Tag: artificial intelligence

Facility-Driven Bacterial Endotoxin Control Strategies

The pharmaceutical industry stands at an inflection point in microbial control, with bacterial endotoxin management undergoing a profound transformation. For decades, compliance focused on meeting pharmacopeial limits at product release—notably the 5.0 EU/kg threshold for parenterals mandated by standards like Ph. Eur. 5.1.10. While these endotoxin specifications remain enshrined as Critical Quality Attributes (CQAs), regulators now demand a fundamental reimagining of control strategies that transcends product specifications.

This shift reflects growing recognition that endotoxin contamination is fundamentally a facility-driven risk rather than a product-specific property. Health Authorities increasingly expect manufacturers to implement preventive, facility-wide control strategies anchored in quantitative risk modeling, rather than relying on end-product testing.

The EU Annex 1 Contamination Control Strategy (CCS) framework crystallizes this evolution, requiring cross-functional systems that integrate:

  • Process design capable of achieving ≥3 log10 endotoxin reduction (LRV) with statistical confidence (p<0.01)
  • Real-time monitoring of critical utilities like WFI and clean steam
  • Personnel flow controls to minimize bioburden ingress
  • Lifecycle validation of sterilization processes

Our organizations should be working to bridge the gap between compendial compliance and true contamination control—from implementing predictive analytics for endotoxin risk scoring to designing closed processing systems with inherent contamination barriers. We’ll examine why traditional quality-by-testing approaches are yielding to facility-driven quality-by-design strategies, and how leading organizations are leveraging computational fluid dynamics and risk-based control charts to stay ahead of regulatory expectations.

House of contamination control

Bacterial Endotoxins: Bridging Compendial Safety and Facility-Specific Risks

Bacterial endotoxins pose unique challenges as their control depends on facility infrastructure rather than process parameters alone. Unlike sterility assurance, which can be validated through autoclave cycles, endotoxin control requires continuous vigilance over water systems, HVAC performance, and material sourcing. The compendial limit of 5.0 EU/kg ensures pyrogen-free products, but HAs argue this threshold does not account for facility-wide contamination risks that could compromise multiple batches. For example, a 2023 EMA review found 62% of endotoxin-related recalls stemmed from biofilm breaches in water-for-injection (WFI) systems rather than product-specific failures.

Annex 1 addresses this through CCS requirements that mandate:

  • Facility-wide risk assessments identifying endotoxin ingress points (e.g., inadequate sanitization intervals for cleanroom surfaces)
  • Tiered control limits integrating compendial safety thresholds (specifications) with preventive action limits (in-process controls)
  • Lifecycle validation of sterilization processes, hold times, and monitoring systems

Annex 1’s Contamination Control Strategy: A Blueprint for Endotoxin Mitigation

Per Annex 1’s glossary, a CCS is “a planned set of controls […] derived from product and process understanding that assures process performance and product quality”. For endotoxins, this translates to 16 interrelated elements outlined in Annex 1’s Section 2.6, including:

  1. Water System Controls:
    • Validation of WFI biofilm prevention measures (turbulent flow >1.5 m/s, ozone sanitization cycles)
    • Real-time endotoxin monitoring using inline sensors (e.g., centrifugal microfluidics) complementing testing
  2. Closed Processing
  3. Material and Personnel Flow:
    • Gowning qualification programs assessing operator-borne endotoxin transfer
    • Raw material movement
  4. Environmental Monitoring:
    • Continuous viable particle monitoring in areas with critical operations with endotoxin correlation studies
    • Settle plate recovery validation accounting for desiccation effects on endotoxin-bearing particles
Validating Manufacturing Process Closure for Biotech Utilizing Single-Use Systems (SUS)

Risk Management Tools for Endotoxin Control

The revised Annex 1 mandates Quality Risk Management (QRM) per ICH Q9, requiring facilities to deploy appropriate risk management.

Hazard Analysis and Critical Control Points (HACCP) identifies critical control points (CCPs) where endotoxin ingress or proliferation could occur. For there a Failure Modes Effects and Criticality Analysis (FMECA) can further prioritizes risks based on severity, occurrence, and detectability.

