Selecting, Implementing and Using FDA Compliance Software Solutions

1
Selecting,
Implementing
and Using FDA
Compliance
Software Solutions
The Life Sciences Guidebook
The Life Sciences Guidebook: Selecting, Implementing, and Using FDA Compliance Software Solutions
www.etq.com  800.354.4476  info@etq.com
2 |
Table of Contents
Introduction: Why do we need QMS?

Getting on the Quality Managment Software Soapbox �� 1
Getting Started on Your Journey

8 Simple Rules for Selecting a Quality Management Software System �� 4
Look Under the Surface: 4 Things to Ask a Compliance Software Vendor �� 6
Tips for Implementation Success

Build vs. Buy: Best-Practice QMS Solution over Custom Development �� 8
Avoid Scope Creep in Enterprise Software Implementation �� 11
Why Marketing is Important for Your Quality Management System �� 13
Risk Management in QMS

The Importance of Risk in the Complex Quality Lifecycle �� 14
Risk Assessment: Creating a Risk Matrix . . . . . . . . . . . . . . . . . . . . . . . 15
Regulatory Matters-FDA Compliance in Quality Management

Using Complaint Handling Software to Improve Quality �� 17
3 Reasons to Adopt Automated Validation in Quality Management Systems 18
GMP Compliance that Spans Enterprises: Supply Chain Compliance �� 20
Using Quality Management Software Tools to Manage Recalls �� 21
The Bill of Compliance in Quality Management: The Quality Hub Concept �� 23
Final Thoughts: Fun Takes on Quality Management

The Hitchhiker’s Guide to Quality Management Software �� 24
What Star Wars Can Learn from Quality Management Software �� 25
1 | Getting on the Quality Management Software Soapbox
Introduction: Why do We need QMS?
Getting on the Quality Management Software Soapbox

the level of detail needed for risk activities, but make it easy for each
company to adapt and grow their Risk Management program.
What You Didn’t Know, or Were Afraid to Ask

The main obstacle to truly being risk-based is the shift in changing
your understanding of Quality and risk. It’s sometimes difficult to
understand what is “critical” in a business, and therefore overuse
Corrective Actions. Many feel it’s better to just initiate the Corrective
Action and deal with the process than truly assess whether you
even need it. Not every adverse events needs to be a Corrective
Action; this dilutes the purpose of the process. Corrective Actions are
designed to correct critical and/or systemic issues. Risk Assessment
and Risk Management are designed to help discern which is critical
and which is not critical. Non-critical events can be immediately
corrected; however, many businesses do not see the value of
correcting non-critical events in the source data in which they are
found.
Especially in regulated industries where the scrutiny is so high,

we often want to err on the side of caution and do a full-blown
We begin by asking the question, “Is the Quality Management
investigation on a minor event, such as a label smudge. While this
Software market evolving to be easier, or more complex?”
is an important correction, it’s not critical and wastes resources and
As the world market evolves, product lifecycles are speeding up time for a business. First and foremost, organizations need to realize
to accommodate market demand and keep up with competing where their critical events lie, focus on those first, then worry about
products. As a result, Quality benchmarks need to evolve as well. Risk the non-critical areas as they come. Risk Management provides this
is fast becoming the benchmark for assessing Quality throughout ability to filter out the critical events and make the right decisions on
an organization. This is because organizations need a systematic how to handle them.
and objective way of looking at incoming information and making
decisions on how best to manage Quality. Risk Management provides Why Companies are Still Reluctant to Purchase a
this benchmark—it allows for a quantitative method to review QMS
the data and come up with decision criteria to help make better Software is a key component in today’s industries. Again, industries
decisions leading to better Quality. In this day and age, companies are moving faster and much like the automated assembly line, so
cannot afford to lag on their Quality—product lifecycles are moving too must the business processes that govern manufacturing be
too fast and companies cannot keep up. Risk has evolved over the automated. So why are people so hesitant to implement software?
years to be more quantitative in nature and is incorporated into Here are a few potential reasons:
traditional Quality models in order to keep up with the pace of
the new markets. This evolution is seen in adopting risk matrices 1. The Fallacy of the Custom Solution: Most people remember
incorporated into multiple facets of the Quality dynamic; Complaints, the days of the custom-developed solution, where in order to get
Audits, Nonconformances, Corrective Actions, and similar functions the software to work the way you want it to, you need a team of
all use Risk in some form or another. This is growing in interest to the developers over the period of a year or more to code the system
point in which risk activities often govern the processes and are fully into your company’s “mold.” While the stigma remains, the
integrated in the traditional workflows. software has evolved beyond this. Especially in business process
automation (such as Quality), the custom solution is gone, giving
Whereas this was once a discipline reserved for only the leading edge way to the “configured” solution. Adaptations and changes to the
companies, is now becoming mainstream. Most software solutions system are all encased in settings and drag and drop interfaces,
have some element of risk built in, and as more risk solutions making the configuration of the system as easy as changing your
are offered, more companies adopt the risk methodologies. This Facebook settings. Now the business user, not a developer, is
mainstream adoption is going on now and soon it will be hard to find adapting the system to meet the business need; this is extremely
a company that doesn’t have some sort of risk built into their system. powerful and time-saving on resources, but is also putting the
The bottom line is that Risk Management is getting easier to access software design in the hands of the people who actually use the
for all organizations; but it is still a complex dynamic. Each company tools. Very powerful, and organizations are slowly warming up to
will need to determine which risk model best fits their business this concept.
needs. The trick is to find a solution that is flexible enough to provide
your Corrective Action cycle time by 50%, and you’re able to

2. The Fallacy that Software is too Expensive: Much like the focus on the issues that matter most to organization, then you’ve
advent of standardize parts in the automotive industry, having already seen the return. The key here is to ensure that you’ve
a configured system that has all the components developed out maximized the software to realize that return.
of the box has driven the price point down considerably. One
Then there are the not-so-obvious benefits.
solution can satisfy many different organization’s needs, and
so companies can now get into a decent enterprise software 6. Rapid Application Development: As a Quality professional,
product for a fraction of the cost 10, even 5 years ago. you’re not in the business of building applications. But to the
earlier point, software these days is less developing and more
3. The Fallacy of the In-House Maintenance: Another issue that
configuring. Many organizations are leveraging the workflow-
comes up with many smaller businesses is a small IT footprint.
based platforms to extend the software to more areas of the
They cannot manage yet another system, and IT will not
business. Take the Environmental Health and Safety (EHS) system
administer the system for them. Thanks to the advent of cloud
for example—many Quality systems have similar functions to
computing, we are seeing this paradigm slowly fade. Software
that of an EHS system. If you can leverage your existing solution
as a Service (SaaS) is growing in exponential fashion, and it
in Quality, and create a similar set of modules for the EHS team,
enables a small organization to get into the game with little to no
you’ve not only doubled the power of the software to another
administrative IT footprint. Much like we use Facebook, Pandora,
operational area, but you’ve also created another “hero moment”
and LinkedIn in our personal lives, so too are professional
for you and your team. Many organizations have become a
software solutions coming into the fray. Applications that are
center of excellence due in part to their use and innovation into
delivered in the cloud and are paid as a subscription are enabling
other areas like EHS, HR, PLM, and Supplier Management.
smaller businesses to enjoy the benefits of enterprise Quality
Management solutions, without having to dedicate specific 7. Enterprise Risk Management: QMS solutions that incorporate
resources or significant cash flow to a single tool. Pay as you risk are unique in that the risk concept transcends Quality. Risk
go—it’s the way of the future. is a company-wide issue. You’ve heard the mantra, “Quality
is everyone’s responsibility.” That’s a nice statement, but
Everyone resists change. Most often, the larger companies will be
often Quality is really only the “responsibility” of the Quality
the ones to take the first step, and sometimes the innovators in
department. Very few outside of Quality actually “speak” Quality,
the industry, regardless of size. Mainstream adoption often comes
so there is a disconnect. However, everyone in the company
when it becomes easier to make the change from one system (or no
speaks risk. By using risk as a benchmark, you are translating
system) to an automated software tool. With flexible, configurable
your Quality activities into risks and opportunities that the entire
solutions that can be deployed in-house or over the Web, change
company can understand. Enterprise Risk is a function that can
becomes easier, and more and more small to mid-sized organizations
come from Quality and be extended to the entire organization.
can enjoy the benefits of the solutions in the market today.
Along with that, a risk-based QMS can be extended to
encompass the entire enterprise, thereby becoming an Enterprise
What are the Obvious and Not-so-Obvious Risk Management (ERM) solution.
Benefits to a QMS Solution?
As with anything, you often find that your goals change over time. What’s Your Price? Moreover, what’s Your Price
This is also the case with an enterprise Quality Management System
Not to go with QMS?
(QMS). Many will enter into an investment in a QMS with very specific
How much to pay for an Enterprise Quality Management solution?
goals—“implement Document Control and Corrective Action,” and
Again, when we look at this, we have to discuss in terms of not price
then as they see more value, they see more potential in the software.
point, but also investment and return. How much is an automated
You get the “core” needs covered, and then as that is running
system worth to your organization? Typically enterprise systems will
smoothly you begin to look for ways to make the software work for
not be cheap, but the key is to do your due diligence and examine
you elsewhere. That’s what it’s for—it makes your job easier. The
your current “as-is” and the potential “to-be” by implementing a
obvious benefits are:
system. Configurable systems and systems hosted in the Cloud will
4. Time-savings: Let’s face it—manually processes are time- be offered at a reasonable price, and as these systems become more
consuming. Chasing paper is not what you’re in Quality for. You flexible and easily deployed, you will see the price points go down.
need to be able to free up as much time dedicated to ensuring Consider the following examples of Return on Investment (ROI):
the Quality and Compliance of your operation. Software can
1. Case: One Life Sciences consumer goods company was using
provide that time-savings through automating processes,
over 500 systems to manage both Quality and EHS (QEHS)
integrating with other business systems, and fostering better
processes. This varied in range from spreadsheets to enterprise
visibility and collaboration throughout the business.
ERP systems, across all of their global applications. Managing
5. Return on Investment: There’s not doubt that software is an 500+ different sources of data left them with a disparate view
investment. From the small desktop solutions to the enterprise of their QEHS. They decided to make the investment in an
systems, there is an investment to be made. The return on that automated solution, and thanks to the benefits listed above,
investment is where the difference is made. If you can reduce they’ve reduce the 500+ systems down to a single system.
Regardless of their actual investment cost, the benefit of having a

single source of the truth has been an overwhelming return.
2. Case: A Blood Services organization had a manual Quality

process that tracked their Quality Control (QC) data. Since this
was a manual process, the time it took to manage and review
the QC data was roughly 45 days to completion. Once they
implemented an automated system, they have since reduced this
time to less than a day for the same process. Less than a day!
They estimate the time saved to be near 650 hours of labor. This
is a perfect example of time-savings as an ROI metric.
Scalability: Can’t We All Get Along?

