Subscribe to newsletter

Xendo announces management buy-out supported by Sovereign Capital

#Xendo announces management buy-out supported by Sovereign Capital

The investment will strengthen the company’s position as a leading consultant and it will have a positive effect on the continuity of business. Current customers will continue to seamlessly enjoy existing services, and Xendo will be able to seek to expand its services and geographical reach, both through organic growth and complementary acquisitions. With a strong track-record as a ‘Buy & Build’ specialist, Sovereign Capital will provide the financial support to grow, develop and expand Xendo.

Under the new ownership the business will continue to operate under its own name. We are also delighted to welcome CFO, Arjen Huijs (previously Jacobs Douwe Egberts) to the current management team.

Read more

Xendo makes the Dutch Financial Times (Financieel Dagblad)

#Xendo makes the Dutch Financial Times (Financieel Dagblad)

BIO International Convention 2016

Xendo CEO, André van de Sande, brought one of our customized VANMOOF bikes to this years' BIO International Convention in San Francisco.

BIO International Convention 2016

Approximately 400 participants showed that the raffle was a huge succes and attracted a large crowd. We wish to congratulate this years' winner, Ruud Smits of NautaDutilh. We are very much looking forward to another succesful BIO again next year!

Biotechbedrijven dromen zich rijk na megadeal Acerta

Xendo makes the Dutch Financial Times (Financieel Dagblad) again!

#Xendo makes the Dutch Financial Times (Financieel Dagblad) again!

Xendo's recent management buy-out by Sovereign Capital has grabbed the attention of the Dutch Financial Times, which placed an article about it today.

In response to questions by FD-journalist Thieu Vaassen,  André van de Sande (CEO) gives insight in Xendo's successful turnaround over the past 5 years.

To read the article (in Dutch) follow this link.

Xendo – Vigilex accepted as candidate for Deshima Business Award 2016

#Xendo – Vigilex accepted as candidate for Deshima Business Award 2016

The Deshima Business Awards are granted to Dutch companies in recognition of successful business achievements in the Japanese market and are awarded by the Netherlands Chamber of Commerce in Japan.

Xendo-Vigilex has shown rapid development, having grown from 60 to over 150 employees over the past years. Next to realizing excellent growth of our European offices, this candidacy shows Xendo-Vigilex is also successful with our Japanese operation. Xendo-Vigilex offers a full scope of pharmacovigilance activities and is successfully supporting many Japanese (bio)pharmaceutical companies, who conduct clinical studies or market their product(s), or intend to, in the EU or US. Besides visiting our customers face-to-face several times a year and having local representation, Xendo-Vigilex also organizes a yearly seminar in Japan, which focuses on understanding EU PV related legislation and guidance on how to implement this in daily business.

Even though the market is competitive, we continuously see growth opportunities for our business and the nomination for the Deshima Business Award confirms this.

Xendo awarded for the second year in a row as FD Gazelle

#Xendo awarded for the second year in a row as FD Gazelle

Xendo was named an FD Gazelle 2016, meaning we belong to the fastest growing companies in the Netherlands again. The Gazelle Awards, an initiative of the ‘Financieele Dagblad’ (Dutch Financial Times), are awarded annually to the fastest growing enterprises, where the main criterion is a turnover growth of at least 20% per year during a three-year period.

André van de Sande (CEO, Xendo) says:

We have realised excellent growth over the past years and we have grown from 60 to over 150 employees. This is the second year we have been awarded a Gazelle, meaning we are showing robust growth of our company. Although we are operating in a competitive market, our clients increasingly know how to find us and we would like to thank them for the trust they place in Xendo.

IDMP compliance: 7 channels to get informed

#IDMP compliance: 7 channels to get informed

Starting from mid-2018, all pharmaceutical companies having medicinal products registered on the EU market will have to have submitted IDMP-compliant data for these products. IDMP stands for identification of medicinal products and refers to five ISO standards defining terms and structures to uniquely identify medicines. While big pharmaceutical companies usually have projects started to ensure IDMP-compliant submission and maintenance of the data, SME companies are mostly still in a phase of orientation.

SME companies are currently analysing the requirements to create their own company approach towards compliance and to estimate the cost of it. Most SME companies plan to start projects in 2017 when detailed guidelines for IDMP requirements are to be published by the EMA.

SME companies usually face the following challenges on their way towards IDMP compliance:

Internal Resources

  • Usually no dedicated function for master data management/ regulatory data management
  • Limited resources available to train employees on IDMP requirements and to keep up to date with changing information


  • Limited financial resources for additional software
  • Limited resources (FTE/external costs) for data collection/ submission/ maintenance

Lack of Benefit

  • No internal business case for IDMP compliance: IDMP compliance is cost only

Limited Official Information

  • Final timelines not published by EMA yet
  • Final requirements not published by EMA yet
  • EMA database not published yet

However, IDMP compliance is not a mystical quest that cannot be solved by common sense. This post will describe 7 different channels of how to stay informed about IDMP requirements and implementation plans of the EMA and will compare their efficiency for SME.

Information Channels for SME Companies

One major challenge for SME companies is to stay informed about authority plans and requirements for IDMP compliance. While requirements are being defined and implementation plans are being changed by the EMA, direct information from EMA has been very scarce over the last years.

The following sources to stay updated about IDMP should be considered:

1. EMA website

EMA publishes official information regarding IDMP implementation on its website. The website also includes a webinar given by the EMA in August 2016 as well as meeting notes from the IDMP task force.

2. ISO standards and implementation guides

The ISO standards and ISO implementation guides can be bought online. They are currently under revision and new versions are expected in 2017 (for standard 11615 and 11616 in the second quarter, for standard 11238 in the fourth quarter, for implementation guide for ISO 11238 in the first quarter, for implementation guide for ISO 11615 in the second quarter of 2017).

