Leveraging Inspection Manuals for GMP Inspection Readiness

The various agency inspection manuals are critical tools for inspection readiness. I want to lay out where to find some of these manuals and then go deep into pre-approval inspections, focusing on data integrity.

European Medicines Agency

The European Medicines Agency (EMA) has established detailed procedures and work instructions for coordinating and conducting Good Clinical Practice (GCP), Good Manufacturing Practice (GMP), and pharmacovigilance inspections. Here are the key points regarding EMA’s inspection procedures:

GCP Inspection Procedures

EMA identifies applications for GCP inspections based on risk assessment criteria and exchanges information on shared applications with the FDA.
Inspections can be joint (conducted concurrently by EMA and FDA inspectors) or sequential (conducted separately by each agency).
EMA notifies the applicant/marketing authorization holder (MAH) and inspects sites about upcoming inspections through the IRIS industry portal instead of formal letters.
Applicants/MAHs must provide a signed statement accepting the inspection and granting direct access to documents and medical records.
Requested documents should be provided directly to inspectors in electronic format after consulting the reporting inspector.
After the inspection, EMA receives the draft inspection report, finalizes it with the inspectee’s responses, and publishes it in IRIS.

GMP Inspection Procedures

EMA coordinates GMP inspections based on risk assessment for marketing authorization applications, variations, and routine re-inspections.
Work instructions cover areas such as inspection announcement, fee calculation, product sampling/testing, and report circulation.

Pharmacovigilance Inspection Procedures

EMA has specific procedures for coordinating pharmacovigilance inspections and managing non-compliance notifications from MAHs.
Work instructions detail the inspection program creation, data entry in databases, and interactions with third-country inspectorates.

The EMA aims to harmonize inspection processes with the FDA and other regulatory bodies to streamline collaboration and information sharing while ensuring clinical trial subject protection and product quality.

FDA

The FDA Investigations Operations Manual (IOM) is the primary inspection manual used by FDA personnel when performing inspections and investigations.

The key points about the IOM are:

It provides comprehensive instructions, procedures, and policies for FDA investigators and inspectors to follow when conducting inspections, surveys, and investigations.
It covers inspectional activities for foods, drugs, medical devices, biologics, cosmetics, and other FDA-regulated products.
The manual details procedures for inspections of manufacturing facilities, sampling, import operations, recalls, consumer complaints, and other compliance activities.
It aims to ensure inspections are conducted consistently across FDA field offices and provide clear guidance to the industry on the FDA’s inspection approach.
The IOM is updated periodically to incorporate new laws, regulations, policies, and technological changes impacting FDA’s operations.
While not legally binding, the IOM represents the FDA’s current thinking and policies on inspections and investigations.

The FDA Investigations Operations Manual serves as the comprehensive inspection reference and procedure manual for FDA field staff carrying out the agency’s oversight and enforcement activities across all regulated product areas.

Pre-Approval Inspections

For new facilities, CPGM 7346.832, the FDA’s Compliance Program Guidance Manual for Pre-Approval Inspections (PAIs) of drug manufacturing facilities, is critical to spend time with. It outlines the objectives and procedures for FDA inspectors to evaluate a facility’s readiness for commercial manufacturing before approving a new drug application.

The key objectives of CPGM 7346.832 are:

Assess if the facility has a quality system capable of controlling commercial manufacturing operations.
Verify that the manufacturing processes, formulation, and analytical methods conform to the application details.
Audit raw data integrity to authenticate the data submitted in the application.
Evaluate the facility’s commitment to quality in pharmaceutical development (new objective added in 2022 revision).

The guidance instructs inspectors on evaluating the firm’s quality systems, process validation, data integrity, laboratory controls, change management, investigations, batch release procedures, and compliance with current Good Manufacturing Practices (cGMPs). It aims to ensure the facility can reliably produce the drug product described in the application.

Data Integrity

CPGM 7346.832 has specific requirements for data integrity audits during drug manufacturing facility pre-approval inspections (PAIs). Utilizing this document is an excellent way to evaluate your data integrity program.

The key points are:

Objective 3 of the guidance is “Data Integrity Audit”—auditing and verifying raw data associated with the product to authenticate the data submitted in the application.
Inspectors must audit the accuracy and completeness of data reported by the facility for the product. This involves verifying the factual integrity (data matches what was submitted) and contextual integrity (supporting data is complete).
Inspectors should examine raw data, such as chromatograms, analyst notebooks, electronic data, etc., and compare it to the summary data in the application’s Chemistry, Manufacturing, and Controls (CMC) section.
The data integrity audit should focus on finished product stability, dissolution, content uniformity, API impurities, etc.
Inspectors must identify any unreported relevant data, data falsification, improper invalidation of results, or unexplained data discrepancies.
Indications of data integrity issues include altered raw data, references to failing studies, discrepancies between samples, and missing records.

The data integrity audit aims to ensure the CMC data submitted to FDA is complete, reliable, and can be fully authenticated from the raw data at the manufacturing site. Robust data integrity is critical for the FDA to decide on the application’s approval.

FDA Revised MAPP Impact to Foreign Inspections

The FDA has updated its MAPP for staff, revising the “Understanding CDER’s Risk-Based Site Selection Model” (5014.1 Rev. 1). The update details how the FDA will prioritize inspections under the SSM and adds a risk factor for establishments in countries with a history of violations. This is a new risk factor for a region or entire country, whereas previously, mainly individual criteria such as site quality history, site type, and time since last inspection were used.

This is a fascinating addition, and I’d love to see the actual data on this risk factor. Anyone know if this can be FOIA’d? It would be interesting to see the difference between India and Mexico or even if they’ve subdivided the US.

MHRA GCP Inspection Metrics

The MHRA published in March 2023 their ‘GCP Inspections Metrics Report’, covering the period from 1 April 2019 to 31 March 2020.

I am pretty sure no regulatory agency would accept my 2019-2020 Annual Product Quality Review (APR/PQR) being published 3 years late. Regulatory agencies need to hold themselves accountable and are fairly poor at doing so. The EMA is not alone at this, the recent EMA report was two year old data.

The MHRA GCP inspectors reported the following observations in the two-year period:

Commercial sponsors: 4 critical, 17 major, 34 other. All critical observations were related to pharmacovigilance (PV).
CROs: 4 critical, 25 major, 41 other. Critical observations were related to data integrity, IMP management, and protocol compliance.
Non-commercial sponsors: 4 critical, 12 major, 26 other. Critical observations were related to clinical sample analysis, data integrity, sponsor oversight, and PV.
Phase I Units: 1 critical, 8, major, 28 other. The critical observation was related to dose escalation.
Investigator Sites: 0 critical, 17 major, 64 other.

As always, a very good document to perform a gap assessment against.

EMA Publishes 2021 GCP Compliance Report

The EMA has published the Annual Report of the Good Clinical Practice (GCP) Inspectors Working Group (IWG) 2021.

Beyond wishing for an 11 month cycle of writing and approval on my annual reports, there is some valuable information there.

In 2021, three CHMP GCP inspections were conducted entirely remotely, and three inspections were conducted in a hybrid setting. A total of 286 deficiencies, comprising 24 critical, 152 major and 110 minor findings were recorded for the 27 CHMP requested inspections conducted in 2021. This represents an average of 10-11 findings per site inspected. The three top categories were: “General”, “Trial Management” and “Computer System”. An increase in findings related to computer systems (e. g. Audit Trail and Authorized Access, Computer Validation, Physical Security System and Backup) is noted compared to the last reports.

More information is available at EMA´s Good Clinical Practice Inspectors Working Group website.

Under organisation and personel we see “Delegation of tasks to inappropriate team members.” This reinforces the needs for strong cv and job descriptions, and linking to both hiring and personnel qualification.

The computer systems observations are the greatest hits of data integrity, and should be a wakeup call to any company that treats GCP and GMP computer systems differently.

Let the 2022 annual GCP training development begin. And make sure you get that training done on time!

Remote Inspections and Computer Systems

The US FDA recently changed the Investigations Operations Manual to allow Investigators direct access to a company’s databases during a BIMO inspection (See Section 5.10.2.1)

As the conduct of clinical and non-clinical trials increasingly moves toward 100% electronic data capture, to include electronic case report forms, medical records, patient-reported outcomes, informed consent systems and other electronic study records, it has become necessary for bioresearch monitoring investigators to have access to these electronic systems and databases in order to successfully perform inspections. Overseeing the firm’s personnel while they access their system is not always practical in BIMO inspections, as this can result in the firm having to dedicate an individual to this task.
FDA Investiations Operations Manual section 5.10.2.1

Obviously, if you haven’t, you should be updating your GCP Inspections SOP, especially since they have a few interesting requirements, such as “While you may complete a form needed by the firm in order to obtain read-only access, such as an account request form, you will not sign such form as per section 5.1.2.3. You may acknowledge via email that you have completed any required training necessary for access.”

I think for many in the GCP world this change is sort of a sleeper change. We have been used to giving access to EMA inspectors for years, who often know more about your TMF than you do by the time they walk in the door.

The real interesting thing is how this spells a shift in attitude at the agency that has been a long-time coming. And how it fits into recent trends in the increase in remote inspections.

Remote inspections are here to stay. Set aside the FDA’s current view that a remote event is not an inspection. And one of the big things that stand out about remote inspections is they do not work well to find data integrity issues, as we’ve seen from the decrease in observations that is not proportionate to the overall size of inspections. I think what we are seeing here is a recognition of that, and the first shift in mindset at the agency.

I’d expect to see the FDA change their approach on the GMP side as they continue to absorb the lessons learned from remote inspections. It is a trend that I would be paying attention to as you continue your digital journey. It is always important to think “how will an inspector view this data”. Usually, we think in terms of printouts. You should also be thinking about read-only access in the near future.