Insights

Harmonized Structure (HS) succeeds the High Level Structure (HLS)

20 Aug 2021

At Pauwels Consulting, we are experts at implementing management systems (ISO 9001, ISO 14001, ISO 45001) in different companies and organizations. So, when we heard about the successor of the High Level Structure (HLS), the Harmonized Structure (HS), we were enthusiastic. Now our consultants can help you even better. Haven’t you heard of High Level Structure yet, or are you interested in the benefits of Harmonized Structure? Luc Marivoet, one of our QHSE experts, tells us everything there is to know about this new standardized way of drafting ISO standards.

Hi Luc. Please remind us: what is the High Level Structure exactly?

Luc: Remember the time when we used to work with various management systems (ISO 9001, ISO 14001, …) which were different in terms of terminology and structure? Well, that changed in 2012, when a set of core elements was introduced to ensure these management systems would follow the same structure: the High Level Structure. Thanks to this set of 10 universal sections, it is much easier for companies to integrate different management systems.

And now the High Level Structure has a successor?

Luc: Yes, indeed, the Harmonized Structure has replaced the High Level Structure in May 2021. That means that from now on, the Harmonized Structure will be used for drafting new ISO management system standards and future revisions of existing ISO management system standards.

Interesting! What exactly is new in the Harmonized Structure?

Luc: You’ll be relieved to hear that the core elements of the High Level Structure remain the same for the Harmonized Structure. In essence, the change is mostly about a few clarifications and nuances that have been introduced. I’ll give you a quick overview per chapter:

  1. Scope – From now on, ISO management system standards should also specify the intended result of the implementation of specific management systems like ISO 9001, ISO 14001 and ISO 45001.
  2. Normative references – Nothing has been changed here.
  3. Terms and Definitions – The terms and definitions should be integrated into all ISO management standards.
  4. Context of the organization – §4.2 Understanding the needs and expectations of interested parties – You can now decide for yourself or consciously determine which requirements and expectations of interested parties you’ll establish in your management system. Of course, you still have to comply with the applicable statutory and regulatory requirements.
  5. Leadership – This chapter was also left unchanged.
  6. Planning – Planning of changes (§6.3) will become a common requirement for all ISO management system standards.
  7. Support – Documented information (§7.5) has been given a more neutral approach. The distinction between ‘retaining’ and ‘maintaining’ information disappears.
  8. Operation – Everything remains the same here.
  9. Performance evaluation – Nothing has changed in this chapter either.
  10. Improvement – The Harmonized Structure puts more emphasis on proactively initiating improvements rather than identifying possible improvements from a preventive nature.

Does this mean that we can also expect a revision of ISO 9001:2015?

Luc: No, and that is surprising, considering a new version of ISO 9001 has been published approximately every 7 years since ISO 9001:1987. That means the review process is normally initiated every 5 years. So why hasn’t the process been started yet? Well, a survey revealed that most users were in favor of leaving ISO 9001:2015 unchanged. After all, the structure of ISO 9001:2015 is well put together and not outdated. A revision simply wouldn’t provide added value.

I do have to add that it probably won’t take another five years to initiate the review process. Standing still is going backwards, after all! As of now, all eyes are on 2023 to start the process, which means we can probably expect the new ISO 9001 version in 2025 or 2026.

Can we expect any other ISO-related updates?

Luc: Well, we already know the ISO 14001:2015 won’t get a revision either this year. But we do have more exciting news about another standard: ISO/TC 283, the ISO technical committee responsible for the on-going development of ISO 45001, has recently launched the 2021 ISO 45001 user survey. The questionnaire gauges what sections work well and which ones still need improvements, like parts that might be too difficult or onerous, or not profound and thorough enough. Additionally, the committee wants to know where adjustments might be needed to reflect the changing world of work.

Why is this 2021 ISO 45001 user survey so significant?

Luc: It is significant for two reasons. Mainly, this is the first time this many organizations can provide feedback on ISO 45001, as the transition from OHSAS 18001 to ISO 45001 has finally been completed and many organizations have now fully implemented this standard. Secondly, ISO will start to consult national standards bodies regarding a possible revision of the standard. That means they need to know what areas of the standard would need to be improved during a revision. Do you want to contribute to this revision, or do you feel that ISO 45001 doesn’t need a revision yet? You can fill out the 2021 ISO 45001 user survey here: https://www.smartsurvey.co.uk/s/TFN8IQ/.

Thank you for this update, Luc. Where can people find you if they need more information on the transition from High Level Structure to Harmonized Structure, and all things ISO management standards?

Luc: You can reach me directly at luc.marivoet@pauwelsconsulting.com or through contact@pauwelsconsulting.com. Don’t be shy and mail me with any questions. Glad to help!

Luc Marivoet

Who is Luc Marivoet?

Luc Marivoet is QHSE Manager at Pauwels Consulting. He has worked in quality management for over 30 years. As a Senior QHSE Consultant, he uses his experience on various projects for international Engineering and Life Sciences companies for the implementation, monitoring and follow-up of ISO 9001 (quality) and ISO 45001 (health & safety) management systems. Luc also teaches QHS Management Systems (ISO 9001 and ISO 45001).

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

From strategy to implemented data governance framework

03 Jul 2020
Once you have worked out a strategy to ensure the data integrity of your products, it is time to convert the strategy into a practical data governance framework and implement it.

How do you go from a strategy to an implemented data governance framework?

Nathalie: Normally you have already taken the first step during the preparation of your strategy. Researching all existing SOPs and current practices within your company. You can benchmark your results against the industry best practices and regulations you need to comply with. This is the starting point from which you can proceed.

