ARTICLE

How IT should prepare for a cGMP inspection in Pharma

Introduction

Pharmaceutical firms undergo FDA inspections that regularly assess their compliance with cGMP, as well as with the 21 CFR Part 11 regulations of electronic data records and signatures. Passing any such review requires preparation to ensure that the correct processes are in place for meeting requirements for audit trail maintenance and data integrity. This checklist helps answer these questions and enables an understanding of key concepts behind the regulatory requirements listed in 21 CFR part 11.

Pharmaceutical firms undergo FDA inspections that regularly assess their compliance with cGMP, as well as with the 21 CFR Part 11 regulations of electronic data records and signatures. Passing any such review requires preparation to ensure that the correct processes are in place for meeting requirements for audit trail maintenance and data integrity.

The laboratory inspection may be limited to specific issues, or the inspection may encompass a comprehensive evaluation of the laboratory's compliance with current Good Manufacturing Practice (cGMP). As a minimum, each pharmaceutical quality control laboratory should receive a comprehensive GMP evaluation each two years as part of the statutory inspection obligation.

In general, these inspections may include:

  • Specific methodology which will be used to test a new product
  • Complete assessment of laboratory's conformance with GMP's
  • Specific aspect of laboratory operations

Inspection Preparation

Team members should meet, if possible, prior to the inspection to discuss the approach to the inspection, to define the roles of the team members, and to establish goals for completion of the assignment. Responsibilities for development of all reports should also be established prior to the inspection.


GMP Audit Checklist for computerized laboratory data acquisition systems

The regulation of computerized laboratory data acquisition systems is not new, and their compliance is addressed in the following cGMP guidance documents:

  • Compliance Policy Guide 7132a.07 Computerized Drug Processing: Input/output Checking
  • Compliance Policy Guide 7132a.08 Computerized Drug Processing: Identification of "Persons" on Batch Production and Control Records
  • Compliance Policy Guide 7132a.11 Computerized Drug Processing: CGMP Applicability to Hardware and Software
  • Compliance Policy Guide 7132a.12 Computerized Drug Processing: Vendor Responsibility
  • Compliance Policy Guide 7132a.15 Computerized Drug Processing: Source Code for Process Control Application Programs
  • Guide to Inspection of Computerized Systems in Drug Processing

For computerized systems it is important to define the universe of data that will be collected, the procedures to collect it, and the means to verify its accuracy. Equally important are the procedures to audit data and the programs and the processes for correcting errors. Several issues must be addressed when evaluating computerized laboratory systems. These include data collection, processing, data integrity, and security.

Checklist Computerized laboratory data

QuestionInstructionsYes/No/NA
1Each cGMP workflow on a computer system need to be validated. 
2Exercise appropriate controls to assure that changes to computerized systems and cGMP records or input of laboratory data into computerized records can be made only by authorized personnel. 
3The system administrator role, including any rights to alter files and settings, should be assigned to personnel independent from those responsible for the record content. 
4Do not share login credentials (a unique individual cannot be identified through the login and the system would not conform to the cGMP requirements). 
5Blank forms should be controlled (If used, blank forms e.g., electronic worksheets, laboratory notebooks) by the quality unit or by another document control method. 
6All production and control records, which includes audit trails, must be reviewed and approved by the quality unit. 
7Data entries may not be deleted. Changes must be made in the form of amendments. 
8Any database must be made as tamperproof as possible. 
9The Standard Operating Procedures must describe the procedures for ensuring the validity of the data. 
10Detailed Corrective and Preventive Actions (CAPA) should describe how you intend to ensure the reliability and completeness of all data generated by your firm including microbiological and analytical data, manufacturing records, and all data submitted to regulatory authority. 
11A quality unit procedure with clearly-defined responsibilities and procedures including approval and rejection authorities, second person verification. 
12Yearly cGMP training that covers good documentation practices and ALCOA (accurate, legible, contemporaneously recorded, original, attributable) principles. 
13Include a detailed description of the scope and root causes of your data integrity lapses if applicable. 


Data Integrity Remediation | cGMP Consultant Recommended

It is a well-known practice from U.S. Food & Drug Administration (FDA) to recommend a cGMP consultant to perform a comprehensive audit of the entire operation for cGMP compliance and that the consultant should evaluate the completion and efficacy of the corrective and preventive actions before pursuing a resolution of your firm’s compliance status with FDA.

Your quality system must ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of medicines. See FDA’s guidance document Data Integrity1 and Compliance with Drug CGMP for guidance on establishing and following cGMP compliant data integrity practices in your firm.

How exactly can a consulting partner help?

A partner can assist in the internal review of systems and processes and in finding and preparing the necessary documentation of current policies and procedures. More broadly, it can deliver the specialized expertise that comes from having performed many such internal audits in the past and from knowing both the IT and scientific dimensions of pharmaceutical compliance.

These differentiators eliminate potential points of failure (e.g., a disconnect between lab and IT teams), help systems remain compliant over time, and spare internal teams from having to reinvent the wheel just to pass their audits.

To learn more about attaining professional guidance and assistance for passing a regulatory audit, reach out to the PerkinElmer team.

The adequacy of any procedures is subject to the interpretation of the auditor. Therefore, PerkinElmer accept no liability for any subsequent regulatory observations or actions coming from the use of this audit checklist.

Sources:

  1. https://www.fda.gov/downloads/drugs/guidances/ucm495891.pdf