Laboratory Glassware Washer Validation Benefits

To appreciate how labwasher cleaning validation can help your organization, it helps to take a bird’s eye view of its objectives. They are to ensure consistency, quality and compliance with the FDA’s Current Good Manufacturing Practice (cGMP) regulations — regulations with a laser focus on a manufacturing process’ ability to create safe and effective products. Again and again.

The validation procedure starts with examining the big picture, the cleaning process, and then investigates the equipment that plays a pivotal role in executing each task. The purpose of the exercise is to furnish evidence to assure regulators and customers. This data you gather shows in black and white that your cleaning process will consistently deliver laboratory glassware that meets required specifications for cleanliness.

Many benefits flow from these objectives. They include:

1. Conformance with Regulatory Requirements

Validating all of the processes involved in bringing a drug to market is not an option. It is an FDA requirement. The most obvious reason for validation, therefore, is to ensure that your lab glassware cleaning process is in compliance with the FDA’s regulations.

2. Reduced Downtime

Since labwasher validation guarantees residue-free washing results every time, it enables you to avoid downtime due to dirty glassware.

3. Improved Quality

In pharmaceuticals, quality cannot be an afterthought. Because validation focuses the two essential ingredients of pharmaceutical quality, safety and efficacy, it is a natural step toward a goal of quality improvement. It make sure that medicinal products will perform according to expectations and the risk of contamination from impurities is brought as close to zero as possible.

4. Reduced Risk of Recalls

Contamination of drugs due to poor cleaning processes can compromise their safety and effectiveness, resulting in health hazards and even fatalities. Product recalls follow quickly on the heels of tainted drugs, shaving bottom lines, eating up time and sullying reputations. Clearly, all manufacturers strive to avoid such disasters.

5. Productivity

The validation process makes sure you have a systematic approach that produces good results without fail. In this way, it improves productivity. Because of the efficiency-boosting power of validation, even labs involved strictly with preliminary research and discovery that work outside of cGMP environments, are validating their cleaning processes. These labs include, for example:

• Non-pharmaceutical labs that create products for clinical testing under cGMP
• Contract labs that must use ironclad to avoid cross-contamination between multiple customers’ orders
• Quality control labs
• Labs involved in preliminary research and discovery

Obviously, there are many benefits to labwasher validation that go beyond compliance with cGMP regulations. These include increasing quality, productivity, and speed to market as well as reducing downtime and recalls. Given the many advantages of labwasher validation, you may be ready to get started with the process. How you do so will depend on the precise nature of your operations. However, there are usually three steps. First, define the cleaning process. Next, describe it in detail, usually including written standard operating procedures. Finally, qualify the labwasher and validate the cleaning process.

The Greatest Return From Your Poorly Soluble Molecule

Currently, about 70% of new molecular entities (NMEs) exhibit poor solubility in water and require some form of enhancement in order to achieve sufficient bioavailability, leading to tough questions about how to proceed for biopharmaceutical companies developing such compounds.

The sheer number of potential strategies for improving the solubility of a compound — which include various methods of particle size reduction, solid dispersions, salt formation, lipid formulations, inclusion complexes, nanocrystals, and a wide variety of other technologies — can overwhelm many developers, leaving them unsure how to choose a path forward.

At the same time, companies are under significant pressure to advance development programs in order to move to the next stage of funding as quickly as possible. In their rush to advance their molecules into the clinic, some biopharma companies ignore questions about solubility until later in development when the issue becomes unavoidable. Many other companies are willing to roll the dice and pick a solubility-enhancement technology based on a low initial cost or because they think that the process would be simple to scale up or a trusted consultant advises that the technology works for most molecules.

Of course, one of the reasons so many options exist is because there is no such thing as a one­-size-fits-all strategy for low solubility compounds; an enhancement approach that works for one molecule will not necessarily work for another with different physical and chemical properties.

Many developers are unaware that it can take just a few weeks to fundamentally evaluate a molecule’s physical and chemical properties, determine the ideal approach for that molecule and recommend a customized solubility solution. As a consequence, companies often choose a technology without undertaking a rigorous assessment. In some cases, that gamble may pay off, and they may luck into a formulation that provides the required exposure on the first attempt. In too many cases, however, biopharma companies find themselves going down a dead-end path that eats up tens of millions of dollars and years of time, while their competitors go straight to Proof of Concept with the first formulation strategy they try. Unfortunately, it is not uncommon for companies to formulate and reformulate compounds dozens of times over as many as 4 to 6 years without success, unnecessarily delaying or even killing the project.

If a formulation fails in Phase I due to insufficient bioavailability, experience has shown that redoing all of the necessary formulation and process development activities, including stability testing and validation of analytical methods, can easily require up to 12 months of time at a cost of $500,000 to $600,000.

Switching to a new approach is also not desirable, as it can require finding a new solubility vendor, a process that is likely to take an additional three to six months of dedicated effort to perform due diligence and negotiate a new master service agreement. Add in the cost of repeating a Phase I trial, which according to a 2014 U.S. Department of Health and Human Services report averages $4 million, and each subsequent attempt adds $5 million to R&D costs. In the meantime, the company is failing to collect milestone payments, and according to a 2012 Journal of Applied Clinical Trials article by Ken Getz of the Tufts Center for the Study of Drug Development, each day of delay in getting to market costs an average of $1.3 million in lost prescription sales.

Without a deep understanding of the science behind solubility enhancement, there is no guarantee that a second attempt will work any better than the first. When developers lack that understanding, they also lack the ability to discriminate the potential benefit of one technology over another, so they may wind up trying all of them. And when all of their attempts fail, it can be very difficult to draw a definitive conclusion as to whether or not the molecule can be developed.

In the end, if the company’s empirical search for a solubility solution fails to generate the necessary bioavailability, or if it produces a formulation that can’t be scaled up, or if the company has spent years on a compound that was never amenable to development, the entire company could be at stake. Fortunately, it is possible to get reliable, scientifically based guidance to select the approach with the best chance of success in a very short amount of time.