Review all current procedures and practices

Talk to your employees: how do the systems, devices or applications work, what data do they generate, what is the input, what is the output, ask for manuals, what are the current procedures and processes, check your employees’ knowledge of data integrity, see if there are any data risks, etc. Involving all operational colleagues from the start leads to greater commitment.

Determine the data domains

The next step is to determine the data domains applicable within your industry. This can differ from sector to sector e.g. customer or product data domains. Within these data domains, are data elements such as systems and applications that generate important reports and essential data or describe business methods. In doing so, you look for what is critical and important to your business.

Inventory all systems & devices

Inventory all devices and systems that generate data, assign a data domain and categorize according to the GAMP classification or similar (sufficient for an audit!) and describe why you choose that category.

What is the GAMP classification?

Nathalie: The GAMP guidelines (ISPE, good automated manufacturing practices) are guidelines for validating automation systems. They help you draw up the documents needed to validate the systems and to guarantee the quality of these systems. The latest version is the GAMP-5 which focuses on risk control and better quality management. These GAMP 5 guidelines describe the boundaries of the categories into which all systems can be categorized.

  • Category 1: Infrastructure software: these are usually operating systems on which applications are installed (Windows, Linux, custom, …). These operating systems are qualified but not validated, it is the applications that are validated.
  • Category 2: Standard software that is not configurable: also called ‘off-the-shelf-software’. This software can be easily installed and does not need to be adapted to your business needs. This category also includes software that can be configured but has a standard configuration in your company.
  • Category 3: Configurable software: these are software applications that are configured according to your specific business needs. This is the largest and most complex category to validate.
  • Category 4: Tailor-made software: these are software packages written from scratch especially for your company.

The choice for a GAMP classification or similar categories depends on the industry and the devices & systems in your company. The GAMP-guidelines apply to the pharmaceutical sector. If you work within a non-pharmaceutical sector, you are not required to use the GAMP categories. Then you can also rely on the USP classification:

  • standard equipment with no measurement capability or usual requirement for calibration, where the manufacturer’s specification of basic functionality is accepted as user requirements. Conformance of Group A equipment with user requirements may be verified and documented through visual observation of its operation. E.g. a simple pipette.
  • standard equipment and instruments providing measured values as well as equipment controlling physical parameters (such as temperature, pressure, or flow) that need calibration, where the user requirements are typically the same as the manufacturer’s specification of functionality and operational limits. The conformance of Group B instruments or equipment to user requirements is determined according to the standard operating procedures for the instrument or equipment and documented during IQ and OQ. Examples of equipment in this group are melting point apparatus, pH meters, thermometers,…
  • Group C includes instruments and computerized analytical systems, where user requirements for functionality, operational, and performance limits are specified for the analytical application. The conformance of Group C instruments to user requirements is determined by specific function tests and performance tests. Installing these instruments can be a complicated undertaking and may require the assistance of specialists. A full qualification process, as outlined in this document, should apply to these instruments. Examples of instruments in this group include the following: high-pressure liquid chromatographs, mass spectrometers,…

Mapping the data process flow

Mapping the data process flow is part of good data lifecycle management. All phases (5) of the data lifecycle, from initial data creation, capture & registration to processing including transformation or migration, review, reporting & use, retention & retrieval, and destruction, must be controlled and managed to ensure accurate, reliable and compliant records and data.

data lifecycle

The data process flow is a visual representation of how data flows through the processes and systems of the company (input, output, storage points and routes between two ‘destinations’). This flow must be documented in a ‘data audit trail‘, a log file of everything that happens and may affect the final product (as determined by the risk assessment).

Need help with implementing your data governance framework?

Our team of Data Integrity Experts is happy to help.

Create a data integrity questionnaire

A questionnaire can vary between 50 and 100 questions. Keep in mind the commitment of your company and the type of equipment when drawing up the questionnaire, e.g. you cannot make the same demands on a computer as on a thermometer. The security of the computer must be much better and the data output is different. Make sure your questions cover the full scope!

The FDA prepares an annual paper with the minimum requirements to be followed. In addition, your questionnaire must comply with the ALCOA(+)-principle and it can be useful to take into account the interpretation or focus of the auditors. Place the focus wherever they do. It is not so bad if the questionnaire is not perfect to start with, you can make adjustments along the way.

Examples of questions:

  • Attributable: is the source of the data defined? Is the data owner documented?
  • Legible: is the data always accessible to the authorized persons? Is the data centrally stored & managed?
  • Contemporaneous: is a timestamp registered?
  • Original: is the original data stored? Are adjustments logged in the data audit trail?
  • Accurate: is this the correct data (error-free)?

Perform the GAP assessment 

Test each device, system or application against the questionnaire. Based on the answers you can determine where the GAPs lie between the current status and the desired status.

Perform a risk analysis 

Assign a risk level to the GAPs based on these risk factors. Not every GAP is a point of action or issue. Based on the risk analysis you determine priorities for the remediation phase. Normally, low degree risks are acceptable, there is no obligation to take further action. It is up to your company to determine how strictly you handle data integrity.

Use a risk scale of 1-10 or 0-100 and take 3 factors into account:

  • Degree of severity: Consider the worst possible consequence of failure due to the degree of injury, property damage, system damage and corporate reputation loss that could occur E.g. 1 (low) – 5 (very high).
  • Occurrence: How many times did the GAP occur and what is the ‘probability’ that the GAP will occur, e.g. 0 (technically not possible to occur) – 4 (certainly possible).
  • Detectability: also called ‘effectiveness’, is a numerical subjective estimation of the effectiveness of the controls to prevent or detect the cause or malfunction before the malfunction reaches the customer. E.g. 1 (will be detected during production) or 4 (there is no detection mechanism).

