Tag: warning letter

Sunscreen is a drug

Folks often forget that in the United States the active ingredient in sun screen is a drug and needs to meet appropriate quality system requirements. This Warning Letter to Kari Gran, Inc is a case in point.

The whole warning letter is a result of a company not realizing (or thinking they can get away with not having) the need for GMP compliance.

I’m not sure I would draw broader trends around data integrity or anything else from it.

Photo by Kindel Media on Pexels.com

Risk Assessments Do Not Replace Technical Knowledge

The US Food and Drug Administration (FDA) last month warned Indian generic drugmaker Lupin Limited over three good manufacturing practice (GMP) violations at its facility in Maharashtra, India that identified issues with the company’s written procedures for equipment cleaning, its written procedures for monitoring and controlling the performance of processing steps and the “failure to investigate all critical deviations.”

The FDA said the company “performed multiple risk assessments with the purpose to verify whether existing cleaning procedures and practices eliminate or reduce genotoxic impurities … generated through the manufacture of [redacted] drugs after you detected [redacted] impurities in your [active pharmaceutical ingredient] API.” The company also performed risk assessments to determine whether its cleaning procedures reduced the risk of cross-contamination of intermediates and API. However, FDA said the risk assessments “lacked data to support that existing equipment cleaning procedures are effective in removing [redacted] along with residual API from each respective piece of equipment to acceptable levels. “The identification of genotoxic impurities in quantities near their established limits suggests excursions are possible. All intermediates and API manufactured on non-dedicated equipment used to manufacture [redacted] drugs should be subject to validated sampling and analytical testing to ensure they are not contaminated with unacceptable levels of genotoxic impurities,” FDA said.

At heart this warning letter shows a major weakness in many company’s risk management approach, they use the risk assessment to replace technical inquiry, instead of as a tool to determine the appropriateness of technical understanding and as a way to manage the uncertainty around technical knowledge.

A significant point in the current Q9 draft is to deal with this issue, which we see happen again and again. Risk management cannot tell you whether your cleaning procedures are effective or not. Only a validated testing scheme can. Risk management looks at the aggregate and evaluates possibilities.

Data Integrity Warning Letter

In July 2022, the U.S. FDA issued a Warning Letter to the U.S. American company “Jost Chemical Co.” after having inspected its site in January 2022. The warning letter listedfour significant areas:

  • Failure of your quality unit to ensure that quality-related complaints are investigated and resolved, and failure to extend investigations to other batches that may have been associated with a specific failure or deviation.”
  • “Failure to establish adequate written procedures for cleaning equipment and its release for use in manufacture of API.”
  • “Failure to ensure that all test procedures are scientifically sound and appropriate to ensure that your API conform to established standards of quality and purity, and failure to ensure laboratory data is complete and attributable.”
  • “Failure to exercise sufficient controls over computerized systems to prevent unauthorized access or changes to data, and failure to establish and follow written procedures for the operation and maintenance of your computerized systems.”

I offer them the above clip as a good mini-training. I recently watched the show, and my wife thought I was going to have several heart attacks.

In a serious nature, please do not short your efforts in data integrity.

Enforcement Actions Take Too Long

There is a strong case to be made that enforcement actions take way too long with the FDA, and as a result our drug and food supply are less safe than they should be.

Take the consent decree from last week with Morton Grove Pharmaceuticals Inc. The Warning Letter was from March 2017 from an Inspection that ended in February 2016. So from inspection to consent decree, it took over five-and-a-half years. No matter where you sit on the regulatory action landscape, I hope you see a problem with that timing.

Being Small and Speciality Does not Exempt from the GMPs

Specialty Process Labs LLC is a specialty API manufacturer of natural desiccated thyroid. Which is, yes, what you might think it is. And as far I can tell, mostly ships direct to compounding pharmacies and patients. This month they got a warning letter.

The warning letter highlights:

  1. Failure to validate the process
  2. Failure to test to specification
  3. Failure to exercise sufficient controls over computerized systems

All three of these observations make me rather glad my loved-ones take levothyroxine and I am deeply aware of all the difficulties in that drug supply.

Focusing more on the computer system, it is an unsurprising list of bad access controls, change controls not controlled, and failure to validate excel spreadsheets.

The last observation really stood out to me:

Manufacturing master batch records held in electronic form on your company’s shared drive do not have restrictions on user access. Your quality unit personnel stated that there are no restrictions for any personnel with login credentials to access new and obsolete master records. Our investigator observed during the inspection multiple versions of batch records were utilized for API lot production.”

This is truly a failure in document access and record management. And it is one I see a lot of places. The core requirement here is really well stated in the PIC/S Data Integrity Guidance requirement 8.4 “Expectations for the generation, distribution and control of records.” Please read the whole section, but pay close attention to the following:

  • Documents should be stored in a manner which ensures appropriate version control.
  • Master documents should contain distinctive marking so to distinguish the master from a copy, e.g. use of coloured papers or inks so as to prevent inadvertent use.
  • Master documents (in electronic form) should be prevented from unauthorised or inadvertent changes.
  • Document issuance should be controlled by written procedures that include the following controls:
    • details of who issued the copies and when they were issued; clear means of differentiating approved copies of documents, e.g. by use of a secure stamp, or paper colour code not available in the working areas or another appropriate system;
    • ensuring that only the current approved version is available for use;
    • allocating a unique identifier to each blank document issued and recording the issue of each document in a register; – numbering every distributed copy (e.g.: copy 2 of 2) and sequential numbering of issued pages in bound books;
    • where the re-issue of additional copies of the blank template is necessary, a controlled process regarding re-issue should be followed with all distributed copies maintained and a justification and approval for the need of an extra copy recorded, e.g.: “the original template record was damaged”;
    • critical GMP/GDP blank forms (e.g.: worksheets, laboratory notebooks, batch records, control records) should be reconciled following use to ensure the accuracy and completeness of records; and
    • where copies of documents other than records, (e.g. procedures), are printed for reference only, reconciliation may not be required, providing the documents are time-stamped on generation, and their short-term validity marked on the document

There are incredibly clear guidelines for these activities that the agencies have provided. Just need to use them.