One key area that needs to also be mentioned is scalability. We
no longer live in a single siloed world. Companies have multiple
facilities, each with their own unique processes relative to the
corporate standard. Everyone operates in their own way that works
for them, and implementing a software system should not force them
to change. QMS needs to be adaptable to the business processes
for each line of the business, but also conform to a corporate
standard. So the question becomes, “how can we all be unique in
our processes, but conform to the common corporate platform?”
QMSs are evolving to address this issue. It used to be that for each
site, a separate instance of the software needed to be installed and
maintained. If you have 30 sites, then you would need 30 systems,
each with their own administration and workflows. No longer is
this the case. Flexibility is now extending beyond just the processes
and workflows, but also into the locations in which processes are
located. With flexibility by location, you can log into the system
from your site and see all the relevant workflows, coupled with some
of the corporate standard workflows. They become one holistic
workflow that can vary site to site, but maintain the relevant data
that corporate needs to track. So in effect, you have a global, holistic
solution that can satisfy both corporate needs and the needs of the
individual sites.
4 | 8 Simple Rules for Selecting a Quality Management Software System
8 Simple Rules for Selecting a Quality Management

Software System
In a market where high-demand causes organizations to fonts, and general layout of the navigators, forms and reports
seek software systems that will fit into their complex business is usually an afterthought. Many systems will offer some level
infrastructure, the pressure to find the right system often causes of configurability, but this will usually not extend to the layouts
angst to many. Coupled with the host of options out there, the themselves. End users must contend with the vendor’s look-
pressure builds. Often, organizations will “settle” on a system that has and-feel, which will be foreign to them. The ability to control all
most of the functionality they need, but doesn’t provide everything aspects of the software’s user interface helps user-acceptance of
they want. That being said, here are “8 Simple Rules” on what to look the software, and user buy-in is one of the major contributors to
for in a QMS. a software implementation’s success. In the age of Web-based
applications, vendors can demonstrate flexibility by complying
1. Flexibility to Adapt to Business Processes: Probably the most with Web user interface standards. Furthermore, they should
important consideration is the ability of the system to adapt be able to provide this control without the need to customize
to your existing business processes, and be flexible enough to the software. When selecting a system, have a well-defined
change and improve as your processes change and improve. set of user interface requirements that will make the system
This may seem like a simple statement, but many times software work for you, and ensure that the system is able to meet those
vendors build their systems around a generic, best-practice requirements without having to do extensive development.
approach that cannot be changed without substantial time and
cost. These vendors want you to adapt your processes to their 4. Making Sense of the Data—Reporting and Searching: When
software, not the other way around. If your company has spent you automate using QMS, there is an enormous amount of data
years developing and fine-tuning business processes, and upon created. Without some means of easily accessing the data, the
purchasing a software system, you find yourself reengineering QMS makes it extremely difficult to derive trends and insights
your proven processes to fit within the software system’s on the Quality system. Users are left to their own devices to
limitations, you have compromised your efficiency. manually filter out the data, or even export the results into an
external system for reporting. This is a time-consuming effort,
Do not compromise—find a solution that is truly flexible and and can lead to time management issues in finding the data,
configurable, and can configure all aspects of the software, filtering the data and reporting on the data. Software systems will
including workflows, forms, fields, reports, business rules, even the often offer some means of search capabilities, but this comes in
look and feel. Configuration should also be easy for non-technical many ways and may require administrative intervention. Having
administrators. Graphical tools such as drag-and-drop will enable search capabilities is often not enough—the system should
administrators to own the configurations of the system with limited be able to search not only at the highest level, but also search
to no programming knowledge required. In many cases, the cost on multiple criteria and search within records, or even within
of changing your operations as a result of an inflexible software attachments embedded in records. At the same time, reporting
package outweighs the cost of the package itself. Careful and on the data comes in many flavors. Many software vendors
thoughtful attention to the software’s flexibility is key to a successful consider reporting an afterthought in the development of their
implementation. products—usually partnering with third party tools to help make
sense of the data, but with only limited integration between the
2. Web-based versus Web-enabled: The Internet has made the
two systems. Others will embed reporting tools directly into their
world much smaller. Organizations are building intranets and
product—providing a more integrated method of pulling data
extranets into their global network, and the need to have systems
across records within the system. When selecting a software
in place that not only utilize the Internet but also thrive on it is
solution, determine the types of searches and types of reports
key to success. Following this lead, enterprise software vendors
you need to generate, and require that the vendor is able to
are building tools that move away from the old client-server
create such searches and generate the reports you need.
models to a thin-client interface, allowing for more flexibility
in a global environment. There are software vendors that are 5. Taking Quality to the Enterprise—Scalability Matters:
Web-based and some that are “Web-enabled.” Knowing the Ultimately, your QMS may not serve a single site, especially
difference between the two can provide a key differentiator in if your organization has multiple facilities. As more and more
your selection of the system. companies scale their systems to span the enterprise, it will
become necessary for the QMS to follow suit. When selecting a
3. Look and Feel—Making the System Your Own: One of the
software system, think about the long-term goals on how you
more overlooked issues when selecting the software is the ability
plan to scale. It may not be an immediate need, but having the
to “brand” the system with your organization’s look and feel.
ability to expand your QMS beyond your four walls to include
While many ask whether the system can be configured to meet
other facilities, or even suppliers and customers, can make
their changing needs, the ability to change the colors, logos,
a difference in the system’s long-term value. Watch out for
5 | 8 Simple Rules for Selecting a QMS System
false scalability promises—some systems will claim scalability, 8. Time to Value—Implementation and Deployment: You’ve
but have no real experience in the matter. A scalable system covered your needs in terms of the solution and it has all the
must obviously be technically capable of handling the load of bells and whistles your company needs—now what? The solution
additional users, but that is only half of the picture. The scalability needs to be implemented. This is where, many times, software
of administration is equally important and can be much more selections fail. In fact, in a recent study of over 9,000 software
expensive to fix later if not considered up-front. implementations, 71% of them either failed or were late or over
budget. Many of these projects cited the implementation project
Look for customer references that have scaled the system to a level as a major reason for failure. It is critically important that the
that is equal to your business, specifically in the ability to delegate software vendor be able to demonstrate their capability to not
administration to different levels in the organization, across the only deliver the solution to you on time and on budget, but do so
entire enterprise. Truly scalable systems include location-based in a fashion that lets you use the system as you intend to use it—
administration that extends beyond simply managing different user with all your configurations and best practices built in.
groups, to enabling location-specific configurations and dynamic
filtering of location-specific data. Look for a solution that has a proven implementation method that
involves the requirements gathering, the side-by-side collaboration
6. Tying Systems Together through Integration: Operational with their folks and your team, and sticks to an agreed upon project
areas no longer live in silos when it comes to business systems. scope. Furthermore, get your requirements finalized up front—
Whether they are Production, Financial, or Quality systems, adding new features and functions mid-stream often delays projects
the ability to interact, collaborate, and coordinate across the as more time is added to the project to meet these new “last minute”
business is key to uncovering any gaps in processes, and creates entries. Finally, make sure all the stakeholders in your organization
visibility from one operational area to the next. It is of paramount have had their opportunity to contribute to the requirements
importance to be able to integrate your systems. phase. This will ensure that all parties are satisfied before the
implementation begins.
When looking to select a system, keep in mind the integration
options available within the solution. Avoid solutions that claim These 8 rules of engagement when selecting a software solution
integration, but will only do basic integration “lookups.” While this is (which can really be applied to any enterprise solution, not just
powerful and eliminates some degree of double-entry of data, true Quality or EHS), can have a tremendous impact on how you approach
integration will not only pull data in from production systems, but your software purchases in the future.
will also push data back to those systems, such as nonconformance
issues, overall cost of Quality activities and more.
7. Know Your Audience—End User Acceptance: Typically,

the team selecting a software system is made up of multiple
areas—IT, Quality, Operations, Purchasing, and more. More
often than not, the participants are manager-level, and are
making the decision on behalf of themselves and the end
users. The end users, while most likely the highest volume
user, are more than likely not involved in the ultimate decision.
Many software systems will have the technology and process
management needed, but once implemented, the end users are
lost. It doesn’t look familiar; it doesn’t look and feel right, and
requires significant adjustment to get used to. Look and feel
may not seem like a “deal breaker” but it can be a hindrance in
the learning curve for many users, and cause delays in getting
implemented and effective. Many software vendors do not
come from your industry. In fact, many come from a technology
background, and never take into account the user experience.
The result is a software system that is technologically advanced,
but completely “un-user friendly.”
When selecting a software system, take into account the end user’s
experience. Make sure the software can easily be configured to help
the end user—whether it is familiar forms and layouts, even colors
that match the corporate look. If you are replacing an existing system,
see if you can match the new system’s look and feel, even the form
layouts to the old system. This can make the transition much easier,
and make the end users more productive right from the start.
6 | Look Under the Surface: 4 Things to Ask a Compliance Software Vendor
ook Under the Surface:

