Category: compliance

From PAI to Warning Letter – Lessons from Sanofi

Through the skilled work of a very helpful FOIA officer at the FDA I have been reviewing the 2020 483 and EIR for the pre-approval inspection at the Sanofi Framingham, MA site that recently received a Warning Letter:

Click to access foia-2025-1030-genzyme-corp.-framingham-ma-fei-1220423-eir-dtd-9-4-20_redacted-1.pdf

Click to access foia-2025-1030-genzyme-corp.-framingham-ma-fei-1220423-fda-483-dtd-9-4-20_redacted-1.pdf

The 2020 pre-approval inspection (PAI) of Sanofi’s facility in Framingham, MA, uncovered critical deviations that exposed systemic weaknesses in contamination controls, equipment maintenance, and quality oversight. These deficiencies, documented in FDA Form 483 (FEI 1220423), violated 21 CFR 211 regulations and FDA Compliance Program 7346.832 requirements for PAIs. The facility’s failure to address these issues and to make systeatic changes over time (and perhaps backslide, but that is conjecture) contributed to subsequent regulatory actions, including a 2022 Form 483 and the 2024 FDA warning letter citing persistent CGMP violations. This analysis traces the 2020 findings to their regulatory origins, examines their operational consequences, and identifies lessons for PAI preparedness in high-risk API manufacturing.

Regulatory Foundations of Pre-Approval Inspections

The FDA’s PAI program operates under Compliance Program 7346.832, which mandates rigorous evaluation of facilities named in NDAs, ANDAs, or BLAs. Three pillars govern these inspections:

  1. Commercial Manufacturing Readiness: PAIs assess whether facilities can reliably execute commercial-scale processes while maintaining CGMP compliance. This includes verification of validated equipment cleaning procedures, environmental monitoring systems, and preventive maintenance programs. The FDA prioritizes sites handling novel APIs, narrow therapeutic index drugs, or first-time applications—criteria met by Sanofi’s production of drug substances.
  2. Application Conformance: Inspectors cross-validate submission data against actual operations, focusing on batch records, process parameters, and analytical methods. Discrepancies between filed documentation and observed practices constitute major compliance risks, particularly for facilities like Sanofi that utilize complex biologics manufacturing processes.
  3. Data Integrity Assurance
    Per 21 CFR 211.194, PAIs include forensic reviews of raw data, equipment logs, and stability studies. The 2020 inspection identified multiple QC laboratory lapses at Sanofi that undermined data reliability—a red flag under FDA’s heightened focus on data governance in PAIs.

Facility Maintenance Deficiencies

Sterilization Equipment Contamination
On September 2, 2020, FDA investigators documented (b)(4) residue on FB-2880-001 sterilization equipment and its transport cart—critical infrastructure for bioreactor probe sterilization. The absence of cleaning procedures or routine inspections violated 21 CFR 211.67(a), which mandates written equipment maintenance protocols. This lapse created cross-contamination risks for (b)(4) drug substances, directly contradicting the application’s sterility claims.

The unvalidated cleaning process for those chambers further breached 21 CFR 211.63, requiring equipment design that prevents adulteration. Historical data from 2008–2009 FDA inspections revealed similar sterilization issues at Allston facility, suggesting systemic quality control failures which suggests that these issues never were really dealt with systematically across all sites under the consent decree.

Environmental Control Breakdowns
The August 26, 2020 finding of unsecured pre-filters in Downflow Booth —a critical area for raw material weighing—exposed multiple CGMP violations:

  • 21 CFR 211.46(b): Failure to maintain HEPA filter integrity in controlled environments
  • FDA Aseptic Processing Guidance: Loose filters compromise ISO 5 unidirectional airflow
  • 21 CFR 211.42(c): Inadequate facility design for preventing material contamination

Ceiling diffuser screens in Suite CNC space with unsecured fasteners exacerbated particulate contamination risks. The cumulative effect violated PAI Objective 1 by demonstrating poor facility control—a key factor in the 2024 warning letter’s citation of “unsuitable equipment for microbiologically controlled environments”.

Quality Control Laboratory Failures

Analytical Balance Non-Compliance
The QC microbiology laboratory’s use of an unqualified balance breached multiple standards:

  • 21 CFR 211.68(a): Lack of calibration for automated equipment
  • USP <41> Guidelines: Failure to establish minimum weigh limits
  • FDA Data Integrity Guidance (2018): Unguaranteed accuracy of microbiological test results

This deficiency directly impacted the reliability of bioburden testing data submitted in the application, contravening PAI Objective 3’s data authenticity requirements.

Delayed Logbook Reviews
Three QC logbooks exceeded the review window specified in the site’s procedure:

  1. Temperature logs for water baths
  2. Dry state storage checklists

The delays violated 21 CFR 211.188(b)(11), which requires contemporaneous review of batch records. More critically, they reflected inadequate quality unit oversight—a recurring theme in Sanofi’s 2024 warning letter citing “lackluster quality control”.

And if they found 3 logbooks, chances are there were many more in an equal state.

Leak Investigations – A Leading Indicator

there are two pages in the EIR around leak deviation investigations, including the infamous bags, and in hindsight, I think this is an incredibly important inflection point from improvement that was missed.

Leaks in Single-Use Manufacturing: A Critical Challenge in Bioprocessing

The inspector took the time to evaluate quite a few deviations and overall control strategy for leaks and gave Sanofi a clean-bill of health. So we have to wonder if there was not enough problems to go deep enough to see a trend or if a sense of complacency allowed Sanofi to lower their guard around this critical aspect of single use, functionally closed systems.

2022 Follow-Up Inspection: Escalating Compliance Failures

Click to access foia-2025-1030-genzyme-corp.-framingham-ma-fei-1220423-fda-483-dtd-7-25-22_redacted-2.pdf

Click to access foia-2025-1030-genzyme-corp.-framingham-ma-fei-1220423-eir-dtd-7-25-22_redacted-1.pdf

The FDA’s July 2022 reinspection of Sanofi’s Framingham facility revealed persistent deficiencies despite corrective actions taken after the 2020 PAI. The inspection, conducted under Compliance Program 7356.002M, identified critical gaps in data governance and facility maintenance, resulting in a 2-item Form FDA 483 and an Official Action Indicated (OAI) classification – a significant escalation from the 2020 Voluntary Action Indicated (VAI) status.

Computerized System Control Failures

The FDA identified systemic weaknesses in data integrity controls for testers used to validate filter integrity during drug substance manufacturing. These testers generated electronic logs documenting failed and canceled tests that were never reviewed or documented in manufacturing records. For example:

  • On June 9, 2022, a filter underwent three consecutive tests for clarification operations: two failures and one cancellation due to operator error (audible “hissing” during testing). Only the final passing result was recorded in logbooks.
  • Between 2020–2022, operators canceled 14% of tests across testers without documented justification, violating 21 CFR 211.68(b) requirements for automated equipment review.

The firm had improperly classified these testers as “legacy electronic equipment,” bypassing mandatory audit trail reviews under their site procedure. I am not even sure what legacy electronic equipment means, but this failure contravened FDA’s Data Integrity Guidance (2018), which requires full traceability of GxP decisions.

Facility Degradation Risks

Multiple infrastructure deficiencies demonstrated declining maintenance standards:

Grade-A Area Compromises

  • Biological Safety Cabinet: Rust particles and brown residue contaminated interior surfaces used for drug substance handling in April 20223. The material was later identified as iron oxide from deteriorating cabinet components.
  • HVAC System Leaks: A pH probe in the water system leaked into grade-D areas, with standing water observed near active bioreactors3.

Structural Integrity Issues

  • Chipped epoxy floors in grade-C rooms created particulate generation risks during cell culture operations.
  • Improperly sloped flooring allowed pooling of rinse water adjacent to purification equipment.

These conditions violated 21 CFR 211.42(c), requiring facilities to prevent contamination through proper design, and demonstrated backsliding from 2020 corrective actions targeting environmental controls.

Regulatory Reckoning

These cultural failures crystallized in FDA’s 2024 citation of “systemic indifference to quality stewardship”. While some technological upgrades provided tactical fixes, the delayed recognition of cultural rot as root cause transformed manageable equipment issues into existential compliance threats—a cautionary tale for pharmaceutical manufacturers navigating dual challenges of technological modernization and workforce transition.

Conclusion: A Compliance Crisis Decade

The Sanofi case (2020–2024) exemplifies the consequences of treating PAIs as checklist exercises rather than opportunities for quality system maturation. The facility’s progression from 483 observations to OAI status and finally warning letter underscores three critical lessons:

  1. Proactive Data Governance: Holitisic data overnance and data integrity, including audit trail reviews that encompass all GxP systems – legacy or modern.
  2. Infrastructure Investment: Episodic maintenance cannot replace lifecycle-based asset management programs.
  3. Cultural Transformation: Quality metrics must drive executive incentives to prevent recurrent failures.

Manufacturers must adopt holistic systems integrating advanced analytics, robust knowledge management, and cultural accountability to avoid a costly regulatory debacle.

PAI Readiness Best Practices

Pre-Inspection Preparation

  1. Gap Analysis Against CPGM 7346.832
    Facilities should conduct mock inspections evaluating:
    • Conformance between batch records and application data
    • Completeness of method validation protocols
    • Environmental monitoring trend reports
  2. Data Integrity Audits
    Forensic reviews of electronic records (e.g., HPLC chromatograms, equipment logs) using FDA’s “ALCOA+” criteria—ensuring data is Attributable, Legible, Contemporaneous, Original, and Accurate.
  3. Facility Hardening
    Preventive maintenance programs for critical utilities:
    • Steam-in-place systems
    • HVAC airflow balances
    • Water for injection loops

Post-Approval Vigilance

The Sanofi case underscores the need for ongoing compliance monitoring post-PAI:

  • Quality Metrics Tracking: FDA-required metrics like lot rejection rates and CAPA effectiveness
  • Regulatory Intelligence: Monitoring emerging focus areas through FDA warning letters and guidance updates
  • Process Robustness Studies: Continued process verification per 21 CFR 211.110(a)

Facility-Driven Bacterial Endotoxin Control Strategies

The pharmaceutical industry stands at an inflection point in microbial control, with bacterial endotoxin management undergoing a profound transformation. For decades, compliance focused on meeting pharmacopeial limits at product release—notably the 5.0 EU/kg threshold for parenterals mandated by standards like Ph. Eur. 5.1.10. While these endotoxin specifications remain enshrined as Critical Quality Attributes (CQAs), regulators now demand a fundamental reimagining of control strategies that transcends product specifications.

This shift reflects growing recognition that endotoxin contamination is fundamentally a facility-driven risk rather than a product-specific property. Health Authorities increasingly expect manufacturers to implement preventive, facility-wide control strategies anchored in quantitative risk modeling, rather than relying on end-product testing.

The EU Annex 1 Contamination Control Strategy (CCS) framework crystallizes this evolution, requiring cross-functional systems that integrate:

  • Process design capable of achieving ≥3 log10 endotoxin reduction (LRV) with statistical confidence (p<0.01)
  • Real-time monitoring of critical utilities like WFI and clean steam
  • Personnel flow controls to minimize bioburden ingress
  • Lifecycle validation of sterilization processes

Our organizations should be working to bridge the gap between compendial compliance and true contamination control—from implementing predictive analytics for endotoxin risk scoring to designing closed processing systems with inherent contamination barriers. We’ll examine why traditional quality-by-testing approaches are yielding to facility-driven quality-by-design strategies, and how leading organizations are leveraging computational fluid dynamics and risk-based control charts to stay ahead of regulatory expectations.

House of contamination control

Bacterial Endotoxins: Bridging Compendial Safety and Facility-Specific Risks

Bacterial endotoxins pose unique challenges as their control depends on facility infrastructure rather than process parameters alone. Unlike sterility assurance, which can be validated through autoclave cycles, endotoxin control requires continuous vigilance over water systems, HVAC performance, and material sourcing. The compendial limit of 5.0 EU/kg ensures pyrogen-free products, but HAs argue this threshold does not account for facility-wide contamination risks that could compromise multiple batches. For example, a 2023 EMA review found 62% of endotoxin-related recalls stemmed from biofilm breaches in water-for-injection (WFI) systems rather than product-specific failures.

Annex 1 addresses this through CCS requirements that mandate:

  • Facility-wide risk assessments identifying endotoxin ingress points (e.g., inadequate sanitization intervals for cleanroom surfaces)
  • Tiered control limits integrating compendial safety thresholds (specifications) with preventive action limits (in-process controls)
  • Lifecycle validation of sterilization processes, hold times, and monitoring systems

Annex 1’s Contamination Control Strategy: A Blueprint for Endotoxin Mitigation

Per Annex 1’s glossary, a CCS is “a planned set of controls […] derived from product and process understanding that assures process performance and product quality”. For endotoxins, this translates to 16 interrelated elements outlined in Annex 1’s Section 2.6, including:

  1. Water System Controls:
    • Validation of WFI biofilm prevention measures (turbulent flow >1.5 m/s, ozone sanitization cycles)
    • Real-time endotoxin monitoring using inline sensors (e.g., centrifugal microfluidics) complementing testing
  2. Closed Processing
  3. Material and Personnel Flow:
    • Gowning qualification programs assessing operator-borne endotoxin transfer
    • Raw material movement
  4. Environmental Monitoring:
    • Continuous viable particle monitoring in areas with critical operations with endotoxin correlation studies
    • Settle plate recovery validation accounting for desiccation effects on endotoxin-bearing particles
Validating Manufacturing Process Closure for Biotech Utilizing Single-Use Systems (SUS)

Risk Management Tools for Endotoxin Control

The revised Annex 1 mandates Quality Risk Management (QRM) per ICH Q9, requiring facilities to deploy appropriate risk management.

Hazard Analysis and Critical Control Points (HACCP) identifies critical control points (CCPs) where endotoxin ingress or proliferation could occur. For there a Failure Modes Effects and Criticality Analysis (FMECA) can further prioritizes risks based on severity, occurrence, and detectability.

Endotoxin-Specific FMECA (Failure Mode, Effects, and Criticality Analysis)

Failure ModeSeverity (S)Occurrence (O)Detectability (D)RPN (S×O×D)Mitigation
WFI biofilm formation5 (Product recall)3 (1/2 years)2 (Inline sensors)30Install ozone-resistant diaphragm valves
HVAC filter leakage4 (Grade C contamination)2 (1/5 years)4 (Weekly integrity tests)32HEPA filter replacement every 6 months
Simplified FMECA for endotoxin control (RPN thresholds: <15=Low, 15-50=Medium, >50=High)

Process Validation and Analytical Controls

As outlined in the FDA’s Process Validation: General Principles and Practices, PV is structured into three stages: process design, process qualification, and continued process verification (CPV). For bacterial endotoxin control, PV extends to validating sterilization processes, hold times, and water-for-injection (WFI) systems, where CPPs like sanitization frequency and turbulent flow rates are tightly controlled to prevent biofilm formation.

Analytical controls form the backbone of quality assurance, with method validation per ICH Q2(R1) ensuring accuracy, precision, and specificity for critical tests such as endotoxin quantification. The advent of rapid microbiological methods (RMM), including recombinant Factor C (rFC) assays, has reduced endotoxin testing timelines from hours to minutes, enabling near-real-time release of drug substances. These methods are integrated into continuous process verification programs, where action limits—set at 50% of the assay’s limit of quantitation (LOQ)—serve as early indicators of facility-wide contamination risks. For example, inline sensors in WFI systems or bioreactors provide continuous endotoxin data, which is trended alongside environmental monitoring results to preempt deviations. The USP <1220> lifecycle approach further mandates ongoing method performance verification, ensuring analytical procedures adapt to process changes or scale-up.

The integration of Process Analytical Technology (PAT) and Quality by Design (QbD) principles has transformed manufacturing by embedding real-time quality controls into the process itself. PAT tools such as Raman spectroscopy and centrifugal microfluidics enable on-line monitoring of product titers and impurity profiles, while multivariate data analysis (MVDA) correlates CPPs with CQAs to refine design spaces. Regulatory submissions now emphasize integrated control strategies that combine process validation data, analytical lifecycle management, and facility-wide contamination controls—aligning with EU GMP Annex 1’s mandate for holistic contamination control strategies (CCS). By harmonizing PV with advanced analytics, manufacturers can navigate HA expectations for tighter in-process limits while ensuring patient safety through compendial-aligned specifications.

Some examples may include:

1. Hold Time Validation

  • Microbial challenge studies using endotoxin-spiked samples (e.g., 10 EU/mL Burkholderia cepacia lysate)
  • Correlation between bioburden and endotoxin proliferation rates under varying temperatures

2. Rapid Microbiological Methods (RMM)

  • Comparative validation of recombinant Factor C (rFC) assays against LAL for in-process testing
  • 21 CFR Part 11-compliant data integration with CCS dashboards

3. Closed System Qualification

  • Extractable/leachable studies assessing endotoxin adsorption to single-use bioreactor films
  • Pressure decay testing with endotoxin indicators (Bacillus subtilis spores)

Harmonizing Compendial Limits with HA Expectations

To resolve regulator’s concerns about compendial limits being insufficiently preventive, a two-tier system aligns with Annex 1’s CCS principles:

ParameterRelease Specification (EU/kg)In-Process Action LimitRationale
Bulk Drug Substance5.0 (Ph. Eur. 5.1.10)1.0 (LOQ × 2)Detects WFI system drift
Excipient (Human serum albumin)0.25 (USP <85>)0.05 (50% LOQ)Prevents cumulative endotoxin load
Example tiered specifications for endotoxin control

Future Directions

Technology roadmaps should be driving adoption of:

  • AI-powered environmental monitoring: Machine learning models predicting endotoxin risks from particle counts
  • Single-use sensor networks: RFID-enabled endotoxin probes providing real-time CCS data
  • Advanced water system designs: Reverse osmosis (RO) and electrodeionization (EDI) systems with ≤0.001 EU/mL capability without distillation

Manufacturers can prioritize transforming endotoxin control from a compliance exercise into a strategic quality differentiator—ensuring patient safety while meeting HA expectations for preventive contamination management.

Quality Review

What does a quality reviewer do?

Maintaining high-quality products is paramount, and a critical component of ensuring quality is implementing a robust review of work by a second or third person, a peer review, and/or quality review—also known as a work product review process. Like many tools, it can be underutilized. It also gets to the heart of the question of Quality Unit oversight.

Introduction to Work Product Review

Work product review systematically evaluates the output from various processes or tasks to ensure they meet predefined quality standards. This review is crucial in environments where the quality of the final product directly impacts safety and efficacy, such as in pharmaceutical manufacturing. Work product review aims to identify any deviations or defects early in the process, allowing for timely corrections and minimizing the risk of non-compliance with regulatory requirements.

Criteria for Work Product Review

To ensure that work product reviews are effective, several key criteria should be established:

  1. Integration with Quality Management Systems: Integrate risk-based thinking into the quality management system to ensure that work product reviews are aligned with overall quality objectives. This involves regularly reviewing and updating risk assessments to reflect changes in processes or new information.
  2. Clear Objectives: The review should have well-defined objectives that align with the process they exist within and regulatory requirements. For instance, in pharmaceutical manufacturing, these objectives might include ensuring that all documentation is accurate and complete and that manufacturing processes adhere to GMP standards.
  3. Risk-Based: Apply work product reviews to areas identified as high-risk during the risk assessment. This ensures that resources are allocated efficiently, focusing on processes that have the greatest potential impact on quality.
  4. Standardized Procedures: Standardized procedures should be established for conducting the review. These procedures should outline the steps involved, the reviewers’ roles and responsibilities, and the criteria for accepting or rejecting the work product.
  5. Trained Reviewers: Reviewers should be adequately trained and competent in the subject matter. This means understanding not just the deliverable being reviewed but the regulatory framework it sits within and how it applies to the specific work products being reviewed in a GMP environment.
  6. Documentation: All reviews should be thoroughly documented. This documentation should include the review’s results, any findings or issues identified, and actions taken to address these issues.
  7. Feedback Loop: There should be a mechanism for feedback from the review process to improve future work products. This could involve revising procedures or providing additional training to personnel.

Bridging the Gap Between Work-as-Imagined, Work-as-Prescribed, and Work-as-Done

Work product review is a systematic process that evaluates the output from various tasks to ensure they meet predefined quality standards connecting to work-as-imagined, work-as-prescribed, and work-as-done. Work product review serves as a bridge between these concepts by systematically evaluating the output of work processes. Here’s how it connects:

  • Alignment with Work-as-Prescribed: Work product review ensures that outputs comply with established standards and procedures (work-as-prescribed), helping to maintain regulatory compliance and quality standards.
  • Insight into Work-as-Done: Through the review process, organizations gain insight into how work is actually being performed (work-as-done). This helps identify any deviations from prescribed procedures and allows for adjustments to improve alignment between work-as-prescribed and work-as-done.
  • Closing the Gap with Work-as-Imagined: By documenting and addressing discrepancies between work-as-imagined and work-as-done, work product review facilitates communication and feedback that can refine policies and procedures. This helps to bring work-as-imagined closer to the realities of work-as-done, improving the effectiveness of quality oversight.

Work product review is essential for ensuring that the quality of work outputs aligns with both prescribed standards and the realities of how work is actually performed. By bridging the gaps between work-as-imagined, work-as-prescribed, and work-as-done, organizations can enhance their quality management systems and maintain high standards of quality, safety and efficacy.

Aligning to the Role of Quality Unit Oversight

While work product review does not guarantee Quality Unit Oversight, it is a potential control to ensure this oversight.

In the pharmaceutical industry, the Quality Unit plays a pivotal role in ensuring drug products’ safety, efficacy, and quality. It oversees all quality-related aspects, from raw material selection to final product release. However, the Quality Unit must be enabled appropriately and structured within the organization to effectively exercise its authority and fulfill its responsibilities. This blog post explores what it means for a Quality Unit to have the necessary authority and how insufficient implementation of its responsibilities can impact pharmaceutical manufacturing.

Responsibilities of the Quality Unit

Establishing and Maintaining the Quality System: The Quality Unit must set up and continuously update the quality management system to ensure compliance with GxPs and industry best practices.

Auditing and Compliance: Conduct internal audits to ensure adherence to policies and procedures, and report quality system performance metrics.

Approving and Rejecting Components and Products: The Quality Unit has the authority to approve or reject components, drug products, and packaging materials based on quality standards.

Investigating Nonconformities: Ensuring thorough investigations into production errors, discrepancies, and complaints related to product quality.

Keeping Management Informed: Reporting on product, process, and system risks, as well as outcomes of regulatory inspections.

What It Means for a Quality Unit to Be Enabled

For a Quality Unit to be effectively enabled, it must have:

  • Independence: The Quality Unit should operate independently of production units to avoid conflicts of interest and ensure unbiased decision-making.
  • Authority: It must have the authority to approve or reject the work product without undue influence from other departments.
  • Resources: Adequate personnel are essential for conducting the quality unit functions.
  • Documentation and Procedures: Clear, documented procedures outlining responsibilities and processes are crucial for maintaining consistency and compliance.

Insufficient Implementation of Responsibilities

When a Quality Unit insufficiently implements its responsibilities, it can lead to significant issues, including:

  • Regulatory Noncompliance: Failure to adhere to GxPs and regulatory standards can result in regulatory action.
  • Product Quality Issues: Inadequate oversight can lead to the release of substandard products, posing risks to patient safety and public health.
  • Lack of Continuous Improvement: Without effective quality systems in place, opportunities for process improvements and innovation may be missed.

The Quality Unit is the backbone of pharmaceutical manufacturing, ensuring that products meet the highest standards of quality and safety. By understanding the Quality Unit’s responsibilities and ensuring it has the necessary authority and resources, pharmaceutical companies can maintain compliance, protect public health, and foster a culture of continuous improvement. Inadequate implementation of these responsibilities can have severe consequences, emphasizing the importance of a well-structured and empowered Quality Unit.

By understanding these responsibilities, we can take a risk-based approach to applying quality review.

When to Apply Quality Review as Work Product Review

Work product review by Quality should be applied at critical stages to guarantee critical-to-quality attributes, including adherence to the regulations. This should be a risk-based approach. As such, it should be identified as controls in a living risks assessment and adjusted (add more, remove where unnecessary) as appropriate.

Closely scrutinize the responsibilities of the Quality Unit in the regulations to ensure all are met.

Best Practices in Quality Review

Rubrics are a great way to standardize quality reviews. If it is important enough to require a work review, it is important enough to standardize. The process owner should develop and maintain these rubrics with an appropriate group of stakeholder custodians. This is a key part of knowledge management. Having this cross-functional perspective on the output and what quality looks like is critical. This rubric should include:

  • Definition of prescribed work and the intended output that is being reviewed
  • Potential outcomes related to critical attributes, including definitions of technical accuracy
  • Methods and techniques used to generate the outcome
  • Operating experience and lessons learned
  • Risks, hazards, and user-centered design considerations
  • Requirements, standards, and code compliance
  • Planning, oversight, and acceptance testing
  • Input data and sources
  • Assumptions
  • Documentation required
  • Reviews and approvals required
  • Program or procedural obstacles to desired performance
  • Surprise situations, for example, unanticipated risk factors, schedule or scope changes, and organizational issues
  • Engineering human performance tool(s) applicable to activities being reviewed.

The rubric should have an assessment component, and that assessment should feed back into the originator’s qualified state.

Work product reviews must be early enough to allow feedback into the normal work for repetitive tasks. This should lead to gates in processes, quality-on-the-floor, or better-trained supervisors performing better and more effective reviews. This feedback should always be to the responsible person – the originator—and should be, wherever possible, face-to-face feedback to resolve the particular issues identified. This dialogue is critical.

Conclusion

Work product review is a powerful tool for enhancing quality oversight. By aligning this process with the responsibilities of the Quality Unit and implementing best practices such as standardized rubrics and a risk-based approach, companies can ensure that their products meet the highest standards of quality and safety. Effective work product review not only supports regulatory compliance but also fosters a culture of continuous improvement, which is essential for maintaining excellence in the pharmaceutical industry.

The Role of the HACCP

Reading Strukmyer LLC’s recent FDA Warning Letter, and reflecting back to last year’s Colgate-Palmolive/Tom’s of Maine, Inc. Warning Letter, has me thinking of common language In both warning letters where the FDA asks for “A comprehensive, independent assessment of the design and control of your firm’s manufacturing operations, with a detailed and thorough review of all microbiological hazards.”

Water, Water, Everywhere

It is hard to read that as anything else than a clarion call to use a HACCP.

If that isn’t a HACCP, I don’t know what is. Given the FDA’s rich history and connection to the tool, it is difficult to imagine them thinking of any other tool. Sure, I can invent about 7 other ways to do that, but why bother when there is a great tool, full of powerful uses, waiting to be used that the regulators pretty much have in their DNA.

The Evolution of HACCP in FDA Regulation: A Journey to Enhanced Food Safety

The Hazard Analysis and Critical Control Points (HACCP) system has a fascinating history that is deeply intertwined with FDA regulations. Initially developed in the 1960s by NASA, the Pillsbury Company, and the U.S. Army, HACCP was designed to ensure safe food for space missions. This pioneering collaboration aimed to prevent food safety issues by identifying and controlling critical points in food processing. The success of HACCP in space missions soon led to its application in commercial food production.

In the 1970s, Pillsbury applied HACCP to its commercial operations, driven by incidents such as the contamination of farina with glass. This prompted Pillsbury to adopt HACCP more widely across its production lines. A significant event in 1971 was a panel discussion at the National Conference on Food Protection, which led to the FDA’s involvement in promoting HACCP for food safety inspections. The FDA recognized the potential of HACCP to enhance food safety standards and began to integrate it into its regulatory framework.

As HACCP gained prominence as a food safety standard in the 1980s and 1990s, the National Advisory Committee on Microbiological Criteria for Foods (NACMCF) refined its principles. The committee added preliminary steps and solidified the seven core principles of HACCP, which include hazard analysis, critical control points identification, establishing critical limits, monitoring procedures, corrective actions, verification procedures, and record-keeping. This structured approach helped standardize HACCP implementation across different sectors of the food industry.

A major milestone in the history of HACCP was the implementation of the Pathogen Reduction/HACCP Systems rule by the USDA’s Food Safety and Inspection Service (FSIS) in 1996. This rule mandated HACCP in meat and poultry processing facilities, marking a significant shift towards preventive food safety measures. By the late 1990s, HACCP became a requirement for all food businesses, with some exceptions for smaller operations. This widespread adoption underscored the importance of proactive food safety management.

The Food Safety Modernization Act (FSMA) of 2011 further emphasized preventive controls, including HACCP, to enhance food safety across the industry. FSMA shifted the focus from responding to food safety issues to preventing them, aligning with the core principles of HACCP. Today, HACCP remains a cornerstone of food safety management globally, with ongoing training and certification programs available to ensure compliance with evolving regulations. The FDA continues to support HACCP as part of its broader efforts to protect public health through safe food production and processing practices. As the food industry continues to evolve, the principles of HACCP remain essential for maintaining high standards of food safety and quality.

Why is a HACCP Useful in Biotech Manufacturing

The HACCP seeks to map a process – the manufacturing process, one cleanroom, a series of interlinked cleanrooms, or the water system – and identifies hazards (a point of contamination) by understanding the personnel, material, waste, and other parts of the operational flow. These hazards are assessed at each step in the process for their likelihood and severity. Mitigations are taken to reduce the risk the hazard presents (“a contamination control point”). Where a risk cannot be adequately minimized (either in terms of its likelihood of occurrence, the severity of its nature, or both), this “contamination control point” should be subject to a form of detection so that the facility has an understanding of whether the microbial hazard was potentially present at a given time, for a given operation. In other words, the “critical control point” provides a reasoned area for selecting a monitoring location. For aseptic processing, for example, the target is elimination, even if this cannot be absolutely demonstrated.

The HACCP approach can easily be applied to pharmaceutical manufacturing where it proves very useful for microbial control. Although alternative risk tools exist, such as Failure Modes and Effects Analysis, the HACCP approach is better for microbial control.

The HACCP is a core part of an effective layers of control analysis.

Conducting a HACCP

HACCP provides a systematic approach to identifying and controlling potential hazards throughout the production process.

Step 1: Conduct a Hazard Analysis

  1. List All Process Steps: Begin by detailing every step involved in your biotech manufacturing process, from raw material sourcing to final product packaging. Make sure to walk down the process thoroughly.
  2. Identify Potential Hazards: At each step, identify potential biological, chemical, and physical hazards. Biological hazards might include microbial contamination, while chemical hazards could involve chemical impurities or inappropriate reagents. Physical hazards might include particulates or inappropriate packaging materials.
  3. Evaluate Severity and Likelihood: Assess the severity and likelihood of each identified hazard. This evaluation helps prioritize which hazards require immediate attention.
  4. Determine Preventive Measures: Develop strategies to control significant hazards. This might involve adjusting process conditions, improving cleaning protocols, or enhancing monitoring systems.
  5. Document Justifications: Record the rationale behind including or excluding hazards from your analysis. This documentation is essential for transparency and regulatory compliance.

Step 2: Determine Critical Control Points (CCPs)

  1. Identify Control Points: Any step where biological, chemical, or physical factors can be controlled is considered a control point.
  2. Determine CCPs: Use a decision tree to identify which control points are critical. A CCP is a step at which control can be applied and is essential to prevent or eliminate a hazard or reduce it to an acceptable level.
  3. Establish Critical Limits: For each CCP, define the maximum or minimum values to which parameters must be controlled. These limits ensure that hazards are effectively managed.
Control PointsCritical Control Points
Process steps where a control measure (mitigation activity) is necessary to prevent the hazard from occurringProcess steps where both control and monitoring are necessary to assure product quality and patient safety
Are not necessarily critical control points (CCPs)Are also control points
Determined from the risk associated with the hazardDetermined through a decision tree

Step 3: Establish Monitoring Procedures

  1. Develop Monitoring Plans: Create detailed plans for monitoring each CCP. This includes specifying what to monitor, how often, and who is responsible.
  2. Implement Monitoring Tools: Use appropriate tools and equipment to monitor CCPs effectively. This might include temperature sensors, microbial testing kits, or chemical analyzers.
  3. Record Monitoring Data: Ensure that all monitoring data is accurately recorded and stored for future reference.

Step 4: Establish Corrective Actions

  1. Define Corrective Actions: Develop procedures for when monitoring indicates that a CCP is not within its critical limits. These actions should restore control and prevent hazards.
  2. Proceduralize: You are establishing alternative control strategies here so make sure they are appropriately verified and controlled by process/procedure in the quality system.
  3. Train Staff: Ensure that all personnel understand and can implement corrective actions promptly.

Step 5: Establish Verification Procedures

  1. Regular Audits: Conduct regular audits to verify that the HACCP system is functioning correctly. This includes reviewing monitoring data and observing process operations.
  2. Validation Studies: Perform validation studies to confirm that CCPs are effective in controlling hazards.
  3. Continuous Improvement: Use audit findings to improve the HACCP system over time.

Step 6: Establish Documentation and Record-Keeping

  1. Maintain Detailed Records: Keep comprehensive records of all aspects of the HACCP system, including hazard analyses, CCPs, monitoring data, corrective actions, and verification activities.
  2. Ensure Traceability: Use documentation to ensure traceability throughout the production process, facilitating quick responses to any safety issues.

Step 7: Implement and Review the HACCP Plan

  1. Implement the Plan: Ensure that all personnel involved in biotech manufacturing understand and follow the HACCP plan.
  2. Regular Review: Regularly review and update the HACCP plan to reflect changes in processes, new hazards, or lessons learned from audits and incidents.

Safecor Health Warning Letter Closeout

I got a post on my RSS feed today from the FDA for a closeout letter to Safecor Health in response to the 2023 Warning Letter. Always happy to see an actual closeout letter.

The main takeaways from the FDA warning letter:

Inadequate Line Clearance and Packaging Controls:

    • Safecor failed to properly inspect packaging and labeling facilities before use, leading to potential mix-ups of drug products. This was evidenced by the presence of unrelated tablets and capsules during the packaging of a specific product.
    • The company has a history of product mix-ups, including instances where a vitamin was found in a drug meant to prevent organ transplant rejection and mislabeled blood clot prevention medication.

    Insufficient Cleaning and Maintenance Procedures:

      • The firm lacked adequate procedures for cleaning and maintaining equipment, with unidentified residues found on supposedly clean equipment. This poses a risk of cross-contamination.
      • The company’s cleaning validation program was deemed inadequate, particularly in addressing worst-case scenarios.

      Failure to Test Components:

        • Safecor did not adequately test incoming components, such as water used in drug manufacturing, for purity, strength, and quality.
        • The company relied on visual inspections without performing necessary chemical and microbiological tests.

        Quality Control Unit Deficiencies:

          • The quality control unit failed to ensure compliance with CGMP regulations, including inadequate document control and data integrity issues.
          • Manufacturing records were not properly controlled, and corrections were made using correction fluid, raising concerns about data authenticity.