Daniel Hartnett, associate managing director of the Compliance Risk & Diligence Practice of Kroll, advises on the steps that pharmaceutical companies should take to reduce the risk of dealing with third parties, as they develop a COVID-19 vaccine.
Hartnett defines “third party” as any partner providing a service or product within the end-to-end supply chain. In the pharmaceutical industry, such entities are often familiar to the manufacturer and have been thoroughly vetted. But with the global spread of COVID-19, current supply chains aren’t always equipped to meet the demand for product. And that means companies must onboard new third parties, many of which they aren’t familiar with.
Risk can arise in numerous ways in third-party relationships, including theft, regulatory concerns, bribery and corruption, the supplier’s financial stability, and cybersecurity. The COVID-19 supply chain must vet for all eventualities, Hartnett says.
To some extent, pharma companies can draw on the lessons of the past, given their experience in developing vaccines for previous pandemics. But the effort to fight COVID-19 will also require new partners, jurisdictions and packaging formats. So while the preferred choice is to work with known vendors, companies must also take action to ensure that newcomers to the supply chain are completely reliable.
From the moment a prospective new third party is identified, companies should undertake regulatory due diligence. They must determine whether the supplier in question has properly vetted its own employees, has secure access protocols in place, and is maintaining a strong cybersecurity culture. A visit to the Dark Web might also be necessary to determine what intellectual property has been leaked. All of these measures are even harder to achieve when the third party in question is located far from the manufacturer’s own facilities. But it’s vital to focus on which third parties represent the greatest risk, wherever they might be.
Timely, incisive articles delivered directly to your inbox.