We interviewed DocXellent's resident quality audit expert and Chief Technology Officer, Tom Tassias, to learn from his extensive experience with third-party audits and get his insight into how companies can optimize their audit process to improve quality and compliance.
About Tom Tassias
Tom Tassias has more than twenty years of experience creating and delivering innovative, industry-leading software solutions. In his thirteen-year career with DocXellent, Tom has been a thought leader and change champion in the establishment of the ENSUR suite of products and services, which now helps companies worldwide drive efficiency and compliance in a multitude of critical business functions, including packaging specification management.
Tom is an expert in every aspect of the software development lifecycle and quality practices, leading the establishment of a 21 CFR Part 11 GAMP 5 compliant quality assurance program that has enabled DocXellent to become a premier provider of Cloud-based hosting services for all companies, including those in highly compliant or regulated industries.
The Interview
How many years of experience do you have with audits?
About 25 years between DocXellent and my prior employment with Pfizer.
What types of audits have you completed?
I have been the primary point of contact (or trained and mentored primary points of contacts) for audits from customers and prospects, as well as external 3rd party agencies and internally sponsored audits. I have also participated in a supplemental support capacity during FDA audits.
Do quality audits apply to my company?
Absolutely! If you sell your products in commercial sectors and haven’t yet been audited by your customers, consider yourself lucky, but buckle up. It’s coming.
Quality and security audits are frequently conducted by prospects and customers alike. Prospects often like to conduct audits as a prerequisite of purchase for assurances that you have controls in place to create quality products. Existing customers may conduct audits as a condition of continuing due diligence for vendor assessment and risk management processes.
However, even if your company is not being regularly audited by external parties, there is much that can be gained by sponsoring your own audits. The process of undergoing an audit is insightful; it is one of the best forms of continuous improvement. This could simply involve periodic inspections of your processes and work outputs from internal subject matter experts, or it may be an external expert that you contract.
What is the purpose of a quality audit?
Simply put, the purpose of an audit is to define how you work and to prove that you do what you say.
Auditors want to make sure you have well thought out, thoroughly defined policies and procedures for how you operate rather than shooting from the hip in true Wild West fashion. Audits seek to prove that you are capable of consistently producing quality products with coverage for all topics typically required by quality frameworks. The auditor is representing a company that wants to become (or remain) your business partner. So, they want to be sure that your company is solvent and your future with them is viable, not risky.
How long do audits take?
The duration of an audit is very much dependent on the type of audit being performed, how critical your system is to business operations or information security, and how prepared you are for the audit.
Interviews
Interview style audits will vary depending on rigidity of the company’s audit procedures, auditor styles / preferences and frankly, how much “stuff” you have for them to look at. Quantity of auditable content is a difficult balance. When you have less for an auditor to learn about and inspect, the audit report tends to contain more large-topic findings that can take quite a bit of time and effort to remediate. This is the inevitable curve of grown and maturity with your Quality process. Once you have a mature and robust process, the audit will take longer, but (hopefully) the findings are less consequential.
You can expect interview audits to range anywhere from 1 day to a week or more. In our experience at DocXellent, a “typical” Interview audit is 2 days, with the most through and exhaustive being 5 days.
Web Systems, Surveys, and Questionnaires
They range anywhere from a couple dozen questions to hundreds of questions. While they tend to be a lot of work, there’s really no prep time needed. You can use this opportunity to test your material, evidence, and readiness. Clearly, you need to provide responses in accordance with the scope of the questions and own up to any shortcomings, but informally, you can spot the close calls; the shot across the bow that could have been a direct hit. This allows you to create your own internal assessment of how you scored on the audit to shape your continuous improvement planning.
If you have experienced the “joy” of interview audits, these types of audits are a welcome gift when they hit your desk! They are done asynchronously at your own pace; while they will come with a requested due date, you can take the time needed to research company material, confer with colleagues, and affirm your responses without having an auditor sitting across the table with pen expecting to take what you say as authoritative gospel.
Download Tom's full interview below to learn more of his expert tips on Quality Audit Best Practices, including:
- Types of 3rd party quality audit formats you can expect
- Who from your company should be involved in a quality audit
- How best to prepare for a quality audit
- Tips for performing well during a 3rd party quality audit
- What happens after the audit is complete
- Lessons learned and best practices for quality audits