Quality assurance in validated GxP environments with SAP MDG
Mastering Master Data Management
In addition to including a variety of approval processes, the master data solution SAP MDG now also comes with the option to incorporate digital signatures. This is particularly interesting for companies in the medical, pharmaceutical and chemical industries looking to control their production and documentation processes in validated environments as these are governed by GxP guidelines. But what are the advantages of digital signatures?
GxP guidelines are comprised of binding regulations intended to maintain high levels of product quality as a means of consumer protection. Compliance with the regulations is monitored by international and local supervisory authorities to ensure that relevant processes are implemented in a consistent manner that meets all applicable standards.
A key component here is the quality of a company’s master data. It is crucial to ensuring automated, consistent and accurate process execution and a critical ingredient of success for any company. Whether it is product developers, purchasers, production planners, sales reps or distributors – they all rely on accurate master data for the efficiency and quality of their processes.
Until recently, master data was created and maintained based on different patterns, each of them fundamentally different. In one approach, companies would exclusively manage master data in-house. In another, master data was obtained from external sources. The downside of managing master data internally is that the focus is often of a local one. There are usually no integrated systems in place to connect the maintenance process to the data management process and the data is not suited to be used on a global scale. Master data changes are commonly initiated by email and then manually executed in the systems. This lack of integration is a frequent source of errors and it is nearly impossible to track them after the fact. Focusing on their specific regions, the different locations only maintain their country-specific data as they are under the impression that it is all they need for their purchasing, production and distribution purposes. This approach to master data management will inevitably produce inconsistencies in the data stored across a company’s different locations. Apart from the fact that this goes against every principle of globalization, it is simply not acceptable in validated environments as it violates GxP guidelines. GxP adherence requires that the process of maintaining master data is subject to controlled and reproducible rules.
Master data from the outside
The second variant involves obtaining data from external sources that are responsible for upholding the quality of the master data and validating the data. The entire process of maintaining master data is outsourced and only the most essential information is obtained from the supplier and managed locally. The companies themselves only maintain those company-specific attributes of their master data objects that have a decisive impact on their processes. One example for the pharmaceutical and medical industries is the American Medical Association. It provides companies with valuable information such as relevant material data for the manufacturing of medical equipment and pharmaceuticals.
This approach, however, also means that a company needs to invest considerable time and resources into its supplier management. New suppliers must be thoroughly vetted for their reliability and security standards and existing suppliers must be audited on a regular basis. And when it comes to dealing with particularly sensitive data, companies should even consider explicitly certifying their suppliers, as this is the only way to reliably protect patents and prevent counterfeiting.
No outsourcing needed
This is where SAP comes in with its SAP MDG master data solution. With it, companies get to maintain their sensitive master data in a professional, consistent and integrated manner that also allows them to comply with their own safety standards. This eliminates the rationale for outsourcing while ensuring compliance with GxP guidelines and regulations. Its contributor-based workflow concept allows SAP MDG to involve employees from all relevant departments such as purchasing, development, sales, or accounting in the maintenance of the master data, creating a seamlessly integrated experience. With rule-based workflows in place, everyone can contribute their part to enriching master data with information in accordance with the permissions assigned to their respective role. The key to this are the change request (CR) used by SAP MDG. They ensure that master data objects such as materials, suppliers, or customers are created or modified in a controlled process. Depending on the changes requested by the initiator of the CR, different contributors can be added to the workflow. Changing a single attribute of a record, for example, can trigger workflow rules that will the automatically include specific contributors from the business department in question into the process.
This contributor-based change management approach is ideally suited to the challenges of maintaining master data in validated GxP environments. One of the main requirements here is to have quality assurance (QA) sign off on and confirm any changes to GxP-relevant attributes (which are defined as part of the design process). In the context of pharmaceutical and medical manufacturing, these could be the strength or nature of the active ingredients or regulatory approvals related to the materials. For this particular use case, SAP MDG can be used to include quality assurance teams in the change workflow for the master data objects. This allows QA managers to assess changes to an object themselves and either approve or reject them. A principle that can be applied to all of a company’s master data objects. GxP-relevant attributes that have been designated as such will trigger workflows that will automatically involve the appropriate parties (quality assurance in this case).
Enter the digital signature
Once quality assurance has reviewed and verified the changes, it confirms the accuracy of the specifications by applying a digital signature. Building on the existing SAP NetWeaver authorization concept that allows for the assignment of object-based authorizations to users, a separate authorization object is made available for the digital signature in SAP. This adds another layer of security to a company’s sensitive GxP-related data. Changes to master attributes governed by GxP regulations can only be made by appropriately authorized users. By bringing together digital signatures and contributor-based workflows, the solution meets three essential criteria of good master data management practice:
- A company’s master data is managed exactly to the extent required by external rules and regulations.
- Digital signatures are a valuable contribution to the obligation to document in GxP environments. They ensure accountability and complete audit trails by tracking who changed and approved what GxP data and when.
- It also raises awareness among the staff involved in the process about the critical nature of changes to GxP-relevant data and promotes due diligence.
Implementing digital signatures in SAP MDG companies with validated environments can also help comply with good documentation practices. This, together with the contributor-based workflow concept, ensures that all changes to GxP-relevant data are approved and documented in compliance with applicable guidelines and regulations. What’s more, companies also benefit from a better protection of their patents as they no longer need to rely on data suppliers and their respective security standards. (ur)
By Tobias Balogh, Consultant at Camelot ITLab
The original article was published in S@PPORT, Issue 9/2016.