- Global Pharma News & Resources

Securing safety and quality: strengthening third party supplier controls

Securing safety and quality: strengthening third party supplier controls


The Life Sciences market is in a state of flux, with disruption to international supply chains and consolidation on the rise. This has created a dynamic and unpredictable global marketplace that has made it difficult for drug companies to ensure end-to-end quality and safety. In this article, Helen Lowe from Arriello examines how drug companies can navigate this complex landscape and maintain confidence in their end-to-end safety profile.
  • Author Company: Arriello
  • Author Name: Helen Lowe, Auditing and Quality Assurance Director
  • Author Email:
  • Author Website:
Editor: PharmiWeb Editor Last Updated: 10-Mar-2023

Throughout the drug authorisation process and right across the marketing authorisation lifecycle, licence holders are responsible for ensuring the continuous monitoring of the safety profile of a medicinal product. This includes accountability for all third parties and contractors with a potential impact on that safety profile. Relevant suppliers could include anyone from local distributors or qualified persons to IT system partners, security providers and even auditors themselves.

Disruption and turbulence in the global Life Sciences market is adding to that complexity, with changes to the line-up of suppliers and service providers, all of which affects the vendor records and controls companies must maintain to ensure end-to-end quality and safety. Where control slips, there is a real risk of problems occurring and, if these are exposed during inspections, that could lead to fines, or even product withdrawal from affected markets.

Scenarios potentially triggering an inspection could include a distributor failing to flag an effective product recall in a particular market; a local partner failing to implement additional risk minimisation measures (aRMMs); or a local qualified person being unreachable by the relevant authority due to out-of-date contact details or the vendor going into liquidation.

So how can marketing licence holders take back control?

It’s important to start by identifying ALL suppliers with a potential bearing on a products’ safety profile, however tenuous. Once a definitive list has been compiled, each supplier can be reviewed for potential risk/safety impact and appropriate due diligence. (Ideally, such factors should form part of the risk-based evaluation conducted before entering into a contract with a new supplier or service provider.)

Regulators poised for action

As the Life Sciences ecosystem continues to change in shape and make-up, and as globalisation is counterbalanced by supplier consolidation and supply chain restructuring, regulators are expected to issue firmer guidance on vendor management controls sooner rather than later.

In the meantime, robust vendor management is an expectation under EU GxP requirements. So if drug developers or license holders fall short, they could risk their reputations as well as significant fines and ultimately product withdrawals.

A robust vendor management system (VMS) is every bit as important as a robust quality management system (QMS). Ultimately it should form an integral part of the QMS, and awareness, training and buy-in to vendor management practices should be formalised with appropriate communication and training.

Impact assessment

When considering new third parties, it’s important that the R&D, MAH, CRO or service provider organisation assesses how much impact that vendor will have on the safety profile based on the services it is going to provide.

For instance, a third party that is providing services that are critical to the delivery of the safety profile, maintenance, evaluation of the product (e.g. CRO, PV service provider, medical information provider, outsourced clinical services) will require greater vigilance than one that does not have a direct impact on the safety profile, maintenance or delivery of product and whose failure would not disturb clinical or PV operations. In between these two extremes are suppliers posing a ‘significant’ if not critical risk, in that their failure could disrupt the business.

To stay on the right track with vendor management, follow these steps:

  1. Be proactive. This needs the buy-in from everyone – from business development and contract management, to marketing and beyond.
  2. Educate everyone concerned about the impact of all kinds of third-party suppliers and service partners on safety.
  3. Start the process for vendor selection due diligence before the contract is signed, and get the relevant Safety team involved.
  4. Practise good, ongoing communication and open sharing of information - all paramount to a good third-party relationship.
  5. Conduct an ongoing review of potential risk factors, to ensure ongoing compliance – and maintain strong, consistent communication. From a post-marketing perspective, under GVP Module IV.B.1. (Pharmacovigilance audit and its objective) there must be ongoing due diligence and assessment, alongside an audit program based on risk. This should reflect evolving factors such as changes to legislation and guidance, or a major reorganisation/restructuring of the PV system (e.g. following a merger/acquisition).
  6. Be clear in contracts, setting out respective responsibilities to ensure there is no misunderstanding of responsibilities around sharing changes to information.
  7. Be discerning. The VMS, like a good QMS, should reflect the given company’s own organisational complexity.

Finally, it is important to extend vigilance throughout the lifecycle of the agreement. Foster good relationships with relevant third parties, and keep re-evaluating them to maintain safety and quality. By taking a holistic approach to quality and safety, drug companies can ensure quality without boundaries and protect their products, brands and customers.