Xendo - Office

Who we are

Xendo is a leading consultancy and project management organisation in the fields of (bio)pharmaceutical products, medical devices, and healthcare. Thanks to our multi-disciplinary, knowledge-driven approach, Xendo can deliver a broad palette of services to the life sciences industry, applying the right colour to projects we participate in. For over 25 years we have successfully completed thousands of national and international assignments for start-ups as well as for the largest, established multinational companies and organisations. Over 230 experienced and highly educated professionals offer their expertise ranging from strategic advice and project management to auditing, operational support, and training; providing a full-colour spectrum.

Our clients

The spectrum of our fields of expertise is as broad as the range of clients we work for, enabling us to cater to the varied needs and wishes of the Life Science industry. We bring our palette of services to companies, ranging from start-ups to multi-national organizations, to provide them with robust solutions. Whether they are a (bio)pharmaceutical or medical device company, a hospital or a pharmacy, a manufacturer or a laboratory, we match their colour.

Read more

#Medical Device Regulation: 4 Steps to prepare your clinical evidence

It’s been looming for a while now: the new MDR. There’s been a lot of talk about how it will affect companies in different ways. For instance, we wrote this blog on “why it’s a good plan to start preparing because otherwise, it’ll probably cost you money in the end”. From this point onwards, we will be sharing blogs on specific topics to help you prepare.

In this one, we will provide you with some strategies to prepare for the increased need for clinical data & evidence to CE mark your device. So let’s get started:

Initiation of the increased requirements for clinical evidence was actually already initiated with the last revisions of the MEDDEV guidance documents with the MDD still being in place. The further increase in the number of articles referring to clinical evidence in the MDR illustrates this huge increase of focus:

  • the MDD mentions clinical investigations in 1 article
  • the MDR has 12 articles on pre CE marking activities and 10 on post-CE-marking activities regarding clinical evidence.

Medical Device Regulation (MDR)

Medical Device Directive (MDD)





And associated annexes XIV, XV

Article 15 with reference to Annex X: clinical evaluation requirements


The increase in requirements for clinical evidence is also visible in the behavior of the Notified bodies. When manufacturers currently submit their technical files for obtaining the CE mark, they already experience that the need for more robust clinical evidence is requested. More importantly, manufacturers also experience the increased need for clinical evidence during re-certification of their device. Examples are already available about manufacturers that aren’t granted prolongation of the CE mark on their device with the result that it has to be withdrawn from the market. These examples are not limited to small start-up companies or to high-risk class devices: there are also established companies that were faced with no prolongation of certification until they were able to provide the necessary clinical evidence. Moreover, there are examples of low-risk class devices that lost their CE mark too.

It can even be that manufacturers with low-risk devices are more at risk regarding the extension of the CE mark because the gap been new requirements and the available clinical evidence might be bigger than for high-risk, class III, devices.


All currently certified Medical Devices must be re-certified in accordance with these new requirements. Because certification might be for a period of 3 years, the result is that a device that is CE marked just before May 2020 under the MDD may bear the CE mark for the next 3 years up to 2023. However, the MDR implies that PMS activities (Chapter VII) apply in full force as of May 2020. That means that when the PMS activities show that the clinical data is not sufficient your medical device needs a design change (or change in Instructions For Use) or is at risk for losing its CE mark. Also, the new MDR does not allow for grandfathering meaning that products that are currently on the market will not automatically be approved to stay on the market.

So what steps do MD companies need to undertake?


First, companies are well advised to perform an analysis of their current clinical evidence (Clinical Evaluation Report) in reference to the MDR. Three likely outcomes could be:

  • All is fine, ‘no worries’.
  • Major issues meaning there’s a lot of work and you should start rather sooner than later
  • So many issues that you consider discontinuing your product and withdraw it.

This implies that companies with products on the market within the European Union who find themselves in the second category will need to come up with a transition plan to be compliant with these new rules and they have until May 25th, 2020 to do so. In a previous blog, we already explained the options and respective consequences (MDD -> MDR) suggesting that action should be taken in a timely fashion.


Based on the assessment outcome, a clinical strategy proves to be very useful. The clinical evaluation plays a central role in this process. The MDR describes that the process is started with a clinical evaluation plan during the development process of the product. During this phase of the products life cycle, the clinical evaluation used to be finalized and included in the submission package to the NB, under the MDD. Under the MDR, the process of clinical evaluation continues during the life cycle of the product, and depending on the risk class of the product, needs to be updated regularly. E.g. for class IIB and III, this needs to be done annually, even when your device is CE marked under the MDD as described above.

