Critical Incidents of Outsourcing Processes in Pharmaceutical Supply Chain: A Mixed-Methods Approach

Purpose: In this paper, a practical framework is presented for the successful integration of buyers and contract organizations based on the Critical Incident Technique (CIT). Methodology: The initial pool of situations was developed inductively according to qualitative data provided by ten experts in the field of outsourcing in pharmaceutical supply chain. Another group of experts evaluated these situations regarding to their degree of realism as well as relevance and allocated them to the five constructs (1) employee competence, (2) management commitment, (3) communication between organizations, (4) organizational culture, and (5) regulatory framework. Findings: The findings of the study show that communication appears to be the most frequent reason while regulatory framework seems to be the last frequent reason for critical incidents during outsourcing. Contract giver and service provide show diverging perceptions about the situations’ degree of realism and relevance. Analysis of the interrater agreement shows that the allocation to a single construct is a challenge due to the critical incidents’ complexity and multidimensionality. Originality: The critical incidents database and the presented framework serve as preventive behavioral-based quality management for the pharmaceutical supply chain.


Introduction
The liberalization process of global markets holds competitiveness as an imperative on all levels. Supply chain configuration is supposed to have significant impact on company performance (Huq, Pawar & Rogers, 2016). The supply chain is understood as an integrated system that synchronizes business processes. Its ultimate purpose is to improve the operational efficiency, profitability and competitiveness of the company, including its partners in the supply chain (Min & Zhou, 2002).
Outsourcing is one of the most common business models used by companies to reduce costs or improve efficiency (McCarthy & Anagnostou, 2004). It is the process of excluding some of the organization's activities and operations that are not of strategic importance, which means that a number of activities is left to those, who are expected to do them faster, better and cheaper, while all available resources of the company are directed to its core business. The main reason for entrusting the process to third parties is to reduce costs, but also to delegate work to more qualified and flexible personnel for the given process, making it their core business. Overall, outsourcing appears to be an increasingly common business model as part of a successful business strategy of many companies, organizations and institutions (Choi, Wallace & Wang, 2016).
However, due to its international character and complexity, outsourcing carries an increased risk for the business. During the process of outsourcing, many incidents occur, which can be divided into technical/technological and administrative ones, and the consequences of all these incidents are typically financial losses. In order to improve the risk management process, a comprehensive risk analysis should be conducted. An inadequate risk analysis is one of the main reasons why outsourced activities fail. Failures appear to be most often related to poor internal and external relations (El Mokrini, Dafaoui, Berrado & El Mhamedi, 2016).
Quality management in the supply chain can be considered from two perspectives: from the perspective of the outcome of an outsource process, but also from a behavioral perspective. Using "an agency theory", Zu and Kaynak (2012) explored the relationship and gaps of these approaches to quality management of suppliers and discussed the critical factors to be taken into account during the outsourcing process with regard to different suppliers. According to these authors, the critical factors are information asymmetry, goal conflict, risk aversion of suppliers, length of relationship, and task characteristics. However, the complexity of the supply chain imposes an increasing need for integration, both logistically, as well as the integration of information (Kaipia & Turkulainen, 2017;Prajogo & Olhager, 2012).
Unsuccessful outsourcing in pharmaceutical business does not only affect financial losses, but more importantly, it can have a severe impact on the health and safety of patients. Under consideration of the importance of behavioral responses for the successful integration of buyers and contract organizations, this study's overall objective is the identification of situations critical to sustain quality standards in outsourced pharmaceutical processes. Based on this knowledge, possible effective and ineffective behavioral responses to such critical situations were defined and converted into a critical incidents database for the successful integration of buyers and contract organizations.
The following sections first provide an overview of the relevant theoretical background regarding outsourcing as well as quality management in pharmaceutical supply chain and the use of critical incidents in organizational development. Secondly, the study's underlying conceptual framework is outlined, followed by a description of the conducted empirical studies and their results. The last section provides a discussion of the results including their implication for research and practice as well as possible limitations.

Outsourcing in Pharmaceutical Supply Chain
Due to its specificity, the supply chain in pharmaceutical practice, as well as outsourcing in this area, is increasingly taking the attention of scientists and experts. Pharmaceutical companies identify and implement different strategies to improve their own competitiveness, but also to respond to the growing needs of modern health care system: cost containment and improved quality. The pharmaceutical supply chain, which includes research and development (R&D) organizations, manufacturers, distributors of medicinal products, and marketing authorization holders is becoming more complex and demanding. In order to ensure that the pharmaceutical supply chain is as safe, efficient and effective as possible, new models of integrated quality systems are being explored. The suggested model by Marinkovic, Kostic, Tasic and Majstorovic (2013) focuses on the PDCA cycle, i.e. plan, do, check and act, and has proven its applicability within the outsourcing process of medicine transport.
The most frequent outsourced activities in pharma business are manufacturing processes and clinical studies, but recently regulatory affairs and pharmacovigilance are also outsourced more frequently. Pharmaceutical companies can learn from other industries that have been outsourcing activities earlier and longer, such as oil and gas industry (Van Leeuwen, Prendergast, Edwards & Dawson, 2017). As discussed in the introduction section, outsourcing is a strategy that carries a significant risk. A recent study found that as much as 91% of pharmaceutical companies that outsource production activities had a "significant incident" because of quality problems or delays, while 59% of companies that had maintained production operations in their own plants faced these problems (Dragićević, 2013).
The key of successful outsourcing is management of integration with regard to the outsourcing relationship between buyers and contract organizations. Integration with outsourced companies has been studied recently, so today there are mostly models of outsourcing that depend on the strategic approach of the company (Kaipia & Turkulainen, 2017).