The remediation phase

Work out technical solutions to solve the risks, allocate resources, adjust data ownership if necessary and rewrite SOPs to eliminate GAPs. There are three types of controls: technical, procedural & behavioral. You should always start with the technical checks during the remediation phase. Determine short, mid and long term actions. These adjustments should lead to better control over the process, the GxP data or systems.

Mid-term checks for high data integrity risks can be:

  • Additional data oversight
  • A second witness of the data registration
  • Checking the audit trail
  • Restricted management of user access
  • Adjusting operational procedures

Introduce procedural controls to establish general data integrity requirements:

  • Archive
  • GdocP
  • Backup/recovery processes

Technical checks to ensure data security:

  • Badge limited access
  • Unique ID/password
  • Audit trail
  • User access management

In addition, electronic data is certainly more reliable and easier to check than paper-based data. Also, try to avoid a hybrid system of electronic data & paper documents. Switch to the digitization of data as much as possible.

Remediation actions must be defined, documented and followed up in accordance with the company’s CAPA and risk management procedures.

Follow-up phase

Once all solutions have been implemented, a new risk assessment will be necessary to ensure that the expected residual risks are acceptable. You perform this risk assessment on a regular basis to ensure that data integrity can be guaranteed and that you are prepared for data integrity audits.

A risk-based and pragmatic approach

In order to address the growing need of the industry to implement data integrity in a smart and efficient way, Pauwels Consulting has developed a unique data governance program. The program combines a thorough pre-assessment with subsequent transition according to the well-known PDCA cycle. GAP assessments and associated actions are carried out in parallel across each department with continuous feedback loops and include alignment of all DI-related documentation (e.g. URS, data handling procedures, etc…).

Our risk-based and pragmatic approach embeds strong leadership and proper behavioral management. It is designed to achieve and sustain DI cultural excellence across the entire organization. Proper training is crucial so our Data Integrity team has compiled a variety of training modules that can be tailored to achieve these goals, together!

 

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

Reboarding your employees and team

02 Jul 2020
During and after every crisis there is uncertainty and anxiety. Even among your employees or colleagues. Working from home has an impact: limited social contact, little oxytocin (cuddle hormone) to combat stress and creating new habits. That's why reboarding is crucial.

It takes about 21 days to learn new habits but it takes at least as long to get rid of them. So you can’t expect your employees to ‘just’ pick up their traditional working life again. That’s why reboarding your employees and an action plan is important! (Source:Voka)

Personal support

In recent months, everyone has been forced to change their work and private routines. This could have led to a lot of stress or worries. On the other hand, some people have been confronted with, for example, loneliness or illness. This is where reboarding comes in. It is your job to reassure employees, inform them well and stimulate team spirit.

The same goes for a colleague who returns after a depression, burn-out, personal loss, long-term unemployment or illness. It is your job to provide personal follow-up for these employees, whether or not in cooperation with HR, Mensura or another welfare service. Schedule daily, weekly and monthly 1-on-1 follow-up interviews to follow up the person and address issues in a timely manner. Proper reboarding of your employees pays off in the long run and reduces the risk of a relapse.

Initially, some flexibility towards working from home / in the office is necessary. Many employees have enjoyed the benefits of working from home. Don’t just refer teleworking to the proverbial bin upon return, but be open to continue to allow homeworking for those who feel good about it. Discuss this topic with your colleagues and create guidelines. If your employees are teleworking full-time, it can seem difficult to manage a remote team. But that doesn’t have to be the case, read our useful tips on leading a remote team.

reboarding remote team feedback follow-up

Organisational focal points

Are there things to take into account when restarting your activities or reintroducing employees to the workplace? What questions will your employees have? Prepare yourself by collecting information and creating a (digital) information package:

  • Holidays & holiday allowance
  • Consequences of refusing to work
  • Child care, (corona) parental leave, educational leave, sick leave, job application leave,…
  • Extra-legal benefits e.g. compensation for teleworking
  • Temporary employment, part-time work or unemployment
  • Early retirement
  • Hospitalization insurance
  • Contact details of HR, an internal confidential counsellor and the internal prevention service, but also of partners such as Mensura, the social secretariat, your insurance company, a trade union,…

Make sure the information available for everyone on an intranet or other communication tool. In addition, it is important to support the employee with a reboarding plan, to help him/her with the paper mill and to provide the necessary documents.

Ensure a safe and stimulating environment

When reboarding after a pandemic, returning to the office can be difficult to facilitate, so which office prevention measures are best to take?

  • use safety screens
  • create sufficient distance between seats in work and dining areas;
  • inform your employees about hygiene & safety measures at work: use awareness posters, use stickers or make a short video;
  • hand out mouth masks;
  • make sure anti-bacterial hand gels and disinfection spray is available;
  • keep frequently used doors open and optimize the flow throughout the office;
  • limit the use of meeting rooms;
  • encourage homeworking: provide your employees with quality hardware & good communication tools to telework without worries.

When reboarding an employee after e.g. sick leave or long-term unemployment, it can be nice to provide the employee with extra training to catch up. So that they can get back to work confidently and with the necessary knowledge.

Appointing a buddy to someone who recently started after a long absence can help minimize stress or anxiety. The buddy re-introduces & guides this person, but can also act as his/her internal confidant.

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

What’s the best way to lead your remote team?

02 Jul 2020
We all worked massively from home during the corona crisis and now that life is getting back to 'normal', voices are rising to transform the traditional work schedule and provide more time for teleworking.

This means that as a team leader you have to coach a team remotely. That may seem like a difficult challenge, but it doesn’t have to be. We have some tips to make remote working & leading a remote team, a success.

Your remote team & the daily operations

  • Schedule a daily status meeting with your team via video call (preferably). The purpose of this meeting is to discuss the progress, explain what you will be doing that day, give feedback and check if your team is experiencing issues.

