GxP Engineering Consultancy And Validation Services

Accelerating GxP clients towards their engineering compliance goals. Providing leading expertise in technology systems, which improve productivity, product quality and patient safety. Coming Soon : CPD Approved Medical Device Software Validation Training Course, in line with GAMP 5. Products for Sale : New Document Templates are now Available for Purchase.

GxP Engineering Consultancy And Validation Services

Zener Engineering Services Ltd Logo

GxP Engineering
Consultancy And
Validation Services


Blog Post

Zener Engineering Services Ltd Logo

"You Went To QA” - The Case Study

  • by Zener Engineering Services Ltd
  • 29 Nov, 2023

Said a Project Manager with No GxP experience - working for a Blue Chip Pharmaceutical company.

Inspection Stress

In the complex landscape of Software Validation and Quality Assurance (QA) in the Life Science Industry, where meticulous attention to detail is paramount, an occurrence of non-compliance can have far-reaching consequences. The case study "You Went To QA” delves into a scenario where non-compliance issues arose, and, surprisingly, the Client's QA team failed to ensure the correct action was taken. Through the lens of this real-world example, ZES explore the ripple effects of non-compliance, the potential pitfalls of oversight, and the lessons that can be gleaned for bolstering QA practices and having a QA department that is actually in control.

A Scenario of Non-Compliance Unfolds

In the ZES case study, a GxP Cloud software development and implementation project was underway with an unclear set of requirements, standards, and compliance expectations of the Software Supplier. It also became evident that certain team members of the Client's personnel were deviating from established guidelines and Client company policies and procedures. This non-compliance manifested itself in various forms – from GxP coding practices that violated established standards to a lack of adherence to regulatory documentation requirements.

Initial Signs of Non-Compliance

In any project, early detection of non-compliance is crucial to prevent its escalation. Unfortunately, in this case, the red flags were initially overlooked (possibly deliberately) or underestimated by the preferred hands-off approach by the Client’s QA department. Warning signs such as “apparently" completed testing without approved User Requirements, untraceable coding, deviation from Client Policies and Procedures, and other sporadic sizeable documentation gaps were not promptly recognised by the Client's QA Department as potential indicators of non-compliance.

Communication Silos and Unacknowledged Concerns

One contributing factor to the oversight, in the opinion of ZES, was the breakdown in communication channels. Client team members, including QA personnel and Users, were operating in silos, with limited cross-functional dialogue. Concerns raised by ZES about non-compliance had not been previously effectively communicated to the senior QA team by the Client's project team, and vice versa, possibly deliberately.

QA Oversight: A Gap in Vigilance

ZES assumed that the Client's QA team, as the guardian of quality standards, would be quick to identify and address non-compliance issues. However, in this case, the senior QA team were happy to operate at arm's length and were possibly inadvertently blindsided by a combination of factors, including a heavy workload, limited visibility of ongoing project progress, and a Project Manager who had little regard for compliance, policies and procedures and was happy to spin a yarn.

Root Cause Analysis: Identifying Systemic Issues

The aftermath of this case should have prompted a comprehensive root cause analysis. However ZES have little confidence that it did. ZES uncovered systemic issues within the Project Management structure and QA including insufficient communication channels, a lack of cross-functional collaboration, and Senior QA operating at arm's length (for example just signing the Validation Summary Report.) These factors, when combined, created an environment where non-compliance issues could thrive unseen and unheard, again potentially deliberately, by QA.

One of the main areas of concern for ZES was the intentional dumbing down of the potential risk to the Patient. The System was classed as a simple database by the Client. However, in the expert opinion of ZES, this was incorrect, as the System actually provided significant functionality for Users, i.e. to decide who was correctly trained, schedule appointments, send referrals, provide chat rooms, provide limited patient interaction, and provide functionality to change clinical interventions. There were also GDPR implications.

    It is the expert opinion of ZES a simple database does not provide the degree of functionality, the System did in this case.

    The Impact: Cost Overruns, Delayed Timelines, and Reputational Damage

    The repercussions of non-compliance can be multifaceted. In this case, the project faced costly overruns due to the need for extensive rework to rectify non-compliance-related issues. Timelines were delayed as the team grappled with re-testing and resolving unexpected complications. Additionally, the reputational damage incurred due to the discovery of non-compliance had broader implications for both the Client and their Project team, not to mention the potential risk to the Patient.

    Lessons Learned: Strengthening QA Practices

    From this case study, several critical lessons emerge for fortifying QA practices:

    Enhanced Communication Channels:

    Establishing transparent communication channels between Suppliers, Project Managers and QA teams is paramount. Regular meetings, cross-functional collaboration, and open dialogue can ensure that concerns are identified and addressed in a timely manner.

    Continuous Training and Awareness:

    Keeping both Project Managers and QA teams abreast of evolving compliance standards through continuous training sessions fosters a culture of awareness. This ensures that all team members remain vigilant and proactive in identifying and rectifying non-compliance.

    Regular Audits and Reviews:

    Implementing regular audits and reviews of coding practices, documentation, and development processes by technically competent personnel acting on behalf of QA, can serve as a preventive measure. These audits act as checkpoints to identify deviations from established standards before they escalate. QA should approve project documents at every key stage of the project and not just take the word of a Project Manager.

    Proactive Issue Escalation:

    Encouraging a culture where all team members feel empowered to escalate concerns without fear of reprisal is crucial. Early detection and escalation of non-compliance issues prevent them from becoming entrenched problems with widespread implications. Plausible deniability should not be relied upon, when patients’ lives are at risk.

    Conclusion: The Imperative of Vigilance in QA Practices

    In conclusion, the case study highlights non-compliance, and QA oversight underscores the imperative of vigilance in QA practices. Non-compliance, when left unaddressed, can lead to cascading consequences, impacting project timelines, budgets, overall quality, but most importantly the Patient. The lessons learned from this scenario serve as a reminder that QA is not just about signing summary reports and hoping everything is correct but also about actively engaging in continuous improvement, communication, and a holistic understanding and supervision of the software development process. In the ever-evolving landscape of technology, where adherence to standards is non-negotiable, the ZES case study serves as a Call to Action for Life Science organizations to fortify their QA practices and embrace a culture of unwavering vigilance and to not solely rely on a supplier for compliance. 

    Patients are the Life Science organisation’s Clients, not the Suppliers.

    Visit the Case Study page of the ZES website using the link below for the case study in question:
     https://www.zeneronline.co.uk/services/case-studies#YouWentToQAPc

    Share This Post

    by Zener Engineering Services Ltd 13 November 2024
    A 'well-established' cleanroom supplier proposed cleanroom fans unsuitable for a new sterile manufacturing facility, required by a Cell and Gene Therapy Client
    by Zener Engineering Services Ltd 22 October 2024
    The importance of the critical role performed by Authorising Engineers (AEs), can't be overstated.
    by Zener Engineering Services Ltd 2 October 2024
    NHS refreshed using ZES Mugs, one drop at a time.
    by Zener Engineering Services Ltd 15 September 2024
    A successful GxP Data Integrity training strategy is an ultimate goal for any Life Science Organisation
    by Zener Engineering Services Ltd 22 August 2024
    A successful GxP Calibration Management training strategy is the ultimate goal for any Life Science Organisation
    by Zener Engineering Services Ltd 1 August 2024
    Significant skills are required to implement compliant solutions, to satisfy the regulatory requirements of 21 CFR Part 11 and to ensure Data Integrity of Electronic Data.
    by Zener Engineering Services Ltd 19 June 2024
    Three New GxP Training Courses: ERES, Data Integrity And Calibration Management
    by Zener Engineering Services Ltd 30 May 2024
    A successful regulatory outcome is the ultimate goal for any Life Science Organisation
    by Zener Engineering Services Ltd 8 May 2024
    Various GxP Computer System Regulatory Requirements state that the integrity of the data held on such systems, is to be protected by a level of security that prevents tampering with records, or other unauthorised changes to ‘cover’ potential poor practice.
    by Zener Engineering Services Ltd 19 April 2024
    Effective documentation is the backbone of any successful Life Science organisation, whether it's creating manufacturing records or policies and SOPs.
    Show More
    Share by: