Author: Paul Curwell
Introduction
In a previous post, I looked at the anti-counterfeiting and supply chain traceability model proposed by AS6174 for the Aviation and Defence industries. This standard is one of many different standards available, some of which are generically applicable to any industry, and others which are designed to meet the needs of a particular target audience.
This article continues with the current Supply Chain Integrity and Security theme, this time looking at the model developed by the The United States Pharmacopeial Convention (USP) – Asia Pacific Economic Cooperation (APEC) Life Sciences Innovation Forum (LSIF) in 2016.
The United States Pharmacopeial Convention defines Supply Chain Integrity and Security as “a set of policies, procedures, and technologies used to provide visibility and traceability of products within the supply chain. This is done to minimize the end-user’s exposure to adulterated, economically motivated adulteration, counterfeit, falsified, or misbranded products or materials, or those which have been stolen or diverted”.
On first glance, the output of the USP/APEC model is what is referred to as the ‘Supply Chain Security Toolkit for Medical Products’, designed for the pharmaceutical, medical devices, and life sciences industry. This toolbox addresses ten different domains, each of which has a range of sub-components, which align nicely into a Capability Maturity Model that at a high level could be applicable to a range of industries.
In this post, I unpack this USP/APEC toolbox in more detail and explain how the Toolkit could be applied to create an industry-agnostic Capability Maturity Model for Supply Chain Integrity and Security.
The USP/APEC ‘Supply Chain Security Toolkit for Medical Products’
This toolkit itself is a 14-page interactive PDF broken into ten domains, each of which reflects a different element of the supply chain. There are 64 supporting documents from a variety of authors, including the World Health Organisation and APEC, which dive into each element in differing levels of detail. This is available on the Korean National Institute of Food and Drug Safety’s website. The ten elements are as follows:
| Good Manufacturing Practices | This section sets out 11 key considerations for supply chain integrity and security in any manufacturing process. Aside from processes like Outsourcing and Repackaging, which are recognised as vulnerable to a variety of supply chain threats from product tampering, to cargo theft, product substitution, product diversion, and grey market / parallel import activity, this section also introduces the concept of “show and shadow factories”. Used here, ‘shadow factories’ refer to businesses which actually perform the manufacturing process (or elements of it), without being declared as such. Aside from the Supply Chain Integrity and Security risks, these practices also expose organisations to Bribery & Corruption risks (such as the Foreign and Corrupt Practices Act and United Kingdom Bribery Act) and Modern Slavery and Human Trafficking risks (such as were workers in ‘shadow factories’ may be trafficked or working in slavery, slave-like, harmful or substandard conditions). See my related posts on modern slavery and associated due diligence practices here. |
| Good Distribution Practices | This section, along with the Good Manufacturing Practices, is comprehensive and well-constructed. Whereas the real insights the remaining sections are somewhat buried in the supporting documents, this section is cleanly laid out to reflect the steps required across 11 elements of the distribution value chain. |
| Good Import / Export Practices | Unfortunately this section remains under development so no further guidance or information is available on importing and exporting |
| Clinical and Retail Pharmacy Practices | This section is interesting because of its focus on the ‘end user’ [see my previous post for details on end user verification], covering the lifecycle from “purchase and receipt to storage, and until the products are dispensed and administered”. The supporting guidance includes another 66-page toolkit which is similar in terms of application to AS6174, as well as incorporating similar concepts around traceability of raw materials and storage as the Australian Code of Good Manufacturing Practice for Veterinary Chemical Products. |
| Product Security | The term ‘product security’ appears undefined in the Toolkit, yet seems to refer to the variety of measures used to protect products from “cargo theft, intentional adulteration, Product Diversion, Substandard Products [what I refer to as Product Substitution], and Product Tampering. The materials in this section provide advice on both “upstream” and “downstream” issues in the supply chain. |
| Detection Technology | This section focuses on giving parties in the supply chain the ability to determine the Authenticity and Conformance (including Quality) of any product, with a view to identifying what USP/APEC define as ‘Substandard, Spurious, Falsely Labelled, Falsified and Counterfeit’ (SSFFC) medical products through non-destructive (e.g authentication of packaging) and destructive testing (e.g. chemical analysis) methods. One observation from me is the different language used across industries – whilst this life sciences example uses SSFFC, readers of my previous post may recall that AS6174 used “suspected, fraudulent, and counterfeit” to refer to the same concepts. |
| Internet sales | The global, unregulated nature of online shopping is a long-standing concern for any Intellectual Property Rights (IPR) Holder, let alone life sciences. TheToolkit highlights a variety of risks to consumers arising from internet sales, including: “(a) not receiving the drug purchased; (b) drugs containing incorrect dosage, i.e. super-potent or sub-potent; (c) or containing no active ingredient at all”. A fourth category, that of containing harmful or toxic ingredients as substitutes (e.g. arsenic), could also be added given this practice is common with many counterfeit pharmaceuticals – see this article published in 2019 from The Guardian. |
| Track and Trace System | The life sciences industry has a range of industry-specific, regulated requirements around ‘track and trace systems’ such as those mandated by the United States Drug Supply Chain Security Act (DSCSA). Usefully, this Toolkit contains a Gap Assessment documenting selected best practices as well as cost-benefit information that may be of use in any business case. |
| Surveillance and Monitoring | This element is split into the typical Prevent, Detect and Respond domains common in any security or fraud risk management framework and is primarily focused at the government, as opposed to manufacturer, level. The government focuses likely explains why this model does not address the utility of an ‘intelligence capability’ as a foundation to Identify and Monitor threats before they become material to business. I will cover this in more detail in future posts. |
| Single Points of Contact | This aspect focuses on building a public-private network for information exchange between regulators, authorities, law enforcement agencies and international bodies. In addition to emphasising reporting, this domain also addresses the need for training and cooperation programs. |
Using the Toolkit to build a Capability Maturity Model for Supply Chain Integrity & Security
As outlined above, this is a comprehensive, free toolkit for a highly regulated industry that goes into a substantial amount of detail as to the programs and initiatives that should comprise any Supply Chain Integrity and Security framework for the life sciences sector. The attraction of this Toolkit is that it could be easily converted into a Capability Maturity Model and applied across any industry with similar supply chain risks, such as food & beverages, consumer electronics, or agricultural chemicals.
Whilst subtle industry and jurisdiction-specific differences will exist, any reader charged with the task of reviewing or developing a Supply Chain Integrity and Security program could easily apply the contents of this Toolkit to this task. Additionally, Internal Auditors and functional leads (e.g. Heads of Product or Heads of Security) could benefit from using the Toolkit to benchmark their current programs.
Benchmarking & Capability Maturity Models
Any benchmarking activity should start with the construction of a Capability Maturity Model – effectively a deconstruction of all the major elements in any Supply Chain Integrity and Security framework (e.g. manufacturing, distribution, product security, etc), which identifies each of the sub-elements that comprise each of the major elements. Organisations which lack either a major or sub-element would ordinarily be considered less mature, receiving a lower ‘current state’ score, unless there is a justifiable business need for not performing a particular function.
I have been building and applying Capability Maturity Models since 2006 when I joined Booz Allen Hamilton, and I can personally attest to the tremendous value of Capability Maturity Models in helping functional leads understand what needs to feature on strategic roadmaps or workplans. Just as important as the design of the Capability Maturity Model is what is defined as the ‘target state’ – importantly, you don’t need to have the highest capability maturity score for every major or sub-element. In some cases, a low score may be justifiable.
The whole point of a Capability Maturity Model is to build a capability that meets your strategic and operational requirements, as opposed to having a great capability that is not required given the business’ operational footprint. Capabilities which exceed business requirements can be a waste of money and may be a target for cost reduction or outsourcing.
Further reading
- Asia-Pacific Economic Cooperation (2017). Detection Technology (DT) in APEC Supply Chain Security Toolkit
- Australian Pesticides and Veterinary Medicines Authority (2007). Australian Code of Good Manufacturing Practice for Veterinary Chemical Products
- Curwell, P. (2021). End User Verification, https://paulcurwell.com/2021/02/07/end-user-verification/
- Curwell, P. (2021). Modern Slavery, Human Trafficking & People Smuggling? (Part I), https://paulcurwell.com/2021/04/30/modern-slavery-human-trafficking-people-smuggling-part-i/
- Curwell, P. (2021). How should I perform due diligence to comply with Australia’s Modern Slavery Act 2018 (part 2)?, https://paulcurwell.com/2021/06/27/how-should-i-perform-due-diligence-to-comply-with-australias-modern-slavery-act-2018-cth-part-2/
- Pribluda, V, Roth, L (2016). A Multi-Sectorial Approach to Ensuring Medical Product Quality & Supply Chain Integrity, Global Health, March 31, 2016, The United States Pharmacopeial Convention
- Zurich Insurance Company Ltd and SICPA S.A. (2015). A product security intelligence strategy, section 4.7, in Supply Chain Integrity: protecting companies’ blind spots, Risk Nexus
DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.