Catalent Belgium Form 483 and Contamination Control

The FDA recently released a Form 483 it handed to Catalent Belgium following an inspection of its 265,000 square-foot facility in Brussels in October 2021. Catalent is a pretty sizable entity, so it is very valuable to see what we can learn from their observations.

Failure to adequately assess an unexplained discrepancy or deviation

“Standard Operating Procedure STB-QA-0010, Deviation Management, v21 classifies deviations as minor, major or critical based on the calculation of a risk priority number, with a HEPA filter failure within a Grade A environment often classified as minor. Specifically, Deviation 327567 (Date of occurrence 04 March 2021) was for a HEPA filter failure on the <redacted> fill line, with a breach at the HEPA filter frame.”

This one is more common than it should be. I’ve recently written about categorization and criticality of events. I want to stress the term potential when addressing impact in the classification of events.

Control barriers exist for a reason. You breach that control barrier in any way, you have the potential to impact product or environment. It is really easy for experienced SMEs to say “But this has never had any real impact before” and then downgrade the deviation classification. Before long it becomes the norm that HEPA filter failures are minor because they never have impact. And then one does. Then there are shortages or worse.

It is important to avoid that complacency and treat each and every control barrier failure to the same level of investigation based on their potentiality to impact.

The other problem here is failure to identify trends and deal with them. I can honestly say that the last thing I ever want anyone, especially an inspector, to write about something where I have quality oversight is a failure to investigate multiple control barrier events.

Other GMP manufacturing areas have a similar elevated level of HEPA filter failures, with the root cause of the HEPA filter failures unknown. There is no CAPA in support of correction action. Your firm failed to ensure your investigations identify appropriate root causes and you failed to implement sustainable corrective action and preventive action (CAPA).

Contamination Control function

Observation 2 and 3 are doozies, but there is probably a lack of expertise involved here. The site is using out-of-date and inadequate methods in their validation. Hire a strong contamination control expert and leverage them. Build expertise in the organization through a robust training program. Connect this to all relevant quality systems/processes.

Corrective Maintenance and Troubleshooting

“Equipment and facilities used in the manufacture of drug product are not adequately maintained or appropriately designed to facilitate operations for their intended use.

The asset control lifecycle matters, and corrective maintenance can not be shorted.

This is starting to feel a lot like my upcoming presentation at the 2022 ISPE Aseptic Conference where I will be speaking on “Contamination Control, Risk and the Quality Management System

Contamination Control is a fairly wide term used to mean “getting microbiologists out of the lab” and involved in risk management and the quality management system. This presentation will evaluate best practices in building a contamination control strategy and ensuring its use throughout the quality system. Leveraging a House of Quality approach, participants will learn how to: Create targeted/ risk based measures of contamination avoidance; Implement Key performance indicators to assess status of contamination control; and ensure a defined strategy for deviation management (investigations), CAPA and change management.”

Maybe we can talk more there!

Q9 (r1) Risk Management Draft

Q9 (r1) starts with all the same sections on scope and purpose. There are slight differences in ordering in scope, mainly because of the new sections below, but there isn’t much substantially different.

4.1 Responsibilities

This is the first major change with added paragraphs on subjectivity, which basically admits that it exists and everyone should be aware of that. This is the first major change that should be addressed in the quality system “All participants involved with quality risk management activities should acknowledge, anticipate, and address the potential for subjectivity.”

Aligned with that requirement is a third bullet for decision-makers: “assure that subjectivity in quality risk management activities is controlled and minimised, to facilitate scientifically robust risk-based decision making.”

Solid additions, if a bit high level. A topic of some interest on this blog, recognizing the impact of subjectivity is critical to truly developing good risk management.

Expect to start getting questions on how you acknowledge, anticipate and address subjectivity. It will take a few years for this to work its way through the various inspectorates after approval, but it will. There are various ways to crack this, but it will require both training and tools to make it happen. It also reinforces the need for well-trained facilitators.

5.1 Formality in Quality Risk Management

“The degree of rigor and formality of quality risk management should reflect available knowledge and be commensurate with the complexity and/ or criticality of the issue to be addressed.”

That statement in Q9 has long been a nugget of long debate, so it is good to see section 5.1 added to give guidance on how to implement it, utilizing 3 axis:

  • Uncertainty: This draft of Q9 utilizes a fairly simple definition of uncertainty and needs to be better aligned to ISO 31000. This is where I am going to definitely submit comments. Taking a straight knowledge management approach and defining uncertainty solely on lack of knowledge misses the other element of uncertainty that are important.
  • Importance: This was probably the critical determination folks applied to formality in the past.
  • Complexity: Not much said on complexity, which is worrisome because this is a tough one to truly analyze. It requires system thinking, and a ot of folks really get complicated and complex confused.

This section is important, the industry needs it as too many companies have primitive risk management approaches because they shoe-horn everything into a one size fits all level of formality and thus either go overboard or do not go far enough. But as written this draft of Q9 is a boon to consultants.

We then go on to get just how much effort should go into higher formality versus lower level of formality which boils down to higher formality is more stand alone and lower formality happens within another aspect of the quality system.

5.2 Risk-based Decision Making

Another new section, definitely designed to align to ISO 9001-2015 thinking. Based on the level of formality we are given three types with the first two covering separate risk management activities and the third being rule-based in procedures.

6. INTEGRATION OF QUALITY RISK MANAGEMENT INTO INDUSTRY AND REGULATORY OPERATIONS

Section 6 gets new subsection “The role of Quality Risk Management in addressing Product Availability Risks,” “Manufacturing Process Variation and State of Control (internal and external),” “Manufacturing Facilities,” “Oversight of Outsourced Activities and Suppliers.” These new subsections expand on what used to be solely a list of bullet points and provide some points to consider in their topic area. They are also good things to make sure risk management is built into if not already there.

Overall Thoughts

The ICH members did exactly what they told us they were going to do, and pretty much nothing else. I do not think they dealt with the issues deeply and definitively enough, and have added a whole lot of ambiguity into the guidance. which is better than being silent on the topic, but I’m hoping for a lot more.

Subjectivity, uncertainty, and formality are critical topics. Hopefully your risk management program is already taking these into account.

I’m hoping we will also see a quick revision of the PIC/S “Assessment of Quality Risk Management Implementation” to align to these concepts.

ICH Q9 Risk Management (r1) in consultation

ICH Q9 (r1) is in step 2, which means it is out for comments.

Section 5, “Risk Management Methodology” is greatly expanded, with a discussion on just what level of formality means in risk management using three criteria of uncertainty, complexity, and importance. Section 5 then goes into risk based decision making to a greater depth than seen previously in guidances.

Section 6 is greatly expanded as well.

I need to read this in more depth before providing a deeper analysis.

FDA 2021 483s – Bioresearch Monitoring

The FDA has released the 2021 483 data. With my mind being mostly preoccupied with bioresearch monitoring inspection preparation, let’s look at that data, focusing on the top 10.

CFR Reference in 2021# 483s 2021#  483s 2020# 483s 2019
21 CFR 312.609058127
FD-1572, protocol compliance8454119
Informed consent648
21 CFR 312.62(b)483060
Case history records- inadequate or inadequate483060
21 CFR 312.62(a)131117
Accountability records121116
Unused drug disposition (investigator)1#N/A1
21 CFR 50.27(a)937
Consent form not approved/signed/dated726
Copy of consent form not provided211
21 CFR 312.64(b)967
Safety reports967
21 CFR 312.668719
Initial and continuing review626
Unanticipated problems246
21 CFR 312.20(a)513
Failure to submit an IND513
21 CFR 58.130(a)423
Conduct: in accordance with protocol423
21 CFR 312.503716
General responsibilities of sponsors3414
21 CFR 50.20358
Consent not obtained, exceptions do not apply314
Comparison of 2021 Top 10 BIMO 483 categories with 2020 and 2019 data

Based on comparison of number of inspections per year, I am not sure we can really say there was much COVID impact in the data. COVID may have influenced observations, but all it really seemed to do is excaerbate already existing problems,

Key lesson in the data? The GCPs are struggling at accountability of documentation and decision making.

The Cost of Generics

Production of generics has shifted overseas, where it’s harder for the Food and Drug Administration to inspect factories. Major companies have been caught faking and manipulating the data that is supposed to prove that drugs are effective and safe. Probable carcinogens have been discovered in the drug supply. During the pandemic, which caused several countries to ban the export of medical supplies, a new fear has arisen: that faraway factories might one day cut Americans off from their drugs. Dozens of lifesaving medications are made with ingredients no longer manufactured in the United States.

Stockman,FarahOur Drug Supply Is Sick. How Can We Fix It?” The New York Times, 18 September 2021

Philip Runyan pointed out this article today, and it is worth reading. It has personal connection with me, as well as professional in that my wife takes Levothyroxine. I’m a huge fan of Katherine Eban’s Bottle of Lies, and this opinion piece fits excellently into that strand of reporting. We need more reporters on this beat.

I do not think the quality of drug manufacturers worldwide are rising to the level of the US and Europe. I think onshoring is one of those trends that is going to shake the pharmaceutical world over the next decade. Civica is ahead of the curve, but not by much.

Good shoutout to Redica, one of my favorite tools for regulatory intelligence (but expensive).

Notice that Viatris (Mylan) fails at driving out fear. Layoffs are one of the largest possible sources of fear.

We will eventually see a quality rating system. Whether it looks like the FDA’s current metric initiative remains to be seen.