Process MappingKnowing, describing and recording what you do and how you do it is a crucial business skill and often a legal requirement. Many industries have robust Standard Operating Procedures (SOPs) and ISO frameworks that ensure compliance in regulated areas of the business. Sometimes, in our experience, the serialization, brand protection and anti-counterfeiting functions are not so process-led. This is often because they are thinly stretched. But standard business logic applies – only by reducing unwanted variation can you increase quality. Processes that are known, followed and written down will work even when someone is on vacation, calls in sick, or leaves the company. By contrast, having any pinch points that depend upon a single serialization or brand protection guru, with their beloved standalone data environment and large amount of implicit knowledge, is a business risk however experienced he or she is. The key to success in brand protection, serialization, and anti-counterfeiting teams is to use a process-driven, not person-centred, approach. Getting ready for this requires three key activities, all of which we have recently performed for customers. The themes and some example questions (you’ll have others) are:
Process mapping and discovery:How does serialization affect your organization? Do a thought experiment and map the flow of data and coded inventory from start to finish. Don’t forget your external network of third party manufacturers and logistics providers. Are they ready for FMD, DSCSA etc? How will data flow to/from them? Have their contracts been updated to reflect new requirements? Capture the processes involved in initiating, managing and changing packaging security features. Who needs to be told when you add/change a security feature? What QC processes might it affect? Do you control covert (hidden) security features under GMP or consider them to be outside that framework? Are there implications for artwork version control and packaging inventory systems? Don’t forget the tamper-evidence (t/e) requirements in the EU. If shipping US-made product into the EU before adding t/e, how will you verify that t/e has been properly applied? Look at your incident detection and management processes. Are your products counterfeited or diverted? Would you know if they were? What web surveillance do you have? Examine human factors. Criminal theory says that your own staff may be a security weak point. Map your sign-off processes, look at access rights to sensitive data etc.
Gap analysis:When you’ve written down what you do, try to figure out what’s broken or missing. Check inter-departmental hand-offs and your external supply chain for potential disconnects. Are there any hidden third party dependencies? Do you need to rationalise production lines, off-load non-capable CMOs or select and on-board new vendors? Make sure that what you think is happening is actually occurring. Don’t limit this to a minimal “Are we compliant with the law?” approach. Think “How could a criminal copy this feature, access my serialisation codes, disable or spoof my systems, or bribe my employees?” Be honest with yourselves. All companies have gaps – we can help you to spot them and to compare yourselves to industry best practice. Knowing you have issues is better than hoping you don’t.
Solution design:You may just have to amend a few SOPs or re-define a contract here and there. You may need to design some new processes and convince colleagues to change the way they do things. We can help with that – sometimes an external voice gets heard more quickly. Quite possibly, you may need to select new vendors or install brand protection management software. If you haven’t started FMD / DSCSA compliance then you’ll need to run to catch up. We can provide full project support to help you sort out serialization and tamper-evidence.