By IJ Arora, Ph.D.
In leading my team of consultants, I have emphasized the importance of the integrated approach to management systems. Very often the client only needs us to provide insight into a discrete system for a single standard. That is fine since, after all, in such a relationship the objective, scope, and criteria are decided by the client.
Those of us on the QMII team recently worked with a client on ISO 21973:2020, and this article represents my thoughts and experience in using the standard. ISO 21973:2020 is relatively new (now a bit more than four years old) and it outlines general requirements for the transportation of cells for therapeutic use. It aims to address the unique challenges of transporting these sensitive biological materials by focusing on traceability, thereby ensuring complete tracking of the equipment, processes, and logistics involved in maintaining the cell’s environment during transit. This includes the chain of custody, chain of condition, and chain of identity. Although chain of custody is specifically mentioned in the standard, chain of condition and chain of identity are only implied.
ISO 21973:2020 provides guidance on the management of evidence in the justice system. It covers various aspects of evidence handling, including its collection, preservation, analysis, and presentation in court. Chain of condition refers to the documented history of how evidence has been handled, including information about who handled the evidence, when, and under what conditions. Chain of identity refers to the documented history of how the identity of the evidence has been maintained. This includes information about how the evidence was marked, labeled, and stored to ensure that it can be uniquely identified and linked to its source. The chain of condition helps to ensure the integrity and authenticity of the evidence; the chain of identity helps to prevent evidence from being tampered with or substituted. Both the chain of condition and the chain of identity are critical for ensuring the admissibility of evidence in court. By maintaining accurate and complete records of how evidence has been handled, investigators and prosecutors can help to build a strong case and increase the likelihood of a successful conviction.
ISO 21973:2020 addresses the chain of condition and chain of identity within the context of transportation of cells for therapeutic use. The chain of condition concept is central to the standard. It emphasizes the importance of maintaining the integrity and viability of the cells throughout the transportation process. This includes meticulous tracking of environmental conditions (e.g., temperature, humidity, etc.) and ensuring that these conditions remain within acceptable limits. In the chain of identity, the standard stresses the need to unequivocally identify the transported cells at all times. This involves robust labeling, tracking systems, and documentation to prevent mix-ups or substitutions. ISO 21973:2020 recognizes the critical role of both chain of condition and chain of identity in ensuring the safety and efficacy of cell-based therapies, even though these terms are not specifically used.
The standard provides a framework for establishing and maintaining these chains, helping to minimize the risks associated with transportation. To me, it is a shortcoming in the standard that it does not explicitly identify specific clauses for chain of condition and chain of identity. The concepts are integrated throughout the standard, particularly in sections related to transportation planning and risk assessment. These sections emphasize the importance of considering and mitigating risks that could affect the condition or identity of the cells during transport. Maintaining and controlling the appropriate temperature is crucial for cell viability (i.e., chain of condition). Packaging and labeling needs proper packaging; clear, unambiguous labels are essential for maintaining cell identity and preventing mix-ups. Transportation logistics are addressed in the standard as the need for secure transportation, including measures to prevent contamination, damage, and unauthorized access. Detailed records of all transportation activities, including temperature logs, handling information, and chain-of-custody documentation, are vital for demonstrating compliance with the standard.
The standard addresses risk management, emphasizing the need for thorough risk assessments to identify and mitigate potential hazards during transportation. It mentions the need for a quality management system in promoting the integration of transportation considerations into the overall management system for cell and gene therapies. I think a clear mention of genes in the introduction, as an appendix, or as a note would have made the standard more robust. It is true that the focus of ISO 21973:2020 is on cells; after all, the standard is titled “General requirements for transportation of cells for therapeutic use.” The focus, therefore, is on the overall handling and transportation of cells, regardless of their specific origin or modification.
The term “cells” broadly encompasses a wide range of biological materials, including those derived from tissues, organs, and even genetically modified organisms. It is true that cellular and genetic therapies are rapidly evolving, and a specific mention of “genes” could have limited the standard’s applicability as the field advances. However, the principles of chain of condition and chain of identity are fundamental for any biological material, including genetically modified cells. Therefore, these principles implicitly apply to gene therapies. Explicitly mentioning “gene therapies” or “genetically modified cells” could enhance clarity and provide a clearer framework for handling these specialized products. The standard should emphasize the unique challenges and considerations associated with transporting gene therapies, such as the potential for contamination or the need for specialized handling protocols. As the technical committee looks to future revisions of ISO 21973, hopefully they will incorporate more specific guidance on transporting genes. In its current form, the standard can lead to doubts in the minds of the implementer and make auditing without specific requirements difficult.
This standard meets a felt need and is certainly timely. Although it may present some initial challenges, the long-term benefits of increased quality and patient safety are likely to outweigh the costs. However, in first reading the standard, I found myself surprised as to why it is not aligned with the harmonized structure found in other ISO standards.