Endotoxin-Specific FMECA (Failure Mode, Effects, and Criticality Analysis)

Failure ModeSeverity (S)Occurrence (O)Detectability (D)RPN (S×O×D)Mitigation
WFI biofilm formation5 (Product recall)3 (1/2 years)2 (Inline sensors)30Install ozone-resistant diaphragm valves
HVAC filter leakage4 (Grade C contamination)2 (1/5 years)4 (Weekly integrity tests)32HEPA filter replacement every 6 months
Simplified FMECA for endotoxin control (RPN thresholds: <15=Low, 15-50=Medium, >50=High)

Process Validation and Analytical Controls

As outlined in the FDA’s Process Validation: General Principles and Practices, PV is structured into three stages: process design, process qualification, and continued process verification (CPV). For bacterial endotoxin control, PV extends to validating sterilization processes, hold times, and water-for-injection (WFI) systems, where CPPs like sanitization frequency and turbulent flow rates are tightly controlled to prevent biofilm formation.

Analytical controls form the backbone of quality assurance, with method validation per ICH Q2(R1) ensuring accuracy, precision, and specificity for critical tests such as endotoxin quantification. The advent of rapid microbiological methods (RMM), including recombinant Factor C (rFC) assays, has reduced endotoxin testing timelines from hours to minutes, enabling near-real-time release of drug substances. These methods are integrated into continuous process verification programs, where action limits—set at 50% of the assay’s limit of quantitation (LOQ)—serve as early indicators of facility-wide contamination risks. For example, inline sensors in WFI systems or bioreactors provide continuous endotoxin data, which is trended alongside environmental monitoring results to preempt deviations. The USP <1220> lifecycle approach further mandates ongoing method performance verification, ensuring analytical procedures adapt to process changes or scale-up.

The integration of Process Analytical Technology (PAT) and Quality by Design (QbD) principles has transformed manufacturing by embedding real-time quality controls into the process itself. PAT tools such as Raman spectroscopy and centrifugal microfluidics enable on-line monitoring of product titers and impurity profiles, while multivariate data analysis (MVDA) correlates CPPs with CQAs to refine design spaces. Regulatory submissions now emphasize integrated control strategies that combine process validation data, analytical lifecycle management, and facility-wide contamination controls—aligning with EU GMP Annex 1’s mandate for holistic contamination control strategies (CCS). By harmonizing PV with advanced analytics, manufacturers can navigate HA expectations for tighter in-process limits while ensuring patient safety through compendial-aligned specifications.

Some examples may include:

1. Hold Time Validation

  • Microbial challenge studies using endotoxin-spiked samples (e.g., 10 EU/mL Burkholderia cepacia lysate)
  • Correlation between bioburden and endotoxin proliferation rates under varying temperatures

2. Rapid Microbiological Methods (RMM)

  • Comparative validation of recombinant Factor C (rFC) assays against LAL for in-process testing
  • 21 CFR Part 11-compliant data integration with CCS dashboards

3. Closed System Qualification

  • Extractable/leachable studies assessing endotoxin adsorption to single-use bioreactor films
  • Pressure decay testing with endotoxin indicators (Bacillus subtilis spores)

Harmonizing Compendial Limits with HA Expectations

To resolve regulator’s concerns about compendial limits being insufficiently preventive, a two-tier system aligns with Annex 1’s CCS principles:

ParameterRelease Specification (EU/kg)In-Process Action LimitRationale
Bulk Drug Substance5.0 (Ph. Eur. 5.1.10)1.0 (LOQ × 2)Detects WFI system drift
Excipient (Human serum albumin)0.25 (USP <85>)0.05 (50% LOQ)Prevents cumulative endotoxin load
Example tiered specifications for endotoxin control

Future Directions

Technology roadmaps should be driving adoption of:

  • AI-powered environmental monitoring: Machine learning models predicting endotoxin risks from particle counts
  • Single-use sensor networks: RFID-enabled endotoxin probes providing real-time CCS data
  • Advanced water system designs: Reverse osmosis (RO) and electrodeionization (EDI) systems with ≤0.001 EU/mL capability without distillation

Manufacturers can prioritize transforming endotoxin control from a compliance exercise into a strategic quality differentiator—ensuring patient safety while meeting HA expectations for preventive contamination management.

Data Quality, Data Bias, and the Risk Assessment

I’ve seen my fair share of risk assessments listing data quality or bias as hazards. I tend to think that is pretty sloppy. I especially see this a lot in conversations around AI/ML. Data quality is not a risk. It is a causal factor in the failure or severity.

