Vendor Management

Vendor Management.

What is Vendor Management?

Throughout the drug authorization process and right across the marketing authorization lifecycle, license holders are responsible for ensuring the continuous monitoring of the safety profile of a medicinal product.

This includes accountabilities for all third parties and contractors with a potential impact on that safety profile.

These might be vendors, contractors, service providers, or consultants.

Relevant suppliers could include anyone from local distributors or qualified persons to IT system partners, security providers and even auditors themselves.

First, identify & score relevant third parties.

The spectrum of vendors and service partners that need to be monitored and managed consistently is likely to be much broader than is immediately obvious. So it’s important to start by identifying ALL suppliers with a potential bearing on a products’ safety profile, however tenuous some might first appear.

Once the full list has been created, each supplier can be reviewed for potential risk/safety impact and the due diligence needed relevant to the impact/risk level assigned.

Ideally, such factors should form part of the risk-based evaluation conducted before entering into a contract with a new supplier or service provider. This could include a separate safety agreement, or a simple safety clause within a commercial agreement (the former being the preference).

If such precautions haven’t been applied previously, this activity will need to happen as part of a review or gap analysis as companies strive to consolidate vendors and/or bring supplier management back within visibility and control.

Relevant third parties could include any of the following.

While this is not an exhaustive list, it’s important to adopt the principle that if a supplier or service partner has a potential impact on the safety management system they must be considered. 

  • Sales and marketing companies which may be collecting data and could come across adverse events (AEs).
  • Distributors which may or may not have market authorization status within the local area.
  • Manufacturers.
  • Contract research organizations (CROs).
  • Investigator sites.
  • Outsourced service providers – e.g. of data management; biostatistics; medical writing.
  • Translation services.
  • Archiving facilities.
  • Medical information service providers.
  • PV service providers.
  • IT providers that host the company’s safety database.
  • IT providers that ensure the safety data being stored.
  • Independent Pharmacovigilance or Clinical Safety contract auditors.

Once all the potential third parties are identified, each can be assessed for potential safety profile impact, the current supply/contract status and any monitoring, and required next steps.

Initial due diligence could take one or more forms and Arriello can provide these services:

  • Creation and Review of Risk-based questionnaires based on the contractual obligations of the third party.
  • Pre-qualifications audits.
  • Review of qualification documentation.
  • Review of training.
  • Review of required registrations.
  • Review of relevant certification.
  • References/CVs/interviews.

Ongoing due diligence includes the maintaining of the due diligence documentation; periodic contact reviews and the monitoring of potential third party risks.

Alongside these risks is your audit program management which we can maintain and run by performing your audits, agreeing CAPA’s and ensuring CAPA documentation is collected and filed accordingly for inspection readiness.

How Arriello can support you?

Arriello is unique in offering the end-to-end creation and management of your SDEA/PVAs, Vendor Management selection and due diligence processes, creating a full third-party management program. 

We can also draft your Audit Strategy, linking your VM program to your Audit Program Management strategy. 

We can perform independent audits of your third parties and offer CAPA management and consultancy advice on QMS/VMS best practices.

Key areas of expertise:

  • Review of contractual agreements to identify the need to safety data exchange agreements.
  • SDEA/PVA creation and management.
  • Creation of a third-party risk management program.
  • Creation of audit strategies that will see you through any global inspection.
  • Large pool of professional GVP and GCP auditors to conduct audits.
  • Audit coordinator that can support your project and ensure it’s safe delivery.
  • CAPA management review and maintenance.
  • PSMF Annex B and G.