Someday these reports won’t take a year to write. If I took a year writing my annual reports I would receive an inspection finding from the MHRA.
There is no surprise that the five critical observations are all from risk management. Risk management is also the largest source of major findings, with quality management a close second with a lot of growth.
There are a lot of observations around the smooth and effective running of the CAPA program; a fair amount on PSMF management; and a handful on procedure, training and oversight.
Looking at the nine major observations due to deficiencies in the management of CAPA, the MHRA reports these problems:
Delays to CAPA development
CAPA that did not address the root cause and impact analysis for the identified noncompliance
Open CAPA which were significantly past their due date
CAPA raised from a previous critical finding raised at an earlier MHRA inspection had not been addressed
I’m going to go out on a limb here and say some of these stem from companies thinking non-GMP CAPAs do not require the same level of control and scrutiny. Root Cause Analysis and a good CAPA program are fundamental, no matter where you fall on (or out of) the pharmaceutical regulatory spectrum.
PIC/S recently updated an Aide Mémoire on inspections of biotech manufacturers in January. The aim of this AiM is to harmonize GMP inspections in biotechnological and biological facilities and to ensure their quality. There wasn’t much new in this version, the revision history says “Minor edits to update cross-references to PIC/S GMP Guide (PE 009-14),” but this is a good time to review the document.
Last night speaking at the DFW Audit SIG one of the topics I wished I had gone a little deeper on were controls, and how to gauge their strength.
As I am preparing to interview candidates for a records management position, I thought I would flesh out controls specific to the storage of and access to completed or archived paper records, such as forms, as an example.
These controls are applied at the record or system level and are meant to prevent a potential data integrity issue from occurring.
Generation and Reconciliation of Documents
For each record
Who performs controlled issuance
Individuals authorized by quality unit from designated unit (limited, centralized)
Individuals authorized by quality unit from (limited, decentralized)
Anyone (unlimited, decrentalized), often user of record
Full reconciliation of record and pages based on unique identifier
Full reconciliation of records and pages based on quantity issued
Yes, by controlled process
Destruction of blank forms
Performed by issuing unit, quality oversight required (High level of evidence)
Performed by the operating or issuing unit, quality unit oversight required
Performed by the individual, quality unit oversight required (periodic walk throughs, self-inspections and audits)
Storage and Access to completed and archived paper records
Office retention location
How Removed & Returned
Limited conditions for removal (e.g. regulatory inspections) method of recording the removal and return of the record(e.g. archive management system, logbook). Most use of documents either in controlled reading area or by scans.
Method of recording the removal and return of the record(e.g., archive management system, logbook).
Method (e.g. logbook) recording of documents checked-in/checked-out
Card key access with entry and exit documented.
Card key access with entry and exit documented.
Limited key access
Periodic User Access Review
Every 2 years
There are also the need to consider controls for paper to electronic, electronic to paper and my favorite beast, the true copy.
For paper records a true copy of a picture of the original that keeps everything – a scan. The regulations state that you can get rid of the paper if you have a true copy. Many things called a true copy are probably not a true copy, to ensure an accurate true copy add two more controls.
Documented review by second person from the quality unit for legibility, accuracy, and completeness
Documented review by second person (not necessarily from the quality unit) for legibility, accuracy, and completeness
Documented verification by person performing the scan for legibility, accuracy, and completeness
Discard of original allowed
Yes, as defined by quality unit oversight, unless there is a seal, watermark, or other identifier that can’t be accurately reproduced electronically.
Yes, performed by the operating unit, unless there is a seal, watermark, or other identifier that can’t be accurately reproduced electronically. Quality unit oversight required
Yes, individual can discard original Quality unit oversight required
The Barr decision, issued 28 years ago, explains how to deal with OOS results. The FDA followed up with a guidance in 2006 “Guidance for Industry Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production.” Companies have no excuse for continued failure here, and yet as we see with Allay (and so many others) failures in investigation of out-of-specifications continues to be a major concern. Yet nothing we see is not covered in the Barr decision.
If you a pharmaceutical GMP professional these three documents should be ones you are more than ready to explain against your quality system.
I will be presenting at the February Audit SIG of the DFW Section of the ASQ on Data Integrity. Many companies struggle with the concepts of data integrity as it involves both paper and electronic data, dealing with legacy computer systems and the organization culture. This session will lay out the core principles of data integrity:
Organizational culture should drive ALCOA
Data governance is part of the management review process
Data Risk Assessments with appropriate mitigations (full risk management approach)
The Audit SIG webinar is scheduled for Tuesday February 9, 2021 at 6:00 pm. To sign up RSVP to firstname.lastname@example.org by February 8 by 6:00 pm. An email with a link to the webinar will be returned to those that RSVP.