Archives: Published Articles

FDA Inspections: Hope is Not a Strategy

Subject matter experts from Regulatory Compliance Associates® Inc. discuss how too many organizations scramble when an FDA inspection occurs because they fail to be adequately prepared. True inspection preparedness, however, supplements internal audits with a practiced inspection process and focused behavioral training.

 

 

Internal Audit

 

While internal audits are a key component of inspection preparedness, they tend to be informal, less intense, and more focused on auditing than inspecting. True inspection preparedness supplements internal audits with a practiced inspection process and focused behavioral training for key personnel.

 

Before a FDA inspection occurs, organizations should have an inspection process in place and conduct mock inspections. Like any process, inspection readiness needs a plan that is executed, assessed, and continuously improved upon. 

 

Roles & Responsibilities 

 

The Inspection Room (Front Room) 
While inspectors often walk the facility, the inspection room provides a meeting space to review documentation and answer questions from the inspectors. In this “front room,” system owners or subject matter experts (SMEs) review and present materials to the FDA inspector. 

 

The Control Room (Back Room) 
The control room provides the documentation, interviewees, and preparation that is needed to support the inspection process. This “back room” team processes requests for information, retrieves documents from electronic systems, and also triages documents as needed. The control room is staffed with quality and technical personnel who log requests for information and alert department heads within the organization. 

Control room personnel should always:

  • Conduct a minimum of two reviews of every document prior to sending it to the inspection room:
  • Quality Review:
    • Make sure it points to valid SOPs and Work Instructions, etc.
  • Technical Review:
    • Make sure the SMEs have reviewed and are prepared to speak to the process with the inspector
  • Have back-up printers, toner, copiers and paper on hand

Some organizations appoint runners to take the data back and forth between the control room and inspection room. There are technology solutions to operationalize the inspection process as well. 

 

Behavioral Training

 

In the past, employees were often trained to give curt answers to FDA inspectors to avoid inadvertent revelations to the agency. This approach created fear and mistrust among employees, and set up adversarial relationships with FDA staff. In order to create the most beneficial inspection process environment, however, both the agency and the company need to form a partnership. Key behavioral tips for success include:

 

  • Empower the inspection and control room teams.
  • Bring SMEs into the control room to help gather data, review documents, and consult on the answer before they are summoned to the inspection room.
  • Help SMEs understand their role in the bigger picture of the inspection. Prep them on related questions that have already been asked.
  • Don’t allow an SME to bring in notes or an uncontrolled document.
  • Use the control room to debrief SMEs after meetings with the inspector.
  • Anticipate and prepare. The language used in inspector requests can provide insights. Anticipate next questions, proactively pull documents, and understand related metrics. For example, if the inspector asks about CAPA, review related documents such as open CAPAs, high-risk CAPAs, the average length of time for CAPAs, and the longest time for open CAPAs. Be prepared to answer the inspector’s next questions.

Practicing the inspection process, however, can be one of the best ways to help employees learn appropriate behaviors and response techniques. Train employees to:

 

  • Focus on the question asked; restate the question when unsure of what’s being asked.
  • Readily admit to not knowing an answer, but provide a date and time when the answer will be provided.
  • Create an environment that reinforces the positive but recognizes weaknesses, such as “we understand this is an area for improvement,” rather than “this has been a problem for a long time.”
  • Recognize the need for training across the organization on inspection readiness. Consider off-site locations as well. The FDA inspection process starts when the FDA inspector pulls up into the parking lot and interfaces with reception and security personnel. Don’t limit inspection training to just inspection and SME personnel.

 

Mock Inspections

 

Many companies conduct internal audits as part of their inspection readiness strategies. Mock inspections, however, take the next step and allow companies to actually practice the inspection room, the control room, and inspector interaction. 

 

During mock inspections, organizations set up inspection rooms and control rooms to help teams learn how to readily access documentation that would potentially be requested during an inspection. Additionally, these practice sessions give employees an opportunity to demonstrate proper behavior and interviewing techniques when working with the regulatory agency. 

