Contain and Prevent
Reacting to Issues of Non-Compliance
It made for some attention-grabbing headlines this week when it was announced that Health Canada was holding over 5000 kg of product made by licence holder CannTrust. According to the news reports, the cannabis was produced in rooms that had yet to be licensed by Health Canada.
There are some big questions around this that the quality and regulatory folks (and, well, anyone) at CannTrust are no doubt grappling with. As quality people, we’re trained to look at this through the lens of containment and prevention.
Firstly, it sounds like the systems at CannTrust were sufficient to trace out exactly what product came from what plants in which rooms, allowing them to identify what material was affected by the Health Canada hold. It’s a good (though unfortunate) test that traceability systems are working.
Secondly, and more important to me, is the concept of prevention, and looking at prevention that will be effective long-term means looking at root cause. This is where some hard work lies ahead for CannTrust. What are some of the possible things they’ll need to be addressing moving forward?
I like to approach situations like this the same way I do issues occurring on the production floor in my own facility - let’s look at all the possible ways this could have happened, without ascribing malicious intent to people’s actions. What systems need to be updated, or put into place, to prevent this kind of event from happening again?
Perhaps floor staff moved the plants into rooms that were unlicensed without realizing they weren’t permitted growing rooms. What systems are in place to indicate “good” vs “bad” rooms? Maybe the rooms were cleaned and tagged as such already. Maybe the rooms were already set up in their ERP in preparation for licence approval. They were clearly already fully built with security and GPP elements already in place, as this is a requirement for licence application. All of these may have been the indicators that floor staff were looking for to know whether to use them for plants.
Even if the rooms were used accidentally, at what point should it have been noticed by someone who “knew better”. Would that have been production management staff? Quality staff? The regulations can be a tricky thing to decipher, and a lot of unwritten conventions and expectations exist between quality staff and the regulator. Without good communication and training on the particular point of using licensed/unlicensed rooms, it might not be clear what the rules are around use of unlicensed rooms. I can see the logic that might lead to their use; the rooms are entirely set up with GPP and security elements that would be needed for actual use. The only thing missing is a piece of paper. It’s feasible that the common understanding was just slightly off, perhaps thinking that material just couldn’t be SOLD until licence issuance. If some of that understanding was not widely communicated, it may have taken one of the regulatory or senior quality staff going by the rooms to realize there was a growing problem.
It’s also possible this was a conscious decision. Management’s job is to explore all options, including whether to use an unlicensed room. What would the likely consequences be? How much trouble would they be in? We all have to make decisions like this all the time in quality. What do you do with mouldy material that can’t be destroyed until tomorrow. Do you risk your other product and store it in your storage room? Or do you make a risk assessment against storing it outside of licensed locations and take the risk of regulatory non-compliance? Decisions on these matters all depends on a company’s individual risk-tolerance, and perception of the potential consequences from the regulator. Eyes will be on Health Canada’s reaction to this kind of issue, as it will inform other companies in their own risk discussions around non-compliance.
Lastly, perhaps this was a recent example of the phenomenon of the normalization of deviance. If you haven’t explored this, read up on some of the reports following NASA’s Challenger tragedy. Small excursions from normal process, or compliant behaviour, beget more and bigger excursions. Over time, operating outside the lines simply define the new lines, and everything seems normal again.
At the end of the day, moments like these are where quality has potential to shine in a company. Finding a way through the risk assessments, problem solving, and change management required following an incident like this is a challenging path, and one that quality folks are well suited to. We all make mistakes, missteps, and even poor risk decisions; multiple recalls throughout the industry have taught us that much. It’s how we react to those errors, and our effectiveness in the realm of prevention, that really define the quality of a company.