We could identify several main options depending on the extent of the necessary upgrade. The clinical evaluation report needs updating:

  • An update of literature data (together with vigilance) seems to be sufficient
  • An update of literature data alone is insufficient:
    • Clinical data needs to be collected via a clinical investigation
    • Clinical data needs to be collected via Medical Device Vigilance (article 87 and 88) and PMCF (Annex III - 1.1 - b)


To extend the clinical data or evidence, you can perform an investigation or post-market follow up study (PMCF). In case you are considering to extend the intended use, this might be the best moment to start a clinical investigation. It will help you to increase the clinical evidence but also broaden the intended use at the same time. If you only need to increase the clinical data, a PMCF might be more applicable and cost-effective.


As a manufacturer of CE marked products, you should carefully plan to ensure that the most efficient solution for meeting the requirements for clinical evidence is found and implemented in time. You do not want to lose your CE certificate and thereby access to the marked and your revenue. A timely upgrade of your clinical evaluation to meeting the MDR requirements will lead to the highest chances for success. It will also help you to identify if additional actions are required to collect the clinical evidence.


Wrapping up we’d like to emphasize that it all boils down to timing from this points onwards, Beware that the deadline of May 2020 is less than two years away. Being aware of the upgrade requirements for your medical device assures business continuity.


  1. Assess your current clinical evidence
  2. Set up a clinical strategy accordingly
  3. Perform additional clinical studies if needed
  4. Plan your improvements

If you would like some more specific information on the clinical strategy in line with the regulatory requirements, do not hesitate to leave us a message.

Blog by: Jan Bart Hak

Read more


You have built a fantastic Excel sheet and successfully finalized the validation. However, are you able to use/operate your Excel sheet and keep its flexibility and familiarity that comes with it up to date as well? In addition, preferably without suffering from validation chaos? In this blog, we’ll explain how to do just that.

“No matter the popularity of spreadsheets, when used improperly or incorrectly, or without sufficient control, spreadsheets pose a greater threat to your business than almost anything you can imagine.” – Phillip Howard, Boor Research

First off, is your Excel sheet validated already? If not, you might want to start out by reading our previous blog:

 #6 Quick Tips About Excel Sheet Validation

After you have finished this one you want to ask yourself the following questions:

  • Are you confident with the fact that your Excel sheet is validated?
  • Have you already created your User Requirement Specifications and performed your Installation and Operation Qualification?
  • Is your Excel Sheet Validation Report already approved?

Thinking about these questions, make sure that your validation documentation is complete and covers all applicable regulations and guidelines. As soon as this is accomplished, your Excel sheet is ready for deployment and ready for its operational phase.

1. QMS Documentation

First, make sure that all necessary QMS (Quality Management System) documentation for the maintenance of the Excel sheet is present and up to date such as Incident Management, Audit Trail Review, Periodic Review, etc. The frequency for the periodic evaluation of these procedures should be determined based on a Risk Assessment.

2. Inventory list

Additionally, an inventory list may provide you with a clear overview of all your Excel sheets. Your inventory list may contain:

  • Spreadsheet name and number
  • Current version
  • Area(s) where used
  • Spreadsheet Owner
  • Location of the template

By noting down these items the list will help you to keep track which Excel sheets have been validated, where they are being used, and for what.

3. Infrastructure

Is your Infrastructure qualified and in a state of control that would satisfy your Excel sheet validation? Once the validated Excel sheet is in its operational phase, all records and evidence produced to meet the regulatory requirements must be stored and/or archived over the entire lifecycle of a product, often over decades. Therefore, it is always good to think about the building of your infrastructure and check if it can provide a huge amount of data e.g on a daily basis.

4. Implementation

Now you can start implementing your Excel Sheet. To achieve that, follow your deployment procedure and make sure that your validated and approved Excel spreadsheet has been released properly. Store your template and the data entered into the spreadsheet in a secure location with access limited to selected authorized users. If your site policy requires storage of an electronic copy of the Excel sheet application file, the file should be stored under a new name in a designated area on the server.

5. Operational reliability & Training

To be able to demonstrate (to inspectors and auditors) that your Excel sheet is always in compliance during its operation you may need to have in place:

To be able to demonstrate (to inspectors and auditors) that your Excel sheet is always in compliance during its operation you may need to have in place:

I. A User Administration Procedure which should include:

  • Access/security levels available for the Excel sheet
  • How to change user roles and rights

II. A User Work Instruction which should provide information about:

  • How to operate the spreadsheet
  • Where and what kind of data should be entered
  • How to process your final results

III. Training

  • You should be able to provide a documented evidence that all appropriate employees are adequately trained

6. Traceability, Changes Management & Inspections

Even a perfectly validated Excel sheet needs changes from time to time, for example, due to changes in your working method. You should always document all changes made in the Excel sheet, as part of the change control, and keep track of these changes using version numbers. This ensures that each version is easily referenced and traced. Never delete older Excel sheet versions. Old versions should be decommissioned and stored separately from the active ones. This is important for tracking changes, mistakes, etc. and is a major point to regulatory authorities during their inspections and audits. The inventory list may help you to keep track of traceability of all changes performed on the Excel sheet.

