Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Shifting Marketplace

Published byRyann Wigginton Modified over 9 years ago

Similar presentations

Presentation on theme: "The Shifting Marketplace"— Presentation transcript:

1 Securing The Supply Chain Through e-Pedigree Security As A Quality Objective

2 The Shifting Marketplace
The drive to globalize pharma and biotech has created significant challenges in ensuring the integrity and security of the product supply chain

3 FDA Response Mandated that industry move to a solution which would provide traceability throughout the entire supply chain. From raw material supplier to the final customer - Industry must drive out risk from the process.

4 Recent Issues in the News
Contaminated Heparin-Baxter Melamine in Baby Formula Medtronic Defibrillator Attack What’s next ???

5 FDA Modernization Initiatives- Driving Change
Critical Path Initiative – To “lean” the drug and medical device development process bringing safer, more effective products to market faster while reducing the candidate failure rate Risk Based cGMPs – regulatory oversight based on risk as well as the use of scientific manufacturing tools to reduce risk Two major initiatives are driving change within the industry BC

6 Protect Americans from Counterfeit Drugs
FDA Action FDA News FOR IMMEDIATE RELEASE P06-78 June 9, 2006 Media Inquiries: Consumer Inquiries: 888-INFO-FDA FDA Announces New Measures to Protect Americans from Counterfeit Drugs The U.S. Food and Drug Administration (FDA) today announced new steps to strengthen existing protections against the growing problem of counterfeit drugs. The measures, which were recommended in a report released today by the agency's Counterfeit Drug Task Force, emphasize certain regulatory actions and the use of new technologies for safeguarding the integrity of the U.S. drug supply. "The adoption of the FDA Counterfeit Drug Task Force's recommendations will further reduce the risk that counterfeit products will enter the U.S. drug distribution system and reach patients," said Dr. Andrew C. von Eschenbach, the FDA's Acting Commissioner. "We must remain vigilant in our efforts to ensure our nation's drug supply is protected against an increasingly sophisticated criminal element engaging in a dangerous type of commerce." Among other new measures, FDA will fully implement regulations related to the Prescription Drug Marketing Act of 1987, which requires drug distributors to provide documentation of the chain of custody of drug products -- the so-called "pedigree" -- throughout the distribution system. FDA had placed on hold certain regulatory provisions because of concerns raised at the time about the impact on small wholesalers.

7 Industry Response: e-Pedigree
Wait And See Attitude – Some action has been taken with a tactical focus. Strategic focus is lacking FDA - Has not really begun enforcing the e-pedigree solution – “Details” are still being worked out ICH Q9 - International Baseline for Risk ( IPEC - Do a paper audit and create an audit trail for suppliers to demonstrate integrity Industry- Current technology solutions are too expensive ($1/unit of sale), yet emerging technologies show more promise as time progresses (FDA recently recommended a new technology solution- Nanoink which has potential for individual tablet ID). Security is not a destination it is a journey. We will make changes as the circumstances change. ICH Q9 is good but some say is already becoming obsolete. Data and knowledge are the marketable commodity not the drugs.

8 FDA Response Focus on traceability through technology i.e: RFID
2D Bar-Coding Reliance on the current QMS as foundation for implementation

9 Pitfalls Of Technology Focus
We have a tendency to make the project about the technology. The challenges in getting technology to work causes us to lose sight of the associated systemic risks. Once we have the most challenging technology “assets” working, we declare victory (or at least take a long break).

10 RFID Passport Case Study
RFID Passports presented a large technology challenge – Secure RFID Tags Current RFID Passport tags have robust security Attacker focused on the reader/database and told the database to accept a bogus passport as legitimate ( RFID Chip (The Focus) was not attacked. Attacker simply shifts His Focus to something else.

11 We Can Look At Some Past Examples Of Security Failures And Their Impact
Tylenol Cyanide Poisoning: $100 Million Recall ! 9/11: We Are Still Dealing With This Electronic Voting Machines: Hot Topic ! One Manufacturer Believes That They May Never Be Able To Sell Another Electronic Voting Machine Even If They Fix The Security Problems. Diebold Is Trying To Divest Itself Of All Electronic Voting Machine Assets. Media Reports Still Circulate About Electronic Voting Machine Manufacturers Being Part Of A Conspiracy To Defraud The Voting System. Also threats from emerging markets. Can you take the hit and still be standing?

12 The Challenge We are no longer worried about drug diversion as the primary endpoint We are worried about the diversion of data. This is our Achilles Heel. Technology is only part of the answer.

13 The Key to a Successful E-Pedigree System
Supply Chain Security Solution Supply Chain Knowledge Technology Solution

14 Leveraging ICH Q8 and Q9 Understand the drivers for variation in the process Understand the risks in the process Mitigate the risks in the process Use the right tool to drive down the risk of failure

15 A Marriage of Equals? Is it possible to be successful without giving equal consideration to all three components of e-pedigree (security, technology and supply chain)? Ultimately this must be managed like any quality program: Define the process Measure the process Monitor the process

16 Defending The Subversive Business Model
Early Attempts To Control Illegal Drugs (Pre-Internet) Focused On Getting Local Police To Crack Down On Operations (Colombian Drug Lords, Mexican Farms, Opium Fields) Drug Dealing Cartels Responded With Brute Force (Firepower). Security For Drug Enforcement Agencies Became An Extremely High Priority As A Result Of This Backlash. Drug Cartels are still growing and still quite strong despite DEA efforts ( ) Brute Force has not been successful.

17 ePedigree Is A Tool To Address The New Drug “CyberWar”
Illegal Drug Dealing Has Moved From The Streets To The Desktop. The World Health Organization estimates global sales of counterfeit medicines at $35 billion to $40 billion a year. ( Drug Dealers Are Now Arming Themselves With Hackers As “Soldiers” In Their “Armies”. The reality is, the pharma information infrastructure is easy to penetrate. We must look to our technology infrastructure when assessing the security of our supply chain

18 Classical Approach to Security
Security Management Is Grouped Within IT/Engineering (Technolgy). The Result Is Often A Weaker Or “Watered Down” Security Implementation. As Resources Become Strained, Security Is Watered Down Further, Or Effectively Eliminated. Security Solution Security Solution Supply Chain Knowledge Technology Solution

19 What Is The Impact Of A Security Failure ?
Who Are The Stakeholders ? Manufacturers Integrators/Consultants Technology Providers Distributors Pharmacists/Doctors Stockholders Consumers Taxpayers Government Counterfeiters ????????? How Is Each Stakeholder Affected ?

20 A Few Security Threat Examples (RFID)
Cloning RFID Tags Or Data How Do You Know If It Is Authentic? ePedigree Data Stolen Data Can Be Used To Create Counterfeits “Snooping” RFID Tags ePedigree Data Do I Want This Information Available To Anyone ? Data Transmission “Sniffing” Drug Manufacturer ePedigree Data Is A Negotiable Instrument ePedigree Data Database “Poisoning” One Can Profit Handsomely Without Ever Handling Guns Or Drugs !!! Drug Manufacturer ePedigree Data

21 What Is The Impact Of A Security Failure ?
THE ANSWER IS… WE DO NOT KNOW THE IMPACT OF A SECURITY FAILURE UNTIL IT HAPPENS All We Can Do Is Try Our Best To ESTIMATE The Impact Of A Security Failure and Take Steps to Mitigate It

22 The 7 Deadly Sins Of Security
Not Measuring Risk – What You Don’t Know Will Hurt You. Thinking Compliance Equals Security – Compliance = Compliance. Security Is A Process. Overlooking People – The human side of things Too Much Access For Too Many – User rights Lax Update/Patching Procedures – Keeping it up to date Lax Auditing Procedures – Making sure it is all doing what it should be doing. Spurning The K.I.S.S. Principle – KEEP IT SIMPLE !!!

23 What Is Supply Knowledge?
Supply Chain Security Solution Supply Chain Knowledge Technology Solution

24 Understanding the Supply Chain
Key Components: Procedures/Schedule Personnel Technology Business Drivers Transportation Product Specifics: Product indication Container System Current Traceability Architecture

25 Diagnostic Techniques
Value Stream Map: Material Information Time Harmonization Requirements Regulatory, Import/Export Requirements Key Stakeholder Analysis

26 What Do We Do When Security Failures Occur ?
We Allocate A lot of Resources to Security Management Security Solution Supply Chain Quality Resources Supply Chain Knowledge Technology Solution Technology Quality Resources Must AGAIN allocate supply chain quality and technology quality resources as well if we are to fully address the issue.

27 What About the Quality of Security?
Supply Chain Security Solution Supply Chain Knowledge Technology Solution

28 Risk Management In order to assess the quality of our security solution we must assess its capability to address the threats to the Supply Chain We must clearly understand the challenges EVERY stakeholder brings to the risk profile

29 Adopt Risk Management Tools
Auxiliary Tools Fault Tree Analysis (FTA) Hazard Analysis and Critical Control Points (HACCP) Hazard Operability Analysis (HAZOP) Failure Modes and Effects Analysis (FMEA)

30 Failure Modes And Effects Analysis (FMEA)
Failure modes and effects analysis (FMEA) is a step-by-step approach for identifying all possible failures in a design, a manufacturing or assembly process, or a product or service. “Failure modes” means the ways, or modes, in which something might fail. Failures are any errors or defects, especially ones that affect the customer, and can be potential or actual. “Effects analysis” refers to studying the consequences of those failures. Failures are prioritized according to how serious their consequences are, how frequently they occur and how easily they can be detected. The purpose of the FMEA is to take actions to eliminate or reduce failures, starting with the highest-priority ones. Failure modes and effects analysis also documents current knowledge and actions about the risks of failures, for use in continuous improvement. FMEA is used during design to prevent failures. Later it’s used for control, before and during ongoing operation of the process. Ideally, FMEA begins during the earliest conceptual stages of design and continues throughout the life of the product or service. Description Taken From

31 Threat Modeling: The Security World Equivalent Of The FMEA
Collaborative Visual Representations of Threats, Countermeasures, and Business Processes Determine Objectives Before Technological Choices Scenarios Around Security/Cost Tradeoffs Build a Security Roadmap

32 Conclusions Despite industry ambivalence e-pedigree is a looming issue for Quality professionals We must look beyond the technology solutions and rely upon a systems approach in order to identify and mitigate weaknesses in our supply chain As Quality professionals we can leverage our existing QMS system to press the issue: Deviations, NC, CAPA programs are just a few that can dictate, within the framework of a objective risk based system, a path to identification and mitigation

33 Thank You For Your Attention!
Bikash Chatterjee (510) x302 Mike Ahmadi (925)

Download ppt "The Shifting Marketplace"

Similar presentations

Module N° 7 – Introduction to SMS

Module N° 7 – Introduction to SMS
Gwenda Jarrett, DNV Certification 11th October 2012 © DNV Business Assurance. All rights reserved. Managing Risk through Certification IFST Western Brand.

Gwenda Jarrett, DNV Certification 11th October 2012 © DNV Business Assurance. All rights reserved. Managing Risk through Certification IFST Western Brand.
FDA’s Proposed Rule under FSMA for Preventive Controls

FDA’s Proposed Rule under FSMA for Preventive Controls
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
A Bilcare Singapore Initiative Bilcare © 2007 Privileged Information The Oxford Conference on Innovation & Technology Transfer for Global Health, Oxford,

A Bilcare Singapore Initiative Bilcare © 2007 Privileged Information The Oxford Conference on Innovation & Technology Transfer for Global Health, Oxford,
preventing counterfeit …

preventing counterfeit …
ALERT: The Basics Food and Drug Administration Center for Food Safety and Applied Nutrition.

ALERT: The Basics Food and Drug Administration Center for Food Safety and Applied Nutrition.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Introduction to the Supply Chain Risk Management Guide RPSGB, London 23 rd February 2010 Jill Jenkins - Pharmaceutical Quality Group.

Introduction to the Supply Chain Risk Management Guide RPSGB, London 23 rd February 2010 Jill Jenkins - Pharmaceutical Quality Group.
Agile and Medical Device Software

Agile and Medical Device Software
Supplier SQM Participation. 2 | MDT Confidential What is SQM? Stands for Supplier Quality Managment –Formally referred to as SPACE and SPICE Is a system.

Supplier SQM Participation. 2 | MDT Confidential What is SQM? Stands for Supplier Quality Managment –Formally referred to as SPACE and SPICE Is a system.
The Pharmaceutical Industry and ICH Q9

The Pharmaceutical Industry and ICH Q9
1 MANUFACTURING AND PRODUCTION OF BIOLOGICAL PRODUCTS (ERT 455) HAZARD ANALYSIS AND CRITICAL CONTROL POINT (HACCP) SYSTEM Munira Mohamed Nazari School.

1 MANUFACTURING AND PRODUCTION OF BIOLOGICAL PRODUCTS (ERT 455) HAZARD ANALYSIS AND CRITICAL CONTROL POINT (HACCP) SYSTEM Munira Mohamed Nazari School.
Supply Chain Management Managing the between all of the parties directly and indirectly involved in the procurement of a product or raw material.

Supply Chain Management Managing the between all of the parties directly and indirectly involved in the procurement of a product or raw material.
1 Promoting Safe Medicine With Track and Trace Systems SRC Technologies, Inc.

1 Promoting Safe Medicine With Track and Trace Systems SRC Technologies, Inc.
Iterative development and The Unified process

Iterative development and The Unified process
TEMPUS ME-TEMPUS-JPHES

TEMPUS ME-TEMPUS-JPHES
Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.

Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.
1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.

1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.
Frequently Asked Questions (FAQ) prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9.

Frequently Asked Questions (FAQ) prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9.

Similar presentations

Ads by Google