L
4 Things to Ask a Compliance Software Vendor
In this day and age, very rarely do people buy anything without doing software sale draws so much focus, that the service element
their research. This rings true when it comes to the buying process becomes an afterthought. Look for a vendor that has a proven
for enterprise software systems. In many ways, the buyer has so many track record of implementing their solutions successfully, and
tools available to research vendors and understand the pros and make sure to spend some time reviewing their strategy. Proper
cons, we see a much more informed and educated enterprise buyer. implementations, whether large or small, should incorporate
Web-based research will give you some of the key areas to rate a some element of project management that involves both parties.
vendor on, such as: The best way to find out if the implementation methods are
“proven” is to look for proof from existing customers.
Market expertise
Features and utilities 2. Customer Satisfaction: Today’s enterprise software buyer
will no doubt ask for references. Most vendors will gladly turn
Broad company overview
you towards their go-to reference or load you up with case
Pricing and support structure studies. And most buyers will discuss the cursory questions—
Breadth of applications offered “What do you like about the software,” and “does the software
meet your needs,” etc. When doing your reference call, it’s also
All these things can be commonly found after some basic research,
a good practice to delve into some more intangible questions.
and a few discovery demonstrations. However, we still see cases
Remember, enterprise software is not only an investment in
where a company has selected a vendor, and that vendor continues
a solution; it can be an investment in the people within the
to fail on their delivery of the solution. You would think that these
company. Questions like “What do you think of your account
failures would be picked up on during their extensive, informed
manager or service manager,” or “Do they respond to your needs
research, but there is more to a company than the above bullet
at this company,” or even“ What is their user conference like” will
points. Below are some additional considerations to be aware of
give you a deeper insight into how this company operates. These
when selecting an enterprise vendor—those that go beyond pricing,
types of questions (which may seem silly at first) add dimension
features, and tools.
to the vendor, and also give you an indication of the health and
1. Implementation Track Record: One of the primary reasons longevity of the company. You want to invest with a company
software implementations fail is a lack of communication and that will be around for as long as you continue to work with
project management within the implementation team. To put it them.
more simply, the project scope goes over time and over budget.
Often (and especially in the Compliance software market), the
7 | Look Under the Surface: 4 Things to Ask a Compliance Software Vendor
3. Financial Well-Being: As stated above, you are investing in an 4. Proof of Concepts and Workshops: If you get to a point where
enterprise solution and the company behind it—it’s critically two vendors are equally adept, then it might be time to suggest
important that you feel comfortable about the company’s a workshop or proof of concept. These are typically 1-2 day
financial well-being as well as their product offering. In this day engagements with the vendor whereby you give them a simple
and age, software companies are being bought and sold, and set of requirements, and ask them to implement it on a small
a company’s control is sometimes in the hands of a venture scale. It’s like a “test-drive” of the system on your terms and
capitalist rather than a software architect. In some cases, the using your processes. What makes it powerful is that you can get
software vendor is a minority shareholder in their own company. a glimpse of how your future relationship with the vendor will
Venture capital investment, loans and lines of credit to keep be, and how they work when implementing your solution. These
operations going—truth is, a software vendor may have more workshops can be time-consuming (and occasionally a pay-for
debt than equity. Don’t hesitate to get financial information from exercise), so reserve this for special circumstances.
the vendor.
In our world where we have all the information at our fingertips,
Now many may not be apt to opening their books for you, and that’s it’s sometimes easy to say we know everything. But there are still
fine—there are a few ways to get an accurate financial picture: those data points that are not publicly known, and getting the right
answers can make a big difference in your decision. So it’s important
a. Search the Web for Investment News: Vendors may not to do your research and come to the table prepared, but don’t
actively promote when they are bought or invested in, but be afraid to ask for more information on your enterprise software
the investors love to talk up their portfolio. Look for press solution.
releases from investors on your vendor, and read carefully
on whether the investment firm is providing capital, or
actually purchasing the vendor.
b. Ask for a Debt to Equity Ratio: This is a great way to

see the financial health of an organization without prying
into their books. The Debt to Equity ratio will indicate
how much they owe versus how much they own. Be wary
of vendors with high ratios—chances are they may be
burning more cash than they are bringing in.
c. Annual Growth Rate: Average growth percentages over

a 3-5 year period are nice, but the vendor could have
had one great year in year 1, and the next 2-4 years they
declined. Compounded Annual Growth Rate provides a
more accurate depiction of how the company has fared
financially over the past few years.
d. Annual Net Income Growth Rate: Another good

metric to asses the health of a vendor is to examine the
net income growth, which is essentially the vendor’s
profitability. They could have a decent revenue stream,
but are they profiting enough to sustain themselves?
Net income will give you an idea if the vendor can stand
on its own two feet. These are just some basic ways to
understand the health of the company. A healthy company
that invests money back into their product and plans
for the long-term will ultimately result in more product
innovations, providing you with services for years to come.
8 | Build vs. Buy: Best-Practice QMS Solution over Custom Development
Build vs. Buy: Best Practice QMS Solution over

Custom Development
In today’s dynamic and demand-driven market, the need to This step is important, because 70% of software costs occur after
implement enterprise technology to keep pace with rapidly evolving implementation. A rigorous lifecycle analysis that realistically
operational, production and compliance environments is key to estimates ongoing maintenance incurred by a custom development
success. In recent years, enterprise technology has become more project often tips the balance in favor of buying.
prevalent in its penetration of all operational areas within a business.
It has become so prevalent that it is rare to find a department within 2. Flexibility and the Ability to Adapt to Change: Businesses
an organization that does not have a dedicated enterprise software experience constant and rapid changes. Companies change their
solution to provide some level of support. processes, expand or shrink, and competition drives innovation
to the market. Application developers often hear “although
In the case of Quality, this statement rings true. In recent years, we needed that a year ago, it’s not what we need to run our
enterprise software solutions have become commonplace in many business today.” Add in rapidly changing technology and the
organizations, whether integrated QMS, or Quality Management adaptability of a homegrown system becomes an issue, and
modules within larger production systems, even down to simple often a system built in-house becomes obsolete before it’s
point solutions for Document Control or Corrective Action. Recent complete. A best practice configured application is a production
reports on top software components for organizations show that ready application that can be customized for a unique
Quality Management is at the top of the list. In many organizations, environment within a relatively short timeframe.
Quality Management solutions are a strategic priority. As demand
for these solutions grow, so does the vendor landscape—more Furthermore, having the flexibility to adapt to changes is key
software vendors are providing solutions for Quality and Compliance to success in response to changing market conditions. With
Management than ever before. configurable solutions, processes can be changed as needed with
little to no additional costs. With custom developed solutions,
When determining the strategy for automating a mission critical there is little room for change—if change is required, it can result
business process like those in QMSs, a “Build versus Buy” choice in hundreds of development hours and the project overruns can be
remains a key decision. Overwhelmingly, organizations have proven steep.
the decision to “Buy” provides much greater value and success than
the decision to “Build.” Here is a “Top Five” list of things to watch out 3. Best Practices Experience and Core Business Focus: When
for in a build versus buy scenario. determining an enterprise solution, it is important to consider
the focus of the organization. How well do the vendors know the
1. Predictable and Transparent Costs: Developing an enterprise business challenges your organization faces? How well versed
application is no small task, especially when it comes to in best practices is the vendor, and what is their experience in
estimating the cost of development. When you buy a best- the industry? A vendor who is rooted in these best practices has
practice enterprise solution, you evaluate in advance the features, a broad knowledge base of experience to draw from, whereas
functions, and capabilities in an existing enterprise environment. a custom development from a vendor outside of the industry
A known cost is attached to a best-practice solution. If you build will be starting from scratch on how to match your business
a new system with alternative development resources, project processes to the application. This can push the scope of the
costs and time to deploy may range widely, affecting the success project out, simply because the learning curve on processes and
of the project. terminology need to be collaborated on. Selecting a vendor
with a broad background on a specific industry like Quality
In fact, according to Gartner Research Group, packaged applications Management helps to provide a foundation for building a
with best practices already built in have found favor within many process that meets your requirements, with a long-standing
enterprises and are now considered viable choices for many knowledge base of experience to draw from.
corporate tasks. In fact, corporate edicts have often been established
that preclude even a discussion of the build versus buy process. 4. Consider the Project Scope—Proven Implementation
Therefore, buying a software package with best practices already versus New Application Development: According to a report
built in, under all circumstances is the dominant trend. by the Standish Group on more than thousands of software
projects, 40% failed completely, and an additional 33% were
When evaluating whether to buy or build, it’s critical to thoroughly “challenged,” meaning that they completed late, went over
understand total costs during the software lifecycle—typically 7 or 8 budget, or were completed with fewer features and functions
years. than originally specified. Even more staggering, a recent study
by Gartner Research revealed that nearly four in ten major
software purchases ended up as “shelfware”—software that was
purchased, but never implemented.
The root of all these challenges lies in the ability of the project to
be defined properly. With custom developed solutions, the project
scope encounters obstacles not foreseen at the outset of the
project, and it is extremely difficult to estimate the time and expense
associated with a major development project. This is primarily due
to development of new features not inherent within an existing
application or customer developed application, which creates a
tendency to change and modify the scope “on the fly.” The result,
according to the Standish Group, estimates that 52.7% of all custom
application projects cost 189% of the original estimate provided.
Software vendors with best practices built-in draw on a history

of implementation of similar processes, and have implemented
hundreds of projects of similar focus and scope. These
implementations follow a proven process, and follow a pattern of
Because a best-practice configured solution requires little to no
project management that delivers the product on-time and within
development costs and uses a proven method of implementation
scope.
to ensure projects are kept on scope, the actual risk associated
5. Return on Investment—Look for the Hidden Cost of with implementing is considered lower than that of a custom-built
Development: While many custom-built applications outline application. This is primarily due to the unknown factors that can
a broad scope for a project, without having a best practice occur in custom development, as well as long-term costs to update
approach it is impossible to determine how long the project will and maintain the custom-built system.
actually take. Vendors that offer a best practice solution are able
to leverage years of implementation and product development
to accurately scope out a project and will not incur the same
project overruns custom developed solutions encounter.
Consider the breakdown on build versus buy conducted in a

Standish Group Report, illustrated in the tables at the bottom of the
page.
When comparing these two scenarios, we can assign a risk ranking to

build versus buy, as illustrated in the risk matrix in the next column:
Comparison: Build Versus Buy
Avoid the Dangers of Buy…then Build

When making the decision of build versus buy, it’s important
to determine the level of development required, in either case.
While many off the shelf software systems will claim to have the
best practices built out of the box, what is often not determined
is any level of custom development that may be needed after
the software is purchased. Often times, purchased solutions will
incorporate a framework of best practices within their solution,
but in order to tailor the system to meet your needs, the system
must be custom developed. As a result, the customer is left with a
purchased solution that will need a custom development project
added into the purchase, creating the same challenges with a purely
built solution. Look for systems that have the flexibility to adapt
to specific processes without any need for custom development.
These solutions often enable the administrator (or “Power User”) to
configure all aspects of the system to meet unique business needs.
Configurable systems such as these completely eliminate any custom
development needs, and provide a truly flexible and adaptable
system that embodies the purpose of a purchased, best-practice
solution.
The decision to implement enterprise software is not a simple task.