Data Quality and Data Bias

Data Quality

Data quality refers to how well a dataset meets certain criteria that make it fit for its intended use. The key dimensions of data quality include:

  1. Accuracy – The data correctly represents the real-world entities or events it’s supposed to describe.
  2. Completeness – The dataset contains all the necessary information without missing values.
  3. Consistency – The data is uniform and coherent across different systems or datasets.
  4. Timeliness – The data is up-to-date and available when needed.
  5. Validity – The data conforms to defined business rules and parameters.
  6. Uniqueness – There are no duplicate records in the dataset.

High-quality data is crucial for making informed quality decisions, conducting accurate analyses, and developing reliable AI/ML models. Poor data quality can lead to operational issues, inaccurate insights, and flawed strategies.

Data Bias

Data bias refers to systematic errors or prejudices present in the data that can lead to inaccurate or unfair outcomes, especially in machine learning and AI applications. Some common types of data bias include:

  1. Sampling bias – When the data sample doesn’t accurately represent the entire population.
  2. Selection bias – When certain groups are over- or under-represented in the dataset.
  3. Reporting bias – When the frequency of events in the data doesn’t reflect real-world frequencies.
  4. Measurement bias – When the data collection method systematically skews the results.
  5. Algorithmic bias – When the algorithms or models introduce biases in the results.

Data bias can lead to discriminatory outcomes and produce inaccurate predictions or classifications.

Relationship between Data Quality and Bias

While data quality and bias are distinct concepts, they are closely related:

  • Poor data quality can introduce or exacerbate biases. For example, incomplete or inaccurate data may disproportionately affect certain groups.
  • High-quality data doesn’t necessarily mean unbiased data. A dataset can be accurate, complete, and consistent but still contain inherent biases.
  • Addressing data bias often involves improving certain aspects of data quality, such as completeness and representativeness.

Organizations must implement robust data governance practices to ensure high-quality and unbiased data, regularly assess their data for quality issues and potential biases, and use techniques like data cleansing, resampling, and algorithmic debiasing.

Identifying the Hazards and the Risks

It is critical to remember the difference between a hazard and a risk. Data quality is a causal factor in the hazard, not a harm.

Hazard Identification

Think of it like a fever. An open wound is a causal factor for the fever, which has a root cause of poor wound hygiene. I can have the factor (the wound), but without the presence of the root cause (poor wound hygiene), the event (fever) would not develop (okay, there may be other root causes in play as well; remember there is never really just one root cause).

Potential Issues of Poor Data Quality and Inadequate Data Governance

The risks associated with poor data quality and inadequate data governance can significantly impact organizations. Here are the key areas where risks can develop:

Decreased Data Quality

  • Inaccurate, incomplete, or inconsistent data leads to flawed decision-making
  • Errors in customer information, product details, or financial data can cause operational issues
  • Poor quality data hinders effective analysis and forecasting

Compliance Failures:

  • Non-compliance with regulations can result in regulatory actions
  • Legal complications and reputational damage from failing to meet regulatory requirements
  • Increased scrutiny from regulatory bodies

Security Breaches

  • Inadequate data protection increases vulnerability to cyberattacks and data breaches
  • Financial costs associated with breach remediation, legal fees, and potential fines
  • Loss of customer trust and long-term reputational damage

Operational Inefficiencies

  • Time wasted on manual data cleaning and correction
  • Reduced productivity due to employees working with unreliable data
  • Inefficient processes resulting from poor data integration or inconsistent data formats

Missed Opportunities

  • Failure to identify market trends or customer insights due to unreliable data
  • Missed sales leads or potential customers because of inaccurate contact information
  • Inability to capitalize on business opportunities due to lack of trustworthy data

Poor Decision-Making

  • Decisions based on inaccurate or incomplete data leading to suboptimal outcomes, including deviations and product/study impact
  • Misallocation of resources due to flawed insights from poor quality data
  • Inability to effectively measure and improve performance

Potential Issues of Data Bias

Data bias presents significant risks across various domains, particularly when integrated into machine learning (ML) and artificial intelligence (AI) systems. These risks can manifest in several ways, impacting both individuals and organizations.

Discrimination and Inequality

Data bias can lead to discriminatory outcomes, systematically disadvantaging certain groups based on race, gender, age, or socioeconomic status. For example:

  • Judicial Systems: Biased algorithms used in risk assessments for bail and sentencing can result in harsher penalties for people of color compared to their white counterparts, even when controlling for similar circumstances.
  • Healthcare: AI systems trained on biased medical data may provide suboptimal care recommendations for minority groups, potentially exacerbating health disparities.

Erosion of Trust and Reputation

Organizations that rely on biased data for decision-making risk losing the trust of their customers and stakeholders. This can have severe reputational consequences:

  • Customer Trust: If customers perceive that an organization’s AI systems are biased, they may lose trust in the brand, leading to a decline in customer loyalty and revenue.
  • Reputation Damage: High-profile cases of AI bias, such as discriminatory hiring practices or unfair loan approvals, can attract negative media attention and public backlash.

Legal and Regulatory Risks

There are significant legal and regulatory risks associated with data bias:

  • Compliance Issues: Organizations may face legal challenges and fines if their AI systems violate anti-discrimination laws.
  • Regulatory Scrutiny: Increasing awareness of AI bias has led to calls for stricter regulations to ensure fairness and accountability in AI systems.

Poor Decision-Making

Biased data can lead to erroneous decisions that negatively impact business operations:

  • Operational Inefficiencies: AI models trained on biased data may make poor predictions, leading to inefficient resource allocation and operational mishaps.
  • Financial Losses: Incorrect decisions based on biased data can result in financial losses, such as extending credit to high-risk individuals or mismanaging inventory.

Amplification of Existing Biases

AI systems can perpetuate and even amplify existing biases if not properly managed:

  • Feedback Loops: Biased AI systems can create feedback loops where biased outcomes reinforce the biased data, leading to increasingly skewed results over time.
  • Entrenched Inequities: Over time, biased AI systems can entrench societal inequities, making it harder to address underlying issues of discrimination and inequality.

Ethical and Moral Implications

The ethical implications of data bias are profound:

  • Fairness and Justice: Biased AI systems challenge the principles of fairness and justice, raising moral questions about using such technologies in critical decision-making processes.
  • Human Rights: There are concerns that biased AI systems could infringe on human rights, particularly in areas like surveillance, law enforcement, and social services.

Perform the Risk Assessment

ICH Q9 (r1) Risk Management Process

Risk Management happens at the system/process level, where an AI/ML solution will be used. As appropriate, it drills down to the technology level. Never start with the technology level.

Hazard Identification

It is important to identify product quality hazards that may ultimately lead to patient harm. What is the hazard of that bad decision? What is the hazard of bad quality data? Those are not hazards; they are causes.

Hazard identification, the first step of a risk assessment, begins with a well-defined question defining why the risk assessment is being performed. It helps define the system and the appropriate scope of what will be studied. It addresses the “What might go wrong?” question, including identifying the possible consequences of hazards. The output of the hazard identification step is the identification of the possibilities (i.e., hazards) that the risk event (e.g., impact to product quality) happens.

The risk question takes the form of “What is the risk of using AI/ML solution for <Process/System> to <purpose of AI/MIL solution.” For example, “What is the risk of using AI/ML to identify deviation recurrence and help prioritize CAPAs?” or “What is the risk of using AI/ML to monitor real-time continuous manufacturing to determine the need to evaluate for a potential diversion?”

Process maps, data maps, and knowledge maps are critical here.

We can now identify the specific failure modes associated with AI/ML. This may involve deeep dive risk assessments. A failure mode is the specific way a failure occurs. So in this case, the specific way that bad data or bad decision making can happen. Multiple failure modes can, and usually do, lead to the same hazardous situation.

Make sure you drill down on failure causes. If more than 5 potential causes can be identified for a proposed failure mode, it is too broad and probably written at a high level in the process or item being risk assessed. It should be broken down into several specific failure modes with fewer potential causes and more manageable.

Start with an outline of how the process works and a description of the AI/ML (special technology) used in the process. Then, interrogate the following for potential failure modes:

  • The steps in the process or item under study in which AI/ML interventions occur;
  • The process/procedure documentation for example, master batch records, SOPs, protocols, etc.
    • Current and proposed process/procedure in sufficient detail to facilitate failure mode identification;
  • Critical Process Controls

AI Can Create Value, but Only If You Bring Employees Along

Great article in HBR by Behnam Tabrizi and Babak PahlavanCompanies That Replace People with AI Will Get Left Behind” that makes excellent points about how companies should be looking for AI to free up employees to create new value, and not to replace employees.

Automation has been a truism throughout my career. Organizations that leveraged that automation to create value were superior to the ones which used that automation as an excuse to cut jobs.

