Introduction
The effective management of pharmaceutical supply chains has become one of the top public health concerns with respect to consumer safety. The globalization of pharmaceutical distribution networks has exposed, at times negatively, the complications and vulnerabilities surrounding these types of delicate distribution networks. Criminal enterprises, unethical entities, and noncompliant trading partners along the pharmaceutical supply chain can potentially introduce contaminated, adulterated, and even counterfeit medicinal goods. When any of these situations occur, there are potentially dangerous consequences. Four examples are given below:
- A broker selling active pharmaceutical ingredients to US manufacturers was convicted and its owner sentenced to two years in prison for falsely labeling its products. The broker bought low-cost materials from plants in China that were not approved by the FDA, and then fraudulently relabeled the materials so that they appeared to be active ingredients from an FDA-approved facility. The falselylabeled ingredients included the active pharmaceutical ingredient for the antibiotic gentamicin; the FDA later received reports of 1,974 adverse reactions (including 49 deaths) in patients taking gentamicin.
- A synthetic chemical called oversulfated chondroitin sulfate (OSCS), which mimics some of heparin’s1 chemical properties but is less expensive to produce, entered a manufacturer’s international China-based heparin supply chain in 2007. According to the FDA, a number of deaths were “likely caused” by OSCS, with several more “possibly caused” by the adulterant. In the United States, 15 companies recalled at least 11 heparin drug products and 72 medical device products. The impact was not limited to the United States. Three Japanese companies issued recalls for heparin-based products, one company recalled heparinized saline in Australia, and regulators ordered withdrawals in Sweden and Switzerland.
- A factory in China mislabeled barrels of diethylene glycol, an industrial solvent used in antifreeze, as glycerin2. After passing through brokers in China and Spain, the mislabeled barrels were purchased by the Panamanian government and used to make an estimated 60,000 units of medicine. At least 100 patients died as a result.
- Criminals in Florida relabeled low-dose epoetin alfa3 as a higher-strength product. The counterfeit product passed through several intermediaries before a major chain pharmacy sold the drugs to patients. Investigators recovered less than 10% of the mislabeled medicine, meaning that more than 90,000 vials may have reached patients who received lower levels of therapy than they needed. (A similar case occurred in the United Kingdom, where a businessman received an eight-year prison sentence for selling counterfeit drugs that contained only 50-80% of the correct ingredients. About 25,000 packs of the counterfeit medicine infiltrated the supply chain, reached pharmacies, and were distributed to patients suffering from cancer and schizophrenia.)
Millions of patients around the world are treated every day with vital medicines that the pharmaceutical industry, collectively, provides. To safely and effectively accomplish this distribution task and ensure these vital medicines can be trusted by healthcare practitioners and patients, supply chains must be secure and reliable to deliver authentic products in acceptable conditions.
Choosing an External Supply Chain Partner: Factors to Consider
Understanding risk factors as they relate to vetting supply chain partners—domestically as well as internationally—is an important step in any supply chain risk assessment process. It is critically important to identify and rank, in order of importance, the risk factors that are of most concern/value in developing any proprietary external supply chain partner authentication program.
Below is a partial list of basic factors worthy of consideration. In the creation of a risk-based “matrix”, all of these factors should be influential in developing a relationship with a potential external supply chain partner:
- Company location—regional security threats
- Company history
- References/reputation, particularly with government-related regulatory agencies
- Documented standard operating procedures relative to supply chain practices
- Participation in established, governmental, secure supply chain programs
- A proprietary, internal auditing/review program
- A robust employee training program that is directly related to supply chain security
Hence, one of the most critical implementation components is to know, as thoroughly and completely as possible, who you are actually doing business with. Regarding in-transit security, modern-day federal government supply chain risk mitigation programs such as the US Customs Custom’s Trade Partnership Against Terrorism (C-TPAT), the FDA’s Secure Supply Chain Pilot Program, and the Transportation Security Administration’s Certified Cargo Screening Program (CCSP), are just three examples of government-driven in-transit risk mitigation efforts. They emphasize the need to fully understand and appreciate all the components of your supply chain—from supplier, to transporter, to those that might store your goods, all the way to those that would ultimately sell them.
Risk Mitigation Programs and Processes
For example, C-TPAT is a voluntary in-transit supply chain security program led by US Customs and Border Protection (CBP) and is focused on improving the security of private companies' supply chains. The program was launched in November 2001 (shortly after 9/11) with seven initial participants, all large US companies. Companies that achieve C-TPAT certification must have a documented process for determining and alleviating in-transit risks throughout their international supply chain—to include thorough knowledge of who they are doing business with.
This program has spurred mutual recognition agreements with foreign customs administrations that allow an exchange of information, also aiming to improve supply chain security. These signed documents indicate that security requirements, or standards of the foreign partnership program, as well as its validation procedures, are similar. The essential concept of a Mutual Recognition Agreement (MRA) is that C-TPAT and the foreign program are compatible in both theory and practice, so that one program will recognize the validation findings of the other program. A partial list of those foreign entities with which the United States has mutual recognition agreements includes:
- New Zealand Customs Service—Secure Export Scheme Program (SES), June 2007
- Canada Border Services Agency—Partners in Protection Program (PIP), June 2008
- Jordan Customs Department—Golden List Program (GLP), June 2007
- Japan Customs and Tariff Bureau—Authorized Economic Operator Program (AEO), June 2009
- Korean Customs Service—Authorized Economic Operator Program (AEO), June 2010
- European Union—Authorized Economic Operator Program (AEO), May 2012
When customs administrations offer tangible benefits to businesses that meet minimum security standards, as well as follow best practices, those businesses are known as “trusted traders”. This concept is internationally accepted and is entrenched in protocols like the World Customs Organization SAFE Framework. In North America, both US Customs and Border Protection (CBP) and the Canada Border Services Agency (CBSA) offer “trusted trader” programs.
In the US, CBP and the trade have been collaborating for some time to create a design for a holistic, integrated Trusted Trader Program. This approach will enable CBP to provide additional incentives to participating low-risk partners, while benefiting from additional efficiencies of managing both supply chain (C-TPAT) and compliance (Importer Self-Assessment, ISA) in one partnership program.
The lion’s share of the type of understanding necessary to trade with a trusted partner is most commonly obtained through an “auditing” process. Audits validate initiatives and ultimately add credibility to a program, particularly in the eyes of government regulatory agencies— in the case of the pharmaceutical industry, the likes of the FDA and Drug Enforcement Administration (DEA).
All vetting/assessment activity (audits) must be documented to add measurable legitimacy to the process. Once completed, an additional documented method of follow-up must be in place to ensure that the findings and recommendations rendered in the initial audit are shared among all interested parties and enacted as required. Much like in any quality assurance or quality control program, modern-day risk mitigation initiatives require the same type of management and process/document control to remain both valid and effective.
Within the security profession, quality assurance, quality control, and change control documentation have always been sorely lacking. No longer considered a “blue collar” profession, the modern-day security discipline focuses on documented accountability and, in corporate America, is routinely tied to such things as the assurance of supply chain integrity. The type of process scrutiny that is very typical in manufacturing activities is now just as important in supply chain risk mitigation.
Also critical to the successful implementation of any supply chain risk mitigation strategy is the endorsement of those who lead the company – in essence, top management. As with any leadership initiative, direction, support, guidance, and commitment must come from senior leadership for any risk mitigation program to be successful. For example, one requirement of the C-TPAT program is that there is an integrated and engaged upper management team to communicate a clear mandate within the organization. The management team is required to endorse the identification of risks, participate in decisions relative to strategies to mitigate those risks, as well as guarantee inprocess review and improvement.
The next most critical implementation component in any risk mitigation strategy is to have a documented plan to include a list of written program guidelines and operating procedures relating to supply chain security initiatives. Having a documented program helps to define objectives and aids in making them accountable, both to internal employees and to external supply chain partners. There are many such plan designs that currently exist within the pharmaceutical industry. Groups like Rx-360 have published free whitepapers relating to plans/procedures to enhance the security of the supply chain.
Intelligence sharing is another attribute that cannot be overlooked. No one in the pharmaceutical industry is alone in developing this type of supply chain partner vetting program. Organizations like Rx-360, the Pharmaceutical Security Institute (PSI), the National Biopharmaceutical Security Council (NBSC), and the Pharmaceutical Cargo Security Coalition (PCSC) all exist to help you add value to your vetting program design, as well as intelligence-gathering efforts.
Conclusion
Supply chain risk mitigation must always be viewed as an evolving process. For example, the Pharmaceutical Cargo Security Coalition views risk mitigation in essentially five (circular) steps: 1) conducting risk assessments, 2) assessing and quantifying all credible threats, 3) developing and implementing responses to those threats, 4) monitoring the results of those efforts, and 5) refining strategies. The most important part of this process, however, is that it must be performed over and over again, perpetually.
From prior experience in both law enforcement and the military, I have learned that those who desire to take advantage of and/or disrupt your supply chain are not static entities. When one method of disruption does not work, unethical and/or criminal groups will quickly move to another. As stewards of patient safety and security we, as an industry, must always be prepared to defend against such efforts.
If those illicit efforts are predictable, which they should be utilizing a credible, validated, supply chain partner validation program, then it only stands to reason that they are preventable.
Chuck Forsaith joined Purdue Pharma LP in 2001, after 21 years of service as both a New Hampshire municipal and State Police officer and also having formally directed security operations for a United States military installation. His responsibilities with Purdue Pharma include managing all domestic and international supply chain security efforts, as well as regulatory compliance with all Federal and International supply chain security programs. He also acts as the Chairman of the Pharmaceutical Cargo Security Coalition (PCSC), which consists of members from a wide variety of disciplines who monitor the security of pharmaceutical goods, in both transit and storage, all over the world.
He has lectured domestically and internationally in the disciplines of Pharmaceutical Supply Chain and Site Security for such organizations as the Federal Bureau of Investigation, the Food & Drug Administration, the Drug Enforcement Administration, the United States Department of Justice, United States Customs and the Department of Homeland Security.