SELF INSPECTION - A CERTAIN KIND OF INSPECTION
In the EU Guide to GMP, Chapter 9 on Self Inspection it is said that "self inspections should be conducted in order to monitor the implementation and compliance with Good Manufacturing Practice principles and to propose necessary corrective measures". Basically this is pretty much similar to an external audit at a third party manufacturer or a supplier. But there are some special aspects to consider.
One special challenge for internal auditors is to be team member on the one hand but to question established practices and to identify gaps and weaknesses on the other hand. In this case, the (internal) auditor is an extension of the quality system whose purpose is to limit the risk to patient, while being part of the quality system in question.
The job of an internal auditor can be seen in three parts:
1. Auditor: to discover things that are non-compliant or have the possibility of becoming non-compliant.
2. Educator: a collaborator with those who are responsible for the manufacture and control of pharmaceutical products.
3. Consultant: provides advice and assistance in solving problems wherever possible. But this should be independent of the audit role, that is, do not consult and audit at the same time. But it might be needed after the audit when putting necessary actions in place.
Despite that it is very important that an internal auditor has a clear mission and purpose that aligns with management expectations. And he/she needs to be as independent as possible. Like an external consultant, an internal auditor is accountable to senior management for planning and executing the audit and reporting in a neutral and direct manner. The audit process needs to be consistent with a standardized reporting process to identify significant compliance gaps.
As with external audits, the frequency of internal audits can be based on a risk-based strategy.
What is in the focus of an internal audit? There should be a detailed review of the quality system. Some examples are:
Batch Certification and Release:
- Are master production and control records approved?
- Is there appropriate review of the completed batch documentation?
- Are there batch production and control records?
- Has the disposition status of previous steps been checked?
- Are deviations investigated and resolved?
- Is there a QA/QP release process for all final products?
Complaint files:
- Does QA review/ approve all complaint correspondence?
- Are complaints tracked and trended and are they cross referenced to any adverse event incidents?
Training Programs:
- Are they in place for specific job requirements?
- Is training in current GMPs performed on a regular basis?
- How are instructors/ trainers qualified?
- Is training matrix established and approved?
- Are training records maintained?
Document control:
- Check review, approval and distribution of documents
- Control revision history and record retention of production, control and distribution records
Recommendation
Berlin, Germany4/5 December 2024
Root Cause Analysis
Electronic Data, Records and Electronic Signatures
- Data Integrity
- Do all electronic systems comply with Annex 11?
- Paper trails
- Security
- Data Integrity
- Change-controls
- Archiving and Storage
Deviations/CAPAs
- None open against any batches for disposition
- Is there a backlog?
- Are true/ reasonable root causes identified and fixed?
Qualification and Validation
- Is manufacturing and analytical equipment qualified?
- Are the respective processes and methods validated?
- What about packaging and labelling procedures?
Change Control:
- Are processes in place for processes, analytical methods and specifications, equipment, computer systems and documentation?
- Check execution, review and approval
In addition to the Quality System there are also five other systems to focus on:
1. Facilities and Equipment System
2. Laboratory Systems
3. Packaging and Labelling System
4. Production System
5. Materials System
Other systems may be identified but these six make up the commonly referred to ones. These systems should all have written and approved procedures and documentation in place. The adherence to written procedures should be verified through observation, whenever possible. All areas of each system should be covered; however, the depth of coverage may vary depending upon inspectional findings and the degree of risk associated with the system when applied to the operation being audited.
Depending on the area, the focus could be for example on:
- Investigations: has the Root Cause been identified?
- What about other batches?
- Change-Control: is it being used properly?
- Rejects: is this a one-off problem or a systemic issue?
- Reprocessing / reworks: Frequency? Registration issue? Impact on validation?
- Stability failures: Three day field alert issued? Post expiry date failures- what are the implications?
- OOS, OOT and OOE results: What are the rules? Check compliance
- Alarms (GMP or non-GMP): Who does what?
- Hold Times: supported by stability data?
- General Housekeeping (you only get one chance to make a good first impression!)
- Are health hazard evaluations carried out?
- Returns: what happens with them?
- Documentation of everything!
Recommendation
22/23 January 2025
HPLC Data Integrity - Live Online Training
And who is performing internal audits? The central or corporate QA is accountable for performing audits or managing any external consultants in the audit program. Individual sites are accountable for hosting audits but also performing their own internal audits. The audit summaries should be reviewed at least quarterly by Senior Management. The role of the Quality Leaders is to ensure that corrective actions are addressed to prevent future occurrences. For this, specific items should be cited and a regular retrospective review of any impact must be performed.
If critical observations occur, immediate action is needed to correct them (timing based on deficiency). An implementation plan must be issued within 30 days or prior to next manufacture of the product. It must be ensured that the response is issued by due date.
Have you ever thought of issuing an internal compliance warning letter to the site management? This might be an option to trigger immediate response and action when audit findings show pattern of critical findings, a failure to implement a critical quality system policy or procedure or a regulatory agency commitment. Another reason could be frequent failures to respond to audit observations by stated due date or the responses are significantly inadequate to address non-compliance.
Author:
Richard M. Bonner
... is chairman of the ECA Foundation Advisory Board. Having 31 years of experience within the pharmaceutical industry, working in production, technical services and both Quality Control and Quality Assurance functions, he also runs his own consultancy.