Category: compliance

FDA Continues the Discussion on AI/ML

Many of our organizations are somewhere in the journey of using AI/ML some where in the drug product lifecycle, so it is no surprise that the FDA is continuing the dialogue with the recently published draft of “Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products.”

This draft guidance lays out a solid approach by using a risk-based credibility assessment framework to establish and evaluate the credibility of AI models. This involves:

  • Determining if the model is adequate for the intended use
  • Defining the question of interest the AI model will address
  • Defining the context of use for the AI model
  • Assessing the AI model risk based on model influence and decision consequence
  • Developing a plan to establish model credibility commensurate with the risk
  • Executing the plan and documenting results

I think may of us are in the midst of figuring out how to provide sufficient transparency around AI model development, evaluation, and outputs to support regulatory decision-making and what will be found to be acceptable. This sort of guidance is a good way for the agency to further that discussion and I definitely plan on commenting on this one.

Photo by HARUN BENLu0130 on Pexels.com

FDA Draft Guidance on “Considerations for Complying with 21 CFR 211.110”

Usually I expect the FDA to publish some basic primer material as a webinar, so I was a little surprised when “Considerations for Complying With 21 CFR 211.110” was recently published as a draft. I’ve been rereading it, looking for what is actually worthy of a guidance here, and quite frankly, struggling.

It literally is a refresher course on 21CFR211.110. Maybe I should read it as “No we were serious about ICH Q8 and critical quality attributes.” Or maybe it is just the result of one too many bad Type C meetings lately.

Anyway, good refresher on product quality, in-process controls and samples. Still I think this would be better as a webinar with some graphics. Maybe I’ll better understand why this was published based on what sort of crazy comments are made and I can scratch my head and wonder what shenanigans some of these companies are up to.

GMP Critical System

Defining a GMP critical system is an essential aspect of Good Manufacturing Practices (GMP) in the pharmaceutical and medical device industries. A critical system is one that has a direct impact on product quality, safety, and efficacy.

Key Characteristics of GMP Critical Systems

  1. Direct Impact on Product Quality: A critical system is one that can directly affect the quality, safety, or efficacy of the final product.
  2. Influence on Patient Safety: Systems that have a direct or indirect influence on patient safety are considered critical. This is where CPPs come in
  3. Data Integrity: Systems that generate, store, or process data used to determine product SISPQ (e.g. batch quality or are included in batch processing records, stability, data used in a regulatory filing) are critical.
  4. Decision-Making Role: Systems used in the decision process for product release or a regulatory filing are considered critical.
  5. Contact with Products: Equipment or devices that may come into contact with products are often classified as critical.

Continuous Evaluation

It’s important to note that the criticality of systems should be periodically evaluated to ensure they remain in a valid state and compliant with GMP requirements. This includes reviewing the current range of functionality, deviation records, incidents, problems, upgrade history, performance, reliability, security, and validation status reports.

FDA Draft Guidance on Protocol Deviations for Clinical Investigations

The FDA has published a draft guidance for “Protocol Deviations for Clinical Investigations of Drugs, Biological Products, and Devices.”

This draft guidance adopts the ICH E3(R1) definitions for protocol deviation and important protocol deviation, providing more standardized terminology, which is a great thing. Avoiding the term “protocol violation”, it primarily uses “protocol deviation” and “important protocol deviation.”

The FDA guidance provides detailed sections on the roles and responsibilities of investigators, sponsors, and IRBs in monitoring, mitigating, and reporting protocol deviations. It as specific recommendations for reporting protocol deviations to sponsors, IRBs, and FDA, including timelines and methods.

It mostly seems a good application of a quality-by-design approach, focusing on critical-to-quality factors and risk-based monitoring for clinical studies. Hopefully it will help clear up confusion in this area.

The Failure Space of Clinical Trials – Protocol Deviations and Events

The Types of User Requirements

User requirements are typically divided into several categories to ensure comprehensive coverage of all aspects of product development, manufacturing, and quality control and to help guide the risk-based approach to verification.

Product User Requirements

These requirements relate directly to the product being manufactured and the processes involved in its production. They include:

  • Critical Quality Attributes (CQAs) of the product
  • Critical Process Parameters (CPPs)
  • Required throughput and production conditions
  • Specifications for raw materials and finished products
Building the FUSE(P) User Requirements in an ICH Q8, Q9 and Q10 World

Quality Requirements

Quality requirements focus on ensuring that the product meets all necessary quality standards and regulatory compliance. This category includes:

  • Good Manufacturing Practices (GMP) compliance, including around cleaning, cross-contamination, etc to ensure compliance with various regulations such as FDA guidelines, EU GMP, and ICH standards.
  • Documentation and record-keeping standards
  • Contamination control strategies are a key part of quality requirements, as they are essential for maintaining product quality and patient safety.
  • Data integrity requirements fall under this category, as they are crucial for ensuring the quality and reliability of data.

Not everyone advocates for this breakdown but I am a huge proponent as it divides the product specific requirements for the more standard must’s of meeting the cGMPs that are not product specific. This really helps when you are a multi-product facility and it helps define what is in the PQ versus what is in the PPQ.

Safety User Requirements

Safety requirements address the safety of personnel, patients, and the environment. They encompass:

  • Occupational health and safety measures
  • Environmental protection protocols
  • Patient safety considerations in product design

General User Requirements

General requirements cover broader aspects of the manufacturing system and facility. These may include:

  • Facility design and layout
  • Equipment specifications
  • Utility requirements (e.g., power, water, HVAC)
  • Maintenance procedures

By categorizing user requirements in this way, pharmaceutical companies can ensure a comprehensive approach to product development and manufacturing, addressing all critical aspects from product quality to regulatory compliance and safety. This will help drive appropriate verification.

Crafting Good User Requirements