Software solutions typically represent an investment of 5-7 years,
often up to a decade for many organizations. When weighing
the options of determining software selection, the “Build versus
Buy” decision is one that will always come up, and requires careful
consideration on the path to take for your investment.
While both options have merit, many organizations opt to leverage

the existing best practices implemented within the industry, the
proven track record of success and innovation, and the most flexible
technology that will help them seek returns on their technology
solution. For many, the growing trend lies in purchasing a solution
that provides the most functionality and features, and presents the
lowest total risk to the organization.
11 | Avoid Scope Creep in Enterprise Software Implementation
Avoid Scope Creep in Enterprise Software Implementation

While many companies focus heavily on the software’s ability to the processes, and do not need this exercise—until you actually
meet the business need, very few focus on the vendor’s ability get all the stakeholders in a room. At that point, the picture
to implement the software. The responsibility of a software gets painted a different shade of what you thought. Many
implementation project is shared between the vendor and the times, the stakeholders will “trickle in” during the project after
customer. While the vendor needs to deliver on all those promises implementation has begun, and this is the source of the evil
they made in the RFP, the customer needs to make sure that their “Scope Creep” paradox. The more features we want, the more
processes are well-defined, and that all the requirements of the time it will take, and the more time it will take, the less likely the
solution are outlined in detail. Without the roadmap for the solution, vendor is to deliver it on time.
the vendor can only take a “best attempt” at meeting the business
need. Kind of like shooting a moving target in the dark, blindfolded By gathering all the stakeholders and clearly defining the project and
and with one hand tied behind the back. its requirements at the start, the actual implementation process will
move much smoother. No one is “trickling in” and all elements of the
With all the investment put into selecting a software vendor for your project are planned and ready to go. This early investment of time in
business, it is hard to believe that there is any possibility of failure. the beginning of a project may seem like it would take longer on the
However, recent studies have shown that within a sample set of outset, but in reality, this up-front investment of time actually speeds
more than 9,000 software rollouts, 71% either failed or were late up the project in the long run. Resources are efficiently managed,
and over budget. Even more staggering, a recent study by Gartner project timelines are met, and this project is delivered on time and
Research revealed that nearly four in ten major software purchases on budget.
ended up as “shelfware”—software that was purchased, but never
implemented. The root cause of such pitfalls is usually attributed to 2. Get a Design Specification: Whether you are implementing
challenges associated with project management, and the inability a configurable, out-of-the-box solution or a heavily custom
to properly define the requirements to make the implementation developed application, getting a design specification is
successful. As a result, the end users never really accept the solution, an important step in the process. A design specification is
and the cost to implement correctly becomes extended. essentially a simple mock-up, “wire frame” or depiction of what
the final product is going to look like once implemented. These
Successful projects are the result of the Quality of the solution and are typically done in phases of the implementation, so that
the acceptance of the solution by the end users. As seen in the each “piece” is given its own design specification. Think of it like
diagram below, without proper planning and project definition at building a house. You would want to see the floor plan before
the start of the project, implementation projects can often suffer in they start laying the foundation, and building up the rooms.
the long-term. Projects without a defined scope will often require You want to make sure the bathroom is in the right place, the
fluctuations in resource levels, and push the project out far beyond kitchen, and so forth. Same goes for the software solution—
its expected completion. making sure the forms look right, the fields and keywords match
your ideas, and are in the right place are very important.
At this point, with the requirements gathered and design

specifications in place and approved, then the real implementation
can begin. Whether configuration or coding, most implementations
will vary, but ultimately the goals are similar. This is to deliver the
finished product according to the information provided in the first
two points. Ensuring the finished product matches your requirements
exactly is important, which is covered in the next point.
3. UAT User Acceptance Testing: It’s important to always include

the end users in the process—they are after all, the day to
day users of the system. Their acceptance of the system will
ultimately determine whether the new solution is truly a success
or not. The UAT phase of the process is like the “test drive” of
the new sports car—making sure that the seats are comfortable,
the engine is tuned, and the wheels won’t fall off. Just the same
Here are just some quick points to consider when looking at an in the software world—move around through the workflows
implementation project: and forms, push the performance, and make sure the proverbial
“wheels stay on.” This is usually done by the company’s project
1. Get the Requirements Up Front: While this may seem like team, but many like to take a few of their end users and let them
a no-brainer, many companies won’t truly know what their comment on the system. This is a good practice to get the “word
requirements are when they start a project. You may have one on the street” for those daily users.
or two project managers who swear up and down they know
12 | Avoid Scope Creep in Enterprise Software Implementation
The theory behind using this project management/requirements

first approach to implementation is that during UAT, only minor
problems are tweaked. The last thing either party wants is a major
technical flaw this late in the game.
Investment in software shouldn’t fall victim to a poor

implementation. Not only does it leave a bitter taste in the mouths
of the project team, but the software investment becomes diluted
and could end up as “shelfware.” Ensuring the project requirements
are gathered at the start, the design is approved before
implementing and testing on the backend will help to make sure the
project is completed within scope and within budget.
13 | Why Marketing is Important for Your Quality Management System
Why Marketing is Important for Your Quality

Management System
In the previous chapters, we’ve talked about the difficulty of change. This caused quite a stir in the office, and everyone began talking
But, in reality it’s not necessarily that people have so much of an about “EPIC.” The key is to keep it a secret till launch day—that’s the
aversion to change, it’s more about motivation to change. tease folks!
If I were to give you $1000 to switch to my car brand, you are The Launch Party: This does not need to be a hip-hop rave, nor
certainly more likely. Or, if I associate my energy drink with your does it need to be a black-tie gala. Everyone still has to work
favorite sport, then you might feel compelled to drink my highlighter- —a simple gathering with catered lunch is more than enough. In
colored, sugar-filled beverage. I’m talking about marketing—the one the case of the EPIC launch, the customer ordered lunch for the
thing that we are exposed to every day. Believe it or not, consumers team, had a sign made up and a cake with the EPIC logo on it.
today encounter from 3,500 to 5,000 marketing messages per day— Never underestimate the power of free food. They sat...they ate...
so we are no stranger to “the pitch.” they saw the new system.
Perhaps one of the biggest obstacles in user adoption of a new QMS Incentives and Raffles: If you have some extra slush money,
System is getting people excited about it. But part of user adoption maybe you want to invest in a few promotional items or a raffle
and acceptance is inspiring people to use it. It’s one thing to have for the launch. You can even ask the software vendor for a few
to use the system, but it’s a completely different thing to want to of their incentive items for the launch—they would be more than
use the system. Here are just a few techniques in how to effectively willing to help out. Everyone loves gifts, and if you associate gifts
incorporate a little marketing into your Enterprise QMS or EHS and rewards with your new system, it becomes a pleasurable
rollout: experience for the users. “Remember the EPIC launch? Yeah, they
gave out food, free stuff, and raffles—it was great. What a great
1. Give it a Good Name: More often than not, the software system!”
vendor’s name sticks with the company, but there is rarely a
clause in the agreement that says you can’t rename it. So why 4. Keep the Dialogue Going: Every system launch goes through it’s
not give it a name that will resonate with your company? One “honeymoon period” when everyone is buzzing about the system.
company wanted to eliminate the “Quality” from its QMS so The key is to keep it in people’s minds, after the honeymoon is
that employees outside of the Quality department would be over. Email newsletters are a big help here—create a monthly
interested. So they renamed the software, Enterprise Processes newsletter to let your company know what is going on in the
for Integrated Compliance—“EPIC.” Now that’s a cool name. system. This can be company wide or just in your area. Let them
Another company didn’t even try the acronym route, they just know how many CAPAs were processed, how the system has
named it “Turbo.” Now, who wouldn’t want to work in “Turbo” all improved Quality, or where to find the new Document Control
day? A good name goes a long way. module you installed. Communication helps to keep your system
at the forefront of their minds.
2. Dress it Up: Most software solutions are flexible and
configurable enough to change not only the business processes With just a little bit of marketing, you can turn an ordinary Quality
and workflows around the tool, but also change the look and Management System rollout into something special for your team.
feel. Take advantage of this flexibility and brand your solution to They worked very hard to get the system up and running—why not
match your company’s colors, logos, and corporate look. People a little notoriety and fun in return? You’ll find that you not only have
love to feel at home with a new solution, and having the same rewarded your employees for the effort, but you’ve also inspired
“decor” helps to ease the transition. people to adapt and use your new system.
3. Run Your Own Mini-Launch Campaign: We’re not talking a

big-budget advertising campaign—this is just a little marketing
to get people excited about the upcoming rollout. Again,
you’re trying to inspire people to excite them about a software
implementation. You don’t need to be a seasoned marketing
executive to run a “campaign.” All you need is a little slush money
and a printer. Here are just a few ideas to get you going:
Teasers: The best thing about teasers is you don’t have to do

much to create a buzz. Innocuous phrases get people’s minds
running. In the case of the “EPIC” launch, this company posted
signs all over the office, which looked like this:
14 | The Importance of Risk in the Complex Quality Lifecycle
The Importance of Risk in the Complex Quality Lifecycle