7. Risk management & Re-Validation

Is it necessary to re-validate the Excel Sheet after a change has been performed? When and what do you need to re-validate?

In general, any change performed on a validated Excel sheet template may cause a significant harm, especially during operation and maintenance. In order to be able to analyze possible impacts on Patient Safety, Product Quality and Data Integrity, you should perform a detailed Risk Assessment as well as intensive validation support to maintain compliance and to recover the validated status. A risk-based approach helps you to define which parameters of the application are critical and reduce their risk to the minimum. The result will help you to define your validation effort. If the risk assessment determines that the change is minor or does not affect the spreadsheet requirements, only limited testing, focused on the affected system object, would be required to demonstrate that the system has maintained its validated state. Major changes will require additional re-validation and critical changes could trigger and demand an entire re-validation of the Excel sheet.


It doesn't matter whether your Excel sheets are used for the administration of production equipment, recording and graphical presentation of cleanroom monitoring data or for conducting statistical analyses in quality assurance. Once these activities are related to GMP requirements, your Excel sheets need to be validated and will most likely draw the attention of any inspector and/or auditor. In consequence, regulatory requirements must be met in a reliable way during and after validation while the effort is kept within limits.

So, wrapping up here’s the list key points to look into when developing, validating and maintaining your own Excel sheets for GxP environments:

  1. Availability of all QMS & Validation documentation following GAMP (Good Automated Manufacturing Practice)
  2. Creating an inventory of all your Excel sheets
  3. Building a secure infrastructure
  4. Reliable Excel sheet implementation
  5. Operational reliability & Training to users
  6. Traceability & Change management, and inspection readiness
  7. Risk Management & Re-validation

Keep in mind that this blog isn’t meant to be exhaustive and we encourage you to contact us if you have any remaining questions!

Blog by: Silviya Della Chiave

NEW: We invite companies who are looking for an efficient way to validate their Excel sheets in an optimal way. You provide the necessary information and we'll provide you with a compliant sheet. Check it out!

Read more

#GDPR & Pharmacovigilance: What's changing?

Today, 25 May 2018, the new General Data Protection Regulation (GDPR) 2016/679 came into force in the European Union, replacing Directive 95/46/EC. The GDPR regulates "the protection of natural persons with respect to the processing of personal data" (Art. 1), insofar as this takes place in the context of the activity of a branch in the EU (irrespective of whether the processing takes place in the EU) or itself the persons concerned are in the EU (see Art. 3). At the same time with the GDPR, an adapted Federal Data Protection Act (BDSG-new) came into force in Germany, which should take into account the new GDPR.

Beforehand, the debate on the new laws has already been heated up by highlighting possible sanctions: companies risk dramatic fines of up to four percent of last year's sales or EUR 20 million if they fail to comply with the new data protection rules. How serious are the changes at all, and what is actually changing within the pharmacovigilance practice? Let’s have a look at four essential areas of the pharmacovigilance practice:

  • Processing of assignments
  • Documentation of processes
  • Reporting of adverse events
  • Clinical Studies andMedical Information Service 

1. Processing of assignments

If personal data is to be processed by a service provider, the qualification of the contracting party must be checked before the processing of an assignment is made and a written processing contract (Data processing Agreement) must be concluded in accordance with Art. 28 GDPR. The qualification is assessed by reviewing the technical and organizational measures and their documentation by examining certificates or similar evidence that can serve as guarantees (see Art. 32 GDPR). In the case of subcontractors, they are subject to the same data protection obligations arising from the contract between the service provider and the responsible entrepreneur (see Art. 28 GDPR). For the pharmacovigilance practice, this means adapting the contracts with clients and subcontractors according to the standards of the new legal requirements.

2. Documentation of processes

According to Art. 9 and 30 GDPR, the processing of personal health data is subject to specific regulations. All data processing activities must be recorded. The record may be kept in writing or electronically and must be provided to the supervisory authorities on request. The GDPR also suggests documenting the action of each data processing operation as well as the data protection compliance measures (see Art. 5 and 24 GDPR). Other new requirements for the processing of personal health data are the data protection impact assessment prior to the start of the data processing (see Art. 35 GDPR) and the reporting requirements of data breaches within 72 hours (see Art. 33 u. GDPR 37). The appointment of a data protection officer is obligatory (see Art. 37 GDPR). For the pharmacovigilance practice, these aspects lead to a slightly higher documentary effort.

