The role of Good Documentation Practices on Compliance Activities

The role of Good Documentation Practices on Compliance Activities.

An acceptable definition of Good Documentation Practices (GDP) would be the prescribed standards by which documentation is created and maintained in the pharmaceutical industry. The FDA has set some GDP standards, but these are not the only GDP standards. There are others that come under the current Good Manufacturing Practice (cGMP).

Apart from the obvious reason of ensuring smoothness of documentation and records; another very important reason for which pharmaceutical, bioscience and healthcare companies –including their vendor partners –are obliged to observe GDP is for the reason that they invite warnings or penalties from the FDA if any noncompliance is brought to light.

Why should companies implement GDP?

The World Health Organization (WHO) has set out the purposes for which companies need to implement GDP. These are:

• It helps define the specifications and procedures for all materials and methods of manufacture and control

• GDP has to ensure that all concerned personnel know what to do and when to do it

• GDP gives the qualified and authorized persons in the organization the information using which they can decide whether or not to release a batch of a drug for sale

• It offers documented evidence, traceability and an audit trail, which will go a long way in ensuring a smooth investigation when it is necessary.

• GDP makes sure that the data needed for validation, review and statistical analysis is available with the company.

Why is compliance with GDP important?

The rationale for which the WHO has mandated the use of GDP is self-explanatory. As we have seen, the FDA and other regulatory bodies have made compliance with GDP practices mandatory. The fact of its being mandatory is the strongest reason for compliance. The aim of making compliance with GDP mandatory is to ensure that quality and other important aspects of medical devices, such as standards, are strictly adhered to.

When there is compliance with set standards for documentation; there is all-round ease and convenience in reading and understanding important documents. In order to ensure this, the following requirements are necessary to ensure quality control and assurance:

• Standard Operating Procedures (SOPs)
• Specifications
• Protocols
• Policies
• Bills of Materials (BOMs)
• Batch Record Forms
• Work Instructions (WIs)
• Checklists
• Electronic and hardcopy Quality records (e.g. non-conformance, corrective and preventative
• Forms/Log sheets
• Test Methods
• Training Assessments


Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.

Most Common Problems of Software Validation Processes

Most Common Problems of Software Validation Processes.

Software validation processes have always been important; yet, they acquired a special sense of urgency and added importance following the announcement in August 2010 by the FDA in this regard, in which it stated that it “…will be conducting a series of inspections in an effort to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the August 2003 ‘Part 11, Electronic Records; Electronic Signatures – Scope and Application’ guidance (Guidance).” Why this added emphasis on action?

The FDA accentuated its action on software validation processes for two important reasons:

1) in the industry, there were diffuse and subjective interpretations about the understanding and application of Part 11

2) perceptions that this statute could have the effect of restricting the use of electronic signatures and discouraging innovation.

Following this action from the FDA; a series of problems that the software validation processes had, are coming to light of late.

So, which are the most common problems of software validation processes?

The following common problems are being observed in the industry:

• Information gone missing:

• Incomplete details in the requirements documents: This has been true especially in relation to data, key processes that go into the internal software, as well as the interactions of the software with the user

• Necessary detail not found

• Traceability: This was the most important problem found in Part 11. The traceability matrix either did not account for a traceable specification or an observation step in a test script, or was incomplete, or the trace was broken.

• Incomprehensible wording in the documentation

• Several GDP-related bungling

• Difficulty in identifying the impugned documents and records



Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.


Six Systems Approach to Pharmaceutical cGMP Regulations

Six Systems Approach to Pharmaceutical cGMP Regulations.

The FDA has enacted several pharmaceutical cGMP regulations. These are key concepts that are critical to quality systems. Some of the concepts by which the FDA and other regulatory bodies ensure cGMP regulations are Quality, Quality by Design (QbD) and product development, Quality Risk Management, Corrective and Preventive Action (CAPA), Change Control, and the Six Systems Approach.

Of these, the six-system inspection approach is a systems-based approach to cGMP and is aimed at ensuring a robust quality system model for pharmaceutical products.

It consists of the following:

Quality System

• Facilities System
• Equipment System
• Materials System
• Production System
• Packaging & Labeling System

Quality system is the fulcrum

It needs to be borne in mind that the whole system centers round the organization’s quality system. The quality system is the pivot around which the systems approach revolves. It is the core and the very foundation for the manufacturing systems that are linked and function within it. 

The FDA does not consider the quality system as different or separate from the five elements. In this sense, it the quality system model may be considered the root from which the five elements branch out.

In other words, the five manufacturing systems integrate themselves them into the respective and appropriate sections of the model. The order of interplay and interdependence may vary slightly from one organization to another, but to those in the knowhow of the six-system inspection approach; the rationale by which the inter-relationship plays out is quite readily apparent.

State of control –the crux of the matter

The entire purpose of having a systems approach in which the systems are independent, yet integrate into each other seamlessly is that having a systems-based inspection compliance program ensures that the organization is equipped with the ability to assess whether each of the systems is in a state of control.


Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.

Supplier and Internal Auditing

Supplier and Internal Auditing.

The criticality of auditing to the field of medical devices can never be understated, because medical devices play a direct role in human safety. Supplier and internal auditing are separate, but related aspects of the supply chain and quality aspects of medical devices. It is a common practice in the industry to have medical devices from other companies, or what are called suppliers, by agreeing to the required specification and other terms. It is also common to use already manufactured devices from other companies. Sometimes, pharmaceutical and life sciences industries use their own devices. In all these scenarios, auditing is the key, because whichever of these pathways an organization may choose; it is bound by the same rules of compliance as set out by the regulatory authorities.