The Challenges Ahead for Quality

As we move oh so quickly to dealing with the impact of hyper-automation on our organizations it is important to have a vision and a strategy. Apply quality principles, and remember to drive out fear through the strategic execution.

AI and Quality Profession Work

AI and its capabilities are big in the news right now, and inevitably folks start asking “What will this mean for my profession.”

The pharmaceutical GxP world is inherently slow to adopt new technologies. How many of my CxOs are still using 1990s technology? All of them. However, AI/ML has been showing up in more and more places so it is good to examine the potential to the Quality profession

It may seem counter-intuitive but the first place AI-powered software is making a difference is in improving the speed, accuracy, and efficiency of document review. From the eTMF to lab results to all the forms still used on the manufacturing floor, AI is already reviewing at a rate much faster than humans (and more reliably). Expect to see these options grow and become more part of offerings, such as your eTMF.

Trending is another place where AI/ML software is more capable than humans. Basically, anything that involves analysis will eventually be done by AI software, and will be done by software. We’re already seeing more and more automation be built into COTS and we will continue to see this trend grow.

So what won’t AI take the place of in the Quality Profession. Our real value is to strategize, understand causation, be creative, empathize and use common sense.

There’s a long way to go before AI can even do the things above. Have you asked one to write a policy on use of AI in GxP? Said policy would result in no AI ever being used in the GxPs.

Here is an example of a GxP policy for the use of AI to write SAS scripts, provided by an AI:

GxP Policy for Use of AI to Write SAS Scripts

  1. Purpose: The purpose of this policy is to provide guidance on the use of AI to write SAS scripts in compliance with GxP regulations.
  2. Scope: This policy applies to all AI systems and applications used to write SAS scripts for the analysis of data subject to GxP regulations.
  3. Responsibilities: It is the responsibility of all employees to comply with this policy and to report any non-compliance to the appropriate management.
  4. Compliance with GxP Regulations: All AI systems and applications used to write SAS scripts must be designed, developed, validated, and maintained in compliance with applicable GxP regulations.
  5. Data Integrity: All data used by AI systems to write SAS scripts must be accurate, complete, consistent, and attributable. Data must be protected against unauthorized access or modification.
  6. Validation: All AI systems used to write SAS scripts must be validated to ensure that they produce accurate and reliable scripts.
  7. Change Control: Any changes to AI systems used to write SAS scripts must be documented and approved through a formal change control process.
  8. Training: All employees involved in the use of AI systems to write SAS scripts must receive appropriate training on their use and on this policy.
  9. Audits and Inspections: All AI systems used to write SAS scripts are subject to internal and external audits and inspections to ensure compliance with this policy and with applicable GxP regulations.
  10. Continuous Improvement: This policy will be reviewed regularly and updated as necessary to ensure its continued effectiveness.

Awesome. I’ll circulate this beauty for approval right away.

Robert Morris and Koko are Violators of International Standards

The Declaration of Helsinki is the bedrock of international principles in human research, and the foundation of governmental practices, including the ICH E6 Good Clinical Practice. The core principle is respect for the individual (Article 8), their right to self-determination and the right to make informed decisions (Articles 20, 21 and 22) regarding participation in research, both initially and during the course of the research. Principles that Dr Robert Morris violated when his firm, Koko, used artifical intelligence to engage in medical research on uninformed participants. The man, and his company, deserves the full force of international censure, including disbarment by the NHS and all other international bodies with even a shred of oversight on healh practices.

I’m infuriated by this. AI is already an ethically ambigious area full of concerns, and for this callous individual and his company to waltz in and break a fundamental principle of human research is unconsciouable.

Another reason why we need serious regulatory oversight of AI. We won’t see this from the US, so hopefully the EU gets their act together and pushes forward. GPDR may not be perfect but we are in a better place with something rather than nothing, and as the actions of callous companies like Koko show we are in desperate need for protection when it comes to the ‘promises’ of AI.

Also, shame on Stonybrook’s Institutional Review Board. While not a case of IRB shopping, they sure did their best to avoid grappling with the issues behind the study.

I am pretty sure this AI counts as software as a device, in which case a whole lot of regulations were broken.

“Move fast and Break Things” is a horrible mantra, especially when health and well being is involved. Robert Morris, like Elizabeth Holmes, are examples of why we need a strong oversight regime when it comes to scientific research and why technology on its own is never the solution.