Archives: Published Articles

What’s in Your Quality Manual?

Q. I’m a new employee for a start-up company and have been tasked with writing the quality manual for my company. I have searched but have been unable to find regulations that define what is contained in this document. Can you help?

 

A. The short answer is there is little guidance on what the actual content of a quality manual should contain. It is clear, when reviewing the regulations, there is an intent to have documentation regarding a company’s overall quality approach.

 

Quality System

 

In Europe, EudraLex Volume 4, Chapter 1, titled Pharmaceutical Quality System, section 1.7, states:

 

“the Pharmaceutical Quality System should be defined and documented. A Quality Manual or equivalent documentation should be established and should contain a description of the Quality Management System including management responsibilities”

 

The United States Code of Federal Regulations (CFR) doesn’t mention a quality manual but does mention a need for a quality policy in the medical device regulations. US 21 CFR 820.3 states:

 

“Quality policy means the overall intentions and direction of an organization with respect to quality, as established by management with executive responsibility” .

 

And in section 21 CFR 820.20, the regulation states a,

 

“Quality policy. Management with executive responsibility shall establish its policy and objectives for, and commitment to, quality. Management with executive responsibility shall ensure that the quality policy is understood, implemented, and maintained at all levels of the organization”.

 

Quality Manual Examples

 

The best quality manual examples source for what you should include in your quality manual comes from the International Council for Harmonisation (ICH) in the ICH Q10 document titled Pharmaceutical Quality System. Section 1.8 of this document states:

 

“A Quality Manual or equivalent documentation approach should be established and should contain the description of the pharmaceutical quality system. The description should include; (a) The quality policy (see section III). (b) The scope of the pharmaceutical quality system. (c) Identification of the pharmaceutical quality system processes, as well as their sequences, linkages, and interdependencies. Process maps and flow charts can be useful tools to facilitate depicting pharmaceutical quality system processes in a visual manner. (d) Management responsibilities within the pharmaceutical quality system (see section III).”

 

Quality Assurance

 

Just to be clear, the quality assurance manual applies to the entire company and not just the quality department, similar to how the term quality culture is not referring to the culture of the quality department but the entire company’s approach to culture.

 

Because the quality manual governs the entire company, it is advisable that it be constructed with teams who have access to the various supplier quality manual data. This collaboration helps ensure the overall purpose and scope of the document is representative of the company’s business.

 

Purpose Statement

 

A simple purpose statement might say something to the effect, “The quality system described is intended to ensure the facility is compliant with [list regulations] and serves as the basis of the Quality Systems that apply to [list company name], products, and current good manufacturing practice (CGMP) activities.”

 

The scope statement can be just as simple and state something to the effect that the quality systems described apply to all products, personnel, and manufacturing operations to ensure products meet the requirements for safety, identity, strength, and purity.

 

FDA Inspection

 

Another section to consider adding for FDA inspection purposes is a section of definitions. It is my experience that each company/facility utilizes their own acronyms during an internal audit. Any special acronyms being used at the facility should be defined in the definitions section along with common acronyms such as CGMP, FDA, EU, SOP, etc. Having a definition section helps everyone (employees, auditors, clients, regulators) understand the overall quality system as it applies to your facility.

 

Management Responsibilities

 

The next section I would recommend being included is an organizational chart. The organizational chart should demonstrate the reporting hierarchy of the company to demonstrate the independence of the quality organization.

One of the most critical sections to include in your quality control manual, in my opinion, is the section on management responsibilities. In this section, you should introduce the company’s management review responsibilities as well as the senior management titles that are responsible for overseeing the pharmaceutical quality system and the management review meetings.

 

Quality Management System

 

The next critical section to include is an overall description of the quality management system in effect at your company. In this section, you can describe your company’s approach to all the applicable systems utilized by your company for planning, documenting, implementing, and monitoring the activities that potentially impact product quality and patient safety.

