Compliance: It's Just Part of the Package

Nov. 1, 2004
Like computers and cell phones, compliance is not something unique anymore. It has to be built into a company’s cost of doing business, including its automation systems, to meet government and industry-imposed standards.

With manufacturers, compliance can be both nuisance and profanity or accepted reluctantly as a business cost. Says Senior Research Analyst Alison Smith, of Boston-headquartered AMR Research, “In the regulated industry, the cost of compliance is viewed as a necessary evil.” Matthias Grossman, chief executive officer of Lexington, Mass.-based quality-systems software supplier IBS America Inc., says he’s heard analysts describe industry’s attitude as split evenly among resistance, grudging acceptance and seeing profit opportunities.

Regardless, environmental, worker health-and-safety and product-safety standards are neither new nor transient. And onerous or not, industry-motivated or government-forced compliance is highly visible because of brand protection and public health and welfare, including terrorists’ threats. A consequence of safety problems with vehicle tires is the U.S. Transportation Recall Enhancement, Accountability and Documentation, or TREAD, Act. Pharmaceuticals and medical-device manufacturers contend with the Food and Drug Administration’s (FDA’s) 21 Code of Federal Regulations (CFR) Part 11: “Guidance for Industry: Electronic Records; Electronic Signatures.” Some new European Union compliance mandates are Waste Electrical and Electronic Equipment, or WEEE; and Restriction of Hazardous Substances in electrical and electronic equipment, or RoHS.

Compliance has different meanings, says AMR’s Smith. For instance, at enterprises’ highest reach, American manufacturers must deal with the Sarbanes-Oxley Act of 2002, which impacts corporate governance, financial disclosure and public accounting practices. At the manufacturing level, some metrics that companies must report accurately because of the Act are scrap and yield, says Carter Johnson, vice president of strategy for Atlanta-based quality-and-compliance software supplier Visiprise Inc. That information traditionally comes from a manufacturing execution system (MES), he says.

But at the shop floor, information management becomes as critical as production management because government and industry-motivated product standards directly affect production and profitability.

Protecting data integrity

The FDA’s 21 CFR Part 11 is one such standard. Its intent is replacing hard copy with reliable, traceable electronic records. The rule applies to paper records required by law or agency regulations. It provides criteria for considering equivalence of electronic records to paper records and equivalence of electronic signatures to handwritten ones. For closed, limited-access systems containing electronic records, the rule describes controls designed “to ensure the integrity of system operations and information stored in the system.”

For life-sciences companies, production data integrity is the single most important feature of the information management system, declares Jay Ruhe, a batch and MES consultant with ABB Inc.’s Automation Technologies Division, in Wickliffe, Ohio. “The severity of this (data-integrity) requirement most often is stated as, ‘Without a complete and accurate batch record, the actual product cannot be sold, and therefore has no value.’ ” He says the second most important system feature is runtime flexibility. It maintains product quality and optimum production throughput when some failure occurs.

Product quality and tracking now is paramount for high-tech medical-device manufacturers and pharmaceutical companies, because 21 CFR Part 11 requires documentation of every production step. “Those documents have workflow associated with them,” says IBS America’s Grossman, and could relate to products, purchases or company-internal processes. A document control system tracks two basic parameters, he says: identity and content. But content alone doesn’t help with compliance. “You need to know who created the document. How long is it valid? Who’s approving it? Does it need to be reviewed and by whom? Who needs training?”

Why is traceability the focus of Part 11? If a product has the ability to help or hurt someone, explains Johnson, the FDA requires the manufacturer to keep records for potential audits and inspections. Some required information includes: where the product was made; who made it; the time and date it was produced; every serialized supplier component that went into it; and if the operator was trained to perform the activity. AMR’s Smith says this broad requirement is driving the current rapid adoption of quality-issue tracking systems, which are not manufacturing systems, she emphasizes. “They simply overlay them and interact to the extent that they capture procedural aspects of the process.”

Information gathered establishes the electronic record-keeping device’s history record. It helps manufacturers understand change control, says Montreal-based Yves Dufort, corporate director of services for Wonderware, an Invensys company in Lake Forest, Calif. However, internal territorial-based discord arose that created conflicts in some major pharmaceuticals companies, he says. For instance, quality assurance (QA) departments typically are responsible for product compliance-and-safety issues. “QA wouldn’t compromise on anything—that had a huge impact on costs,” he notes. Now, the emphasis is more on finished-goods quality, he says, which means the QA function is more likely to merge with materials management.

Product tracking, which may involve scanning of text on boxes and labels, has the goal of FDA-required validation. That occurs, Smith says, whenever such systems interact with production, but may be costly. “Some data we have from manufacturers is that the validation itself is nearly as expensive as the software (to perform it).”

Yes, it was costly once, Dufort says. Five years ago, companies estimated the costs to generate all compliance documents and validation by adding an additional 30 percent of the project’s total costs. However, costs have dropped dramatically, he asserts, because companies now shift the validation burden to the vendor.

Built-in validation

For example, when an engineering firm went to a facility to set up a batching formulation, “you’d have the validation people (from an outside firm) come right after them, to generate validation or qualifications documents from scratch and also do qualification testing,” says Dufort. Qualification demonstrates that process equipment and associated systems comply with codes and designs and operate consistently within certain limits. Validation establishes and assures computer-related systems consistently meet specifications.

But, now, instead of two separate, back-to-back activities having no knowledge of each other, “we’re being asked by the regulated industry to build into our engineering documents the validation protocols and tests that are required for the validation phase,” he explains. Rather than taking 30 percent of engineering costs for validation, “you may be down to 10 percent to 15 percent.”

That good news may fall on deaf ears. Some more traditional and conservative companies, preferring the old way, “don’t want to hear about this,” Dufort states. But more innovative companies, which seek better return on investment (ROI), “will look for more collaboration of qualification and validation.” He believes qualification, validation and compliance—which he thinks are equivalent now—have the shared goal of ensuring the engineering work has been qualified for production.

A total approach to automation is how manufacturers will lower compliance costs, believes Visiprise’s Johnson. A client who makes blood-pressure monitors and electronics equipment for use in other medical devices implemented a manufacturing software solution that essentially replaced a paper system. “The company achieved a 30 percent time-and-cost reduction associated with data collection—and also met FDA requirements and received formal certification.” The payback scenario was about six months, he notes.

The automotive industry, and particularly its Tier 1 suppliers, need track-and-trace, Smith believes, because the issues it faces are the same as those facing high-tech medical-devices manufacturers. She notes that semiconductor fabrication, continuous process and even some high-tech consumer companies face occupational health-and-safety and environmental regulations. Smith also believes that, ultimately, all these sectors will have to provide audit trails based on the FDA pattern.

Huge savings

And as shown earlier, the FDA requirement drives re-examination and improvement of manufacturing economics. In a case study of a client who went from hard-copy to electronic files, Grossman says average cost savings ranged from 60 percent to 90 percent across eight separate categories.

So what’s the ROI from moving from paper-based systems to electronic ones? ROI contributors include fewer human errors and fewer reworks, Smith says. In the front-end of a medical-device manufacturing process, “instead of taking 25 days to take care of a nonconformance, you may need only two or three days.”

While that may be impressive, must manufacturers factor the cost of compliance into operations? You have to, to do business these days, says Smith. But, she adds, “The real savings is in the information capture-and-delivery mechanism. There is a fabulous ROI in gathering data in one place, so you don’t waste time in searching through disparate silos.”

See sidebar to this article: Protect Batches With Continuous Data Tracking