But while software tools have improved and become easier to use, integrating them into manufacturers’ existing systems can still be a challenge. The continued and widespread use of legacy systems, mixed with paper records and documents, complicate implementation of these software packages. Even when a manufacturers’ system isn’t outdated, how to integrate the software is a critical question. Further muddying the picture is the unclear future of FDA’s 21 CFR Part 11 regulations on electronic records and signatures. After issuing guidance for industry to follow, the agency earlier this year withdrew those guidelines and announced that it would re-examine Part 11 and provide clearer guidance down the road.
By many accounts, the evolution in software design has allowed an effective exchange of data between outsource manufacturers and their customers. These days, an OEM can be aware of problems in the plant almost as quickly as the service provider. Automated flagging and system-generated e-mails help companies stay informed of the latest developments. Higher degrees of automation have also enabled customers to issue corrective and preventive actions remotely.
Additionally, many packages offer customers a way to manage and archive data; some software providers offer a total turnkey solution, from installation to customizing forms to training and even data hosting. These companies provide complete transparency to users while managing the information remotely. Some software makers don’t just sell a product; they emphasize their services as well. Others, however, offer all the tools a customer needs for customization. Whatever the approach, software markers are meeting a plethora of user demands through improved functionality, ease of use and open platforms.
“There have been leaps and bounds,” said Tim Lozier, director of marketing for ETQ , a Farmingdale, NY-based software manufacturer. “Suppliers and customers are all getting involved.”
ETQ’s Reliance software offers a host of tools for managing functions such as CAPA, audits, document controls and many others. |
EtQ offers a module-based software package that manages a spectrum of issues, including corrective action and preventive action (CAPA), document control, audits and surveys, engineering changes and other significant items. EtQ Reliance, which was released earlier this year, can be integrated with many databases. Additionally, the company offers the Microsoft Office Integrator, which converts existing MS Word or Excel documents into a Reliance form to be stored in the database.
What are the dramatic changes Lozier cites? Eliminating the client-server model is one. In the past, manufacturers who implemented this kind of software had to install client software wherever users need access to QA/QC data. This meant ensuring software compatibility with each workstation and distributing it across the enterprise. With the advent of the web-based interface, employees have universal access to data repositories, audit trails, corrective actions or any other information allowed by the system administrator. Because Internet Explorer or another web browser is already installed on just about every computer, the manager of information technology doesn’t have to worry about compatibility issues or installation. As long as the data management software is configured correctly, employees can access information, from within or outside the company.
Additionally, validation is only required for the server; workstations no longer have to be validated because they are using a web interface. This helps reduce validation costs and implementation time.
Easy Access
In some relationships, it’s the OEM who provides the outsource manufacturer access to its database. The vendor is responsible for updating forms and reporting activities. Some device makers are more comfortable housing their own data and implementing the quality system. After all, relationships with outsource manufacturers aren’t always long lasting, and one device maker may contend with many different vendors so having suppliers conform ensures uniform reporting.
“Some customers allow outside vendors access to their systems, however, they typically limit this access by allowing vendors with read/view-only feature, or with limited response capability. Having this type of system in place allows for greater visibility throughout the product life cycle while increasing productivity among all parties involved,” noted Tamar June, vice president of strategic marketing for AssurX, Inc., a Morgan Hill, CA software manufacturer who also offers hosting services.
AssurX, whose CATSWeb FDA-compliant product offers user-customized forms and no limits on the number of people who may log in, developed its products using only HTML codes so even older web browsers lacking Java or ActiveX capabilities have access. The software also supports multiple web servers, load balancing and easy integration with ERP and other systems through a provided Application Programming Interface (API).
CATSWeb, which focuses on corrective action tracking, manages a broad range of issues, including manufacturing defects, product cycle times, supplier returns, exception reports and others. It features advanced security controls and time-stamped audit trails to conform with regulatory requirements.
June noted that one important features customers want is customization—with forms, scalability and accessibility. She said that today’s market requires flexible software offer flexibility that conforms to FDA standards. Products such as CATSWeb are fully compliant with 21 CFR Part 11.
AssurX provides not only software tools but also services such as data hosting. It’s a trend that some vendors say makes more sense because it removes the administrative and technical burdens device OEMs and their contract manufacturers face when implementing these systems internally. In a sense, it’s outsourcing part of the information management. While not every company is comfortable with trusting their mission-critical data to suppliers, it can make sense for those with limited IT resources or those who want to set up quickly.
Daniel Matlis, vice president of business development for Stelex-TVG, which offers a suite of products, said medical software manufacturers have evolved to provide not just software but also comprehensive services.
“The software is just one piece of the puzzle,” he said, noting that customers often want software makers to implement and validate the technology, customize forms, export legacy system data and handle many other tasks.
His company’s main product, ComplianceBuilder, was developed in response to a need stemming from the medical device industry. He said at the time there were many companies tailoring software for pharmaceutical manufacturers but few focusing on device manufacturing. Matlis added that about 40% of Bensalem, PA-based Stelex-TVG’s customers make devices.
ComplianceBuilder is an add-on system that works with real-time file or database systems and acts as a single repository for all QA/QC data. Offering features such as a fully automated audit trail, electronic signatures and validation, the package offers a file-based system that converts Word or Excel files among others. Another component integrates supervisory control and data acquisition (SCADA) and other types of control systems. ComplianceBuilder can be installed at one facility or throughout the entire company.
Because of the sensitive nature of the data, security has become an extremely important feature with any software. It’s a balancing act because on one hand programmers want to provide greater flexibility and offer numerous points of entry into the database. On the other hand, manufacturers want assurances that only authenticated users receive a clear passage. IT managers, however, need to strike a balance without having to guard the data.
NetRegulus, an Oakbrook Terrace, IL-based software company, is looking at ways of granting access using open platforms such as Microsoft’s SharePoint portal server to take advantage of portal technology. This approach requires less administrative attention because, unlike token technology, authentication is more automated. However, there are concerns whether it’s as secure as token technology.
Mark Allen, director of regulatory affairs and quality assurance, said portal technology is evolving quickly, and some customers are already inquiring about it. His company, which makes NetRegulus v6, a data management package, is studying ways to make portal entries more secure while retaining its desirable features. He said he believes portal technology will become more common and will likely be used as a layer on top of customers’ databases.
“Customers want to be able to efficiently and securely exchange data with vendors,” he added.
The current version of NetRegulus v6 offers a number of features such as compatibility with ERP and Manufacturing Resource Planning (MRP) systems on Oracle and Microsoft database environments. It can manage items such as CAPA, audits, non-conformance incidents, complaint handling and products and events tracking. Allen added that version 7 is slated for launch next year.
As device manufacturers invest in their data infrastructure and bring systems into compliance with 21 CFR Part 11, they’ll find a wealth of software tools available to help them achieve their goals. Numerous other companies such as Datasweep, Sparta Systems and Agile Software all offer flexible and compliant packages that automate tracking and handling of QA/QC issues. Future product development will help device OEMs and their outsource partners to more effectively control quality and communicate problems.