 

These processes included but are not limited to quality by design, quality risk management, corrective and preventive actions (CAPA), change control management, management of materials, and maintenance of facilities. In describing the quality management system, you should discuss how it relates to manufacturing, facilities and equipment, materials, packaging and labeling, and laboratory controls. If you outsource an activity, you should note that the activity is outsourced and your oversight responsibilities.

 

Approval Process

 

The last element of quality assurance for your quality manual is its approval process. In my opinion, the quality manual should be agreed to and signed off by representatives from the various departments it governs. The final step in the process is to ensure that everyone, from senior leadership on down, is trained and understands the quality manual and how it relates to their job responsibility.

 

If you follow this simple approach to constructing a quality manual you will have an easy-to-follow, comprehensive document that communicates the company’s commitment to manufacturing safe and effective pharmaceutical products.

 

RCA

 

Pharmaceutical Technology
Vol. 46, No. 2
Pages: 50, 49

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

FDA 483 & CAPA Requests

Pharmaceutical Technology spoke with Regulatory Compliance Associates about receiving an FDA 483 and developing a corrective action and preventive action (CAPA) plan.

 

PharmTech: What are the best practices for developing a detailed CAPA after receiving an FDA 483?

 

RCA: A CAPA program requires a well-documented system that determines the root cause of non-conformances, system failures, or process problems, corrects them, and prevents them from recurring. A corrective action is a reaction to a situation that has occurred and is intended to fix the problem or modify the quality system so that reoccurrence is prevented.

 

The result is a complete documented investigation/solution that meets regulatory requirements and is the basis for effective continuous improvement. A preventive action is initiated to stop a problem from occurring. It assumes that monitoring and controls are in place to assure problems are identified and eliminated before they happen. If the quality system indicates a problem may develop, a preventive action should be implemented to avert the situation.

 

Preventative Action

 

PharmTech: A variety of recent FDA warning letters have cited companies for not providing the agency with ‘timely’ and/or complete CAPA plans in response to FDA 483s. What does the agency consider ‘timely’? Is there a time limit CAPAs should be performed by?

 

RCA: Response to a [FDA] warning letter should be done by writing a cover letter, and all observations need to be addressed as separate CAPAs. An appropriate sense of the urgency means your response should be received within 15 business days. It is advised to use the company’s CAPA form and cover letter instead of memo.

 

The response should include documentation of the investigation with a concisely stated root cause. Containment measures and corrections for each specific observation and identified corrective actions planned with date(s) for completion also need to be included. In addition, documentation of all containment and corrective actions that are completed at the time you submit the response should be included.

 

CAPA FDA

 

PharmTech: How should companies develop a CAPA in response to an FDA 483?

 

RCA: FDA will look for and review a company’s response. The investigator will get a copy of the FDA 483 response and will comment. As to whether the response is adequate or not will require additional review. If you don’t hear back from the regulatory contacts, don’t assume the FDA response was adequate. You should also follow-up within four to six months with a letter that includes evidence of the completed corrective actions and verification of effectiveness.

 

CAPA Records

 

PharmTech: If the agency feels the CAPA is ‘incomplete,’ how should a company respond to a CAPA plan request after a warning letter?

 

RCA: If FDA requests or proposes additional actions or asks for a more appropriate CAPA, this means FDA is concerned with the company’s first response. The proposed actions of the company were insufficient to correct the issues cited.

 

Presumably the company has retained a qualified and experienced third-party firm to provide guidance and if not, it is highly recommended to do so. The role of the third-party is to objectively review a company’s response to ensure it addresses all cited issues and can be implemented within an acceptable time to FDA.

 

CAPA Quality

 

PharmTech: How does a CAPA plan written in response to a request from FDA differ from an internal CAPA plan?

 

RCA: A company may consider their existing CAPA plan to be adequate until circumstances demonstrate that it is not. This may occur as the result of different situations that cause the weaknesses of a CAPA plan to rise to FDA’s attention. Perhaps there are numerous consumer complaints, recalls, or an FDA inspection that is the impetus that uncovers deficiencies or failures in a company’s CAPA plan.

