CSV FDA Regulatory Expectations - cbinet.com FDA Regulatory Expectations: Warning Letters, ... 6 3...
Transcript of CSV FDA Regulatory Expectations - cbinet.com FDA Regulatory Expectations: Warning Letters, ... 6 3...
CSV FDA Regulatory Expectations:
Warning Letters, Non-Compliance and Trends
Paul Smith
Global Strategic Compliance Specialist
April 2017
April 26, 2017
Confidentiality Label
1
Disclaimer…..
This presentation is intended to facilitate understanding and discussion of
the subject matter included. Statements of facts or opinions expressed
are those of the presenter and, unless expressly stated do not represent
Agilent Technologies. The views and opinions expressed within this
presentation are those of the presenter and should not be acted upon without
independent verification.
Agilent Technologies does not endorse or approve, and assumes no
responsibility for, the content, accuracy or completeness of the information
presented.
What is This ?
Are Your Technical
Controls Good Enough ?
A Chromatogram without
Meta Data, is like this
photograph……
Only part of the of the picture !
Context of any Question…..
Part of a Loft Ladder
Securing Mechanism.
There are 2 catches……….
One of them, stops
the “top part” of the
ladder from sliding
down…… !!
Contents
• Regulatory Action - Monitoring…………………..……………..……..
• GXP Regulations…..…………………………………………………………..…..
• Evidence for Trends in DI….……………………..……………….
• Questions………………………………………………………..….……….……….………..
• Appendix - Additional Slides………………………..……….
Internal
Hyperlink in
Presentation
External (web)
Hyperlink in
Presentation
Navigation Tools
Link to Contents Page
Example - FDA Warning Letters
Search
Pro-active
Notification…
Browse…..
A
B
Scroll Down…
• Subject
• Date….
For CFR Search
Use FDA CFR
Terms – from FDA
483 Annual Summary
Sheets !
Web Page – Key Words
ucm401451
Use this approach to Look for
Key Words – Relevant to Your Search !
Open Any Web Page (Including FDA Warning Letter)
Use “Ctrt F” – to Find Key Words:
Detailed (Data Integrity) Remediation……
A
B
ucm521098
C
FDA Warning Letter
Recommendations…….
Investigate Extent
Risk Assessment
Management Strategy
See Appendix for
Breakdown of A, B & C
Analysts Skills for Some FDA Laboratory Audits….
ucm522801
“The quality control manager directed employees to stand shoulder-to-shoulder,
barring our investigator from accessing portions of the laboratory and the
equipment used to analyze drugs for U.S. distribution.”
ucm360484
FDA Guidance for Industry[ Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug Inspection]
Applicable GXP Regulations….
Users
Generally
Old
Users Knowledge
General Guidance
Interpretation – Old
Regulations
Where Product / Service
is “Made” / Developed
Where Product / Service
is Sold
Applicable RegulationsExport ?
Regulations
• Guidance
• Regulations
(GXP Laws – e.g. CFR)
• Pharmacopeia
• 21 CFR 211 (Drug Product)
• EU GMP Part 1
• EU GMP Part 2 / ICH Q7
• EU GMP Annex 11
• GAMP 5
• GAMP 5 Good Practice Guides
• General Principles of Software
Validation
• FDA Guidance for Industry
• PIC/S
• Data Integrity Guidance
Manage
Auditor
Expectations !
[Variation]
“Paper is Best” !
“Paper is High Risk” !
Resource…
Chapter 4
Applicable GXP
Regulations and
Guidance for CSV
GAMP 5
GAMPGood Practice Guide
GAMP Category 5
USP <1058>
Risk Based Thinking
Risk by Categorisation (Life Cycle)
• Patient Safety
• Product Quality
• Data Integrity
GAMP Category 3/4
Commercial Instruments
[A, B, C]
Data Maturity Model….. (to consider…)
See Guide for Further Details of Data Integrity Maturity Levels
Example – 21 CFR 211.22(d) – Warning Letters
2005 - 2010
Linear trend upwards
For Warning Letters
That include:
21CFR211.22(d)
2010 - 2016
Declining Trend
For Warning Letters
That include:
21CFR211.22(d)
Procedures Not in Writing
Access to Regulatory Non-Conformance DataPublic Domain – Web Search
FDA Warning Letters
Eudra Non-Conformances
FOA Request / SubscriptionAdditional FDA Data:
• FDA 483 Files
• EIR
Inspection Tracker
0
100
200
300
400
500
600
0 20 40 60 80 100 120
Days
Fro
m A
ud
it E
nd
to
Is
su
e o
f F
DA
Wa
rnin
g L
ett
er
All HPLC Related FDA Warning Letters
HPLC Related FDA Warning Letters (97) - Days to Issue Warning Letter
Performance: Days from “Event” to Completion - Good Enough ?
1.5 Years !
ucm465626
18
2005
38
556
518
“Data” stated 28 times…..
5th March 2017
Days After Audit for FDA to Issue Warning Letter (HPLC)
HPLC Related Warning Letters (all 107)
Days t
o Issu
e
Greater Regulatory Collaboration….. Data Integrity
Regulators Collaborate….
They Share What they Find – Quickly!
Examples of
Regulatory
Focus Areas
• Data Integrity
• Contamination
• Injectable / Sterile
EudraGMDP – Non-Compliance Example – China 107 (Jan. 2012 to Present)
Export toDate Range Search (Only)…..
(Hyperlink !)
Part 3 - Concise InformationData – On-Line
http://eudragmdp.ema.europa.eu/inspections/gmpc/searchGMPNonCompliance.do
• Additional Date Fields
• No Hyperlinks
• All (Web - 10 links per page)
Eudra GMDP – Total Eudra Non-Conformances by Country
0
5
10
15
20
25
30
1 1 1
3 32
25
3
12
11
2 21 1
5
1
13
3
26
Eudra GMDP - Number of Non-Conformances Issued by Country
10th March 2017
Eudra GMDP - % of Non-Conformances - Validation / Qualification
10th Mar. 2017
49 % - Average
Within the broad classification used, only 2 out of 107 non-conformances
reference Software, and data integrity related (HPLC and IR).
Eudra GMDP Data Base (Top 15 - 1st January 2012 to 3rd December 2016)
Increasing
Constant
Decreasing
Variable
MHRA (UK) Non-Conformance Data (2015 – 2016)
78 Pages 100 Pages
Annex 11• Data Integrity
• User Permissions / Access
Annex 11• Data Integrity
• Data Backup
• User Permissions / Access
2015 Summary
2016 Summary
Software Updates - Data Integrity Analysis and Action….
Sequential
Model
• Analyse / Fix
“In-House” 1st
• In Isolation
• Delays “Solution”
Collaborative
Model
• Include Supplier
in Analysis….
• Include Supplier
in Solution
Data Integrity
“In-House”
Supplier / Service
Provider
• Software
• Products
• Services
• Workflow Mapping
• Data Integrity Risk
• Data Analysis
• Corrective Action
• Workflow Mapping
• With Supplier
• Solution with Customer
• Customer Requirements
Role of Risk in Review of Supplier Quality….
Procedure
or
Risk
Perception
Low (Commodity)
High (Unique)
• ISO Certification
• Questionnaire
• Physical Audit
The quality of your
Supplier Evaluation Process
Impacts:
The Quality of Future
Decisions – when leveraging
Supplier “Activity”
[Without Additional Justification (cost)]
Supplier Quality – A Time to Re-Think Evaluation ?
Supplier
Quality[Impact of Approval]
ISO Certification Quality Agreement
Quality Audits
KPI / Metrics
• Manufacturing Biased !
• For Service Providers(vs Legal T&C Approach)
• 9001:2015 Revision(Incorporating Risk Based Thinking)
3 Year Transition,
Risk = Effect of Uncertainty)
• Scope of Accreditation
• Leverage ISO Escalation
• Contract Performance…..
• Role of Supplier Metrics ?
• Does Supplier train
their staff in DI ?
• Supplier DI Audits
• Supply Chain for Parts
Questionnaire
• Up to 60 % can be N/A !
• Risk of Tick Box
Thinking (QBTB !)(Quality by Tick Box)
MHRA – Most Cited Deficiency Groups (Top 10)
April 26, 2017
Confidentiality Label
33
Ranking GMP GroupCritical Major Others
2015 2016 2015 2016 2015 20162015 2016
1 1 Quality Systems 27 38 293 449 555 772
N/A 2 Sterility AssuranceN/A 34 N/A 190 N/A 162
6 3 Production 0 20 161 191 357 543
2 4 Complaints & Recall 10 11 25 80 94 110
N/A 5 Qualification /
Validation
N/A 10 N/A 123 N/A 232
7 6 Premises & Equipment 0 9 107 113 311 464
5 7 Computerised
Systems
1 9 21 44 19 120
9 8 Personnel 0 8 41 42 95 150
3 9 Documentation 9 2 138 166 372 646
4 10 Quality Control 4 2 26 42 136 192
Example FDA Warning Letters………..
From FDA 2017 Listhttps://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm550326.htm
• OOS
• OOS Management
• Computer Control
• Disregard - OOS Impurity Data
• Investigation – Unknown Impurity Peak
• Audit Trail Deletion ….. HPLC / GC / UV-Visible
ucm546319https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm546319.htm Feb. 24 2017
• Water Purification
• Documentation
• Analytical Method Suitability
• Critical Deviations
• River / Farm Water - Microbial Count
• Found in Bin Bags - CAPA / Document Review
• Contract Analysis – Method Validation Responsibility
• HPLC - Deviations / Re-Processing / CAPA
ucm545454 https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm545454.htm Mar. 2 2017
Example FDA Warning Letters………..
From FDA 2017 Listhttps://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm550326.htm
• Sterile Manufacture
• CAPA
• Data Integrity
• OOS
• Lab Controls 211.160 (b)
• Validation of Sterile …. 211.113 (b) Smoke Studies / CAPA
• Computer Control ….. 211.68 (b) Deletion of Tests
• Complete Data 211.194 (a) OOS
ucm546483 https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm546483.htm Mar. 10 2017
• OOS
• Computer Control
• Invalidated – 101 out of 139 OOS Results – 211.192
• Audit Trail Deletion….. Excuses (Power / Instrument….)
System Error Messages (and warning letter wording)
ucm550326 https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm550326.htm Apr. 3 2017
Change in Focus: FDA HPLC Warning Letters
India Largest: 41 % of HPLC Warning Letters
2011 to 2015
0
5
10
15
20
25
30
35
40
45
11
2 20
41
4
0
11
0
42 2
20
% of FDA HPLC Warning Letters (Country)
0
10
20
30
40
50
60
70
80
11
0 04 4
04
04
0 0 0
75
% of FDA HPLC Warning Letters (Country)
USA Largest: 75 % of HPLC Warning Letters
2005 to 2010 Country
Change in Regulatory Focus: FDA HPLC
Fewer “Technical” Reasons
Data Integrity Largest
2011 to 20152005 to 2010 Cause
Range of Reasons
Calibration / Qualification Largest
0
5
10
15
20
25
11
21
4
7 7
21
25
4
0 0 0
% "Cause" of FDA HPLC Warning Letters (2005-2010)
0
10
20
30
40
50
60
70
0
60
0 26 8
4 2 2
15
0
% "Cause" of FDA HPLC Warning Letters (2011-2015)
Care When Interpreting Warning Letters…..
ucm528590
When reading a Non-Conformance report such as an
FDA Warning Letter:
• The “real problem” is unknown – only the use of the software is non-compliant
• Data Integrity “Dominates” non-compliance data (very little about software validation)
• Lack of Technical Controls (e.g. 21 CFR Part 11) ?
• Technical Controls not Implemented ?
• Lab. Sharing a Licence ?..etc. (e.g. “Root Cause” not known)
Regulators - Qualification Focus – 483 Via Subscription Service
FDA 483 Report – Pharmaceutical Company in Germany - 2016
Observation 1 – Most Important !
Approval of OQ – Regulatory Focus
Data Integrity – of Qualification
Time to Review / Update Instrument Life Cycle Process
“New” USP General Chapter
<1058> (Analytical Instrument Qualification)
Is Effective From August 2017….
USP <1058>
Impact of Data Integrity (DI) on USP Data Quality Triangle
Data Quality Triangle[From USP <1058>]
Instrument
Method
Run
Control
Samples
Usage
Usage
Method
Instrument
Instruments & Systems
Analytical
Procedure
Analysis
Foundation:
• Culture
• DI Policy
• DI Training
• DI Governance
• LeadershipAdapted From Bob McDowall
ECA Data Integrity Presentation.
Review Your Software / Instrument Life Cycle Process………. • Work with your Vendors /
Suppliers…..
• Review Your Life
Cycle Process • New GAMP Guide
• USP <1058>
• Data Integrity Will Dominate
Regulatory Inspections
• Quality Agreements(historically KPI / Metrics “driven”)
Data Integrity…. (Still Dominates)
• Collaborate….
Appendix Contents
• WebEx – Demystifying Software Validation……………………………
• Example – Warning Letter Trend……………………………………………...
• Evidence – Risk Based Audit Focus………………………………..……..
• Infrared – Data Integrity Example……………………………………………..
• Paper Vs Electronic………………………………………………………….
• FDA – Data Integrity Remediation ……………………………………………….
• Ron Tetzlaff – Data Integrity Video Link …………………………….
• Data Integrity – Table of Guidance ……………………………………
• Real World – Data Integrity Categories……………………………….
Demystifying Software Validation – Educational WebEx
http://www.agilent.com/en-us/video/demistifying-software-validation-2017
Implications for Risk Based Auditing ?
Regulatory audits focus on high risk areas, including:• Data Integrity
• Sterile Manufacture
• Contamination
R² = 0.83
0
5
10
15
20
25
30
35
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
"Data Integrity"
“Trial Injection”
“Environmental
Monitoring”
“Cleaning
System”
It’s Only an Infrared !
Sample
FT-IR Sample
Preparation
• ATR
• Nujol Mull
• KBr Disk
• Film … Etc.
Sample
Preparation
Influences:1. Appearance
2. Variability [Skill]
3. Quality of Spectrum
Infrared
SpectrumSpectrum
ComparisonResult
Spectral
Comparison:
1. Electronicallyor
2. Using Print Outs[Reference material or Spectra]
Spectrum Quality:[of the sample preparation – not the identification]
1. Is the Quality of the sample
prep. good enough ?
2. How Managed / Documented ?
[OOS for sample prep. or procedure explaining
poor spectrum quality & how documented]
Validation[for intended use]
Instrument Performance:[How Do They Manage It ?]
1. Wavenumber [Accuracy]
2. Resolution [of Instrument]
3. Interference [contamination or water vapour]
4. Reproducibility [of Spectra – JP]
5. % T [Scale – Not Linear]
6. EP / JP / USP / IP / CP .. Etc.
Spectra – Do They:
1. Saved Electronicallyor
2. Define Print Out as Raw Data
Reference Spectra:
1. Approval of FT-IR Identification Test
2. Management of Suitability[of the Reference spectra & Materials Used]
Differences:
1. How Managedand
2. Documented[What level is significant]
Training[& SOP]
File Management:
Can Files Be:
1. Re-named ?
2. Manipulated ?
3. Deleted ?
Only compare spectra recorded
under the “same” conditions
[equivalent scan and sample preparation
defined by Pharmacopeia Requirements]
Technical Control [in the software]
Fundamentals: Paper Vs Electronic
Paper Vs.
Electronic[Records]
Greater Risk More Secure
Electronic
Paper
• Technically compliant (e.g. with 21 CFR part 11, audit trail “on”)
• Harder to manipulate (e.g. audit trail records changes)
• Manipulation easier to detect (e.g. recorded in the audit trail)
Procedural Control [around the paperwork]
• Assumes “following instructions / procedures”
• Easier to manipulate (e.g. change paper & photocopy)
• Manipulation harder to detect (e.g. no audit trail)
1. Direct Observation – at the time they do the work
2. Signed / Dated – paper records / protocols / forms / reports
3. Electronic Signatures – in software / audit trail
Need Both !
Need This
Don’t Share Passwords !
FDA Remediation
A Investigate Extent
B Risk Assessment
C Management Strategy
Interview: Current / Former Employees….. Root Cause
Extent…. Report All Deficiencies
Deeper Investigation of Breaches…… 3rd Party
Investigation Protocol / Methodology……… Scope
Impact of Data Integrity Lapses…… On Drug Quality
Detailed Corrective Action…… to Ensure
Comprehensive Description…… Root Cause
Interim Measures …… Actions
Long Term Measures…… Actions
Report…… Status
Reliability
Completeness
ucm521098
5 Management Misconceptions about Data Integrity – YouTube Video
1. 1:09 Limited to Fraud / Falsification (ALL DI, Including Error)
2. 2:07 Trust People – to Follow Procedure (Limitations on Procedural Control)
3. 3:35 “NIMBY” – It Won’t Happen Here…. (Over Confident – Don’t Know What People Do !)
4. 5:17 Root Cause = Human Error (Symptom, not Cause !)
5. 6:33 Data Integrity is New
A Lot of Data Integrity Guidance (too much ?)…..
Guidance Date Link Comments…..
FDA – Inspection of Pharmaceutical Quality Control Labs. 1993
Data Integrity is not “New” !FDA – PAI (Compliance Program Guide 7346.832) Nov. 2012
MHRA – GMP Data Integrity Guide Mar. 2015 2nd Edition. First Guidance ?
WHO – Draft Good Data and Record Management… Sep. 2015
FDA – Draft Data Integrity Guidance Apr. 2016 Reference to 50 CFR’s….
WHO – Good Data and Record Management Practice Jun. 2016 Comprehensive
MHRA – Draft GxP Data Integrity Guidance Jul. 2016 Implementation Time Line…..
PIC/S – Draft Good Practice for Date Integrity Management Aug. 2016 Japan / Korea ?(PIC/S members – non PICS GMP)
EMA – Data Integrity Questions and Answers Aug. 2016
SFDA – Drug Data Management Standard Aug. 2016 ? Translation in preparation
ECA – Draft Governance and Data Integrity Guide Oct. 2016 Governance……
Every Regulator…… ? ………….. ???
What Happens in the “Real World”
No. Category Classification Example Contribution
1Lapses of
ConcentrationMistakes
• Forgetting….. (supplemental
information…..)
• Manual Activity
• Poor Checking
2 MistakesHuman
Error• Transcription Error
• Manual Activity
• Complexity
• Poor Design
3Violation: Situational
Unplanned• Restart………
(after system crash….)
• Unplanned Event
• Training
4Violation: Standard
Poor
Workflow
• Change Control (ineffective – “drift” of
Method)
• Change Control
• Poor Design
5Violation: Optimised
Planned
Workflow
• Deviation Mgt. (make a change to
avoid deviation)
• Avoiding Extra Work
• Culture
6Intentionally
MisleadingFraud
• Intentional Data
Manipulation
• Culture
• Lack of Governance
Adapted from Guy Wingate Presentation (25 Years of GAMP)
What Happens in the “Real World”
Concentration
/ Mistakes
Human
Error
Unplanned
Events
Poor
WorkflowPlanned
WorkflowFraud
Design
Culture
LeadershipWhat If – Error Proof “Design”
• Template - Design
• Training – in Procedures
• Training – in Data Integrity Ineffective - Management
• Awareness – of what happens
• Ignorance – of Data Integrity
• Overly - Defensive
• Unacceptable - Thinking
• Workflow – of Data Perfect – Too Good
• Attitude - to “Patient”
• Expectations – No Errors
• Incentivization…..
Intentional Accidental
See
Ron Tetzlaff
Video Link