Global Compliance Trends and Warning Letters

Similar documents
PAI Inspections, Observations and Data Integrity

A Comprehensive Approach to Find and Remediate Data Integrity Problems

ISPE NORDIC COP CLEAN UTILITIES SEPTEMBER TUUSULA FINLAND. Timo Kuosmanen STERIS Finn-Aqua

Inspection Trends. American Society for Quality Richmond, VA Section March 8, 2016

Ensure Data Integrity Compliance Enterprise-Wide

Pharmaceutical Good Manufacturing Practice. Contents are subject to change. For the latest updates visit

Lessons from Pharmaceutical Laboratory related FDA Warning Letters

ALCOA AND DATA INTEGRITY: PASTAND FUTURE

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT. 21 CFR Part 11 FAQ. (Frequently Asked Questions)

EU Annex 11 US FDA 211, 820, 11; other guidelines Orlando López 11-MAY-2011

Regulatory Expectations, Standards & Guidelines

Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

References Concept. Principle. EU Annex 11 US FDA , (g), (i), 11 Orlando Lopez 2/15/11. Old Annex 11.

EU Annex 11 US FDA , (g), (i), 11 Orlando López 09-APR

DATA INTEGRITY ASSURANCE AS KEY FACTOR FOR SURVIVING CORPORATE AUDITS AND REGULATORY INSECTIONS

Introduction to 21 CFR 11 - Good Electronic Records Management

Impacto de las Nuevas Tendencias Regulatorias en la Producción de Parenterales. Innovacion en Packaging Primario

Regulations in Pharmaceutical Laboratories

Risk-based Approach to Part 11 and GxP Compliance

Preventing, Detecting, and Responding to Data Integrity Events. Background, Recent Findings, and Agency Expectations

Interpharm Praha A.S. 10/18/16

Clarity CDS since version 7.2 supportive tools for compliance with Title 21 CFR Part 11, EudraLex Chapter 4, Annex 11 and other similar legislation

Mahendra Chemicals 7/13/15

ISPE-FDA 3 rd Annual CGMP Conference 2 4 June 2014 Baltimore, MD. Detecting GMP Data Integrity Issues

Divi's Laboratories Ltd. (Unit II) 4/13/17

Divi's Laboratories Ltd. (Unit II) 4/13/17

Preparing for Successful Data Integrity Audits. Mary Chris Easterly & Richard D. Schlabach 13 October 2017

Drug Quality Assurance: Systems at ChemCon Author: Dr. Peter Gockel

Inspections, Compliance, Enforcement, and Criminal Investigations

[ WHITE PAPER ] A Basic Overview: Meeting the PIC/S Requirements for a Computerized System INTRODUCTION GOOD MANUFACTURING PRACTICES

COMPUTERIZED SYSTEM VALIDATION

Data Integrity. Requirements for a GMP-compliant Data Life Cycle SPEAKERS: August 2017, Copenhagen, Denmark LEARNING OBJECTIVES:

Data Integrity Issues & Concerns PDA Meeting Kansas City, MO August 21, 2017

Could Poor Temperature Data Management be Putting Your GxP Facility at Risk for Data Integrity Violations? we prove it.

GMP GUIDELINES. GMP Guides from Industry Organisations. FDA cgmp WHO GMP. cgmp Guide Drugs 21 CFR 210 GAMP. ISPE Technical Guides

IDT Australia Ltd. 5/23/18

COMPLIANCE BY DESIGN FOR PHARMACEUTICAL QUALITY CONTROL LABORATORIES INSIGHT FROM FDA WARNING LETTERS

Data Integrity (fixing) aka the DI Remediation Three-Step

New Data Integrity Regulations and Practical Advice for Life Science Laboratories. we prove it.

Data Reliability - Internet

Subpart B Organization and Personnel, 21 CFR Responsibilities of the quality control unit.

Library Guide: Active Pharmaceutical

Data Integrity. Requirements for a GMP-compliant Data Life Cycle SPEAKERS: May 2017, Budapest, Hungary LEARNING OBJECTIVES:

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev19Dec14

CERTIFIED MAIL RETURN RECEIPT REQUESTED

The Role of the LMS in 21 CFR Part 11 Compliance

Summary of Significant Changes. Policy

Beamex CMX Calibration Software and GAMP - Good Automated Manufacturing Practices

GAMP5 Validation for Dynamics 365

Implement Effective Computer System Validation. Noelia Ortiz, MME, CSSGB, CQA

LABORATORY COMPLIANCE

Data integrity is currently the hottest topic in regulated

EU and FDA GMP Regulations: Overview and Comparison

Current Trends in Data Quality and Integrity Issues in Inspections and Risk Based Approach to Investigations; EU perspective