 

Regardless of the reason, it is expected that FDA will request a company to address every issue associated with their CAPA plan and to understand what changes are needed and to implement them.

 

CAPA

Article Details

Pharmaceutical Technology
Vol. 42, No. 7
Page: 20

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Data Integrity & Quality Culture

Q. I have been hearing that regulatory authorities are beginning to audit companies regarding their ‘quality’ culture’s relationship to data integrity tools. Can you give me a little background on this issue?

 

data integrityA. The regulatory authorities have always been interested in data integrity tools. Recently, however, the specific culture of an organization is being connected to the veracity and accuracy of the data generated to support the quality of manufactured products. The theory is the more mature an organization is the more reliable the product support data are. To understand this concept thoroughly, we should start with a brief review of FDA’s quality metrics initiative.

 

Data Integrity Guidance

 

When FDA posted the first draft guidance, Request for Quality Metrics, the metrics chosen were lot acceptance rate, product quality complaint rate, invalidated out-of-specification (OOS) rate, and annual product review or product quality review on time rate. The guidance also contained three optional metrics intended to measure quality culture: measuring senior management engagement, corrective actions and preventive actions (CAPA) effectiveness, and process capability/performance.

 

Although the optional data integrity tools intended to measure quality culture were removed from the current version of the guideline, it is the first indication that regulators felt there was a correlation between culture and data integrity. At the same time the issue of quality metrics was being discussed, there was a resurgence of data integrity problems in the industry evidenced by the number of citations that reference this issue.

 

Data Integrity Issue

 

Between 2005 and 2016, approximately 225 FDA warning letters were issued with observations for data integrity. These observations included repeat human error deviations, insufficient training, system failures, inappropriate qualification or configuration of systems, poor procedures or not following procedures, and intentional acts of falsification.

 

The increase in data integrity observations prompted regulatory authorities to address the issue by releasing a series of guidelines that reemphasize the importance of data integrity. FDA, the Medicines and Healthcare products Regulatory Agency (MHRA) in the United Kingdom, the World Health Organization (WHO), and the Pharmaceutical Inspection Co-operation Scheme (PIC/S) have all released documents to reeducate the industry on data integrity concepts and expectations. In addition to the regulatory guidelines, the Parenteral Drug Association (PDA) released a free document titled Elements of a Code of Conduct for Data Integrity to help address the problem.

 

Quality Culture

 

One common theme permeating through these documents is that of quality culture. Regulators have linked the reliability of data to the existence of a quality culture as exemplified by statements taken directly from the guidance.

 

The PIC/S guidance on Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (5) states, ‘Management should aim to create a work environment (i.e., quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes. Organizational reporting structure should permit the information flow between personnel at all levels’.

 

MHRA Guidance

 

The MHRA guidance (2) titled ‘GXP’ Data Integrity Guidance and Definitions discusses organizational culture, stating:

 

‘The organization needs to take responsibility for the systems used and the data they generate. The organizational culture should ensure data [are] complete, consistent, and accurate in all its forms (i.e., paper and electronic)’ … ‘The impact of organizational culture, the behavior driven by performance indicators, objectives, and senior management behavior on the success of data governance measures should not be underestimated. The data governance policy (or equivalent) should be endorsed at the highest levels of the organization.’

 

WHO Guidance

 

WHO deals with the concept of quality culture in their document Guidance on Good Data and Record Management Practices by stating,

 

Adoption of a quality culture within the company that encourages personnel to be transparent about failures so that management has an accurate understanding of risks and can then provide the necessary resources to achieve expectations and meet data quality standards.

 

This same document states:

 

Management, with the support of the quality unit, should establish and maintain a working environment that minimizes the risk of non-compliant records and erroneous records and data. An essential element of the quality culture is the transparent and open reporting of deviations, errors, omissions and aberrant results at all levels of the organization, irrespective of hierarchy.