Manufacturing industries have matured over the years, customer In reality, ERM follows a path no different than the more granular
demand increases, and the complexity of the products also increases. departmental levels:
So we now have a complex product lifecycle that needs to move
faster to keep up with demand—manufacturers must keep pace with a. Risk Identification: Simply put, look for the potential
the demand, while ensuring Quality of the product at every step. The risks. Whether at a low-level or high-level, you need to
faster we move, the harder it becomes to correct adverse events, figure out where your risks arise. This can be from adverse
and prevent Quality issues in the same way we’re used to. We need events, hazard analysis, departmental surveys, and similar
a measure to help us search out the most critical issues and address areas.
the Quality issues that matter most. Risk Management is of growing b. Risk Assessment: Once you’ve identified the risk, you
importance in Quality for this very reason. need to determine how severe it is. Is this risk high,
low, or negligible? Assessment seeks to categorize (and
Let’s look at some of the areas risk plays in the Quality lifecycle:
potentially prioritize) our risk.
1. Risk in Design: Incorporating risk in design is a critical, but c. Risk Review: New risks within an organization need to
sometimes overlooked component in the Quality lifecycle. be reviewed. Risks cannot automatically be assigned an
Traditionally speaking, Quality has always been reactive in action—often you need a team to review the risk ranking,
nature—“events happen and we need to correct them.” However, determine the next steps, and so forth.
if we can work towards mitigating risk during earlier stages in
the product lifecycle, such as in design, then we can mitigate the d. Risk Mitigation: We now ask the question, “how do we
risk of these in-field failures. Tools like Failure Modes and Effects fix this?” Risk Mitigation relies on taking steps to correct
Analysis (FMEA) or simple Hazard Analysis provide the ability the events, and ultimately reduce their risk to acceptable
to break down a design into core components and assess the levels. Corrective Actions help to create a plan for
risk of failure. By calculating the risk before the product is even investigating and correcting systemic issues, and reduce
built, you can take steps to mitigate that risk in a more proactive the risk of recurrence.
way. Even for known risks, you can better prepare your team for e. Risk Reporting: The last step is sometimes overlooked,
potential post-market events, and handle them more efficiently. but critically important. Reporting not only creates
visibility into top risks, but it also lets you trend out
2. Risk in Process: Corrective Actions are an issue in many
potential areas of improvement. Reporting lets you see
organizations. You would think that a system designed to
how one area’s risks overlaps with another area’s risks.
efficiently correct a problem wouldn’t be a problem itself—but
it can be, especially if every event becomes a Corrective Action. As industries move faster and product lifecycles shorten, you need
Too many Corrective Actions can shift the focus on what is most to benchmark Quality not only as a corrective measure, but in
overdue, versus what is most critical. By incorporating risk into a proactive, preventive way. Incorporating risk into the product
the process of adverse events, you can filter the critical and lifecycle will help to identify, mitigate, and prevent potential risks
non-critical events, ensuring that the highest risk events make along the way.
it to the top of the list. Less critical events can even be handled
immediately—Quality systems do not specifically state that You need to identify potential risks, assess the dangers, take steps to
every event become a Corrective Action. Using risk will help to correct your “path” to mitigate the risk, and continue on. The faster
streamline the system in this fashion. you go, the more risk mitigation plays into the equation.
3. Enterprise Risk Management: Risk mitigation is everywhere. If

you think of an umbrella, the spines that make up the umbrella
are the various risk areas (risk in design, risk in process, safety
risks, human factors, governance, etc.). The umbrella as a whole
is Enterprise Risk Management (ERM). ERM seeks to combine risk
elements from all over the organization and take action based on
those elements in broad strategic level.
15 | Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk Matrix

In this day and age, risk is the biggest buzzword in the compliance
industry. We’ve talked about it, you can’t go anywhere without
hearing about it, and everyone’s got a risk-based solution. I think You can see that we have a Low-Risk or Generally Acceptable Risk
the primary reason why we focus on Risk Assessment and Risk zone, and a High-Risk or Generally Unacceptable Risk zone, but what
Management, is because in business, we need to quantify our about the middle? There’s a gray area of subjectivity here. How do
actions. We can no longer rely purely on “gut instinct” to execute on companies determine this gray area?
events, whether Quality, Financial, Social, or similar areas. The world
moves too fast, and one misstep can make or break your business.
Risk provides the objective metric to help the decision-making
process. But, you need to know how to use risk.
How do you define risk? It’s not as easy as you may think. Companies
spend plenty of time and money coming up with a scheme on
how to calculate risk for their organization. Risk is defined as the
“systematic application of policies, procedures, and practices to the
tasks of analyzing, evaluating, and controlling risk.” All this really
means is that we put tools in place to help us look for risks, assess
those risks, and then take action on the risk. The trick here is finding
the risk, isn’t it? How do we find the risk?
The components of risk usually manifest themselves in two forms:

hazards or harms. Hazards represent the potential source of a This is not always an easy answer. Some companies have to
harmful event (the cause). Harms are the resulting damages to weigh the costs versus benefits on these risks, without creating a
products, persons, or the environment (the effect). Risk is essentially disproportionate cost to risk (Example: spending $1M to prevent
cause and effect on a defined scale. It’s the scale in which most a blister is disproportionate; spending $1M to prevent a fatality is
struggle. proportionate). Companies will carefully vet these zone, and typically
adopt a concept called ALARP (As Low as Reasonably Practicable).
Usually, when trying to quantify hazards and harms, most Simply put, this means that the risk is as low as we can possibly
organizations look at two metrics: Severity and Frequency (or get it, or it’s “Tolerable” or “Undesirable”—but it isn’t critical or
likelihood). Taking these metrics into account, we can develop a scale catastrophic. So then, with the ALARP in place, you have a risk matrix:
in which to measure hazards and their harms. This can be numeric
(scale of 1-5), verbal (excellent to poor) or both. If you were to graph
these scales, you would come up with a numerical matrix, one that
highlights the risk “zones” by their multiplied number on the axis,
much like this one below:
Now you can go off and start using it, right? Well...you need to “vet
the matrix”—put it through real-world historical examples and see
if the risk matrix comes up with the correct risk based on historical
events. You may need to “tweak” the matrix based on the vetting
process. Hard mathematics will not properly assess the risk without a
little real-world honing. Once you’ve fine-tuned the matrix, you can
start utilizing it in your Compliance system.
16 | Risk Assessment: Creating a Risk Matrix
Risk Assessments and risk matrices are wonderful tools to help guide Risk helps to ensure that not only is the CAPA effective, but it’s
decision-making in an organization, but they are not meant to be within the risk limits of your organization’s compliance standards.
stand-alone tools. They help to provide a guide for Risk Assessment,
using quantitative and repeatable metrics to ensure a consistent CAPA is an effective and essential tool but, like many processes, can
method of determining risk. Most best-in-class organizations will be blocked up if you are too reactive to events. In order to streamline
assemble a “risk team” to go over adverse events and determine your CAPA process, it is important to look at adverse events and filter
the risk. It’s up to the team to decide how an event will be handled, them to properly determine how critical they are.
and what the true risk is. Risk matrices are the keys to unlocking
quantitative risk-based processes, but the people are the drivers of
the system.
The next question becomes, “How do I incorporate Risk into my

Quality Management System?” More specifically, how can Risk ease
the bottlenecks in an organization’s Corrective Action process?
Too often, when adverse events enter an organization’s Quality

system, people are quick to open up a Corrective and Preventive
Action (CAPA). No matter what the adverse event, its severity or
impact, a CAPA is opened up. Having a CAPA system in place is an
extremely valuable (and essential) part of a good QMS. However, if
everything becomes a CAPA, then you create a bottleneck. Employees
are so focused on working on their CAPAs, they forget to do anything
else.
What you end up with is this—hundreds of CAPAs, without really

knowing which CAPAs are critical to the business and which have less
impact. It becomes the needle in the haystack conundrum—finding
the critical adverse events can prove difficult if you don’t have a way
of finding them. I once asked a Quality Manager how he handles
CAPAs—what his metric was. “We handle the most overdue first,”
was his reply, and he went on to say that if it isn’t critical and is at the
“bottom of the pile,” then they don’t get to it in time. That said, there
is a better way.
1. Not every event needs to be a CAPA: Yes, it’s true—if you can
immediately correct an event, then correct it. Not every event
needs to be opened up as a Corrective Action, only those that are
systemic issues and pose a critical impact on the business.
2. Use Risk to filter events: So if not every event needs to be a

CAPA, then how do we figure out the bad the from not-so-bad?
You need a way to filter these events, and you need to do it in a
repeatable, systematic method. Risk Assessment is a great way to
do this. Risk matrices will help your team make the determination
as to the criticality of an event. The higher the risk, the more likely
we would like to take Corrective Action.
3. Do a CAPA on your CAPA System: Sometimes even a good

CAPA process needs a little updating. Make sure to continually
audit the CAPA process, and if the process is not efficient
enough, then it may be time to do a CAPA to correct any
potential bottlenecks or problems within. Like any good process,
a little maintenance and “trimming” is always healthy.
4. Use Risk to Ensure Effectiveness: For an action to be truly

corrective to the process, it must be effective, otherwise you’re
back to square one. Much like risk can be used to filter adverse
events, risk can also be used to ensure effectiveness of a CAPA.
17 | Using Complaint Handling Software to Improve Quality
Regulatory Matters—FDA Compliance in Quality Management
Using Complaint Handling Software to Improve Quality

serious health-related complaints, they come in the same exact
way. There is no real way to discern which complaints pose
the most risk to the organization. So as a result, many critical
complaints go untouched until they reach their place in the
queue, often too late to take immediate action. Best in class
Complaint Handling solutions incorporate Risk Assessment
tools to determine which complaints pose the greatest risk to
the organization, and take action based on overall risk, not date
in which received. This allows organizations to respond more
quickly to critical events and improve Quality in the areas that
pose the most Risk.
3. Integrated with other Business Systems: Like any technology,

the ability to pull data from existing tools is key to success.
Complaint Handling is no exception—customer data, product
data, sales information, etc.—these are all stored in other
business systems. The ability to pull this data into the Complaint
System seamlessly allows for more efficient management and
eliminates any double-work or input mistakes. In some cases,
Complaint data may need to push data out. In Life Sciences
Today’s marketplace is more consumer-driven than it has ever been.
organizations, Complaint data may need to be reported to
Consumers are providing more detailed feedback, bringing on more
regulatory agencies such as the Food and Drug Administration
competition for businesses. Furthermore, rapid product lifecycles and
(FDA). Having an integrated system enables Complaint data
market demand create a need to improve product quality quickly
to be exported to these agencies quickly and efficiently. This
and effectively. Post-market feedback becomes a critical component
reduces the time to complete and close the complaint and
to ensuring Quality Management standards are being met, and
ensures complete transparency within the organization and the
organizations are looking to technology to help track this important
regulating bodies that govern them.
data.
4. Data Reporting and Business Intelligence: All aspects of
Complaint Handling is a critical component to a QMS. It provides
Quality need to be benchmarked, including Complaints. It is
the needed consumer feedback for an organization and enables
critically important that complaint data be entered in a data
them to measure and analyze the market with respect to product
model that enables reporting, and that Quality Managers can
Quality. More and more, organizations are looking to find Complaint
regularly run reports on their Complaint Handling system. This
Handling systems that provide the most efficient methods for
helps to uncover trends where the “problem areas” are. Look for
collecting post-market data and quickly turning this data around to
better ways to improve the process, and take actions based on
improve Quality.
the empirical data.
Here are some key elements to spotting a good Complaint Handling
5. Change Management Completes the Loop: Collecting
System:
complaints and taking action on them is one part of the process.
1. Integrated with Corrective Action: Complaints usually are a Critical to the success of truly improving quality is taking this
catalyst for corrective action, so it would be beneficial for the data and applying it to the product lifecycle. Complaint and
Complaint Handling system to be directly linked to the Corrective post-market feedback is a critical element that has to be factored
Action system. Complaint systems provide copious amounts of into the next product design. This data helps to build Quality
data related to the product, problem codes, and supplemental back into the product design, production and release. Leading
information. When generating a Corrective Action based on QMS solutions build this closed loop process into the product,
complaint data, integration helps to eliminate the double-work enabling organizations to use the market to improve product
by inheriting the data into the Corrective Action. Furthermore, it and process quality.
provides reciprocal linking so that complaint records show the
Complaint Handling systems have an important place as the
related Corrective Action.
front-line mouthpiece of the consumer market. The important way to
2. Risk-Based Filtering: Let’s face it—organizations get a lot of improve product and process quality is to take this feedback, filter it,
complaints. Whether they are minor cosmetic complaints, or assess the overall impact, take action, and then make changes to the
product to reflect that feedback.
18 | 3 Reasons to Adopt Automated Validation in Quality Management Systems
3 Reasons to Adopt Automated Validation in Quality

