GDP Archives - European Industrial Pharmacists Group (EIPG)

Patient involvement in the development, regulation and safe use of medicines


by Giuliana Miglierini The Council for International Organizations of Medical Sciences (CIOMS) has published the CIOMS report on “Patient involvement in the development, regulation and safe use of medicines”. The report marks an important step forward towards a harmonised approach to Read more

Webinar: Implementation of Contamination Control Strategy Using the ECA template


The next EIPG webinar will be held in conjunction with PIER and University College Cork on Friday 21st of October 2022 (16.00 CEST), on the implementation of Contamination Control Strategy (CCS) using the ECA* template. This is the second Read more

Real-world evidence for regulatory decision-making


by Giuliana Miglierini Digitalisation is rapidly advancing also in the regulatory field, as a tool to improve the efficiency and accuracy of processes used for the generation and use of data to inform the regulatory decision-making. To this instance, real-world Read more

Current inspection trends and new approaches to the monitoring of post-inspection activities

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

by Giuliana Miglierini

The European Federation of Pharmaceutical Industries and Associations (EFPIA) has published its Annual Regulatory GMP/GDP Inspection Survey 2021, highlighting the more recent trends in inspections and how the pandemic affected this critical verification process of pharmaceutical productions. Meanwhile, UK’s regulatory authority MHRA launched the Compliance Monitor Process pilot, aimed to use eligible consultants as Compliance Monitors to supervise companies in the delivery of actions identified in the Compliance Protocol agreed with the regulatory authority.

Main trends in inspections

The main effect of the lockdowns has been the implementation of new ways to run inspections. The recommendation resulting from EFPIA’s report is now for virtual tools combined with onsite presence; to this instance, data gathered in 2021 show that the two modalities of inspection have a similar duration (2.9 days for on-site inspections vs 2.8 days for virtual ones). The report also indicates there is still a backlog of inspections due in 2020, the critical period of the pandemic; suggestions to manage expiring GMP/GDP/ISO-certificates include a one-year prolongation of current certificates, a dedicated communication process between the industry and regulators in the case of issues with the registration in third countries, and a planning of inspections based on the quality history of the site.

Domestic inspections confirming the trend observed since 2016, are almost double of the number of foreign inspections. These last ones focused in 2021 on only 23 countries, compared to the 44 countries visited by inspectors in 2017. EU’s countries were the most visited ones, with some 350 inspections reported vs the 150 of US, confirming the importance of European pharmaceutical manufacturing. According to the report, 2021 saw an increased attention to GDP inspections, while the percentage of sites with no inspections remains stable for six years.

A new mix of inspection tools

The use of new tools, additional to physical on-site presence, has now become a routine possibility accepted by many regulatory authorities. Many different approaches have been tested during the pandemic, including different inspections tools. Different combinations of tools cannot be considered to be equivalent, according to EFPIA. In general, a mixture of physical presence, document review and virtual presence flanked by the sharing of experience, collaboration and reliance is deemed suitable to confirm compliance and capability while supporting a risk-based efficiency.

Data show that the number of virtual inspections was higher in 2020 compared to 2021; the last year saw an increase of on-site presence vs 2020 and a mixture of virtual and on-site inspections. According to the report, only seven European countries have experience with the implementation of virtual inspection tools (Germany, Denmark, Finland, Ireland, Italy, Poland and Sweden). As a consequence, the impact of mixed virtual and on-site domestic inspections in 2021 was lower in EU member states that, for example, in the US, Brazil, Russia and Singapore.

There is still space for improvement

EFPIA’s survey presents the respective advantages and disadvantages of on-site inspections vs virtual tools. The implementation of the new modalities is far from being accomplished, the process is still on the learning curve, says the document.

While the remote, virtual interaction allows for a greater flexibility of the inspection process, it may result stressful for some people; furthermore, it impacts on the way work is organised, as it needs a flexible schedule and time to prepare for the next day meetings. Also, the style of communication changes to become less natural and more focused. Overall, virtual inspections appear to be more efficient when performed in real-time, as it would be for on-site inspections. While being less costly, due to avoiding extensive travelling, virtual inspections require a careful preparation, including the availability of a suitable IT infrastructure and connectivity. Documents are also often required in advance of the meetings to be shared with regulators.

