Remote Inspections and Computer Systems

The US FDA recently changed the Investigations Operations Manual to allow Investigators direct access to a company’s databases during a BIMO inspection (See Section 5.10.2.1)

As the conduct of clinical and non-clinical trials increasingly moves toward 100% electronic data capture, to include electronic case report forms, medical records, patient-reported outcomes, informed consent systems and other electronic study records, it has become necessary for bioresearch monitoring investigators to have access to these electronic systems and databases in order to successfully perform inspections. Overseeing the firm’s personnel while they access their system is not always practical in BIMO inspections, as this can result in the firm having to dedicate an individual to this task.

FDA Investiations Operations Manual section 5.10.2.1

Obviously, if you haven’t, you should be updating your GCP Inspections SOP, especially since they have a few interesting requirements, such as “While you may complete a form needed by the firm in order to obtain read-only access, such as an account request form, you will not sign such form as per section 5.1.2.3. You may acknowledge via email that you have completed any required training necessary for access.”

I think for many in the GCP world this change is sort of a sleeper change. We have been used to giving access to EMA inspectors for years, who often know more about your TMF than you do by the time they walk in the door.

The real interesting thing is how this spells a shift in attitude at the agency that has been a long-time coming. And how it fits into recent trends in the increase in remote inspections.

Remote inspections are here to stay. Set aside the FDA’s current view that a remote event is not an inspection. And one of the big things that stand out about remote inspections is they do not work well to find data integrity issues, as we’ve seen from the decrease in observations that is not proportionate to the overall size of inspections. I think what we are seeing here is a recognition of that, and the first shift in mindset at the agency.

I’d expect to see the FDA change their approach on the GMP side as they continue to absorb the lessons learned from remote inspections. It is a trend that I would be paying attention to as you continue your digital journey. It is always important to think “how will an inspector view this data”. Usually, we think in terms of printouts. You should also be thinking about read-only access in the near future.

Thoughts on ISPE 2022 Aseptic Conference

Just finished up the 2022 ISPE Aseptic Conference, and here are a few thoughts.

EU GMP Annex 1 expected in later half of the year

Paul Gustafson, chair of the Pharmaceutical Inspection Co-operation Scheme (PIC/S) and a senior corporate regulatory compliance and enforcement advisor with Health Canada, stated that the plan was to issue the widely anticipated Annex 1 in mid-year 2022. He repeatedly said July to September so that is interesting news and start getting your contamination control strategies going. There will be a one-year period before in force, with 2 years on some of the lyophilizer requirements.

For those keeping track, it retains the provision calling for testing filters used in the sterilization process, pre-use, post-sterilization integrity testing (PUPSIT). The PUPSIT provision “has driven a substantial amount of discussion and has resulted in a number of papers being drafted,” said Gustafson. This was a very gracious understatement, and I have to admit I really admired his Canadian humor.

FDA continues to evaluate COVID inspection measures

Alonza Cruse, Director of the Office of Pharmaceutical Quality Operations at FDA/ORA did a thorough job going through the COVID measures of Remote Regulatory Assessments and Remote Interactive Evaluations and discussed how the agency was in the process of learning how best to do things going forward.

He also clearly state how they were continuing to get back to normal inspections and discussed new personnel in foreign offices, such as India.

Highlights from Panels

One of my favorite panels was Jo Ann Jacobs and Kara Vogt speaking on “Building Resiliency into Single-Use-Technology Systems” They laid out some good work they are doing as part of a startup to design good functional equivalency and supplier management, obviously learning from PPAP and similar measures. Quite well done. While it leans heavily into my own practice around functional equivalency it was good to see such a rock-solid implementation, and I felt like I learned a few good ideas.

I spoke on Contamination Control, Risk Management and the Quality Management System, having a blast doing so. I was followed by Christa Myers who spoke on “Contamination Control Strategy: From Annex 1 Draft Requirements to Implementation in Practice.” We made a good duo and between the two I hope participants got a real solid idea on how to do this contamination control strategy effectively.

I learned a lot about robotics and isolators.

Still a big fan of ISPE’s Women in Pharma.

Latest Emergent News

Today Janet Woodcock issued a statement “FDA Continues Important Steps to Ensure Quality, Safety and Effectiveness of Authorized COVID-19 Vaccines” which links to the April 2021 Form 483 of the Baltimore facility.

  • Failures to investigate deviations
  • Failures for material management
  • Failures for gowning
  • Failures of the cleaning program
  • Failures in facility design
  • All around failure for contamination control
  • Failure to have a comprehensive training program

I have requested hearings from my congressional representatives. The path where Emergent received so much money from the federal government to lead to this place is frightening.

Emergent FDA 483 from April 2020

Earlier in the week after reading the New York Times reports “U.S. Bet Big on Covid Vaccine Manufacturer Even as Problems Mounted” I commented that “This is a pretty damning report. Especially to the FDA for a failure of their inspection program if even half of it is true.”

Today John English pointed out the April 2020 FDA 483 for the Baltimore site of Emergent. And it is a doozy in six pages. Thank you FOIA.

Observation 1: Appropriate controls are not exercised over computers or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel

This one is a real bellwether to me. The failure of the quality unit to ensure a robust computer system validation program was in place, to ensure data integrity. The fact that the three parts to the observation run the gamut from infrastructure to implementation to on-going use stands out that there are significant weaknesses in data integrity as an approach.

Observation 2: Established specifications, test procedures and laboratory control mechanisms are not followed and documented at the time of performance.

Well, forget about contemporaneous. Significant data integrity and culture failure here.

Part (b) indicates a failure to manage and track lab errors.

Also some concerns on chain of custody of samples are raised.

Observation 3: The responsibilities and procedures applicable to the quality control unit are not in writing and fully followed.

This observation raises some significant questions in how they manage OOS investigations.

Observation 4: Employees are not given training in the particular operations they perform as part of their function and current good manufacturing practices

Build training plans, execute training plans, document training.

Observation 5: Separate or defined areas to prevent contamination or mix-ups are deficient regarding operations related to the holding of rejected components before disposition

It is like the FDA saw exactly what was going to happen and did nothing to stop it.

Thoughts

This 483 chilled me to the bones reading it. Major failures in quality here. The fact that this was in April of 2020 raises significant concerns in my mind about how Emergent got any contracts for vaccine delivery.

I have written to my congressional representatives demanding hearings. We need to know who made what decisions when. The trust in our regulatory regime requires full transparency and introspection.