You can use a Kanban board to keep an oversight of tasks, deadlines and who will be doing what: ‘incoming requests’, ‘scheduled for this week’, ‘in progress’, ‘paused’, ‘waiting for feedback’, ‘task completed’ and ‘canceled’. This should not feel like a ‘control moment’ so don’t reprimand your team members for not completing a task (without a deadline).
You can use a project management tool like Monday, Trello or Wrike, but a Google spreadsheet or calendar is also possible.

  • Schedule a 1-on-1 video call if you feel that your employee needs the extra feedback. You should consider these individual conversations as ‘sacred’ and don’t just cancel them.
  • Communicate! It goes without saying that you should keep regular contact with your team members. There may be feelings of loneliness, insecurity or isolation. So use video calls as often as possible.
    • working from home gifAlthough e-mail is an efficient channel, it can also lead to confusion or frustration. Therefore, be sure to use video calls for a complex assignment or message.
    • Organize a digital Friday evening drink, pizza lunch or a coffee and a half-hour on Monday to have a chat, just like you would in the office.
    • Communicating and motivating can also be done via GIFS or memes, which are ideal for communicating emotions and are fun to watch.
  • Be open to transforming the traditional ‘9 to 5’ into flexible working days and discuss this with your colleagues. It goes without saying that working from home can involve an adapted work schedule, e.g. you take a two-hour lunch break to do the shopping, you start much earlier because you are not in a traffic jam, the children have to be picked up at 4 pm, you work more productive in the evening because you are less disturbed by the baby, etc.Make clear agreements with your employees about what you expect from them in terms of accessibility, tasks and deliverables.
  • Focus on results, not on how they got them. It is not possible to control every aspect of teleworking. There is no need for you to do this. Therefore, focus on results and not on the number of hours worked or activities.
  • Make sure that your remote team does not become too big. If that is the case, you can split up into smaller teams according to functions/department/skill set/… A smaller team can act swiftly and is more efficient.

Communication tools

As an employer, invest in quality hardware for your employees that they can take home with them: laptop, laptop bag, extra screen, extra keyboard, mouse, docking station, desk material, etc.

Provide your colleagues with good communication tools such as Microsoft Teams, Slack, Google Hangouts, Zoom or Skype, which stimulate collaboration. In addition, it is important that you invest in up-to-date software in order to work more productively: e-signing for contracts, a CRM/ERP package, intranet, time registration, etc.

Create communication channels for teams or departments to enhance the group atmosphere e.g. a fun channel and a business channel.

Would you like to brainstorm? Then you can use tools such as Mural, Miro, Google Docs, the drawing function in One Note, FunRetro,…

Involve your IT department. Ask them which applications are possible and if a support chat can be set up? So that employees with IT problems can be helped quickly and focus on their core business.

Creating enjoyable workspaces 

If your employees work from home, it is important that they have a comfortable spot where they can work productively. It’s your job to encourage your colleagues to create a workplace thatsparks energy. What does a good home office look like?

  • It’s quiet.
  • working remotely - remote teamsThere’s a lot of greenery: plants in the workplace make your employees 15 to 19% more productive, according to research. Your concentration increases and greenery in your workplace makes you happier.
  • A good screen at eye level.
  • Good light, close to a window or with good lighting. Tilt the screen away from the light to minimise backlight. Preferably, don’t sit in front of the window as this can cause glare.
  • It is important to have sufficient fresh air, this stimulates concentration, so open a window or go for a walk during breaks.
  • Ideally, you should have a sitting or standing desk! Do not crawl into bed with your laptop or sit at the coffee table, this is bad for your posture.
  • Try to maintain a clean desk policy, especially if you have a small desk or when you are sitting in your living room.
  • Inform your employees about ergonomics:
    • Raise your screen with a box or pile of books (watch out for overheating).
    • Choose a quality chair, and if necessary, use a cushion for a better fitting backrest.
    • Keep your feet flat on the floor. Is your office chair too high? Then you can support your feet with a box or tray.
    • Stand up every 20-30 minutes, stretch or walk around the house: movement is healthy, sharpens your focus and helps your body to reduce stress hormones (stroking pets also helps).

feedback

  • Encourage your employees to take a break now & then to keep their concentration sharp. At the office, your day will break by itself, you will see someone in the corridor or talk to a colleague in the coffee room. After a meeting, you walk back to your desk, which is like taking a break. Maybe you have lunch with your colleagues every day. You probably don’t do these things at home, so it is important to schedule a break. Go outside for a while or do something fun. (source: Frankwatching)

Not only setting up a remote office is important, but also making a remote work schedule. It can be good for your employee to draw up a work schedule in which work time and breaks are planned. This makes it easier to have clear arrangements with your family about family time.

Do you need to hire someone for your remote team?

Then there are a number of things to take into account when screening candidates for your remote team:

  • Can-do mentality: recruit people who are doers. You don’t have to give doers any tasks, they look for ‘work’ themselves or know what they have to do and carry it out. The only thing you have to do as a manager is to focus on leadership and providing guidance.
  • Reliability: recruit people you can trust so you don’t have to worry about what they are doing.
  • Look for people with a gift for writing: working remotely means communicating a lot via e-mail or chat. That’s why language skills and the ability to express yourself is an added value.
  • Recruit people who feel good about working from home and don’t mind having less direct collegial contact.
    (Source: Zapier)

Some extra advice when hiring: appoint a ‘buddy’ to your starter to ensure a good follow-up the first days.

 

Do you need support in finding new people for your remote team?

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

Best practices & pitfalls for implementing a data governance program

26 Jun 2020
Data governance programs must be an integral part of the pharmaceutical quality system and are a fundamental part of the company. What are the pitfalls & best practices from which we can learn?

