TV SOP 22726 - v24.0

Number: TV-SOP-22726 Version: 24.
0 Status: Issued
Owning Location: Virtual Org - External Supply Integration (ESI)

Title: External Quality (EQ) Audit Procedure
Table of Contents:
1.0 PURPOSE ...................................................................................................................................................... 2

2.0 SCOPE ........................................................................................................................................................... 2
3.0 DEFINITIONS ................................................................................................................................................. 2
4.0 RESPONSIBILITIES ......................................................................................................................................... 8
py
5.0 PROCEDURE ................................................................................................................................................ 14
6.0 CONTENT REFERENCES ............................................................................................................................... 46
7.0 ATTACHMENTS ........................................................................................................................................... 48
Co
ing
ain
Tr
ThisThis
copycopy
of the
of document was was
the document generated on 09on
generated Oct
092023
Oct 2023 (EST). Page 1 of 60
Confidential
Number: TV-SOP-22726 Version: 24.0 Status: Issued

1.0 PURPOSE
1.1 This procedure defines the general process for selection, planning, execution,
classification/rating, follow-up, and reporting on quality audits of Janssen Supply Chain
(JSC) external manufacturers and suppliers to cGMPs, JSC specific requirements,
and Johnson & Johnson Supplier Audit, TV-SOP-15547.
2.0 SCOPE
2.1 This procedure applies to JSC External Quality (EQ) personnel who are responsible
for Janssen Supply Chain External Manufacturers and Suppliers.
py
2.2 This procedure applies to Johnson & Johnson (J&J) Regulatory Compliance (JJRC)
personnel and Contracted Auditors performing audits on behalf of EQ.
Co
Out of Scope: Regulatory inspections and Mock Pre-Approval Inspections (PAI) at EQ
suppliers are out of scope of this procedure.
For Regulatory Inspections at EQ suppliers refer to Regulatory Inspection and External

Audit Management (TV-SOP-26631). For Significant Regulatory Inspection follow-up
process, reference JJRC Audit, Assessment, Inspection and Regulatory Action Follow-
Ups (TV-SOP-13089).
ing
For Mock Pre-Approval Inspection (PAI), refer to Pre-approval Inspection Readiness
Procedure (TV-SOP-41307)
3.0 DEFINITIONS
ain
Refer to J&J Quality Standards Glossary (TV-GLS-00001) for commonly used terms.
For the purpose of this procedure, the following definitions apply:
3.1 Audit – An official visit of a facility and/or a review of documents to check for
Tr
adherence to established requirements:
3.1.1 Due Diligence Audit - License and Acquisition (L&A)– Audit performed to
assess risks prior to entering a licensing agreement or initial contract with a
proposed licensee or external manufacturer with regards to applicable
regulatory agencies and compliance requirements.
3.1.2 Initial Qualification Audit – An audit scheduled as part of qualification activities

of a new supplier.
3.1.3 Structured Surveillance Audit (Routine)– A regularly scheduled audit intended

to assess auditee’s adherence to quality systems and JSC requirements.
3.1.4 Onsite Audit – Audit performed at the supplier premises.
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

3.1.5 Remote Audit /Desktop – Version of an Onsite Audit except that it is not
conducted at the supplier premises, instead it is conducted using virtual
methods such as teleconferencing or video conference.
3.1.6 Remote Audit / Quality Questionnaire – A questionnaire that is sent to the

supplier to request information / documentation.
3.1.7 Remote Audit / Internal Assessment – Review conducted internally of

supplier’s performance data for low-risk suppliers.
3.1.8 Leveraged Audit / Purchased Audit – Audits (Onsite, Desktop or Quality
py
Questionnaire) utilized by a J&J Business Unit when the audits were conducted
by another J&J Business Unit or by an external party (such as an industry
consortium) or by the Supplier’s 3rd party auditors. Also, may be a purchased
audit from industry consortium for example, Audit One, F4ss, Rx 360 or
Co
EXIPACT
3.1.9 Shared Audit – Audits wherein more than one J&J Business Unit’s
requirements are assessed during the course of an audit.
3.1.10 Group Audit – Audits performed by J&J with non-J&J companies.

ing
3.1.11 For Cause Audit – An audit conducted in an immediate response to a serious
confirmed quality issue or concern at an EM/supplier, or when review of
specific quality systems is further needed. or to determine whether activities
are implemented effectively and suitable to achieve quality goals.
3.1.12 Technical Visit – A visit to an EM/supplier to support an internal investigation

ain
to identify potential causes or corrective actions.
3.1.13 Quality System deep dive (6-System Review) – A thorough review of all quality
systems or a subset (Laboratory Control, Material Management, Production,
Facilities & Equipment, Packaging & Distribution, Quality) applied at the
Tr
auditee. This deep dive is typically supported by questionnaires.
3.2 Audit Classification / Overall Audit Rating – Overall determination of the EM /

Supplier’s level of compliance.
3.2.1 Surveillance Indicated – A classification assigned to an audit where the overall

assessment (audit) results indicate that the company meets current standards,
that is, no significant concerns have been identified. This classification may
include suggestions for strengthening systems or improving strategies,
operations, processes, and procedures. Auditees receiving critical
observations should not be deemed surveillance indicated.
3.2.2 Corrective Actions Indicated – A classification assigned to an audit where the

observations cited during the assessment (audit) indicate the quality systems
may have weaknesses or gaps that require CAPA as defined by the CAPA
Standard.
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

3.2.3 Executive Action Indicated – A classification assigned to an audit where the

overall observations cited during the assessment (audit) indicate that there are
significant deficiencies in one or more quality systems that where the ability of
the EM/Supplier to adequately control product quality is compromised.
3.3 Audit Refusal – If after involving business partners, an EM/supplier provides positive
confirmation they will not participate in an audit or the supplier does not respond to an
audit request, or if a supplier refuses to be audited against the quality standards
required by J&J.
3.4 Audit Plan – Documented agenda to be provided to the auditee prior to the audit.
py
3.5 Audit Report – Listing of the audit observations and/or concerns forwarded to the
auditee, after the completion of the audit.
Audit Schedule – Listing of audits to be performed during a specific period.
Co
3.6
3.7 Audit Team – Person or persons responsible for performing the audit.
3.8 Auditee – External Manufacturer or Supplier being audited.
3.9 Audit Close-out Memo/Letter – Written notification provided to the Supplier when
ing
observations are closed. The system-generated Audit Closure Memo and TV-eFRM-
03368 are example templates that may be utilized. Closure notification is not required
for Leveraged and Purchased audits. In the event that the audit results in no
observations (refer to Sections 5.18.3 and 5.22.4), the audit report can be considered
as meeting the requirements of this definition.
ain
3.10 Contract Auditor – Non-J&J employee resources utilized for conducting an audit.
3.11 Controlled Substance: Any drug product, intermediate, precursor, active

pharmaceutical ingredient (API) or chemical that is controlled by the UN treaties or
by the local competent national authority (CNA). These can include raw materials,
Tr
laboratory standards, intermediates, final products and waste material. Controlled

substances are defined by class or schedules. Precursor chemicals are included
under this definition. These may be also called Dangerous Drugs/Controlled Drugs.
This does not include reagents or solvents on the United Nations “Red List” for the
intent of this standard.
3.12 EM Compliance Principle – The individual within JJRC who provides oversight of
follow up activities related to JJRC led audits, assessments, inspections and
regulatory actions.
3.13 Criticality Levels – Categorization of suppliers to a criticality level based on the

potential impact to the patient/consumer. Criticality Level 1 (CL1) suppliers pose the
greatest potential impact while Criticality Level 4 (CL4) suppliers pose the lowest
potential impact. Defined in TV-SOP-23047.
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

3.14 Direct Materials – Materials or components directly incorporated into a finished

product and/or the Bill of Material (BoM) as part of the saleable finished products. This
includes Active Pharmaceutical Ingredient, Biologics, Chemicals, Metals, Packaging,
Plastics and Fiber Non-wovens.
3.15 Distributor – An agent who performs all external supply activities consisting of
procuring, importing, holding, supplying or exporting of materials or products, apart
from brokering.
3.16 Effectiveness Checks – Verification through the use of objective evidence that actions
taken have met the intended purpose of the corrections/corrective actions and did not
py
introduce new issues or concerns.
3.17 EQ JSC – External Quality of JSC. This group represents the quality organization that
interfaces with external manufacturers, external contract labs and direct suppliers
Co
(Active Pharmaceutical Ingredient (API), Excipients & Packaging Components) and
indirect Materials/Services suppliers impacting GXP. In other J&J business units, this
may be identified as “Supplier Audit Function”.
3.18 EQ Account Owner (or Designee) – EQ designated personnel responsible for the
quality oversight of an External Manufacturer, Contract Lab or Supplier, including the
management of the corrective action plan.
ing
3.19 COMET will be used to manage audits performed in scope of this SOP. Specifics
concerning management of COMET audit records, observations and auditee
information management records are defined in TV-WI-59568.
ain
3.19.1 Audits initiated prior to the launch of COMET (Nov. 2022) will complete all
audit-related activities (including observation records) in the ETS Trackwise
system (Refer to TV-WI-26517)
3.20 Fill Finish External Manufacturer (FF EM) – Any non-Johnson & Johnson company or
affiliate which produces an intermediate or finished product or which performs
Tr
packaging of a released finished product. Also known as Finished Product (FP)

Supplier.
3.21 Follow-Up Strategy Classification - A classification assigned (that is, A, B, C, or D) to

JJRC Independent and External Manufacturer Audits, JJRC Directed audits, Post-
Acquisition Assessments, based on the observations identified and the response
received from the Fill Finish External Manufacturer. The classification correlates to a
strategy for conducting the Follow-Up.
3.22 Conditional Closure - Under special circumstances and with appropriate rationale, a
Follow-Up is closed prior to completion of all actions committed in the response.
3.23 Independent Reviewer - For the purpose of the Supplier Audit Program:
3.23.1 For Commercial Finished Products Suppliers - The individual within J&J
Regulatory Compliance (JJRC) providing observation classification and/or site
classification.
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

3.23.2 For Commercial Direct Material Suppliers - The individual within J&J
Regulatory Compliance (JJRC) providing observation classification.
3.24 Indirect Material/Service (GxP impact):
• Indirect Material/Service suppliers, contractors, or consultants providing materials or

services that can impact the quality of J&J products. (e.g. cleaning agents for
validated process steps, cleaning of direct materials, filters, containers, components,
contract labs, calibration services, pest control, etc.).
• Any material, including processing aids, product-stream contacting filters used to
py
manufacture a Drug Substance (large and small molecule API, and Janssen
Vaccines) or Drug Product but not appear in the product.
• External Contract Laboratories (ECLs).
Co
• Other quality impacting materials and services within the scope of the Quality
organization utilizing this SOP.
3.25 JJRC – Johnson & Johnson Regulatory Compliance, part of J&J Regulatory
Compliance (JJRC).
ing
3.25.1 For the purpose of this procedure, JJRC is the unit that conducts/oversees
independent monitoring audits of Commercial Finished Products and
Commercial Direct Material suppliers.
3.25.2 JJRC may also participate in Qualification Audits of Commercial EM sites.

ain
3.25.3 The EM Compliance Principals are part of the overall JJRC group
3.26 Observations - Identified non-conformances to J&J policies, standards, procedures,

and/or applicable health authority regulations.
Tr
3.26.1 Critical Observation – An observation is defined as "Critical" when any one or

more of the following conditions apply:
• Any non-conformance or non-compliance that will or already has adversely

affected product performance meeting specification, safety, therapeutic
efficacy, or regulatory requirements.
• Any non-conformance or non-compliance that if allowed to continue, might

result in product rejection, Field Action, or serious regulatory, action (e.g.
Warning Letter or similar).
• A repeat "Critical" or "Major" observation from a previous audit or a failure to

meet a commitment made to a regulatory authority.
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

• The observation represents the complete absence of one or more quality

system elements or system components necessary to meet regulatory
requirements including failure to comply with requirements of the Johnson &
Johnson Quality Policies (TV-QPOL-000031, TV-QPOL-000032, TV-QPOL-
000033, TV-QPOL-000034, TV-QPOL-000035, and TV-QPOL-000036)
and/or established standards.
• For Pre-approval audits, observations are considered critical if they

demonstrate that the process will not be reproducible or if they represent a
deficiency that would render the application non approvable.
py
3.26.2 Major Observation - An observation is defined as "Major" when any one or
more of the following conditions apply:
• Any non-conformance or non-compliance that might or might have adversely
Co
affected product performance meeting specifications, safety, therapeutic
efficacy, or regulatory requirements. (Note: The difference between "Critical"
and "Major" in this instance is that for "Critical" observations, the outcome is
will or already has occurred).
• Any isolated non-compliance in not reporting or reporting late any required

ing
regulatory/health authority reports or notifications. (Note: Frequent or a trend
in not reporting or reporting late to health authorities represents a "Critical"
observation).
• Non-compliance to requirements in the Johnson & Johnson Quality Policies

ain
and/or established standards that might have potential product impact.
• For pre-approval audits, this would include any observations that may cause
a delay in the approval if not resolved prior to the submission of the
application or pre-approval inspection.
Tr
3.26.3 Minor Observation - An observation is defined as minor when it is isolated and

will not adversely affect product performance meeting specification, safety,
therapeutic efficacy, or regulatory requirements or is unlikely to impact the
approval of the application if corrected promptly (may include non-compliance
to the Johnson & Johnson Quality Policies and/or established standards that
do not pose a risk and are easily remediated.
3.26.4 Recommendations / Others – Optional documented advice besides audit

observations to assure continuous quality improvement.
3.27 Supplier – A non-Johnson & Johnson individual or company that provides a product,
material, or services to a Johnson & Johnson business unit, including but not limited
to the development, manufacturing, testing, marketing commercial services, storage
or distribution of a Johnson & Johnson business unit product; or a company that
provides a product that a Johnson & Johnson business unit markets or distributes.
Johnson & Johnson Companies are included if required by regulation.
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

