Upload
georgina-elliott
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
©2008, PAREXEL Consulting
Effective Internal GMP Auditing Strategies
Massachusetts Biotechnology Council
October 3, 2008
Presenter:
David L. Chesney
Vice President, Strategic Compliance Services
PAREXEL Consulting
Lowell, MA
[email protected] 978-848-2256
- 2 -
©2008, PAREXEL Consulting
Agenda
Regulatory requirements, policies and “expectations”
“FDA cannot enforce an expectation – only a regulation” – (anonymous FDA attorney)
Elements of an effective internal audit program
What to look for and some interview techniques
Q&A
- 3 -
©2008, PAREXEL Consulting
Regulatory Requirements – FDA - Drugs
For biologic and non-biologic drugs subject to 21 CFR 211, there is no specific requirement for internal audits
21 CFR 211 contains no specific requirement for vendor audits either, however, 211.84(d)(2) states in part: “…a report of analysis may be accepted from the supplier of a component, provided that at least one specific identity test is conducted on such component by the manufacturer, and provided that the manufacturer establishes the reliability of the supplier's analyses through appropriate validation of the supplier's test results at appropriate intervals”
Vendor audits of contract laboratories are one way of complying with the underlined section
- 4 -
©2008, PAREXEL Consulting
Regulatory Requirements – FDA - Devices
For biologic and non-biologic devices subject to the Quality System Regulation, 21 CFR 820.22 requires that you perform quality audits of your own quality system (internal audits)
21 CFR 820.50, Purchasing Controls, requires in part: “Evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements. The evaluation shall be documented.”
While there may be ways other than audits to meet this requirement, auditing is the conventional means and is “expected”
- 5 -
©2008, PAREXEL Consulting
Regulatory Requirements – FDA - GLP
The GLP regulations, 21 CFR Part 58.35(b), require in part that the Quality Assurance Unit shall…
“(3) Inspect each nonclinical laboratory study at intervals adequate to assure the integrity of the study and maintain written and properly signed records of each periodic inspection showing…(specified items)... Any problems found during the course of an inspection which are likely to affect study integrity shall be brought to the attention of the study director and management immediately.
“(4) Periodically submit to management and the study director written status reports on each study, noting any problems and the corrective actions taken.”
- 6 -
©2008, PAREXEL Consulting
Regulatory Requirements – EMEA - Drugs
If your drug product (biologic or non-biologic) is licensed in Europe, you are subject to the Eudralex, Volume 4, Part 2, Chapter 9 requirement for “Self Inspection”
This section is detailed, but leads off with the statement that: “Self inspections should be conducted in order to monitor the implementation and compliance with Good Manufacturing Practice principles and to propose necessary corrective measures.”
- 7 -
©2008, PAREXEL Consulting
Current FDA Guidance
The FDA’s “Guidance for Industry: Quality Systems Approach to Pharmaceutical cGMP Regulations”, Part D (Evaluation Activities), #2 (Conduct Internal Audits) establishes as an FDA recommendation that “A quality systems approach calls for audits to be conducted at planned intervals to evaluate effective implementation and maintenance of the quality system and to determine if processes and products meet established parameters and specifications.”
Bear in mind that FDA Guidelines are not binding requirements, but are considered advisable steps and thus establish what many in the industry refer to as “expectations”
- 8 -
©2008, PAREXEL Consulting
FDA Policy on Access to Internal Audit Reports
FDA Compliance Policy Guide Section 130.300 states the current FDA policy for access to internal audit reports by agency personnel during inspections and at other times.
Basically, FDA takes the position that they have access to such reports but will choose not to access them except under certain narrowly described circumstances – see file below
Adobe Acrobat Document
©2008, PAREXEL Consulting
Internal Audits
Elements of an Effective Program
- 10 -
©2008, PAREXEL Consulting
Key Elements of an Effective Internal Audit Program
System based – either use the same “six system” approach used by FDA for GMP inspections, or tailor to your own quality system structure and hierarchy (if other than GMP, use the systems employed for the GxP area audited)
Planned – audits follow an established and documented methodology, with written audit plans and uniform report formats.
Tip: Avoid checklist reports – narratives are preferable; checklists are helpful for audit planning but should be augmented by narrative if used as the report
Prioritized – audits give first and most in-depth attention to areas that present the highest risk to product quality, for example:
Aseptic processing; terminal sterilization; formulation; labeling; others that directly impact safety, purity, potency, efficacy
- 11 -
©2008, PAREXEL Consulting
Key Elements of an Effective Internal Audit Program
Scheduled – audits are scheduled based on risk, and at a frequency adequate to provide current awareness of the state of control of processes and systems
Employ qualified auditors – audits are performed by personnel who understand the intricacies of the processes, equipment, products and systems they are auditing, and who also posses effective auditing skills
Keep audit staff up to date with current changes to regulations through support of professional development activities – conferences, association membership, etc.