 

Regulatory Leadership

 

Based on the language used in data integrity guidance documents, it is clear that regulatory authorities consider quality culture an important element in establishing the veracity and integrity of the data being generated by companies that support the products they manufacture.

 

The trouble with quality culture is determining how to measure it. PDA has developed a culture assessment tool that links organizational attributes to specific behaviors.

 

PDA Guidance

 

Attributes were defined as elements of a quality system such as, but not limited to, deviations reporting, change control, CAPA, complaints, and environmental monitoring programs or systems. Behaviors were defined as intangibles such as, but not limited to, robust communication and transparency, rewards and recognition, employee engagement, and cross functional vision.

 

The theory was if quality attributes equaled quality behaviors, which then equaled quality culture, then if the quality attributes of a company could be measured, they would reflect the maturity of the quality culture of an organization. The PDA tool involves several steps that include training employees on the use of the tool, an onsite assessment, an all-staff survey, and finally analysis and action on the results.

 

ALCOA Data Integrity

 

There are, of course, other tools available to measure the culture of an organization. The real point is whatever tool your company uses to measure culture, it will be an important element in determining your data integrity risks and remediating them before an inspection.

 

Auditing a company to determine if their culture is conducive to generating data that meets the attributable, legible, contemporaneous, original, and accurate (ALCOA) concepts is on the horizon and may become a part of routine audits performed by regulators or industry auditors when evaluating the suitability of a manufacturer, potential partner, or service provider.

 

 

Article Details

Pharmaceutical Technology
Vol. 42, No. 10
Pages: 82, 81

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

CAPA Records: What’s the Right Balance?

Q: How much CAPA data do I need to support opening a corrective and preventive action investigation?

 

A: This is an interesting question because it raises the issue of whether a company is overusing or underusing the CAPA system. One data point is enough to open a CAPA depending on whether that data point is a significant occurrence. On the other hand, multiple similar deviations may be overlooked because they are deemed minor with little impact on operations. The most effective way to determine whether you should open a CAPA is to perform a risk assessment of the data.

 

Preventative Action

 

regulatory compliance

A single significant deviation, such as putting the wrong label on the product, should justify opening a CAPA. This type of production error carries a high risk and should consider preventative action Sops. If the mislabeled product is released with the incorrect label, it creates a serious risk to patient safety. The CAPA is necessary because it will enable the company to determine the appropriate actions needed to prevent the issue for recurring.

 

CAPA Manufacturing

 

In addition, the CAPA will prompt the company to review quality data across manufacturing lines and manufacturing facilities. This type of CAPA quality corrective solution to prevent recurrence can be implemented across the company. An example of a single CAPA records data point that does not necessarily need a CAPA opened might be a field complaint of a bottle of tablets that contained 99 instead of 100 tablets.

 

CAPA Quality

 

This occurrence should be investigated, but because it is low risk and more of an inconvenience to the patient, it may not require a CAPA. Opening a CAPA for this one event could be considered overusing the CAPA system. That being said, if the complaint department tracks these data and finds a significant upward trend of short count bottles over a short period of time, a CAPA may be warranted.

 

CAPA Corrective Action

 

Underusing the CAPA system is also a concern. Not considering corrective action when faced with CAPA records that suggests there is multiple occurrences of the same/similar deviation prevents the company from continuously improving processes. Let’s suppose that in reviewing deviations you notice that a few manufacturing employees have multiple deviations for the same minor issue in the same batch record over a short period of time and that the deviation has been determined to be human error and only retraining of the operators was performed.

 

CAPA Quality Assurance

 

In this scenario, it would be prudent to open a CAPA for several quality assurance reasons. First, human error is rarely the cause of a deviation. Second, obviously the retraining to prevent the error is not effective because the error keeps occurring. Third, the data are telling you that you may have an issue in how effective your process for investigating deviations is being implemented.