3.28 Supplier Corrective Action Plan (SCAP) – The plan submitted by the supplier for
supplier assigned audit observations (or by J&J for internally assigned observation)
which includes all the applicable sections such as root cause, correction, product
impact, corrective action, preventive action, systemic review and effectiveness checks
with associated dates and assignees.
3.29 Wrap-up Meeting: A meeting held at the conclusion of the audit, in which a summary
of the audit findings is discussed with applicable auditee site personnel.
4.0 RESPONSIBILITIES
py
4.1 Auditors performing audits on behalf of EQ are responsible for following this
procedure. An auditor may be a qualified EQ, JJRC, another Johnson & Johnson
affiliate employee or a contracted non-Johnson & Johnson qualified auditor. EQ
Co
Auditors are qualified following TV-SOP-25244, External Quality (EQ) Auditor
Qualification Procedure.
4.2 EQ Quality management is responsible for the EQ audit procedure oversight, approval
of the audit schedule and Approved Supplier List.
4.3 EQ and JJRC

ing
4.3.1 EQ Processes and Operations (P&O) develops and manages the audit
schedule for all supplier types covered in this procedure. Adhoc input may be
provided by business partners (e.g. Procurement, Discovery Product
Development Supply (DPDS), CMC):
• Develops schedule based on defined frequency per supplier criticality
ain
levels.
• Performs an annual close out of the audit schedule.
• Monitors effectiveness of the audit program through metrics and QSMR.
Tr
• Analyzes and communicates audit program metrics to EQ management and

stake holders.
• For JJRC led audits at FF-EMs P&O is responsible for audit system
processing.
4.3.2 JJRC creates audit records and performs structured surveillance (routine)
audits, and monitors the audit schedule for the following types of suppliers:
• Commercial Finished Products EM.
• Commercial Direct Materials EM/Suppliers.
4.3.3 EQ or designee creates audit records and performs other types of audits not
listed in section 4.3.2, including the following but not limited to:
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

• Commercial Repackaging EM / Co-packers.
• Third Party Logistics (3PL) – GMP High Risk Repackaging.
• Clinical EMs/Suppliers.
• GMP laboratories.
• Non-monitoring audits for FF EM/Direct Material EMs/Suppliers (e.g. due

diligence, qualification, for cause, ad-hoc, technical visit, etc.).
py
• Indirect Material Suppliers & Service Providers under the quality oversight
of EQ.
Note: See Attachment 2 for additional guidance related to Qualification Audits.
Co
Note: Pre-Approval Inspections (PAI’s) are supported by pharma regulatory
compliance for independence.
4.3.4 If a confidentiality or non-disclosure agreement is required specific to the audit,

the EQ Account Owner is responsible for the negotiation and related activities.
ing
4.4 Lead Auditor
4.4.1 Plans and conducts supplier audits by working with the audit team and the
supplier per the requirements stated in this SOP.
ain
4.4.2 Works with business partners to identify appropriate audit team members.
4.4.3 Issues audit reports and observations within the stipulated timeline(s).
4.4.4 Interfaces with Independent Reviewer for observation ratings and audit
classification.
Tr
4.4.5 Ensures that other individuals participating in the audit as auditors are fully
qualified to perform their role.
4.5 Auditor
4.5.1 Assists the Lead Auditor in the execution and reporting of the audit.
4.6 Subject Matter Expert (SME)
4.6.1 Provides specific knowledge or expertise about the system or process for all
necessary steps within the audit process.
4.6.2 Participates in audits as necessary.
ThisThis
copycopy
of the
of document was was
generated Oct
092023
Confidential

4.7 Qualified Persons
4.7.1 Participates in pre-audit discussions to provide insight into experiences with

supplier during QP reviews since last audit
4.8 Audits assigned to JJRC (see section 4.9 for audits not assigned to JJRC)
4.8.1 JJRC
4.8.1.1 Maintains JJRC Auditor Qualification, including the required training

and qualification evidence accessible to EQ.
py
4.8.1.2 Adheres to EQ’s annually approved Audit Schedule; and
communicates status at least on a quarterly basis.
4.8.1.3 Performs audits.
Co
4.8.1.4 Manages 3rd party auditing activities, ensuring 3rd party audit
Suppliers are qualified following TV-SOP-35065: EQ Supplier
Selection and Qualification Process.
4.8.2 JJRC Independent Reviewer

ing
4.8.2.1 Classifies audit observations.
4.8.2.2 Assigns FF EM follow up classification (JJRC for FF EMs

only).
ain
4.8.3 JJRC Regional Pharma Compliance Head (For FF EMs only)
4.8.3.1 Confirms the proposed Follow-Up Rating.
4.8.3.2 Confirms requested extensions to follow-up due dates.

Tr
4.8.4 EM Compliance Principal
4.8.4.1 Support Audit response development for JJRC led audits
4.8.4.2 Execute all Follow up for JJRC Led audits per TV-SOP-
49620
4.8.4.3 Escalate issues or risks to EQ account Owner/EQ

Functional Head
This copy of theofdocument

This copy was generated
the document on 09on
was generated Oct092023
Confidential

4.8.5 Additional responsibilities are shared between JJRC and EQ as described in
Table 1. Specific procedures are described in Section 5.

Table 1 – Audits assigned to JJRC only
JJRC Lead Auditor, EQ Account Owner,

unless specified below unless specified below
Scheduling • Schedules audit with supplier. • Introduces Auditing Body (JJRC, SQA etc.)
• Obtains information from COMET to Supplier.
Supplier Account Record and audit • Provides supplier contact information, as
records. applicable.
py
Preparation • Creates audit record in COMET. • Provides supplier related information (non-
• Sets up audit team as appropriate (e.g. conformances, change controls, applicable
Subject Matter Expert, JSC Global quality standards, specific regulatory /
Compliance, J&J Sterile Process country requirements, product information,
Co
Technology, Affiliate Qualified Person). quality agreement other relevant
• Reviews supplier information. information).
• Develops/issues audit plan. • Obtains confidential / non-disclosure
agreement for the audit, if needed.
For contracted auditors, JRC will serve as
the point of contact.
ing
Audit • Conducts audit • Is assigned as the “Auditee Contact” of the
execution − For commercial Direct Material, uses COMET Audit record
appropriate template as guide. • Participates in audits where appropriate.
• Writes and sends approved audit report • Updates COMET Supplier Account records
to supplier. (Risk Level, Audit Classification) For FF
• Completes audit record in audit system, EMs EQ P&O updates Supplier Account
ain
including audit classification. records (Risk Level, Audit Classification).
Supplier JJRC Independent Reviewer For non-FF EMs only – collects, reviews and
Response approves response.
For FF EM only, approves response,
determines follow-up strategy and
Tr
classification.
Corrective EM Compliance Principle (For EM only) For DMs only
actions
follow-ups • Completes follow-up process per TV- • Timely follows up on corrective actions and
SOP-49620 effectiveness checks, as applicable.
• Updates audit system observation records.
Audit EM Compliance Principal • Timely completes Close Out memo
Close-out
For FF EM only: • Sends to supplier.
• Notifies Account Owner of proposed For FF EM, provides final close out report;
Conditional Closure or Audit Closure. notify EM of closure.
• Updates data in Curve (or current
tracking system).
Audit Collects, reviews and communicates EQ P&O
Metrics audit metrics to EQ.
Manages the overall audit program.

Confidential

JJRC Lead Auditor, EQ Account Owner,

unless specified below unless specified below
Comet N/A. Updates Supplier Account records (Risk
Supplier Level, Audit Classification, Auditee
Account Qualification Status).
updates
NOTE: Last audit date and next routine
audit date will be automatically calculated
by the COMET system unless otherwise
documented by Account Owner. For audits
being completed in Trackwise post-COMET
launch, the Account Owners will manually
py
update the Last Audit Date and Next
Routine Audit Date in COMET
Escalation • Raises escalation of critical observation Leads risk assessment and escalation
or EAI rating, following escalation (following Escalation of Janssen Quality and
Co
standard. Regulatory Compliance Issues TV-SOP-
25014) within EQ and partners.
• Provides necessary input to EQ for the
escalation.
ing
ain
Tr

Confidential

4.9 EQ responsibilities for audits assigned to EQ are described in Table 2.
Table 2 – Audits assigned to EQ
Lead Auditor, unless specified below:

Scheduling Schedules audit with supplier.
Preparation • Sets up audit team as appropriate (e.g. Subject Matter Expert, JSC Global
Compliance, J&J Sterile Process Technology, Affiliate Qualified Person).
Note: For Commercial EM Qualification Audits, EQ will contact JJRC in advance to
request audit participation.
py
• Reviews supplier information (non- conformances, change controls, applicable
quality standards, specific regulatory / country requirements, product
information, quality agreement other relevant information).
• Develops and issues audit plan
Co
• Obtains confidential / non-disclosure agreement for the audit, if needed.
Note: See Attachment 2 for additional Audit Preparation guidance for Initial
Qualification Audits
Audit execution • Develops audit plan using COMET template.
ing
• Conducts audit.
Audit report • Writes audit report including observations in COMET .
• Sends report for review / approval by an independent peer qualified auditor.
• Issues audit report to supplier.
ain
Peer Reviewer:
• Reviews/approves in COMET
For L&A Due Diligence audits, a manual report may be applicable to protect
confidentiality.
Tr
Supplier response Reviews and approves corrective action plan. Consults with co-auditors, if
appropriate.
Corrective action • Follows up on corrective actions, as applicable.
follow-up
• Updates ETS / COMET observation records.
Audit close-out • Completes close out in ETS / COMET.
• Sends close out memo to supplier.
Audit Metrics EQ P&O collects, reviews and communicates audit metrics as applicable.

Confidential

Lead Auditor, unless specified below:

Supplier Account Updates Supplier Account records (AM Risk Level, Audit Classification, Auditee
Record updates Qualification Status).
NOTE: Last audit date and next routine audit date will be automatically calculated
by the COMET system unless otherwise documented by Account Owner. For
audits being completed in Trackwise post-COMET launch, the Account Owners
will manually update the Last Audit Date and Next Routine Audit Date in COMET
Escalation Leads escalation of critical observation or EAI rating, following escalation
standard.
py
4.10 Audit Team
4.10.1 Assists the Lead Auditor with developing the audit plan and performing the
audit.
Co
4.10.2 Provides the Lead Auditor with input for the final report.
4.11 EQ and JJRC Department/Regional Head, or delegate
4.11.1 Assigns qualified auditors.

ing
4.11.2 Reviews critical audit observations and Executive Action Indicated rating;
escalates as necessary.
4.11.3 Reviews audit metrics.
4.11.4 Approves yearly audit schedules (EQ) and reviews performance of audit
ain
program.
4.12 EQ VP
4.12.1 Assesses the issue(s) related to Critical Observations and Executive Active
Tr
Indicated Audit Results and determines (in conjunction with

Regional/Functional EQ Head) if further escalation is needed as defined in the
Escalation of Janssen and Regulatory Compliance Issues TV-SOP-25014.
4.12.2 Provides alignment on FF EM supplier corrective action plans with timing

greater than 12 months.
5.0 PROCEDURE
5.1 Supplier audits are performed to independently assess the conformance of EMs and
Suppliers to Quality Agreements established by J&J local laws / regulations, regulatory
/ health authority standards and EM / Suppliers’ internal procedures.
5.1.1 When specific participants are required per regulations, they must be
included in external and supplier audits as applicable.

Confidential

5.1.2 When preparing for an audit of an API supplier, which resulting finished
product to be exported to Canada based on Canadian Commercial Quality
notification, the Canadian Janssen Affiliate must be contacted in order to
confirm and follow up on specific Health Canada expectations (reference TV-
SOP-00431 Drug Establishment Site Licensing Submissions and
Maintenance)
5.2 Supplier audits are conducted for:
5.2.1 Onboarding / Qualifying a new EM / Supplier for addition to the Approved

Supplier List (ASL).
py
5.2.2 Monitoring existing suppliers and following up on previous audit observations.
5.2.3 Responding to EM / Supplier performance events (e.g. For-cause audits).
Co
5.3 Auditor Qualification
5.3.1 Prior to participating in an Audit as an ‘Auditor’, auditors must be qualified:
5.3.1.1 Auditors, including contracted auditors, are qualified following TV-

SOP-25244, External Quality (EQ) Auditor Qualification Procedure.
ing
NOTE: J&J Regulatory Compliance (JJRC) auditors performing
audits for EQ are qualified using the Johnson & Johnson Supplier
Audit Procedure, TV-SOP-15547.
5.4 The audit process overview flowchart is included in section 7.1.

ain
5.5 Scheduling and Monitoring Audits
5.5.1 During the first quarter of each calendar year, an audit schedule (Audit
Program) will be issued for the current calendar year, based on TV-SOP-
Tr
23557. If needed, the audit schedule for the upcoming year can be issued in
the fourth quarter of the previous year.
5.5.1.1 A draft audit schedule for the upcoming calendar year is provided to
the auditing group (e.g. JJRC) by November of the current calendar
year. Preliminary requirements may be shared sooner for onsite
audits.
5.5.2 The “EQ Audit Schedule” is approved by EQ Processes and Operations

(P&O) and stored in the COMET system. The audit schedule is updated and
approved biannually for the initial schedule and schedule completion/ closure.
5.5.3 If a Supplier in “Qualified-inactive” status is to be moved to “Qualified” or

“Qualified for Clinic” status, an audit shall be completed prior to use if the period
between the last audit and the date of proposed use exceeds the defined audit
frequency.

