18/09/2016

Fraud in ISO certified companies

ISO standards, safety regulations and fraud

Every year brings about new scandals in major industries damaging consumer's trust and spreading fear.

Fear about what we are eating:
The horsemeat scandal in Europe, with meat products, from ready meals to beef burgers, found to have been contaminated with horsemeat and pork. The scandal erupted after tests were carried out by the Irish Food Authority on a range of meat products sold in major supermarkets. Prior to that, no such tests had been carried out as no one had expected horsemeat, or pork, to be found in beef products. The farm-to-fork journey involves a lot of hands, with a lot of opportunity for criminals to step in and exploit weak links in the chain. This is an example of fraud with “intentional adulteration or misrepresentation of foods or food ingredients for economic gain”.

Fear about what we are breathing:
The Environmental Protection Agency (EPA) found that many Volkswagen cars sold in America had a "defeat device" - or software - in diesel engines that could detect when they were being tested, changing the performance accordingly to improve results. The German car giant has since admitted cheating emissions tests in the US for 482,000 cars in the US only, including the VW-manufactured Audi A3, and the VW models Jetta, Beetle, Golf and Passat. But VW has admitted that about 11 million cars worldwide, including eight million in Europe, are fitted with the so-called "defeat device". This was named the big "diesel dupe". And it seems that many other car manufacturers are doing the same thing...

Fear about the medications we take:
Each year big pharmaceutical giants end up spending billions of dollars in paying for fraud, misrepresentation of data and other such corruption allegations leveled out against them.

GlaxoSmithKline (GSK) paid $3 billion, the biggest fine ever after pleading guilty on three criminal counts in US, Novartis ended up paying $420 million and Pfizer paid $2.3 billion in related scandals. Here are a few examples of such scandals:



  • GlaxoSmithKline, the drug maker, promoted two drugs for unapproved uses and failing to report safety data about a diabetes drug to the US FDA.
  • Merck and Mumps Merck was involved in fraudulently representing the mumps component of its MMR vaccine. The company was blamed for fraudulently informing the public that the MMR II, used to replace the MMR Pluserix, was an effective vaccine, while studies had proved that the vaccines' effectiveness were said to be falsified. Reports further described a supervisor working for Merck manually changing test results that showed the vaccine wasn't working and then hurriedly destroying the evidence to keep the fraud from being exposed.
  • Roche and its medicine safety reporting system: European Medicines giant Roche had been alleged for working with national medicines agencies to investigate deficiencies in the medicine-safety reporting system of Roche. The company had identified about 80,000 reports for medicines that were marketed by Roche in USA that had not been evaluated to determine whether or not they should be reported as suspected adverse reactions to the EU authorities. About 15,161 reports of death of patients were included in these reports but the exact reason for these deaths or a probable link with the use of these medicines was not known.
  • Pfizer Harmful deceit on Celebrex scandal: Pfizer's research director indicated that a study conducted to determine whether an arthritis drug, Celebrex, was safer than other drugs like ibuprofen, was falsely represented. When an internal email pointed out that, ‘Pfizer and its partner, Pharmacia, were able to misrepresent Celebrex as a safer alternative because they only released the results of half of a yearlong study." The email stated that the FDA swallowed their story, hook, line and sinker. Pfizer was said to be involved in widespread work to promote the drug in ways not necessarily backed up by medical science, and to overcome the doubts of critics. In August 2012, the company paid $60.2 million to the US to settle charges that the company bribed government officials, including hospital administrators, government doctors and members of the regulatory and purchasing committees in China, Russia, Italy, Bulgaria, Serbia, Kazakhstan and Croatia to approve and prescribe Pfizer products.

  • Abbott's unlawful drug promotion: Abbot pleaded guilty to misbranding Depakote by promoting the drug to control agitation and aggression in elderly dementia patients and to treat schizophrenia, when the FDA approved neither of these uses. US DoJ said that the company had admitted that from 1998 through 2006, it maintained a specialized sales force trained to market Depakote in nursing homes for the control of agitation and aggression in elderly dementia patients, despite the absence of credible scientific evidence that Depakote was safe and effective for that use. The FDA had originally approved the drug for epileptic seizures, bipolar mania and the prevention of migraines. The drug was never approved for controlling behavioral disturbances in dementia patients. This was because the drug was found to be dangerous in elderly patients causing some of them to suffer from dehydration and anorexia after using this drug.