How to further improve inspections

According to EFPIA, the future of inspections calls for improved collaboration and reliance in order to increase the knowledge shared by the different inspectorates and overcome the limits intrinsic to self-dependency. The expected final outcome of the new approach to inspections is an improvement in the decision-making process. Inspection frequency may be set every 1 to 5 years on the basis of a risk-based evaluation.

Collaboration, reliance and delegation appear to be the new mantras to guide the actions of regulators: the focus suggested by EFPIA is on inspections run by domestic authorities, coupled to the implementation of Mutual Recognition Agreements (MRA) to avoid duplication of efforts. According to the report, it would be needed to harmonise the scope of existing MRAs and to establish new ones between the EU and PIC/S participating authorities (e.g. Argentina, Brazil, South Korea, Turkey and UK). The European legislation should be also updated to include the concept of listed third countries, as already in place for the importation of active substances under the provisions of the Falsified Medicines directive.

The report also suggests a qualitative tool that would fulfil the legal requirements for “inspections” and may prove useful to support inspection planning on the basis of the knowledge of the GMP compliance history of the site, the footprint history of critical and major deficiencies and the type of inspection to be run. These elements lead to the identification of the hazards to be considered, including the intrinsic risk and the compliance-related one. The final output of the tool takes the form of a risk-ranking quality metric, to be used to establish the frequency of inspection for a certain site and the number and level of expertise of the required inspectors, as well as the scope, depth and duration of routine inspections.

All these items may form the basis for the drafting of a GMP inspection “Reliance Assessment Report”, which would also include the statement about the name of the hosting national competent authority and the basis on which country reliance has been established. Such a document may be then used to support regulatory decisions. According to EFPIA, the suggested approach would benefit of a better knowledge of the site inspected by the local NCA, a better insight in the local culture and less barriers to the interaction, with optimisation of resources. A better transparency of the inspection process is also expected, as a non-compliant site may negatively impact on the reputation of local inspectorates. Identified pre-requisites to allow the implementation of such an approach are the availability of high-quality standards at the local level and the evaluation of national regulatory systems by and independent body (e.g. PIC/S or the WHO Global Benchmarking Tool).

UK’s pilot of a Compliance Monitor Process

A new approach that may represent a first example towards the new paradigm of collaboration and reliance has been undertaken in the UK, where the Medicines and Healthcare products Regulatory Agency (MHRA) launched in April 2022 a pilot project focused on the Compliance Monitor (CM) Process (see more here and here). The pilot is part of MHRA’s delivery plan 2021-2023 and will focus on the CM supervision process for appropriate GMP and GDP Inspection Action Group (IAG) cases.

According to the MHRA, the new process would allow companies to concentrate on the delivery of the required improvements without the need to use resources to manage MHRA supervision inspections to assess compliance remediation activities. On the regulatory side, the MHRA should be able to concentrate on the delivery of the routine risk-based inspection programme. The risk-based approach to supervision and monitoring is also expected to limit the number of potential shortages of supply.

The CM process is based on the figure of eligible consultants acting as Compliance Monitors (CM) in charge of working with the company to deliver the remediation actions identified in a Compliance Protocol (CP) agreed with the MHRA. The supervision by the CMs is expected to contribute to lower the need of on-site inspections with respect to the current process managed by the IAG. The CP also includes the transmission to MHRA of high-level updates at fixed intervals of time, which should include only exceptions to the agreed timelines or significant related compliance issues which were identified. Once completed the CP protocol, the CM informs the regulatory authority that the company is ready for inspection, so that the MHRA can verify onsite the possibility of its removal from IAG oversight.

CMs will be selected by the involved company from a dedicated register and accepted as suitable for that case by the MHRA. At least five years’ experience in independent audits of GMP/ GDP companies is needed to be eligible as CM. Furthermore, not having been personally the subject of MHRA regulatory action and/or significant adverse findings in the previous three years,  a suitable CV and the completion of a MHRA training as CM. All details on requirements for the CM role and application are available at the dedicated page of the MHRA website.

Suitability criteria to act as a CM for the specific case include as a minimum a sufficient experience of the dosage form manufactured, testing activities being performed, or distribution activity being carried out and a written confirmation of absence of Conflict of Interest. These criteria will be assessed by the company selecting the CM.

BIA’s view of the reliance in the UK medicines regulatory framework

The UK’s BioIndustry Association (BIA) contributed to the debate on the reliance in the UK medicines regulatory framework with a Reflection Paper. According to BIA, the MHRA has a well recognised status and history as a valued contributor to the global regulatory ecosystem and a point of reference for the regulatory decision-making which should be preserved also in the future.

BIA recalls the role played by the MHRA in the development of the concept of regulatory reliance at the EU level, as a way to support the agile management of resources and simultaneously focusing on core and innovative national activities across all stages in the product lifecycle. The central concept sees regulators from one country to rely on the decision and assessments of trusted authorities from another country in order to speed up the timeline of regulatory procedures. At the end of the process, each regulator remains fully responsible and accountable for all its decisions.

BIA also highlights the contribution of reliance to the advancement of good regulatory practices and international networks of regulators, so to better allocate resources potentially taking into account also the respective fields of specialisation. The proposal is for a list of accepted reference regulatory authorities as a way to recognise the evolution of partnerships over time. Examples of recognition pathways already active in the UK are the EC Decision Reliance Procedure (ECDRP) and international work-sharing through the Access Consortium and Project Orbis, through which the MHRA may act as the reference regulatory agency in many procedures.

BIA also warns about the risks of a sudden interruption at the end of 2022 of the reliance pathway, that would have a highly disruptive impact on companies and patients.



The new PIC/S guideline on data integrity

, , , , , , , , , , , , , , ,

by Giuliana Miglierini

The long waited new PIC/S guideline PI 041-1 has been finally released on July 1st; the document defines the “Good Practices for Data Management and Data Integrity in regulated GMP/GDP Environments”, and it represents the final evolution of the debate, after the 2nd draft published in August 2016 and the 3rd one of November 2018.
While maintaining the previous structure, comprehensive of 14 chapters for a total of 63 pages, some modifications occurred in the subchapters. The Pharmaceutical Inspection Co-operation Scheme (PIC/S) groups inspectors from more than 50 countries. PIC/S guidelines are specifically aimed to support the inspectors’ work, providing a harmonised approach to GMP/GDP inspections to manufacturing sites for APIs and medicinal products.

Data integrity is a fundamental aspect of inspections
The effectiveness of these inspection processes is determined by the reliability of the evidence provided to the inspector and ultimately the integrity of the underlying data. It is critical to the inspection process that inspectors can determine and fully rely on the accuracy and completeness of evidence and records presented to them”, states the Guideline’s Introduction.
This is even more true after the transformation impressed by the pandemic, resulting in a strong acceleration towards digitalisation of all activities. The huge amount of data produced every day during all aspects of the manufacturing and distribution of pharmaceutical products needs robust data management practices to be in place in order to provide adequate data policy, documentation, quality and security. According to the Guideline, all practices used by a manufacturer “should ensure that data is attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, and available”. This means also that the same principles outlined by PIC/S may be used also to improve the quality of data used to prepare the registration dossier and to define control strategies and specifications for the API and drug product.
The guidance applies to on-site assessments, which are normally required for data verification and evidence of operational compliance with procedures. In the case of remote (desktop) inspections, as occurred for example during the pandemic period, its impact will be limited to an assessment of data governance systems. PIC/S also highlights that the guideline “is not intended to provide specific guidance for ‘for-cause’ inspections following detection of significant data integrity vulnerabilities where forensic expertise may be required”.

The impact on the entire PQS
PIC/S defines data Integrity as “the degree to which data are complete, consistent, accurate, trustworthy, and reliable and that these characteristics of the data are maintained throughout the data life cycle”.
This means that the principles expressed by the guideline should be considered with respect to the entire Pharmaceutical Quality System (and to the Quality System according to GDPs), both for electronic, paper-based and hybrid systems for data production, and fall under the full responsibility of the manufacturer or the distributor undergoing the inspection.
The new guidance will represent the baseline for inspectors to plan risk-based inspections relative to good data management practices and risk-based control strategies for data, and will help the industry to prepare to meet the expected quality for data integrity, providing guidance on the interpretation of existing GMP/GDP requirements relating to current industry data management practices without imposition of additional regulatory burden. PIC/S highlights that the new guidance is not mandatory or enforceable under the law, thus each manufacturer or distributor is free to voluntarily choose to follow its indications.

Principles for data governance
The establishment of a data governance system, even if not mandatory, according to PIC/S would support the company to coherently define its data integrity risk management activities. All passages typical of the data lifecycle should be considered, including generation, processing, reporting, checking, decision-making, storage and elimination of data at the end of the retention period.
“Data relating to a product or process may cross various boundaries within the lifecycle. This may include data transfer between paper-based and computerised systems, or between different organisational boundaries; both internal (e.g. between production, QC and QA) and external (e.g. between service providers or contract givers and acceptors)”, warns PIC/S.
Chapter 7 specifically discusses the Good document management practices (GdocPs) expected to be applied, that can be summarised by the acronyms ALCOA (Attributable, Legible, Contemporaneous, Original, Accurate) and ALCOA+ (the previous plus Complete, Consistent, Enduring and Available).
Data governance systems should take into consideration data ownership and the design, operation and monitoring of processes and systems. Controls should include both operational (e.g. procedures, training, routine, periodic surveillance, etc) and technical features (e,g, computerised system validation, qualification and control, automation or other technologies to provide control of data). The entire organisation should commit to the adoption of the new data culture, under a top-down approach starting from the Senior management and with evidence provided of communication of expectations to personnel at all levels. Sections 6 of the guideline provides some examples in this direction. The ICH Q9 principles on quality risk management should be used to guide the implementation of data governance systems and risk minimisation activities, under the responsibility of the Senior management. Efforts in this direction should always be commensurate with the risk to product quality, and balanced with other quality resource demands. In particular, the risk evaluation should consider the criticality of data and their associated risk; the guideline provides an outline of how to approach the evaluation of both these factors (paragraphs 5.4 and 5.5). Indication is also provided on how to assess the effectiveness of data integrity control measures (par. 5.6) during internal audit or other periodic review processes.
Chapter 8 addresses the specific issues to be considered with respect to data integrity for paperbased systems, while those related to computerised systems are discussed in Chapter 9. As many activities typical of the pharmaceutical lifecycle are normally outsourced to contract development & manufacturing organisations (i.e. API manufacturing, formulation, analytical controls, distribution, etc.), PIC/S also considered in the guideline the aspects impacting on the data integrity of the overall supply chain (Chapt. 10). “Initial and periodic re-qualification of supply chain partners and outsourced activities should include consideration of data integrity risks and appropriate control measures”, says the guideline.

The regulatory impact of data integrity
Recent years have seen the issuance of many deficiency letters due to problems with data integrity,. Approx. half (42, 49%) of the total 85 GMP warning letters issued by the FDA in 2018, for example, included a data integrity component.
The new PIC/S guideline provides a detailed cross-reference table linking requirements for data integrity to those referring to the other guidelines on GMPs/GDPs for medicinal products (Chapter 11). Guidance on the classification of deficiencies is also included in the document, in order to support consistency in reporting and classification of data integrity deficiencies. PIC/S notes that this part of the guidance “is not intended to affect the inspecting authority’s ability to act according to its internal policies or national regulatory frameworks”.
Deficiencies may refer to a significant risk for human or animal health, may be the result of fraud, misrepresentation or falsification of products or data, or of a bad practice, or may represent an opportunity for failure (without evidence of actual failure) due to absence of the required data control measures. They are classified according to their impact, as critical, major and other deficiencies.
Chapter 12 provides insight on how to plan for the remediation of data integrity failures, starting from the attention required to solve immediate issues and their associated risks. The guideline lists the elements to be included in the comprehensive investigation to be put in place by the manufacturer, as well as the corrective and preventive actions (CAPA) taken to address the data integrity vulnerabilities. A Glossary is also provided at the end of the guideline.