 

A mock inspection can also be used to probe further on issues uncovered during internal audits. The mock Inspection team should bring in SMEs and other personnel as needed for this activity. This approach helps the organization fully understand areas needing improvement, and gives them a platform to take corrective action before the agency actually arrives.

 

Being properly prepared for inspection ensures that the inspection process will run smoother, decreases the likelihood of observations, and helps groom the organization and individuals for higher levels of future performance. 

 

Published by:

 

 

 

Medical Device and Diagnostic Industry.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

GMP Manufacturing

When it comes to pharmaceutical manufacturing, ensuring a strong quality culture is one way to avoid recurring GMP issues, such as data integrity. Susan Schniepp, Distinguished Fellow at Regulatory Compliance Associates, and 2022 PDA Board of Directors Chair outlined the evolution of current quality culture initiatives and showcased some tools to help organizations build quality culture into GMP manufacturing operations during the Nov. 11, 2021, Redica Systems Quality Week webinar, “Past, Present, and Future of Quality Culture.”

 

“I think that is what we see sometimes in our industry,” she said. “We do not remember how we got some of the regulations that exist today, and we repeat our past mistakes.”

 

From Quality Metrics to Quality Culture

 

Schniepp began her presentation with a look at how quality culture evolved from the early 2010s discussion on quality metrics. Key points included the following:

 

  • On Oct. 5, 2005, CDER Director Janet Woodcock directed pharma manufacturers to build “a maximally efficient, agile, flexible pharmaceutical manufacturing sector that reliably produces high quality drug products without extensive regulatory oversight.” This set in motion CDER’s emphasis on quality in manufacturing.
  • Then, in 2012, the U.S. Congress passed the FDA Safety and Innovation Act (FDASIA). Title VII of the Act allows for risk-based inspection of manufacturing sites, including requesting records in advance, or in lieu of an inspection. Additionally, the Act requires the FDA to provide Congress with an annual report on the state of drug shortages.
  • Around the same time that FDASIA became effective, drug shortages became a critical concern for the agency. Schniepp pointed to aging facilities as one reason for shortages. “Tangential to metrics and quality culture, we had aging facilities, i.e., facilities producing many of the drugs showing up on the drug shortage list were degrading and not being maintained.” Quality issues at these sites had become apparent and potentially causing shortages.
  • In 2014, FDA proposed implementation of a quality metrics system to encourage adoption of quality-supporting practices.

 

GMP Manufacturing & Measuring Quality Culture

 

The quality metrics push resulted in a series of conferences by ISPE, PDA, and the Brookings Institution (Figure 1 below).

 

“One of the elements that came out of all of these discussions was the fact that you could request any metrics that you wanted. What FDA proposed initially was rejection rate on batches, CAPA rates, etc., but the conversation became that without the culture of the organization being assessed, you could not really count on the data. So, that is how [quality metrics and quality culture] tie together,” Schniepp explained.

 

Quality Metrics

 

“You needed to have a functioning, efficient, quality metric system that gives you reliable data. And you have to count on the integrity of the culture of an organization in order to have confidence in the data that it sends you. Off of that, the discussion turned to, ‘well, how do you measure quality culture?’”

 

GMP Manufacturing & Quality Culture Behavior

 

Schniepp was part of a PDA team studying the relationship between quality culture behavior and mature quality attributes to see if there was a set of mature quality attributes that could serve as a surrogate for quality culture behaviors (ISPE has also done work in this area). 

 

“’Mature quality attribute’” refers to “those things in your quality management system (QMS) such as your CAPA program, your change control, your investigations procedures, how you report deviations, how you record batch rejection rates, i.e., all of those things are in your quality culture or in your QMS.”