Two questions:

1/ How can companies operating under their ISO 22000, ISO 9001, ISO 14001, AS9100 ISO/TS 16949, or ISO 13485 certifications, along with the GMPs, GLPs, GCPs compliances, get away with fraud of this scale? Well, the truth is that any organization found to be intentionally shipping nonconforming product should be stripped of their certifications, approvals or literally shut-down when it is a regulated industry such as pharmaceuticals, aerospace, and medical devices. This is the most serious major nonconformance an auditor can find.

2/ how can management systems compliant to these standards or regulations allow for such fraud to happen? Well, fraud, can by-pass and circumvent them all! The Finance world with their major scandals that almost caused the collapse of the US and the world's economies (Subprime, Enron, Lehmann, Madoff), were the first ones to understand that without a whistleblower program, any policy, rule, regulation and law can be circumvented or violated. So the Sarbanes-Oxley (SOX) Act was created to protect whistleblowers working at publicly-traded companies or at contractors and subcontractors of publicly-traded companies. By enacting SOX, Congress intended to dismantle a corporate culture that discouraged employees from reporting fraudulent behavior internally or to outside authorities.

ISO standards, and GMP/GCP, regulations need to have requirements for a whistleblowing system to enhance their ability to ensure what they are meant to provide to consumers, patients, and citizens at large.
The requirements need to:
  • Ensure the corporate whistleblowers can provide information about fraud and corporate deceit. A whistleblower needs not show that an actual violation occurred so long as the employee reasonably believes that the violation is likely to happen.
  • Prohibit a broad range of retaliatory adverse employment actions, including discharging, demoting, suspending, threatening, harassing, or in any other manner discriminating against a whistleblower.
  • Ensure that an employee must prove by a preponderance of the evidence that he/she engaged in protected activity; the employer knew that he/she engaged in the protected activity; he/she suffered an unfavorable personnel action; and the protected activity was a contributing factor in the unfavorable action. A contributing factor is any factor, which, alone or in connection with other factors, tends to affect in any way the outcome of the decision. Causation can be inferred from timing alone where an adverse employment action follows on the heels of protected activity.
  • Once the employee proves the elements of whistleblower retaliation claim by a preponderance of the evidence, the employer can avoid liability only if it proves by clear and convincing evidence that it would have taken the same unfavorable personnel action in the absence of the complainant’s protected behavior or conduct.
  • Ensure a prevailing whistleblower can recover lost wages and benefits, reinstatement, special damages, which includes emotional distress, impairment of reputation, personal humiliation, and other non-economic harm resulting from retaliation.
  • Ensure a whistleblower can freely file a violation of company policy/rules, law, regulations, or threat to public interest/national security, as well as fraud, and corruption.

The newly released Auditor and Lead Auditor courses:

-The ISO 9001:2015 Lead Auditor Training
-The ISO 9001:2015 Auditor Training
-The ISO 13485:2016 Lead Auditor Training
-The ISO 13485:2016 Auditor Training
-The ISO 14001:2015 Lead Auditor Training
-The ISO 14001:2015 Auditor Training

Consult our eLearning catalog for standards and regulations



18/11/2014

Update on ISO 9001:2015 Standard

The final draft of ISO 9001:2015 is close to being released. The focus is still on a process-based approach to produce desired outcomes, but several changes are to occur from the ISO 9001:2008 version: The process approach strongly emphasizes that the quality management system has to be woven into and fully aligned with an organization's strategic direction. The PDCA (plan-do-check-act) methodology is superimposed on the system of processes, which will apply both to individual processes as well as the quality management system as a whole. A strong focus on risk-based thinking is required now. It is aimed at "preventing undesirable outcomes," such as non-conforming products and services. The standard will be released in early 2015, with a 3-year transition period. Organizations and individuals should be proactive in upgrading their training and starting to implement changes of the requirements. CALISO will be releasing online courses for the new versions of ISO 9001, ISO 14001 and ISO 13485 shortly after the official released dates. The courses will be very competitively priced to ensure that our customers minimize the training cost of their transitions.

31/07/2014

First draft of ISO's standard for sustainable communities

The First draft of ISO's standard for sustainable communities reaches CD stage; ISO 37101 sets requirements, guidance and supporting techniques and tools for sustainable development in communities, has now reached Committee Draft stage.

Energy audits with ISO 5002

Companies and organizations are integrating an energy management system to reduce consumption. Now, however, they can take this exercise a step further with the new ISO 50002:2014, the International Standard on energy audit, which will help them make informed decisions about how they use their energy.

16/05/2014

US rejects the new ISO 9001 draft!