Confidential

5.5.4 The audits will be assigned the “Scheduled End Date” as 31 DEC YYYY. To
facilitate timely completion of the audits by year end, “Scheduled Start Date” in
COMET will be assigned in a staggered manner based on “Last Audit Date”
and audit frequency. The “Scheduled Start Dates” will serve as target start
dates only, while the audits are not due until the end of the calendar year.
Examples:
Last Audit Date Frequency Scheduled Scheduled END

START Date Date
py
03 FEB 2018 4 years 03 FEB 2022 31 DEC 2022
12 MAY 2020 2 years 12 MAY 2022 31 DEC 2022
10 JAN 2020 4 years 10 JAN 2024 31 DEC 2024
Co
5.5.5 The audit schedule shall list, at the minimum, the supplier name, supplier
location, supplier type, criticality level, type of audit (e.g. qualification,
surveillance), Enterprise risk category (Criticality Level), “Scheduled Start
Date” and “Scheduled End Date”.
Note: Audits of all FF EM’s and CL1 Direct Materials Suppliers are to be
ing
scheduled at the EM/Supplier locations.
CL1 Direct Materials Supplier monitoring audits will be performed preferably

on-site by JJRC.
5.5.6 The Schedule for commercial FF EM and commercial DM supplier audits will
ain
be provided to JJRC for audit planning. JJRC will complete these audits in
accordance with the Audit Schedule.
5.5.7 Audits not assigned to JJRC (section 4.9) shall be performed by EQ in

accordance with the Audit Schedule.
Tr
5.5.8 For each audit, a qualified lead auditor is assigned and is responsible for
activities included in section 5.6 through 5.18.
Note: For EM qualification audits JJRC will be invited to participate and will do
so when available. EQ and JJRC will jointly define which party is best to lead
and the other to participate in the audit.
5.5.9 Audits are scheduled in one of following types as required in TV-SOP-35065,

TV-SOP-23557. These audit types are described in sections 3.1.
• Onsite - includes Shared Audits and Group Audits.
• Remote audit - Desktop, Quality Questionnaire, Internal Assessment.
5.5.10 The audit schedule may be changed based on needs, and updated quarterly.
Changes Examples:

Confidential

• Addition / deletion / modification to ASL.
• Changes to EM / Supplier Criticality levels.
• On site for cause audit (e.g. performance issues, technical visits).
• Changes to audit type.
• Moving the audit to the next calendar year (e.g. EM/Supplier request).
• Management request.
py
• Market specific requirement (e.g. tighter audit type / period) based on market
regulations.
Co
• A different type of audit including no audit can be considered with proper
rationale in the COMET audit record.
5.5.10.1 For JJRC audits, the auditor will obtain change alignment with
Account Owner, and JJRC will document the alignment in the audit
record.
ing
5.5.11 Any audits not completed during the assigned audit period must be
extended/justified by the EQ Account Owner and approved in COMET by the
respective EQ Functional / Regional Head or designee.
5.5.12 An annual close out of the current year’s audit schedule shall be performed
ain
and documented by EQ P&O by the end of the first quarter of the following
year. It shall include the reasons if the schedule was not met, risk posed by the
delay (if any) and subsequent actions (if any). It shall be approved by the P&O
Head or designee.
Tr
5.6 Audit Preparation
5.6.1 The lead auditor or designee contacts the supplier or EM to schedule the audit.
5.6.2 For audits assigned to JJRC, EQ will provide JJRC with the EM/Supplier’s
quality contact information and introduce JJRC and/or 3rd party auditing firm to
Auditee.
5.6.3 Preparing for the audit
5.6.3.1 Once the audit date has been scheduled, solicit information (e.g. non-
conformances, specifications, criticality analysis, relevant risk
assessments, Quality Agreement and regulatory / country specific
requirements, etc.) as applicable from internal/external partners
across global sites/external manufacturers.
5.6.3.1.1 In the case of JJRC or contracted audit, EQ Account

Owner will provide applicable information to the auditor.

Confidential

ETS / COMET references may be provided to those with

access.
5.6.3.2 A pre-audit meeting will be conducted to review information collected

and to determine what information is required for the audit plan
(agenda) if JJRC is leading the audit. Attendees from the audit
function and Supplier Quality are required to attend the meetings.
5.6.3.2.1 If the Supplier provides products in scope of Qualified

Persons review (i.e drug substance, drug product,
finished product) the QP should be invited to
py
participate in the pre-audit meeting/ planning
5.6.3.3 Lead Auditor prepares the audit plan (agenda) to cover the relevant
items and informs the EQ Account Owner of the audit plan, if
Co
applicable. Audit Plan Templates can be used to assist in
development of the audit plan:
• TV-TMP-05068: SQ API Ptype 1-2 Audit Plan Template
• TV-TMP-05069: SQ API Ptype 3-5 Audit Plan Template
• TV-TMP-05070: 6 System Audit Plan Template

ing
• TV-TMP-05071: Medical Devices Supplier Audit Plan Template
• TV-TMP-05072: LM Excipient and Packaging Materials Audit Plan

Template
• TV-TMP-05073: Fill Finish and DPDS Audit Plan Template

ain
5.6.3.4 Lead Auditor discusses the proposed audit plan with the audit team,
if applicable. The audit team may include co-auditor(s), Subject
Matter Expert (SME), and/or Qualified Persons.
Tr
5.6.3.5 At the minimum, the audit plan (agenda) shall include the purpose,
scope, audit date(s), audit type, audit team, and applicable
regulations/standards.
5.6.3.6 Lead Auditor may include in the audit plan a list of items that the audit
team would like to receive prior to and/or during the audit, where
appropriate (e.g. SOPs and batch records).
5.6.3.7 Lead Auditor sends a copy of the audit plan to the auditee, audit team,
and EQ Account Owner in advance of the audit. The Lead Auditor
documents the date the audit plan is sent in COMET.
5.6.3.8 Lead Auditor uploads a copy of the audit plan in COMET audit record.
5.6.3.9 Prior to the audit, the audit team reviews the following (as applicable):
• Non-conformances, CAPAs, investigations, escalations, recalls.

Confidential

• Significant quality issues at the EM/Supplier’s sister companies.

• Previous audit reports and observations.
• Other J&J audit history.
• Expected major Health Authority inspections, as well as inspection
results, if applicable.
• Change controls and deviations occurring between the last and
current audit.
• Quality Agreement / Quality Requirement.
py
• Input from internal functional groups.
• Regulatory / Health Authority Standards.
• Local laws and regulations.
Co
• Controlled Substance Compliance requirements, if applicable to
supplier
• Any special requirements; for example:
• For suppliers of products that are fabricated, packaged/labelled,
or tested outside of Canada and listed on Operating Company
ing
DELs (Drug Establishment License) that would require a
corporate audit report to be submitted to Health Canada to
demonstrate GMP compliance per GUI-0080, How to
demonstrate foreign building compliance with drug GMP,
Issued by Health Canada on Jan. 18, 2018, the audit frequency
ain
and type shall meet the minimum requirement as required by

Health Canada of every three (3) years.
• Temperature controlled requirements
• If the manufacturer provide components used in downstream
Tr
aseptic connections, then ensure data in relation to potential

failure modes that may lead to a loss of system sterility has been
considered and is available.
• Excipient criticality levels and associated requirements (refer to
TV-SOP-23709).
5.6.3.10 If there is a need for confidentiality agreement or non-disclosure

agreement, the EQ Account Owner is responsible for coordinating
the activities of all parties to complete the CDA activities by
following TV-WI-36603, Confidential Disclosure Agreement (CDA).
5.7 Conducting Onsite Audits
5.7.1 The Lead Auditor begins the audit by conducting an opening meeting with the
supplier’s management or representatives to review roles of the audit team
members, audit plan, and general purposes to conduct the audit.

Confidential

5.7.2 The Audit Team performs the audit using the audit plan as a guide, including a
tour of the facility, interviewing individuals, and/or reviewing documents.
5.7.3 Conducts the audit related to applicable regulations, guidelines and J&J
policies, standards, and SOP’s for the type of product / material / service. The
applicable audit standards are documented in the audit report. Examples may
include, but are not limited to:
• Relevant GMP requirements (e.g. 21 CFR Parts 11, 210 & 211, 600, 601 &
610, 820, Eudralex Volume 4).
py
• TV-QPOL-000031: QPOL-1: J&J Quality Policy 1 – Quality Policy
Management
• TV-QPOL-000032: Q-POL-2- J&J Quality Policy 2 Quality Management
Co
Organization and Governance
• TV-QPOL-000033: Q-POL-3- J&J Quality Policy 3 Management

Responsibility
• TV-QPOL-000034: Q-POL-4- J&J Quality Policy 4 Research, Product

ing
Development and Design Controls
• TV-QPOL-000035: Q-POL-5- J&J Quality Policy 5 Operations and

Production Management
• TV-QPOL-000036: Q-POL-6- J&J Quality Policy 6 Measurement, Analysis

ain
and Improvement
• TV-MAN-00657: Global Framework for Janssen Quality Management

Systems.
• Applicable J&J Standards such as TV-QPS-00086: Pallet Management.

Tr
• IPEC/PQG and EXiPACT for Excipients.
• ISO15378 for Packaging Material.
• ISO13485 for Medical Devices.
• ISO 9001 guidelines.
• ICH guidelines.
• Quality Agreement / Quality Requirement.
NOTE: Refer to TV-FRM-20149 for additional Quality Standards and

Regulations.

Confidential

5.7.4 Reviews and records relevant information relevant to the audit objectives,
scope and criteria. Evidence obtained will be compared against standards /
regulations and procedures, as applicable.
5.7.5 Evaluates effective implementation and maintenance of the quality systems

and determine if processes and products meet established parameters and
specifications. Examples, where applicable:
• Reviews if a Quality Agreement / Quality Requirement (if necessary) is in

place and if the supplier adheres to the Quality Agreement / Quality
Requirement.
py
• For existing EMs, the auditor reviews batch record documents for
confirmation of the Delegated Batch Record Review and Release process,
if applicable. The auditor documents the batch number(s) in the audit report.
Co
For audits not performed by J&J, alternatives may be used to meet this
requirement.
• Reviews J&J audit history.
• Reviews expected major Health Authority inspections, as well as inspection

ing
results.
• Reviews Major changes in organization, ownership, facilities, manufacturing

processes, product portfolio, newly introduced products or product classes
such as sensitizing products (antibiotics, hormones, animal and human
derived materials, pesticides, etc.).
ain
• Reviews changes and deviations that occurred since the previous audit.
• Verifies if those changes were reported to J&J in line with the current quality
agreement and whether implemented changes may affect the regulatory
Tr
files of the supplier or J&J. If questionable changes or deviations are

discovered during audits, a follow-up is to be agreed with the supplier to
evaluate potential impact on J&J filing and / or quality. Escalation should
be started in case of potential critical issues. In the case of audits led by
JJRC, the Lead Auditor must notify the EQ Account Owner.
• Reviews change to BSE/TSE/GMO/Melamine status in the related

materials, as well as any change in the manufacturing plant (e.g. new
products manufactured in the same equipment) that may impact the
BSE/TSE/GMO status. Obtains BSE/TSE/GMO certificate.
• Verifies the compliance with ICH Q3D and that Elemental Impurity
Assessment Reports (EIAR) are in place.
• Reviews any other areas of focus highlighted by material/product risk

assessments (e.g. Criticality Analysis, Excipient Risk Assessment, etc.).