 

Quality Attributes

 

But her team wanted to know if mature quality attributes related to the behaviors of employees and management correlated with company culture, such as do people feel comfortable speaking up, do they talk to management about their concerns, do they understand their jobs, etc. The team’s research resulted in what Schniepp refers to as “the Culture Equation” (Figure 2).

 

regulatory compliance
Figure 2

 

“The foundation of this is quality attributes that are quantifiable and easily measured, provided they equal quality behaviors,” she said. “In other words, you have attributes reflected in your behaviors that then define your quality culture. So, if quality cultures equal quality behaviors equals quality culture, your quality attributes equal quality behaviors equal quality culture. If you can measure your quality attributes, you can define your quality culture.”

 

Operational Excellence

 

By surveying PDA’s membership, her team gathered enough data to conduct statistical analysis and was able to determine there is a relationship between quality culture behavior and quality attributes. They then worked with another team from the University of Saint Gallen’s operational excellence program. That team also found a correlation confirming “quality attributes equal quality behaviors equal quality culture.” 

 

The PDA and St. Gallen research resulted in the PDA Quality Culture Guided Assessment Tool, addressing five key areas in which companies should focus in order to build quality culture: Employee Ownership and Engagement, Continuous Improvement, Technical Excellence, Leadership Commitment, and Communication and Collaboration. This tool is currently under development as a PDA standard.

 

Quality Metrics, Data Integrity & Quality Culture

 

regulatory compliance

Figure 1

 

Data integrity is increasingly connected with quality culture. In the PIC/S guidance, Good Practices For Data Management And Integrity in Regulated GMP/GDP Environments, “they have defined quality culture, and they have given us a little bit of information about how management can create a work environment—a culture—that is transparent and open.” 

 

Schniepp also pointed to three other documents:

  • UK MHRA GxP Data Integrity Definitions and Guidance for Industry
  • WHO Guidance on Good Data and Record Management Practices
  • FDA guidance Data Integrity and Compliance With Drug CGMP Questions and Answers

 

“In their regulations, regulators are starting to define and link culture to data integrity violations,” she explained.

 

Data Integrity

 

She then provided a real-life example of a data integrity violation caused by a company’s culture.  

 

“This one is kind of an interesting one because it was really an attempt by management to encourage employees to do a good job, but what they did created integrity violations.”

 

A contract manufacturing organization (CMO) set a GMP manufacturing goal to release batch records to clients within 30 days of manufacturing the product. To encourage this, management dangled the carrot of a pizza party at the end of the year if this goal was met. In order to meet this goal, employees released batch records to clients even if investigations had not uncovered the root cause. Investigations would be prematurely closed and then reopened after the batch record had been sent to the client. 

 

“That, in and of itself, is a data integrity nightmare,” Schniepp said. “Can you imagine explaining in an audit by a regulator, ‘well, we wanted a pizza party?’”

 

GMP Manufacturing & Organizational Culture

 

Regarding deviation investigations, she told another story of a company for whom she worked that involved repeat observations. When reviewing deviations, she found that one operator had 30 deviations tied to him involving a specific product. This operator failed to sign the batch record during a specific point in time in manufacturing. His managers kept retraining him. 

 

[Author’s Note: Additional information about deviation investigations can be found in the articles, “GMP Inspection Case Study Focuses on Inadequate Deviation Investigations” and “How to Avoid Three Common Deviation Investigation Pitfalls.”]

 

Batch Records

 

In talking with the operator, Schniepp learned that in order for the operator to sign the batch record (according to GMP regulations at that particular point in manufacturing), the operator had to leave the product alone in the equipment, de-gown, sign the batch record, re-gown, and return, all the while hoping the product was okay. Out of concern for the product, the operator chose to stay behind and try to remember to sign the batch record once he was done.

 

“It was a poorly designed batch record process,” she said. But the operator did not feel listened to when he brought his concerns to management.

 

GMP Labeling

 

Schniepp then pointed out that other employees worked on the product under the same cGMP constraints. So, what were these other employees doing? How many other data integrity violations occurred? Was GMP labelling reviewed accurately?