These following weeks, our Data Integrity Expert, Nathalie Wellens, will explain the concept of data integrity, its evolution, data governance strategies or programs, how to implement a data governance framework in your company and remediation solutions.

Nathalie, which best practices can you share with us?

  • Management engagement is crucial: top management needs to understand and support the concept of data governance. If this is not the case, the program is at risk because insufficient budget, time and resources are allocated. In addition, success is not guaranteed in the long term.
  • Introduce the program with as little disruption to the normal course of business as possible. Instead of forcing employees to perform new tasks, it may be wise to build on existing roles and responsibilities. Otherwise, there is a risk that the program will not be ‘accepted’ by your employees. Data owners are recognized for their relationship with the data, which reinforces their commitment.
  • Vision and training is important. Demonstrate what the added value of data governance can be for someone’s job and how it can help that person do a better job. Emphasize the importance of their contribution and that they are an important part of the data governance program.
  • Benchmark your data governance program with industry best practices. This can answer the question ‘Is my company ready for this?
    • What are you currently doing in support of the best practices?
    • Where can you make optimizations in relation to these best practices?
    • What is the gap between what your company does and the best practice?
    • What is the risk of this gap?

This process can help your company to draw up a list of risks and ‘quick fixes’. The benchmark can be an action plan to address the pain points of your current data integrity plan.

  • Get rid of bad data circulating within your company. Bad data is:
    • inaccurate: the data has spelling errors, missing information, empty fields,…
    • non-compliant: the data does not comply with legal standards.
    • not checked: data that cannot be continuously monitored cannot be used.
    • unsecured: data vulnerable to hacking or breaches.
    • static: data that is never updated becomes outdated and cannot be used.

If your business strategy is data-driven, bad data can lead to bad decision making. The same goes for product quality.

  • Document and measure your data governance efforts. Define basic KPIs to evaluate the success of the strategy and your efforts.

 

Nathalie, can you identify some pitfalls we need to watch out for? 

Certainly, a common pitfall is the assumption that data governance is a project that needs to be assigned to the IT department. Data circulates throughout your company, not just the IT department. It is important to have representatives from all departments in your Data Governance team.

In addition, data security should not be confused with data governance and it should not be assumed that this is only a topic for IT service providers, multinationals or data warehouses. Data has several sources, it can be digitally recorded and stored in the cloud, but it can also be written down on paper and stored in an archive.

Sometimes there is an assumption that data governance stops once all remediation actions have been performed. Of course, this is not the case, data governance and data integrity is not a one-off project. The amount of data that is generated and the way in which we deal with it continues to evolve. It is therefore important to ensure that the data governance framework is correctly applied and regularly evaluated.

(Sources: Varonis & Talend)

Need help to implement your data governance program correctly?

Our experienced Data Integrity experts would be happy to assist you.

A risk-based and pragmatic approach

In order to address the growing need of the industry to implement data integrity in a smart and efficient way, Pauwels Consulting has developed a unique data governance program. The program combines a thorough pre-assessment with subsequent transition according to the well-known PDCA cycle. GAP assessments and associated actions are carried out in parallel across each department with continuous feedback loops and include alignment of all DI-related documentation (e.g. URS, data handling procedures, etc…).

Our risk-based and pragmatic approach embeds strong leadership and proper behavioral management. It is designed to achieve and sustain DI cultural excellence across the entire organization. Proper training is crucial so our Data Integrity team has compiled a variety of training modules that can be tailored to achieve these goals, together!

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

Developing a data governance strategy for your company

18 Jun 2020
A data governance strategy is also sometimes referred to as a data governance framework or program. Data governance provides formal management of records and data throughout the data lifecycle.

It includes the people, processes and technology needed to achieve consistent, accurate and effective data processing. Data governance systems must be an integral part of the pharmaceutical quality system and are a fundamental part of the company. It must cover the following aspects: organization, control, supporting processes, business processes and IT architecture & infrastructure (Source: ISPE GPG Data Integrity – Key concepts).

data governance strategy

These following weeks, our Data Integrity Expert, Nathalie Wellens, will explain the concept of data integrity, its evolutiondata governance strategies or programs, how to implement a data governance framework in your company and remediation solutions.

Nathalie, why is it important to have a strategy in place?

  • It protects the data against cyber attacks, data breaches or infractions.
  • Centralised systems and standardised procedures decrease your data management & data governance costs.
  • Increases the ROI of a data analysis.
  • Modern business is driven by data. Using this data for better decision making and improved communication, can in turn lead to a competitive advantage.
  • It makes it easier to comply with regulations.
  • Relieves the workload of the IT department to protect all data.
  • It allows you to better prepare for audits.

There are many advantages to implementing a framework, but of course, there are also a number of downsides or challenges.

Data governance requires a company-wide mandate to implement the framework, it requires resources and especially time from your employees. Make sure that this investment pays off.

It is part of a broader quality and risk policy. This means that the different teams, processes or procedures need to be aligned with each other. In addition, change is sometimes difficult, invest sufficient time in sensitizing, motivating and training your employees.

Keep in mind that a framework must remain flexible and simple for ‘users’. If procedures or processes hamper business efficiency or work activities, they need to be adapted. Moreover, it can be difficult to select the right technologies and tools. Get professional support or use resources like Gartner and ask for references.

How to set up your data governance strategy?

  1. Research all current data governance practices within your company and the regulatory framework

It’s quite possible that there are already data governance practices within your company e.g. in the IT department. Compare the status of current efforts and the required regulatory framework. Let this report be a starting point to determine your strategy and write a business case.

