RISK-BASED QUALIFICATION OF SUPPLIERS, CONTRACT MANUFACTURERS AND CONTRACT LABS

   

GMP/GDP – On Demand Online Training

You can book the desired online training from our extensive database at any time. Click below for more information.

   

Stay informed with the GMP Newsletters from ECA

The ECA offers various free of charge GMP newsletters  for which you can subscribe to according to your needs.

GMP audits of suppliers, contract manufacturers and contract laboratories are a fundamental part of a Quality Management System to assure the quality of a drug product. But are more or less frequent on-site audits sufficient to fulfil the requirements of a comprehensive supplier qualification? And is there even a possibility of reducing this audit effort?

The EC GMP Guideline [5.26] expects drug products manufacturers to purchase starting materials only from approved manufacturers. Today, pharmaceutical manufacturers also have to make sure to only use APIs manufactured compliant with GMP (2004/27/EC, 46(f)). But the competence of contract manufacturers and contract laboratories also has to be assessed (EC GMP Guideline [7.3]). In this case, both the company as well as the Qualified Person (QP) are responsible. These days there is sort of an audit tourism in place, though, and suppliers and other service providers are audited very often. This means a huge effort for both the audited company and the customer.

In the course of implementing ICH Q9, the risk-based approach increasingly gained in importance. So far it was state of the art to define, specify, implement and document each process to the last detail. Now, a risk-based approach has been introduced, allowing to assess and control exactly these processes more efficiently. Decisions can be taken based on real risks. Suppliers are no longer audited in a stereotyped manner and according to a SOP for example every two years. Now, the complete process of supplier qualification can be organised more flexible and in line with a corresponding risk assessment. Unnecessary on-site audits can be avoided - with fewer audit days or less auditors. This reduces costs.

According to ICH Q9, a risk management process is characterised by a systematic - and defined - process. This process permits scientifically substantiated decisions based on a previously assessed risk. In the course of supplier qualification, the risk associated with the products and ultimately the patient should be the centre of concern.

Root Cause Analysis

Recommendation

Berlin, Germany4/5 December 2024

Root Cause Analysis

Now, what tools are available? The following two systematic methods of risk analysis are often mentioned in this context: FMEA (Failure Mode and Effects Analysis) and HACCP (Hazard Analysis and Critical Control Points). They can also be taken into consideration when qualifying a supplier. The ICH document lists a set of other possible indications for qualifying suppliers in a very specific way: "To define the frequency and scope of audits, both internal and external, taking into account factors such as:

  • Existing legal requirements;
  • Overall compliance status and history of the company or facility;
  • Robustness of a company's quality risk management activities;
  • Complexity of the site;
  • Complexity of the manufacturing process;
  • Complexity of the product and its therapeutic significance;
  • Number and significance of quality defects (e.g., recall);
  • Results of previous audits/inspections;
  • Major changes of building, equipment, processes, key personnel;
  • Experience with manufacturing of a product (e.g., frequency, volume, number of batches);
  • Test results of official control laboratories."

The FDA Quality Systems Guide also makes a statement on this topic: "The quality system approach also calls for periodic auditing of suppliers based on risk assessment".

To register and assess suppliers and to document their qualification a well structured documentation system is necessary. The documentation or recording of the monitoring results can be shown in a simple chart. Clarity and the quick capture of information need to be preserved, though. Also, staff from Purchasing, Quality Control, Production and Project Management should support Quality Assurance. It is also worth to consider the formation of a corresponding team or an IT-based platform where information is collected and used centrally.

Ideally, all data and facts collected are summarised in a single document. At this point at the latest, the Qualified Person (QP) should be involved in the process. All decision makers and the enforcing parties need to know the qualification results and the resulting measures.

HPLC Data Integrity - Live Online Training

Recommendation

22/23 January 2025

HPLC Data Integrity - Live Online Training

In this way, risk management can make processes and decisions more transparent. These are well documented and comprehensible and lead to distinct decisions. Possible risks are identified in time and the auditing effort is reduced (a longer time interval until the next audit, shorter audits and fewer auditors). This helps to reduce both direct and indirect costs and leads to a safer supply chain.

Author:
Wolfgang Schmitt
CONCEPT HEIDELBERG

Go back

To-Top
To-Bottom