Impact of Quality Management on Business Performance
As critical points in the company's supply chain process are currently in the state of being agreed upon, outsourcing is a field of general risks in modern business. The risk of outsourced operations is directly reflected in the quality of an organization's products and services, and indirectly in the overall business performance. Therefore, norms provided by the International Organization for Standardization are paying great attention to the outsourcing process .
The benefits from introducing a quality management system (QMS) have been recognized in many global companies and there are various scientific publications that explore the impact of the level of QMS implementation on the business performance of organizations that have outsourced parts of their business activity. For example, Gotzamani, Longinidis and Vouzas (2010) explored the impact of the implemented quality system of outsourced logistic companies on financial performance, using a structured questionnaire. This cross-sectional study included 66 companies and confirmed a positive correlation between organizations' quality systems and financial performance. An empirically validated model revealing the threefold impact of process standardization on the business success of outsourcing was found in a study by Wüllenweber, Beimborn, Weitzel and König (2008), which involved 335 outsourced ventures in 215 German banks.
Problems and challenges facing the pharmaceutical industry have forced pharmaceutical companies to replace the old "closed" model of drug development, based on internal development resources and capacities, with the new "open" model that includes functional outsourcing, geographical outsourcing, licensing, cooperative development and many other business models (Huq et al., 2016). As a result, outsourcing is facing rapid growth and expansion from the traditional final stage of development (i.e., packaging, manufacturing, and clinical trials) onto other phases, particularly the initial phase of research and development (R&D). The pharmaceuticals' business management implementation of standardized systems (e.g., from the ISO family) is less common, because the regulatory requirements for the implementation of Good Practice (GxP) are mandatory (Mazumder, Bhattacharya & Yadav, 2014;Marinkovic, Bekcic, Pejovic, Sibalija, Majstorovic & Tasic, 2016). When it comes to the pharmaceutical quality system (PQS), it implies a holistic approach, which includes: • An integration at the level of standardized management systems (ISO) and good practices (GxP) • The realization of information and material flow in the entire supply chain In recent publications that explore the impact of quality objectives on the strategic goals in the pharmaceutical sector, the necessity to investigate new models of QMS to reduce the risk of outsourcing, has been confirmed (El Mokrini et al., 2016;Gummerus, Airaksinen, Bengtström & Juppo, 2016;Low, Halim, Adhitya, Chew & Sharratt, 2016;Uluskan, Joines & Godfrey, 2016;Morrato & Smith, 2015;Zhu, 2016). Although outsourcing as a global business model has already been implemented, both in standard ISO 9001:2015, as well as according to other professional standards (Good Manufacturing Practice (GMP), Good Distribution Practice(GDP)), there is a need to develop a new framework, which will include behavioral effects, cultural differences and perceptions of all participants in the pharmaceutical supply chain (European Commission, 2010;European Commission, 2013). Misunderstandings associated with these factors can lead to endangering the safety of the patient and to significant operating losses of the company that is contracted by key pharmaceutical processes.