The different regulators may have varying views on some aspects of Data Integrity compliance, but they all pay attention to these general topics:

  • Organization
  • Data lifecycle
  • System lifecycle
  • Audit trail
  • Security & access control
  • Date & time indication
  • Contractor / Vendor / 3rd party

Write a comprehensive business case about the necessary resources, procedures, processes, time, costs but also what the ROI of the effort will be (savings). This will create a financial ‘value overview’ that can be used when pitching your data governance strategy to your management. Align your data governance strategy with your business strategy, IT strategy & quality standards.

2. Assign data governance roles

The basis for each program is to define business roles and responsibilities. The goal is to set up an enterprise-wide governance structure. Not all roles are necessary, so choose a structure that works for your company.

  • The Chief Data Officer is responsible for the data governance strategy.
  • The Data Owner bears direct responsibility for the data. This person must have knowledge of the device, application or system. He/she is also closely involved in the protection of data integrity. In addition to these ‘operational’ data owners, you can also appoint ‘tactical’ data owners. They are responsible for a domain or topic and must facilitate communication with stakeholders.
  • The Data Steward ensures the correct implementation and enforcement of the procedures and is responsible for the training courses.

The data governance committee draws up the policies and procedures together with the stakeholders. Data governance requires a top-down approach, think of this when composing the committee (Source: Dataversity).

3. Develop a Roadmap

Create a document with the different phases of the strategy implementation. Each phase describes precisely what needs to be done and who carries what responsibility. In addition, determine the timing for each phase of the implementation.

4. Determine the control measures

It is important for companies to maintain control over the data governance program. It should be taken into account that a data governance program is not a one-off activity. It is an ongoing program that needs to be continuously evaluated & adjusted. The control measures include factors such as defining automated workflow processes, collecting feedback on those processes and applying the processes to the governance structure.

5. Roll-out of the framework and evaluation

Now it is time to implement the complete framework and let all procedures & processes take effect. The Data Governance team makes sure that the program is effective and meets the predefined requirements. Use the set KPI’s and control measures to assess the program.

Need help in developing a solid data governance strategy?

Our experienced Data Integrity experts would be happy to assist you.

A risk-based and pragmatic approach

In order to address the growing need of the industry to implement data integrity in a smart and efficient way, Pauwels Consulting has developed a unique data governance program. The program combines a thorough pre-assessment with subsequent transition according to the well-known PDCA cycle. GAP assessments and associated actions are carried out in parallel across each department with continuous feedback loops and include alignment of all DI-related documentation (e.g. URS, data handling procedures, etc…).

Our risk-based and pragmatic approach embeds strong leadership and proper behavioral management. It is designed to achieve and sustain DI cultural excellence across the entire organization. Proper training is crucial so our Data Integrity team has compiled a variety of training modules that can be tailored to achieve these goals, together!

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

How can a company comply with data integrity guidelines?

12 Jun 2020
The basic thought is clear: collect, process and store your data in a complete, consistent and accurate manner. That may seem simple, but it is not. Following the ALCOA+ principles or developing a data governance strategy can help.

How often does it happen that there are multiple copies, that the original document is overwritten or that errors occur during the collection of data? There may even be a data breach without anyone knowing about it. These practices can lead to polluted and outdated data, compromising data integrity.

These following weeks, our Data Integrity Expert, Nathalie Wellens, will explain the concept of data integrity, its evolutiondata governance strategies or programs, how to implement a data governance framework in your company and remediation solutions.

How can a company act in accordance with regulatory guidelines?

Nathalie: There are two things a company can implement to work accordingly:

1. Work according to the ALCOA or ALCOA+ principle. This is a framework that pharmaceutical companies use to ensure data integrity. The ALCOA principle applies to both paper documents and electronic/digital data. The acronym stands for:

    • Attributable: when data (or e.g. a product) is produced, it must always be clear where, when, how and by whom. If an adjustment has been made, it must be clear why. This means that there must always be a link to the source of the data, e.g. a person or computer. This can be done by using a barcode, QR-code, user ID (username with password) or a signature with date.
    • Legible: the data must always be legible and permanently accessible throughout the data lifecycle.
    • Contemporaneous: data is recorded the moment the data is being produced. The date and time must be chronological.
    • Original: original data or ‘primary/source data’ is the source of the data. The first data point where the data was produced/measured.
    • Accurate: accurate data is error-free, complete and correct. Each modification is documented.
    • +Complete: All data, including repetition or re-analysis, must be complete.
    • +Consistent: all elements of the data, e.g. 3 consecutive batches of data must have a date and time indication that is consecutive.
    • +Sustainable: data must be recorded on controlled worksheets, lab logbooks or electronic media (no post-its or personal notes that could be lost).
    • +Available: data should always be accessible and available for review.

Nathalie: “If a company can apply these ALCOA+ principles, they are handling the data in a correct manner but then there is no strategy or framework within which the entire company can work. Setting up a data governance strategy is important. It must be an integral part of the quality management system and inherent to your corporate DNA. This way, you increase the support base among the employees and the company creates a real commitment”.

2. Creating a data governance strategy

“Data governance is the sum of the processes & procedures to ensure that data, irrespective of the format in whih they are gerenated, are recorded, processed, retained and used to ensure the record throughout the life cycle of the data. Data governance ensures good management of records and data throughout the regulated undertaking. Data governance encompasses the people, processes and technology required to achieve consistent, accurate and effective data handling.” (Source: ISPE GAMP Guide: Records and Data integrity)

Think of data governance as the who, what, when, where and why of the organization’s data. A data governance program is therefore not a ‘nice-to-have’ for a life sciences company but is fundamentally part of the company. It is important that the management understands, supports and communicates the concept of data governance to the employees. There must be a sufficiently large support base and a distinct corporate culture of safety & quality. Implementing a successful data governance strategy requires careful planning, the right people, the right tools and technology.