Confidential

• Reviews effectiveness of corrective actions related to Major and Critical

Observations from previous audits and associated records, if applicable,
including internally assigned observations. This is not required for FF EM
audits that have had a follow up completed. Refer to section 5.15.2 for
managing repeat observations.
• Reviews specifications and test methods.
• Reviews products supplied to J&J are solely produced in manufacturing

areas or equipment previously agreed with J&J, where applicable. Attention
is given to the overall manufacturing set-up (e.g. in dedicated vs. multi-
py
purpose equipment or buildings, level of environmental control etc.).
• Reviews local manufacturing and importing license/certification. Example:

Canada Health has specific requirements. See section 5.6.3.9.
Co
• Reviews whether any reduced controls on materials/components receipt
(tailgate samples/reduced incoming sampling/reduced testing) at the
finished product manufacturing site can be supported by the audit, if
applicable (e.g. by reviewing sampling plan / process / procedures at the
auditee versus JSC requirements/specifications).
ing
• Reviews relevant cGMP/quality system elements (e.g. Training,
Investigations, Change Control, Internal Auditing, Qualification / Validation,
Data Integrity/IT systems etc.) and evidence of their execution.
• Reviews relevant controlled substance compliance elements (e.g.

ain
Documentation, Licensing, Government Reporting, Security measures,

Compliance monitoring, etc.) and evidence of their execution.
• For EMs, qualification and monitoring audits must include a verification

that the EM has the applicable authorization(s) for the scope of operations
Tr
at the EM. E.g., Manufacture of medicinal products in the EU or

importation from a third country is subject to the holding of a Manufacturing
and Importation Authorization (MIA). The National Competent Authority of
the Member State in which the manufacturer or importer operates issues
these authorizations. This applies to other countries/ regions as well and
should be checked and verified as applicable. This requirement includes
verification of appropriate controlled substance licensing, if applicable to
the product type in scope.
5.7.6 If the audit plan could not be completed (as required by the scope of the audit
and the audit plan), the reason(s) should be explained and justified. If access
was denied to any relevant areas of the site this should also be recorded and
explained.
5.7.7 At the end of the audit, the Lead Auditor shall conduct a closing meeting with
the Auditee’s management or representatives prior to leaving the site. A daily
wrap-up meeting is optional. Topics may include:

Confidential

• Observations identified during the audit, follow up process, audit report

issuance, expected supplier response and corrective action contents,
timing, distribution, and escalation process, as applicable.
5.8 Conducting Remote Audit / Desktop
5.8.1 All the requirements for Onsite Audit of this procedure apply to Remote Audit /
Desktop with the following differences:
5.8.1.1 The audit shall be conducted with the supplier’s management or

representatives by methods such as teleconferencing or video
py
conferencing.
5.9 Conducting Remote Audit / Quality Questionnaire
Co
5.9.1 The Lead Auditor or designee shall send one of the following questionnaires to
the auditee to complete:
• Audit Report Quality Questionnaire QMS Suppliers – for auditees whose

Quality Management Systems are certified by a Notified Body – TV-eFRM-
03401.
ing
• Audit Report Quality Questionnaire Non QMS Suppliers – for auditees
whose Quality Management Systems are not certified by a Notified Body -
TV-eFRM-03402.
NOTE: EQ may request additional questions (examples: material information,

ain
reduced testing) to be added to the questionnaire.
5.9.2 The Lead Auditor or designee shall establish and communicate the timeline for
the completion of the Quality Questionnaire to the Supplier.
5.9.3 The Lead Auditor and EQ Account Owner will document in COMET
Tr
Owner Audit System dates Audit

System
location
“Start Date” (COMET) = Date the
questionnaire is sent to Supplier.
Auditor “End Date” (COMET) = Audit Record
Date the completed questionnaire is
received from Supplier.

Confidential

Owner Audit System dates Audit

System
location
Audit Rating, Risk, and “Next Routine
Audit Date” =
5.9.3.1 “Last Audit Date” + prescribed frequency
Supplier
following TV-SOP-23557.
EQ AO Account
5.9.3.2 For audits being completed in Trackwise Record
post-COMET launch, the Account Owners
will manually update the Last Audit Date
py
and Next Routine Audit Date in COMET
5.9.4 If the auditee does not submit the completed Quality Questionnaire form, refer
to the Audit Refusal section (Section 5.25) of this procedure.
Co
5.9.5 Upon receipt of the completed Quality Questionnaire and evidence (where
needed), the auditor shall document the review in the questionnaire within 60
calendar days.
5.9.6 Any observations noted shall be documented in the questionnaire and in

ing
COMET / ETS as individual observation records and sent to the Supplier.
5.9.6.1 If the Quality Questionnaire was not able to confirm the adequacy
of the auditee’s Quality Management System (QMS), then a
Desktop Audit or Onsite Audit may be considered. The rationale for
change in the audit type shall be documented in the Quality
ain
Questionnaire and audit record by the assigned auditor. The “Title”

and the “Type of Audit” in the audit record shall be changed
accordingly.
5.9.6.2 Indirect Materials/Services Suppliers (e.g.CL3) - If the Quality

Tr
Questionnaire was not able to confirm the adequacy of the auditee’s

Quality Management System (QMS) then supplier will not proceed
for qualification if it is a new supplier qualification. In that case an
alternate supplier should be searched who can meet the
qualification requirements. For Legacy CL3 supplier, an internal
assessment is to be performed as per section 5.25.6.
5.9.6.3 The triggers for change of audit type may include, but are not limited
to, the auditee’s failure to complete required sections of the Quality
Questionnaire, an issued regulatory violation (i.e. Warning Letter,
FDA 483 Citation) since the last audit of the auditee, any Quality
Questionnaire responses that were found to be unsatisfactory or it
is deemed by the auditor that the additional information is needed.
5.9.7 Approvals by Independent Review (for JJRC audits) or Independent Qualified

Peer Auditor/Regional/Functional Head (for EQ audits) will be documented in
COMET

Confidential

5.10 Conducting Remote Audit / Internal Assessment (IA) TV-eFRM-03400
5.10.1 Internal Assessments consists of review of supplier’s performance data for low-
risk suppliers.
5.10.2 It is acceptable to complete one form for multiple suppliers provided the data
analysis for each supplier is documented and attached, covers all questions
included in the Audit Report – Internal Assessment, and includes signatures
from all required approvers in the main form.
5.10.3 IA assigned to JJRC
py
5.10.3.1 JJRC shall notify the Account Owner (AO) to initiate IA.
5.10.3.2 AO shall obtain needed information from internal sites if applicable

and document the review in TV-eFRM-03400 and provide
Co
documentation (if applicable) to JJRC within 60 calendar days. AO
shall sign the form as “Supplier Quality”.
5.10.3.3 JJRC shall review all documents and request any additional
information as needed from AO.
ing
5.10.3.4 JJRC shall approve the form as “Supplier Audit Function”. JJRC
shall attach all documentation and approve/issue the report in
COMET within 60 calendar days from the receipt of all
documentations. JJRC shall approve the COMET audit record.
ain
5.10.3.5 JJRC and EQ shall update COMET records:

Owner Audit dates & Audit Outcome Audit System
location
“Start Date” (COMET) =
Tr
Notification to AO to initiate IA
JJRC “End Date” (COMET) = Audit Record
When all required / requested
documentation are received from AO
Audit Rating, Risk, and “Next Routine
Audit Date” = “Last Date Audit” +
prescribed frequency following TV-SOP-
23557 Supplier
EQ AO
For audits being completed in Trackwise Account Record
post-COMET launch, the Account Owners
will manually update the Last Audit Date
and Next Routine Audit Date in COMET

Confidential

5.10.4 Internal Assessment assigned to EQ
5.10.4.1 EQ auditor will initiate the assessment by obtaining needed

information. Internal sites may be contacted, if applicable.
5.10.4.2 Auditor will perform and document the assessment using TV-
eFRM-03400, within 60 calendar days.
5.10.4.3 Auditor will sign the form as “Supplier Audit Function”, complete
the COMET audit record and upload the form and any applicable
documents. Signature for “Supplier Quality or Technical Owner”
py
on the form is not required.
5.10.4.4 Peer EQ auditor shall perform the review/approval in COMET.
5.10.4.5 Auditor shall update the COMET audit records:
Co
Dates & Audit outcome System
location
“Start Date” (COMET) = Initiation of assessment
“End Date” (COMET) = When all information is Audit Record
ing
available
“Audit Rating, Risk, and “Next Routine Audit Date” =
5.10.4.6 “Date of Last Audit” + prescribed frequency following
TV-SOP-23557 Supplier
ain
5.10.4.7 For audits being completed in Trackwise post-COMET Account

launch, the Account Owners will manually update the Record
Last Audit Date and Next Routine Audit Date in
COMET
Tr
5.10.5 If the result of the Internal Assessment is not adequate, then an alternate type
of audit may be performed. The new type of audit to be performed shall be
documented in audit record by the assigned auditor. The “Title” and the
“Type of Audit” in the audit record shall be changed accordingly.
5.11 Leveraged Audits from a J & J Business Unit
5.11.1 Onsite audits, desktop / remote audits, and monitoring questionnaires may be
leveraged from another J & J Business Unit.
▪ A JJRC-ERC audit of a J&J Business Unit that is identified as a supplier

for another J&J Business Unit may be leveraged and is managed under
the J&J Compliance Auditing procedure (TV-SOP-13085)
5.11.2 Internal Assessments may not be leveraged.
5.11.3 To leverage an audit, at a minimum, the following requirements shall be met:

Confidential

• The audit report shall have the applicable scope and quality criteria (i.e.
same location, similar process, product categories, services, material
type, quality regulation, etc.).
• The audit must have been performed and completed within the applicable
audit cycle period (example: if the audit frequency is every 3 years, the
leveraged audit cannot be more than 3 years old).
• In COMET, select Leveraged as “Audit Format”.
• Document the original audit date shall be listed as the audit date (e.g.
py
“Start Date” (COMET) and “End Date” (COMET) if different), not the date
the report was leveraged.
5.11.4 The original report issuance date from Affiliate shall be listed as the “Final
Co
Report Issued Date”.
5.11.5 The audit report will be reviewed by JJRC/EQ to ensure it complies with the
necessary elements/regulatory requirements of this SOP.
5.11.6 The audit response will be reviewed and accepted by the J&J Unit that
conducted the audit. It is not the responsibility of the leveraging J&J Unit.
ing
5.11.7 An audit rated as “Executive Action Indicated” shall only be leveraged if
rationale is provided such as an accepted corrective action plan.
5.11.8 An approval from the Auditee, or verification that it is not contractually

ain
prohibited, is needed to leverage the audit within J&J Business Units is

needed. Different methods can be used to obtain such approval (e.g. Quality
Agreement or Purchase Order or written authorization from Auditee).
5.11.9 The audit rating assigned by the J&J Business Unit that conducts the audit will
be used as the final leveraged audit rating.
Tr
5.11.10 A documented assessment shall be made by the JJRC/EQ auditor before

accepting the audit report. Either of these methods can be used:
• Complete and upload TV-eFRM-03393 in COMET audit record.
• Enter the required information listed on TV-eFRM-03393 directly in audit

record.
5.11.11 Report approval will be documented in COMET.
5.11.12 The form (if applicable), audit report, and any applicable documents will be
uploaded to COMET audit record.
5.11.13 To close a Leveraged Audit, documented closure is required from the J&J
Business Unit that conducted the original audit.

Confidential

5.12 Purchased / Leveraged non-J&J Audits
5.12.1 Audits may be leveraged from an external party (i.e. Rx360, EXCiPACT etc.)
or from the Supplier’s 3rd party if the audit scope is suitable.
5.12.2 Prior to leveraging external party audits, auditor qualification shall be reviewed
and deemed acceptable based on a combination of education, training and
experience.
5.12.2.1 Qualification verification is not necessary for Notified Body

qualified auditors (e.g. BSI, TUV, etc.).
py
5.12.3 The requirements in section 5.11.3 of this procedure also applies to Purchased
/ Leveraged non-J&J Audits.
5.12.4 The audit response (supplier corrective action plan and corrective actions)
Co
should be accepted by the external party that conducted the audit.
5.12.5 All audit observations shall be reclassified by the responsible auditor as

Critical, Major, or Minor based on the definitions in this procedure. An overall
audit rating shall be assigned by the responsible auditor in COMET, following
section 7.3 Attachment 3. In the case of JJRC audits, the classifications shall
ing
be performed by the JJRC Independent Reviewer.
5.12.6 A documented assessment shall be made by the JJRC/EQ auditor before

accepting the audit report. Either of these methods can be used:
• Complete and upload TV-eFRM-03393 in COMET audit record.

ain
• Enter the required information listed on TV-eFRM-03393 directly in audit

record.
5.12.7 Report approval will be documented in COMET.

Tr
5.12.8 TV-eFRM-03393 (if applicable), audit report, and any applicable documents
will be uploaded to COMET audit record. Associated corrective action plan
and corrective actions shall be accessible.
5.12.9 To close a Leveraged Audit, the audit response (supplier corrective action
plans and corrective actions if any ) should be accepted by the external party
that conducted the audit.
5.12.10 To close the audit, the J&J Business Unit leveraging the audit is responsible
for assuring that all corrective action plans are complete.
5.13 Shared Audits (more than one J&J Business Unit’s requirements are assessed during
the audit)
5.13.1 Shared audits are audits conducted for more than one J&J Business Unit at
the same time. See section 5.11 for leveraging audits conducted at a

Confidential

separate time by another J&J Business Unit or section 5.12 for leveraging
audits conducted at a separate time by a non-J&J Business Unit.
Note: JJRC is not a Business Unit.
5.13.2 All the requirements stated within the Onsite Audits and Remote Audits
sections of this procedure will apply based on the type of shared audit.
5.13.3 The leading J&J Business Unit shall be responsible for:
5.13.3.1 Coordinating the audit with the supplier.
py
5.13.3.2 Issuing audit plan, audit report, following up with the supplier for
corrective actions, audit closure with objective evidence (if
applicable), and distributing the audit report to all applicable
recipients, including J&J Business Units that were represented.
Co
5.13.3.3 Managing and reporting the metrics associated with shared
audits, in accordance with the leading JJBU metrics.
5.13.3.4 Coordinating with the affected J&J Business Unit to address

observations specific to that J&J Business Unit.
ing
5.13.4 Observations of all J&J Business Units will be included in the shared audit
report.
5.13.5 In case of the audit report is written by another J&J Business Unit, the EQ/JJRC
auditor will:
ain
• Attach the audit report to the audit record.
• The audit rating assigned by the J&J Business Unit that conducts the
audit will be used as the final leveraged audit rating.
Tr
Note: Tracking of the corrective actions with suppliers is the

responsibility of the Lead J&J Business Unit (note: JJRC is not a
Business Unit).
5.13.6 When shared audits require management notification, all the affected J&J
Business Units will be notified for their assessments.
5.14 Group Audits
5.14.1 Group Audits are sometimes conducted with other Non-J&J organizations due
to restrictions placed by the Supplier by permitting only group audits.
5.14.2 All the requirements stated within the Onsite Audits and Shared Audits sections
of this procedure would apply depending on the scope of the Group Audit.
5.14.3 The Auditor shall be responsible for:

Confidential

5.14.3.1 Coordinating the audit with the Supplier.
5.14.3.2 Issuing the audit plan on behalf of J&J.
5.14.3.3 Documenting the results of the Group Audit, including

observations, in audit record in COMET.
5.14.3.4 Issuing the audit report to auditee.
5.14.3.5 Coordinating the follow up with the Supplier for all corrective
action plans and objective evidence and audit closure.
py
5.14.3.5.1 In the case of JJRC audits, the EQ Account Owner will
perform the activities related to corrective actions.
5.14.4 Audit rating will be determined by the observations listed in the J&J audit report,
Co
as shown in the Audit Rating Table in 7.3 Attachment 3.
5.15 Audit Observations
5.15.1 Each observation as a result of audit (Onsite, Remote Desktop or Remote

Quality Questionnaire) shall be written and rated as defined in section 3.25.
ing
Reference can be made to any applicable regulations and/or guidelines to
support the observation.
5.15.1.1 JJRC audits – observation ratings are assigned by designated JJRC

(FF EM) / JJRC Independent Reviewer (Non-FF EM) in ETS /
COMET audit record.
ain
5.15.1.2 EQ audits
• Rated by EQ auditor.
Tr
• Peer reviewed/approved in ETS / COMET audit record by another

EQ qualified auditor not involved in the audit, or by the EQ
Functional/Regional Head.
5.15.2 Repeat observations are those that have been documented in a

previous audit or inspection and evidence of the same or similar
observation is found in the current audit at the same site or in the same
procedure. These are the observations for which the previous
correction, corrective, and/or preventive actions have been determined
to be not conducted, ineffective, and/or not adequately scoped.
5.15.3 All confirmed critical observations (and repeat ‘Major’ observations that impact
patient safety) require notification within one (1) business day to the Functional
/ Regional Head and VP of EQ. They shall be responsible to assess the
issue(s) and determine if further escalation is needed as defined in the

Confidential

Escalation of Janssen Quality and Regulatory Compliance Issues TV-SOP-

25014.
5.15.3.1 For audits performed by JJRC, the lead auditor will notify the EQ
Account Owner, Compliance Principal and Independent Reviewer in
case of a potential critical observation. Once confirmed, the
escalation process for JJRC will be in accordance with TV-SOP-
13086.
5.15.3.2 In either case, the escalation will be led by the EQ Account Owner.
JJRC will provide necessary input, if applicable.
py
5.15.4 Risk Assessment is not required for potential EMs / Suppliers that will not be
added to ASL or for suppliers who have not provided any product or service
within the scope of the audit.
Co
5.15.5 In the audit report, the individual observations are described, and categorized
in accordance with the quality system sub-processes as defined by J&J Curve
Categories.
• EM/Supplier Quality Management

ing
• Facilities (Facilities, Utilities & Equipment)
• Laboratories (Analytical, Microbiological, Other)
• Management Responsibility/ Organization Personnel

ain
• Materials Control
• New Product Introduction
• Production and Packaging Processes

Tr
• Quality/Compliance Systems
• Validation/Qualification (Process, equipment & facilities validation)
5.15.6 (Optional) Advice and recommendations may be made on how observations

should be addressed by the auditee.
5.16 Audit Classification
5.16.1 Audit Classification will be reported as Surveillance Indicated (SI), Corrective

Action Indicated (CAI) or Executive Action Indicated (EAI) based on the
threshold table and notes in 7.3 Attachment 3.
5.16.2 Internally assigned observations will not be included in the count to determine
the Audit Rating.

Confidential

5.16.3 If a different rating than what is shown in the table is selected, necessary
rationale with approval from EQ is required in a timely manner.
5.16.4 All confirmed Executive Action Indicated ratings require notification within one
(1) business day to the Functional / Regional Head and VP of EQ. They shall
be responsible to assess the issue(s) and determine if further escalation is
needed as defined in the Escalation of Janssen Quality and Regulatory
Compliance Issues TV-SOP-25014.
5.16.4.1 For audits performed by JJRC, the lead auditor will notify the EQ
Account Owner, Compliance Principal and Independent Reviewer in
py
case of a potential Executive Action Indicated rating.
5.16.4.2 In either case, the escalation will be led by the EQ Account Owner.
JJRC will provide necessary input, if applicable.
Co
5.16.5 Risk Assessment is not required for potential suppliers that will not be added
to the ASL or for suppliers who have not provided any product or service within
the scope of the audit.
5.17 Audit Report and Documentation

ing
5.17.1 All audits must result in a written audit report that includes the following
information at minimum:
• Site & location
• Audit dates
ain
• Auditors
• Audit scope: processes, systems and areas covered & those planned
but not covered
• Requirements audited against
Tr
• Audit participants
• Observations (if applicable) classified as critical, major, or minor
• Conclusions, or rating (if applicable)
• Actions (corrections) taken by auditee during the audit (if applicable)
• The need for a subsequent audit (if applicable)
5.17.2 Document the verification of local manufacturing and importing license, GMP
certificate, and any relevant information, where applicable.
Note: for DPDS audits, these documents (in pdf) shall be sent to CMCRA ML
& GMP certs <CMCRAMLGMP@its.jnj.com> for upload in RIMdocs.
5.17.3 Request to receive the observations from the audit team, if applicable.

Confidential

5.17.4 Analyze the data collected by determining if audit observations are isolated or
systemic.
5.17.5 Categorize audit observations as defined in section 3.2 and by Curve quality
system area in section 5.15.5.
5.17.6 After the observations have been analyzed, circulate the report to the audit
team members for review, if applicable.
5.17.7 For observation(s) rated “Critical” and/or audit rated as “Executive Action
Indicated”, the VP EQ will be informed, as well as personnel stated in the
py
Management Notification Table of TV-SOP-15547. For JJRC audit, the
respective personnel and EQ Account Owner will be informed in accordance
with TV-SOP-25014. Additionally, for Supplier audits, Related Category
Director and QA Director of affected JSC sites will be informed.
Co
5.17.8 Document the Audit classification in TrackWise / COMET in accordance with
section 5.16.
5.17.9 Once rated as “Executive Action Indicated”, the supplier or the EM cannot be
used without a documented risk assessment (per TV-SOP-41199 – Quality
Risk Management Pharm Sector SOP). The mitigation strategy shall be
ing
developed by EQ and reviewed by JSC Global Compliance. Future orders
should be contingent on the risk assessment and the acceptance of the
corrective action plan. Critical observations must be corrected and verified by
visit or documentation.
5.17.10 Audits classified as “Executive Action Indicated” will be assessed by EQ in

ain
accordance with CAPA - Corrective Action Preventive Action (TV-QPS-00041).
5.17.11 The contents of the audit report will follow the applicable template.
5.17.12 A proposed re-assessment period should be documented, referencing the

Tr
applicable monitoring procedure, if applicable.
5.17.13 The audit report will be reviewed and approved:
• JJRC audits are reviewed and approved by JJRC Independent Reviewer.
• EQ audits are reviewed/approved by a qualified auditor who was not

directly involved in the audit or by the EQ Functional / Regional Head, prior
to the audit report being issued. This review/approval will be documented
in ETS/ COMET.
5.17.14 For audits performed by JJRC, EQ may request to review the audit report for
an accuracy review before the observation classification is performed by the
Independent Reviewer.
5.17.15 The Lead Auditor at a minimum shall sign the onsite or desktop audit report.

Confidential

5.17.16 If the Lead Auditor is a contractor (non-J&J employee):

5.17.16.1 On site and Remote audit:
Contracted Lead Auditor and a qualified JJRC/EQ auditor will
sign the report. JJRC/EQ will approve the audit record in ETS /
COMET.
5.17.16.2 Questionnaires and Internal Assessment:
Contracted Lead Auditor who conducted the review will sign the
report. JJRC/EQ will approve the audit record in ETS / COMET.
The audit record approval will serve as the documented review.
py
5.17.16.3 Internal Assessment:
Contracted Lead Auditor who gathers the information will
complete and sign TV-eFRM-03400. JJRC (Commercial Direct)
Co
/EQ (non-Commercial Direct) will review and approve report and
in ETS/ COMET.
5.18 Audit Report Distribution
5.18.1 The audit report is a CONFIDENTIAL document and should not be shared with
any regulatory health authority without prior approval by VP EQ. In the event
ing
that a secrecy or confidential agreement is signed, the distribution shall be
limited to terms of that agreement.
5.18.2 Issue reports, based on the table below, unless otherwise noted in Quality
Agreement.
ain
Type of Audit Audit Report Issuance*

Onsite FF EM 20 Business days from audit closing meeting date
Onsite non-FF EM or Supplier 30 Business days from audit closing meeting date
Desktop 30 Business days from audit closing meeting date
Tr
45 Business days after receipt of supplier’s first

Quality Questionnaire
response.
* Due Date to Issue Audit Report in COMET is determined using calendar not business
days so calculate accordingly.
Note: For Rx360, it is agreed through Statement of Work that their audit reports
will be issued within 30 business days to allow review by Auditee.
5.18.3 If there are no observations, the audit shall be considered closed upon
distribution of the audit report. Therefore, the audit report can be considered
the Audit Close-out Letter.
5.18.4 Audit reports distribution:
• Commercial FF EM – Auditee, Account Owner, EQ Functional /Regional

Head, JJRC and JSC Management as applicable, QP as applicable.

Confidential

• Non-FF EM – Auditee, Account Owner, EQ SQ Site Independent Reviewer,

impacted Site QA Head and/or Qualified Person (QP), EQ Functional /
Regional Head, Category Director (specific to material category). Include
DPDS and Labs as applicable.
• Shared Audits – J&J Business Units that share the audit, in addition to the
above distribution.
• A standardized distribution list is maintained on the EQ Sharepoint at the

following link: Audit Report Distribution May 2019.xls.xlsx
py
5.19 Audit Response from Supplier/EM
5.19.1 Internal and supplier assigned observations will be tracked to closure.
Co
5.19.2 Supplier action plan timelines must be appropriate. For Audits performed by
JJRC or EQ, the appropriateness of the action plan timeline will be determined
by EQ, and additionally by the EM Compliance principle and JJRC
Independent Reviewer for FF EM audits performed by JJRC.
5.19.2.1 For FF EM suppliers, audit action plans shall be completed within

ing
12 months from the date of the final report issuance (excluding
Effectiveness Check/Monitoring dates).
5.19.2.2 FF EM supplier action plans greater than 12 months shall have

documented alignment by the VP of External Quality and
Regulatory Compliance, when applicable. Documented alignment
ain
should be obtained at time of Action Plan approval or if an individual

action gets extended past 12 months from the initial final report
issuance. (see “Attachment 7 – EQ VP Alignment memo” for an
example template which may be used to document alignment)
5.19.3 Supplier/EM Response

Tr
5.19.3.1 Supplier/EMs are required to issue an audit response for any noted
observation(s) within the timeline listed in the following table.
NOTE: For FF EM’s, see additional notes in section 5.21
Number of Days to Submit SCAP from

Observations
Audit Report Issuance Date
Critical Within 10 business days *
Major / Minor Within 20 business days
*If the auditee cannot meet the specified date for critical observation, an
alternate reasonable due date will be identified, not exceeding 20
business days from the date of audit report.

Confidential

5.19.3.2 The EM/Suppliers will submit the corrective action plan utilizing TV-
eFRM-03386, Supplier Corrective Action Plan or submit the same
information in their template.
5.19.3.3 The audit response shall include corrective action(s) for each
observation, addressing the root cause, and including expected
completion date(s).
5.19.3.3.1 Within COMET / ETS (Refer to TV-WI-26517) all

responses are not required to be entered directly in the
py
Observation record. The responses received from the
Auditee can be attached to the Audit record.
5.19.3.3.2 Within ETS / COMET, in the observation record, for

‘Response Required’:
Co
• Select YES for critical and major observations with
potential quality/compliance impact. See Sections
5.20.5.3 (non-FF EM and Suppliers) and 5.21.1.4
(FF EM) for additional requirements pertaining to
Minor observations.
ing
• Select NO for all other observations (unless a
response needs to be entered) or actions need to
be tracked.
ain
5.19.3.4 CAPAs for Rx360 audits are managed by Rx360. Responses are
sent from auditee to Rx360.
5.19.4 Late Responses
5.19.4.1 The EQ Account Owner is responsible for following up on overdue

Tr
audit responses.
5.19.4.2 Response Extension for FF EMs may be requested – see section

5.21.2.4
5.19.4.3 Response Extension Request for Non-FF EMs are not required.
However, Account Owner should document follow-up dates in the
“Comments” section of the ETS / COMET Audit Record.
5.19.4.4 For FF EM, if a response is not submitted within 15 business days

following the date the response is required (including extensions),
a Risk Assessment (with documented rationale) shall be
documented. TV-eFRM-04002, Supplier Risk Assessment and
Mitigation Form, can be used to document the risk assessment.
5.19.4.5 For non-FF EM / Suppliers, if a response is not submitted and/or

has not been accepted within 90 calendar days following the

Confidential

original due date, a Risk Assessment shall be documented for

critical and major observations. TV-eFRM-04002, Supplier Risk
Assessment (with documented rationale) and Mitigation Form, can
be used to document the risk assessment.
5.19.4.6 The Risk Assessment is approved by the Functional/Regional

Head. A decision will be made to escalate if required, following
Escalation of Janssen Quality and Regulatory Compliance Issues
TV-SOP-25014.
5.20 Audit Response and Observation Acceptance for NON-FF EM (Note: FF EMs follow
py
section 5.21) and Suppliers
5.20.1 Upon receipt of the initial audit response, the EQ Account Owner enters the
initial response date in the ETS / COMET audit record. For COMET, this is
documented in the Observation record of the Audit in “Date of Initial
Co
Response”.
Note: CAPAs for Rx360 audits are managed by Rx360. Responses are
reviewed and to be accepted by Rx360. Notifications are sent to EQ when
CAPA activities are performed by Rx360.
ing
5.20.2 Account Owner reviews the response within 30 business days and documents
within the audit record. Specific attention shall be given to determine if the
observations have been assessed by the auditee in a systematic way, and that
the proposed response, with target completion dates, commensurate to the
assessment. Auditor should be document the response acceptance date in the
ain
field “Date of Response Acceptance” Audit Report section of the Audit Record
in COMET.
5.20.2.1 If needed, Account Owner contacts auditee for clarification and/or

additional information.
Tr
5.20.2.2 If additional review is needed after the Initial Response is submitted,

the final date of acceptance should be documented in the “Date of
Response Acceptance” in the Audit Report section of the Audit
Record in COMET.
5.20.3 In order to close a Major or Critical observation all the actions stated in the
corrective action plan needs to be completed with objective evidence. This
applies to Group Audits as well.
5.20.3.1 As noted in the Responsibilities section, the Account Owner follows

up on corrective actions and effectiveness checks, as applicable,
and updates ETS / COMET observation records as necessary.
5.20.4 Each Minor observation (external and internal) can be closed as defined in the
following table. This applies to Group Audits as well.

