For Life Science Professionals

David Ade

Remote Audit: Out of Sight but Not Out of Mind
by David Ade, Customer Success and Reference Manager, MasterControl, Inc.



Jan 31, 2013 | Free Downloads | email | Print

Share This Article






Note: The views expressed in this article are those of the authors and do not necessarily represent those of their respective employers, GxP Lifeline, its editor or MasterControl, Inc.
This article was first published in the July 2012 edition of Quasar, the membership magazine of BARQA (British Association of Research Quality Assurance).

In life science and other regulated environments, audit is necessary to comply with regulations and to ensure the quality of products. Regulated companies recognize not only the importance of audit, but the value of frequent audits. However, in these economically challenging times, frequent on-site audits can be costly.

Fortunately, it is now possible to conduct an audit without being physically present at the facility under audit. The development of web-based systems, video conferencing and desktop share technology allows auditors to see information from virtually anywhere in the world.

This practice has many names: virtual audit, online audit, desktop audit, or remote audit. For this article, let us call it 'remote audit'. The purpose remains the same: the auditor and the auditee do not have to be at the same location. With remote audit, an auditee can be 'out of sight', but not out of the auditor's mind. In fact, conducting remote audits is proving to be a viable option for companies that not only need to comply with regulations, but also need to reduce the cost of the audit process.

Remote audits are generally considered more suitable for first-party audits (conducted internally by a company) and second-party audits (conducted by a customer) that involve low risk processes.

Audit in Regulated Industries

Audit requirements can be found in a number of regulations and standards, including: the EMA's Directive 2003/94 EC (e.g. article 14 talks about self-inspections or first-party audits as part of the quality assurance system); ISO standards (e.g. ISO 9000, ISO 13485); ICH Q9 Quality Risk Management Guidance; ICH Good Clinical Practice guidelines and U.S. FDA regulations (e.g. 21 CFR 820.22 for medical device manufacturers and 21 CFR 211 for pharmaceutical companies).

Given these requirements, the regulated company must be inspected or audited by regulatory authorities. These requirements extend to the inspection and auditing of the company's contractors and suppliers to ensure that they are also in compliance for the products or services which they are required to provide. In addition, the regulated company may also be audited by its customers for the same reason (compliance).

Remote Audit

Regulated companies conduct and also undergo any or all of these types of audits: first-party audit, second-party audit and third-party audit. But not all audits are created equal. Therefore, not all audits can or should be performed remotely. Remote audits should be based on risk.

Third-party audits, which are conducted by regulatory agencies or independent bodies, are generally not done remotely. Inspectors not only want to review documents, but may require a physical inspection of the company's systems, facilities and equipment; in some cases, inspectors may want to observe personnel performance.

Remote audits are generally considered more suitable for first-party audits (conducted internally by a company) and second-party audits (conducted by a customer) that involve low risk processes. This article will focus on how to support these types of audits.

EDMS and Remote Audit

An Electronic Document Management System (EDMS) can be an effective tool in supporting remote audits. Using EDMS helps reduce the cost and burden of supporting a remote audit by providing secure links limiting the access of the remote auditor only to pertinent documents.

The advantage of secure links is that they offer a number of alternative viewing options, such as prohibiting the printing of documents, or in circumstances where printing is not prohibited, watermarks, headers and footers can be configured to mark the document 'confidential', or assign an expiration date to the document.

Is remote audit possible for companies without EDMS? Perhaps, but with a certain level of difficulty. For a start, a company that relies on paper documents will need to scan voluminous documents just to enable them to be presented remotely to the auditor. The quality and readability of the scanned documents might also be an issue.

MasterControl Experience

At MasterControl, we are frequently audited remotely by customers and have conducted internal audits remotely. Our quality and compliance software is designed to facilitate and streamline both on-site and remote audits. Audit, as a key quality process, is an integral part of what we do as a business.

The core of our customers belongs to life science, manufacturing and service-oriented industries throughout the world. They comply with some of the most rigorous regulations and standards that exist today. A majority of our customers have audited us remotely and we have been able to support these audits by allowing controlled access to our documentation.

In accordance with industry practice, a company that is about to purchase MasterControl software may want to audit us to ensure that we, as a company, not only meet the customer's standards and compliance requirements, but are able to demonstrate this to regulatory agencies. The purpose of the audit is to assess and evaluate our policies, procedures and processes in order to assist the company in making its ultimate vendor selection. Follow-up audits may also be periodically scheduled as part of the company's corporate policy and vendor oversight programme.

In practice most companies that audit MasterControl submit a list of detailed questions about our processes: our quality system, CAPA process, our SOPs, manuals, etc. Based on our response, the company will determine if it needs to do an on-site audit or not.

Over the years, MasterControl has prepared all the information that an auditor usually asks for in a single document. Within this document, we provide secure links from our EDMS to policies, SOPs and other information. With just one click, the auditor will be able to view the latest policies, procedures and other documents they require. Web-based technology allows the entire audit process to be conducted remotely. No need to travel. No need to spend unnecessarily (resource or expenditure) on conducting an on-site audit.

If additional information is needed, a video conference can be scheduled to answer any additional questions.

A similar process is replicated when MasterControl conducts an internal audit of its own quality system. MasterControl has offices in both Europe and Asia. Recently, our office in Basingstoke, England performed a remote audit of the company's departments based in the corporate headquarters in Salt Lake City, Utah. With remote audit, the distance of 7,799 kilometers (4,846 miles) between the two offices was not an issue. The company was able to effectively conduct the audit, and save considerable time, effort and money in the process.

Conclusion

Is remote audit the wave of the future? Absolutely. It's the future for conducting first-party and second-party audits of low-risk processes that consist of documents, forms and records that can be reviewed from a desktop. Remote audit is a convenient, fast and cost-effective method of establishing compliance, making it suitable for follow-up and regular audits.



David Ade is the Customer Success and Reference Manager at MasterControl Inc. He has served as the company's Quality Manager and currently assists in overseeing MasterControl's quality system. He has also served as a Product Manager, specialising in training and validation products. He has over 17 years of quality assurance and IT experience in the life science industry. MasterControl provides software and comprehensive services (consulting, education and training, validation, implementation and project management, integration, hosted, technical support and configuration) to regulated companies world wide. The company has corporate headquarters in Salt Lake City, Utah; offices in both Europe and Asia; and international partners and resellers in Japan, South Korea, Thailand and the Netherlands.


Share This Article





Watch Related Videos


Download Free Resources
Product Data Sheet: MasterControl Audit Essentials™
Product Data Sheet: MasterControl Audit™
Product Data Sheet: MasterControl QE Audit
White Paper: Quality Audit - A Tool for Continuous Improvement and Compliance
White Paper: The Top 5 Benefits of Electronic GLP Audit Management