3. Reporting of adverse events

The GDPR demands numerous new information obligations to data subjects regarding affected persons: Precise specification of the legal basis for data collection, duration of data storage, naming the responsible person for data collection, name and contact details of the data protection officer, information on the right to complain, information on data transfer to third countries, if applicable (see Art. 12, 13 and 14 GDPR). The basis of adverse event reports is personal data of the affected patients and the reporting persons (physicians, pharmacists, patients).

The German Association of Research-Based Pharmaceutical Companies (vfa) has already criticized a draft of the BDSG-new due to prospective excessive bureaucratic effort and the lack of flexibility in the pharmacovigilance practice: "The obtaining of a data protection consent form is in a variety of cases of the survey of adverse events practically unrealistic, since patients' health and the drug safety must first and foremost be a focus at these moments "(vfa statement 01.02.2017). However, a positive change in the legislative amendment for pharmacovigilance activities should be highlighted: Art. 9 GDPR and its adaptation in § 22 of the BDSG-new set up the legal basis to transfer personal data without the consent of the person concerned in order to ensure high safety standards in health care and for medical products.

The new legal situation can be interpreted in such a way that in individual cases a post-marketing service provider may be allowed to process personal health data, even if, for example, a person reporting a serious adverse event explicitly disagrees on that.

4. Clinical Studies and Medical Information Service

Personal health data are relevant in pharmacovigilance, especially in the context of clinical trials and the Medical Information Service. The scope of the data collection is a further critical aspect of pharmacovigilance practice in addition to the obligation to provide a huge amount of information about processed data to the affected person (information obligation). The pseudonymisation of patient data to a minimum, which is regulated in Art. 4 and 12 GDPR, could lead to multiple reports of the same case of adverse reactions and impair the quality of drug safety (see also vfa statement 01.02.2017).

An adaptation of the German Medicinal Products Act (AMG), which is planned for this legislative period, may be able to eliminate such legal uncertainties.

For the Medical Information Service, the information obligation regarding affected persons means that persons requesting medical information (e. g. patients, pharmacists, physicians) have to be instructed by the service provider (information giver) more extensively than before about their rights.


The consequences of the GDPR (and BDSG-new) lead to a higher amount of work for pharmacovigilance in the processing of assignments, the documentation of processes, the reporting of adverse events as well as in clinical studies, and in regard with the Medical Information Service. In individual cases, excessive bureaucracy and lack of flexibility in the pharmacovigilance practice are criticized. Overall, the changes to the legal requirements do not have a major impact on pharmacovigilance activities.

Read more

#Join the 1-day Expanded Bed Adsorption Chromatography Symposium


Simulated moving bed (SMB) chromatography technology is a continuous mode of adsorption with enhanced separation efficiency and productivity. The countercurrent effect of this technology also results in improved purity, reduced resin, and buffer requirement. Currently, as a part of the EU subsidized Horizon 2020 project PRODIAS, Xendo gained extensive knowledge of applications and innovation of SMB technology in both packed bed and expanded bed adsorption (EBA) modes.


As a technology developer, we share the vision to not only address new challenges but also to create a platform to share knowledge that can trigger both the industrial and academic world towards practical, efficient and sustainable process solutions. Through this symposium, we would like to bring together experts from different sectors to communicate state of the art knowledge on adsorption based technologies like EBA and SMB. After the talks, we aim to conclude the symposium with a priority list of opportunities to drive future implementations and innovations. 
The talks are driven by following key attributes while focused on EBA and/or SMB technologies:

  • Efficiency
  • Operability
  • Scalability
  • Purity requirements
  • Costs

Approved delegates will be provided with registration details for the symposium and enjoy a complimentary networking dinner and full accommodation.

Preliminary program

Have a look at the preliminary program!

Data and location

27th June 2018, Castle Oud Poelgeest, Oegstgeest (close to Leiden), The Netherlands

Register here!

Read more

#FMD: 4 Considerations when planning regulatory submissions

As the deadline for the implementation of the safety features stipulated by the Falsified Medicines Directive (Directive 2011/62/EU) approaches, marketing authorisation holders (MAHs) should have long started preparing for the introduction of the unique identifier (UI), a two-dimensional barcode, and anti-tampering device (ATD) on the outer packaging of their medicinal products. So let’s have a look at the regulatory implications.

By 9 February 2019, all prescription-only medicines, except for those listed in Annex I of Commission Delegated Regulation (EU) 2016/161, and the non-prescription medicines as per Annex II of the same Regulation must bear the safety features for the purpose of authentication, identification, and verification that the packaging has not been tampered with.

The European Medicines Agency (EMA) and Heads of Medicines Agencies (CMDh) have already provided guidance on how to introduce the safety features and the impact thereof on the marketing authorisation dossiers for centrally and nationally (including MRP and DCP) authorised products, respectively. Additional information can also be found on the website of the individual Member States.