“Nobody else was bringing it up. If you do not have that open culture, if you are not encouraging people to speak up and you are not listening to them, you do not have a good quality culture.”

 

The Future is GMP Manufacturing Quality

 

For further evidence of the importance of GMP certification and quality culture, Schniepp reviewed a 483 observation issued in 2019 with numerous examples of data mismanagement. The company in question then responded to FDA with a letter promising to ensure a robust quality culture going forward. [Author’s Note: For more about this GMP compliance incident, read the first case study in the article, “Data Integrity Concerns Discovered in Gene Therapy Product Submissions,” by Jerry Chapman.]

 

FDA 483

 

Schniepp believes this 483 observation shows FDA’s intent to heavily focus more on good manufacturing practices in future inspections. This means companies must develop or enhance their quality culture when thinking about how to prepare for upcoming inspections. 

 

“I believe we will see more of this,” she said. “More companies will be looking at their GMP manufacturing and trying to improve the Quality Culture.”

 

Otherwise, as she explained at the beginning of her presentation, companies who remain in the past when it comes to cGMP certified practices that lead to quality culture face the prospect of 483 observations, Warning Letters, and other negative outcomes.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Aseptic Processing 101

Susan J. Schniepp, Distinguished Fellow at Regulatory Compliance Associates, answers some commonly asked questions about aseptic processing and environmental controls.

 

Q. What is aseptic processing?

 

A. Aseptic processing is a manufacturing method that can produce product that is absent of bacteria without subjecting the product to terminal sterilization processes.

 

Aseptic Manufacturing

 

Many products degrade and become ineffective when subjected to the harsh conditions of terminal sterilization. Aseptic manufacturing allows these products to be produced in a sterile environment, allowing them to maintain their effectiveness while being safe to inject into patients.

 

Q. What is the difference between aseptic processing and terminal sterilization?

 

A. The major difference between aseptic processing and terminal sterilization is when the sterilization step occurs in the process. In terminal sterilization, the sterilization is performed after the API, excipients, containers, and stoppers have been assembled.

 

Sterilization

 

The final assembled product is then subjected to high heat and/or radiation that renders the product sterile. Terminal sterilization processes are harsh and can have negative effects on product efficacy.

 

Aseptic Container

 

For products that can’t withstand terminal sterilization, drug manufacturers employ aseptic manufacturing. The aseptic manufacturing process requires the drug product and any excipients, the container, and the stoppers to be individually sterilized.

 

Aseptic Clean Room

 

All must be done before being introduced into the cleanroom or sterile manufacturing core where the final product is manufactured. Additionally, this highly controlled environment is constantly monitored for air quality and potential microbial ingress.

 

Q. Why must manufacturers establish environmental controls for aseptic processes?

 

A. Let’s be clear, all drug manufacturing, including solid oral dosage form and terminal sterilization manufacturing are required to have established environmental controls.

 

Proper Aseptic Technique

 

This requirement is addressed in global current good manufacturing practices (cGMPs). The purpose of these controls is to prevent product contamination due to unsanitary conditions.

 

Environmental Controls

 

The environmental controls to be monitored include, but are not necessarily limited to, air quality including particulate matter, ventilation, temperature, humidity, air pressure, and microbial contamination.

 

The environment controls have, as expected, stricter limits for aseptic processing manufacturers due to the nature of their business.

 

Q. What does PUPSIT stand for, and why is it required?

 

A. PUPSIT is a term used in aseptic processing operations, and it stands for pre-use post-sterilization integrity testing. This testing is performed on the sterilizing filter after it is installed before product manufacturing. Follow up testing occurs again after the product manufacturing is completed.

 

Filtration Sterilization

 

The purpose of the pre-test is to ensure that the sterilization and installation process has not damaged your filter prior to the filtration of your product. The purpose of the post-test is to demonstrate that the filter remained intact and undamaged during actual product filtration.