Confidential

Non-FF EM Minor Observation Closure (decided by EQ AO)
Audit outcome Requirement to Close the Observation

Surveillance
Acceptable Supplier Corrective Action Plan (SCAP)
Indicated
Corrective Action
Evidence of completion of correction, corrective
Indicated
action and preventive action is optional.
Executive Action and evidence of completion of correction, corrective
Indicated action and preventive action for Major and Critical
py
observations.
5.20.5 Auditee’s CAPA systems will be used to track corrective actions.
Co
5.20.5.1 Additionally, completion of pending actions for Critical and Major
observation with potential quality/compliance impact shall be
tracked in COMET audit record.
5.20.5.2 If impact to the Janssen Quality system is determined, a Quality

Issue needs to be opened in the Quality Event Management
ing
Division of Trackwise as part of the observation response
remediation.
5.20.5.3 External Tracking (Refer to TV-WI-26517 for ETS) must be selected

for Observations at the time of new observation record creation
based on the following table
ain
Auditing Audit Requirement for External Tracking

Department Classification
JJRC Executive Action • Critical, Major and Minor Observations
Indicated (EAI) require External Tracking
For ETS select Yes to “External Tracking” /
For COMET select Yes to “Track Response”
Tr
JJRC Corrective Actions • All Major Observations require External

Indicated (CAI) or Tracking.
Surveillance • Minor observations only require External
Indicated (SI) Tracking if deemed necessary by the Lead
Auditor

Confidential


Other than Executive Action • Critical and Major Observations require
JJRC Indicated (EAI) External Tracking. (Note: Objective
evidence is required to close Critical and
Major Observations, and Minor
Observations cannot be closed until the
Major and Critical are Closed).
• Minor Observations require external
tracking.
py
Other than Corrective Actions • All Major Observations require External
JJRC Indicated (CAI) Tracking.
• Minor observations only require External
Tracking if deemed necessary by the Lead
Co
Auditor.
Other than Surveillance • Major Observations require External
JJRC Indicated (SI) Tracking.
ing
• Minor Observations do not require External
Tracking.
5.20.6 Observation responses are approved as per ETS – Audit Management in the
Event Tracking System TV-WI-26517./ COMET - TV-WI-59568 Audit
ain
Management in COMET
5.20.7 Documentation related to the Audit received after the Audit record is in the ‘All
Activities’ complete state can be added as part of an Addendum record, or, if
applicable to one or more observations, to the observation record.
Tr
5.21 Audit Response Acceptance, Follow-up Classification & Strategy and Observation
Follow Up Activities for FF EMs (Note: Non-FF EMs and Suppliers follow section
5.20).
5.21.1 Audit Response Acceptance
5.21.1.1 Upon receipt of the audit response, EQ Account Owner enters the
initial response date in the ETS / COMET audit record.
5.21.1.2 Account Owner works with EM Compliance to determines if the

response is appropriate, whether the observations have been
assessed by the EM in a systematic way and that the proposed
responses are commensurate to the assessment. If the response is
not appropriate, Account Owner works with FF EM to further
develop the responses. The finalized review shall be completed
before the response due date. Auditor should document the

Confidential

response acceptance date in the field “Date of Response

Acceptance” Audit Report section of the Audit Record in COMET.
5.21.1.3 If impact to the Janssen Quality system is determined, a Quality

Issue needs to be opened in the Quality Event Management
Division of Trackwise as part of the observation response
remediation.
5.21.1.4 External Tracking should be selected for Observations at the time

a new observation record is created based on the following table
(Refer to TV-WI-26517 for ETS)
py
JJRC All • Critical, Major and Minor
Classifications Observations require External
Tracking
Co
For ETS select Yes to “External
Tracking” / For COMET select Yes to
“Track Response”
Other than Executive • Critical, Major and Minor
JJRC Action Observations require External
Indicated (EAI) Tracking. (Note: Objective
ing
evidence is required to close
Critical and Major Observations,
and Minor Observations cannot be
closed until the Major and Critical
are Closed).
ain
Other than Corrective • All Major Observations require
JJRC Actions External Tracking
Indicated (CAI) • Minor observations only require
External Tracking if deemed
Tr
necessary by the Lead Auditor.

Other than Surveillance • Major Observations require
JJRC Indicated (SI) External Tracking
• Minor Observations do not require

External Tracking
5.21.1.5 To ensure response is submitted to the Independent Reviewer

within timeline (10 business days for critical observation or 20
business days for major/minor), the Account Owner shall monitor
the EM’s CAPA preparation during the response timeline.

Confidential

5.21.1.6 When the response is appropriate, submit to the Independent

Reviewer (RA-JJCUS-JJRCEMAUDIT@its.jnj.com) for audit
classification within the timeline.
5.21.1.7 Observation responses are approved as per ETS – Audit

Management in the Event Tracking System TV-WI-26517 / TV-WI-
59568 Audit Management in COMET
5.21.2 Follow Up Classification and Strategy for FF EM
5.21.2.1 The Independent Reviewer provides follow up strategy
py
classification based on the audit report and the FF EM corrective
action responses. The follow up strategy classification document
shall be added to the audit record.
Co
5.21.2.2 If the response is not accepted continue to work with the FF EM,
5.21.2.3 The target completion of the final classification is 45 calendar days.

This includes EM’s response time, EQ review, and Independent
Reviewer classification assignment.
5.21.2.4 If classification alignment cannot be obtained from the Independent

ing
Reviewer, Account Owner leads discussions with Compliance
Principal and/or VP ERC for resolution.
5.21.2.5 If the FF EM’s response exceeds the time period stated in Section
5.19.3.1., an addition of up to 10 business days from the original
ain
due date can be requested to the Independent Reviewer. As per

JJRC Audit, Assessment, Inspection and Regulatory Action Follow-
Ups TV-SOP-13089, requests to extend the initial response beyond
30 business days, shall be reviewed by the Independent Reviewer
and shall be agreed to only in exceptional circumstances and with
appropriate rationale. The Independent Reviewer will update the
Tr
due date in Curve or the current tracking system.
Note: An extension, up to 30 calendar days, may apply if the report

and/or response require(s) language translation.
5.21.2.5.1 At the end of the extension period, regardless of the

status of the FF EM response, the FF EM site
classification will be assigned by the Independent
Reviewer.
5.21.2.5.2 Account Owner continues to pursue obtaining a

satisfactory corrective action plan response from the
FF EM. Management Notification as per Escalation
of Janssen Quality and Regulatory Compliance
Issues TV-SOP-25014 may be conducted, if
necessary.

Confidential

5.21.3 Account Owner notifies FF EM that CAPA is approved. Follow-up rating

information is added to ETS / COMET. Only upon the completion of the
responses to the observations or Follow-Up records created (if applicable),
thus, All Audit Activities Completed, will the Audit record be able to be moved
to the next state “Reporting” (COMET) / “Audit Complete (ETS).
5.21.4 Corrective Actions Follow Up will be performed by EM Compliance per TV-

SOP-49620 “External Manufacturing Audit Follow up Procedure”. EM
Compliance will discuss issues that arise during the follow up review with the
Account Owner and the EQ functional Regional Head (i.e FF EM fails to
complete pending actions). If the observation is critical, the EQ VP shall be
py
included in the discussion. A decision will be made to escalate if required,
following Escalation of Janssen Quality and Regulatory Compliance Issues
TV-SOP-25014.
Co
If the FF EM corrective actions are extended during the follow-up phase past
12 months from the initial final report, documented alignment by the VP of
External Quality and Regulatory Compliance, when applicable, must be
obtained. Documented alignment should be obtained at time of Action Plan
approval or if an individual action gets extended past 12 months from the
initial final report issuance.
ing
5.21.5 Notify the EM Compliance Principal, or designee if a conditional closure is
required. The conditional closure is used for disengagement of an FF EM.
5.21.6 Send the closing letter to the FF EM and close out the related ETS/COMET
records.
ain
5.21.7 Documentation related to the Audit received after the Audit record is in the ‘All
Activities’ complete state can be added as part of an Addendum record, or,
if applicable to one or more observations, to the observation record.
5.21.8 Self-Certification (FF EMs)

Tr
5.21.8.1 Self-Certifications, when applicable, will be managed by the EM

Compliance principal in collaboration with the Account Owner who
will be responsible for providing the self-certification memo to the
EM.
5.21.8.2 When all self-certification activities are complete, send the closing
letter to the EM and close out related ETS / COMET records.
5.22 Closing Audits
5.22.1 The overall audit cannot be closed until each of the supplier and internal
observations are closed in ETS / COMET.
ETS automatically progresses the Audit Record from the state of ‘Audit
Complete’ to ‘Closed’ when associated Observations and/or Follow-Ups are
Closed (No Open Observations) or No observations exist.

Confidential

COMET the audit record will remain in “Reporting” status until associated
Observations can be closed, responses submitted.
In the case of leveraged and purchased audit where observations are not
opened in ETS / COMET, the corrective action plans and corrective actions,
if any, should be accepted by the external party that conducted the audit.
5.22.2 A close out letter shall be sent to the EM or supplier by the Account Owner
when all supplier observations are closed. Close out letter is not required for
Rx360, Leveraged and Purchased audits.
py
5.22.3 If a close-out letter is required, a copy of the letter shall be included in ETS/
COMET Record (Audit or Addendum). If Audit record is in Audit complete
state and no Addendum record is available the closure letter can also be
attached to the AIM record. At the minimum, Category Leads and the J&J
Co
Business Units that share the audit (if applicable) will be copied in the close
out memo. Additional distribution can be added if necessary.
5.22.4 If there are no observations, the audit shall be considered closed upon
distribution of the report.
5.22.5 For Purchased Audits, observations and observation closures shall be

ing
managed by either the contractor company per their requirements or by the
assigned Auditor.
5.23 The outcome rating will not be upgraded without a re-audit of the auditee.
ain
5.24 Audit Extension
5.24.1 Should a monitoring audit not be completed within its scheduled date, the
audit may be extended to the following year with documented justification and
rationale including, but not limited to:
Tr
a. The actions taken to obtain an audit,
b. Historical and current supplier performance including the q&c

risk rating,
c. Risks posed due to the delay of the audit, and
d. Any interim controls need to be documented
The audit extension justification and rationale are documented

in the audit record in COMET.
5.25 Audit Refusal
5.25.1 If the supplier refuses the audit request, EQ Account Owner will solicit
assistance from Category Leads or other internal partners, as appropriate.

Confidential

5.25.2 A documented evaluation must be performed by the Account Owner in the

audit record within 45 calendar days from notification by Supplier (or through
JJRC). For COMET, the Risk Assessment is documented in the audit record.
If the supplier is used by multiple JSC sites, the refusal assessment must
consider the impact on all involved sites.
5.25.3 The risk assessment shall evaluate the following:
5.25.3.1 Whether an alternate type of audit shall be performed,
5.25.3.2 To initiate supplier disengagement process,
py
5.25.3.3 Implement additional controls within Janssen to mitigate identified
risk(s),
5.25.3.4 Identify when next audit attempt should be made based on supplier
Co
performance monitoring process trigger or Risk Assessment
outcome. Maximum time allowed to re-assess the EM or Direct
Material supplier is one year.
5.25.3.5 TV-eFRM-04002, Supplier Risk Assessment and Mitigation Form,

can be used to document the risk assessment and attached within
ing
the COMET Audit Record.
5.25.4 The assessment shall be approved by the EQ Functional / Regional Head.
5.25.5 Refused audits are reported to the EQ VP within the audit calendar year. The
ain
refusal shall also be communicated to EQ P&O to ensure that the audit

schedule is updated as required.
For JJRC assigned audits, JJRC will notify EQ Account Owner of any refused
audits, within 21 calendar days of confirmed refusal.
Tr
5.25.6 If Indirect Materials/Services Suppliers who are under the oversight of EQ

refuses to respond to quality questionnaires, EQ will complete the internal
assessment (TV-eFRM-03400) with input from representatives from JSC sites.
Risk (low/medium/high) and appropriate next steps will be defined and
documented in ETS / COMET audit record for CL1 and CL2, and Supplier
Account record for CL3 suppliers.
5.26 Documentation
5.26.1 Audit Reports shall be retained in accordance with the current records retention
schedules and may be either hard or electronic copies; whereas electronic
copies of approved documents must show the approval signature. Any official
hardcopy of the report will be filed in the Audit files by the auditor once the audit
is closed.