 

CAPA Audit

 

 

Conclusion

 

There is no hard and fast rule on how much data you need to open a CAPA. It could be one data point or several data points. The best tools to use to determine whether a CAPA is needed is a risk assessment of the data and common sense.

 

 

RCA

 

 

 

 

 

Pharmaceutical Technology

Vol. 47, No. 4
Page: 50

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Supply Chain Risk Management

The growth and globalization of the pharmaceutical supply chain make risk assessment more important than ever for pharmaceutical manufacturers. The authors describe a program to identify, prioritize, mitigate, and communicate risks in manufacturer–supplier relationships.

 

The global supply chain for the pharmaceutical industry has expanded during the past decade as companies have striven to be competitive and harness emerging technology. Foreign markets have emerged to offer lower costs for various products.

 

Many companies find managing global suppliers and product-quality issues to be challenging. Recent industry events such as the contamination of batches of heparin demonstrate that a lack of control in the global supply chain can lead to patient harm and death, product recalls, loss of integrity, and significant financial liability for a company.

 

Current good manufacturing practice (CGMP) regulations states companies that design & manufacture pharmaceutical products must ensure that all components, raw materials, and product from suppliers meet predetermined specifications. Further, supplier relationship management is a crucial function to review current suppliers & their operations are in a state of control.

 

In today’s climate, companies should use a risk management program to assess their suppliers’ ability to provide material suitable for the manufacture of medicinal products. A risk-management program should help companies evaluate and control supplier quality and quality of the supply chain. The US Food and Drug Administration’s Pharmaceutical CGMPs for the 21st Century initiative is intended to enhance and modernize the regulation of pharmaceutical manufacturing and product quality. Its goal is to bring the pharmaceutical industry in line with the risk-management activities the medical-device industry uses to reduce patient and business risk.

 

FDA’s expectations are outlined in the International Conference on Harmonization guidelines (Q7, Q8, Q9, and Q10). Several key elements can help control and limit risk throughout a global supply chain. These articles discuss risk prioritization, risk assessment, risk control, risk communication, and risk review in greater detail.

 
 

About the Article:

 
regulatory compliance
 
Pharmaceutical Technology 
Volume 2008 Supplement, Issue 5
Susan J. Schniepp

Complete article published in PharmTech.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Pharma Courses

When in-person training may not be feasible, there are still pharma courses that can ensure employees receive the required career development, says Susan J. Schniepp, distinguished fellow, Regulatory Compliance Associates.

 

Q. I am in charge of Quality training activities for my company. Company policy requires all employees receive annual good manufacturing practice (GMP) training. Since many employees are now working from home, I am struggling with how to deliver effective FDA training during a pandemic, and I want to rewrite the policy to eliminate this requirement. Is annual GMP training a regulatory requirement, and can I eliminate this requirement and still be compliant with the regulations?

 

A. It is important to maintain pharma courses for training employees even during highly challenging circumstances. In the United States, the regulatory expectation for training is defined in 21 Code of Federal Regulations (CFR) 211.25, which states:

 

“Each person engaged in the manufacture, processing, packing, or holding of a drug product shall have education, training, and experience, or any combination thereof, to enable that person to perform the assigned functions. Training shall be in the particular operations that the employee performs and in current good manufacturing practice [CGMP] (including the current good manufacturing practice regulations in this chapter and written procedures required by these regulations) as they relate to the employee’s functions. Training in current good manufacturing practice shall be conducted by qualified individuals on a continuing basis and with sufficient frequency to assure that employees remain familiar with CGMP requirements applicable to them”.

 

EudraLex Guidance

 

In Europe, EudraLex Guidelines for Good Manufacturing Practice for Medicinal Products for Human and Veterinary Use has similar requirements specified in Volume 4, Part 1, Chapter 2, which states:

 

“The manufacturer should provide training for all the personnel whose duties take them into production and storage areas or into control laboratories (including the technical, maintenance, and cleaning personnel), and for other personnel whose activities could affect the quality of the product.”

 

The guideline also states:

 

“Besides the basic training on the theory and practice of the quality management system and Good Manufacturing Practice, newly recruited personnel should receive training appropriate to the duties assigned to them. Continuing training should also be given, and its practical effectiveness should be periodically assessed”.

 

The regulatory expectation is that companies continue to provide “a high level of assurance that manufacturers comply with CGMP and that products meet specifications,” even during exceptional times.

 

FDA Training

 

To ensure that FDA training requirements are adhered to and your compliance posture is not jeopardized, I recommend you start by triaging your employees. Those employees in critical roles should be your first priority to receive the necessary pharma courses in a timely manner. Employees in less critical roles could receive the training at a later time or maybe receive a truncated version of the training. Remember to document your decision in a well thought out and justified rationale.

 

The next hurdle to overcome is to determine the most effective way to deliver the training without wasting critical resources. This can be accomplished in a variety of ways. On-line training programs have been used to train remote employees for years. These programs have the capability of allowing the instructor to use virtual technology and embed questions into the presentation that must be answered before that trainee can continue. This is a great way to train people and measure the effectiveness of that training. It also allows the employee to complete the training as their schedule allows.

 

FDA GMP Training

 

If you decide to utilize this approach, you need to be sure to set a date for completion of the pharma courses and monitor the results of responses. Follow up with employees who may need additional GMP training or understanding of the concepts included in the FDA training.

 

Another approach would be to deliver the training as a webinar using a multiple person meeting app. You can prepare and distribute the information you will cover in the training, schedule a meeting time, deliver the training, and take questions from the employees during the webinar. If you have multiple manufacturing shifts, you can schedule a training session during each shift to make it easier for second- and third-shift employees to receive the training.

 

FDA Regulatory Training Courses

 

Another approach is to research virtual training and conference options offered by external organizations. Many trade organizations have converted their conferences and FDA training topics to virtual offerings covering a wide variety of topics. Many of these organizations offer the option of listening in real time or to taped recordings. Some of these venues are free, and some require a registration fee.

 

The sessions are usually 90 minutes in length, and many offer an opportunity to ask the speakers questions through a chatroom feature. If you are unable to listen to the webinar live, you may have the option to purchase a recording of it and listen to it at your convenience. The recorded option offered with these webinars can be valuable for training employees who work on the second and third shifts.

 

FDA Compliance Certification

 

The companies offering FDA compliance certification webinars advertise them well in advance of the event and often send out multiple reminders. The pre-event agenda for FDA compliance course usually highlights who will be speaking and their professional qualifications. The agenda can help you understand what content is involved in the certification, topics to be covered in the training, and what you will learn as a certified participant upon completion.

 

In addition, they will also make recommendations on who should attend so you can determine if this is appropriate training for your employees. In some cases, the webinar may offer continuing education credits for attending. This information should be printed out and used to demonstrate the appropriateness of the training.

 

FDA Website

 

Finally, you might consider using some employees who are not working remotely to lead some small-group internal training during their shift. Much of the content on the FDA website can be purposed in a train-the-trainer small group concept.

 

This satellite training can be led by a qualified, trusted, and trained employee representative that has the knowledge and expertise determined by their job experience and performance as determined by you. As with all other training, these discussions should be documented in your training system as well as the rationale for the selection of the designated trainer.

 

The bottom line is even though people are working remotely, and in-person training may not be feasible, there are still opportunities to ensure employees receive the required train-ng to meet your company’s training expectations. You should sign up to receive emails from companies and organizations that offer online training, review them to determine if they are applicable to your operations, determine who should attend from your company, and make sure you document their attendance for their training record.

 

regulatory compliance

 

Susan J. Schniepp
Pharmaceutical Technology 
Volume 44, Issue 8
 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].