In today’s regulatory environment, there is certainly no shortage of regulations that pertain directly to the pharmaceutical industry, especially when pharmaceutical products are being distributed internationally.

Elena L. Mack
VP, Quality and Innovation Systems, West Pharmaceutical Services, Inc.

For example, pharmaceuticals that are distributed in the United States are required to be in compliance with 21 CFR Part 211. Conformance to the Code of Federal Regulations is mandatory and is enforceable by the United States Food and Drug Administration (USFDA), and if not adhered to, can have serious implications.

This need for compliance, quality and safety provides a good rationale for pharmaceutical managers to consider ISO 9001:2015 certifications. Pharma companies strive to provide their customers with consistent, high quality goods and services and to ensure that their customers are satisfied.

The International Standards Organization (ISO) as a whole aims to ensure that products and services are safe as well as reliable by producing standards that can be incorporated into any organization — large or small, complex or simple in the nature of the products/services offered.  Certification to ISO 9001:2015 demonstrates that a specific set of criteria for the quality management system has been created, maintained and supported by top management. 2

Several elements of ISO 9001:2015 are already present in robust pharma quality systems included from regulations (domestic and international), regulatory guidance, best practices and industry expectations.

Therefore, the focus of this article will not be how to incorporate ISO 9001:2015 into a pharmaceutical organization’s quality system, but rather on supplier quality where ISO 9001:2015 plays an important role in setting a quality system standard for suppliers.

This standard is recognized internationally and numerous excipient and packaging component suppliers already possess the ISO 9001 certification, so updating to ISO 9001:2015 will be valuable.

While ISO 9001 certification is not required it is desired by pharmaceutical companies to ensure that suppliers possess a documented Quality Management System (QMS). To contrast with 21 CFR 211, ISO 9001:2015 certification entails audits performed by registrars that are qualified by an ISO governing body (direct fee paid for certification), while CGMP compliance is enforced (in the U.S. with fees paid via PDUFA (Prescription Drug User Fee Act) by the federal government (FDA).

The new revision of ISO 9001:2015 offers a number of benefits such as providing clarity, enhanced leadership involvement in the management system, risk-based thinking, simplified language, common structure and terms, as well as aligning QMS policy and objectives with the strategy of the organization.1 

However, the following should be the top five (5) areas of focus --not necessarily in order of importance — for the pharmaceutical industry’s suppliers that are certified to or at very least, claim conformance to (while pursuing certification) and when assessing their suppliers:

1.  Risk-based Thinking
2.  QMS
3.  Change
4.  Process Approach
5.  Leadership

Risk-based thinking is critical in every facet of business to achieve the best possible outcome.  This concept has always been present in ISO 9001, but is now more apparent in ISO 9001:2015, with additional emphasis on potential areas that would have a direct impact on the operation and overall performance of the QMS.

Additionally, risk-based thinking is incorporated in the overall management system, applying the process approach. There are requirements in the standard to determine its QMS process and identify/address its risks and opportunities, define responsibilities of top management to promote awareness of this concept-- and most importantly — determine and address risks and opportunities which can affect product/service conformity.

Risk-based thinking provides multiple benefits to an organization, such as improved governance and a proactive culture of improvement and compliance.3 

For a packaging supplier, if there was a single source identified for a critical material required for production, it would be the supplier’s responsibility to have that risk identified and a plan to mitigate such risk — for example, qualifying additional suppliers of said material. 

As a customer who relies on the packaging supplier, wouldn’t you want to ensure that analysis is performed to ensure there is a consistent, conforming supply of the components your organization requires to service the marketplace?

It is important to note that the standard does not require a formal risk management program, but in performing supplier assessments, it makes sense to explore what mechanisms they have and determine if they are acceptable to your organization. 

As an additional reference, ISO 31000 Risk management – Principles and guidelines may be a tool (not required for ISO 9001:2015 certification) when seeking a formalized risk management program.

The QMS requirement has always been in existence. Does more need to be said as a matter of importance? A quality management system must include strategic vision and full support by senior leadership.

In the 2015 edition of ISO 9001, Section 5 Leadership, 5.1.1, “Top management shall demonstrate leadership and commitment with respect to the quality management system …:”5 followed by ten (10) direct commitments to ensure that there is focus on support, management, continuous improvement, resourcing, communication and effectively integrating the requirements of the QMS into the organization’s business processes.

From a consumer perspective, senior leaders (not just those focused on quality) should be held accountable for the QMS and its outputs. When you are assessing your suppliers, it is critical to examine the objective evidence, which demonstrates top management commitment and dedication to the QMS.

In ISO 9001:2015, there are new requirements for change. Specifically, there are 4 — 6.3 Planning of changes, 8.1 Operational planning and control, 8.3.6 Design and development changes and 8.5.6 Control of changes

Once a QMS and processes are established in an organization, there may be changes necessary to mitigate risk as well as implement continuous improvement. The mechanism in which change is assessed and implemented must be “carried out in a planned and systematic manner”6 and consider several areas, including why the changes are being made and possible outcomes, how the QMS may be affected, as well as how this change will be resourced appropriately6.

In the pharma industry’s quality systems, these stipulations (as well as several others) are already incorporated, however, for some businesses this may be a new way of working. In many change control processes, an interesting consideration is the potential for “unintended consequences” that result from the change being implemented.

The process approach integrates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking to enable an organization to plan its processes and their interactions. Simply stated as per the standard, the PDCA cycle allows an organization to ensure that its processes have sufficient (managed) resources and opportunities for improvement are identified and resolved5.

Many organizations across all industries focus on structured, documented processes and strict compliance to appropriate standards, but sometimes a very critical element is stated, but yet not practiced holistically.  Alas, that is not management per se, but leadership. 

As noted previously, top management has a defined set of responsibilities for the QMS.  Evidence of those responsibilities must be present. How that is documented or demonstrated by objective evidence remains the organization’s decision, but there must be evidence of this being accomplished. The increased responsibilities of leadership are not only the responsibility of quality management, but top management.

Although every day we live in the world of regulations, which govern the manufacturing and distribution of pharmaceutical products, attention should be given to ISO 9001:2015, with particular emphasis on presence/absence of certification as well as how your suppliers demonstrate adherence.

The goal is the same for both supplier and industry — customer satisfaction, and consistent, conforming (quality) goods and/or services.Visit for more information on ISO 9001:2015, visit ASQ Quality Management Standards.


1 Implementation Guidance for ISO 9001:2015.  International Organization for Standardization.
2 What are the benefits of ISO International
3 ISO 9001:2015 Risk-based thinking.  ISO/TC 176/SC 2/N1283
4 The Process Approach in ISO 9001:2015.  International Organization for Standardization
5 ISO 9001:2015 Quality management systems – Requirements
6 How Change is addressed within ISO 90014:2015.  International Organization for Standardization.

About the author: In addition to her role at West, Elena Mack is Chair, American Society for Quality, Food, Drug & Cosmetic Division.