This blog post summarises the regulatory requirements for the implementation of the UI and ATD and offers several points regarding the planning of submission that you want to consider.



In order to facilitate the introduction of the unique identifier (UI), the Quality Review of Documents (QRD) template has been revised to include standard statements in sections 17 and 18 of the labelling of the (outer) packaging. The use of the revised QRD template has been mandatory for ongoing and new marketing authorisation applications since April 2016.

For existing marketing authorisations, any upcoming regulatory procedures affecting the product information should be used. Such procedures may be renewals, line extensions, type IA, type IB or type II variations. The use of a type IA variation to add the standard statements on the UI is only acceptable if there are no other changes to the QRD template. If no regulatory procedures affecting the product information are planned prior to the implementation deadline, an Article 61(3) notification should then be submitted.



As the anti-tampering device (ATD) is to be placed on the outer packaging, it is expected that its implementation will not have any impact on the product information. Should there be no outer packaging, the ATD has to be placed on the immediate packaging. In this case, if it affects the container closure system, the dossier has to be updated and a variation submitted. However, if the placing of the ATD on the immediate packaging does not have any impact on the container closure system, no regulatory action will be necessary. It should be noted that an Article 61(3) notification should be submitted if the ATD interferes with the readability of the information on the immediate packaging.



  • As type IB and type II variations require prior approval and Article 61(3) notifications need to be concluded before the deadline of 9 February 2019, these submissions should be carefully planned, taking into account the timeline of each regulatory procedure.

  • Considering that type IA variations are “do and tell”, they do not need to be submitted before the deadline for the implementation of the safety features, provided that only the standard statements on the UI are added to the labelling. You could consider to group type IA variations across marketing authorisations.

  • Separate variation applications may be needed for the inclusion of the standard statements on the UI and the update of the dossier for the implementation of the ATD, making the planning of the submissions more complex.

  • A few Member States (Belgium, Greece and Italy) already have a national system for the identification of medicinal products in place. They are allowed to apply a longer transitional period for the implementation of the safety features (Belgium has officially agreed to not use this option). These Member States should be consulted for advice in case of an MRP or DCP due to the disharmonisation of the product information during the transitional period.


This list is not exhaustive but can form a general basis for your planning. Since the requirement to implement the safety features can affect the entire portfolio of a company, strategic decisions need to be taken for the efficient and timely handling of the regulatory submissions to ensure compliance with the provisions of the Falsified Medicines Directive and the Delegated Regulation.

Blog by: Tin Choi Lam

Read more

#6 Quick tips to ensure data integrity in a digital clinical trial

While clinical trials used to be predominantly paper-based, technology is taking over the management of clinical trial data. Nowadays we often make use of electronic patient diaries, Case Report Forms and Trial Master Files. Investigational sites have started to maintain their medical records electronically. Even the electronic Patient Informed Consent Form is on the rise.
Digitalisation has certainly introduced more efficiency and better insight into clinical trial data, but it has also brought new challenges. How do we ensure that trial data and results are and remain reliable? How do we deal with a mixture of paper and electronic records, and/or a combination of different systems? This blog gives insight in some of those challenges with references to the recently adopted ICH E6 (R2) guideline for Good Clinical Practice (GCP).

  1. Make sure you define the location of essential documents including source records
    With the use of many different paper and electronic systems, it can be difficult to keep track on the location of study-related data. Data could be recorded and retained by different departments.

    A documented overview of the location of all essential documents, including source records, can be very useful. This can be done in a list and in a visual overview of connected systems and data storage created during a data mapping assessment. The maintenance of a record of trial document location(s) is now required for Sponsors and investigational sites per revised ICH E6 (R2) (section 8.1).

  2. Source records should be reliable and available
    A growing number of investigational sites are using electronic medical records (EMRs). There are many different systems and they are not always meeting the expectations as laid down in the GCP guideline. While ICH E6 (R2) details requirements for study and source records, it is not always easy to translate those into requirements for EMRs.

    A checklist helps the monitor / investigational site to assess any site- or hospital-specific electronic systems that are used for clinical trials against GCP. This can certainly avoid issues later on. Since this evaluation is also IT-specific, a standard questionnaire could be prepared for completion by the investigator and the site’s IT department. Different health authorities, such as the European Medicines Agency (EMA) and the UK Medicines & Healthcare products Regulatory Agency (MHRA), have provided useful guidance on risks of and expectations for EMRs, which can be used as a reference.

  3. Investigators should have control of and access to data generated by the investigational site
    Paper (copies of) completed CRFs, patient diaries and questionnaires used to be retained at the investigational site. Nowadays, most Sponsors make use of electronic versions, which are completed and retained online. In the opinion of Health Authorities, this often has resulted in Sponsors taking over control of data generated and/or reported by investigational sites or study patients.

