In pharmaceutical supply-chain security circles, executives speak of a 2008 meeting with Janet Woodcock, director of the U.S. Food & Drug Administration’s Center for Drug Evaluation & Research (CDER), as a defining moment.
The meeting was convened following the heparin contamination that year that was responsible for 81 deaths in the U.S.—an event that brought the simmering issue of drug safety and supply-chain security to a boil. In a dramatic moment during the meeting, Woodcock, having outlined the agency’s course on overseeing drug safety, looked at drug manufacturers in the room and pointedly asked, “What are you going to do about it?”
Industry soon responded with a plan: a consortium of drugmakers and their suppliers, called Rx-360, that would facilitate the sharing of raw material supplier safety and quality audits—both for active and nonactive ingredients—among drug companies. Rx-360 went on to establish a system through which drug companies can license compliance audits that have already been completed by others, thereby cutting the time and expense needed to vet suppliers’ safety and quality.
Rx-360 made a splash when it debuted, quickly signing on all the major drugmakers and many U.S. and European contract manufacturers and associated service companies. Since then, it has maintained a kind of heroic air as an industry response to a challenge that stretches regulatory authorities to their limits.
Its operatives, a coterie of security managers at drug companies and top executives at pharmaceutical chemical suppliers, have put in many hours of what is often personal time. They have succeeded in expanding membership globally and broadening the group’s purview to make it relevant to security managers covering a wide stretch of the pharmaceutical supply-chain.
The group, however, has struggled to convey the benefit of sharing audits and supply-chain security ideas to the smaller companies and generic drug firms that are likely to generate the greatest demand for supplier audits in the years ahead. Some say it has lost its momentum.
Backers respond that Rx-360 has made significant organizational moves over the past year, including the appointment of a full-time chief executive officer, Mark Paxton, a lawyer who earlier worked for CDER. The group has established a central database and pared its list of recognized auditors from 10 to one. All Rx-360 audits are now performed by the British Standards Institution (BSI), one of the world’s largest auditing firms.
Paxton says he has hired a small full-time staff that will move into offices in the Washington, D.C., area early next year for Rx-360.
One thing that hasn’t changed is the level of commitment from its volunteers, who are credited with establishing an industry-led supply-chain security movement and recruiting its members.
“Today, Rx-360 has 300 volunteers doing something somewhere in the world,” says Guy Villax, CEO of Hovione, a Portuguese contract manufacturer of active pharmaceutical ingredients (APIs) and chairman of the consortium.
Villax, recognized as the group’s foremost ambassador, points to its 500-plus audits on record; an active audit licensing program; and membership including companies in India, China, and Japan as evidence that the concept has advanced beyond big Western drug firms. Rx-360, he adds, has established a rapport with regulators in the U.S., Europe, and China who recognize the efficacy of shared audits.
Villax also credits the organization for expanding beyond its initial focus to become an information clearinghouse on managing the whole pharmaceutical supply-chain. “We were born to secure the supply-chain, so the audit piece is really important,” he says. “Surprisingly, one of the things we really didn’t feel was a need from the beginning was to address supply-chain security from the pharma plant to the pharmacy.” But then the group learned about cargo theft.
Villax describes an Rx-360 meeting in Washington, shortly after the group was formed, at which attendees were asked to raise their hands if they had recently experienced cargo theft. “Every hand went up,” Villax says. “This is happening not only in Mexico, but in Italy and Brazil. Every week. And it’s incredibly expensive.” Rx-360, he says, now hosts a forum for sharing best practices on its website.
But audits are still core. Paxton, who worked as a regulatory counsel in the office of drug security, integrity, and response at CDER, says the audit program went through several iterations during its development. As the program currently operates, an Rx-360 member initiates an audit of a particular drug ingredient manufacturer, and other members are invited to cosponsor the audit and share the cost and results.
Once a certain number of cosponsors have signed on, the audit is performed by BSI. It is then shared with cosponsors and kept on file to be licensed by other drugmakers, which don’t have to be members of the consortium. Revenue from licensing reimburses the sponsors of the audit before being banked by Rx-360.
“We’re hoping that this kind of a program, once fully optimized, becomes the industry standard,” Paxton says, “because it’s absolutely ridiculous for multiple manufacturers buying the same ingredient to go into the same supplier over and over and over again.” Rx-360 logged 88 joint audits and licensed 160 last year, and is on track to double both figures in 2016, says Paxton.
Rx-360 audits, he adds, do not preclude individual audits—especially when the API for a new drug is involved—but they can serve as a base audit covering standard operations. Villax agrees. “We want companies to start using the Rx-360 audit to tick the box for regulatory compliance,” he says. “We still want the client to come visit the plant, do a technical visit to see if there is a technical problem with the product. But checking the test control system and training record for two or three days is incredibly boring and repetitive and a waste of resources.”
The cost of mounting a full audit, including preparatory and corrective work, can reach $50,000, Villax notes.
Whereas drug ingredient suppliers like Hovione tend to join Rx-360 for audit consolidation, large pharmaceutical companies are interested in a broader swath of the supply chain. In the U.S., that interest was heightened by the recent enactment of the FDA’s Drug Supply Chain Security Act, which requires full supply-chain traceability from the manufacturer to the pharmacy. The European Union’s Falsified Medicines Directive has had a similar effect.
Brian Johnson, senior director of supply-chain security at Pfizer, has led the expansion of Rx-360 beyond its initial focus on the manufacturing plant. As he recounts, discussion of postmanufacturing supply-chain security began informally in 2010 when supply-chain executives from several major drug companies met to discuss methods of sharing information.
“This group was starting to frame a picture of what a comprehensive supply-chain management program looks like at a company like Pfizer,” Johnson says. “We became aware that Rx-360’s mission statement was in line with what we were doing. So we brought what we were doing into Rx-360.”
Pfizer has contributed documents on the handling of materials in transit, including the deployment of GPS. Johnson adds that Rx-360 now offers standard audit templates covering logistics. “These may help smaller companies understand what they can do to prevent cargo theft,” he says.
Johnson notes that regulators are keen on the industry’s security efforts, given the limited resources at government agencies and the daily, hands-on involvement of the drug companies themselves in moving ingredients and products around the world. Johnson says supply-chain security is an area where there is virtually no resistance to sharing information among competitors.
Although they are pleased with the development of Rx-360, Paxton, Villax, Johnson, and others lament the lack of interest in the group on the part of generic drug manufacturers other than a handful of large companies. That’s surprising, they say, because generics firms have much to gain by consolidating audits and sharing information on supply-chain management.
Shared auditing would be an ideal option for most small generic drug manufacturers, given their need to manage costs, says Wes Schmidt, who is vice president of quality assurance operations at AbbVie, an Rx-360 board member, and a former cochair of the consortium’s audit operations group. Most such firms do not have the staff to perform supplier audits, he says.
Schmidt says he’s concerned that regulators’ growing demand for audits will eventually undercut efforts, such as FDA’s fast-track designation, to expedite delivery of new drugs. He points to the delayed rollout of Merck & Co.’s hepatitis C drug Zepatier in Europe because of the EU’s concerns about record-keeping and quality management systems at a contract manufacturer.
European regulators are particularly aggressive in requiring that drugmakers prove thorough supply-chain oversight, Schmidt says. The U.S. is catching up, and Rx-360 is in position to advance its collaboration with regulators before a huge audit backlog emerges. “Honestly, I am worried about the day that this becomes more of an emergency than a good idea that we have to jump on,” Schmidt says. “I’m worried that one day the supplier’s doorbell will ring and there will be 20 people in line.”
But reaching generic firms and small drug companies before they need to ring that bell is not likely to be easy. Representatives from several small drug companies attending the Pharma ChemOutsourcing conference in Parsippany, N.J., last month told C&EN that they are familiar with the consortium but don’t see the need to join.
One said his company considers anything other than a firsthand audit to be too risky when dealing with regulators on a new drug launch. Another expressed concern that a licensed audit wouldn’t meet the particular needs of his company.
The vice president of chemical development at a small, U.S.-based biotech firm, said he sees the benefit of sharing audits of contract manufacturers. “I think it’s a good idea to have multiple players involved. It gives you a more complete picture,” he said. “But we haven’t done it because there is a fee to get in. Sharing the information will help us, but the dues will keep us out.”
Villax acknowledges that drug companies may not consider Rx-360’s shared audit enough of a vetting of an API supplier that is manufacturing their new-to-the-world drug. It can, however, be used to consolidate audits of generic API producers, excipient manufacturers, and suppliers of other nonactive ingredients. The consortium expects to debut an “audits only” membership with reduced dues.
“Next year will be an important one for the consortium’s audit program,” AbbVie’s Schmidt says, adding that the group will be able to illustrate the improvements in its auditing system to FDA. “And countries around the world are now approaching us to ask us to do a portion of their audits.” The growing demand for audits, he says, will fuel the consortium’s growth.
Villax agrees, confident in what the group has accomplished and optimistic about the challenge ahead. “If all we wanted to do was tell Janet Woodcock we’ve done our bit, I think we’ve done our bit,” he says. “But if we want to make history, we have to be licensing a majority of our audits to the generics industry because they are the ones that need it most.”
It is incumbent on Rx-360 to convince generic drug manufacturers that sharing information is a cost-effective route to compliance, Villax says. “That,” he admits, “is the nut we have not cracked yet.”