The food and beverage industry has its own toolkit for quality (e.g., Safe Quality Foods Program, or SQF, and Global Food Safety Initiative, or GFSI). It even has its own standard (ISO 22000). However, the industry must embrace and apply the new concepts embodied in the ISO 9001:2015 revision to meet the challenges of ensuring quality in the 21st century, where the use of integrated and sophisticated systems of software and engineering technology applications have become the norm for achieving quality and consumer safety.
The Advent of Best Practices
The Federal Food, Drug, and Cosmetic Act was passed by Congress in 1938, and then more “modern” standards, such as SQF, GFSI, and Hazard Analysis and Critical Control Points (HACCP) evolved over time to clarify best practices. In 2011, the Food Safety Modernization Act (FSMA) was signed into law. The primary focus was not a surprise: To incorporate risk-based control measures in manufacturing.
Something else to consider is how technology and the advent of automation affected the evolution of best practices. Using human decision making to evaluate good or bad product was replaced by Good Engineering Practices, or GEPs. So, spitting out lots of bad product faster was a common factor in production. This demonstrated how automation doesn’t necessarily lead to good quality. Quality gurus were making their mark on controlling bad production with decision-based QC and QA. The likes of Deming, Juran, Feigenbaum, and Crosby were all advocating the new quality philosophy. Then federal regulations for quality of product by the FDA were aggressively used for determining civil and penal crimes resulting from poor production decision making. Thus, tech-based production and services using good best practices became the norm as companies looked to ways for controlling and improving systems, including those for quality, environment, health and safety, as well as software design and use.
Controls and the ISO Standards
Quality Management System (QMS) ISO standards have been created for all major sectors of manufacturing to answer an important need: A systematic application to improve and control the quality and the safety of consumer products. There are key components and changes to these standards common to manufacturers in most industries. These components include:
- Design control,
- Documentation and record control,
- Supplier(s) control,
- Measurement control and analysis,
- Data use for validation/verification,
- Elimination of Corrective and Preventive Action (CAPA)—now referred to as Risk Opportunity Analysis,
- Non-conformance and corrective action,
- Improvement application,
- Management planning and oversight,
- Change control (risk-based),
- Contamination controls, and
- Infrastructure and work environment controls.
ISO Standards Evolution
The latest revision of ISO 9001 (ISO 9001:2015) follows the same overall structure as other ISO management systems (known as High-Level Structure), which makes it easier for anyone using multiple systems (e.g., ISO 9001 and ISO 22000). This is a major change in the latest 9001 revision.
Another big change is the focus on risk-based thinking. Basically, the latest version of the standard makes risk management, which has always been implicit (or implied), explicit (no longer optional.) Now there is the need in the standards to make critical and often-ignored implicit components of application, such as planning and change activities, explicit in implementation. As an example, now explicit in these activities is the application of risk-based decision making, control measures for change and risk application, and the specific use of data-driven measurement and analysis.
A third change is the key explicit requirement for formal evaluation and activity in assessing the objectives for chosen benchmarks in the business using quality-driven criteria with chosen alternatives for meeting such objectives. S.M.A.R.T. (Specific, Measurable, Actionable, Realistic, Time-bound) driven objectives must have regular dashboard review by cross-functional teams in an improvement strategy with the application of critical thinking skills as a process-based approach for quality and safety of products and services (e.g., quality consulting and auditing).
Food Manufacturers Take Note
The new standard now reinforces the risk-based approach that must be taken by food and beverage manufacturers. Whether it’s HACCP under Part 110, or risk control measures under FSMA, the methodology is clearly an explicit execution. The upside is all the support and guidelines available to provide the detail necessary for implementing a risk-based program. Such documents include the following.
- Management of Risk – BSI document that relates Management of Change
- ISO 31000/ISO 31010 – Operational Risk Standard and companion risk toolbox guideline
- ISO 14971/ISO/TR 14969:2005 – Product risk standard and application improvement guideline for med device products (crossover considerations for product attribute risks)
- ICH-Q9 – Harmonization guideline for pharmaceutical manufacturing (IMDRF.org)
- IMDRF SG3/N15R6 – International Risk Management guideline
- IMDRF GHTF/AHWG-GRM/N1R13:2011 – Guideline regulatory model for regulated products
To Apply or Not to Apply: A Worst-Case Scenario
Recently, a manufacturer of a probiotic product was issued a consent decree. At best, its QA program (before the decree) consisted of cryptic QC data with a spot inspection by the quality group under the plant manager’s discretion. By comparison, its response document included the application of ISO 9001:2015, which was a draft international standard or DIS at the time. This manufacturer articulated an aggressive project plan with specific stipulations directly from and in conformance to the new standard, and this resulted in an FDA approval. Five months of extensive planning execution on a risk-based system brought successful closure to this operation. Key to this example was the guidance of critical points addressed using the ISO 9001:2015 standard. Such points included:
- Management review with daily involvement in risk and opportunity analysis (6.1);
- Planning of changes (6.3) with a risk-based change control process canvassing all change affected conditions (8.5.6) in the QMS (e.g., document change, material change, process change, engineered change, ); and
- Event management/CAPA (10.2) using good critical thinking in risk-based decision making (Annex B) as a process.
Working with the FDA district office and independent expertise in legal and consulting efforts for guidance and implementation accelerated the project timeline for this company. A FDA follow-up visit occurred during the second update window. It was necessary during this meeting to convey the understanding of the critical principles being applied in the model of a QMS using ISO 9001:2015. The outcome was a retracted and effectively closed level of infraction. This company worked with regulators using a common language to apply QSIT and the law (FSMA, 21CFR 110/111) while providing conformance to a QMS that remains ever-improving due to the principles and elements to be embraced using this standard.
As a commentary for closure, it has been refreshing to see companies who adopt this approach without a historical understanding of ISO standards. Moreover, these companies are very accepting and encouraged by the proactive nature in which this QMS approach delivers outcomes based on good risk planning in all aspects of their business.
Murray is the director of quality and compliance services at MasterControl. Reach him at wmurray@mastercontrol.com.
Leave a Reply