Tag: fda

Risk Assessments Do Not Replace Technical Knowledge

The US Food and Drug Administration (FDA) last month warned Indian generic drugmaker Lupin Limited over three good manufacturing practice (GMP) violations at its facility in Maharashtra, India that identified issues with the company’s written procedures for equipment cleaning, its written procedures for monitoring and controlling the performance of processing steps and the “failure to investigate all critical deviations.”

The FDA said the company “performed multiple risk assessments with the purpose to verify whether existing cleaning procedures and practices eliminate or reduce genotoxic impurities … generated through the manufacture of [redacted] drugs after you detected [redacted] impurities in your [active pharmaceutical ingredient] API.” The company also performed risk assessments to determine whether its cleaning procedures reduced the risk of cross-contamination of intermediates and API. However, FDA said the risk assessments “lacked data to support that existing equipment cleaning procedures are effective in removing [redacted] along with residual API from each respective piece of equipment to acceptable levels. “The identification of genotoxic impurities in quantities near their established limits suggests excursions are possible. All intermediates and API manufactured on non-dedicated equipment used to manufacture [redacted] drugs should be subject to validated sampling and analytical testing to ensure they are not contaminated with unacceptable levels of genotoxic impurities,” FDA said.

At heart this warning letter shows a major weakness in many company’s risk management approach, they use the risk assessment to replace technical inquiry, instead of as a tool to determine the appropriateness of technical understanding and as a way to manage the uncertainty around technical knowledge.

A significant point in the current Q9 draft is to deal with this issue, which we see happen again and again. Risk management cannot tell you whether your cleaning procedures are effective or not. Only a validated testing scheme can. Risk management looks at the aggregate and evaluates possibilities.

Computer Software Assurance Draft

The FDA published on 13-Sep-2022 the long-awaited draft of the guidance “Computer Software Assurance for Production and Quality System Software,” and you may, based on all the emails and posting be wondering just how radical a change this is.

It’s not. This guidance is just one big “calm down people” letter from the agency. They publish these sorts of guidance every now and then because we as an industry can sometimes learn the wrong lessons.

This guidance states:

  1. Determine intended use
  2. Perform a risk assessment
  3. Perform activities to the required level

I wrote about this approach in “Risk Based Data Integrity Assessment,” and it has existed in GAMP5 and other approaches for years.

So read the guidance, but don’t panic. You are either following it already or you just need to spend some time getting better at risk assessments and creating some matrix approaches.

Data Integrity Warning Letter

In July 2022, the U.S. FDA issued a Warning Letter to the U.S. American company “Jost Chemical Co.” after having inspected its site in January 2022. The warning letter listedfour significant areas:

  • Failure of your quality unit to ensure that quality-related complaints are investigated and resolved, and failure to extend investigations to other batches that may have been associated with a specific failure or deviation.”
  • “Failure to establish adequate written procedures for cleaning equipment and its release for use in manufacture of API.”
  • “Failure to ensure that all test procedures are scientifically sound and appropriate to ensure that your API conform to established standards of quality and purity, and failure to ensure laboratory data is complete and attributable.”
  • “Failure to exercise sufficient controls over computerized systems to prevent unauthorized access or changes to data, and failure to establish and follow written procedures for the operation and maintenance of your computerized systems.”

I offer them the above clip as a good mini-training. I recently watched the show, and my wife thought I was going to have several heart attacks.

In a serious nature, please do not short your efforts in data integrity.

Whistleblower protection

The FDA recently completed its “Internal Review of Agency Actions Related to the U.S. Infant Formula Supply.”

In general, this report has few real planned actions and does not fill me with the hope of internal changes driving improvement.

One of the recommendations really stood out to me. Finding 2 states “Inadequate processes and lack of clarity related to whistleblower complaints may have delayed the FDA’s response to those complaints. A complaint sent via mail and other delivery systems by a confidential informant to agency leaders at FDA’s White Oak campus was not delivered to the addressees.”

Recommendation: The FDA should identify clear definitions for the terms “whistleblower,” “confidential informant,” and “informant,” and develop policies and provide training to staff regarding how to identify, escalate, and appropriately manage confidentiality of such complaints. The agency should also consider connecting complaints from such individuals to information received from product safety complaints, and product manufacturing concerns systems to support more complete access to all safety information. The FDA is evaluating how best to integrate this data to gain a holistic view of all FDA-regulated products and/or manufacturing facilities. The FDA should also review and update its mail and package delivery procedures to ensure that all mail and packages are delivered and received by addressees in a timely manner.

FDA Evaluation of Infant Formula Response

There is a real lack of whistleblower protection in this industry. Often when you hear about a crisis, from baby formula to Theranos to the opioid epidemic you have you have to ask “where were the good people at that company.” It can be rather disheartening. It has long been worrisome that the FDA does not have strong whistleblower protection in place, and to see how definitely that contributed to this debacle is just plain scary.

Enforcement Actions Take Too Long

There is a strong case to be made that enforcement actions take way too long with the FDA, and as a result our drug and food supply are less safe than they should be.

Take the consent decree from last week with Morton Grove Pharmaceuticals Inc. The Warning Letter was from March 2017 from an Inspection that ended in February 2016. So from inspection to consent decree, it took over five-and-a-half years. No matter where you sit on the regulatory action landscape, I hope you see a problem with that timing.