    ICH E6 (R2) (section 8.1) now includes an explicit requirement that investigators should have control of and continuous access to records generated or reported by their investigational site. This means that in the selection and set-up of clinical trial solutions, such as eCRFs and ePRO/eCOA, Sponsors should consider options to allow investigators to control their own data, e.g. by building in options to retain a local copy of the data they have submitted to the Sponsor.

  4. Clinical trial solutions are provided by (many) different vendors
    There is a wealth of new and innovative clinical trial solutions on the market. They can build efficiency in the conduct and analysis of studies and save costs. It might be tempting to select these systems just on price and convenience. However, systems may have hidden costs. Inadequate system set-up and validation can lead to data integrity issues and unavailable systems and data.

    ICH E6 (R2) 5.5.3 provides now further detailed expectations for proper handling of electronic study data and systems, which includes, system validation and functionality testing, data collection and handling, system maintenance, system security measures, change control, data backup, recovery, contingency planning, and decommissioning. These processes are time- and cost-consuming and require IT specialists with GCP-specific knowledge. What is the support the vendor can provide in system validation? Which efforts should the Sponsor take before a system can be used? This should all be considered during selection of clinical trial solutions.

  5. All data (and metadata) should be retained, archived and available for inspection
    Study record retention requirements as defined in ICH E6 (R2) 5.5.11, but also as required by EU and country-specific legislation, obviously do not only apply to paper, but also to electronic records, including metadata (e.g. audit trail or applied signatures). While storage, archiving and accessibility of data is relatively straightforward for paper records, secured storage of electronic records requires more efforts.
    How (in which format?) and where are records stored? Are data stored in the cloud? Where are the data centres? What about system security? Is data (in the original format, i.e. including metadata) still accessible after a system is retired? Considerations for electronic record archiving should start at vendor selection and could finally be a reason for not selecting a particular vendor.

  6. Transfer of data through different systems may pose the integrity of the clinical study at risk
    So far, we have considered systems as separate entities. However, this is not how it works in most clinical trials. All systems used for one clinical trial are integrated into one (trial-specific) electronic platform, in which data may be processed and transferred from one system to another. At the end of the day, all clinical trial data should end up in one clinical database. By that time these data should still be complete and fully reliable for biostatistical analysis and development of the clinical study report.

    To ensure a continuously proper working electronic platform and a reliable exchange of data between the different systems, potential risks should be identified before the start of the trial. Data mapping will help you to visualise how trial data are being exchanged between systems and where potential risks or gaps exist.

    Before a trial-specific platform can be used, all interfaces with the data generating and processing systems have to be tested. This should be part of the validation of the platform and the systems included. Such validation should ensure that the integrity of the data continues to be ensured, even though they have undergone processing and transfer.

This blog described six important challenges you may face with the digitalisation of clinical trials. This is not an exhaustive list of issues you may encounter in a digital clinical trial. Think of, for example, the challenges you can face with the introduction of an electronic Trial Master File or the collection (and retention) of patient data in electronic patient diaries and questionnaires (ePRO/eCOA). Though we haven’t described all of them here, we can share additional information on them upon request.

This blog made clear that the use of more and different electronic systems results in a need for additional efforts to ensure the integrity of a trial. However, digitalisation of clinical trials also introduces many opportunities. It does not only allow you to run a trial more efficiently, it also allows you to gain better insight in the data collected in a trial and as such may even increase the quality of the trial conduct, with fewer resources.
It is clear that the digital clinical trial evolution has not yet come to an end. Next to the expansion and improvement of existing electronic systems, the application of other solutions to make the execution of clinical trials more effective and efficient, such as mobile apps and wearable devices, are expected to become more present in clinical research.

Blog by: Henrieke de Bie

If you would like to learn more about this subject, have a look at a blog that focuses on data integrity and Quality Management System compliance:
Data integrity: 5 ways to be GxP compliant.

Read more

#Lean Six Sigma Value Stream Mapping (Theory + Case)

You may wonder what all the flows and diagrams are about. It’s a value stream map! In Lean Six Sigma, we really love putting these down on flipcharts and post-its. For a good reason though; it promotes cherry picking.

The theory

Value stream mapping is one of the most-used Lean Six Sigma tools. It’s the process where a representative supply chain from supplier to customer is mapped. This is done in close cooperation with stakeholders such as Production, QA, Logistics, and Planning. Data on the process, like process steps, lead time, waiting time, inventory, # of operators, is collected and presented in visually.

Based on this map, you select projects that you think will offer the highest added value. Basically, it assists you and your company in selecting the best improvement projects. In addition, it results in a concrete understanding of all key stakeholders how everyone’s tasks and responsibilities interrelate with those of others. Value stream mapping has two main elements: preparation and data collection.

Preparation is everything.

Having a sponsor in place and with whom you agree upon the scope of the value stream mapping and who should participate in it.

Tip: Don’t step head over heels into a complex issue.

Start with a small process first, a simple and stable, preferably one product, and later on you may extend to other products and customers. It’ll probably be an eye-opener how many opportunities for improvement you can identify. Might even turn out that the process isn’t as stable as you thought it to be. Some examples of good starters for pharmaceutical companies are:

  • Bulk tableting (or filling vials), packing and shipping to customers
  • Receipt of goods, storage, order picking and shipment
  • Ready-to-use preparation of medication at hospital pharmacies

Next step: collecting data.

This may be a cumbersome task. If you collect too much, your team may be pretty critical. And if you collect too little you’ll probably encounter the same problem. So, what kind of data are we looking for? Remember that the objective of a value stream mapping is identifying waste and determining where in the process an improvement is most effective. It is after all, not for the sake of collecting data and making impressive charts (and putting them on flip-charts). It’s usually best to go out and actually observe together with your team what’s going on in your processes. Some examples to get you started:

  • Cycle time –time needed to do something in a process, e.g. vial filling and packing
  • Lead time –total time needed for a process, including waiting time as well (which is waste in lean)
  • Metrics like the number of people involved, shifts, transportation distance, and type of equipment, etc

The case


One of our customers requested us to do a mapping of one of their production processes. They chose a process which they considered to be pretty much stable. The team consisted of more than 10 people from production (media preparation, drug substance, drug product and packing), logistics, warehousing QC and QA.


First of all, all process steps were mapped, from the receiving of materials until their shipment to customers. Based on this map, we decided what data to collect.


After the data collection, the first job was to “validate” the data. A critical step, to make sure that your decisions are data-driven rather than subjective thought like: “I really think that…”, “I believe that...”, “I strongly feel that…” etc. Decisions based on the latter aren’t usually the most constructive kind.


Next up, we had brainstorm sessions for each of the steps we determined, e.g. for drug substance preparation:

  • What/who are: supplier, input, process, output, customer (in lean: a SIPOC)?
  • Which step is rate limiting?
  • Where is the waste in the process (in lean: TIMWOOD – transport-inventory-motion-waiting-overprocessing-overproduction-defects)
  • What are the top 3 improvements we can identify?

Tip: Organise a kaizen for validating the data with the team and determine where to improve.

Together, we collected our top 3 improvements and voted for a final list of priorities and actions to be improved upon.  And you may expect this from a lean fanatic, like me. But what did the team say?

“Very positive:  can only become better”

“Brings a lot”

“Nicely shows the interactions”

“Excellent overview of the specific supply chain”

 “Working together”


Finally, we presented the whole workshop planning, process, and outcome to senior management, by showing them around in the meeting room filled with flip charts.

So, what did it show? A lot! You may have noticed the triangles on the map. They represent waiting time/storage and, therefore, waste. The actual process time is less than 20 days while the whole process, or the lead time, takes over 200 days. Just imagine the value of all that (intermediate) stored product; or, as you could put it, money not paid by the customer. Some of the more recognizable findings were:

  • a third of the waiting was caused by waiting on documentation, somewhere, before QA release
  • the testing and release of some starting materials took as much as two months
  • the QC/QA release process is the #1 priority

And yes, of course, there were many other opportunities for improvement: the process planning; transportation to and from the warehouse; decreasing waiting time of the drug substance, and change over time at packing (the list goes on).


The only step left is to actually start improving on all your new improvement projects! If you’re getting the feel of lean you might want to read about the DMAIC-methodology (define-measure-analyse-improve-control). This methodology will help you and your team to be data-driven, focused on bottlenecks and result-driven.

Blog by: Marc Stegeman - Principal Consultant & Certified Black Belt at Xendo

Click to enlarge example value stream map.




Read more

#Data integrity: 5 ways to be GxP compliant

Are you always ready to be inspected for your (GxP) activities in your facility? Is compliance and data integrity implemented firmly in your QMS? Are the systems in your (GxP) area constantly in a validated state? Are all your colleagues trained according to the required standards? And how about the Data Integrity (DI)?

It’s evident that you should always be ready for a(n) (un)planned internal/external inspection. Preparations for these external audits can be done by planning internal ones to ensure that both compliance and performance are controlled and corrective actions can be taken at an early stage. This way you and your colleagues are all prepared to face to the inspectorate as they make their way through your facility and documentation.

Although there are various types of audits and inspections, there is a trend that shows the inspectorate is focusing increasingly on data governance and data integrity.

