Companies Cannot Outsource IT Responsibility, Expert Warns
Skilled use of outsourcing can save FDA-regulated life sciences companies money, time and headache, but it doesn't absolve them of ultimate responsibility for their product and data, former FDA Special Assistant to the Associate Commissioner for Regulatory Affairs and now EduQuest President Martin Browning said at an Aug. 31 audioconference sponsored by FDA News.
With the use of outsourcing for many functions expected to increase, Browning warned companies to remember to carefully vet their partners and conduct ongoing monitoring after the real work has begun. However, don't rely too much on audits, he advised. "Those are a snapshot in time only," he said. In fact, audits alone are a "very poor" way of keeping tabs on your outsource partners' performance, he said.
"Diligent monitoring is the real key to maintaining quality and a better way to assess the health of a company," Browning said. "Preventative rather than reactive oversight can be far more efficient," he added.
An effective monitoring program should be in writing, Browning told attendees. Companies must also train their employees and make certain the outsourcing partners understand the requirements -- technical and regulatory, among them -- of the company and the FDA. "Constantly measure compliance," Browning said.
Monitoring is particularly important in the area of IT outsourcing. And that's an area of outsourcing that is likely to grow faster than most, he noted. "If you outsource IT, you are still responsible for assuring that all required activities are performed and documented," Browning said.
And IT touches nearly every aspect of a company's operations, he said. "All companies are data driven today; it is a critical function." Most, if not all, of that data is electronic.
Mind the Cracks
When FDA inspectors issue outsourcing-related warning letters, they tend to focus on "seams where the data falls through the cracks," Browning said. To better protect against that kind of FDA action, he advised that issue and task closure must be clearly defined and assured in written form.
Because IT is so important to maintain properly, and sometimes costly, senior management is often tempted to outsource it, he noted. They see outsourcing as a way to reduce costs and improve efficiency, and Browning agrees that it can do both.
However, senior management is often not familiar with the specialized aspects of IT, and that means it is especially important to monitor effectively, early and often.
For starters, FDA-regulated life-sciences companies must remember to inform the agency about their outsource partners, Browning said. Some outsourcing partners, such as commercial sterilization companies, are required to register with the FDA on their own, but in other cases the hiring company has to make certain the vendor has registered or otherwise informed the agency. Changing a supplier also requires agency notification, he said.
The FDA has the authority to inspect most, if not all, of your outsourcing partners, Browning added. Bottom-line: "Document everything."
Contracts and service level agreements are another important layer of protection for companies that outsource, Browning noted. Those agreements should be clear and detailed starting with definitions of terms as viewed by your company and government regulators. Also be certain to identify key contacts with attached responsibilities rather than just focusing on job titles, he advised.
While saying he was a fan of wise, targeted outsourcing, Browning reminded companies not to get carried away with the concept. Activities that should not be outsourced include:
Where your company holds the technical expertise and does not want to give control away; Those you cannot monitor; and Where you have made specific commitments to the FDA or other government regulatory bodies.
To order a complete CD or transcript of Browning's presentation, go to www.fdanews.com/wbi/cds/2412-1.html (http://www.fdanews.com/wbi/cds/2412-1.html). -- Michael Causey