The ISO standards ISO implementation guides will serve as a basis for the EU implementation guides. The EU implementation guides will define the actual requirements for the EEA and are currently created by the IDMP task force.

As long as EU implementation guides are not available, ISO standards and implementation guides give the most detailed information on which requirements for IDMP compliance can be expected. Special attention should be paid to the standards of the medicinal product and substances as well as the technical implementation guides.

3. Direct via IDMP task force

The EU IDMP task force consists of representatives of EU institutions like the EMA and NCAs, representatives of the pharmaceuticals industries and other interest groups like vendors. The task force is developing and implementing IDMP requirements in the EU. For big pharmaceutical companies and vendors in the area of RA data organisation, participating in the IDMP task force also serves as a direct channel to the implementation of IDMP. However, even within the task force, a lag of information delivery from EMA to industry/vendor representatives prevailed.

Participating in the IDMP task force does not only require sufficient time but also specific knowledge in the field. Therefore, it seems natural that this is not the information channel of choice for SME companies. However, information from recent task force activities can be found on the EMA websites in the task force meeting minutes and are also exchanged via the IRISS forum as described in point 2.1.6.

4. Conferences, external training

Since 2014, the number of conferences and professional training focusing on IDMP has steadily risen. Speakers from industry, vendors, and authorities can give valuable insights to their IDMP implementation projects. However, again mostly big pharma companies are attending, as conferences and training are costly and SMEs lack functions dedicated to the subject. Bigger companies already involved in internal IDMP projects are often updated by vendors and consultancies part of the project team.

SME companies not starting IDMP projects yet might consider using an in-house training held by experienced consultancies to inform all involved functions about IDMP instead. 

5. Informal networking

As official information from the EMA has been scarce, direct information from task force members has proven a helpful source of information. Informal exchange based on personal contacts also is highly helpful when implementing IDMP within the own organisation. Related functions in other companies usually face similar problems and solutions and experiences can be exchanged. Again, big pharma companies with functions dedicated to the subject have been in advantage here while RA departments often feel responsible for IDMP in SME companies. Nevertheless, exchanging experiences regarding IDMP implementation with related functions in other companies can be a highly useful, cost- and time-efficient source of information for SME companies as well.

6. IRISS forum

The IRISS forum refers to itself as “A Non-Profit Dedicated to Implementation of Regulatory Submission Standards Around the World”. Related subjects are discussed within topic groups and webinars, members come mostly from industry and vendor organisations. The IDMP topic group meets in a monthly t-con. The agenda usually focuses on recent activities of the EU IDMP task force and of the ISO technical committee currently updating the ISO standards. Speakers usually are members of both organisations. IRISS members can add questions, issues regarding xEVMPD activities are discussed as well. Records, as well as notes of the meetings, are published afterward. The forum also conducts surveys and collects feedback for the EU IDMP task force from its members.

As membership is comparatively inexpensive, SME companies should consider it as a cost- and time-efficient source of up to date information.

7. EMA efforts to cascade information

In its August webinar, EMA described its approach to set up a change network to cascade information regarding IDMP more efficiently. EMA will appoint industry change liaisons. Industry change liaisons will come from the IDMP task force. They are meant to cascade information and best practices directly and interactively to industry as well as to give feedback to EMA change network if additional communication is needed. They are meant to work together with key contact points at industry organisations to identify suitable communication channels like conferences or forums where they can present and communicate about IDMP. The industry is asked to get in touch with industry change liaisons if opportunities are identified that they can communicate with a wider range of industry stakeholders.

EMA promised to publish contact information of industry change liaisons soon. It needs to be evaluated how effectively they will improve communication. SME companies might want to contact their industry organizations regarding any related activities planned.

According to EMA, the SME office is also responsible for cascading information to SME and registered SME companies can submit questions there as well.


In August 2016, the IRISS forum conducted a survey of its members about their IDMP compliance activities. The results are publicly available:

One of the questions asked was how companies stay informed about IDMP compliance.  Most of the 29 industry members answering the survey reported that they received information about IDMP implementation either directly from the task force, via the IRISS forum or from vendors and consultancies. When asked about their preferred source of information, however, almost all companies reported that they wish to receive information directly from the authorities.

While it is unclear whether more information directly from the EMA will be available in the future, companies currently are still asked to use various other information channels.

For SME companies the following approach can be helpful.

  1. Start with an in-house workshop to bring all involved functions to the recent level of IDMP information. The workshop should also answer all open questions regarding the contents of the ISO standards and ISO implementation guides. Xendo offers workshops as part of its IDMP consultation services. Please contact us for more information.
  2. Stay informed about new information using the following channels:
    The EMA website should be checked regularly for any updates
    Appoint a function to follow the discussions on the IRISS forum

Network with peers to get informed about experiences from organisations similar to your own.

Feel free to get in touch for some additional information!
Blog by: Almut Holz - Managing Consultant at Xendo 

Using Scrum to Validate Software during Agile Development

#Using Scrum to Validate Software during Agile Development

Scrum is an increasingly popular way to develop software, a methodology to implement Agile Software Development.  Though Scrum has been coming up for a few years now, it’s not always clear how to validate software that is being developed this way. Specifically for pharmaceutical and biotech companies it’s valuable to show deliverables of incremental sprints in Scrum can be combined with the deliverables expected by the GAMP 5 guide.


There are several accepted definitions of SCRUM, but for now, let’s go with the following:

“Scrum is a development framework in which cross-functional teams develop products or projects in an iterative, incremental manner. It structures development in cycles of work called sprints.”


Sprints are blocks in which Scrum-teams deliver their product. They are iterations of no more than four weeks each (the most common one being two weeks), and take place one after another without pause. These sprints are time boxed, meaning they end on a specific date whether the work has been completed or not, and they are never extended.

Usually, Scrum teams choose one sprint length and use it for all sprints. Though, if they improve they might decide to use a shorter cycle.  At the beginning of each sprint, a cross-functional team selects items (customer requirements) from a prioritized list.  Subsequently, the team agrees on a collective target of what they believe can be delivered at the end of that sprint. The benefit being that the work scope is small and there is a commitment from all participating team members.

During the sprint, no new items are added; changes are put on the product backlog and prioritized for execution in future sprints. At the beginning of every day, the team gathers briefly to inspect its progress and adjust the next steps needed to complete the remaining work in time.

At the end of the sprint, the team reviews the sprint’s results together with the stakeholders and demonstrates what has been built. In the case of software, this would mean a system that’s integrated, fully tested, end-user documented, and potentially shippable. The obtained feedback can lead to changes or additional requirements that are added to the product backlog.


Good Automated Manufacturing Practice (GAMP) is a set of guidelines for manufacturers and users of automated systems in the pharmaceutical industry.

More specifically, the ISPE guide for Validation of Automated Systems in Pharmaceutical Manufacture describes a set of principles and procedures that help ensure that computerized systems, including software, are fit for purpose.

One of the core principles of GAMP is that quality cannot be tested into the computerized system, but must be built into the computerized system during each stage of its development. As a result, one of the key features of GAMP is computer system validation.

Computer System Validation

Computer System Validation (CSV) establishes documented evidence providing a high degree of assurance that a specific computerized process or operation will consistently produce a quality result, matching its predetermined specifications. In other words, CSV is demonstrating that the computerized system is consistently doing what it should be doing and that the data it produces is reliable.


Normally the “V-model” is used to execute this kind of validation. In GAMP this model demonstrates the relationships between each phase of the development life cycle and its associated phase of testing.  The left axis represents the stages of a specification and the right represents the stages of verification or testing. Steps in the V-model are sequential, following the arrows, and every next step should only be started when the previous one is completed. During software validation, the deliverables of each step are checked

Validation starts by combining all requirements in a User Requirements Specification (URS). When this URS is approved, the Functional- and Configuration Specifications (FS and CS) are drawn up and the software can be developed afterward. After development, it can be validated together with its accompanying procedures. Only when everything is according to the URS and applicable procedures the software should be released.

Combining both methods

On first sight, combining Scrum and GAMP doesn’t seem possible, because Scrum is an incremental process, i.e. software is delivered in working parts, and validation according to GAMP is sequential i.e. the software is delivered in a whole working package.

However, when confronted with this problem, you can decide to treat each Scrum sprint as a separate “GAMP V-model”. This way, you can perform validation while the software is being developed and this is in line with both ways of working. To have a potentially shippable product it needs to be validated and to validate this product the specifications, functionalities, and documentation all need to be checked.

To establish this, the validation documentation is aligned with the scrum documentation according to the table below:


By combining GAMP and Scrum like described, it’s possible that a cross-functional (development, testing, and validation) team is able to deliver functioning and validated software in a timely matter while meeting all predefined top priorities. Since time is usually fixed, lower priorities might not always make it in the first production release, but this is actually one of the strengths of Scrum; focusing on what must be implemented.

Most software developing companies do not work according to the V-Model anymore and have embraced Scrum. Pharma companies, however, often state that GAMP or the V-Model needs be followed. It is worthwhile to seek some flexibility on both sides to make it possible to start implementing Scrum while maintaining benefits of the V-model. Our experience is that Scrum can definitely help to successfully execute projects on time with the required functionality and quality.

Please feel free to contact us if you have any questions!
Blog by: Anton van Rosmalen - Consultant at Xendo
Contact: Joost Havers - Managing Consultant at Xendo

COGEM advice on MI classification when using Single Use Bioreactors

#COGEM advice on MI classification when using Single Use Bioreactors

Earlier this year the Commission on Genetic Modification (COGEM) commissioned Xendo to investigate the current vendor and user experiences concerning the containment risks when using Single-Use Bioreactors (SUBs) in combination with Genetically Modified Organisms (GMOs)

Based on this Xendo report COGEM has written a letter of advice to the state secretary of Infrastructure and Environment (I&M), concerning use of SUBs in large scale industry. In this letter, it is stated that production in SUBs by the current standard is performed under classification MI-III.

Following these events, we received questions regarding the report and the letter, so we’d like to summarize the outcome of the Xendo research report and present COGEM’s advice to the state secretary and how this should be interpreted. Also, we’ll show what Dutch regulations concerning genetically modified organisms state about MI classifications (Micro-organisms Industrial scale) with respect to the interpretation of the COGEM advice.

Summary Xendo Report: “Updated GMO Containment Risk Evaluation Of Single-Use Bioreactors”

SUB technology has developed significantly since the first assessment in 2010, with increased experience at both the user and vendor side, many improvements have been made that reduce risk for loss of containment (e.g. operator handling errors or SUB control system errors).

Since 2010 interaction between SUB vendors and end-users has resulted in increased knowledge concerning SUB bag integrity. One example is a visual anomaly database in which anomalies are classified according to their impact on bag integrity. SUB bag production processes are qualified and validated. Shipping and transport also occur according to validated methods. Training is provided extensively to users of SUB systems at purchase and when significant design changes have been made. SUB production has improved, yet between vendors, there still is a different approach to SUB bag integrity assurance.

Users often rely on the expertise and quality assurance of the vendor for bag integrity. Most users do not employ dedicated integrity tests (e.g. pressure decay), but instead use a media-fill-test as their pre-inoculation bag test. Users also recognize that maintaining a high level of operator skill, through (vendor) training and use of appropriate equipment, is critical to successful and safe use of SUB technology without containment events like spillage or leakage.

It is anticipated that small defects located in the headspace of SUB bags (pinholes) pose a (theoretical) risk for containment, especially when producing viruses which are transmissible through aerosols. Pinholes in the headspace are not easily found using a media fill test. A pressure decay test may not be able to indicate these holes as they have a minimum detectable defect size based on bag volume.

It is concluded that the use of SUB technology in combination with GMOs generally does not pose an increased containment risk compared to stainless steel vessels. This is based on the following:

  • Any bag defect that could constitute a containment risk is typically spotted during the pre-inoculum phase. (Except the mentioned pinhole defects in the headspace)
  • Operators are properly trained and use the appropriate and validated equipment.
  • Vendors have good control over their production process and raw material supply.
  • Vendors and users freely and openly communicate experience and information and engage in continuous improvement of this technology.
  • Between different types of SUB bag configurations, no significant differences have been observed.

COGEM advice letter

COGEM presented the report to the state secretary of I&M and in the offer letter, COGEM explains the outcome of the Xendo research that has been done concerning the use of single-use bioreactors (SUBs) for large scale production. Throughout the letter, the increased safety and experience of users and vendors is explained and the residual risks related to pinhole defects in the SUB headspace were addressed.

In the letter, COGEM indicates that accidental escape of GMOs through pinholes cannot be excluded and that operators should be made aware of the risks of pinhole defects. Nevertheless, COGEM indicates that, following the current classification regulations, large scale culture of GMOs in reactors and SUBs should be performed in an MI-III environment.

MI-III implies that besides the SUB itself there is a second level of physical containment. In MI-III classification the likelihood of GMOs being released into the environment is considered to be minimal, even when GMOs would escape from the SUB through accidental pinholes.

It should be noted that this classification advice has not changed with respect to the current classification of similar activities, indicating the Xendo report has confirmed the suitability of current classification guidelines.

Regulations concerning large scale production using GMOs

In the applicable Dutch regulations concerning genetically modified organisms (Besluit & Regeling genetisch gemodificeerde organismen, wet milieubeheer 2013) the following 4 classifications are listed for process installations for large scale industry:

  • MI-I areas are for dealing with ML-I organisms that comply to certain criteria (very low risk). Inactivation of the biomass before disposal is not required.
  • MI-II areas are meant for dealing with ML-I organisms that do not comply to the IAB criteria. Inactivation before disposal is required.
  • MI-III areas are for ML-II organisms, and
  • MI-IV areas are for ML-III organisms

Noticeably, when used at laboratory scale, all ML-I and ML-II organisms are classified at MI-III in industry. This is contradictory to classifications concerning PKM (Plants) and DM (Animal), where levels I to IV correspond to ML-I to –IV depending on the ML classification of the organism in laboratory scale work.

Appendix 5 chapter 5.7.1 states that:

  • A. Dealing with organisms that are classified as ML-I in laboratory scale are classified as MI-III in industry.
  • B. Dealing with organisms that are classified as ML-II in laboratory scale are classified as MI-III in industry.
  • C. Dealing with organisms that are classified as ML-III in laboratory scale are classified as MI-IV in industry.

In general, the containment measures of MI classifications in the workspace entail the following:

  • MI-I: Use of physical containment (Bioreactor).
  • MI-II: Use of physical containment (Bioreactor) that limits the spread of GMOs. Filters in off-gas are mandatory.
  • MI-III: Use of physical containment (Bioreactor) that strongly limits the spread of GMOs. Hydrophobic absolute filters in off-gas and means to collect and inactivate the total content of the system are mandatory.
  • MI-IV: Use of physical containment (Bioreactor) that prevents the spread of GMOs. Further use of containment measures in the process area like a HEPA Filtered ventilation system, entrance through an anteroom containing a shower and gowning areas, a negative pressure regime, leak free or ventilated seals, hydrophobic absolute filters in off-gas and vacuum systems, and means to collect and inactivate the total content of the system are mandatory.

Also, procedural demands increase when the MI classification is higher. For further details see appendix 9 of the regulations concerning GMOs.


When applying for a license using ML-I or ML-II organisms at lab scale, always an MI-III classification is applied for in the industry. However, when dealing with low-risk organisms, following appendix 6 of the Dutch GMO regulations, a downgrading to MI-II or MI-II can be requested at the GMO office after the first MI-III permit is granted. Each application will be evaluated on a case by case basis often involving COGEM to advise on the related risks for the environment. The COGEM advice letter does not alter this procedure.

The GMO office and COGEM have confirmed that their advice does not change the current classification rules and regulations. Downgrading is still possible when safety is assured.

Downgrade examples when using SUBs

Numerous applications for downscaling have been evaluated in the past. A number of positive COGEM advices, on the acceptability of downscaling handling of GMOs on an industrial scale when using SUBs, are published on the COGEM website.


The outcome of the Xendo report is that use of SUBs overall does not pose a higher containment risk in comparison to stainless steel bioreactors. However, pinhole defects in the headspace of the bag are difficult to identify and therefore pose a (theoretical) risk of loss of containment, especially when using viruses that can be spread through aerosols.

COGEM has reported the outcome of the Xendo report to the state secretary of Infrastructure and Environment (I&M) indicating the risk of pin hole defects. However, COGEM states that under the standard MI-III classification risk is adequately managed because of the 2nd layer of containment besides the reactor itself.

The Dutch regulations concerning GMOs follow a standard classification of MI-III for industrial scale applications for organisms that on a laboratory scale are classified at ML-I or ML-II. It also states that a downgrade to MI-II or MI-I can be applied for at the GMO office.

The GMO office and COGEM have confirmed that, although the risk of pinhole defects in SUBs is acknowledged, there is no change in the classification of industrial application of SUBs. Furthermore, applications for downgrading to lower containment levels can still be submitted and will be evaluated on a case-by-case basis following current standards.

Feel free to contact us if you have any questions.
Blog: Bert Wielders - Consultant at Xendo

The new Medical Device Regulations, are you ready?

#The new Medical Device Regulations, are you ready?

Are you ready for the new Medical Device Regulations? While writing this, it is almost impossible to respond to this question 100% positive. But all manufacturers will need to review their product portfolios in order to determine if their products are covered by these new legislations and comply, or still comply, with all their requirements.