 

An article published by the Parenteral Drug Association (PDA) states:

 

“Since 1998, the EU Guidelines to Good Manufacturing Practice: Medicinal Products for Human and Veterinary Use, Annex 1 (Manufacture of Sterile Medicinal Products) or ‘Annex 1’ has contained the requirement for verifying the integrity of a sterilizing grade filter before use and after its sterilization.

 

The requirement remained in the 2008 revision and in the 2017 draft revision to Annex 1. While not a requirement by the U.S. FDA, EMA inspectors and some PIC/S inspectors have been increasingly expressing expectations for companies to employ this testing procedure”.

 

The article goes on to explain the concerns that led to the PUPSIT requirement:

 

“Concerns have been raised that a sterilizing filter could develop certain flaws that would allow microbiological contamination to pass during filtration. The key is that flaws may be blocked or clogged by fluid contaminants or components during the filtration process and remain undiscovered during post-use integrity test. This phenomenon is sometimes referred to as ‘filter flaw masking’”.

Additionally, the article explores the rationale for not employing PUPSIT because of:

 

“the contamination/product deterioration risk associated with performing PUPSIT may greatly outweigh the risk of product contamination as a result of the masking effect.”

 

Sterile Filtration

 

To test a filter during sterile filtration, the sterile filtrate side must be under atmospheric pressure. This requires a fluid pathway to remove any wetting agent.

 

“The exposure of the downstream portions of the sterile product transport line poses a risk to maintaining the sterility of the filtered product. This, along with other risks, is greater than the remote likelihood of microbiological contamination from a flaw which can be masked during use of the filter that is not detected afterwards.”

 

PUPSIT

 

Further, the PUPSIT concept is still actively being debated. The best way to address the use/non-use of PUPSIT in your organization is to make sure you have an appropriate risk assessment in place defending your position.

 

Q. What makes aseptic drug manufacturing so challenging?

 

A. Aseptic manufacturing requires highly trained and experienced people to carry out the operations. Even when not in use, special equipment and cleaning procedures must be part of the constant environmental monitoring. Finally, the risk to the product and patients is significant when the aseptic process is compromised.

 

Article Details

 

regulatory compliance

 

Pharmaceutical Technology
Volume 45, Number 10
Pages: 58, 57

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

What’s in Your Quality Manual?

Q. I’m a new employee for a start-up company and have been tasked with writing the quality manual for my company. I have searched but have been unable to find regulations that define what is contained in this document. Can you help?

 

A. The short answer is there is little guidance on what the actual content of a quality manual should contain. It is clear, when reviewing the regulations, there is an intent to have documentation regarding a company’s overall quality approach.

 

Quality System

 

In Europe, EudraLex Volume 4, Chapter 1, titled Pharmaceutical Quality System, section 1.7, states:

 

“the Pharmaceutical Quality System should be defined and documented. A Quality Manual or equivalent documentation should be established and should contain a description of the Quality Management System including management responsibilities”

 

The United States Code of Federal Regulations (CFR) doesn’t mention a quality manual but does mention a need for a quality policy in the medical device regulations. US 21 CFR 820.3 states:

 

“Quality policy means the overall intentions and direction of an organization with respect to quality, as established by management with executive responsibility” .

 

And in section 21 CFR 820.20, the regulation states a,

 

“Quality policy. Management with executive responsibility shall establish its policy and objectives for, and commitment to, quality. Management with executive responsibility shall ensure that the quality policy is understood, implemented, and maintained at all levels of the organization”.

 

Quality Manual Examples

 

The best quality manual examples source for what you should include in your quality manual comes from the International Council for Harmonisation (ICH) in the ICH Q10 document titled Pharmaceutical Quality System. Section 1.8 of this document states:

 

“A Quality Manual or equivalent documentation approach should be established and should contain the description of the pharmaceutical quality system. The description should include; (a) The quality policy (see section III). (b) The scope of the pharmaceutical quality system. (c) Identification of the pharmaceutical quality system processes, as well as their sequences, linkages, and interdependencies. Process maps and flow charts can be useful tools to facilitate depicting pharmaceutical quality system processes in a visual manner. (d) Management responsibilities within the pharmaceutical quality system (see section III).”

