The coronavirus (COVID-19) pandemic has forced biotechnology, pharmaceutical, and medical device companies to suspend normal operations and transition to new and innovative ways of doing business.  With current restrictions on international and domestic travel, traditional on-site audits are not possible, exposing organizations to increased compliance risk.  In some cases, remote audits may provide a viable alternative to ensure continued compliance and oversight.  This article will summarize best practices for selecting and conducting remote internal and external audits.

Audits may be performed on-site, remotely, or by using a combination of on-site and remote activities.  The use of remote audits should be considered in accordance with the relative risks to the organization as well the nature of the products and services provided.  Although remote audits do not provide the same ability to interface with personnel or visualize the facility, equipment, and procedures as on-site audits do, remote audits typically allow more flexible scheduling in addition to eliminating travel costs and time lost due to travel.

Conducting Remote Audits

Remote audits typically leverage technology such as videoconferencing and shared file folders to facilitate interviews and share documents and records.  Select appropriate technology platforms for communication and file sharing prior to the audit.  Popular videoconference platforms include Zoom and Microsoft® Teams.  SharePoint, Box, and OneDrive may be used for file sharing.  The auditee may already have a preferred technology in place.

Begin the remote audit with an opening meeting for introductions, an overview of the organization, and discussion of any logistics for the audit.  Following the opening meeting, a remote tour of the facility using a pre-planned route based on a map provided by the auditee may be conducted by use of video on a phone or tablet.  Discussions with subject matter experts to review processes and procedures may be conducted via videoconference at scheduled times in accordance with the audit agenda.

The auditor(s) may review facility records, inspection history, Standard Operating Procedures (SOPs), employee training records, deviations, corrective and preventive actions (CAPAs), subcontractor qualification records, and items specific to the products or services provided via an electronic file share.  Queries and requests for additional information or interviews may be directed to the audit host using an agreed upon communication method (e.g., email, telephone).  At the conclusion of the audit, schedule a closing meeting with the audit host and key sponsor representatives to discuss any audit observations, comments and recommendations.

Best Practices

As with any audit, preparation is key to an effective remote audit.  Ensure that all personnel are available at reserved times for planned discussions.  Test run any technology for communicating or file sharing and make sure to have the audit host’s contact information.

If a Confidentiality Disclosure Agreement (CDA) is required, make sure that it is executed prior to the start of the audit.

Request all documents prior to the conduct of the remote audit, such as the Quality Manual, Standard Operating Procedures (SOPs), personnel training files, Master Validation Plan, organization chart, facility diagram, and current certifications.  Review the organization’s inspection history and any previous audit observations.  Additional records may be requested based upon the products or services provided and potential gaps identified during the conduct of the audit.

About ComplianceLogix

Founded in 2009, ComplianceLogix is a Contract Quality Organization (CQO) that provides effective regulatory compliance training and quality assurance consulting services to industry leading biotechnology, pharmaceutical, medical device and international non-profit organizations developing innovative and life-saving therapeutics.  Our global network of industry experienced consultants can conduct remote audits, online regulatory compliance training, and other quality assurance consulting services to support your organization. Contact ComplianceLogix  if you would like more information about conducting remote audits.