MHRA on Good Pharacovigilance Inspections

The MHRA GPvP inspectorate recently published their latest inspection metrics for the period from April 2019 to March 2020. 

Someday these reports won’t take a year to write. If I took a year writing my annual reports I would receive an inspection finding from the MHRA.

There is no surprise that the five critical observations are all from risk management. Risk management is also the largest source of major findings, with quality management a close second with a lot of growth.

There are a lot of observations around the smooth and effective running of the CAPA program; a fair amount on PSMF management; and a handful on procedure, training and oversight.

Looking at the nine major observations due to deficiencies in the management of CAPA, the MHRA reports these problems:

  • Delays to CAPA development
  • CAPA that did not address the root cause and impact analysis for the identified noncompliance
  • Open CAPA which were significantly past their due date
  • CAPA raised from a previous critical finding raised at an earlier MHRA inspection had not been addressed

I’m going to go out on a limb here and say some of these stem from companies thinking non-GMP CAPAs do not require the same level of control and scrutiny. Root Cause Analysis and a good CAPA program are fundamental, no matter where you fall on (or out of) the pharmaceutical regulatory spectrum.

PIC/S on Inspection of biotech manufacturers

PIC/S recently updated an Aide Mémoire on inspections of biotech manufacturers in January. The aim of this AiM is to harmonize GMP inspections in biotechnological and biological facilities and to ensure their quality. There wasn’t much new in this version, the revision history says “Minor edits to update cross-references to PIC/S GMP Guide (PE 009-14),” but this is a good time to review the document.

Data Integrity for Record Management

Last night speaking at the DFW Audit SIG one of the topics I wished I had gone a little deeper on were controls, and how to gauge their strength.

As I am preparing to interview candidates for a records management position, I thought I would flesh out controls specific to the storage of and access to completed or archived paper records, such as forms, as an example.

These controls are applied at the record or system level and are meant to prevent a potential data integrity issue from occurring.

Generation and Reconciliation of Documents

 Data Criticality
 HighMediumLow
Unique identifierFor each recordNoNo
Who performs controlled issuanceIndividuals authorized by quality unit from designated unit (limited, centralized)Individuals authorized by quality unit from (limited, decentralized)Anyone (unlimited, decrentalized), often user of record
ReconciliationFull reconciliation of record and pages based on unique identifierFull reconciliation of records and pages based on quantity issuedNo reconciliation
Controlled printYesYesNo
Bulk printingNoYes, by controlled processYes
Destruction of blank formsPerformed by issuing unit, quality oversight required (High level of evidence)Performed by the operating or issuing unit, quality unit oversight requiredPerformed by the individual, quality unit oversight required (periodic walk throughs, self-inspections and audits)

Storage and Access to completed and archived paper records

 Data Criticality
 HighMediumLow
Where StoredClimate-controlled roomClimate-controlled roomOffice retention location
How Removed & ReturnedLimited conditions for removal (e.g. regulatory inspections) method of recording the removal and return of the record(e.g. archive management system, logbook). Most use of documents either in controlled reading area or by scans.Method of recording the removal and return of the record(e.g., archive management system, logbook).Method (e.g. logbook) recording of documents checked-in/checked-out
Access ControlCard key access with entry and exit documented.Card key access with entry and exit documented.Limited key access
Periodic User Access ReviewAnnuallyAnnuallyEvery 2 years

There are also the need to consider controls for paper to electronic, electronic to paper and my favorite beast, the true copy.

For paper records a true copy of a picture of the original that keeps everything – a scan. The regulations state that you can get rid of the paper if you have a true copy. Many things called a true copy are probably not a true copy, to ensure an accurate true copy add two more controls.

 Data Criticality
 HighMediumLow
Review requirementsDocumented review by second person from the quality unit for legibility, accuracy, and completenessDocumented review by second person (not necessarily from the quality unit) for legibility, accuracy, and completenessDocumented verification by person performing the scan for legibility, accuracy, and completeness
Discard of original allowedYes, as defined by quality unit oversight, unless there is a seal, watermark, or other identifier that can’t be accurately reproduced electronically.Yes, performed by the operating unit, unless there is a seal, watermark, or other identifier that can’t be accurately reproduced electronically. Quality unit oversight requiredYes, individual can discard original Quality unit oversight required

OOS failures

Go and read the January 2021 FDA warning letter to Allay Pharmaceuticals and then go and read the 1993 decision in United States vs Barr Laboratories.

The Barr decision, issued 28 years ago, explains how to deal with OOS results. The FDA followed up with a guidance in 2006 “Guidance for Industry Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production.” Companies have no excuse for continued failure here, and yet as we see with Allay (and so many others) failures in investigation of out-of-specifications continues to be a major concern. Yet nothing we see is not covered in the Barr decision.

If you a pharmaceutical GMP professional these three documents should be ones you are more than ready to explain against your quality system.

Upcoming Data Integrity Virtual Presentation

I will be presenting at the February Audit SIG of the DFW Section of the ASQ on Data Integrity.  Many companies struggle with the concepts of data integrity as it involves both paper and electronic data, dealing with legacy computer systems and the organization culture. This session will lay out the core principles of data integrity:

  • Organizational culture should drive ALCOA
  • Data governance is part of the management review process
  • Data Risk Assessments with appropriate mitigations (full risk management approach)

The Audit SIG webinar is scheduled for Tuesday February 9, 2021 at 6:00 pm.  To sign up RSVP to jcapstick@gramercyinc.net by February 8 by 6:00 pm.  An email with a link to the webinar will be returned to those that RSVP.