As an example, let us consider an organization using four ISO standards. This fictional company is registered to ISO 9001 to maintain a quality management system, provide conforming products and services, and achieve continual improvement. They implement ISO 14001 to meet environmental requirements and prevent pollution. The ISO 45001 standard helps maintain their occupational health and safety management system. Finally, ISO 28000 assists them in maintaining the security of their global supply chain. Each of the four standards is implemented using four departments and teams. My thought is, because all of these standards align with the harmonized structure, why would the company not combine their processes into a single management system covering all of these functions? In this example, one could demonstrate to the organization’s leadership how each of the policies, signed by him/her, contradicted one another. Because the internal audits are conducted separately for each standard, the paperwork and reports work well. However, at the ground level, the employees are in a dilemma as to which policy they should follow.
The plot further thickens when one of the standards does not employ the harmonized structure. These musings helped initiate this article as a means of highlight to the designers of the various standards that they should keep the fundamentals of the plan-do-check-act (PDCA) cycle in mind so that a process-based management system can be implemented in a systematic and integrated manner. It may not be possible to always have the harmonized structure, but surely an attempt at that should be made.
The structure of ISO 21973:2020 is a challenge in terms of the arrangement of the clauses. I admit that industry-specific standards such as this one are often developed from historical practices and may be based on ISO 9001 (e.g., AS9100) or may not be based on ISO 9001 (e.g., ISO 13485). Nevertheless, the strong suggestion, which is often a mandate, is to use ISO 9001 as the fundamental basis of a management system implementation.
Clause 8.3 of ISO 21973:2020 has a note suggesting ISO 9001 is almost an afterthought. However, paragraph 4 in the same clause mentions some of the elements of ISO 9001 as requirements. This, I think, makes it difficult for the organization as it is not a clear requirement, and therefore presents a challenge for auditors. Should a nonconformity be written, as per clause 8.3, if the organization does not have a quality management system? Considering the process-based management system approach, at the “plan” stage of the PDCA cycle, would it not have been prudent to have the requirements of clause 8.3 re-numbered and put right at the start rather than as an afterthought? It is mentioned in clause 4c, but the two thoughts need merging as the “plan” stage. ISO 9001 requires a process-based management system in clause 4.4.1 Why not align them?
Clause 4 of ISO 21973:2020, “General concepts,” could have aligned itself to the harmonized structure and required a policy (e.g., clause 5.2 in ISO 9001) and objectives (e.g., clause 6.2 in ISO 9001). Clause 5.3 of ISO 21973 requires risk management, verification, and validation, which is good. Keeping with the harmonized structure, these requirements could well have been aligned to clause 6.1 of ISO 9001.
Clause 5.3 of ISO 21973:2020 requires the factors to be considered, which then could have been aligned with clauses 4.1 and 4.2 in ISO 9001. This would have created a smoother link to the risk clause 6.1 found in ISO 9001. Some of ISO 21973:2020’s subclauses, such as 5.2.2.3, “Storage and handling,” and 5.2.2.4, “Shipping information,” are parts of the “plan” stage of the PDCA cycle and could be aligned easily. Clause 5.2.3.5 is the “do” stage and could have been harmonized with clauses 8 of ISO 9001.
The development of the harmonized structure has taken years. Why re-invent the wheel? It has taken ISO technical committees much time and effort to agree that knowledge and competency are two different things. Yes, organizations would like them both to improve so that personnel are knowledgeable and competent, as per clauses 7.1.6 and 7.2 in ISO 9001. In today’s technologically advanced world, training and qualifications are almost a requirement. However, training must lead to competence as the primary path of travel for organizations. So, clause 7.2 of ISO 9001 is clearly marked as “Competency” and the requirement is for records of competence. Where an industry-specific standard such as AS9100 has additional training requirements, it mentions these requirements as an add-on. My thought is that ISO 21973:2020 could have followed the same pattern. The journey from training to competence has been long. However, in the set of clauses under 8.2, “Personal training,” ISO 21973:2020 requires training, although in clause 8.2.1a it says clearly, “… determine the necessary competence…” as do subclauses 8.2.1b and 8.2.1c. Subclause c requires documented confirmation of competence.
I believe that ISO 21973:2020 is cumbersome to use. Implementing any new standard can be a slight challenge initially. I do agree that the benefits of increased traceability and reduced risk may outweigh the initial effort, however, the standard could at least have adopted the harmonized structure so it could be integrated into existing standards and management systems. Failure to do so can create challenges for organizations that operate across multiple jurisdictions with varying regulatory requirements. I am sure efforts are likely underway to harmonize this standard with other relevant regulations and standards.
ISO 21973 represents a significant step towards improving the safety and efficacy of cell and gene therapy transportation, and I am delighted that our team has taken to this and other medical standards with enthusiasm to meet the requirements of clients.
About the author
Inderjit (IJ) Arora, Ph.D., is the President and CEO of QMII. He serves as a team leader for consulting, advising, auditing, and training regarding management systems. He has conducted many courses for the United States Coast Guard and is a popular speaker at several universities and forums on management systems. Arora is a Master Mariner who holds a Ph.D., a master’s degree, an MBA, and has a 34-year record of achievement in the military, mercantile marine, and civilian industry.