Supported by management – Auditors have the support, attention and respect of department mangers and upper management of the company; they are seen as key members of the team working to a common objective, not the “police” engaged in a “gotcha” exercise
- 12 -
©2008, PAREXEL Consulting
Key Elements of an Effective Internal Audit Program
Balanced – Audits not only point out areas needing attention and correction, but also praise what is working well
Evaluated and Categorized – Individual findings are rated on a scale such as “Critical / Major / Minor” and the overall report is also rated on its total impact, for example, “In Compliance / Conditional / Unacceptable”; specific criteria define each of these or similar strata
Responsibility for Correction – is that of the auditee, not the auditor
Corrective actions are verified – Not only “Was it done?” but “Did it work out as planned?”
- 13 -
©2008, PAREXEL Consulting
Audit Process
Generate annual audit schedule
Inform system owners of planned audit dates
Assign workload to auditors
Generate audit plans, share with system owners, adjust as necessary
Conduct audit; provide immediate feedback on findings; collaborate to resolve any dispute or disagreement
Prepare draft report, share with auditee
- 14 -
©2008, PAREXEL Consulting
Audit Process
Finalize and classify report (findings and overall report)
Receive and evaluate corrective action plan, communicate with auditee to resolve any differences of opinion
Auditee executes corrective action plan
Verify correction was implemented and was effective
At time of next scheduled routine audit, or, if indicated by the findings , on a directed basis
Obtain feedback on auditor performance and audit effectiveness, adjust as necessary to improve program
- 15 -
©2008, PAREXEL Consulting
How to Report Findings
Be specific
Quantify findings where possible
Put in context – time, operations, frequency of occurrence
Avoid vague language subject to misinterpretation
- 16 -
©2008, PAREXEL Consulting
How to Report Findings
Poorly worded observation: “Not all batch records had data entered where required”
Better wording: “25 batches of product X were made in the time period January 1, 2008 to the present. I reviewed 10 of the 25 batch records and found missing data entries in nine of the 10 records reviewed. The nine records had from one to six missing entries each. Examples of missing data entries were (1) failure to record time of buffer preparation (four examples); (2) failure of the CIP operator to note the time the cycle was begun (four examples); and lack of verification signatures for process steps designated as critical (eight examples).”
- 17 -
©2008, PAREXEL Consulting
How to Report Findings
Avoid Vague Observations:
“Bearded operator observed in the aseptic processing area wearing nothing but a head covering” (really??!)
“Poor housekeeping practices noted in the buffer prep area.”
Better wording for Observations:
“A bearded operator observed in the aseptic processing area was not wearing a facial hair restraint as required by SOP XXX”
“Poor housekeeping practices noted in the buffer prep area, as evidenced by (list two or three examples).”
Tell the reader what you saw that led you to conclude that practices were “poor” so that the reader can reach the same conclusion.
- 18 -
©2008, PAREXEL Consulting
Classification of Findings - Examples
Critical: The observation -
Has already resulted in, or has a high potential to result in, the production or release of a product that fails to meet a specification or quality standard; or
The observation involves deliberate falsification of records
Major: The observation –
Represents a repeating pattern of violation of a GMP requirement, or
Demonstrates a failure to correct a past internal audit observation or regulatory inspection finding, or
Represents a condition or practice that could have been prevented by following existing company SOPs
- 19 -
©2008, PAREXEL Consulting
Classification of Findings - Examples
Minor – The observation –
Represents a technical violation of GMP with no immediate potential for adverse product impact, or
Represents a condition or practice that does not violate GMP presently, but which if not corrected, may deteriorate and cause a violation
Comment – The observation –
Represents a condition or practice that is compliant, but which could be made more efficient or effective, or
Is a company “best practice”, represents significant improvement or other commendable issue worthy of note
- 20 -
©2008, PAREXEL Consulting
Classification of Audit Report (Total)
Acceptable: No critical findings; major findings corrected during audit or correctable within 30 days without disruption to normal operations; minor findings few in number with acceptable corrective actions proposed
Conditional: No critical findings; major findings correctable, but interim steps needed to put in place temporary controls in order to allow operations to continue (such as additional monitoring or sampling, temporary repairs to facilities or equipment, other interim controls)
Unacceptable: Critical findings, or large number of major findings which must be corrected before operations can safely proceed; significant regulatory risk exists if correction is not promptly achieved.
- 21 -
©2008, PAREXEL Consulting
Management Review
Internal audit findings should be visible to the highest level of management
If the company has a formal management review of the quality system at prescribed intervals, internal audit findings should be one of the metrics reviewed
- 22 -
©2008, PAREXEL Consulting
Reporting Relationship
Internal audit groups should not report to heads of units they are charged with auditing, if at all feasible, because this can create a conflict of interest
For large companies, a Corporate Audit function reporting as high up the corporate structure as possible is advisable
If the audit group reports to a site head of QA, consider bringing in a consultant once a year to perform an audit of the overall quality system, including the effectiveness of the audit group
- 23 -
©2008, PAREXEL Consulting
Dashboard Approach for Comparing Multiple Sites
Legend: Green = Acceptable; Yellow = Conditionally Acceptable; Red = Unacceptable
Site Name
Quality System
Facilities & Equpt
Production Materials Lab Controls
Packaging & Labeling
North
South
East
West
Up
Down
Sideways
©2008, PAREXEL Consulting
Internal Audits
What to look for;
Interview Techniques
- 25 -
©2008, PAREXEL Consulting
Key Things to Look For
Regulatory Compliance
Use the relevant FDA Compliance Programs to help identify areas for coverage – see next slide
Stay current on GMP!