For example, in one case, a company that was developing a poorly soluble molecule for a pain indication had tried almost 50 different formulations, using five different drug delivery technologies including micronization, wet granulation and nanocrystals, while failing repeatedly to meet exposure targets in pre-clinical and Phase I studies. Following numerous failures, the company’s business partner decided not to advance the molecule any further and returned the rights to the developer.

Once the developer decided to consult an experienced solubility enhancement team at a large contract development and manufacturing organization (CDMO), it took only a few weeks for the team to evaluate the molecule and recommend a spray-dried formulation that succeeded immediately in pre-clinical studies. The new formulation demonstrated substantially higher bioavailability in a dog model, then achieved an 8 ½-fold improvement in Cmax and a five-fold increase in bioavailability when it advanced to a Phase I PK study.

For another company that had also tried more than 50 formulations of its poorly soluble compound over the course of several years without achieving any significant increase in bioavailability, a scientific evaluation of the molecule and potential delivery technologies determined definitively that further development was neither financially nor technically feasible at that time, allowing the company to end that program in favor of more promising candidates.

It generally takes just two to three weeks for a team with extensive experience in solubility solutions using a proprietary formulation design platform to evaluate a molecule, recommend a customized formulation strategy that is likely to provide sufficient bioavailability, and prepare additional formulation scenarios as a fallback. Or, the team may quickly determine conclusively that formulation of the compound is infeasible, allowing the developer to take a “fail fast” approach and end the program without wasting significant amounts of time and money.  

Understanding the compound’s properties is critical. While all BCS Class II molecules exhibit low solubility and high permeability, the specific molecular characteristics require unique approaches. For example, some low soluble compounds will dissolve fully in gastric fluids if the dissolution rate can be increased, so micronization may lead to success in those cases. Different compounds, on the other hand, will never dissolve no matter how small the particles. One low-solubility molecule may be suited to the creation of an amorphous dispersions by spray drying, while another may not dissolve in the necessary solvents.

Once the analyses have been completed, the development team has access to a wide variety of mathematical and computer modeling tools, ranging from high level quantum mechanical modeling of compounds and excipients to molecular dynamics simulations and quantitative structure activity relationships (QSAR)-based models that are applied to the development program as appropriate. In conjunction with the experimental data, the modeling tools provide deep insight and a mechanistic understanding of the compound’s structure and behavior.

In determining what formulation has the best chance of success, the team looks beyond the immediate needs of pre-clinical and early phase trials necessary to achieve proof of concept and keeps in mind the requirements of later phase clinical trials and potential commercialization. After all, a delivery technology that produces sufficient bioavailability to get through an ascending dose study, but which cannot be scaled up might be considered a success by a solubility vendor, but would likely be considered a failure by a biopharma company looking either to take the drug to market or to sell it to a larger company for commercialization.

Global CDMOs have the ability to gather a team and leverage an extremely broad skill base and a breadth of experience that would be unusual to find in a single consultant or small vendor. And these days, more and more biopharma companies are recognizing the benefits of working with a CDMO to minimize risk and help them get their low-solubility molecule all the way to their ultimate goal.

A CDMO that provides commercial manufacturing services for hundreds of small molecule products in a wide variety of dosage forms has a solid basis to understand the nuances of formulation interactions, such as how a spray-dried intermediate may impact solid-dose manufacturing or how a lipid formulation may affect the filling process into a softgel capsule, or how a formulation with a micronized API will blend with excipients.

A global CDMO also has the expertise to consider a multitude of factors beyond bioavailability that may play a role in formulation selection and the ultimate success of the product. Only a large CDMO that has helped clients earn numerous approvals is likely to have experienced personnel in every area of drug development, approval, and life cycle management, and is able to anticipate issues that can affect pre-clinical, clinical development, scale up, regulatory submissions, and lifecycle management.

Given the availability of this type of expertise and a proven method of predicting successful solubility enhancement strategies for individual molecules, there is simply no reason to take a risky trial-and-error approach to a development program. Today, biopharma companies can opt for a simple, time-saving method of choosing the best path for a poorly soluble molecule by asking a reliable CDMO to draw them a map. And by doing so they can achieve a greater overall financial return on their investment, whatever their commercial strategy may be.

Learn From FDA & MHRA GMP Inspection Observations

A comprehensive GMP intelligence program includes monitoring of enforcement actions, including FDA form 483s, warning letters, recalls, import alerts, consent decree agreements, EU reports of GMDP noncompliance, and inspection summaries published by selected European health authorities. This article presents the most recent GMP inspection data from CDER and MHRA (Medicines and Healthcare Products Regulatory Agency).  The CDER data and the MHRA data come from GMP inspections conducted in 2016.

The CDER drug inspection observations supplement the information we published in a previous article regarding CDER drug GMP warning letters from the same time interval.  The analysis herein includes data from the FY2016 form 483 observations and compares results with those from the three previous fiscal years. Raw data comes from the FDA website, though it is presented in a different manner. For example, I have combined the frequencies of all observations that cite 21 CFR 211.192 into a single value. In the FDA data, there are multiple line items for 211.192, each with a different frequency.  For example, in the FDA listing the most frequently cited item is 211.22(d), procedures not in writing, fully followed.  When you combine the full collection of times that 211.192 and 211.42(c) are cited, however, they become tied for No. 1, with 211.22(d) becoming the third most frequent citation.  FDA uses the term “frequency” which seems to be the number of times a given citation was identified in the form 483 collection supporting these data. 

Only form 483s that were issued through the Turbo EIR (Establishment Inspection Report) system are considered in this data, which provides a distinct limitation.  No form 483s issued to API manufacturers or issued outside of the Turbo EIR system are included. This becomes important to consider with FDA’s increased focus on API manufacturers, particularly outside the U.S.   MHRA data is similar and only includes deficiencies identified at dosage form manufacturers.  Note that the MHRA data includes only the 10 most frequently cited groups, whereas the data on the FDA website includes all observations. 

Here are some highlights of the analysis:

FDA:

The number of form 483s included in this analysis remains reasonably constant over the past four fiscal years even though it does not represent all drug inspections conducted by the FDA, particularly inspection of sites that manufacture APIs.

Deficiencies in investigations remains at the top of this list over the past four years.  We as an industry cannot seem to get this quite right.