So, what do we mean when we mention data integrity? Most usually it refers to the ALCOA+ principles, a commonly used acronym for:






It puts an additional emphasis on the attributes of being complete, consistent, enduring and available (implicit basic ALCOA principles).

Data integrity standards are met if the degree to which a collection of data is complete, consistent, traceable and accurate. The data is considered to be integer assuring that the accuracy and consistency of data over its entire life-cycle are always guaranteed.

If your data falls short of these standards (after an inspection or gap assessment), you have encountered a data integrity issue; an action or event that could cause, or is evidence of false, misleading, inaccurate, or incomplete data and/or documentation.

You really don’t want this to happen and should always try to be avoided regardless of the costs. These issues have serious consequences for your facility, compromising your company’s legal status/leaving you vulnerable to lawsuits. Government agencies actively conduct audits on this topic and enact fines.

Data integrity and compliance are entangled to such an extent that good data integrity management has become an important component of the pharmaceutical industry’s responsibility. It’s being integrated in the legal framework to ensure patient safety and also the efficacy and quality of medicines. Because of this, it should be firmly embedded in your QMS and all people involved should be trained accordingly.

Setting up a basic QMS is a vital first step and the basis of a company’s assurance that it delivers what it promises. The main challenge here is to keep it up to date at all times. As a fundamental part of the QMS, data integrity needs to be documented properly in it and follow the ALCOA+ principles.


Data can be classified by its level of sensitivity, value, and criticality regarding your facility. This classification of your data will help you to determine baseline security controls for the protection of your data. For example, confidential data is a generalized term that typically represents data classified as restricted to authorized persons only. This term is often used interchangeably with sensitive data. The way that your company classifies data should be documented in the QMS.


Keep in mind that all your activities regarding data handling in a controlled data lifecycle environment must cover the following aspects:

  • Creation or recording of GxP information
  • Collecting, processing and transferring data
  • Data use, reporting, replicating, and distribution
  • Data retention (including archiving), backup, restoration, obsoleting, and retirement

This list above for data management and GxP records is applicable to all personnel involved in e.g. research, design and development, sourcing, production, testing, retention, shipping, distribution, installation, service, marketing, and post-market surveillance of any pharmaceutical product.

All activities performed within above-mentioned aspects need to traceable. You always need to be able to reconstruct a complete roadmap of a drug or medical device’s history and you’re accountable to be able to resolve who has contributed what to which activity where and when.


Working with a computerized system in a controlled environment forces you to have access controls for systems and audit trails in systems (technical measures) in place. This is to ensure that only authorized people can log in with their credentials using only the role(s) there have been assigned. This role is assigned based on personal training and a level of activities to be performed in the system. To ensure access can be granted correctly, appropriate policies, procedures, and controls need to be in place (in the QMS) to remain compliant with the applicable legal requirements.

Once logged into the system, the software should have an up to date audit trail which is basically a chronological record of activities performed in the system. It’s considered sufficient when you’re able to reconstruct, review, and examine the sequence of activities surrounding or leading to each event from inception to the final output.

On a regular basis, an audit trail review needs to be performed. So, what does that mean for your facility? You need to arrange for a periodic assessment that should include a sample of relevant audit trails, raw data, and metadata as part of self-inspection to ensure on-going compliance with relevant policies and procedures. The way of performing the assessment should be written down in a work instruction which is maintained in the QMS.


In the pharmaceutical industry, training of all personnel is key, so an understanding of data integrity principles and issues should be included. If your personnel is trained adequately, they’ll be able to identify possible data integrity issues while performing their own assigned tasks and duties; use this to your advantage. Like everything else, these training sessions are recorded in a training record and consequently stored correctly and can be presented to the inspectorate if necessary.


Ideally, you should have a stable situation in your facility where a complete QMS, containing work procedures, describes and guides all your processes. By having this QMS in place, trained personnel create various integer deliverables according to predefined processes. And the inspection should only be a confirmation of this.

Obviously, nobody’s perfect and probably no QMS is either. With this in mind, it’s encouraged to demonstrate that you have remedied possible data integrity issues by hiring a third-party auditor to determine the scope of the problem and by implementing a corrective action plan. This yields extra confidence that you are proactively closing gaps in processes related to your facility, equipment, personnel or procedures.

Consider this take away message for your daily agendas:

Look at inspections and inspection results. Frequently, deficiencies relating to data integrity are the ones leading to GxP Non-Compliance. Subsequently, data integrity is not only an IT topic; it includes all handling of information in GxP environments. Every change to data has to be initialed and dated by an authorized person, the reason for change need to be crisp. The original data has to stay legible despite all changes performed, this for paper documentation and electronic records.

Feel free to contact us to with any other questions on data integrity or have a look at one of our other blogs on the topic.

Blog by: Ton de Ridder