Compliance to internal policies and procedures
Problems and Pitfalls
Follow up items from past audits
Become familiar with common FDA-483 observations for your industry sector, keep up with warning letters
Use powers of observation
Use effective interview techniques
Adobe Acrobat Document
- 26 -
©2008, PAREXEL Consulting
FDA Compliance Programs
Consult the FDA Compliance Program pertinent to the area you are auditing for suggestions on what to look for
Some Compliance Program numbers for key areas:
7356.002, Drug Manufacturing Inspections (CDER)
7345.848, Inspection of Biological Drug Products (CBER)
7346.832, Preapproval Inspections (CDER)
Others – search on FDA web site; link: http://www.fda.gov/ora/cpgm/default.htm Adobe Acrobat
Document
- 27 -
©2008, PAREXEL Consulting
General Guidance
Observe conditions and practices. Do not make it a “paper audit” only.
Look for repeating patterns, not just isolated examples. Follow up on corrective actions following past audits.
Stick to current practice. Avoid citing past problems that have been corrected and have not reoccurred. Something that was not done well, months ago, may not be representative of how that activity is done today. Verify before citing as a current problem.
Be helpful and positive, not overly critical. You are supposed to find the problems, but for a good purpose – to get them addressed. (Like an annual physical exam.)
- 28 -
©2008, PAREXEL Consulting
Key Things to Look For - GMP
Take a general tour and be observant: Are operations adequately supervised? Who is running things on the floor? Is area access properly restricted?
Check documents in production and lab areas to make sure they are not being filled out in advance of activities they document.
Check for extraneous documentation – post-it notes, scratch pads, white boards, etc., being used as primary documents – these become your raw data if used!
Be inquisitive – talk to people who actually do tasks you are auditing, not just managers and subject matter experts.
- 29 -
©2008, PAREXEL Consulting
Key Things to Look For - GMP
Look for the unusual, the out of place, the atypical:
Idle (maybe dirty) equipment in an active production area
A bucket under a pipe – is it there to catch a leak?
Operator’s manual open to the troubleshooting page – what went wrong today?
Note on top of a stack of documents – “John, please go back and fill in all the blank spaces”
Duct tape! – Used to correct a multitude of sins.
Look into trash cans. Do you see discarded raw data? Why is it there?
Ask for trend charts on key quality metrics. Ask what is being done about adverse trends.
- 30 -
©2008, PAREXEL Consulting
Key Things to Look For - GMP
Ask for a listing of SOPs sorted by last date of review (usually the effective date). Are there a lot of old (over 2 or 3 years) SOPs for important activities? Are these current?
Read the key SOPs. Could you execute the procedural steps? Is the SOP clear? Watch out for:
Vague terms: “As necessary”; “When appropriate”
Internal conflicts and inconsistencies
Lack of definition of responsibilities
Inconsistency of SOP with associated forms, other related SOPs
- 31 -
©2008, PAREXEL Consulting
Key Things to Look For - GMP
Review batch records, lab notebooks and other similar records – do entries make sense? For example –
Documents show two products in same equipment at same time
Numbers do not make common sense – always exactly in the middle of operating range, for example
Entries do not agree with source documents, or source documents not present and cannot be located
Site never seems to have a deviation of any kind
Documents look “too perfect” – especially in the lab
- 32 -
©2008, PAREXEL Consulting
Key Things to Look For - GMP
Check reject and quarantine areas in warehouse. Investigate reasons for rejects.
Read deviation and failure investigations. Do they do a good job of identifying root cause issues? Do they all seem to be an effort to justify what went wrong rather than understand it and get it fixed? Are remediation steps reasonable in light of root cause?
If labeling operations take place, check lines for proper clearance and check label storage areas. Are proper electronic or manual controls in place to prevent mixups and perform label count reconciliation?
- 33 -
©2008, PAREXEL Consulting
Effective Interview Techniques
Ask the same question different ways at different times, or ask different people the same question; compare the answers you get.
Use open ended questions – “That’s interesting…tell me some more about that” – “What else?”
Use a linked series of questions, for example:
Leading question: “What is your procedure for shutting down a production line due to an unacceptable condition or practice?” (assumes there is one)
Followed by another leading question: “When was the last time that happened?” (assumes it did)
Followed by open ended: “Tell me some more about that.”
- 34 -
©2008, PAREXEL Consulting
Closeout and Follow Up
Oral review of findings prior to finalization
Obtain input from auditee
Consider whether to modify findings based on input
Send draft report to auditee for comments before finalization
Base scope and priority of follow up on risk assessment of findings
Remember to comment on the good things as well
- 35 -
©2008, PAREXEL Consulting
Thanks!