Data Integrity Why is it important? DADM Conference - 22 August 2017

Survival Kit for Regulatory Inspections

Strategies for Risk Based Validation of Laboratory Systems

Serving Patients is a Privilege


Data Integrity in Pharma QC Labs

DATA INTEGRITY INSPECTION PERSPECTIVES

GxP Auditing, Remediation, and Staff Augmentation

please fill out here:

Data Integrity Issues in Today s Complex and Global Manufacturing Supply Chain: Regulatory Perspective

While the recognition

EU Annex 11 update. An ISPE interpretation

FOREIGN DRUG INSPECTION/AUDITS FROM THE FDA PERSPECTIVE

Understanding GxP Regulations for Healthcare

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union

GxP Compliance for Computerized Systems

LEGAL REQUIREMENTS and DATA INTEGRITY...

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

CRITICAL ASPECT ANALYTICAL TEST REVIEW

2 Days Workshop on Current issues in assuring data integrity in life sciences

Data Integrity Through the Life Cycle Balancing Quality and Innovation. Sion Wyn Conformity +44 (0)

Fibonacci Sequences Improve GAMP 5 Risk Assessment for GLP Computerized Systems

Risk Assessment is a vital component in

Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry

Atlant s atwatch CAPA TM. Corrective and Preventive Action System (CAPA) Product & Services Bundle for

Software Quality Regulatory Trends

for Data Integrity Requirements for a GMP-compliant Data Life Cycle With an optional full-day pre-course session Audit Trail Review SPEAKERS:

PET Drug Inspections and Compliance Update

Addressing the Paradigm Shift in Regulatory Inspections

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev05MAR15

Pharmaceutical cgmps for the 21st Century February 2004

Inspection of Quality Control Laboratories

Audit Trail Review / Data Integrity

Demystify Governance, Risk & Compliance For Lifesciences

VALIDATION READY IT PROJECTS OF BEAS INDUSTRY SOLUTIONS BASED ON SAP BUSINESS ONE

EU GMP - Annex 11 Computerised systems Versione corrente Nuova versione per commenti (emessa 8 aprile 2008)

Prequalification Team WHO PUBLIC INSPECTION REPORT (WHOPIR) Active Pharmaceutical Ingredient (API) Manufacturer

GxP Auditing, Remediation, and Staff Augmentation

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev11AUG16

GxP Auditing, Remediation, and Quality System Resourcing

European Union (EU) Regulatory Trends in GMP. Clive Brading Tianjin, China September 23, 2009

WHO SAYS COMPLIANCE NEEDS TO BE COMPLICATED?

Developing a Robust Quality System to Assure Data Integrity

Documenta tion and Records

Validation, Verification and Transfer of Analytical Methods (Understanding and implementing guidelines from FDA/EMA, USP and ICH)

Transcription:

Contact: Charles Lu Director, Quality Carlsbad Tech Phone: (760) 431-8284 Fax: (203) 555-0101 5928 Farnsworth Ct Carlsbad, CA, 92008 www.carlsbadtech.com Global Compliance Trends and Warning Letters Governance over the Pharmaceutical industries computerized systems have existed in one rendition or another since 1997. The US Food and Drug Administration first issued 21 Code of Federal Regulations (CFR) Part 11 s Electronic Records; Electronic Signature Final Rule on August 20 th, 1997. Since then, regulatory compliance bodies have given industry every opportunity to ensure that their computerized systems and the electronic records and electronic signatures that is generated comply. Regulations and Guidance s for life sciences industry: US FDA computer validation references 21 CFR Part 211.68 (b) cgmp for Finished Pharmaceuticals 21 CFR Part 820.70 (i) Medical Device (Quality System Regulations) 21 CFR Part 11.10 (a) General Principals of Software Validation Computerized Systems used in Clinical investigations (general) International Conference of Harmonization (ICH) Q7A, Chapter V, Section D (general) European Union (EU) references EU Annex 11: Computerised Systems (general) Industry trade groups International Society of Professional Engineer s (ISPE) Good Automated Manufacturing Practices (GAMP) 4 & 5 Good Manufacturing Practices Pharmaceutical Inspection Co-operation Scheme (PIC/S) Good Practices for Computerised Systems in Regulated GXP Environments China Food and Drug Administration Good Manufacturing Practice for Pharmaceutical Products (2010 Revised Edition) With every commercial off the shelf (COTS) software purchase today claiming to be 21 CFR Part 11 compliant, why is it that in 2016, the regulatory bodies, FDA and European Medicine Agency continue to issue citations on this topic? *Hebei Yuxing Bio-Engineering Co. LTD, China Prior to conducting official analyses, your quality control laboratory performed experimental analyses on product batches to assess whether your API

