How to De-Risk Decentralized Cell & Gene Therapies Models

Decentralized manufacturing of Cell & Gene Therapies (CGT) at the Point of Care (PoC) are very complex treatments involving multiple stakeholders, systems and areas.

To identify, analyze and mitigate potential risks of decentralized vein-to-vein CAR-T manufacturing from patient enrollment until treatment closure in compliance with current regulations:

• Good Manufacturing Practices (GMP),
• Good Clinical Practices (GCP),
• Advanced Therapy Medicinal Products (ATMP) and
• General Data Protection Regulation (GDPR),

Here at KVALITO, we designed, developed, and successfully implemented an end-to-end business process mapping and its associated Business Process Risk Assessment (BPRA) in alignment with the International Society for Pharmaceutical Engineering (ISPE).

Challenge 

Decentralized manufacturing of Cell & Gene Therapies (CGT) at the Point of Care (PoC) is a complex process involving various stakeholders and systems. This business case demonstrates how KVALITO identified, analyzed, and mitigated potential risks associated with decentralized vein-to-vein CAR-T manufacturing, ensuring compliance with current regulations, including Good Manufacturing Practices (GMP), Good Clinical Practices (GCP), Advanced Therapy Medicinal Products (ATMP), and General Data Protection Regulation (GDPR). Significant challenges are present in this environment compared to traditional pharma manufacturing activities involving small molecules.

CAR-T treatments, classified as ATMPs, offer groundbreaking opportunities but present challenges due to their autologous and personalized nature. The decentralized vein-to-vein CAR-T manufacturing involves multiple stakeholders across hospital sites, Quality Control (QC) vendors, manufacturing hubs and central import authorization sites (MIA), requiring meticulous coordination.

At the POC hospital site (see Figure 1), critical Cell & Gene Therapy Level 1  steps include enrollment, apheresis, production, quality control, batch release dosing and infusion. Ensuring chain of custody, data integrity, product safety, and compliance with data privacy regulations are imperative throughout these steps:

• Patient enrollment (1) — this is the patient registering and consent.
• Apheresis (2) — patient’s blood collection with own materials used as a starting material (the T-cells)
• Production (3) — ex-vivo process of genetic modification and expansion
• Quality Control (4) — this step includes multiple activities: IPC (in-process control), external QC testing sampling & outsourcing testing.
• Batch release (5) — review & approval of Qualified Person (QP) to ensure potency, identity, purity, sterility, and safety.
• Dosing & infusion (6) —modified cell treatment is infused under strict temperature control, tight infusion windows and regulations.

What KVALITO did

To identify & analyze all the potential decentralized CAR-T manufacturing business process risks, we enabled the following holistic, top-down approach as summarized here:  

1/ Identification of High-level Decentralized Vein-to-vein CAR-T Manufacturing Platform Components:

• Defining a roadmap, risk-based analysis in alignment with the ISPE GAMP RDI Good Practice Guide: Data integrity by Design, 2020.
• Identifying all the components involved, such as systems, facilities, equipment, processes, critical data points and data flows, data lifecycle and applicable regulation.
• Collecting the most relevant Standard Operating Procedures (SOPs), forms, and outsourcing contracts, including Quality Agreements between PoC and the central site.
• Identifying all the L1 platforms decentralized vein-to-vein CAR-T manufacturing, autologous treatment since patient enrolment, followed by leukapheresis, manufacturing, sampling QC testing, QP release, infusion, and treatment closure (see figure 1).
• Identifying critical data points and data flows, retention, and archiving processes.
• Collecting previous risk & supplier assessments and relevant historical reports such as prior deviation logs.
• Analyzing applicable regulations, SOPs, Forms, outsourcing contracts and Quality Agreements to identify additional requirements.

2/  Business Process Mapping:

• Designing a SIPOC (Supplier, Input, Process L2 & L3, Outcome, Customer) Matrix approach for the entire decentralized vein-to-vein CAR-T manufacturing. It is a structured approach used in process improvement and business analysis to understand and document the key components of a process or system.
• Identifying critical data points and their GxP classification per their intended data and process classification use.
• Creating a Microsoft Visio business process mapping to help the business identify the risks associated with the systems, databases, or data flows.
• Identifying the business relationships between different business process steps.

3/ Business Process Risk Assessment and Risk Data Analysis

• Executing a Business Process Risk Assessment (BPRA), a non-system-specific risk assessment to evaluate, classify, analyze and control the Patient Safety, Product Quality, Business, General Data Protection Regulation or Data Integrity inherent in the process. It requires applying critical thinking by knowledgeable and experienced Subject Matter Experts (SMEs).
• Harmonizing the sectorial risks according to the potential impact on Patient Safety, Product Quality, Business, GDPR or Data Integrity across all the Business SMEs in Clinical, Manufacturing, QC and QA (Quality Assurance).
• Carrying out a gap analysis against current regulations to identify additional requirements or defined necessary thresholds.
• Performing a Software as a Medical Device (SaMD) assessment against any potential Medical Device equipment.
• Executing a Failure Mode and Effect Analysis (FMEA) in alignment with ISO 31000 Risk Management — including identifying root cause analysis, harms and hazards, classified as per Severity, Probability and Detectability for each Business Process step.
• Designing an Ishikawa diagram (also called “fishbone diagram”) to determine which data is directly involved in the critical processes such as batch record creation.
• Performing a Risk Data Analysis to identify the most critical business steps to streamline a robust platform to roll out to multiple PoC sites.

People, Processes and Tools 

People / Roles: 

• Business Process ExcellenceManager
• ATMP Business Analyst
• Digital Project Manager
• Junior Business Analyst
• Risk Manager
• Data Integrity Expert

Tools and Technologies: 

• MS Project
• MS SharePoint
• MS PowerPoint
• Business SME Stakeholder
• FMEA Risk Management
• Ishikawa Root Cause Analysis
• MS Visio
• MS Excel
• ServiceNow (SNOW)
• Veeva Vault

 Value Delivered 

• Defining a holistic end-to-end decentralized CAR-T vein-to-vein manufacturing business process on L1, L2 and L3 levels that could support the validation of the orchestration platform requirements.

• Consolidating a model to identify and analyze the business process risks in decentralized Cell and Gene therapy in alignment with Good Pharma practices.

• Identifying critical data points and data flows for continuous improvement, e.g., for batch record creation.

• Identifying critical data points and potential areas for continuous improvement (IT orchestration platform, business process, supplier, or Point of Care to streamline the platform.)

• Increasing GxP and data integrity compliance.

Clients

• CellPoint
• Galapagos
• Novartis Gene Therapies
• Novartis Pharma