In general, the regulations cited and their relative order has remained reasonably constant over the past four fiscal years.  Even though a few items have changed place, none of the numbers are striking.

MHRA:

MHRA issued 143 “critical” deficiencies, in a total of 324 inspections of which 82 inspections (25 percent) were overseas inspections and 242 inspections (75 percent) were conducted in the U.K.

The EU GMP Guide Chapters and Annexes that were cited in critical observations include, in order of their frequency: Chapter 1, Annex 1, Chapters 5, 8, Annex 15, Chapter 3, Annex 11, Chapter 2, Chapters 4 and 6.  

The MHRA cited a total of 4,588 deficiencies in the 10 areas that received the critical observations.  Critical deficiencies constituted 3 percent of the total.

The sections that follow include more detailed discussion of the observations.

FDA Form 483 Inspection Observations

The following data is based on inspections generated using the FDA Turbo-EIR system.  The number of form 483s remained quite similar over the four years in question, with FY2014 having the fewest.  Form 483s issued to API manufacturers or issued outside of the Turbo EIR system are not included.

Table 1 shows only the most frequent group of inspection observations; the tabulation on the FDA website shows all observations.  Table 1 is organized in the order of those observations with the highest to lowest frequency for 2016.  In several instances, though, the order of the observations did change in FY2016 from previous years; these are highlighted in gray. 

Table 1: Inspection Observations Issued Through Turbo-EIR System per Fiscal Year. (These are shown in the order of highest to lowest for FY2016.)

Figure 1 below shows the data from Table 1 graphed over four fiscal years, 2013–2016.  While there is some variation from year to year, the frequency with which specific regulations are identified remains generally constant.  Figure 2 shows additional detail of several of the areas where the frequency of the observation did show some variation between FY2015 and FY2016.

Figure 1: Frequency of observations

Figure 2: Selected observation frequency

In conclusion, there is little change in the overall frequency of inspection observations, as characterized by the regulation cited, between FY2013 and 2016. This may have been different if all inspected sites, including API sites, had been included in the metrics. The three most frequent observations in FY2016 cite 211.192 (investigations), 211.42(c) (design of facilities to prevent cross contamination), and 211.160(b) (scientifically sound specifications). While 211.192 was in first place for all four fiscal years, in 2016 it tied with 211.42(c), Requirement for adequate facilities to prevent contamination or mix-ups, moved up from third place, even though the actual number of those observations decreased from 2015. Citations against 211.160(b) Development of scientifically sound specifications went from second place to fourth place. Observations citing 211.113(b) Validation of aseptic processes including sterilization dropped from fifth place to sixth place in 2016, and the actual number decreased significantly, to FY2013 levels. Finally, observations identifying 211.25(a) Staff shall have training, education and experience to perform their jobs dropped from eighth place to 10th place in 2016. 

MHRA Inspection Deficiencies

I won’t reproduce the graphics from the MHRA slide deck, but I do recommend reading those because they contain a wealth of information at a granular level. The MHRA conducted a total of 324 inspections in 2016; 242 inspections were conducted in the U.K. and 82 inspections were conducted overseas. The MHRA inspections identified 143 total “critical” deficiencies in 2016, a dramatic increase from 2015 when 51 were identified. We cannot compare this with the U.S. FDA inspection observations because the FDA does not classify the criticality of observations. In the future, perhaps health authorities will adopt a common classification category for inspection observations.

MHRA identified critical deficiencies in only five areas in 2015, and increased this to 10 areas in 2016. Several categories saw significant increases, for example:

• Sterility Assurance had no critical observations in 2015 and 34 in 2016
• Personnel had no critical observations in 2015 and eight in 2016
• Premises and Equipment had no critical observation in 2015 and nine in 2016
• Computerized Systems had one critical observation in 2015 and nine in 2016.

Table 2 identifies the areas with critical deficiencies identified in 2016. The groups included seven Chapters and three Annexes. Figure 3 clearly shows that approximately two-thirds of the deficiencies are included within three groups: Quality Systems, Sterility Assurance, and Production.

Table 2: Chapters and Annexes Associated with MHRA Critical GMP Inspection Deficiencies in 2016

                          Figure 3: Distribution of these critical MHRA deficiencies

Conclusions:

It is difficult to directly compare areas identified by the MHRA with those identified by the FDA, as the FDA does not categorize the criticality of inspection observations as do the MHRA and other health authorities. We can, however, say that with FDA observations addressing “investigations” at the top of the list, “quality unit responsibilities” third on the list, and “staff training” at No. 10, quality systems is a high priority for the FDA. Similarly, Quality Systems is the area with the most critical deficiencies identified by the MHRA in 2016. Validation of aseptic processing (21 CFR 211.113(b)) was sixth on the FDA list but was second on the list for MHRA.

Computer system requirements are identified in Annex 11, Computerized Systems. Data integrity and data governance deficiencies are identified by MHRA by citing either Chapter 4 or Annex 11, both of which were associated with critical deficiencies in 2016. Similar FDA regulations are found in 21 CFR 11, Electronic Records; Electronic Signatures, and it is rarely, if ever, identified in either form 483s or warning letters. The FDA frequently associates these types of inspection observations with predicate rules including 21 CFR 211.68(b) and 21 CFR 194.

MHRA has always had a reputation as one of the most rigorous health authority inspectorates. It seemed to have upped its game in 2016, as demonstrated by an increase in the number of critical deficiencies, along with an increase in the total number of deficiencies identified for essentially the same number of inspections.

Both agencies will likely continue to focus on sterility assurance, investigations, quality systems, and data integrity/governance in 2017. It would be interesting to see if the number and types of observations identified during API inspections were similar for the two health authorities. And finally, the Mutual Recognition Agreement (MRA) between FDA and the European Medicines Agency will likely not impact the number of inspections for 2017, though it may be possible to see that happen in 2018. Time will tell how this impacts the number and locations of both EMA and FDA inspections.

References:

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/582841/MHRA_GMP_Inspection_Deficiency_Data_Trending_2015.pdf

- Barbara Unger

Tips for Time Management In Pharmaceutical Operations

We all want to maximize the productive use of our time, correct? Over the span of my pharmaceutical industry career, I have been fascinated with this topic. It started when one of my supervisors in supply chain gave copies of The 7 Habits of Highly Effective People to me and the rest of his staff, which became one of many books on time management I have read. I have also been a keen observer of colleagues’ behavior and have analyzed the ways in which management has communicated its preferences regarding how employees spend their time. Any related piece of information piques my interest — for instance, I recall reading a book indicating that a supervisor held a stopwatch to time her employees' “bio breaks.” I hope this doesn’t describe your current reality!

Unfortunately, many of us live in a state of “work-life imbalance.” The balance we need between our work and personal lives is very elusive. What’s more, time management in the pharmaceutical industry carries with it some unique challenges. In the halls of pharma companies you hear the phrase over and over again, “We’re in a regulated industry.” The implication is that the regulated environment is a drag on our time, resources, and creativity. To be sure, regulations make us jump through hoops in ways that don’t apply to other industries. And regulatory agencies — as well as internal auditing groups — can sometimes act unpredictably and demand an immediate response, pushing their concerns to the top of your to-do list. We also complain about the complexity of our organizations and the lack of responsiveness of colleagues, and grouse about how hard it is to complete the simplest of tasks.

Regardless of the cause, employees often take work home with them. Some tasks cannot be completed at the office due to multiple interruptions, or because there is a hard-and-fast deadline that cannot be avoided, such as a regulatory submission or the launch of a new product. However, on many occasions I have noticed colleagues checking emails throughout the evening, apparently just in case someone may address a question to them, even when there was no specific activity looming. In one case, an employee was online every one of the 24 hours of a single day.

This type of anxiety will push pharma employees to act when it is not absolutely necessary, and to cut into their much-needed down time. Then, there’s the misconception that your boss and colleagues need to see you online in the evenings so that you appear to be giving more than 100% to the company. I can assure you through direct experience that this approach does not work. I have even heard employees being criticized for staying at work too late, leading to negative performance reviews!

Given this seemingly impossible situation, how can you manage your time effectively in our industry? Here are a few suggestions.

1. Balance self-discipline with flexibility:

 Lack of structure is often the reason why our time is wasted and bad practices creep into our work, so establishing a framework is key to our success. On the other hand, we also know that many events in our work and personal lives cannot be predicted, requiring us to adapt. I read an article about a painter who was born without arms (due to the side effects of his mother’s use of thalidomide) and learned to paint by holding the brush between his teeth or with his feet, depending on what he was painting. He indicated how his particular set of circumstances forced him to choose other options available to him. What most of us would see as an insurmountable obstacle became a great opportunity to adapt and succeed.

2. Prioritize your activities, set your schedule, and communicate these clearly and consistently: 

In our industry, and particularly in supply chain, where I have spent my career, it is always helpful to use the "needs of the customer" approach to establish priorities. Summed up, I see it as providing quality product in a timely manner. Applied to my positions in GMP training, it means managing the training system so that employees can complete their training requirements through quality instruction and without undue delay. This overarching principle governs all of my scheduling decisions.

When organizing my time, I strive for a balance between work at my desk and short, effective meetings — this keeps me from getting bogged down in either type of activity. It also makes sense on a personal level, as I am more effective when I work in short spurts, interrupted by brief breaks or changes in focus. I also make sure to allow enough time to collect and report metrics, which in our industry have become more important. I don't consider metrics a waste of my time, as long as the ones I'm reporting pass the "needs of the consumer" test. In GMP training, I did not have control over which ones management required, but to those I added metrics that my training software could generate automatically and that were significant to me, even if I didn't need to report them.

For the evenings, I give my colleagues my cell phone number and explain that they are free to call me when they have a need that can’t wait until the next business day, but I don’t go looking for communication during off-hours. In the long run, show people that you are responsive to their needs while taking care of your personal life (more on this in a moment), so that you can perform at a high level consistently over time.

3. Learn how to say “no” without appearing uncooperative: 

My goal has always been to provide exemplary service to the people who depend on me during the work day. Still, over my career, I’ve gone from saying “yes” all the time to adding “no” when appropriate. I have learned to say something like, “I’m sorry, I have to finish this, but as soon as I’m done I’ll get back to you.” To be sure, there are times when you absolutely cannot say "yes" to certain requests, but often you can meet someone halfway, a quarter of the way, or wherever the situation requires. Time has taught me that it’s best to be up front with people, though there are diplomatic ways to communicate your situation. Again, use the "needs of the consumer" rule to help determine your priorities when you are asked to do something unexpected.

4. Embrace the rigors of a regulated environment:

The pharmaceutical industry’s regulated environment can impose a discipline that in the long run will benefit you and your colleagues. An inadequate quality infrastructure is often behind the most egregious deviations from Good Manufacturing Practices (GMPs), which can lead to fines, reduced consumer confidence, lower sales, and more importantly, harm to our consumers. Resist the temptation to bypass established procedures, in particular quality assurance oversight, to gain a short amount of cycle time to get product to market — in spite of the pressure you may feel to move faster than is feasible. A well-defined process that builds quality into its design will save time and money in the long run. If you need to make changes to your process, the heat of the moment is not the time to do so. Also, remember that too many planned deviations raise red flags with regulators.

5. Be an advocate for process improvements:

Another time management strategy is educating your colleagues to strike a balance when it comes to adding steps to manufacturing and quality processes. There will be times when the organization won’t allow you to influence these processes and act accordingly. However, if you work in an environment where your views are heard and your colleagues give your ideas a chance to succeed, try to have your team members reject the notion that more is necessarily better — and offer viable alternatives. One relevant example relates to establishing procedures for developing, reviewing, and approving standard operating procedures (SOPs) and other GMP documents within the organization. If the process is too cumbersome, necessary improvements to SOPs cannot cycle through the system in an efficient manner, and opportunities to improve quality and efficiency can be lost.

6. Don’t shortchange your family — or yourself:

The ability to disengage from work and spend time with family, with friends, or on your own is your right (and need) as a human being. There are emergencies, of course, but when the emergency becomes routine, examine what is prompting them: your own choices, unreasonable expectations by others, or some unavoidable external factor. There is never a time when choosing work over family as a pattern will, in the long run, help you or those around you. Think about it: Aren't you more prone to making mistakes that could cost your company dearly (483s, warning letters, backorder situations, recalls, etc.) if your work-life balance is out of kilter and you are fatigued and/or distracted at work? 

Conclusion:

It all boils down to this: You have to be the master of your own schedule. Your supervisor will have priorities that you will have to follow, but you need to use your own brain and determine exactly how much power you have to influence your circumstances. Remember the general rule of focusing on the needs of the customer to balance quality and timeliness — as well as the consequences of both poor quality and inefficiency — and advocate for these in your organization. Often, we have more control over our environment than we think!

Surveying The Current Regulatory Landscape regarding Data Integrity

Failures in data integrity break the essential trust that regulators have with manufactures of medicinal products. Regulatory authorities cannot review all the data that firms generate during the development and commercial lifecycle of every drug. Even during inspections, they review only a small fraction of the data generated. When regulators find that companies have falsified or manipulated electronic or paper data to achieve passing results — or have failed to document and investigate failing results — they lose confidence in all the data presented by the firm, a conclusion with devastating financial consequences.

Data integrity has been the subject of many recent industry trade group meetings involving speakers from the world’s major regulatory authorities, including FDA. The topic, however, is not new and has been the cited in FDA enforcement actions dating back to 1999. The Able Laboratories Form 483 in 2005 created a new level of awareness of data integrity within the industry. Shortly thereafter, the story of Ranbaxy Laboratories and its data integrity deficiencies became the subject of enforcement actions brought about by a whistle blower. And data integrity failures continue to be cited in form 483s and warning letters to this day — with increasing incidence. For companies in India and China, such failures often result in the firm being placed on import alert, which has significant financial ramifications.

In this article, we will review recent regulatory actions related to the highly visible topic of data integrity. First, we will look at data integrity deficiencies cited in FDA warning letters issued between FY 2013 and FY 2015, to sites both inside the U.S. and outside it. Second, we will move to the recently published FDA draft guidance on data integrity, which takes a markedly different approach from the MHRA and WHO guidances, even though FDA has been a leader in enforcement actions in this area for the last 15 years. Finally, we will address the finalized version of the WHO guidance on the topic.

The goal is to provide perspective on the current enforcement environment in the U.S. and abroad. The FDA, WHO, and the EMA have taken enforcement actions on a global basis. Unfortunately, the pharmaceutical industry does not seem to fully appreciate the seriousness with which regulators take these deficiencies, and it has not implemented the corrective and preventive actions necessary to correct these failures.

Data Integrity Deficiencies In FDA Warning Letters

Table 1 shows the number of warning letters issued to firms inside and outside the U.S. (OUS) over the last three FDA fiscal years, excluding those issued to compounding pharmacies. Data integrity deficiencies, including those cited in warning letters, identify the predicate rule(s) to which firms did not adhere — none cite 21 CFR Part 11. Note that even though the total number of warning letters decreased during the time period, the percent that addressed data integrity increased. Figure 1 provides a graphical representation of the data.

Table 1: Data Integrity Deficiencies in FDA Warning Letters (WLs), FY2013-2015

Most data integrity deficiencies addressed in the warning letters focused on the lack of controls over laboratory instrument associated computers/software or failure to contemporaneously record data. The warning letter issued to Sun Pharmaceuticals in early FY2016 (deficiency #6) focuses on manufacturing instrumentation-associated software and computer systems. While related deficiencies have occasionally been identified in past warning letters, the clarity of focus in this deficiency may represent an approach that inspectors will take in moving forward. Watch for more instances of this trend in FY2016, as FDA likely expands its scope to include additional manufacturing floor computer systems.

Several of the warning letters from FY2015 included requirements that approached consent decree-like requirements. Examples may be found in the warning letters issued to: Micro Labs Limited, Apotex Research Private Limited, Hospira Spa, Yunnan Hande Bio-Tech Ltd, and Cadila Healthcare Limited. (For more information on — and links to — these and other FY2013-2015 warning letters, see An Analysis Of Recent CDER Observation & Warning Letter Data.) This text has been refined over the past few years and increased in scope and granularity last year. Currently, the following text appears to be the boiler-plate requirements that FDA includes in instances where serious data integrity deficiencies are identified.

1. A comprehensive investigation into the extent of the inaccuracies in data records and reporting. Your investigation should include:
   • A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment; and a justification for any part of your operation that you propose to exclude.
   • Interviews of current and former employees to identify the nature, scope, and root cause of data inaccuracies. We recommend that these interviews be conducted by a qualified third party.
   • An assessment of the extent of data integrity deficiencies at your facility. Identify omissions, alterations, deletions, record destruction, non-contemporaneous record completion, and other deficiencies. Describe all parts of your facility’s operations in which you discovered data integrity lapses.
   • A comprehensive retrospective evaluation of the nature of all data integrity deficiencies. We recommend that a qualified third party with specific expertise in the area where potential batches were identified should evaluate all data integrity lapses.
2. A current risk assessment of the potential effects of the observed failures on the quality of your drugs. Your assessment should include of the risks to patients caused by the release of drugs affected by a lapse of data integrity, and risks posed by ongoing operations.
3. A management strategy for your firm that includes the details of your global corrective action and preventive action plan. Your strategy should include:
   • A detailed corrective action plan that describes how you intend to ensure the reliability and completeness of all of the data you generate, including analytical data, manufacturing records, and all data submitted to FDA.
   • A comprehensive description of the root causes of your data integrity lapses, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment. Indicate whether individuals responsible for data integrity lapses remain able to influence CGMP-related or drug application data at your firm.
   • Interim measures describing the actions you have taken or will take to protect patients and to ensure the quality of your drugs, such as notifying your customers, recalling product, conducting additional testing, adding lots to your stability programs to assure stability, drug application actions, and enhanced complaint monitoring.
   • Long-term measures describing any remediation efforts and enhancements to procedures, processes, methods, controls, systems, management oversight, and human resources (e.g., training, staffing improvements) designed to ensure the integrity of your company’s data.
   • A status report for any of the above activities that are already underway or completed.

Completion of these activities will not happen quickly and will take a concerted effort on the part of the firms involved.

FDA Draft Guidance on Data Integrity

In April 2016, the Federal Register announced availability of the long-awaited 10-page FDA draft guidance on Data Integrity and Compliance with CGMP for comment. For comparison, you can review MHRA GMP Data Integrity Definitions and Guidance for Industry (March 2015) and WHO'sAnnex 5: Guidance on Good Data and Record Management Practices (May 2016), the latter of which I will explore in more detail below.

The FDA draft guidance is structured in a Q&A format with a total of 18 questions. It focuses heavily on identifying and citing the predicate rules as they apply to electronic records and data integrity, and for this it is an excellent reference. However, it provides little insight into FDA’s intent and actual expectations in this area.

We all read guidance documents to identify regulators’ expectations and actions we might take to ensure compliance. This one, in particular, was anticipated for over two years and addresses FDA’s leadership in enforcement actions over the past 10+ years. Perhaps I had unrealistic expectations, but requirements and expectations in this area can be more easily discerned from a careful reading of warning letter deficiencies and form 483 observations than from reading this draft guidance.

Following are some the areas that I hope are addressed as part of the comment process and revised in the final guidance:

• The guidance fails to address the concept of lifecycle for either computer systems or data. In fact, the term “lifecycle” is not found in the document, even though it is a concept central to the FDA’s guidance on process validation and is also central to associated ICH quality guidelines.
• The guidance does not address an expectation for a risk based data governance process andperiodic evaluations of effectiveness of the program to prevent, detect, and remediate data integrity issues. Frequently, FDA warning letters that identify data integrity failures require development of a management strategy to investigate the scope of the shortcoming, including impact on product quality and patient safety, and to address how such failures will be prevented, identified, and remediated in the future. In short, the firm that receives a warning letter must describe a data governance program and a data integrity plan. An example of this requirement is provided at the end of the warning letter recently issued to Emcure Pharmaceuticals.
• Question 16 states that personnel should be trained to detect data integrity issues. While it seems appropriate that all staff should be trained on the concepts and importance of data integrity to ensure product quality and patient safety, it seems excessive and impractical that ALL personnel should be trained to detect data integrity issues. Data reviewers, particularly those that review electronic data, and audit staff should receive special training in the area of detecting data integrity shortcomings. Training for each functional area needs to reflect the roles and responsibilities performed by the staff.
• “FDA invites individuals to report suspected data integrity issues…” and provides an email address to which such communications should be sent. It seems most unusual for FDA to directly solicit what is effectively whistleblower activity in a guidance document. I am not saying this is inappropriate, just that it's unusual.
• With regard to definitions, the guidance does not differentiate between the terms ”back-up” and ”archive” as they relates to electronic records. It would also be ideal if the definitions were harmonized with the two existing guidances.

For now, we await industry and trade group comments, and look forward to the final guidance.

WHO Final Guidance on Good Data and Record Management Practices (Annex 5)

Annex 5 was published as part of the publication of the WHO Technical Report Series No. 996 in May 2016, and represents a finalization of a draft document published for comment in September 2015. WHO initiated work in this area during a meeting in Geneva in April 2014.

Changes from the draft of September 2015 are primarily in reorganization of content and the addition of Appendix I, titled Expectations and examples of special risk management considerations for the implementation of ALCOA (-plus) principles in paper-based and electronic systems. The annex includes the tabulation of information on electronic and paper records, and examples of special risk management considerations that previously were included in a tabulation within the draft guidance. Content has also been expanded in both the appendix and in the document overall, increasing the length of Annex 5 by 10 pages over the 2015 draft.

Following are the changes between the 2015 draft guidance and the finalized 2016 Annex 5. This does not include minor changes in wording or reorganization of the same information. I think it’s impressive that this few changes were made to a document that is 46 pages long.

• Section 2.3 in Aims and Objectives of the Guidance is new.
• The ALCOA-plus entry in the glossary is new.
• The archivist entry in the glossary is new.
• The audit trail entry in the glossary is expanded.
• The control strategy entry in the glossary is new.
• The corrective and preventive action entry in the glossary is new.
• The good data and record management practices entry in the glossary is new and reflects the new term for good documentation practice.
• The quality metrics entry in the glossary is new.
• Section 4.6 Management Governance is expanded.
• Section 4.7 Quality Culture is expanded.
• Section 4.12, providing examples of record keeping methodologies and systems, is expanded.
• Section 4.13, describing durability of data and record media, is new.
• Section 6.4 under Management Governance and Quality Audits is expanded.
• Section 7.2 under Contracted Organizations, Suppliers and Service Providers is expanded.
• Section 7.6 under Contracted Organizations, Suppliers and Service Providers is new. This section addresses expectations where data and document retention is contracted to a third party.
• Sections 11.7 and 11.8 on Data Processing are new.
• Sections 11.15 and 16 on Data Retention and Retrieval are new.

Conclusion

The use of computerized systems in our industry provides great advantages in efficiency and ease of documentation. Failure to correctly configure and validate the systems — along with a small number of firms who have purposefully manipulated the data — has ensured that FDA and other regulatory authorities will continue to focus on this area. It is interesting that the same deficiencies continue to be cited, year after year; industry does not seem to have gotten the message yet. But thanks to specialized meetings held by trade groups like PDA and ISPE, the industry may finally start to gain a better understanding of how essential data integrity is to the manufacture of safe and efficacious products. We need to reach a state where regulators can have confidence in the validity and accuracy of the data on which drugs are approved and released for commercial distribution. In this effort, every member of every pharmaceutical company has an important role to play.

About The Author

Barbara Unger formed Unger Consulting, Inc. in December 2014 to provide GMP auditing and regulatory intelligence services to the pharmaceutical industry. She has extensive expertise in this area having developed, implemented, and maintained the GMP regulatory intelligence program for eight years at Amgen Inc. This included surveillance, analysis, and communication of GMP related legislation, regulations, guidance, and industry compliance enforcement trends. Barbara was the first chairperson of the Rx-360 Monitoring and Reporting work group (2009 to 2014) that summarized and published relevant GMP and supply chain related laws, regulations, and guidance. She also served as the chairperson of the Midwest Discussion Group GMP-Intelligence sub-group from 2010 to 2014.

Before Amgen, Barbara worked for the consulting firm Don Hill and Associates, providing regulatory and quality services to the pharmaceutical industry, and for Eli Lilly and Company in quality and CMC regulatory affairs positions. She began her career in the pharmaceutical / device industry with Hybritech Inc. and received a bachelor's degree in chemistry from the University of Illinois at Urbana-Champaign.

Fundamental Elements of 21 CFR Part 11 & GMP Annex 11

Along with providing monitoring and validation systems, we often delve into issues that arise for our customers when they are interpreting regulations and guidance. We receive many questions on 21 CFR Part 11 and Annex 11.  In this article we we offer some background and a brief overview of three focal points of both of the "Elevens"  including:  System Controls, Validation and Archiving.

It's important to note that Part 11 is a requirement in the US, whereas Annex 11, which applies to the EU, is a guidance document only. By the way, we are assured by those in the know that the "11" in the titles are  incidental. Someone please correct us if we've been misinformed!

Background:

Computerised systems — crucial to pharmaceutical, medical device, and biotechnology manufacturing and distribution operations — differ from paper-based systems and  manual systems traditionally used for creating and archiving records are becoming rare. 

This is (partly) why the FDA and EMA  created 21 CFR Part 11 and Annex 11. But the real basis for of "the elevens" is to ensure that the quality and safety of drugs and biologicals do not suffer as a result of computerized systems replacing a manual system.  

 Annex 11 states:

"Where a computerized system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process." 

The FDA similarly says that the purpose of Part 11 is to make sure electronic records are: 

"...trustworthy, reliable, and generally equivalent to paper records."

The FDA's statement entails the fact that for generations, paper records were all we had to depend upon to ensure that processes and conditions that preserved the safety and quality of drugs were performed properly. 

Both Part 11 and Annex 11 remind us of the importance of safety, and address the need to set up standards to make ink and electronic or digital signatures equivalent in their effect.

Controls: Human Readable, Unmodifiable, Authorized 

Both Part 11 and Annex 11 include the following elements: 

• Validation

• Human Readable Copies

• Protection and retention of records

• Audit trails

• Restricted access for authorized users only

• Authority checks

• Device checks

• Training

• Written procedures

• System documentation

One glimpse at the list shows that each is in some part a method for controlling the function and outputs of a system. 

In 21 CFR Part 11  "Controls for Closed Systems" states: 

(b) "The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review and copying by the agency."

The fact that there is a specific regulation regarding human-readable copies demonstrates how far technology has evolved.  It would be hard today to imagine a user-friendly system that did not allow for the printing of documents and data.   

For most monitoring systems, the records of interest are the actual historical monitoring values.  And  creating a human-readable copy likely means that historical data and event logs may be printed out in a secure format.

In 21 CFR Part 11 (e) in "Section 11.10 - Controls for Closed Systems we read: 

"Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying."

In terms of your environmental monitoring  applications, this simply means that, in order for your records to comply, the electronic records (data and events) cannot be manually modifiable or deletable.

In addition, the Audit Trail of your system needs to capture any changes to metadata (schedules and report templates) and configuration data without obscuring earlier entries.   If your system doesn’t allow any changes to values once recorded, it complies with those sections of both Part 11 and Annex 11.

As a closed system, your monitoring system needs to limit access to only "authorized individuals." That's item (d) in Section 11.10 of Part 11. Typically this means that all who have access to the system have a distinct username and secure password. Often a system will integrate with your OS authentication to leverage commonly used, pre-existing password management tools. 

Validation: Prove it Works & Document your proof

With regard to validation, Part 11 lays out the need for validation in the first item of Section 11.10: "Controls for Closed Systems":

(a) "Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records."

In Annex 11, the "Project Phase" section covers validation in  eight fairly brief, fairly straightforward points: 

Use risk assessment to justify standards, protocols, acceptance criteria, procedures and records

Use correct change control documentation practice to report deviations

Keep an Inventory of your computerised systems with descriptions, interfaces, processes, software and hardware

Use risk assessment to assess the GMP impact of User Requirements Specifications 

Audit suppliers’ Quality Management Systems

Validation of computerised systems covers the entire life-cycle of the system 

Document testing 

Validate data transfers

We see that Annex 11 is more explicit in recommendations for validation. 

Archiving: Validated, Secure, Accessible

The protection and retention of records, as described in Part 11's Section 11.10 (c) means that whatever data your system produces, it may not be altered.  In addition, to meet the requirement of "ready retrieval throughout the records retention period," your data needs to be archived in a way that it can be conveniently accessed – you don’t want to make an auditor wait, 

If you store the data permanently within your database, the database should be designed in such a way system's performance should not degrade as the database grows over time.  How you meet this requirement of 21 CFR Part 11 may have as much to do with the design of your system as it does with your system administration policies around archival.

In Annex 11 under “Data Storage” it is recommended that data be securely stored, and backed up BOTH physically and electronically and regularly checked for accessibility, readability and accuracy.  Annex 11 also mentions is the need to validation data restoration abilities of the system. 

Part 11 and Annex 11 were introduced to address the key differences between computerized and manual systems and make electronic records equivalent to paper records as evidence of quality process execution. Today, most environmental monitoring systems used in GxP compliant firms are inherently aligned with the requirements of both the "Elevens." However, the risk comes not from the systems themselves, but in how they are implemented and maintained. 

Although your monitoring system probably included User and Administrator manuals and CDs that are fairly easy to integrate into your Document Management System, the procedures that control documentation are still your responsibility.  As good as your monitoring system may be (and, if you have a Vaisala system, it's awesome!), only the procedures of your Quality System keep you in compliance with Part 11/Annex 11. 

We didn't cover Electronic Signatures because that's a specialized software function. Specialty enterprise software exists for implementing Electronic Signatures within an Electronic Document Management System (EDMS).  For Vaisala's monitoring solution, we use a "hybrid" system, which means it uses electronic records combined with handwritten signatures, wherein the PDF outputs can be imported into and EDMS. 