met specifications, but failed to document these experimental tests in official laboratory records to justify their exclusions. Our review of the audit trails of chromatographic systems documented that your laboratory analysts deleted raw chromatographic data on multiple occasions. *Pan Drugs Limited, India the computer in your quality unit area did not have controls to restrict access and prevent unauthorized changes to data files and folders. All employees had access to your Annual Product Review (APR) spreadsheet. The desktop computer containing the APR was not locked. Your quality system does not adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs you manufacture. *Zhejiang Hisoar Pharmaceutical Co. LTD, China we observed that your laboratory systems lacked access controls to prevent deletions or alterations to raw data. For example, our investigator reviewed the electronic folder containing data files generated when your firm tested batches of API for residual solvents by gas chromatography (GC). The investigator compared the file names in the folder with the metadata generated by the Chemstation software you used to operate your GC system, and found that two chromatograms had been deleted from the system. Because there were no controls restricting operators or supervisors abilities to alter or manipulate the data. *Chongqing Lummy Pharmaceutical Co. LTD, China FDA s investigator discovered a lack of basic laboratory controls to prevent changes to and deletion from your firm s electronically-stored data. Your firm relied on incomplete and falsified records to evaluate the quality of your drugs and to determine whether your drugs conformed with established specifications and standards. *Minsheng Group Shaoxing Pharmaceutical Co. LTD, China There was no procedure in place for audit trail and there was no effective audit trail in place to determine any change or deletion of the chromatographic raw data. The audit trail function including the administrator profiles was enabled for all the QC staff. *Hubei HongYuan Pharmaceutical Co., LTD., China 10 deficiencies were categorized as major and were related to: QA, Documentation, Supplier Qualification, Data Integrity, Out-of-Specification handling, Quality Control, Computerised System validation, Change Control. *FARMA MEDITERRANIA, S.L., Spain Use in quality control a non-qualified chromatographic equipment, with operating faults and with an unvalidated computerized management system. As a result, the integrity, reliability, up-to-dateness, originality and authenticity of the data that are obtained cannot be guaranteed. *Chengdu Okay Pharmaceutical Co. Ltd., China Also the data integrity was not guaranteed. There was found in HPLC system that the method was changed, without any savings of previous method. There were no logins and passwords to the HPLC system and no procedure for granting permission to access to the HPLC system. There was no register of persons authorized to access the HPLC system. On the same computer station there were two different HPLC software. *Zhejiang Hisun Pharmaceutical Co., Ltd. Failure to prevent unauthorized access or changes to data, and to provide adequate controls to prevent manipulation and omission of data. FDA investigators discovered a lack of basic laboratory controls to prevent changes to your firms electronically stored

data and paper records Because the audit trail was disabled, neither your quality unit nor your laboratory staff could demonstrate that records for these batches included complete and unaltered data. All supporting raw data was discarded Test results were deleted from the hard drive and all supporting chromatograms were discarded. *Apotex Research Private Limited Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68 (b)). *Ipca Laboratories Limited Failure to have computerized systems with sufficient controls to prevent unauthorized access or changes to data. *Sri Krishna Pharmaceuticals Ltd. Your firm to exercise appropriate controls over computer or related systems to assure that only authorized institute changes in master production and control records, or other records (21 CFR 211.68 (b)). Your quality control analysts used administrator privileges to change the controls for the time and date settings and manipulate file names to overwrite injections and delete original HPLC test data. Analysts also routinely turned HPLC audit trails on and off. Analysts routinely logged in as Admin without a password. With the above being recent citations on computerized systems and associated data integrity issues, it has become apparently clear that the world s regulatory bodies are ready to audit and with intense scrutiny on this topic. Perhaps the life science industry has been lulled into a false sense of comfort regarding computerized systems, their associated electronic records and electronic signatures. There has been limited activity on the topic since 2011. August 20, 1997 was when the FDA issued the final rule on 21 CFR Part 11, Electronic Records; Electronic Signatures, at that time, this regulation was interpreted by regulatory bodies and industry as unnecessarily restrictive. Implementing the regulation significantly increase the costs associated with compliance, with industry expressing concerns that it discourage innovation and technological advances without providing a significant public health benefit. How beneficial is it to validate a software application by documenting all of the navigation steps, drop down menu, radial buttons to perform a task? On February 22, 2003, the FDA revised Part 11 to correct the above issues. The 2003 revision, allowed industry to determine the predicate rule requirements for computerized systems, allowing for a narrowing of scope where the regulation identified which electronic records require Part 11 compliance and each organization to determine their necessary level of controls. This revision brought forth a lull in compliance activities, industry utilizing a risk base approach claimed everything was a hybrid system and that the computerized system was merely a tool to the creation of paper, and that the paper copy was where the regulated activity takes place, as such, Part 11 does not apply. Rampant confusion reigned as Information Technology and Quality Assurance professionals alike, interpreted the level of risk of their Good Manufacturing Practice (GMP) applicable computerized systems. For every computerized system, controls were implemented, such as Active Directory for single sign on, validation protocols and test scripts generated and executed to capture the systems functionality. But it wasn t until February 2008, when the Good Automated Manufacturing Practices