Confidential

5.26.2 The documents retained shall include the below, as applicable. All documents
will be attached to the audit record, (except where noted):
• Audit agenda/plan for onsite and desktop audits
• Audit report
• Quality Questionnaires / Internal Assessments
• Auditee responses/CAPA plans and any supporting documentation
py
• Objective evidence of SCAP completion
• Close out letter
Co
• Documentation related to extensions, if applicable
• Audit refusal assessment, as audit report
• Supplier and material surveys
•
ing
Documented risk assessments.
• Escalation (Management Notification) references
• Assessment (memos) accepting affiliate or non-EQ audit report

ain
• Authorization by the supplier to leverage report from another J&J

company
• Any appropriate Documents / Certificates / SOPs, etc. collected by the

auditor as part of the audit (and deemed necessary as a record by the
Tr
Lead Auditor).
• Valid ISO certificate, BSE/TSE, GMO and Melamine certificates

(optional, in Supplier Account record)
• Site classification memo, follow-up reports for FF EMs (in Curve or

current tracking system)
• References to any system generated #s for Escalation, Change Control,

Quality Issues
Note: The use of emails as Quality Records should be limited.
5.26.3 Records shall be retained per requirements stated in Johnson & Johnson
Worldwide Records and Information Management Policy and Program
Standard and subject to legal department’s requirement.

Confidential

5.27 Metrics
5.27.1 The following metrics associated with the Supplier Performance will be tracked
and reported per TV-SOP-16249 Johnson & Johnson Supplier Quality
Performance Monitoring:
5.27.1.1 Supplier Audit Outcomes
5.27.1.2 Supplier Audit Observation Timeliness
5.27.2 At a minimum, the following metrics associated with the execution of the audit
py
program and timeliness of supplier response will be reported by the on a
quarterly basis: Reference Attachment 6 Audit Program Execution Metrics for
definitions and thresholds:
5.27.2.1 Supplier Audit completion to plan,
Co
5.27.2.2 Timeliness of Audit Report issuance.
5.27.2.3 Timeliness of Supplier Corrective Action Plan.
5.27.3 Any red metric will be reviewed at the appropriate management level meeting,
ing
e.g. Quality System Management Review, Supplier Business Review, etc.
5.27.4 For Shared Audits, the J&J Business Unit that is leading the audit will be
responsible for tracking and reporting the metrics.
6.0 CONTENT REFERENCES

ain
6.1 TV-eFRM-03368: Supplier Audit Closure
6.2 TV-eFRM-03386: Supplier Corrective Action Plan
6.3 TV-eFRM-03393: Supplier Audit Leverage

Tr
6.4 TV-eFRM-03400: Audit Report – Internal Assessment
6.5 TV-eFRM-03401: Audit Report Quality Questionnaire (QMS Suppliers)
6.6 TV-eFRM-03402: Audit Report Quality Questionnaire (Non-QMS Suppliers)
6.7 TV-eFRM-04002: Supplier Risk Assessment and Mitigation Form
6.8 TV-FRM-20149: Auditor Qualification Training Form
6.9 TV-MAN-00657: Global Framework for Janssen Quality Management Systems
6.10 TV-QPOL-000031: Q-POL-1- J&J Quality Policy 1 Quality Policy Management
6.11 TV-QPOL-000032: Q-POL-2- J&J Quality Policy 2 Quality Management Organization and
Governance
6.12 TV-QPOL-000033: Q-POL-3- J&J Quality Policy 3 Management Responsibility

Confidential

6.13 TV-QPOL-000034: Q-POL-4- J&J Quality Policy 4 Research, Product Development and
Design Controls
6.14 TV-QPOL-000035: Q-POL-5- J&J Quality Policy 5 Operations and Production

Management
6.15 TV-QPOL-000036: Q-POL-6- J&J Quality Policy 6 Measurement, Analysis and

Improvement
6.16 TV-QPS-00041: Nonconformance (NC), Root Cause Analysis (RCA), and Corrective
py
Action and/or Preventive Action (CAPA)
6.17 TV-QPS-00086: Pallet Management

6.18 TV-SOP-49620: External Manufacturing Follow up Procedure
Co
6.19 TV-SOP-13086: JJRC Notification and Escalation Process
6.20 TV-SOP-15547: Johnson & Johnson Supplier Audit
6.21 TV-SOP-16249: Johnson & Johnson Supplier Quality Performance Monitoring
6.22 TV-SOP-23047: EQ Supplier Risk Categories

ing
6.23 TV-SOP-23557: External Quality Supplier Monitoring Process
6.24 TV-SOP-23709: Risk Assessment of Excipients & their Suppliers
6.25 TV-SOP-25014: Escalation of Janssen Quality and Compliance Issue

ain
6.26 TV-SOP-25244:External Quality (EQ) Auditor Qualification Procedure
6.27 TV-SOP-35065: EQ Supplier Selection and Qualification Process

6.28 TV-SOP-13089: JJRC Audit, Assessment, Inspection and Regulatory Action Follow-Ups
Tr
6.29 TV-TMP-05068: SQ API Ptype 1-2 Audit Plan Template
6.30 TV-TMP-05069: SQ API Ptype 3-5 Audit Plan Template
6.31 TV-TMP-05070: 6 System Audit Plan Template

6.32 TV-TMP-05071: Medical Devices Supplier Audit Plan Template
6.33 TV-TMP-05072: LM Excipient and Packaging Materials Audit Plan Template
6.34 TV-TMP-05073: Fill Finish and DPDS Audit Plan Template
6.35 TV-WI-26517: ETS – Audit Management in the Event Tracking System
6.36 TV-WI-59568: Audit Management in COMET
6.37 TV-WI-36603: Confidential Disclosure Agreement (CDA)

6.38 TV-SOP-41199: Quality Risk Management Pharm Sector SOP
6.39 TV-SOP-26631: Regulatory Inspection and External Audit Management

Confidential

6.40 TV-SOP-41307: Pre-approval Inspection Readiness Procedure

6.41 TV-SOP-13085: Compliance Auditing
6.42 TV-GLS-00001: J&J Quality Standards Glossary
6.43 TV-SOP-00431: Drug Establishment Site Licensing Submissions and Maintenance
7.0 ATTACHMENTS
7.1 Attachment 1: EQ Audit Process
py
7.2 Attachment 2: EQ Qualification Audit Details
7.3 Attachment 3: Audit Ratings Guideline
Co
7.4 Attachment 4: Audit Program Execution Metrics
7.5 Attachment 5: EQ VP Alignment Memo Example

ing
ain
Tr

Confidential

Attachment 1: EQ Audit Process
py
Co
ing
ain
Tr

Confidential

Fill Finish EM Audit Process
py
Co
ing
ain
Tr

Confidential

Non “Fill Finish EM” Audit Process
py
Co
ing
ain
Tr

Confidential

Attachment 2: EQ Qualification Audit Details
Initial Qualification Audit Preparation and Execution Guidance

Audit Team Audit team members and audit duration for an initial Qualification Audit may vary based on the
Design site, facility size, complexity, and criticality level.
Minimum Audit Team Members and Audit Duration are defined for Commercial FF EMs:
• Two (2) Qualified Auditors and necessary SMEs for 2-3 days*; others as needed
according to audit scope and complexity
py
Note: JJRC will participate as the second qualified auditor, when available.
The Audit Team Members and Audit Duration for lower criticality suppliers and Clinical EMs
shall be defined by the Lead Auditor.
Co
SMEs may include JSC Global Compliance, J&J Sterile Process Technology, Affiliate
Qualified Person, Technical Operations, Laboratory experts, Facility Experts, Controlled
Substance experts, etc. based on the scope of the qualification audit.
Qualified Auditors may be selected based on experience level or specific areas of expertise.
ing
*Note: any variations to the audit team make-up and/or duration may be described in the
COMET/ETS Audit Record
Audit Initial Qualification audits are most often performed at Supplier or EM sites that are new to the
Preparation Janssen network and therefore data from on-going quality performance is not available. As
ain
such the preparation approach may include review of additional elements, such as:
• Previously gathered information gathered at the Selection Stage (Screening

Questionnaire/Survey, Supplier statements, etc.)
• Change Control elements, as applicable
Tr
• Due Diligence reports/information

• Project Team data to review scope of future work/anticipated volumes, etc.
• Existing Health Authority data, for example:
• FDA: (FDA Dashboards)
• MHRA: (MHRA Website)
• EMA Data: (EudraGMDP_NonComplianceLetters)
• Health Canada: (Health Canada Website)
• TGA: TGA Website
Any additional insights gathered from these preparation sources should be used in developing
the audit plan.

Confidential

Initial Qualification Audit Preparation and Execution Guidance

Audit As part of qualification process for sterile manufacturers/suppliers:
Execution • Check the overview of their sterility program and control for the product/material in
scope.
• Check the sterility assurance risk assessment of their facility and processes for the
product/material in scope.
• If the supplier will be providing components used in downstream aseptic connections
(to be determined by Manufacturing, Science & Technology (MSAT) as part of Material
Qualification) ensure data in relation to potential failure modes that may lead to a loss
py
of system sterility is available.
Co
ing
ain
Tr

Confidential

Attachment 3: Audit Ratings Guideline
# Critical
# Minor Obs. # Major Obs. Rating
Obs.
Surveillance
0–10 0–4 0
Indicated (SI)
Corrective Actions
11 – 15 5–8 0
Indicated (CAI)
py
Executive Actions
16 and up 9 and up 1 and up
Indicated (EAI)
Co
Note: If the total Minor and Major observations equal 11 and up to 15; the audit rating is
Corrective Action Indicated (CAI)
If the total Minor and Major observations equal 16 or greater, the audit rating is Executive
Action Indicated (EAI).
ing
A different rating than that directed by the table may be selected. In this case, a rationale
must be documented and approved by the EQ Functional / Regional Head.
ain
Tr

Confidential

Attachment 4: Audit Program Execution Metrics
Metric Name: Supplier Audit Schedule Adherence

Definition: Measure of adherence to Approved Supplier Audit Schedule
# Audits Completed divided by Total audits Due by End of Reporting Year.
y
Numerator is cumulative to demonstrate progress to schedule at end of each reporting period. Denominator is the total of
audits planned for the year.
p
Notes: The target and metric thresholds only apply to the end of the year. Audits include:
Calculation: • All types of assessments as defined in Supplier Quality Audit Process (including Indirect Suppliers) included in the audit
o
schedule.
• Supplier audit schedule changes due to addition and removal of supplier audits.
C
• To ensure the annual target is met, quarterly audit schedule completion targets of 15% by the end of Quarter 1, 50% by
the end of Quarter 2, and 85% by the end of Quarter 3 should be considered.
Units: Percent
Target/Thresholds:
Target
95%
To calculate this metric for June 2018:
in g Meets
> 95%
Partially Meets
> 90% to < 95%
Not Met
< 90%
n
Example: (#𝐴𝑢𝑑𝑖𝑡 𝑒𝑥𝑒𝑐𝑢𝑡𝑒𝑑 𝑌𝑇𝐷 𝑎𝑠 𝑜𝑓 𝐽𝑢𝑛𝑒 2018)
𝐴𝑢𝑑𝑖𝑡 𝑆𝑐ℎ𝑒𝑑𝑢𝑙𝑒 𝐴𝑑ℎ𝑒𝑟𝑒𝑛𝑐𝑒 % = 𝑥100%
i
(𝑇𝑜𝑡𝑎𝑙 # 𝑜𝑓 𝐴𝑢𝑑𝑖𝑡𝑠 𝑝𝑙𝑎𝑛𝑛𝑒𝑑 𝑓𝑜𝑟 𝑡ℎ𝑒 𝑦𝑒𝑎𝑟 2018)
ra
Metric Name: Supplier Audit Report Issuance Timeliness
Definition: Measures the percentage of audit reports issued within the due date.
T
Audit Report Issuance % = (# of audit reports issued on time within the reporting month) / (# of audit reports issued within the
reporting month) * 100
Calculation:
Notes: Considers only Onsite and Desktop audits and excludes Quality Questionnaires and Internal Assessments.
For shared audits, only the Lead Op Co considers the numbers. Report issuance date as defined in the Supplier Audit SOP as:
“The date the audit report is issued to the supplier”.
Units: Percent
Target Meets Partially Meets Not Met
Target/Thresholds:
95% > 95% > 90% to < 95% < 90%
(#𝐴𝑢𝑑𝑖𝑡 𝑟𝑒𝑝𝑜𝑟𝑡𝑠 𝑖𝑠𝑠𝑢𝑒𝑑 𝑜𝑛 𝑡𝑖𝑚𝑒 𝑤𝑖𝑡ℎ𝑖𝑛 𝑡ℎ𝑒 𝑚𝑜𝑛𝑡ℎ 𝑜𝑓 𝐽𝑢𝑛𝑒 2018)
Example: 𝐴𝑢𝑑𝑖𝑡 𝑅𝑒𝑝𝑜𝑟𝑡 𝐼𝑠𝑠𝑢𝑎𝑛𝑐𝑒 % = 𝑥100%
(# 𝑜𝑓 𝐴𝑢𝑑𝑖𝑡 𝑟𝑒𝑝𝑜𝑟𝑡𝑠 𝑖𝑠𝑠𝑢𝑒𝑑 𝑤𝑖𝑡ℎ𝑖𝑛 𝑡ℎ𝑒 𝑚𝑜𝑛𝑡ℎ 𝑜𝑓 𝐽𝑢𝑛𝑒 2018)
This copy of the

This copydocument was generated
of the document on 09 Octon2023
was generated 09 Oct 2023 (EST). Page 55 of 60
Confidential

Metric Name: Timeliness of Supplier Corrective Action Plan
Definition: The percentage of supplier corrective action plans completed on time.
Timeliness of Supplier Corrective Action Plan = (Number of corrective action plans due within the last month completed on
time) / (Total number of all corrective action plans due within the last month + any residual overdue corrective action plans
y
Calculation:
from previous reporting periods that were open at the end of the reporting period) * 100
p
Note: Observations from shared audits will only be counted for lead J&J Business Unit
Units: Percent
o
Target Meets Partially Meets Not Met
Target/Thresholds:
C
90% > 90% > 85% to < 90% < 85%
g
𝑇𝑖𝑚𝑒𝑙𝑖𝑛𝑒𝑠𝑠 𝑜𝑓 𝑆𝑢𝑝𝑝𝑙𝑖𝑒𝑟 𝐶𝑜𝑟𝑟𝑒𝑐𝑡𝑖𝑣𝑒 𝑃𝑙𝑎𝑛
(#𝐴𝑢𝑑𝑖𝑡 𝐶𝑜𝑟𝑟𝑒𝑐𝑡𝑖𝑣𝑒 𝐴𝑐𝑡𝑖𝑜𝑛 𝑃𝑙𝑎𝑛𝑠 𝑑𝑢𝑒 𝑖𝑛 𝐽𝑢𝑛𝑒 𝑎𝑛𝑑 𝐶𝑜𝑚𝑝𝑙𝑒𝑡𝑒𝑑 𝑜𝑛 𝑡𝑖𝑚𝑒)
= 𝑥100%
in
(𝑇𝑜𝑡𝑎𝑙 # 𝐶𝑜𝑟𝑟𝑒𝑐𝑡𝑖𝑣𝑒 𝐴𝑐𝑡𝑖𝑜𝑛 𝑃𝑙𝑎𝑛𝑠 𝑑𝑢𝑒 𝑖𝑛 𝐽𝑢𝑛𝑒 + 𝑟𝑒𝑠𝑖𝑑𝑢𝑎𝑙 𝑜𝑣𝑒𝑟𝑑𝑢𝑒 𝑐𝑜𝑟𝑟𝑒𝑐𝑡𝑖𝑣𝑒 𝑎𝑐𝑡𝑜𝑖𝑛 𝑝𝑙𝑎𝑛𝑠 𝑛𝑜𝑡 𝑐𝑙𝑜𝑠𝑒𝑑 𝑖𝑛 𝐽𝑢𝑛𝑒)
Example: May: 10 Corrective Action Plans, only 8 completed on time (no residuals)
n
Timeliness of Supplier Corrective Action Plan = 8/10*100% = 80%
i
June: 5 Corrective Action Plans due, all 5 completed on time. Of the 2 residual Corrective Action Plans due from May 1 is
completed in June and 1 is not (i.e., it is still open in July).
ra
Timeliness of Supplier Corrective Action Plan = 5/6*100% = 83%
Corrective Action Plan Timeliness can be calculated on per Audit or per each observation’s Corrective Action Plan basis.
This copy of the

This copydocument was generated
of the document on 09 Octon2023
was generated 09 Oct 2023 (EST). Page 56 of 60
Confidential

Attachment 5: EQ VP Alignment Memo Example
Date: Insert date

Memo to File
Audit Record [insert #] / Observation Record [insert #]
Subject: EQ VP Alignment of [insert Supplier name] Action Plan Exceeding 12 months
As per TV-SOP-22726, External Quality (EQ) Audit Procedure, External Manufacturer
py
action plans exceeding 12 months from the date of the final report issuance must have
documented alignment by the VP of External Quality. This memo is to provide
documented alignment for the corrective action plan of [insert supplier name].
Co
Include the following information in the memo;
- When the audit was conducted, overall audit rating, date of audit report issuance
- Short summary of the observation for which the correction action is exceeding 12
months from report issuance
- Description of corrective action/ final mitigation that is exceeding 12 months
- Interim controls implemented until final mitigation put in place
ing
- Whether there are any potential risks associated with a CPA exceeding 12 months
ain
Name, Title
Prepared by:
Signature / Date
Tr
Alignment Name, VP External Quality

by:
Signature / Date
Name VP , JJRC
Signature / Date
***END OF DOCUMENT***

Confidential

Document Revision History

Version Justification of
Section Description of Change
Number Change
24.0 5.6.3.9. and Administrative Change to add reference to TV- ETS 2301511
6.0 SOP-23709
3.26, 5.7.3. Aligned definitions Update to Quality
and 6 Policies.
23.0 3.17 & Added - Indirect Materials/Services Suppliers Scope clarified
5.25.6
py
4.8.1.4
TV-SOP-33223 is being
Removed reference of TV-SOP-33223.
5.5.9 & 6.21 obsoleted.
Co
5.3.1. Added additional clarification concerning who can ETS 2273010
be considered an auditor.
5.6.3.9 Added special requirement related to Annex I requirements
manufacturers supplying components used in
downstream aseptic connections.
5.9.6.2 Added additional clarification in case CL3 Process improvement.
suppliers are unable to provide needed
ing
information via Quality Questionnaire.
Attachment Added Execution Requirements specific to Annex I requirements.
2 qualification process for sterile
manufacturers/suppliers
22.0 5.6.3.3. and Migration of documents
Added reference to Audit Plan Templates
6 from Trackwise
ain
Alignment with TV-

5.15.2 Definition of repeat observation updated.
SOP-15547
21.0
Align with JJRC
Throughout Updated JJERC to JJRC throughout
organization name
Tr
Align with system

Removed references to ETQ process in sections
requirements due to
Throughout that are no longer applicable to ETS and are fully
transition from ETS to
moved to COMET
COMET
Changed “Note” under section to 2.2 to “Out of

2.2 Clarification
scope”
Align with TV-SOP-

Updated Definitions to add 3.12 EM Compliance 49620: External
3
Principle Manufacturing Follow
up Procedure
Added additional responsibility to the Lead

4.4.5 Refer to QI 2246288
Auditor role

Confidential

Document Revision History

Version Justification of
Section Description of Change
Number Change
Added Qualified Persons to Responsibilities Alignment to EU Annex

4.7
section 21
Revised responsibilities for JJRC Regional Align with TV-SOP-

Pharma Compliance Head and EM Compliance 49620: External
4.8.3 / 4.8.3
py
Principle to align with External Manufacturing Manufacturing Follow
Follow up Procedure up Procedure
Align with TV-SOP-
Revised Corrective Actions section of Table 1 to
49620: External
4.8.5 align with External Manufacturing Follow up
Manufacturing Follow
Procedure
Co
up Procedure
Added that if the Supplier provides products in
scope of Qualified Persons review (i.e drug
Alignment to EU Annex
5.6.3.2.1 substance, drug product, finished product) the
21
QP should be invited to participate in the pre-
audit meeting/ planning
ing
Updated to state “documented alignment by the
5.19.2.2 VP of External Quality and Regulatory Clarification
Compliance, when applicable”
Added that for non-FF EM / Suppliers, if a
response is not submitted and/or has not been
5.19.4.5 accepted within 90 calendar days following the Correction 2240677
ain
original due date, a Risk Assessment shall be

documented for critical and major observations.
Added details for documenting “Date of Initial Process Robustness
5.20 Response” and “Date of Response Acceptance” and alignment to
in COMET Audit / Observation records. COMET
Tr
Revised section for Corrective Actions Follow Up To align with TV-SOP-

5.21.4 – to align with External Manufacturing Follow up 49620: External
5.21.9 Procedure. Removed duplicate information that Manufacturing Follow
is included in TV-SOP-49620 up Procedure
To align with TV-SOP-
Removed reference to TV-eFRM-03390,
49620: External
6.0 TV-eFRM-03391, TV-eFRM-03392.
Added reference to TV-SOP-49620:
up Procedure
To align with TV-SOP-
Removed Attachment 4: EM Follow-Up
49620: External
7.0 Frequency and Requirements and Attachment 5:
FF EM Follow-Up Rating and Escalation
up Procedure
Refer to Version 21 for Document Revision History for Versions 11 through 21
Refer to Version 13 for ‘Document Revision History’ for Versions 1 through 13.

Confidential
Document Approvals
Approved Date: 06 Oct 2023
Additional Approval Task Andrew Shelofsky,

Verdict: Approve (ashelofs@its.jnj.com)
Author Approval
22-Sep-2023 16:24:50 GMT+0000
py
Additional Approval Task Erin Germino,
Verdict: Approve (egermino@its.jnj.com)
Quality Approval
28-Sep-2023 12:20:27 GMT+0000
Co
Mandatory Approval Task Sofia Papasavva,
Verdict: Approve (SPapasa1@its.jnj.com)
Document Management Approval
06-Oct-2023 09:43:11 GMT+0000
ing
ain
Tr

Confidential

TV SOP 22726 - v24.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

TV SOP 22726 - v24.0

Uploaded by

Copyright:

Available Formats

Number: TV-SOP-22726 Version: 24.

Owning Location: Virtual Org - External Supply Integration (ESI)

1.0 PURPOSE ...................................................................................................................................................... 2

Owning Location: Virtual Org - External Supply Integration (ESI)

For Regulatory Inspections at EQ suppliers refer to Regulatory Inspection and External

For the purpose of this procedure, the following definitions apply:

adherence to established requirements:

3.1.2 Initial Qualification Audit – An audit scheduled as part of qualification activities

3.1.3 Structured Surveillance Audit (Routine)– A regularly scheduled audit intended

3.1.4 Onsite Audit – Audit performed at the supplier premises.

Owning Location: Virtual Org - External Supply Integration (ESI)

3.1.6 Remote Audit / Quality Questionnaire – A questionnaire that is sent to the

3.1.7 Remote Audit / Internal Assessment – Review conducted internally of

3.1.8 Leveraged Audit / Purchased Audit – Audits (Onsite, Desktop or Quality

3.1.10 Group Audit – Audits performed by J&J with non-J&J companies.

3.1.12 Technical Visit – A visit to an EM/supplier to support an internal investigation

to identify potential causes or corrective actions.

auditee. This deep dive is typically supported by questionnaires.

3.2 Audit Classification / Overall Audit Rating – Overall determination of the EM /

3.2.1 Surveillance Indicated – A classification assigned to an audit where the overall

3.2.2 Corrective Actions Indicated – A classification assigned to an audit where the

Owning Location: Virtual Org - External Supply Integration (ESI)

3.2.3 Executive Action Indicated – A classification assigned to an audit where the

Audit Schedule – Listing of audits to be performed during a specific period.

3.8 Auditee – External Manufacturer or Supplier being audited.

3.11 Controlled Substance: Any drug product, intermediate, precursor, active

laboratory standards, intermediates, final products and waste material. Controlled

3.13 Criticality Levels – Categorization of suppliers to a criticality level based on the

Owning Location: Virtual Org - External Supply Integration (ESI)

3.14 Direct Materials – Materials or components directly incorporated into a finished

packaging of a released finished product. Also known as Finished Product (FP)

3.21 Follow-Up Strategy Classification - A classification assigned (that is, A, B, C, or D) to

Owning Location: Virtual Org - External Supply Integration (ESI)

3.24 Indirect Material/Service (GxP impact):

• Indirect Material/Service suppliers, contractors, or consultants providing materials or

• Any material, including processing aids, product-stream contacting filters used to

• External Contract Laboratories (ECLs).

3.25.2 JJRC may also participate in Qualification Audits of Commercial EM sites.

3.26 Observations - Identified non-conformances to J&J policies, standards, procedures,

3.26.1 Critical Observation – An observation is defined as "Critical" when any one or

• Any non-conformance or non-compliance that will or already has adversely

• Any non-conformance or non-compliance that if allowed to continue, might

• A repeat "Critical" or "Major" observation from a previous audit or a failure to

Owning Location: Virtual Org - External Supply Integration (ESI)

• The observation represents the complete absence of one or more quality

• For Pre-approval audits, observations are considered critical if they

• Any non-conformance or non-compliance that might or might have adversely

• Any isolated non-compliance in not reporting or reporting late any required

• Non-compliance to requirements in the Johnson & Johnson Quality Policies

and/or established standards that might have potential product impact.

3.26.3 Minor Observation - An observation is defined as minor when it is isolated and

3.26.4 Recommendations / Others – Optional documented advice besides audit

Owning Location: Virtual Org - External Supply Integration (ESI)

4.3 EQ and JJRC

• Analyzes and communicates audit program metrics to EQ management and

• Commercial Finished Products EM.

• Commercial Direct Materials EM/Suppliers.

Owning Location: Virtual Org - External Supply Integration (ESI)

• Commercial Repackaging EM / Co-packers.

• Third Party Logistics (3PL) – GMP High Risk Repackaging.

• Non-monitoring audits for FF EM/Direct Material EMs/Suppliers (e.g. due

Note: See Attachment 2 for additional guidance related to Qualification Audits.

4.3.4 If a confidentiality or non-disclosure agreement is required specific to the audit,