Organizational Development through Critical Incident Technique
One promising technique for the development of a research framework for outsourcing is the Critical Incident Technique (CIT), which is presented in several studies that investigate the causes and mechanisms behind critical situations in outsourcing (Cihangiroglu & Bakir, 2016;Dekker, Rutte & Van den Berg, 2008;Gelderman, Semeijn & Plugge, 2016;Wahyuni -Td & Fernando, 2016). However, there seems to be a gap in present scientific literature regarding the application of CIT in pharmaceutical supply chain. Pharmaceutical companies are special cases because their business decisions directly affect human health, so pharmaceutical legislation, as well as quality standards (GMP, GDP) are different from commonly used standardized management systems (Marinkovic & Franeta, 2015).
The CIT is a well-established qualitative research tool used in many areas of the health sciences (Elvey, Hassell, Lewis, Schafheutle, Willis & Harrison, 2015;Eriksson, Wikström, Fridlund Årestedt & Broström, 2016), education (Douglas, Douglas, McClelland & Davies, 2015), as well as in management and marketing (Al-Areefi, Hassali & Mohamed Ibrahim, 2013;Durand, 2016;Heine, Schmitt & Beaujean, 2016). John Flanagan was first who described the CIT with its origins in organizational psychology (Flanagan, 1954). The technique is applied for the collection, analysis and interpretation of actions taken by individuals in response to specific situations. According to Flanagan (1954) CIT is 'essentially a procedure for gathering certain important facts concerning behavior in defined situations' (page: 335). The description of such situations in the work environment is typically based on reports of job incumbents or supervisors, who are thought of having insider knowledge. They are asked to report common situations involving a difficult to handle problem or conflict that they have encountered in their work environment. However, job incumbents and supervisors might be biased in their reporting because of the direct involvement in specific jobs and retrospections. As alternative or in addition to this information source, Subject Matter Experts (SME) could be included for collecting critical incidents .
The reporting scope can be either defined to specific topics or constructs like 'Leadership' or more general including any problematic situation. For the formal design of critical incidents, each description should include the following three components: (1) antecedent information, (2) description of the situation, and (3) outcome of the situation (Butterfield, Borgen, Amundson, & Maglio, 2005). The following critical incident description exemplifies this structure: Human Resource Departments (HR) provide internal services like a selection procedure process or support during change management projects to other departments (i.e. antecedent information). Repeatedly, other departments have reported dissatisfaction about the provided services (i.e. description of the situation). The head of HR neither approached the dissatisfied internal customers nor changed the approach of work, leading to a continuation of internal complaints (i.e. outcome of the situation).
Thus, the first part of the exemplary description contains some background and context information about the actual problematic situation, which then follows as second part of the description. Lastly, the behavioral reaction to this situation and its consequences or outcomes (negative or positive) are outlined. It should be noted that the evaluation of outcomes might depend on the respective perspective of the reporting source (e.g., job incumbent) and is not unequivocally defined (Weekley, Ployhart & Holtz, 2006).
The process for developing critical incidents typically includes (1) the collection of qualitative data through SME, job incumbents, and/or supervisors until no new data is added, (2) the categorization and synthesis of all reported situations to exclude redundancies and identify the most important problems, and (3) the formal design of those problems into critical incidents. The set of critical incidents thereby obtained can be used to develop employee trainings and assessment instruments like Situational Judgment Tests (SJT) (Heine, 2016).
Although Flanagan suggested a general framework for the method, flexibility and respective context is the imperative in its application and implementation. In our research, the CIT was applied to capture hidden contextual conditions of outsourcing in pharmaceutical supply chain and to demonstrate the technique's relevance to studying behavior-based factors of quality management.

Conceptual Framework for Risk-Based Incident Management
The proposed conceptual framework focuses on strategy to enhance internal efficiencies while engaging risk quality standards. The framework's purpose is a better understanding of the outsourcing process of pharmaceutical supply chains, its impact on costs and quality, and an approach for unlocking hidden risks in areas as manufacturing and distribution.
Quality risk management as a guidance in pharmaceutical industry and regulatory authorities is presented in this section, representing the basis for the proposed framework. Due to the frequent regulatory changes, our risk-based incident management framework is a pragmatic approach for continuous quality improvement in pharma companies.

Quality Risk Management
It is generally accepted that the term risk refers to a combination of probability of the occurrence of a negative event and the seriousness of the occurrence of such an event (ICH, 2005). However, when it comes to the application of risk management in a pharmaceutical supply chain, it is difficult to reach agreement among all participants in the chain, as each of them focuses on different potential negative events, i.e. to perceive a different degree of risk from the occurrence of a negative event and to assign a different degree of seriousness. At first glance, the greatest risk is attributed to financial losses, however, when it comes to medical products, the greatest risks are related to the life and health of patients.
Outsourcing necessarily contains certain degrees of risk and the quality risk is part of the overall risk. Successful quality management can provide patients with a high quality drug by providing a proactive approach for the effective evaluation and control of processes, along with approaches to possible problems related to the quality of development and production processes, as well as increasing awareness of the existence of risks (ICH, 2005). Furthermore, the application of quality risk management can improve the decision-making process in the event of a quality defect and contribute in general to better decision-making in outsourcing. Pharmaceutical companies should be able to handle the processes more flexibly by reducing unnecessary steps in the production and distribution of drugs. On the other hand, service providers need to be assessed to what extent they can deal with potential risks.
In business relationships, it is impossible to foresee every relevant possibility or incident that could happen during the collaboration, but it is reasonable to be prepared for possible and repetitive risks. Risk management and risk analysis are becoming increasingly important factors in the pharmaceutical supply chain. Benefits of risk management are multiple: • Increased awareness of risk; • Effective assessment and control of the process; • Decision making based on risk analysis; • Identification of errors and deviations prior to their occurrence.
Quality risk management is the starting point of the decision making process about product batch release on the market. At the same time, it supports other ICH quality documents and completes the existing procedures, requirements, standards and guidelines that are applied in the pharmaceutical industry. First, ICH Q9 provides guidance regarding to principles and tools of quality risk management, which can lead to a more successful and consistent risk assessment in terms of the quality of starting substances and drugs during their life cycles. Although the advantage is usually given to a systematic approach in the management of quality risks, it is not always necessary or convenient to use the formal procedure. The application of informal procedures in risk management is also acceptable. Appropriate use of quality risk management can ease, but does not eliminate, the need for the companies to comply with regulatory requirements, or replace the appropriate communication between industry and regulatory authorities (ICH, 2005). Advantages of quality risk management (ICH Q9) are: • Applicability at all levels (i.e. risk management can be applied to all processes and products in the supply chain, including outsourcing); • Transparency (i.e. a consistent quality risk management process provides concrete conclusions for critical points and imposes the measures to minimize risk, based on evidence and facts); • Integration of all QMS components (i.e. systematic communication of critical control points with the quality management system enables a specific optimization of internal regulations and risk management elements can be integrated into the external (outsourcing) processes).