(GAMP)-5 was released that there was more clarity and direction for implementation of true risk base approach, including risk assessments for computerized systems and associated data. During an ISPE interactive between industry and FDA in June of 2010, the FDA announce that auditors are training to audit industry for Part 11 compliance, so be prepared. This news was received with a sense of anticipation as most in the industry have been implement systems to be Part 11 compliant since 1997, with most software applications claiming to be 21 CFR Part 11 compliant. Needless to say, industry was anxious, hoping that their controls for computerized systems are adequate. Then in November 2010, the FDA came out and stated that the auditors were not ready. On June 2011, the European Union (EU) issued a revision to Annex11: Computerized Systems guidance document. This revision touched upon the fact that IT infrastructure should be qualified, and that whether utilizing a computerized system or manual operation, that there should be no resultant decrease in product quality, process control or quality assurance. This guidance document from the EU also touched upon risk management, something that was a topic addressed separately by the FDA by itself. Though computerized systems and data integrity violations have made its way periodically onto regulatory body citations, it has never been as frequent as current. Computerized systems and their associated data generated whether it is on paper or electronic is a prerequisite for the life science industry as decisions and assumptions on product quality and compliance with applicable regulatory requirements are made. Any breeches of these systems, may have negative safety, efficacy, and quality impacts on product and ultimately patient. As industries violations are becoming more and more prevalent, a global effort to better define regulatory bodies expectations on computerized system controls, and data integrity of associated electronic records and electronic signatures have been issued. Europe s Medicines and Healthcare Products Regulatory Agency (MHRA) released MHRA GMP Data Integrity Definitions and Guidance for Industry on March 2015, and the US FDA issued a draft Data Integrity and Compliance with cgmp Guidance for Industry on April 2016. Whereas prior guidance documents such as 21 CFR Part 11 was vague, these two guidance documents provided much more clarity of global regulatory minimum expectations, going as far as citing which predicate rule sections the guidance originates from and examples for industry to follow. On a global level, international regulatory agencies are collaborating with each other at an unprecedented pace, where EU and FDAs data integrity concerns have resulted in Health Canada to quarantine drugs from the likes of Zhejiang Hisun almost 3 months prior to FDA s official action. Health Canada states rationale for its action was as a interim precautionary measure taken in light of recent findings from a trusted regulatory partner that raised concerns about the reliability of the laboratory data generated at this site. The FDA has since placed Hisun Pharma on its import alert list. This decision from regulatory bodies is not taken lightly as Hisun imports 80 percent of its API products to 30 nations and regions. Hisun is a value member of the global pharmaceutical supply chain. Other regulatory bodies have follow suit, the Brazilian Health Surveillance Agency (ANVISA) announced that it will suspend import of all Active Pharmaceutical Ingredients from India s Parabolic Drugs as a result of a failed EU GMP inspection in 2015. Validation of computerized systems and their associated controls are no longer a nice to have. Stating that your systems are hybrid systems, per industry trend seems to no longer be an effective argument to the regulatory auditors. Compliance to the regulatory references is imperative to a pharmaceutical organization s livelihood, not just on a local level but a global level.

*All FDA 483 citations were taken from the FDA s Warning Letter website http://www.fda.gov/iceci/enforcementactions/warningletters/default.htm About Carlsbad Tech Carlsbad Tech is a pioneer in global health. Based in San Diego, California, we bring innovative healthcare products to your family. Bridging Asia and the Americas, we provide our partners with vision and expertise as a manufacturer, distributor, and advisor. Contact Information Charles Lu Director, Quality Additional information is available at www.carlsbadtech.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback