit: The auditor checks the company’s premises, machines, documents and processes. Interviews with employees also take place during this phase in order to assess the practical implementation of the processes.
    4. The final meeting: At the end of the audit, the results are summarized. This is where we discuss what worked well and where there is room for improvement.
    5. The audit report: The auditor prepares a detailed report documenting the results of the audit. This report also contains recommendations to help the company eliminate weaknesses and further improve processes.
    6. Follow-up of the audit results: After the audit, follow-up is essential to ensure that the recommended measures have been implemented. This includes documenting the corrections and, if necessary, rechecks to ensure the sustainability of the improvements.

    Preparing the audited company for a GxP audit: how to succeed

    Thorough preparation is the key to a successful audit. Companies should ensure that their documents are complete and up-to-date and that their employees are aware of the requirements of the audit. Employee training plays a central role here, as a well-prepared team helps to ensure that the audit runs smoothly and possible deficiencies can be identified at an early stage.

    Tips for audit preparation:

    • Review all important documents, including SOPs (standard operating procedures), batch documentation and qualification documents
    • If possible, carry out internal mock audits in advance to identify weaknesses in advance
    • Bring your team up to speed on regulatory requirements and audit expectations

    Successful audit practice: the key to success

    A successful audit requires careful preparation, a clear structure and detailed follow-up. Cooperation between the auditor and the audited company is of great importance in order to develop a common understanding of the requirements and expectations. This not only promotes compliance, but also the continuous improvement of processes. Companies that integrate regular audits into their business processes improve their quality assurance and reduce the risk of production errors or non-compliance with regulations.

    Conclusion: Audits as the key to quality assurance

    Audits are an indispensable part of quality management in the GxP sector. They not only help to ensure compliance with regulations, but also promote the quality and safety of products. Thorough preparation and the selection of experienced auditors are crucial to the success of an audit.

    At Experts Institut, we not only offer training courses for auditors, but are also happy to support you in ensuring your compliance and continuously improving your processes. We can do “audits”. Contact us at info@expertsinstitut.de

    Would you like to find out more?

    Listen to our podcast episode “Audits in the pharmaceutical industry”, in which we examine the importance and challenges of audits in detail: https://podcasters.spotify.com/pod/show/experts-insights/episodes/Audits-in-der-Pharmaindustrie-e2of577

    Read our blog: experts-institut.de/newsroom

    Follow us on LinkedIn: Experts Institute LinkedIn

    /by
    ,

    GMP Guidance for Artificial Intelligence (AI), Machine Learning (ML) and Digital Transformation: How it Finally Begins to Enter the EU GMP Guide

    The Now: Gaping Holes

    When sifting through today’s status of the EU GMP Guide, it does not take an expert to see that there are gaping holes on topics of engineering, management of computerized systems, data integrity, digitalization and application of artificial intelligence.

    Not that the guide has nothing to say to some of these areas. At least by means of implication the guide says lots of things between the lines. This very “in-between” is what gives pharmaceutical manufacturers quite a headache when facing governmental inspections.

    The issue is that what it has to say does not cover what’s actually out there. And “by implication” is simply not a good advisor for the industry. It may be good enough for an inspector to set up interpretive requirements and for giving industry a hard time. But for a company it is simply not practicable when a text is elusive.

    Although we have best practices like ISPE GAMP5 or other guidance somewhere out in the GxP universe, we would like to know from our most relevant guide-the EU GMP Guide-what is required. And this very guide has been doing a rather horrible job to provide the input industry needs (it seems not surprising that some EU countries struggle massively to keep life sciences and pharmaceuticals on their territory).

    A New Hope

    A new hope may be on the horizon as we have been expecting a revised version of Annex 11. There-so the concept paper tells us-we will receive a text that will address words such as artificial intelligence, clouds, and even digital transformation. One might wonder whether it is worth holding our breath for the release of the new Annex 11, as high hopes have been shown to greatly disappoint before. One might remember Annex 21 or interpretive documents from local supervizing authorities, that in the end have not been helpful for real life at all.

    However, in this case it may be different. Can we guess some consequences from this next generation Annex 11?

    GMP

    GMP Data Integrity Finally Takes Center Stage

    Although some would passionately disagree with me on this, the EU GMP guide has virtually lacked clarity on data integrity for decades. It was the US FDA who had to essentially teach us in Europe what Data Integrity is and why this is important. Without them we would still think that Good Documentation Practices and Validation of Spreadsheets is all it takes.

    I love how every EU member state GMP inspector knows exactly what is necessary in terms of data integrity-only with next to no express textual basis for it in the EU GMP guide. I mean sure: evey company has by now heard of data integrity, letalone has received inspections that dealt with it. And yes, we were told after the fact that the GMP guide has “always meant” data integrity in various little phrases of the guide. But that seemed a bit of a crutch to assure the colleagues from US FDA that in Europe data integrity is something we “totally want and require!”

    Point taken, it is true that in the Annex 11 we had such wording in some spots. And now the EU guide will finally take into consideration the fuller importance of data integrity-at least for computerized systems. One can tell that the EU grows more towards considering guidance from for example WHO or PIC/S.

    The consequences will be that audit trails and audit trail review requirements will be clarified and likely deepend. More work. The bar for what is “basic” will be raised.

    The same will happen for archiving, backups, and retrieval requirements for archived data. Companies will unlikely be able to keep playing the low-key game in the archiving area.

    Management of Clouds will be a Topic

    This will be upgraded, or actually decently considered in the new Annex 11. And here I must say that this is positive improvement. The GMP guide has been pretty much blind to this for quite some time now. It will be a reasonable change. It will be interesting to see how block-chain systems will be treated under the new Annex 11.

    And I certainly will be interested to see how cloud hosts seriously validate and qualify their systems, software, and infrastructure. The hunsh is: this is going to cause trouble for some service providers. My recommendation to cloud providers who have pharma-clients: Get ready for it now, or You will be out of business before You know it.

    If this enters Annex 11 it could mean:

    – cloud services must qualify their infrastructure according to GMP.

    – they must validate their software fully in line with GMP as well.

    This essentially would require a quality-oriented quality management system (and no, ISO9001 would not suffice, not the slightest chance for anyone who wants to take this seriously).

    GMP for Artificial Intelligence (AI) and Machine Learning (ML) will Hatch

    We must be honest here: it might not be a whole lot of guidance what we will receive from the revised Annex 11:

    The primary focus should be on the relevance, adequacy and integrity of the data used to test these models with, and on the results (metrics) from such testing, rather that on the process of selecting, training and optimizing the models.

    https://www.ema.europa.eu/en/documents/regulatory-procedural-guideline/concept-paper-revision-annex-11-guidelines-good-manufacturing-practice-medicinal-products-computerised-systems_en.pdf

    Though this quote from the concept paper is as elusive as sand running through one’s fingers, it does give us a tiny insight into what will be important to a regulator or a GMP-inspector: data (and their quality) used to feed AI models.

    One of the biggest questions is: How in the world do we validate AI and ML? Will AI or ML need to be validated according to the typical V-model? In reality this seems almost impssible, since any software code change would required re-validation. And code changes might have to be expected, especially with machine learning. My assupmtion is that we will not receive much help here form the new Annex 11. Industry will be thrown back on non-governmental best practice guidance-as is often the case.

    “No New Requirements”

    It must be acknowledged that some of what we will find in the revised Annex 11 will likely be clarification and nailing down of requirements that were logical consequences from what is in the current version of the Annex. Yet, we will also find more work, new requirements.

    For each company a careful gap assessment will be in order, and for those who have gotten away with mediocre management of electronic systems it will be time to act and invest in modernization.

    Needless to say, that I am already looking forward to the next years at Experts Institut, when those projects will continue to fill our work schedules. It is a great challenge!

    GMP Challenges for Small Pharmaceutical Businesses

    I encourage representatives of small businesses – smaller pharmaceutical entities – to comment and to give feedback once the draft to the new Annex 11 is out. Often it is the larger pharmaceutical businesses that drive or influence what best practice is or what those texts may contain. A consequence can be that the requirements push smaller companies off the cliff of financial and infrastructural fesability. This does not need to be so. But small businesses must take a bit of a stand here. Take the chances You get, that is my recommendation. Digitalization and the use of AI and ML are unstoppable because neither society and nor the economy will not stop it. This is coming at the industry real fast. And it will likely make or break smaller business in the near future. So – get ahead with it!

    Experts Institute can help!

    Need help with GMP-Digitalization projects and AI-validation concepts? Contact us. Management consultancy GMP, GXP & Business Solutions | Experts Institut (experts-institut.com).

    Read our full blog: https://experts-institut.de/newsroom/

    And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

    /by

    Information security – a must for modern companies

    In today’s digital world, information security is more than just a technical concern: it is a business-critical necessity. Companies must protect sensitive data and at the same time meet legal requirements. This article highlights the most important aspects of information security with a focus on the implementation of an ISMS according to ISO 27001 and the new EU NIS2 directive, which comes into force in 2024.

    Why is information security important?

    Information security ensures the confidentiality, integrity and availability of data and IT systems. It not only protects against cyber attacks, but also ensures the continuity of business processes. An effective information security management system (ISMS) helps companies to identify and minimize risks.

    Implementation of an ISMS through ISO 27001

    ISO 27001 is an internationally recognized standard that helps companies to develop and implement an ISMS. It offers a systematic approach to protecting information and minimizing risks.

    Why is ISO 27001 important?

    • By complying with ISO 27001, companies can strengthen the trust of their customers and partners
    • Many industries require compliance with certain security standards, ISO 27001 helps to meet these requirements
    • The standard provides a clear framework for identifying and managing security risks

    Steps for implementation

    1. A project team is set up to take responsibility for implementing the ISMS
    2. Clear roles and responsibilities are defined to ensure smooth implementation
    3. A delta audit and an inventory are carried out to identify vulnerabilities and the current security status
    4. All employees involved are sensitized and qualified through targeted training courses
    5. Departments receive weekly task packages that cover various chapters of ISO 27001
    6. A comprehensive, digitalized ISMS is created to ensure sustainable information security
    7. Internal auditors are trained to carry out regular audits in the company
    8. Regular internal audits ensure that all measures are properly complied with
    9. A gap analysis is used to identify weaknesses, which are then remedied with a concrete action plan
    10. The action plan is implemented by implementing the planned measures in a targeted manner
    11. The certification process is continuously monitored until successful completion of ISO 27001 certification

    NIS2 and the connection to ISO 27001

    The NIS2 Directive, which comes into force in October 2024, tightens information security requirements, especially for operators of critical infrastructure (KRITIS), and affects around 21,600 new companies in Europe. The aim of the directive is to strengthen protection against cyberattacks and resilience.

    ISO 27001 and NIS2 both pursue the goal of information security, but differ in scope. While ISO 27001 provides a flexible framework for implementing an ISMS, NIS2 adds additional requirements specifically aimed at KRITIS operators and critical facilities. Companies that are ISO 27001 compliant have already met many of the NIS2 requirements.

    NIS2 introduces the following obligations for companies:

    • Companies need to further enhance their security standards and conduct regular audits to ensure both cyber security and physical resilience
    • Security incidents must be reported within 24 hours as there are stricter reporting requirements
    • Violations may result in penalties in the form of fines of up to 10 million euros or 2% of global turnover

    Conclusion: Why information security is essential for companies

    The importance of information security in the modern business world cannot be overemphasized. With increasing connectivity and the steady rise of cyber threats, it is becoming imperative for companies to develop robust security strategies and comply with regulatory requirements such as the NIS2 directive. By implementing an effective information security management system in accordance with ISO 27001, companies can not only minimize their risk, but also strengthen the trust of their customers and partners. Given the new challenges that come with NIS2, it is crucial that companies act proactively to adapt to the increased information security requirements and avoid potential sanctions.

    How we as Experts Institut can help

    As Experts Institut, we offer comprehensive consulting services for the implementation and optimization of ISMS in accordance with ISO 27001. We also support companies in implementing the new requirements of the NIS2 directive. Our focus is on supporting customers in complying with IT compliance requirements and strengthening their information security.

    Are you considering optimizing the security measures in your company? Get ahead and in touch with us – info@expertsinstitut.de

    Read our entire blog: https://experts-institut.de/newsroom/

    And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

    /by

    ISO 9001 certification: Step by step to a successful QMS

    ISO 9001 certification is an internationally recognized standard in quality management. It stands for trust, efficiency and reliability – qualities that customers and business partners value. However, the certification process can seem challenging. In this guide, you will learn how to successfully implement certification and how we can support you step by step.

    Why ISO 9001 certification?

    ISO 9001 certification offers many advantages: more efficient processes, better risk management and greater trust from customers and partners. It can also open up new business opportunities, as many tenders and contracts require ISO certification.

    ISO 9001

    1. initial consultation and analysis: the start

    The first step towards ISO 9001 certification is a comprehensive analysis of your existing structures and processes. This will determine how well your quality management system (QMS) already meets the requirements of the standard and where improvements are needed.

    Why is this important? Many companies already unconsciously fulfill parts of the ISO 9001 standards. A professional analysis uncovers these strengths and identifies specific weaknesses in order to make the process efficient and time-saving.

    2. planning the implementation: tailored to your requirements

    Following the analysis, a customized implementation plan is drawn up that defines all the steps required for full compliance with ISO 9001 standards.

    What makes this step so important? Thoughtful planning ensures that the standard requirements are implemented without disrupting your day-to-day operations. This maximizes the benefits of certification and minimizes disruption.

    3. implementation of the quality management system (QMS)

    Now it is a matter of either implementing the QMS from scratch or optimizing existing processes. This ensures that all requirements of the ISO 9001 standard are met.

    Why is this important? An optimized QMS not only improves the quality of your products and services, but also increases efficiency. Clear processes, reduced errors and motivated employees contribute to successful certification.

    4. internal audits and training: Preparation is everything

    Internal audits and the training of your employees are essential components before the official certification audit begins. They identify weak points and ensure that the QMS is implemented correctly. At the same time, employees are prepared for the new processes.

    Why this step? Training ensures that employees understand the new processes and use the QMS efficiently. The internal audits ensure that your company is ready for official certification.

    5th certification audit: The decisive step

    During the certification audit, an external auditor checks whether your company meets the ISO 9001 requirements. This is the last step before receiving the certificate.

    Our support: We accompany you through the entire audit process and are on hand to answer any questions or challenges you may have. Our aim is to make the audit as smooth as possible and ensure successful certification.

    6. receipt of the certificate: Your seal of quality

    After the successful audit, you will receive the ISO 9001 certificate, which is valid for three years and confirms that your company meets the highest quality standards.

    What comes next? Regular internal audits and continuous improvements are crucial in order to maintain certification in the long term and to be successful in the recertification process.

    Conclusion: Your partner for successful ISO 9001 certification

    ISO 9001 certification requires careful planning and specialist knowledge. With our advice at your side, the process will be smooth and efficient. Contact us to find out more about our customized consulting services and make your certification a success. Get ahead and in touch with us – info@expertsinstitut.de



    Read our entire blog: https://experts-institut.de/newsroom/

    And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut

    /by

    Neustadt

    Experts Institut Beratungs GmbH
    Kirchwiesenstrasse 5

    D-67434 Neustadt a. d. Weinstraße

    Phone: +49 (0)6321 969210
    E-mail: info@expertsinstitut.de

    Fax: +49 (0)6321 9692199

    Bamberg

    Experts Institut Beratungs GmbH
    Untere Sandstraße 53

    D-96047 Bamberg

    Phone: +49 (0)951 51939330
    E-mail: info@expertsinstitut.de

    Freiburg

    Experts Institut Beratungs GmbH
    Habsburgerstrasse 101a

    D-79104 Freiburg im Breisgau

    Phone: +49 (0)6321 9692120
    E-mail: info@expertsinstitut.de

    St. Gilgen (Austria)

    Experts Institut Beratungs GmbH
    Helenenstrasse 16

    A-5340 St. Gilgen, Austria

    Tel.: +43 (0)6227 21068
    E-mail: info@expertsinstitut.de

    kununu