Continuous Improvement
One of the core elements of the pharmaceutical quality system is continuous improvement (ICH, 2008). For companies to manage the improvement, it is necessary to define monitoring parameters like key performance indicators that would correlate with potential risks (ICH, 2008). The proposed risk-based incident management framework addresses this requirement by integrating risk management with critical incidents (cp. Figure 1). More specific, a detailed analysis of critical incidents points to: • Reliable identification, assessment and communication of risks; • An efficient and effective quality system, based on the Plan-Do-Study-Act principle; • Realistic consideration of circumstances, expectations and relationships in the pharmaceutical supply chain.
By analyzing critical incidents of a pharmaceutical company, companies learn from experience, but can also anticipate the future for different business aspects (i.e. regulatory framework, company reputation, financial performance, patient safety). In the PLAN phase, it is important to identify and assess all possible risks, including behavioral risks of employees and collaborates in outsourcing processes by reviewing critical incidents. In the DO phase, pharmaceutical companies should implement controls of the risks as well as preventive measures. The STUDY phase includes the monitoring of collected data as well as a review and evaluation of the risks identified in the phase PLAN. In this phase, it is strongly recommended to eliminate a re-occurrence of the incidents. Taking additional measures is suggested in the ACT phase. There is a high intersection of critical incidents across different pharmaceutical companies to be expected and this paper provides a first extensive incidents list as starting point. This approach of providing an initial list has the advantage that the complex work of collecting and formulating critical incidents is already performed and serves as basis for a company-specific adaptation or extension. In the following sections, we outline our methodological approach of developing this initial list, which we refer to as mixed-methods because of combining qualitative and quantitative data acquisition.

Sampling
Aiming to identify critical reoccurring situations during outsourcing in pharmaceutical supply chains, the selection of Subject Matter Experts (SME) has been performed among multinational pharmaceutical companies. The primary selection criteria was having more than ten years of working experience in the field of Quality Management. In total, ten SMEs with experiences in Good Practice (GxP) guidelines and auditing from multinational pharmaceutical companies participated in this study. The participants were selected by convenience during the South East Conference about Quality Management in Pharma Business (Belgrade, September 2017).

Data Collection Procedure
During the introduction meeting with each SME, the study's objective, how to describe critical incidents, what questions have to be answered, and samples of possible behavioral root causes of the problematic situation were explained by the paper's first author. Problematic situations in outsourcing processes were defined formally as any unexpected event that may have negative implications to organizational performance (e.g. financial loss, patient safety, quality improvement, company reputation).
The ten selected SMEs were asked to report critical incidents in written, narrative form (cp. Appendix A). Furthermore, the SMEs were asked to identify the root cause for each situation and thus, an inductive approach was applied to deduce the constructs for further research. The questionnaire also included demographic data as sex, experience, and area of expertise (quality management, regulatory affairs, supply chain). The researchers performed a content analysis of the reported problematic situations regarding to completeness of information and repeatability.

Results
The ten SMEs reported in total 47 critical incidents in written format. Each SME was asked to identify potential root causes for their respective incidents. The following root causes were mentioned: "lack of job experience, GxP awareness, lack of business ethics, different culture, different legislation and regulation, communication issue, leadership issue, and senior management involvement".
After content analysis, 40 of the original 47 described situations were selected, coded and length edited with a maximum of 100 words. Seven items were excluded because of repeatability. In addition, the following five thematic clusters were identified as underlying constructs by reviewing and merging the SMEs suggestions regarding possible root causes for the reported incidents: • Management commitment; • Competence of employee; • Communication between organizations; • Different organizational culture; • Different regulatory framework; Formal definitions of these five constructs are presented in Table 1.
The five identified constructs and their frequency of occurrence in the reported situations is shown in Figure 2. SMEs suggested that communication issues between the companies was the most frequent reason for critical incidents during outsourcing (13/40), while different regulatory frameworks for outsourcing relationships was only mentioned twice (2/40).

Construct Definition
Competence of employee Practical and theoretical job knowledge, awareness to GxP, cognitive skills.

Management commitment
Direct participation by the high-level executives in formulating and establishing quality policies and objectives; providing resources and training; evaluating and revising the policy in light of results achieved.
Communication between organisations Understanding that partners see both an upside and downside to making a big commitment to the efficacy of outsource performances. Negotiation and valuable contracting process.
Different organisational culture Set of shared assumptions, values, beliefs, ethics, policies that influences the behaviour and thinking of employees.
Different regulatory framework Legislation and regulatory authority timelines for approval in country of contract giver company and country of outsourced organisation.  Many of the reported incidents (26 situations) have been noticed during the GxP audit by the contract giver company or regulatory inspection. In some cases, the incident was closed by ceasing the contract and/or opened other questions about product quality and patient safety. Summarizing the described incidents, the situations' outcomes were mostly as following: • Training of employees as well as senior management; • Revision of Technical Agreement; • Preparation of the Contingency Plan; • Re-audit of the outsourced organization; • Ceasing the contract.
These outcomes could have a serious impact on business performance in terms of stock-outs and financial loss. It is necessary to pay attention on the preparation and negotiation phase in outsourcing, especially on holistic perception of business processes, including quality management outputs.

Sampling and Data Collection Procedure
In the second empirical study, the 40 critical incidents were rated by another team of ten experts, each with more than ten years of professional background in German pharmaceutical companies and a managerial position in the fields of Quality Management or Regulatory Affairs. The SMEs were selected from five contract giver companies (3 innovative and 2 generic pharma companies) as well as from five service provider companies (3 Logistic, 1 Regulatory Affairs, 1 Clinical Research Organization). Gender balance was considered (6 females and 4 males). Our first contact with the SMEs was via LinkedIn in October 2017. The critical incidents from the first empirical study were randomized and for each incident, the SMEs were asked to: 1. Rate how well the described incident reflects a realistic situation by using a Likert-type scale from 1 to 7 (7 is the most realistic); 2. Rate how well the described incident reflects a problematic situation for middle and senior management by using a Likert-type scale from 1 to 7 (7 is the most problematic); 3. Assign which of the five variables related to outsourced process performance (see Table 1) were the most relevant for handling the situation effectively; 4. Describe additional situations if you think the current collection is missing critical incidents in which outsourced process performance is manifested.
This paper-based questionnaire was sent to SMEs by e-mail. The results were manually transferred to SPSS software. The collected data was analyzed regarding to descriptive statistics, such as mean value, standard deviation, as well as interrater agreement calculation of Kohen´s k, by using the software SPSS. Based on the results, the original collection of critical incidents was adapted and is presented in Appendix B of this paper.

Descriptive Statistics
Each SME rated each critical incident and no data points were missing. Overall, 24 items (from 40 in total) were rated with a mean value higher than five regarding their degree of realism and severity. A summary of the descriptive statistics for the 24 items rated on seven point Likert-type scales is provided in Table 2, including all ten SMEs' ratings for the first questions separately (question 1: Q i -real., question 2: Q i -prob.) and a differentiation by the two groups of contract giver and service provider.

Item
SMEs total (N = 10) SMEs contract giver (N = 5) SMEs service provider (N = 5) According to the descriptive statistics, there is partially missing agreement between contract givers and service providers regarding the items' degree of realism. In particular, the items Q1, Q2, Q4, Q10, Q14, Q15, and Q19 show high perception differences with mostly representatives of the service providers group evaluating these items as rather unrealistic (except of Q10). Furthermore, for the items Q1, Q9 and Q35 the data of the total sample shows strong spreading (SD > 2); the service providers' data for the items Q1, Q4, Q14, Q15, and Q35 and the contract givers companies' data for the items Q9, Q10, Q24 and Q29.

Interrater Reliability
Besides rating the situations' degree of realism and criticality, the SMEs allocated the items to one of the five constructs identified as related to outsourced process performance. The agreement between the experts was determined according to Cohen's kappa statistic (κ). Since this statistic is used for calculating the agreement between two raters, first the agreement between each pair of experts was evaluated and then the algorithmic mean was calculated to represent an overall agreement index (Light, 1971). Based on the 45 pairs shown in Table 3, an overall agreement index of 0.21 was reached. The value indicates that there is only fair agreement between the experts' ratings. According to Landis and Koch (1977) values between 0.21 and 0.40 are considered fair, between 0.41 and 0.60 as moderate, and above 0.60 as good or very good (> 0.80).

Discussion and Implications
This paper contributes three key insights to the research field of quality in outsourcing. The first refers to quality standards implementation and reported behaviors in outsourced processes in the pharmaceutical supply chain, which includes manufacturing, distribution, clinical trial, regulatory affairs, marketing, and IT service. Quality standards for pharmaceutical companies (GMP, GxP, ICH) are very high, but they are mostly focused on technical and documentation perspectives. In accordance with pharmaceutical legislation, one of the prerequisites for the organization to be engaged is the possession of pharmaceutical quality standards. Although service providers appear to implement the required quality standards, in this study, serious errors, deviations and incidents were reported. One of the most important preconditions for successful outsourcing is a mutual understanding of both companies' Quality Management Systems (QMS). It is not considered sufficient to introduce the QMS during audits only for avoiding incidents (Appendix B). The findings of this study provide a first basis for improving the mutual understanding between contract givers and suppliers.
The second relates to the improvement of outsourcing efficacy and quality by paying attention to the five identified constructs (i.e. communication between organizations, different organizational culture, competence of employees, management commitment, and different regulatory environment). These constructs are consistent with previous research about constructs of behavioral Quality Management (QM) practice (Cho, Jung & Linderman, 2017). Cho et. al. (2017) investigated the relationship between behavioral and technical QM to understand how the companies get a competitive advantage through QM practices, but they did not take into account the outsourced activities particularly. In order to provide further insights about this field of research, this paper presents empirical data that are valuable as a contribution to behavioral QM in outsourced activities in pharmaceutical supply chain. The most frequent causes of incidents appear to be communication and organizational culture (cp. Figure 2), which supports the assumption that increased attention to the employee behavior in the service provider would be beneficial. Third, this study showed that there are significant perception differences between SMEs from pharmaceutical companies as contract givers and service providers. Contract givers rated 23 of 24 selected items as realistic and problematic (i.e. mean value > 5), but service providers agreed only on six of these items (Table 2). It means that the attitudes and perceptions about criticality should be discussed and harmonized during the negotiation process of outsourcing. Item Q15 was rated by all SMEs as the most problematic situation (mean value = 7.00; SD = 0.00): Q15: "CRO associate did not forward the letter to investigators (Dear Investigator Letter), in which they were informed that it was decided to stop further recruitment of patients in one group of participants due to the serious adverse reaction..." Actually outsourcings of clinical studies represent the area of the highest risk, because of the investment, transactional costs and patient safety (Buonansegna, Salomo, Majer & Li-Ying, 2014). Beside item Q15, all of contract givers (SMEs from pharmaceutical industries) rated item Q2 as the most realistic and Q22 as the most problematic situations (mean value = 7.00; SD = 0.00): Q2: "During the GMP audit of contract manufacturing site, the Corporate Auditor noticed that most of the employees were not aware of Good Documentation Practice: documents were not timely approved, regularly updated and there were no traceability..." Q22: "The company outsourced all regulatory affairs activities, so nobody from CGC did have competence on this important pharma business field. The Country Manager needed a critical regulatory assessment to launch a new drug and he additionally engaged OO. Finally, regulatory assessment was wrong. The Country Manager realized that his company lost its key business competences and decided to re-evaluate the outsourcing strategy." The study's findings are considered relevant to quality management systems in all companies belonging to pharmaceutical supply chains, particularly around increased partnership among companies. The current list of critical incidents (Appendix B) provides a first basis for the proposed Risk-based Incident Management Framework and the following application scenarios: • Training of employees included in outsourced activities • Preparation for due diligence process • Preparation/ updating of the contingency plan in case of outsourcing • Facilitation of the quality risk management process Our cross-sectional study has limitations. For some items, the standard deviations regarding to evaluating the situations' degree of realism are relatively high (cp. Table 2), which is most probably explained by a lack of experience in these fields or situations. Furthermore, the interrater agreement regarding to the allocation of constructs is not satisfactory (cp . Table 3), which may be the result of an insufficient explanation to the SMEs involved in the quantitative study. In future studies, experts should receive in-depth information about the meaning of each construct and a training trial before allocating the relevant items. In addition, as critical incidents are rather complex items, they might relate to several categories (constructs). This issue was also indicated by the experts' remarks and is a well-known difficulty in the research field of Situational Judgment Tests (SJT), which are based on critical incidents as well (Weekley et al., 2006). Finally, yet importantly, the studies were conducted on samples with ten managers, which were identified as experts in the field of Quality Management. Due to the small sample size and the specific focus on pharmaceutical supply chain, the study's generalizability remains limited. Further comparable studies with higher sample sizes are needed to derive profound conclusions about roots causes for the occurrence of such critical incidents.

Conclusion
Especially in the field of pharmaceutical supply chain, the outsourcing of activities carries high risks for human safety, if quality standards are not met. Our mixed-methods approach for the identification of critical situations in pharmaceutical supply chain focused on the generation of a qualitative data set, that allows to draw first inferences about possible root causes. The five thematic clusters of management commitment, competence of employee, communication between organizations, organizational culture, and regulatory framework were identified as primarily underlying constructs. It is recommended to implement our proposed Risk-based Incident Management Framework, which is based on the collection of such incidents and to learn from experience as well as to anticipate the future with the objective of preventing serious health risks.
Further research could focus on the differing perceptions between contract giver companies and service providers as well as their relationship over time in terms of a longitudinal study. In addition, the influence of national culture appears to be interesting for further research in this field, as many outsourcing activities are located in foreign countries. In the future and as this collection of critical incidents is further improved, it could support preventing the occurrence of such incidents by using them as lessons learned for both contract giver and service provider. The usefulness and practical applicability of the proposed framework should be examined in future case studies with representative pairs of contract givers and service providers. Furthermore, the application of new technological developments in the field of sensors and traceability could be useful for dealing with many of the reported shortcomings and incidents. Overall, more research in this field would be helpful for preventing extremely risky situations for human safety.
• What is the social context of this incident (e.g. communication issue, lack of competency, cultural difference, senior management involvement, different regulatory framework in the country of outsource organisation)? #1 #2 #3

Appendix B: Critical Incidents
Code Critical incident

Q1
Regional Quality Director faced a risky situation during the audit of Service Provider (SP) in the area of storage and transportation. He/she noticed various deviations in terms of environmental conditions. Responsible person of SP neither reported, nor investigated the root cause of deviation, although it was explained with details in SOPs and Technical Agreement. Responsible person was not aware of her/his responsibility in this supply chain process and not committed to GDP guidance. Regional Quality Director decided to organise an extensive GDP training for all employees with a focus on Chapter 7 (outsourced activities).

Q2
During a GMP audit of the contract-manufacturing site, the corporate auditor noticed that most of the employees were not aware of Good Documentation Practice: documents were not timely approved, regularly updated and there were no traceability. Although, all employees were trained, the failure of data integrity was the common practice, supported even by QA manager. The General Manager did not understand the significance of the non-conformity either.

Q3
The company purchased an inventory management software from an IT organisation, which was obliged to validate and maintain the software. However, during the exploitation, it has been shown that the software has no traceability in the executed changes, so software validation was not completed. The IT Engineer acknowledged that it had not fulfilled its contractual obligations with the explanation that there were other urgent issues requested by his manager. The contract giver company urgently requested a software upgrade and revalidation.

Q4
Due to cost reduction, a company has outsourced PhV to a reputable outsourcing service provider (SP). However, the Regulatory Affair Director noticed some delay of the adverse event reports. The problem was that the new PhV associate of SP neither had enough knowledge and experience, nor respectable training about PhV. The RA Director urgently asked for additional audit to the SP in the QA area.

Q5
A service provider (SP) in the area of Regulatory Affairs (RA) suspended all activities and ceased the contract, because their key personnel left the organisation. The Country Manager and VP RA had different approaches to sort out the issue, so it caused serious delay in regulatory activities and stock out of the products. The final decision was to find another SP, but to include the clause about Business Continuity Plan/ Contingency Plan in the Technical Agreement.

Q7
The company outsourced IT activities to the SP located in a different country with another time zone. During the FDA inspection in the computer system, QA manager asked OO for the IT contingency plan, but nobody responded, even though they had been previously informed about the audit. The IT engineer did not think he had to be present out of his working time. The update of the Technical Agreement regarding the clause of 24/7 availability has been requested.

Q8
One employee of the service provider (SP) in the area of Pharmacovigilance (PhV) always provided PhV documents of poor quality, despite of trainings. The Regulatory Affairs Director of contract giver company (CGC) complained to the manager of SP and asked to fix the problem. The only solution that the manager offered was to punish the PhV associate by reducing the salary. The CGC decided to find another SP.

Q9
Although the drug was not under patent protection in the country where it was registered, it was under patent protection in the country where the contract-manufacturing site was located. The management did not pay any attention to it, so nobody could inform the Qualified Person (QP) for releasing the batches to the market. QP released the batches, because they were within the specification limits, but soon after, the patent holder has sued Marketing Authorisation holder, and all batches were recalled and destroyed.

Q10
The company decided to outsource manufacturing activities, but also to transfer manufacturing authorisation (MA) to the new manufacturing site. The project director of the SP organised two parallel activities: (1) MA transfer, and (2) Product transfer. The product transfer was performed on time, but the MA transfer delayed because of outstanding local Drug Agency approval. The consequence of poor coordination was the stock-out of the product, as well as destruction of three validation batches, because of expiration date in meantime.

Q11
The contract giver company (CGC) outsourced archiving of registration dossiers to the service provider (SP). The Regulatory Affairs Director of CGC asked for one archived document, but an employee of the SP could not find it, avoiding any responsibility. The RA Director has performed an urgent audit and found many non-conformities.

Q12
The Supply Chain Manager (SCM) contracted a service provider (SP) for the transportation of expensive drugs from wholesaler to the clinics. On admission to the clinic, a technician noticed highly contaminated transport boxes with residues of rodents and insects and told the Supply Chain Manager that this delivery was not acceptable. The SCM required an urgent audit to the SP and it was noticed that the vehicle, along with drugs, also transported another type of goods. Hygiene was at a very poor level. The manager of the SP explained that they were not paid to drive only medicines and in this case, they would terminate the contract.

Q13
During an audit of the contracted warehouse, the corporate auditor noticed dirty and mouldy pallets. Furthermore, that moisture in the storage area was very high, although relative humidity limits were not explicitly specified for this class of medicines. The auditor insisted to set up the limits because the moisture in the warehouse was extremely high. The warehouse manager did not want to accept this corrective measure. The corporate auditor strongly recommended to terminate the contract.

Q14
Distribution of the drugs in "cold chain regime" was outsourced. The Quality Director of the contract giver company (CGC) required that all validations have to be performed by the SP. However, the SP's validation team performed neither the qualification of transportation route, nor the qualification of the "cool boxes". The Quality Director complained, but the SP's QA manager explained that this type of validation would be an extra payed service. He also explained that none of the validations considered qualification. CGC had to contract this service additionally.

Q15
The contract research organisation's (CRO) associate did not forward the letter to investigators (Dear Investigator Letter), in which they were informed that it was decided to stop further recruitment of patients in one group of participants due to the serious adverse reaction. The investigators continued to recruit the patients, which led to patients being compromised. In addition, the investigators asked for payment per patient, so these clinical study expenses exceeded the budget. The CRO's manager did not want to collaborate in this failure. The project manager of the sponsor´s company proposed to terminate the contract with this CRO.

Q19
During the preparation for good manufacturing practices (GMP) inspection, the Quality Director noticed that the contracted QC laboratory did not perform all tests according to the guideline. Unfortunately, nobody noticed this failure, even the QC manager who approved the analytical transfer report. Analytical transfers should be repeated, but require additional time and money.

Q20
During the good distribution practice (GDP) audit, the Corporate Auditor noticed that the outsourced warehouse did not have access control. The OO's Warehouse Manager did not accept this, because "neither theft nor burglary had happened before". In addition, Warehouse manager added that anything could not be possible to do without permission of the director. The director was not present in the opening and closing meeting, and he did not want to collaborate.

Q21
The Supply Chain Manager (SCM) constantly met the out-of-stock problem. Very often, wrong Certificates of Analysis (CoA) and Conformity (CoC) followed the goods sent from the contract-manufacturing site. Due to these omissions, goods at customs were kept longer than planned. The SCM requested that CoA and CoC have to be sent by email prior to shipment on checking by the Quality Manager of CGC.

Q22
The company outsourced all regulatory affairs activities, so nobody from CGC did have competence on this important pharma business field. The Country Manager needed a critical regulatory assessment to launch a new drug and he additionally engaged SP. Finally, regulatory assessment was wrong. The Country Manager realised that his company lost its key business competences and decided to re-evaluate the outsourcing strategy.

Q24
Reviewing the batch manufacturing records from the contract-manufacturing site, the Qualified Person for Batch Release (QP) noticed that one batch has been reprocessing without any approval and risk assessment. However, the Responsible Person (RP) from the contract-manufacturing site explained that rework and reprocessing depended on the Production Manager's evaluation. The QP was very concerned with this answer, because it was completely against the rules of good manufacturing practices (GMP). The QP requested the risks assessment of all batches due to patient safety and in case of high risk, all batches would have to be recalled from the market.

Q25
During the good manufacturing practices (GMP) audit, the auditor suspected on data integrity in the records of ambient condition. The Microbiology Technician signed and dated the records, but this day he was on holiday.
The QA manager of the outsourced microbiology lab tried to justify the technician doubting the correctness of the access control software and dragging himself into more and more lies. This organisation had a huge problem with data integrity and urgent training was required.

Q26
During auditing the SP, the Corporate GxP Auditor noticed that the SP had neither a calibration plan, nor a preventive maintenance plan. The Responsible Person (RP) of the SP was very motivated to improve the quality system and suggested a CAPA plan. When the GxP Auditor called the SP and asked for CAPA plan, he got the answer that the RP went to another company and that the SP's director had not yet given the "green light" to recruit a new person. The GxP Auditor suggested ceasing the contract with this SP.

Q28
The transportation of "cold chain" products was outsourced. The Quality Manager received complaints and the request from the Regulatory Authority to recall three batches of insulin, because results of laboratory analyses were out of specifications. The root cause of this deviation was storage of the products on higher temperature than allowed for "cold chain regime". Detailed audit on the SP was performed, but all processes were in accordance with the rules of good distribution practices (GDP). The SP's Responsible Person (RP) was supportive to continue further investigation. Finally, conclusion was that the Technician from a hospital pharmacy did not know that this product had to be immediately stored in the refrigerator.

Q29
The contract giver company (CGC) outsourced drug distribution to a reputable logistic company on the global level. Because of small quantity of drugs (cold chain regime), the outsourced logistic company subcontracted a local logistic organisation. However, on the border there was a several-day strike by the Customs Officer, so the driver turned off the car and went to stay in the hotel. He did not know that there were drugs of "cold chain regime" in the vehicle. Unfortunately, when the Responsible Person (RP) in the warehouse checked the temperature log, results were out of limits. This led to an out-of-stock situation, because all drugs were destroyed.

Q35
Because of floods, the outsourced warehouse was in risk. The Supply Chain Manager (SCM) from the contract giver company (CGC) asked the SP's manager to move the goods to their back-up location. Unfortunately, the back-up location was not qualified. A crises management team from both companies decided to move the goods to this back-up location, accepting the potential quality risk for the products.

Q39
The contract-manufacturing site delivered three batches of the same product within the same delivery. National QC laboratory tested the samples of each batch and found that one batch was out of specifications. The Quality Director of the contract giver company (CGC) immediately complained to the contract-manufacturing site's QC Manager. The QC Manager accepted this complaint and admitted the error, but he did not accept returning this batch due to complicated regulatory procedures. The Quality Director faced issues regarding drug destruction as well as doubts about the SP's "hidden intension". Article's contents are provided on an Attribution-Non Commercial 4.0 Creative commons International License. Readers are allowed to copy, distribute and communicate article's contents, provided the author's and Journal of Industrial Engineering and Management's names are included. It must not be used for commercial purposes. To see the complete license contents, please visit https://creativecommons.org/licenses/by-nc/4.0/.