 

Quality Assurance

 

Just to be clear, the quality assurance manual applies to the entire company and not just the quality department, similar to how the term quality culture is not referring to the culture of the quality department but the entire company’s approach to culture.

 

Because the quality manual governs the entire company, it is advisable that it be constructed with teams who have access to the various supplier quality manual data. This collaboration helps ensure the overall purpose and scope of the document is representative of the company’s business.

 

Purpose Statement

 

A simple purpose statement might say something to the effect, “The quality system described is intended to ensure the facility is compliant with [list regulations] and serves as the basis of the Quality Systems that apply to [list company name], products, and current good manufacturing practice (CGMP) activities.”

 

The scope statement can be just as simple and state something to the effect that the quality systems described apply to all products, personnel, and manufacturing operations to ensure products meet the requirements for safety, identity, strength, and purity.

 

FDA Inspection

 

Another section to consider adding for FDA inspection purposes is a section of definitions. It is my experience that each company/facility utilizes their own acronyms during an internal audit. Any special acronyms being used at the facility should be defined in the definitions section along with common acronyms such as CGMP, FDA, EU, SOP, etc. Having a definition section helps everyone (employees, auditors, clients, regulators) understand the overall quality system as it applies to your facility.

 

Management Responsibilities

 

The next section I would recommend being included is an organizational chart. The organizational chart should demonstrate the reporting hierarchy of the company to demonstrate the independence of the quality organization.

One of the most critical sections to include in your quality control manual, in my opinion, is the section on management responsibilities. In this section, you should introduce the company’s management review responsibilities as well as the senior management titles that are responsible for overseeing the pharmaceutical quality system and the management review meetings.

 

Quality Management System

 

The next critical section to include is an overall description of the quality management system in effect at your company. In this section, you can describe your company’s approach to all the applicable systems utilized by your company for planning, documenting, implementing, and monitoring the activities that potentially impact product quality and patient safety.

 

These processes included but are not limited to quality by design, quality risk management, corrective and preventive actions (CAPA), change control management, management of materials, and maintenance of facilities. In describing the quality management system, you should discuss how it relates to manufacturing, facilities and equipment, materials, packaging and labeling, and laboratory controls. If you outsource an activity, you should note that the activity is outsourced and your oversight responsibilities.

 

Approval Process

 

The last element of quality assurance for your quality manual is its approval process. In my opinion, the quality manual should be agreed to and signed off by representatives from the various departments it governs. The final step in the process is to ensure that everyone, from senior leadership on down, is trained and understands the quality manual and how it relates to their job responsibility.

 

If you follow this simple approach to constructing a quality manual you will have an easy-to-follow, comprehensive document that communicates the company’s commitment to manufacturing safe and effective pharmaceutical products.

 

RCA

 

Pharmaceutical Technology
Vol. 46, No. 2
Pages: 50, 49

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

FDA 483 & CAPA Requests

Pharmaceutical Technology spoke with Regulatory Compliance Associates about receiving an FDA 483 and developing a corrective action and preventive action (CAPA) plan.

 

PharmTech: What are the best practices for developing a detailed CAPA after receiving an FDA 483?

 

RCA: A CAPA program requires a well-documented system that determines the root cause of non-conformances, system failures, or process problems, corrects them, and prevents them from recurring. A corrective action is a reaction to a situation that has occurred and is intended to fix the problem or modify the quality system so that reoccurrence is prevented.

 

The result is a complete documented investigation/solution that meets regulatory requirements and is the basis for effective continuous improvement. A preventive action is initiated to stop a problem from occurring. It assumes that monitoring and controls are in place to assure problems are identified and eliminated before they happen. If the quality system indicates a problem may develop, a preventive action should be implemented to avert the situation.

 

Preventative Action

 

PharmTech: A variety of recent FDA warning letters have cited companies for not providing the agency with ‘timely’ and/or complete CAPA plans in response to FDA 483s. What does the agency consider ‘timely’? Is there a time limit CAPAs should be performed by?

 

RCA: Response to a [FDA] warning letter should be done by writing a cover letter, and all observations need to be addressed as separate CAPAs. An appropriate sense of the urgency means your response should be received within 15 business days. It is advised to use the company’s CAPA form and cover letter instead of memo.

 

The response should include documentation of the investigation with a concisely stated root cause. Containment measures and corrections for each specific observation and identified corrective actions planned with date(s) for completion also need to be included. In addition, documentation of all containment and corrective actions that are completed at the time you submit the response should be included.

 

CAPA FDA

 

PharmTech: How should companies develop a CAPA in response to an FDA 483?

 

RCA: FDA will look for and review a company’s response. The investigator will get a copy of the FDA 483 response and will comment. As to whether the response is adequate or not will require additional review. If you don’t hear back from the regulatory contacts, don’t assume the FDA response was adequate. You should also follow-up within four to six months with a letter that includes evidence of the completed corrective actions and verification of effectiveness.

 

CAPA Records

 

PharmTech: If the agency feels the CAPA is ‘incomplete,’ how should a company respond to a CAPA plan request after a warning letter?

 

RCA: If FDA requests or proposes additional actions or asks for a more appropriate CAPA, this means FDA is concerned with the company’s first response. The proposed actions of the company were insufficient to correct the issues cited.

 

Presumably the company has retained a qualified and experienced third-party firm to provide guidance and if not, it is highly recommended to do so. The role of the third-party is to objectively review a company’s response to ensure it addresses all cited issues and can be implemented within an acceptable time to FDA.

 

CAPA Quality

 

PharmTech: How does a CAPA plan written in response to a request from FDA differ from an internal CAPA plan?

 

RCA: A company may consider their existing CAPA plan to be adequate until circumstances demonstrate that it is not. This may occur as the result of different situations that cause the weaknesses of a CAPA plan to rise to FDA’s attention. Perhaps there are numerous consumer complaints, recalls, or an FDA inspection that is the impetus that uncovers deficiencies or failures in a company’s CAPA plan.

 

Regardless of the reason, it is expected that FDA will request a company to address every issue associated with their CAPA plan and to understand what changes are needed and to implement them.

 

CAPA

Article Details

Pharmaceutical Technology
Vol. 42, No. 7
Page: 20

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Data Integrity & Quality Culture

Q. I have been hearing that regulatory authorities are beginning to audit companies regarding their ‘quality’ culture’s relationship to data integrity tools. Can you give me a little background on this issue?

 

data integrityA. The regulatory authorities have always been interested in data integrity tools. Recently, however, the specific culture of an organization is being connected to the veracity and accuracy of the data generated to support the quality of manufactured products. The theory is the more mature an organization is the more reliable the product support data are. To understand this concept thoroughly, we should start with a brief review of FDA’s quality metrics initiative.

 

Data Integrity Guidance

 

When FDA posted the first draft guidance, Request for Quality Metrics, the metrics chosen were lot acceptance rate, product quality complaint rate, invalidated out-of-specification (OOS) rate, and annual product review or product quality review on time rate. The guidance also contained three optional metrics intended to measure quality culture: measuring senior management engagement, corrective actions and preventive actions (CAPA) effectiveness, and process capability/performance.

 

Although the optional data integrity tools intended to measure quality culture were removed from the current version of the guideline, it is the first indication that regulators felt there was a correlation between culture and data integrity. At the same time the issue of quality metrics was being discussed, there was a resurgence of data integrity problems in the industry evidenced by the number of citations that reference this issue.

 

Data Integrity Issue

 

Between 2005 and 2016, approximately 225 FDA warning letters were issued with observations for data integrity. These observations included repeat human error deviations, insufficient training, system failures, inappropriate qualification or configuration of systems, poor procedures or not following procedures, and intentional acts of falsification.

 

The increase in data integrity observations prompted regulatory authorities to address the issue by releasing a series of guidelines that reemphasize the importance of data integrity. FDA, the Medicines and Healthcare products Regulatory Agency (MHRA) in the United Kingdom, the World Health Organization (WHO), and the Pharmaceutical Inspection Co-operation Scheme (PIC/S) have all released documents to reeducate the industry on data integrity concepts and expectations. In addition to the regulatory guidelines, the Parenteral Drug Association (PDA) released a free document titled Elements of a Code of Conduct for Data Integrity to help address the problem.

 

Quality Culture

 

One common theme permeating through these documents is that of quality culture. Regulators have linked the reliability of data to the existence of a quality culture as exemplified by statements taken directly from the guidance.

 

The PIC/S guidance on Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (5) states, ‘Management should aim to create a work environment (i.e., quality culture) that is transparent and open, one in which personnel are encouraged to freely communicate failures and mistakes. Organizational reporting structure should permit the information flow between personnel at all levels’.

 

MHRA Guidance

 

The MHRA guidance (2) titled ‘GXP’ Data Integrity Guidance and Definitions discusses organizational culture, stating:

 

‘The organization needs to take responsibility for the systems used and the data they generate. The organizational culture should ensure data [are] complete, consistent, and accurate in all its forms (i.e., paper and electronic)’ … ‘The impact of organizational culture, the behavior driven by performance indicators, objectives, and senior management behavior on the success of data governance measures should not be underestimated. The data governance policy (or equivalent) should be endorsed at the highest levels of the organization.’

 

WHO Guidance

 

WHO deals with the concept of quality culture in their document Guidance on Good Data and Record Management Practices by stating,

 

Adoption of a quality culture within the company that encourages personnel to be transparent about failures so that management has an accurate understanding of risks and can then provide the necessary resources to achieve expectations and meet data quality standards.

 

This same document states:

 

Management, with the support of the quality unit, should establish and maintain a working environment that minimizes the risk of non-compliant records and erroneous records and data. An essential element of the quality culture is the transparent and open reporting of deviations, errors, omissions and aberrant results at all levels of the organization, irrespective of hierarchy.

 

Regulatory Leadership

 

Based on the language used in data integrity guidance documents, it is clear that regulatory authorities consider quality culture an important element in establishing the veracity and integrity of the data being generated by companies that support the products they manufacture.

 

The trouble with quality culture is determining how to measure it. PDA has developed a culture assessment tool that links organizational attributes to specific behaviors.

 

PDA Guidance

 

Attributes were defined as elements of a quality system such as, but not limited to, deviations reporting, change control, CAPA, complaints, and environmental monitoring programs or systems. Behaviors were defined as intangibles such as, but not limited to, robust communication and transparency, rewards and recognition, employee engagement, and cross functional vision.

 

The theory was if quality attributes equaled quality behaviors, which then equaled quality culture, then if the quality attributes of a company could be measured, they would reflect the maturity of the quality culture of an organization. The PDA tool involves several steps that include training employees on the use of the tool, an onsite assessment, an all-staff survey, and finally analysis and action on the results.

 

ALCOA Data Integrity

 

There are, of course, other tools available to measure the culture of an organization. The real point is whatever tool your company uses to measure culture, it will be an important element in determining your data integrity risks and remediating them before an inspection.

 

Auditing a company to determine if their culture is conducive to generating data that meets the attributable, legible, contemporaneous, original, and accurate (ALCOA) concepts is on the horizon and may become a part of routine audits performed by regulators or industry auditors when evaluating the suitability of a manufacturer, potential partner, or service provider.

 

 

Article Details

Pharmaceutical Technology
Vol. 42, No. 10
Pages: 82, 81

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].