Another aspect of data governance is the protection of company and customer data. This of course should have a high priority. Data breaches are almost everyday occurrences and governments put a stop to them with laws that protect our private data. A data management program builds in controls to protect data and help organizations comply with compliance regulations.

Need help to comply with data integrity guidelines?

Our experienced Data Integrity experts would be happy to assist you.

A risk-based and pragmatic approach

In order to address the growing need of the industry to implement data integrity in a smart and efficient way, Pauwels Consulting has developed a unique data governance program. The program combines a thorough pre-assessment with subsequent transition according to the well-known PDCA cycle. GAP assessments and associated actions are carried out in parallel across each department with continuous feedback loops and include alignment of all DI-related documentation (e.g. URS, data handling procedures, etc…).

Our risk-based and pragmatic approach embeds strong leadership and proper behavioral management. It is designed to achieve and sustain DI cultural excellence across the entire organization. Proper training is crucial so our Data Integrity team has compiled a variety of training modules that can be tailored to achieve these goals, together!

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

Data integrity in the pharmaceutical industry

10 Jun 2020
Advanced process digitalization, often refered to as Industry 4.0, started a revolution in the pharmaceutical industry. The amount of data circulating has strongly increased in recent years and this trend will continue. The question then arises: what impact does this have on data integrity?

While in the past everything was written down on paper and then stored in the filing cabinet, this has now changed with the advent of email, automation, the cloud, big data and AI. This digitization creates many business opportunities but the chance of something going wrong in the data process flow is increasing. It raises the question for the pharmaceutical industry: how can we still guarantee the safety and quality of the product?

These following weeks, our Data Integrity Expert, Nathalie Wellens, will explain the concept of data integrity, its evolutiondata governance strategies or programs, how to implement a data governance framework in your company and remediation solutions.

What is data integrity?

In the context of a GxP environment, data integrity can be defined as maintaining and ensuring the accuracy and consistency of data throughout its lifecycle. This, of course, in compliance with legal requirements. Data integrity is a crucial aspect of the design, implementation and use of any system that stores, processes or retrieves data.

Data integrity is in line with the GxP standards, which can be the (c)GMP, (current) good manufacturing practices, GLP (good laboratory practices), GCP (good clinical practices) or the GDocP, the good documentation practices. To support Data Integrity during the full life cycle of the data, some key concepts in the GMP requirements are summarized in the form of the acronym ‘ALCOA’ or the ‘ALCOA+’ principles.

It should not be confused with data security or data quality. These are only a part of the data governance strategy. Nor is it a synonym for privacy legislation such as the GDPR. However, it can help your company to comply with this privacy regulation.

Why is data integrity important?

Data and its integrity are extremely important to ensure patient safety, the quality of pharmaceutical products and the integrity of company data within the life sciences industry. In addition, data integrity is closely related to the reliability of your organization. Within a GxP environment, the provision of evidence in accordance with legislation and regulations is particularly important to demonstrate the safety and efficacy of a product, for example in the event of legal disputes.

Why is there an increasing focus on the guidelines by regulators?

There has always been a strong focus on patient safety, data reliability and product quality, both within the pharmaceutical industry and the medical devices or healthcare industry. However, in recent years there has been an increase in data breaches and misuse of GMP guidelines, especially in the Asian market (e.g. ‘testing into compliance’ or false data laboratories). As a result of these breaches, the guidelines have been strengthened and there is more monitoring and control of compliance with the guidelines.

In January 2015, the MHRA published new guidelines in the document ‘GMP Data Integrity Definitions and Guidance for Industry’. Later that year, the HMA (Heads of Medicines Agencies) and the EMA (European Medicines Agency) proposed the ‘EU Medicines Agencies Network Strategy to 2020’. This is a five-year strategy for European regulators in which data integrity checks are mandatory in order to prevent fraud.

Subsequently, in 2016, the FDA (Food & Drug Administration) published its guidelines, ‘Data Integrity and Compliance with cGMP’. Although these guidelines are not binding, a great deal of focus is placed on data integrity during audits and inspections by the FAGG, the EMA, the FDA or suppliers.

What could be reasons for violating the guidelines?

The reasons can be very diverse and we can even say that 80% of the breaches happen unknowingly:

  • the pressure to produce and guarantee business continuity
  • a lack of awareness or knowledge
  • the corporate culture does not fully support the concept
  • insufficient resources or budget, inadequate technology or processes

Even with a data governance program implemented, individuals can still choose to defraud or falsify data. It is important to know that regulators make no distinction between human error and fraud/falsification when assessing.

What could be the consequences of non-compliance?

  • the patient may be in danger
  • strict audits or a temporary stop in production
  • loss of reputation and reliability
  • bad data that cannot be used for analyses or strategic decisions
  • recalls, ban on export or production for an indefinite period or cessation of activity
  • prosecution

We can state that although these guidelines are not binding, it would be a big mistake not to follow them because the consequences are too big.

Need help to develop & implement a data integrity strategy?

Our experienced Data Integrity experts would be happy to assist you.

A risk-based and pragmatic approach

In order to address the growing need of the industry to implement data integrity in a smart and efficient way, Pauwels Consulting has developed a unique data governance program. The program combines a thorough pre-assessment with subsequent transition according to the well-known PDCA cycle. GAP assessments and associated actions are carried out in parallel across each department with continuous feedback loops and include alignment of all DI-related documentation (e.g. URS, data handling procedures, etc…).

Our risk-based and pragmatic approach embeds strong leadership and proper behavioral management. It is designed to achieve and sustain DI cultural excellence across the entire organization. Proper training is crucial so our Data Integrity team has compiled a variety of training modules that can be tailored to achieve these goals, together!

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

What is AI, Artificial intelligence?

30 Apr 2020
Artificial intelligence. What is AI? What is the impact of artificial intelligence on business? The impact is significant when it comes to productivity, as it optimises use of time, safety and accuracy.