FDA's First Draft Guidance Under DSCSA

On June 10th, the long-awaited first draft guidance under the DSCSA was released by the FDA. For those holding high expectations that the guidance would offer specific direction on how to handle suspect/illegitimate products internally, you may come away feeling a little shortchanged. However, in the past, the FDA has come under scrutiny for using guidance to replace rule making, since this requires legislative involvement, so the lack of detail in the draft may be an effort to make room for flexibility that industry felt they weren’t getting before.

Whatever the intent, the draft guidance does provide some learning opportunities and also a very subtle call to action. I recently spoke with David Colombo and Dawn Wang with KPMG Life Sciences Advisory to find out what can be learned from this draft and where we go from here.

What We Can Learn:

As stated on page four of the Draft Guidance for Industry: Drug Supply Chain Security Act Implementation: Identification of Suspect Product and Notification, the document is “intended to aid trading partners (manufacturers, repackagers, wholesale distributors, or dispensers) in identifying a suspect product and terminating notifications regarding illegitimate product.” Since these terms and their definitions were already defined in the legislation, it would seem that the other piece to be provided would be how a company would investigate and handle them. This is a major area where the draft falls short. There is no detail around what these internal processes should look like; however, this is where Colombo and Wang say this room for interpretation should encourage action on behalf of all trading partners.

Dave Colombo, KPMG Life Sciences Advisory

In most organizations, the quality group will already have standard operating procedures (SOPs) outlining the internal processes around product investigations, complaints, “suspect” or “illegitimate” products, as well as corrective and preventative action (CAPA) responses. Matching terms used in these existing processes with those used in the regulation allows a company to then assess which definitions need edited in order to align with the FDA’s terms and definitions. “If an organization hasn’t formally established terms that align with the definitions provided under the DSCSA, then those need to be addressed. In the case that terms have been established, they will need to be reviewed to ensure that any overlaps or conflicts in the interpretation can be addressed,” says Colombo.

“As an example, in the past, an organization may use different SOPs to respond to stolen versus counterfeit products. Under the DSCSA, the definition of suspect and illegitimate can apply in cases identified across various SOPs and will now require standard ways of quarantining, reporting, and dispositioning of the product,” adds Wang about the draft and the process it outlines for reporting illegitimate products through the new Form 3911, which must occur no later than 48 hours after determining that a product is indeed illegitimate. “Fortunately, the guidance provides some clarity to the piece on notifying and reporting to authorities, if not to the piece on the coordination with trading partners. The nature of relationships with trading partners, though, is quite different than that with authorities, so it may be good to keep the definition of business relationship processes out of scope of the guidance. Organizations are starting with baseline SOPs to build off of and will just need to examine the elements of the law and guidance to make sure they are all tied in.” Part of updating these procedures includes making sure that outdated pedigree legislation is not mentioned in any existing SOPs. This would include state laws that were preempted by the passing of the DQSA, or soon-to-be-outdated legislation, such as the Prescription Drug Marketing Act (PDMA), which is going to be sunsetted as of January 1st, 2015.

Not only is it important to identify the definition of a “suspect” and “illegitimate” products (which is done in the legislation itself), but it’s also important to be aware of situations when there is a heightened risk for a suspect product to enter the pharmaceutical supply chain. While it is stated it is not an exhausted list, the draft guidance does offer possible scenarios industry should be aware of when: engaging with trading partners and product sourcing that put the product at risk; dealing with a product that is vulnerable based on its supply, demand, history, and value, and/or a product that has suspicious form or packaging.

What We Still Need To Know:

As indicated in the legislation, the suspect product must be put in quarantine to prevent it from being shipped. Once this is done, the first step is to make sure the expiration date on the product and the relevant transaction data, which is the transaction associated with the lot number, have the right association. As previously stated, the company must provide these materials within 24 hours or a maximum of 48 (if the notification of verification request occurred over the weekend) and then complete an investigation and report the results to the FDA. If you’ve determined the product does not actually seem to be suspect, when can the quarantine end and shipping resume? While this is not clearly identified in the draft, Wang says having the lot-level data at your fingertips will allow for a quicker investigation, which should reduce the amount of time any product is under quarantine. “The intent of the requirements on product verification within the law is to make lot-level product date more readily available in order to aid stakeholders to identify or clear suspect and illegitimate product. With this data, stakeholders should be able to more accurately define the impact of the suspect or illegitimate product, and reduce the amount of time a product sits in quarantine.”

Also, many questions still swarm around what should happen if an illegitimate product is found. Does the entire lot have to go back to the manufacturer, does it all have to be destroyed, or does a company just continue what they would do in the situation of a theft or a counterfeit? Like any draft guidance, the FDA is soliciting comments from interested stakeholders for 60 days from the date of publication. It is through these comments where good discussions and thoughts may drive an industry standard, even if the FDA doesn’t necessarily do something tangible with those that are submitted. Additionally, keeping an eye on information coming from organizations, such as the Healthcare Distribution Management Association (HDMA) or the Pharmaceutical Distribution Security Alliance (PDSA), may prove beneficial if the FDA coordinates behind the scenes efforts with these organizations to fill in the gaps through suggested best practices. “Most stakeholders understand that the FDA, industry associations, and standards organizations have different roles and areas of expertise when it comes to defining requirements versus issuing technical guidance or implementation methods. Industry stakeholders will apply the requirements to specific scenarios that are applicable to them. One example of this is that HDMA is planning to release its interpretation of the types of transaction scenarios that occur in the distribution chain, and what data elements are required to be sent and received in each of those cases,” explains Wang.

Although the ambiguity of the guidance leaves many unanswered questions, the fact that the FDA is allowing stakeholders to develop their own processes should be embraced as something positive. A trust is building between the industry and the regulators that has resulted in some level of independence, and it’ll be interesting to see how this develops as the remaining milestones in the DQSA play out over the next 9 ½ years. Not just domestically but internationally, we are attempting to take back the supply chain from the vulnerability it’s been exposed to for so long and protect the patients who trust us to do. The commitment from the FDA to release the guidance this month as promised (even if it is a little late) shows that the effort is well underway.

Read More...