Discussions between the European Parliament, Council and Commission have taken a long time and resulted in two vast documents, no less than 400 pages each, i.e. the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR). The official sign-off and publication of these two Regulations is expected to be Q1 or Q2 2017. And even then, further details in the form of Common Specifications and implementing Directives will need to appear in the coming years.

The combined info of the Proposals of the European Commission for the two Regulations (September 2012), publicized information, and discussions in- and outside Brussels and Strasbourg, show a clear picture of the most critical aspects. Important to know is that the new Regulations have taken a fivefold from the size of the Directives for Medical Devices and IVD-Medical Devices which they are to replace. So, it might be wise to develop a certain tactic if you plan on reading them and you have a specific product in mind. Beneath you find a pragmatic approach on how to assess the status of a product under the new Medical Device Regulation:

  1. Check the scope of the legislation (Article 1, Annex XV);
  2. Compare the manufacturer’s description of the product with the definition of Medical Device (Article 2) and with Annex XV;
  3. Determine the particular roles and responsibilities of the Economic Operators, with some newly defined entities such as the importer and the distributor (with Article 2);
  4. Re-determine the risk classification of the product taking its Mode of Action into account (Article 41, Annex VII);
  5. Select the preferred Conformity Assessment Procedure (Article 42);
  6. Identify the applicable “Essential Requirements” (Article 4, Annex I);
  7. Generate or supplement the Technical Documentation (Annex II);
  8. Apply the applicable Conformity Assessment Procedure (Annex VIII, IX, X or XI);
  9. Complete the Declaration of Conformity (Article 17, Annex III);
  10. Affix the CE Mark (Article 18, Annex IV), now showing compliance to the Regulation.

A “warm welcome” to manufacturers of products without a Medical Purpose

Manufacturers of non-Medical Devices will also have to become familiar with the new legislations because a series of products without a Medical Purpose has been brought into its scope. Although not complying to the general definition of a Medical Device, the application of these products carry many, if not all, aspects of the use of a real Medical Device. Examples of such products are colored contact lenses or other articles intended to be introduced onto or into the eye; substances intended to be used for dermal or mucous membrane filling by injection; equipment for liposuction, all kinds of light emitting laser equipment intended for skin treatment, or cosmetic implants (under Annex XV).

It is expected that their safety will be assessed as if they were classified in line with the best matching classification. Their manufacturers will need to start developing Technical Documentation. Notified Bodies will need to focus on risk separately, as opposed to a risk-benefit ratio where they usually compare residual risks to proven clinical benefits. For presenting compliance to the requirements, Common Specifications will be provided.

Other eye-catching issues

Discussions around these new legislations predominantly focused on improving the organisation of the system, i.e. on stronger supervision and intensified oversight of Notified Bodies by national authority personnel with proven qualifications; more thorough testing and regular checks on manufacturers, including commonly applied Un-announced Factory Inspections; the mandatory implementation of a rotation scheme for Notified Body assessment staff and permanent proven "in house" expertise in the Notified Bodies’ organisation, especially in the field of clinical experience.

Between the many critical elements in the new Regulations, improved device traceability throughout the Supply Chain using UDI systems and the extended registration requirements in the EUDAMED database need to be mentioned. The database focuses on the certificates issued, suspended, withdrawn, refused and restricted by Notified Bodies, on Clinical Investigations, on vigilance data, such as Field Safety Corrective Actions and Field Safety Notices as well as on market surveillance measures taken by Member States. Manufacturer registration and UDI will probably be moved into a separate system.

Significant are the stricter requirements for Clinical Evidence. Clinical evaluation reports are mandatory for all classes of Medical Devices. What changed particularly, are the terms of Clinical Evidence for high-risk devices. The evidence should predominantly be based on data sets with a focus on Clinical Performance Studies covered by detailed described GCP-principles. Class III devices manufacturers will also need to enhance their active and systematic analysis of data on quality, performance and safety using Post-Market Surveillance and Post-Market Clinical Follow Up. They need to report on with Periodic Safety Update Reports, continuously monitoring the Risk/Benefit-Ratio.

Classification and Technical Documentation content of existing products to be re-assessed

Manufacturers should be aware that their current products have to be re-assessed in order to confirm that they still conform to the requirements. Or to determine the gap to be resolved before being allowed to continue marketing their products in Europe. Fortunately, they have three years, or five for IVDs, to perform this re-assessment.

Although they will be able to perform this assessment themselves or with specialized support, a Notified Body is needed for the official confirmation of conformance.

Please note, all Notified Bodies will need to be accredited for these new Regulations before being entitled to assign CE-certificates. To this purpose, the capacity of the joint audit teams of the authority Accreditation Bodies that oversee Notified Bodies has been enlarged. One of the implementing acts prescribes how this should be managed. Probably, Notified Bodies who audit high-risk devices will be able to start relatively early, given the requirements that are being introduced for such products. Having these certifying organisations accredited on time will, most likely, be a challenge for the Accreditation Bodies of the Member States.

In conclusion

Even though the new regulation has not been published yet, and three years for implementation seems far away, it is strongly advised to start your assessment against the new regulations as soon as possible. There are many topics to address and the more time you have available, the easier it is to ensure conformance of your products within the set timeframe. Therefore, do not hesitate and take the ten step approach above, and you will have a quick insight to where you stand with your products.

If you have any questions, feel free to contact us!
Blog by: Louis Habets - Senior Consultant, Xendo

Emerging genetic engineering in medical biotechnology

#Emerging genetic engineering in medical biotechnology

Emerging genetic engineering in medical biotechnology

After the DNA helix was uncovered in 1953 and in 1968 Rogers and Pfuderer demonstrated a proof-of-concept for virus-mediated gene transfer, about two decades ago the first gene therapy trials were performed. In 2003 the sequencing of the human genome was completed, which provided new opportunities for further development of molecular medicine. In 2003 Gendicine was the first gene therapy product approved for clinical use in humans in China. In July 2012, the European Medicines Agency recommended Glybera for approval, which was the first recommendation for a gene therapy in either Europe or the United States. With the increased understanding of molecular medicine, the field is now developing even more specific and efficient therapeutics that repair gene function, which is now producing clinical results.

Commissioned by the Ministry of Infrastructure and Environment (Ministry of I&M) and the GMO office (Part of the Netherlands Institute for Public Health and the Environment, RIVM) Xendo executed a scientific literature evaluation on novel and trending molecular genetic techniques applied in medical biotechnology.The GMO Office is responsible for the processing of license applications with respect to GMO handling on behalf of the Ministry of I&M and it is intended to develop new policies for medicine based on new molecular biotechnologies. 

Trending themes within molecular medicine such as genomics-based medicine, epigenetics, nanomedicine, personalized medicine and synthetic biology are all impacted by the development of techniques that facilitate and improve genetic engineering. Four technology areas were identified: genome editing, epigenome editing, gene expression regulation and gene delivery. Within these technology areas, the following technologies were identified: ZNF (Engineered nuclease), TALENs (Engineered nuclease), CRISPR/Cas9 (Engineered nuclease system), siRNA and miRNA and Modified Antisense Oligonucleotides.  The table below presents the technology areas and the underlying techniques as well as possible applications.


Genome editing by engineered nucleases (ZFN, TALENs and CRISPR/Cas9) is of great value in research to understand functions of individual genes but also as medicine for genetic disease treatment. Currently, genome editing strategies are developed as therapeutic agents. A critical breakthrough for gene targeting approaches was the discovery that by creating a site-specific DNA double-stranded break (DSB) at the targeted locus it is possible to strongly stimulate genome editing by homologous recombination. Engineered nucleases are not only used to introduce permanent deletions or insertions in the host genome but can be re-designed to control epigenome modification and gene expression. Engineered DNA binding domains of artificial endonucleases can be fused to functional domains of chromatin-modifying enzymes or a transcription activator/repressor. This type chimeric protein is able to control chromatin modification status, or regulate gene expression at the transcriptional level.

Small noncoding RNAs

Micro RNAs (miRNA) and Small Interfering RNAs (siRNA) have been discovered two decades ago and added a new dimension to our understanding of complex RNA-mediated gene regulatory networks.  These RNA molecules can exert regulation of gene expression. As such, molecular medicine base on these small RNA molecules can be applied at an additional level, for example, to regulate developmental and physiological processes or to treat a wide range of disorders including cancers and infections.

Antisense oligonucleotides

Therapeutic oligonucleotides (including small noncoding RNAs) that intend to have an effect on gene expression in general need to be able to enter the targeted cells and stay biologically active to be able to reach their DNA or RNA target sequence. As nucleotides composing RNA and DNA are linked to each other by phosphodiester linkages that are easily cleaved by endo- and exonucleases such molecules often are not suitable for the intended medical use. Many types of modifications have been described, and besides backbone modification; sugar modification (Locked Nucleic Acids, Bridged Nucleic Acids), nucleobase modification (Base Analogues), and terminal modification (coupled sugar, lipid, and peptide) have been applied to improve oligonucleotides properties.

Delivery systems

In most cases, the described technologies and their future development depend on efficient delivery systems. About 70% of gene therapy clinical trials carried out so far have used modified viruses to deliver genes. Although they have substantially advanced the field of gene therapy, several limitations are associated with viral vectors, including patient safety issues and difficulty of virus production. The development of non-viral vectors is attractive because of advantages such as fewer safety issues and fairly simple manufacturing processes. Many non-viral systems have been developed for delivery of genetic material, including the injection of naked DNA alone or in combination with physical methods such as gene gun, electroporation, hydrodynamic delivery, sonoporation, and magnetofection. These techniques are generally less applicable to systemic gene delivery in humans than in small animals such as mice. Therefore, a range of synthetic delivery vectors has also been developed, including lipids and liposomes, polymers (linear and branched polymers, dendrimers and polysaccharides), polymersomes and inorganic nanoparticles.

Paradigm shift

The most attractive aspect of the novel therapeutics based on the technologies described is their ability to target virtually any gene(s), which may not be possible with classical small molecules or protein-based drugs. While the efficacy of these novel therapeutics has been successfully demonstrated in vivo, several technical barriers still need to be overcome in order for many clinical applications. The novel therapeutics allow for direct and sustained interference with disease related gene expression and gene regulation, in most cases without the necessity to change the endogenous sequences of the genome itself. The ethical and safety concerns of changing genome sequences are herewith in most cases circumvented and a clear paradigm shift from gene repair and replacement to gene regulation can be observed. Nevertheless, some concern remains related to the transgenerational effects of medical treatments in general and specifically for treatments that strongly affect gene expression. New insights into epigenetic mechanisms revealed a new high-speed evolution system independent of random DNA changes: epigenetic evolution by chromatin modifications, such as acetylation and methylation, in response to environmental changes including medical treatments and even psychological experiences, which are transmitted between generations.

With the recent surge in intensive research investigating new therapeutic mechanisms and combinations of new tools, it can be expected that significant advance will be made for their future role in therapeutics.

To read the full report follow this link.

Feel free to contact us if you have any questions.

Blog & report by:
Harm Hermsen - Managing Consultant
Paul Joosten - Sr. Consultant 
Xiaoxi Zhu - Associate Consultant


A Secure way to maintain Data Integrity while using Shared User Accounts

#A Secure way to maintain Data Integrity while using Shared User Accounts

Data Integrity

According to the US Food and Drug Administration (FDA), “ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy and quality of drugs” *1 and in recent years the FDA has found increasingly more violations involving data integrity. Because data integrity is a too broad of a topic to deal with in a single blog we will focus on one specific aspect of it: data integrity for systems that use shared user accounts. Furthermore, we will focus on addressing the requirement that data must be retained as “original records”, “true copies” or “other accurate reproductions of the original records” (“reliable and accurate data”).*1

The FDA defines data integrity as:

”The completeness, consistency and accuracy of data. Complete, consistent and accurate data should be attributable, legible, contemporaneously, recorded, original or a true copy and accurate (ALCOA)”. *1

During development or production of pharmaceutical products it is important that all used data is correct, available, accessible by authorized user only, and therefore can be relied on in decision-making. To achieve this, data integrity must be ensured.

If data integrity cannot be ensured, than the possibility exists that the produced /developed products do not meet the quality requirements and/or do not work as intended. Or worse, the pharmaceutical product may have properties that have a negative effect on patients’ health. This is why regulatory authorities are currently focusing on data integrity.

Thus, the importance of reducing your data integrity risks, and ensuring controls are correctly implemented and appropriately managed throughout the entire record life cycle is very clear.

Shared User Accounts

Data integrity while using shared user accounts is a difficult one. Shared user accounts could be an Operating System (OS) - or application user account that are not specific for one user, but are used by more instead. 

Some computerized systems are used with shared user OS accounts e.g. because the application software must be running 24/7, other software is only working when it is run with an administrator account (this is a user account with all possible user rights) or an account with elevated rights (more user rights than a normal locked down user). This results in increased data integrity (and security) risks.  Using such a computerized system gives the users the possibility to (accidentally or deliberately) alter or delete data stored on local hard drives.

Furthermore, if someone is logged in with a shared user account it is not registered which specific user it is. If a user is editing data, it is only logged that that shared user account did the editing, and not which actual user. So it cannot be checked who was the one responsible. Therefore, measures must be taken to avoid this.

Security software

One of the measures to  implement is to install security software that is designed to limit the rights of the users on the computerized system, while the rights of the application software stay the same.


  • User rights: A set of rules defining what a user can or cannot  do and for what folders of a computerized system  these rules apply, such as read, write and delete.
  • Software rights: A set of rules defining what an application can or cannot do and for what folders of a computerized system these rules apply, such as read, write and delete.
  • Both sets of rules can be set independently.

The security software acts as a ”point-police man” between the operating system (Windows) and the application software regulating the users and the application software, so to speak. With this security software, it is possible to:

Set the rights of the application software:

  • Define which folders the application software can access and with which rights;
  • Define which Windows dialog screens the application software is allowed to use (e.g. “Save As” window).

Set the user rights

  • Define which applications can be used;
  • Define which folders the user can access;
  • Define if executable files can be started or not;
  • Define network access (network folders, intranet and internet).

How the security software enforces the rules to meet compliance can be configured too:

  • Define if the application software is started automatically or a menu with several applications is presented.
  • Define if besides the applications software other software or the explorer may be used.
  • Define which phericals (USB sticks, DVD, Mobile Devices, etc. may be connected to the system.

To illustrate this theory pretend you’re using application software (DataPro900) that is run under a shared OS user account with elevated user rights. The steps taken to configure the security software would be:

  • Configuring the security software in such a way that its interface is started on booting of the system. Users can only start DataPro900 or File Manager which is a secure replacement for Windows Explorer;
  • Selecting which folders the users can access using File manager, in this case the directory with the data files of DataPro900. File Manager is configured in such a way that these files can only be read; no files can be edited or deleted. No executable files (e.g. .exe, .com, .bat files) can be executed.
  • Blocking system critical key combinations
    Blocking system critical key combinations
  • Blocking internet access, but allow intranet access.
  • The users cannot get on internet and accidently download a virus or download software that could compromise the integrity of the computer and therefore also data integrity;
  • Locking CD/DVD drives and blocking USB drives.
  • The users cannot accidently introduce malware or a virus from a CD/DVD, Phone, USB drive or use those media to install software that could compromise the integrity of the computerized system and therefore the data integrity;

When the system is rebooted after this configuration, the following start-up screen is presented:

As you can see the system is completely locked down, only the DataPro900 application software and File Manager can be started.

The security software has an interface that makes configuration rather straightforward, you just have to tick or untick the options you want to set for the software. The interface has several screens where you can set the different options you want to use for your software.  This security software stores its configuration in HTML language. The main advantage of the use of the interface is that no prior knowledge of HTML is required to configure the software. 

Ofcourse, knowledge of the application software and the system it is run on is needed because this knowledge is needed to guarantee the best possible protection when using this security software.

For an example of one of the interface screens, see the picture below.


In the case described above it is possible to make computerized systems with shared user accounts more secure, reliable and compliant with GxP regulations, when using security software. 

Data integrity is maintained because users have “reliable and accurate” *1 data to work with, which cannot be altered from outside the software application or the File Explorer.

Shared user accounts need to be assessed on a per system basis. E.g. The above procedure will not completely fix the problem when the application software uses shared accounts, like accounts based on roles (e.g. Analyst, Study Director, Lab Administrator). Then the application software itself is not compliant and that cannot be fixed by installing the security software. The advice then is to investigate new application software and make sure it has all functionality before taking it into use. At Xendo we developed and use standard lists to check if systems comply with 21 CFR Part 11 and Annex 11 for this purpose. Ideally, when starting from a  green field, infrastructure and application should both be assessed before deciding upon a computerized system to use.

*1 FDA Data Integrity and Compliance With CGMP Guidance for Industry DRAFT GUIDANCE

Blog by:  Anton van Rosmalen - Consultant at Xendo
Contact: Joost Havers - Managing Consultant at Xendo

Quality by Design in the development of biopharmaceuticals – how Regulatory Affairs can mitigate bottlenecks

#Quality by Design in the development of biopharmaceuticals – how Regulatory Affairs can mitigate bottlenecks

If you are involved in (early) development of biopharmaceuticals, have you ever experienced serious delays because of problems arising from tech transfer? Or because of the first pilot scale batches not meeting important criteria of the specification that was adopted early in the program? Or because of a serious comparability issue between non-clinical, clinical and commercial scale batches? Or because the Agency does not agree with the proposed strategy, when your company finally decided to obtain Scientific Advice? A big chance you experienced not just one, but several of these “bottlenecks”.

Biopharmaceutical development necessarily requires a multidisciplinary approach, that is sometimes at odds with the realities of corporate structures and experience available in (smaller) companies. It is a challenging task to understand inter-dependencies between different pharmaceutical-technical aspects of a development program, together with the organizational aspects of a multidisciplinary approach. Once a development issue is noted by an individual, it can be difficult to translate this into action by the organization. Regulatory Affairs is arguably the single function where it all comes together; from technical CMC issues to nonclinical and clinical safety and efficacy studies, their interrelationships, and how to translate such issues in an efficient regulatory strategy.

When making an analysis of the many challenges in biopharmaceutical development four main bottlenecks can be identified: specific aspects of drug development that represent common root-causes for either delayed, over-budget or failed development programs. This blog will focus on these bottlenecks and how regulatory affairs specialists, working closely together with all relevant disciplines in the company, can offer advice and hands-on support to recognize and navigate through these successfully.

Manufacturing Process Development: tech transfer, scale-up and modifications

CMC development of a biopharmaceutical involves highly-experienced specialists that are very competent at their main task which is, necessarily, only a small piece of a complex puzzle. The first bottleneck regards the integration of the different pieces of the puzzle which typically requires involvement of regulatory specialists into the process.

Early involvement of regulatory people and thinking is essential to ensure that all aspects of the CMC development are integrated, aligned with nonclinical and clinical development and carried out according to an efficient regulatory strategy. For instance, regulatory specialists can enable a company to better manage tech transfer and scale up activities (which typically involves contract manufacturers and labs) by providing advice on the differing requirements from health authorities around the world for such activities, or to implement Quality by Design (QbD) concepts more efficiently by ensuring that the development is aligned with the regulatory strategy and QbD principles.

From QTPP to CQAs to Specification

The ICH Q8 Guideline describes the process by which pharmaceutical development progresses from concept to control strategy. According to the Guideline, a company first identifies a Quality Target Product Profile (QTPP) for the product to be developed and then identifies specific attributes that are critical to the quality of the product in accordance with the QTPP (critical quality attributes or CQAs). The essence of QbD (or the enhanced approach) described by ICH Q8 is the stepwise and iterative process needed to translate the QTTP to a product specification. According to this approach, first a risk assessment is expected to be carried out to systematically analyse all CQAs. Since the manufacturing process of biopharmaceuticals is complex, this necessarily involves many technical disciplines and can be a quite lengthy process. The risk assessment is followed by development studies to verify criticality and interrelationships of the many materials and process variables, normally using design of experiment studies. Based on the results of these DoE studies, the list of CQAs and the risk assessment is updated (reflecting the iterative aspect of the approach). As part of the DoE, a design space may be constructed, though the latter is not an essential part of the enhanced approach.

ICH Q8 covers a complex, multidisciplinary area that was identified as a common bottleneck due to the fact that many companies struggle to carry out their development projects in a focused and consistent way over the many years such a project takes. Instead they tend to operate more empirically and ad hoc. The concepts introduced in ICH Q8 (either the traditional or enhanced approach) are now seen as regulatory requirements in many cases. For instance, EMA biosimilars guidance states that “The QTPP should form the basis for the development of the biosimilar product and its manufacturing process.” Regulatory specialists can typically guide and drive these complex projects because they know what agencies expect and because they can communicate with all disciplines involved at a sufficient knowledge level. They can help establishing the (interrelated) development, control and regulatory strategies that adhere to global regulatory guidance.


Ensuring that your product remains comparable after manufacturing process changes during the complete product life cycle may be one of the most important challenges of drug development , and is the cornerstone of all CMC development and maintenance. (According to ICH Q8, development concerns the complete product life cycle, including the time that the product is on the market.) Comparability is a typical development bottleneck due to the fact that issues with it are a major source of Agency major objections to Marketing Authorisation, Extension and Variation Applications.

It is critical to prospectively determine acceptance criteria and design robust studies capable of detecting differences between pre- and post-change product. (Such a prospective approach would “automatically” follow from a QbD approach as described above.) Additionally, care should be taken to identify CMC changes that could impact product safety and/or efficacy, as it is well-documented that relatively minor changes can have serious effects. Regulatory specialists are well-placed to advise on the types of changes that alert the Regulatory Authorities.

Scientific Advice

When companies underestimate the importance of early Scientific Advice meetings with Agencies, this can often create a bottleneck in development if the outcome of such meetings means that a company needs to adapt a strategy/program that has already been initiated. This could have been avoided, had the meeting been sought earlier in development. In larger organisations there usually is sufficient experience in this field and it is common practice to prepare intensively and conduct rehearsals for these meetings. In contrast, this type of preparation slips by the wayside in smaller companies, to their potential detriment, as these meetings are a great opportunity to get valuable information about the viability of your development program, and thorough preparation enables a company to maximize the benefit they receive from the meeting.

Regulatory specialists are used to communicating with Agencies and, as a consequence, have the expertise to determine what questions are likely to elicit useful information from the agency, write the briefing book to the standards expected by the agency, to consult on meeting formalities, and to design rehearsals. 

The above examples illustrate four typical bottle necks that can seriously slow down development programs of biopharmaceuticals. But these examples also illustrate how strong involvement of Regulatory Affairs specialists early on in the project can make a big difference toward solving or preventing them.

Blog by:  Frank Hermens - Sr. Consultant at Xendo
If you have any questions don't hesitate to contact us!