Management Systems
For many years, the concerns of Quality Management Systems 1. Speed and Efficiency: Validation, while producing results, is time-
centered around the validation of those systems. After all, if the consuming—“click here, record results; click there, record; type
system fails to work properly, the company becomes liable and any here, record; mouse-over here, record.” Validation projects can last
repercussions will most likely not be pretty. upwards of 18 months depending on the level and detail. Many
companies will settle for less robust solutions simply because of
What is validation, really? Well, at its core it is ensuring the system the validation project. That is not the best way to maximize your
does what it’s supposed to do. Interestingly enough, software investment in software. Automated tools allow you to take the OQ/
developers validate their software every time a new version is released, PQ scripts and run them in the exact same way a human validator
when a new build is completed, even when a new line of code is would, just much, much faster. For instance, a single Corrective
added. In the Life Sciences space, there is such an importance placed Action workflow would take a manual validator a full week to
upon the validation of the system, that many companies will focus complete; an automated system could be run in a few hours.
more on the validation capabilities than the actual functionality of the
software. Automated validation runs very simply. The script tells the system to
do an action (click here, type here, etc), and what the resulting action(s)
Most validation is manual, and it has been a valuable method for should be. The system does the action and records it as pass or fail.
years now. However, an entire validation project does not need to
involve the human element. This is time-intensive work, and can cause If it passes, great. If not, then what? Well, the second reason answers
a software project to be held up for months to complete validation. that.
Then, if you need to make a change to the software, you have to
re-validate. 2. Visibility and Comprehensive Readout: Automated Validation
leaves no stone unturned. Every possible action, variable, readout,
It’s like driving a car by physically pushing it from behind—sure it and pixel is accounted for. It is read, recorded and reported
will get you where you need to go, but a lot slower and with a lot of on. Every validation script in an automated validation system
unnecessary effort. generates a comprehensive report displaying the pass and fail
areas of a QMS. What’s more is that an automated script runner
Automated validation can speed up the validation process while will not mistakenly miss a step in the script, or be subject to any
allaying fears of non-compliance. Companies become concerned with human factors. The reports from automated validation have all the
using software to validate software, simply because they don’t trust it. elements of that business process that the software is designed to
Yet every line of software code is validated using automated tools. Not automate.
only does it make sense for Quality Management Solutions in the Life
Sciences market, but it can actually improve upon the more manual Most people’s concerns over automated validation is being able to
validation process. Here are 3 reasons why you should consider prove that the system was validated. They need that visibility into the
automating your validation: system that tells them (and any auditor) that the system is working as
it should be. Automated validation tools are built in such a way that
reports can be run to demonstrate that the system is in compliance.
3. Cost savings: You may say “cost is not the issue when it comes to
validation. The cost of liability outweighs the cost of validation.”
Customers often say those exact words, and they are right—to a
point. If automated validation produces the same exact results as
a manual validation project, but does so in 20% of the time, then
wouldn’t it make sense to choose the cost-effective option? We
had a customer take the exact same workflow and do it once using
manual validation, then again using automated validation. The
result was exactly the same, only the automated tool took a few
hours. The manual team was still working 3 days later...
19 | 3 Reasons to Adopt Automated Validation in Quality Management Systems
But Who “Validates” the Automated Validation

tool?
I would be remiss if I didn’t address this question. Of course you
would need to validate any software tool before you use it in your
organization. However, the time it takes to validate an automated
validation tool is much less time-intensive than an entire Quality
Management Solution. Once validated, it doesn’t change—it’s
validated and works. Quality Management solutions are configurable
—workflows, forms, fields change. So validation becomes most
important when doing regression testing—running the validation on
changed areas. It enables the quick validation companies need to be
agile, and provides the visibility and level of compliance needed for
Quality and Compliance Management in the Life Science industry.
Traditional Validation Still Makes Sense in Many

Areas
Manual validation has a significant place in adoption of Life Science
software systems. Certain elements must be manually validated —
that’s never going to change. There is a tremendous benefit to
this process, and automated validation does not seek to replace it.
However, automated validation strives to ease the validation burden
and make the process smoother.
So, with the right amount of assurance and knowledge, you can learn
to reap the benefits of stepping up to the next level.
Automated validation is still in its infancy, and only a handful of

vendors are using this revolutionary method to increase efficiency in
validation. But just as the need for faster time-to-market increases,
so will the need to speed up business process validation. Automated
validation provides the speed and efficiency without sacrificing
compliance.
20 | GMP Compliance that Spans Enterprises: Supply Chain Compliance
GMP Compliance that Spans Enterprises: Supply Chain

Compliance
There are scarcely any constraints anymore to confine our businesses. OK, so objectively speaking, why isn’t this being done today? Here’s
When looking at Life Science organizations—specifically those who why:
strive to achieve Good Manufacturing Practice (GMP) Compliance—
many still tend to think within their four walls. They concern Fear, Uncertainty and Doubt (FUD): There’s always going to
themselves with their processes and Quality management, yet fail to be FUD. Certainly in the regulated space, companies protect
consider the organizations that affect them outside their four walls. their intellectual property very carefully. The concept of allowing
contract manufacturers access to their data—even if protected—
I am specifically speaking about extending GMP Compliance to poses a certain degree of fear.
Contract Manufacturers and the supply chain. Software solutions are
able to provide multi-tiered security at every level, based on a person’s Technology is Still Leading Edge: Not many software solutions
location or role. Many organizations are adopting this in a multi-site offer this level of security, so it’s not been widely accepted as a
capacity with tremendous success—but what about extending a QMS practice. But think of the benefits if such a technology existed (it
to your contract manufacturers? does, by the way).
With all the compliance initiatives to increase visibility into the supply Knowing “Too Much”: Sometimes, ignorance is bliss—even in
chain, and the stringent regulations that companies must adhere to, this world we live in today. Some companies do not want this
it would make sense to provide a system that spans enterprises in level of visibility and/or control. This may be due to “plausible
addition to divisions. Here’s why: deniability,” liability issues, or it could just be that they don’t
have the bandwidth to engage the contract manufacturers at this
1. Visibility: Having a contract manufacturer work in your QMS level. But think of this—if there is a serious event related to your
provides you with the real-time visibility into their own Quality product as a brand owner, who is liable for the repercussions? The
operations. With this level of visibility, you can maintain control answer is the brand owner, not the contract manufacturer. So the
over the state of Quality outside of your four walls. pain of knowing too much may bite back at you in the long-run.
2. Real-time Collaboration Cuts Cycle Time: If there is a defect or The world is smaller, and more and more companies are collaborating
noncompliance, then the collaboration to resolve the issue can on new levels. We all are engaging in business. The key to success,
happen much more quickly. Unlike in current disparate systems, especially in the regulated environment, is incorporating more layers
you do not have the “lag time” while the supplier works on their of visibility into the various areas that help to make your products. This
end to resolve the issue. Quality and compliance events now not only includes standardized compliance between divisions but also
become a collaborative effort, all working toward the same goal standardization across enterprises.
and cutting the overall cycle time.
3. Compliance Right, the First Time: Certainly, the time taken to

resolve any of these supplier quality events causes a loss in time,
and the time taken to re-work and re-produce becomes a factor
against demand. With clear visibility and control in the contract
manufacturers process, you can now help to get the product right
the first time, reducing the time to market.
4. Technology Helps to Create a Secure Platform: Of course the

first concern is, “no way are they getting into my data.” Technology
has caught up with this—you can place security on every aspect of
the software—fields, keywords, etc.—so that external enterprises
only see the content that is relevant to them. You still control your
data, they are now just able to operate in your environment—
unable to see anything but their required information.
21 | Using Quality Management Software Tools to Manage Recalls
Using Quality Management Software Tools to