Do Not Rush Implementing Revisions

The ISO 9001 Committee Draft received has only received a 78% approval rate! There were 12 negative votes from representatives of major countries such as the US, Germany, Japan, and Canada and 3,000 comments that need to be addressed!

Only when the hurdles of these comments and negative votes are cleared, a Draft International Standard (DIS) can be released.

Same issues are facing Annex SL, which was developed as a skeleton on which all International Management System Standards will be built. Its purpose is to make life easier for organizations implementing multiple standards by standardizing their language, terminology and format.

The new draft international standard (DIS) of ISO 14001 is only expected in late 2014 and a final standard a year later with a 3-year transition period.

So it is better to wait and continue with the current versions of these standards, which may be around for another 4 years!!!

No Rush implementing revisions :)

Consult our eLearning catalog for standards and regulations

04/03/2014

Strategic decisions before ISO 9001:2015

Strategic decisions before ISO 9001:2015

The new update to ISO 9001 is going to be major in nature, yet it can be painless for organizations that adopt a correct transition strategy.

For companies that are already certified:

  • Management marginally involved in the current ISO 9001 compliant management system, needs to increase its focus and start progressively build auditable records as objective evidence of its involvement.
  • Quality objectives need to be progressively fine-tuned to be more business oriented, and with greater emphasis on producing desired outputs and providing confidence in the organization’s products.
  • At upcoming management reviews, time needs to be spent at identifying risks and opportunities and planning actions to address these business and quality risks and opportunities identified. This activity will replace preventive actions when the new standard is finally released, so it would be smart to merge this risk analysis activity with Preventive Action reviews in the Management Review agenda form now on. Again, we are talking about identifying and addressing risks, which can affect conformity of goods and services and customer satisfaction.
  • NOTE: the major change to the ISO 9001 implies that ISO 13485, ISO/TS16949, ISO 22000 and ISO 14001 will also be seeing updates soon.

    For companies that dropped their certification or are not currently certified:
  • First advice, is that you should seriously consider achieving certification to ISO 9001:2008 registration by December 2014, which is an easier standard to be certified to. You will then have 3 years to transition to ISO 9001:2005.
  • For companies, which for economic or organizational reasons cannot get certified by December 2014, the Draft International Standard should be released before August 2014. It should be purchased so as to start progressively implementing some of the "heavy" requirements of ISO 9001:2015 such as risk analysis and the business focus of the management system. It will make a future registration effort less difficult.
  • Consult our eLearning catalog for standards and regulations

    Quality of our Online Courses:

    We are very proud of the quality of our online training program, it has taken years of development with the help of leading industry experts, auditors and consultants.  Our clients list includes HP, Baxter Healthcare, Philips, Bayer, the FDA, Dell, Philips Medical Systems, Boeing, Sun Microsystems, 3Com, Lucent, the US Military, and CISCO.  Our rate of repeat customers taking a second online training class or registering more members of their organizations is very high.  This is our ultimate validation of customer satisfaction with the online training classes.

    ISO Training growth

    You can view our new Free Document Control video: Tips for effective Document Control.

    10/12/2013

    Update on the upcoming changes to ISO 9001

    The revision of ISO 9001 due in 2015 has made yet one more advance: The draft is available for review.
    A close look shows that ISO 9001:2015 follows the new structure common to all management system standards: It has now 10 main clauses. The requirements are in clauses 4-10. Unfortunately many requirements you know are now located differently. I.e. requirements for both management review and internal audit are now under Clause 9 Performance Evaluation. 'Management Responsibilities' is now under Clause 5 Leadership.

    Other notable changes are:

  • Preventive action has been removed and replaced by Risk management.
  • A new clause 4 requires the organization to consider itself and its context, and to determine the scope of its quality management system. Which is a more comprehensive approach than that actual requirement of ISO 9001:2008 of just determining your scope.
  • Procedures and records were replaced by 'Documented information' with no mandatory procedures. That is going to open the door to a lot of interpretations and uncertainty both for organizations and auditors.
  • A terminology adjustment was made: the term 'product' was replaced with 'goods and services' to make the standard more generic a wide-reaching in nature.
  • The principle of 'A systems approach to management' was removed leaving only 7 Quality Management Principles, and 'Relationship Management' replaces "Mutually beneficial supplier relationships".
  • 01/11/2013

    Survey of ISO certifications worldwide

    ISO.CH has published it survey of ISO certifications worldwide. It reveals healthy growth across the board for all certifications including continual growth for ISO 9001: