A Regulatory Surveillance and Advocacy Framework

At the 2024 ISPE Annual Meeting & Expo, a session titled “Regulatory Surveillance and Advocacy” was presented by Christine Moore, PhD, Executive Director, Quality Systems and Compliance at Organon LLC. Moore spoke about the definition of regulatory surveillance of policy and standards, and going beyond surveillance into regulatory intelligence, specifically related to inspections and regulatory review or assessments. She concluded with thoughts on internal communications and information gathering practices to help organizations stay ahead of regulatory changes.

According to Moore, regulatory surveillance involves monitoring the external environment and synthesizing information related to new or changed policies and standards. This process includes a wide range of documents such as laws, regulations, guidelines, and compendial standards. Laws and regulations are high-level, mandatory compliance documents that can lead to fines or even imprisonment if violated. Examples include the US Food, Drug, and Cosmetic Act, the Public Health Service Act, and European Union directives. Regulations are a step down from laws but still legally binding.

Guidelines or guidances, usually issued by health authorities, are detailed documents that are typically not binding but are expected to be followed justified with alternatives. Compendial standards, such as pharmacopeias, are mandatory in associate countries. Public standards, like the International Organization for Standardization and ASTM International, are typically not legally binding but also require justification if alternatives are used.

Regulatory surveillance also can involve attending conferences and learning from industry developments and discussions. Moore offered an example of an atypical guideline, the US Food and Drug Administration’s (US FDA) guideline, “Testing of Glycerin, Propylene Glycol, Maltitol Solution, Hydrogenated Starch Hydrolysate, Sorbitol Solution, and other High-Risk Drug Components for Diethylene Glycol and Ethylene Glycol,” which was released as a direct-to-final guideline due to safety concerns. This guideline includes mandatory requirements, unlike most guidelines that use "should" to indicate strong recommendations. Moore pointed out the importance of reading guideline footnotes; in this case, the footnotes explain why certain testing is a requirement.

The process of regulatory surveillance involves collecting, filtering, assessing, and acting on information. Although a big task, the process should be simple, sustainable, compliant, and have clear roles and responsibilities. Management support is crucial, especially for the assessment phase. Both draft and final policies should be assessed for impact, as some actions need to be taken before a policy becomes final.

Information can be obtained through a push or pull model. In the push model, information is sent by local monitors or received from health authorities. In the pull model, information is gathered from subscription databases, industry newsletters, and health authority emails. Moore noted that the US FDA’s Small Business and Industry Assistance (SBIA) website is a valuable resource for free conferences and webinars. External sources like ISPE conferences also are a source of useful information.

Determining roles and responsibilities for managing information at global and local levels is important. For example, a document related to importation in Peru may not be globally relevant, but a change in Peru's climate zone for stability testing would be. Companies need to consider local versus global scopes and the countries and products they sell.

Moore discussed the assessment of regulatory documents and the importance of conducting assessments on both draft and final documents. She presented three options for who can perform these assessments: a dedicated policy team, a pool of subject matter experts, or organizational liaisons. Moore favored the use of organizational liaisons, who are individuals with dedicated responsibilities scattered throughout the organization. These liaisons ensure that the right person assesses the document, and that the assessment is completed. Management visibility and support are crucial for this process.

Once the document is assessed, it is important to conduct impact and gap assessments to understand which products, sites, and processes are affected and what is not understood about the document. The criticality of the document should be rated, and communication should support the document's implementation. Moore emphasized the importance of conducting impact assessments on draft guidelines, as opposed to final documents only, because regulators might start applying the concepts of draft policies before they are finalized. Draft guidelines reflect the thoughts of the health authority and may have a significant impact on the business.

Moore presented a rating system for impact assessments with a three-category structure:

1. No impact: The organization is already in compliance, and no changes are needed.
2. Impact: Some changes are needed, such as updating a template or standard operating procedure, but they can be managed with current resources.
3. High impact: Significant resources are needed for compliance, such as additional staff, new data, or new equipment.

For high-impact drafts, Moore recommended conducting an impact assessment and sharing it with management to determine if early implementation is necessary.

Moore described an additional, optional action which is commenting on draft guidelines to the issuing authority. Comments can be submitted from a company, or from an individual, or through an organization like ISPE. Comments should be polite, persuasive, and specific, proposing text changes and avoiding vague comments like “please clarify.” Specify what needs to be clarified and why.

Moore then discussed external advocacy, which involves professional societies, trade organizations, and consortiums. Professional societies like ISPE, where individuals are members, are technically focused and may include regulatory aspects. Trade organizations, where companies are members, often focus on legal issues or broader issues like pricing and clinical trials. Consortiums bring together companies, and sometimes also academics, and regulators to solve technical problems.

Moore continued with the concept of regulatory intelligence in relation to product quality. Regulatory intelligence goes beyond merely collecting information, she indicated. It involves synthesizing data from inspections, findings, and publicly available sources, as well as internal company information. Regulatory bodies like the US FDA, Health Canada, and European Medicines Agency (EMA) publish relevant information, though these documents can be heavily redacted. Moore also noted that internal communication can be a significant challenge. She emphasized that while information can be disseminated through various formats, ensuring that it is read and understood is difficult. A tool that has proven effective for communicating emerging policies to management is a heat map that assesses the urgency and impact of guidelines. This tool helps prioritize actions based on how soon a guideline might become final and its potential impact on the organization.

Moore concluded with the importance of staying informed about current developments in chemistry, manufacturing, and controls (CMC) and policy. While AI tools like ChatGPT can assist in finding information, their accuracy is not yet reliable enough for regulatory surveillance. Missing even a small percentage of policy documents is unacceptable in this field. A thorough and accurate process is essential for effective regulatory surveillance.

Explore ISPE’s regulatory initiatives.

Learn more about the 2025 ISPE Annual Meeting & Expo