AI every day

AI is now part of our day-to-day lives. In the morning, we sit at the breakfast table, drink a cup of coffee and ask Siri or Alexa to tell us the news for the day or put on a morning playlist. The thermostat in your home can tell what the weather is like outside, while your robotic lawnmower monitors your garden at night and knows exactly where to cut the grass during the day. This is all powered by AI.

AI grasmaaier

Artificial intelligence

The term ‘artificial intelligence’ is an overarching term for various methods of rendering intelligent a device, application software suite and so on.  If you manage to make a device do what you want it to do without having to explicitly assign it the task, this is an example of artificial intelligence.

There are various terms that are frequently mentioned in the same conversation. Examples include ‘machine learning’ and ‘deep learning’.

Machine learning

Machine learning uses algorithms to collect data so it can learn and make predictions based on this. This type of artificial intelligence does not give the machine any instructions. Instead, the machine learns to perform tasks based on the amount of data it has and the algorithms it uses. There are many ways for businesses to take advantage of machine learning: facial/object recognition, pattern/emotion detection, product advice, voice-to-text conversion, natural language interpreting, data structuring and more.

Nine examples of artificial intelligence: machine learning

Amazon machine learning
Amazon Machine Learning

Deep learning

This type of artificial intelligence goes a step further. It is more complex and is based on a neural network – the human brain is a good example of one. There are many hidden layers between the input and the output, meaning the raw data is easy to process and structure. It can also recognise patterns that the human brain is unable to detect.

An example: AlphaGo trained itself to become an unbeatable Go master (against human opponents) in just three days.

AI in your business

It is clear that artificial intelligence will have a major influence on productivity in industries and companies and on production processes.

Use of time

AI can optimise how employees use their time by analysing their situation and offering tips. AI can take on tasks so that machines do not require downtime and to reduce the amount of errors. Employees can focus more on work that is of greater benefit to the company instead of having to perform repetitive manual tasks.

Safety

Tasks in difficult-to-reach areas that are hazardous to human health can be performed by machines instead.

Accuracy

As AI can process huge amounts of data in much less time than people, it enables analyses to be performed and justified decisions to be made without the fear of failure, doubt or influencing factors entering the picture.

Is my company ready for AI?

Please answer this question on the basis of this questionnaire.

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer

Insights

8 benefits of a certified ISO 9001 quality management system

25 Apr 2020
The introduction of an ISO 9001 quality management system typically gives an organisation more order and structure, which is usually to the benefit of the quality of its products and services.

Why should you consider a certified ISO 9001 quality management system?

On the one hand, we see that organisations are often forced or feel obliged to implement a certified ISO 9001 quality management system. More and more clients demand that their suppliers work in accordance with the ISO 9001 standard.

On the other hand, we see that increasing numbers of organisations set up a certified ISO 9001 management system on their own initiative. These organisations want to become more professional and make the quality of their products and services clear, measurable and controllable in order to distinguish themselves from other suppliers.

In any case, the introduction of the quality framework typically gives an organisation more order and structure, which is usually to the benefit of the quality of its products and services.

The eight benefits of a certified ISO 9001 quality management system

As an organisation, you can always choose to work in accordance with the ISO 9001 standard, but you can also choose to be certified by an independent party (such as a certification body). In practice, we see eight major benefits in choosing a certified ISO 9001 quality management system:

  1. You have objective proof that your organisation attaches great importance to quality and that you have it checked regularly by an independent party. This commitment increases confidence in your organisation.
  2. You achieve higher operating efficiency. Organisations that consider quality management to be an integral part of their business operations usually achieve higher operating efficiency than those that do not.
  3. A certified ISO 9001 quality management system increases the quality of your services and raises your staff’s awareness.
  4. A certified ISO 9001 quality management system ensures clear processes and (communication) structures, tasks and responsibilities throughout the entire organisation. This increases the involvement of your staff, which improves the working atmosphere and reduces the pressure of work.
  5. You can detect and identify problems in good time, which means that you can quickly take steps to avoid the same mistakes in the future.
  6. You make it clear to your staff, your partners, your clients and the outside world that customer satisfaction is at the core of your business.
  7. Being ISO 9001 certified, gives you a positive company image, raising you up to the level of your competitors or perhaps even a level higher.
  8. It is possible also in your commercial interest, seeing that more and more clients demand that their suppliers work in accordance with a certified ISO 9001 quality management system.

Interested in the challenges a quality manager faces? Check out our article here.

Our advice? Go for it!

Are you considering working in accordance with the ISO 9001 standard? Fantastic! But don’t take half measures. We recommend that you implement a certified ISO 9001 quality management system right away.

Contrary to what many organisations still think, implementing a certified ISO 9001 quality management system is much less drastic than you might imagine at first. Do you still have any questions or doubts? We would be pleased to help you!

Who is Luc Marivoet, our quality expert?

Luc Marivoet is Prevention Counselor & Quality Officer at Pauwels Consulting. He has over 25 years of experience in quality management positions. In these positions, he provided support and supervision in an international context (Europe and Asia). Luc now uses his experience to set up, implement, monitor and follow up certified ISO 9001 quality management systems and Supplier Quality Assurance activities. Luc is currently working at a Belgian engineering office specialized in rail infrastructure and technology for the implementation of an integrated management system (ISO 9001 & ISO 45001). He also teaches QHS Management Systems (ISO 9001 and ISO 45001).
Do you have a question or comment for Luc? Contact Luc here.

Contact us

Do you have any questions for us? Let’s get in touch!

Contact Pauwels - NO UPLOAD

Form to contact@pauwelsconsulting.com

"(Required)" indicates required fields

Joke Roggeman Welcome Officer