Manage Recalls
There is a saying, “plan for the worst, and hope for the best.” This is direction they need to go for each step in the process.
the general tone when discussing Recall Management. Let’s face it—
no one likes talking about recalls; there is no positive side to recalls, QMS Solution—Complaint Handling linked to eMDR: QMS
and certainly no one “wins” when a product is recalled. This is a double functions such as Complaint Handling can help in this process
whammy when you are a medical device manufacturer—not only are by logging and keeping track of all complaints in the QMS.
you recalling a defective product, but you are also facing regulatory A Complaint Handling application manages the investigation
scrutiny and potential customer endangerment. So when I speak and resolution of customer complaints in compliance with FDA
about medical device recalls, many are apt to have a system in place guidelines. For Life Sciences organizations, a benefit of many
to manage processes in the unfortunate event of a recall. The critical QMS solutions is the ability to integrate directly with the FDA’s
factor in this case is what system is best suited to effectively and Electronic Submissions Gateway using the electronic Medical
efficiently manage the recall process? Device Reporting (eMDR) form. This allows the user to create
reports of adverse events affecting a medical device organization
The FDA website states, “A well-built Quality Management System from the QMS and send them directly to the FDA, bypassing the
should reduce the number of (or prevent) recalls, returned or salvaged need to fax or mail in reports—resulting in faster response time.
products, and defective products entering the marketplace.” Recall
Management is a necessity in businesses today; the best and most 2. Notify the Public: Once the recall information has been submitted
effective means to automate recall processes is through an automated to the FDA and the recall plan has been put into place, the
QMS, which enables seamless compliance with the best practices of organization must then notify all parties involved. This can be done
Recall Management. through various media channels including press releases or recall
notification letters to consumers and facilities. All recall notification
Best Practices of Recall Management letters must include the identification and description of the
Implementing a Recall Management system using an automated QMS problem, and the depth to which the recall has been implemented,
guides an organization seamlessly through the recall process and whether retail, wholesale, or user level. This step must also include
enables integration with other functions across the enterprise. So what detailed return instructions for customers as well as a return
areas of Recall Management can a QMS solution provide? response form.
1. Submit Recall Information to the FDA: Once it’s determined that QMS Solution—Document Control: Having the required
a product or device warrants a recall, the process must be swiftly documentation such as notification letter templates, website
put into action. The FDA must receive all information related to the templates, press release templates, work instructions, and similar
product such as the name and information of the recalling firm, records is key to providing a quick response to a recall. Using a
name of manufacturer, as well as the reason for the recall including revision controlled Document Control system, organizations can
a description of exactly how the product is defective, how this has ensure that the necessary documentation is available within the
affected the safety of the product, and the date the issue occurred. system and is accurate and controlled, and ensures management
An FDA Health Hazard Evaluation (HHE) form, which shows the of the creation, approval, distribution, and archiving of these
organization’s assessment of the health risk, must be completed controlled documents.
and sent to the FDA. The company must also include the volume
3. Evaluate the Recall: Once the public has been notified and the
of product that was produced. They will need to submit the
recall has been initiated, the organization must then conduct
quantity and dates of distribution and the amount of product that
a recall evaluation to check its effectiveness. This will enable
is on hold due to the recall. They will then need to submit the
the organization to benchmark its effectiveness and assess the
distribution pattern and inform the FDA of the number of direct
progress of the ongoing recall. During this stage, recall status
accounts that they deal with in order to retrieve all products back
reports must be created; these status reports should consist of
from facilities and consumers.
the date each customer was notified, the number of customers
A recall plan must also be established at this point if the organization who were notified, the number of customers who responded, the
does not already have one in place. A recall plan is an important part quantity of product that was accounted for or returned, as well as
of an efficient Recall Management system. Every organization should the details of the effectiveness check.
have a plan in place in the event of a recall and should conduct drills
Once the root cause of the recall is discovered, this information
or “mock recalls” on their plan to guarantee its effectiveness. This helps
should be sent to the local FDA District Recall Manager, along with
to ensure that in the event of a recall, all of the necessary steps are
any corrective actions that have been established at this point.
executed thoroughly and correctly, the first time. The recall plan covers
Termination of the recall is the final step and can be started once it’s
everything from the submission of information to the FDA and how
determined that all parties involved have been notified, and all traces
the public will be notified to the evaluation of the recall. It is essentially
of the product have been recovered. Before the FDA will consider
the company’s “map” of the recall process, telling them exactly which
termination, a final status report should also be sent to the local FDA
22 | Using Quality Management Software Tools to Manage Recalls
District Recall Manager.
QMS Solution—Corrective and Preventive Action (CAPA):

In addition to determining root cause and investigation, the
CAPA provides a method for recording and tracking any
corrective actions taken, as well as verification of effectiveness
of the corrective action. Using Quantitative Risk Assessment,
organizations can conduct a Risk Assessment at the root cause
phase, as well as at the effectiveness phase to ensure that
corrective actions reduce the risk or recurrence to acceptable risk
levels. An automated CAPA should have the ability to generate
multiple report types throughout the process, including a CAPA
history report which details the CAPA process from start to finish,
as well as any other related records that are critical to the CAPA.
This type of reporting is critical to the recall process, and provides
complete transparency when submitting information to the FDA.
QMS Solution—Change Management: Forty-four percent of

medical device recalls are caused by inadequate design control.
Change Management links Quality into the product lifecycle
and maps Quality at each step in the process starting from
product design. Change Management applications provide the
workflow and business rules necessary to execute and manage
a change within the organization across multiple operational
areas. Design, supply chain, production, and post-market data
are all linked to a holistic Change Management process, with
Quality and compliance as the backbone. Furthermore, the
recall information is integrated into every phase of the Change
Management process, enabling the data retrieved during the
recall to be factored into the design, production, and execution
of the change. This ensures that once the recall is closed, the
Change Management process “learns” from the data collected and
mitigates the risk of recurrence in the next product lifecycle.
In many ways, a recall can be seen as an emergency process for

crisis management. Much like a crisis management plan, you need
to have the process outlined in detail, and you need to practice what
needs to be done in the event of such an event. So too is the Recall
Management plan. Companies run “mock recalls” to make sure the
process is seamless and effective, and that a system will have the
workflow and business rules to ensure efficiency. Quality Management
Systems provide the framework and processes to help companies plan
for the worst and hope for the best.
23 | The Bill of Compliance in Quality Management: The Quality Hub Concept
The Bill of Compliance in Quality Management:

The Quality Hub Concept
Employee Management is a central factor in any manufacturing
organization. What’s most compelling is the evolution over the past
decade on our perception of Quality Management. Once thought to
be another siloed system in an organization’s infrastructure, Quality
Management Systems have evolved into a central point of prominence
in defining how products and processes are executed.
In many industries, compliance is the word of the times; compliance

encompasses so many facets within an organization. Compliance to
regulatory standards, compliance to good manufacturing processes,
compliance to governance and risk—compliance is everywhere in the
organization. In order to remain competitive in today’s fast-moving
markets, organizations not only have to adhere to the demand of the
consumer, they need to ensure that compliance is met throughout.
Whether it’s in design, supply chain, production or post-market,
compliance is the underlying force that drives competitive advantages
over others in the market.
The challenge is how to manage compliance across these varying

operational areas, to ensure there is a consistent and viable way to
collaborate and ensure that Quality and Compliance are met at all
levels of the process. The Quality Hub
If we start to look at the Quality Management System as a hub for
The Bill of Compliance the organization, we can then broaden the scope for which we view
Much like organizations generate a Bill of Materials (BOM) when Quality in an organization. A standardization of compliance across the
creating a production process, organizations are taking a similar organization can lead to many great things:
approach to compliance. The BOM provides the different operational
areas with the list of materials, design specifications, procedures, work 1. Common platform for compliance: One single view of the
instructions and related data to ensuring the production is successful truth in an organization on Quality and Compliance enables
and consistent. The Bill of Compliance (BOC) operates in a similar way; management to view compliance in a broader light.
but instead of creating consistency in production, the BOC strives to
create consistency in compliance from one operational area to the 2. Quality’s reach is extended: Supply Chain, Production, Design,
next. EHS, Governance and more—all these areas are now connected to
Quality more than ever before, and Quality becomes ensconced
Quality Management Systems are the key to a successful BOC. The within every aspect of the business.
Quality Management System operates as a “Hub” for all business
systems feeding compliance data, organizing and analyzing the data 3. The View from the top is clearer than ever: Decision-making is
and creating a level of visibility into Quality operations that cannot be improved when compliance risks are visible. The more we can see,
achieved with each system individually. the better decisions we can make.
“The BOC, like a bill of materials or bill of process, provides a persistent While these concepts are a fairly recent perspective on our way of
structure (a metadata definition) that defines bindings for master thinking about Quality, many organizations are already employing
and operational data elements (these could be stipulated regulatory these methods in some form or another. Quality by Design, Supplier
documents, Material Safety Data Sheets [MSDSs], assay results, Quality, and even EHS activities are being tied to Quality Management
raw material specifications and training certifications) required to Systems, and as more and more systems begin to integrate with
demonstrate product and process compliance for material sources Quality, the closer we are approaching to a true Quality Hub. As you
and destinations by region, industry or even customer,” says Simon begin to evaluate your business systems and explore your options
Jacobsen of Gartner Research in report “EQM Hubs Unite Quality for improving your compliance visibility, look to Quality to provide
Management IT Systems Across the Value Chain, ”published on March you with the Hub that will house a Bill of Compliance. This level of
29, 2012. Simon goes on to say that “...the EQM hub provides the compliance has proven effective for many organizations in leading
master data management processes needed to maintain the BOC over the charge to put Quality and Compliance at the forefront of the
its life cycle, and provides a single version of the truth with respect to operation.
compliance requirements for all other enterprise systems involved in
conversion processes.”
24 | The Hitchhiker’s Guide to Quality Management Software
Final Thoughts: Fun Takes on QMS Software
The Hitchhiker’s Guide to Quality Management Software

In the beginning, products were made and somebody suggested demonstrate the vendors’ ability to configure the QMS to meet
implementing processes to manage Quality. This is widely agreed as a your needs. Don’t be afraid to ask the tough questions, and
big mistake, and we should all be blissfully unaware of the dangers of explore the short- and long-term benefits of the solution.
poor Quality. (I kid, I kid.)
The Guide Says: Put together a plan to ensure the system will be
If you’ve ever been a part of Quality Management Systems adoption, able to demonstrate the solution you want, and make sure all your
you know that no matter which part of the universe you are from, there questions are answered.
will always be that pesky human element. This is the aspect of the QMS
that takes into account the people who are using the system, and the 4. So Long, and Thanks for All the Fluff: One of the key areas in
processes that they need to govern their Quality System. Rest assured, a QMS Solution is the ability to configure your processes without
top scientists have been working on taking that human element out, programming. This is something that will save you time and money
and replacing them with hyper-intelligent cyborgs to determine what’s in the long run; the less development time, the better. Look for
best for humans. However, the cyborgs recently became self-aware systems that build upon a framework of proven, industry accepted
and determined that their time was better spent at the local coffee best practices, and dismiss those that are lacking any industry
house perfecting the Caramel Macchiato, and not wasting their time focus (i.e., full of fluff). Having a solid framework of modules such
on frivolous QMS tomfoolery. as Document Control, CAPA, Audits, Training, NCM and others
gives organizations a starting point. Flexible configuration tools
So, for now, we’re stuck with finding solutions that meet our help you to tweak these modules to meet your unique (human, not
unique business needs. While this at face value seems simple, it’s cyborg) business needs.
commonplace to fall into a vortex of features, functionality and
technologies that complicate the process. I’m here to tell you that I’ve The Guide Says: Make sure the solution incorporates all the right
decided to create a new guide for selecting the ultimate QMS, based best practice modules to meet your needs, and allows you to
on these principles (and ripped off from one of my favorite books): configure each module to your unique needs.
1. Don’t Panic: I think this phrase should precede every software 5. Reporting on Life, the Universe and Everything: OK, maybe not
discussion, let alone Quality Management Systems. Too often, everything, but without a solid reporting system the data becomes
people get caught up in the hoopla of system analysis, RFPs, hidden. Part of any QMS solution is having a comprehensive
and overreaching functionality. While these are all great things business intelligence component that will provide you with the
to have in the QMS process, there should be a core element ability to see trends in your Quality data. Understanding trends
at the forefront–“What is my business need, and how can the within the system can help to foster change within your processes,
system meet my needs.” Don’t overthink the project; too often continual improvement, and more efficiencies in your Quality
solution selection initiatives become overburdened by too many operation. Look for a solution with a built-in and centralized
requirements, and you lose focus. The key is to have a clear goal in reporting system that rolls up data across all modules and facilities.
your project and, if the system is robust enough, it will grow with
The Guide Says: Reporting tools are a key component to the
your needs.
QMS; they help to provide visibility into the data, uncover trends
The Guide Says: Build out a comprehensive project, but start with and foster organizational change.
your high level goals and work down from there.
As we hurdle through the universe on this mostly harmless planet,
2. Less is More (more or less): Simply put, keep it simple. Don’t Quality matters to us all (no matter how much we resist). Systems
outthink yourself on your processes. Find a solution that can scale are in place to help ensure that Quality is met, and software helps
to meet your growing needs, and have the technology to grow to streamline the system. There are many ways to look at selecting a
with you, but when you set out on the implementation, start with a software solution and this is probably the strangest one you’ll read, but
few processes. Get your feet wet and then jump off the deep end; the core message is the same—focus on your business needs, find a
you’ll find that a little familiarity will go a long way. solution that will adapt and grow to your needs, and select only those
solutions that will complement your business.
The Guide Says: Build an implementation project that will start
simple, but be able to scale big as you develop the solution.
3. If the Answer is 42, you Haven’t Asked the Right Question:

When you start looking at potential solutions, it’s vitally important
that you see what you want to see. The idea is to have the
right questions to ask, and that the right processes are being
shown. Show the vendor your processes and have them match
the processes when they demonstrate it; this will not only allow
you to see how the system could potentially look, but will also
25 | What Star Wars Can Learn from Quality Management Software
What Star Wars Can Learn from Quality

Management Software
documents would have been limited to those who had the proper
access rights. Furthermore, document control can limit the details of
certain fields within the data, so that no sensitive data is accessed.
2. Employee Training System: Without proper employee training,

then many organizations run the risk of Quality incidents, Safety
incidents, and other risks to the business. It appears to me that The
Empire was not tracking training in a centralized system. If they
were, then they would have been able to see that nearly 80% of
the Stormtroopers in The Empire couldn’t hit a target with a blaster
if their lives depended on it (and it often did). Or maybe they
would have uncovered the fact that their patrol procedures clearly
missed security breaches—Like 80 year old Jedis skulking around
the tractor beam. Proper training systems enable managers to see
visibility into not only who is trained, but also how well they are
trained and whether actions need to be taken to update training
“What if The Empire had implemented a QMS on the Death Star?” records for poor performance.
Here’s what would have helped The Empire in their endeavor to rule
the galaxy if they only had put Quality Management as a strategic 3. Supplier Management and Supplier Rating: Let’s face it—The
initiative. Empire had to have contracted out to build this Death Star. All
the components that go into building a finished product rely on
Project Management: From the time that the Death Star plan was suppliers and contractors to help complete the process. When
conceived, it took The Empire almost 20 years to complete it. A project watching the movie, we know that the Rebels found a weakness
this large requires multiple roles involved and delegation of activities. in the design of the Death Star (thanks to the weak Document
The Death Star project management team consisted of three key Management System). If The Empire would have had a real-time
people—Grand Moff Tarkin, Darth Vader, and Emperor Palpatine. inspection and rating system, they would have been able to
These are not the more flexible managers, and are not above taking inspect that access port, and send out a Corrective Action to the
employee errors or missed deadlines with the aid of a lightsaber, force knuckleheads who thought putting a direct access to the Death
lightning or a death ray. Star core was a good idea.
Perhaps if The Empire implemented a Quality-based Project 4. Nonconformance, Audits and Corrective and Preventive
Management System, they would be able to clearly define the roles Action: Let’s stay on this, then. Obviously, we know that the Death
involved in the project, assign tasks to those roles, and manage Star had a defect. It was only in the final hour did The Empire
the project from an aggregate level. Workflows keep the project realize the danger, and by that point it was too late. If they had a
deliverables on track, and perhaps this level of visibility would enable Quality system in place, they would have found this flaw, whether
them to maintain control, without having to resort to the Dark Side as through regular space Audits (or at the very least an Audit through
their only means of clairvoyance. tremors in the Force), or a Nonconformance when the defect was
installed, and issued a Corrective Action to fix the problem. Clearly,
1. Document Management: Let’s be honest—even The Empire Quality took a backseat to their overconfidence, and ultimately
could’ve used a strong Document Management System. Given the resulting in, well…you know the rest.
sheer size of the Death Star with the thousands of “employees”
that worked there, there would have been tens of thousands of 5. Management Review and Reporting: As I said before, the
records that would need to be controlled—work instructions, job primary project managers used fear as their primary motivator,
descriptions, procedures, floor plans, and the like. You would think and seldom relied on the data to help them with Quality. In the
that with this “technological terror” The Empire constructed, there movie, you see the officers of the Death Star sitting in a conference
would be a secure Document Management System in place. room, and not one of them produced a report—if they had a
robust reporting system that collected Quality data from all areas
Then how did a small droid like R2-D2 plug into the network and of the Death Star, and rolled this data up to help determine the
download the Death Star plans like it was a space walk in the park? top risks and top Quality issues, then maybe that meeting would
My guess is that The Empire, in all its glory, was using a file system to have gone differently. Perhaps if that poor guy had shown Darth
store documents. If The Empire would have used a Document Control Vader his latest Quality Report, he wouldn’t have gotten the old
system like those in a QMS, access to these specifically sensitive “force choke” from the Dark Lord of The Sith. Having a top-level
26 | What Star Wars Can Learn from Quality Management Software
reporting system that presents the Quality system challenges in a

single view might have mitigated their risks.
6. Risk Assessment: I think that perhaps The Empire took many risks
when going about this whole Death Star thing. Did Tarkin assess
the risk of testing the Death Star on Leia’s home world? Did Darth
Vader assess the risk of letting the Rebels escape with the Death
Star plans? Did they assess the risk when they underestimated the
rebel’s chances of destroying the Death Star? In any system, it’s
important to incorporate risk into the processes, whether Quality
or similar system. If The Empire would have perhaps weighed the
severity and likelihood of the risks associated with their actions,
perhaps we would have seen a different outcome of the story. Risk
Assessment, especially in a QMS, allows managers to filter out
critical events, and make better decisions on how to handle them,
and then ultimately mitigate the risk of recurrence.
Of course, we know that if The Empire followed these rules of Quality

Management, we wouldn’t have had the story that makes Star Wars so
great. But it is sometimes fun to imagine, “What if?” and see how life
would have been if instead of Darth Vader, we had Darth Deming.
www.etq.com 800.354.4476
info@etq.com 516.293.0949

Selecting, Implementing and Using FDA Compliance Software Solutions

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Selecting, Implementing and Using FDA Compliance Software Solutions

Uploaded by

Copyright:

Available Formats

1

Introduction: Why do we need QMS?

Getting Started on Your Journey

Tips for Implementation Success

Risk Management in QMS

Regulatory Matters-FDA Compliance in Quality Management

Final Thoughts: Fun Takes on Quality Management

Getting on the Quality Management Software Soapbox

What You Didn’t Know, or Were Afraid to Ask

Especially in regulated industries where the scrutiny is so high,

your Corrective Action cycle time by 50%, and you’re able to

Regardless of their actual investment cost, the benefit of having a

2. Case: A Blood Services organization had a manual Quality

Scalability: Can’t We All Get Along?

8 Simple Rules for Selecting a Quality Management

7. Know Your Audience—End User Acceptance: Typically,

ook Under the Surface:

b. Ask for a Debt to Equity Ratio: This is a great way to

c. Annual Growth Rate: Average growth percentages over

d. Annual Net Income Growth Rate: Another good

Build vs. Buy: Best Practice QMS Solution over

Software vendors with best practices built-in draw on a history

Consider the breakdown on build versus buy conducted in a

When comparing these two scenarios, we can assign a risk ranking to

Comparison: Build Versus Buy

Avoid the Dangers of Buy…then Build

The decision to implement enterprise software is not a simple task.

While both options have merit, many organizations opt to leverage

Avoid Scope Creep in Enterprise Software Implementation

At this point, with the requirements gathered and design

3. UAT User Acceptance Testing: It’s important to always include

The theory behind using this project management/requirements

Investment in software shouldn’t fall victim to a poor

Why Marketing is Important for Your Quality

3. Run Your Own Mini-Launch Campaign: We’re not talking a

Teasers: The best thing about teasers is you don’t have to do

The Importance of Risk in the Complex Quality Lifecycle

3. Enterprise Risk Management: Risk mitigation is everywhere. If

Risk Assessment: Creating a Risk Matrix

The components of risk usually manifest themselves in two forms:

The next question becomes, “How do I incorporate Risk into my

Too often, when adverse events enter an organization’s Quality

What you end up with is this—hundreds of CAPAs, without really

2. Use Risk to filter events: So if not every event needs to be a

3. Do a CAPA on your CAPA System: Sometimes even a good

4. Use Risk to Ensure Effectiveness: For an action to be truly

Using Complaint Handling Software to Improve Quality

3. Integrated with other Business Systems: Like any technology,

3 Reasons to Adopt Automated Validation in Quality

But Who “Validates” the Automated Validation

Traditional Validation Still Makes Sense in Many

Automated validation is still in its infancy, and only a handful of

GMP Compliance that Spans Enterprises: Supply Chain

3. Compliance Right, the First Time: Certainly, the time taken to

4. Technology Helps to Create a Secure Platform: Of course the

Using Quality Management Software Tools to

District Recall Manager.

QMS Solution—Corrective and Preventive Action (CAPA):

QMS Solution—Change Management: Forty-four percent of

In many ways, a recall can be seen as an emergency process for

The Bill of Compliance in Quality Management:

In many industries, compliance is the word of the times; compliance

Teasers: The best thing about teasers is you don’t have to do

QMS Solution—Corrective and Preventive Action (CAPA):

QMS Solution—Change Management: Forty-four percent of