Need to keep up to prescribed standards

In order to meet regulatory requirements; medical device and related businesses need to keep a few important parameters in mind in order to ensure that supplier and internal auditing are up to prescribed standards.

The following are the important factors for carrying out internal auditing:

• To assess the current and potential risks in any process being undertaken by the organization;

• To bring about improvement in the business processes and practices;

• To help meet regulatory demands;

• To help them understand the changes in the marketplace and other external factors that affect the business.

Benefits of a supplier auditing program

Somewhat allied to this is the supplier auditing program. This is a means for ensuring that devices from external vendors or suppliers meet set standards and specifications.

These may be considered the important benefits of a good supplier audit program:

• It helps to implement an overall quality system in the organization

• It helps establish documentation and business record control

• Helps in the control of the company or its business operations

• Paves the way for business management review

• Helps identify non-conforming product control

• Calibration control and contract review can be achieved.



Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.

Verification and Validation of HACCP

Verification and Validation of HACCP.

Hazard Analysis Critical Control Point (HACCP) is a mechanism meant for ensuring food safety. It is a comprehensive set of guidelines that straddles across the food supply chain, right from harvest till the time it is consumed.Being such a systematic and total approach; HACCP attaches utmost importance to prevention of problems arising at any point in the food chain. The established method by which HACCP seeks to accomplish this is what is called verification and validation.

Let us get to a verbatim understanding of what these mean in HACCP lingo. Based on the definition of the word “verify” as meaning a way of establishing the truth or accuracy of something; HACCP defines “verification” in this context as “…those activities other than monitoring, that determine the monitoring, that determine the  validity of and compliance with the HACCP Plan”.

Logically following on this, since to validate is to corroborate or substantiate or confirm something, HACCP seeks to establish the validity of the HACCP plan by requiring participants to provide actual, factual proof of compliance to HACCP guidelines.

Armed with a strong set of actions, HACCP seeks to strengthen the food supply chain with its set of safeguards.

Purposes of verification and validation

The HACCP has clear-cut expectations in mind about the purposes of these twin mechanisms. The purpose of verification is defined in the following:

Components of the food chain need to determine if HACCP Plan is working. They need to check periodically if hazards are being reduced by the HACCP Plan. They also need to ensure that operations are in compliance with the HACCP Plan, and make sure HACCP is being implemented properly.

On the validation aspect, HACCP seeks to ensure that all the scientific and technical information is collected and evaluated to make sure that the HACCP Plan is working effectively, and when done so, is effective in controlling the hazards.

What needs to be evaluated?

HACCP attaches importance to what needs to be evaluated for Verification and Validation.  Primarily, lethality and stabilization factors, referred to as “cook and chill”, and processing room temperatures that may be above 50° F need to be evaluated.



Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.


Why is Computer System Validation Important in FDA Regulated Industries?

Asking why Computer System Validation (CSV) is important in FDA-regulated industries is like asking why an engine is important to a vehicle.

Before going on to get an understanding of this issue, let us understand that there is a difference between the ways in which the term “validation” is used in the general area of computers and that used in FDA-related circles. In the field of computer science, the term means the ability of software to meet its stated requirements. For the FDA, validation of a computer system incorporates all activities that go into a computer system and these should be documented and made available to the FDA. We could use the word “verification” to associate the same meaning and understanding of what “validation” means to the FDA.

All-encompassing term

The critical importance of computer system validation in FDA regulated industries can be learned from at least two perspectives:

1.    When a company is carrying out systematic CSV; it nips potential serious problems in the bud by preventing software problems from reaching production stages and environments. When a problem in a Life Science software application reaches the production environment, this can lead to serious adverse consequences. On the one side, there is the human element of getting the CSV validation wrong, which can result in serious product consequences, which can be disastrous to the patient’s health; on the other, businesses that get their CSV wrong can also face anything from lawsuits and heavy penalties to having to shut shop permanently. Long drawn out court cases can result in serious problems including bankruptcy.

2.    FDA’s regulations requiring companies to carry out systematic CSV have the effect of law, which means that companies that come under the ambit of the FDA are legally bound to follow the guidelines set out by FDA’s regulations. When companies fail during an FDA audit; it can invite inspectional observations (“483s”) and warning letters.

The most important element of CSV that companies need to bear in mind is that they need to get their validation right alright; they also need to get it right stage by stage. Some companies have tried the short cut method of overlooking or circumventing a step or two. While this may give them short term savings; their long term costs are far higher than these savings.



Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.

The ISO 13485:2003 Standard has quality management systems at its heart

The ISO 13485:2003 Standard has quality management systems at its heart.

The ISO 13485:2003 Standard relates to quality management systems in the field of Medical Devices. Its requirements ISO 13485:2003 specifically relate to organizations that are in the business of medical devices, no matter what its size or type. At its core, ISO 13485:2003 is all about quality management systems in medical devices.

This standard specifies requirements for a quality management system. Accordingly, it requires an organization to demonstrate the ability to produce medical devices and related services that have to consistently meet both –a) customer requirements and b) regulatory requirements –that are applicable to the file of medical devices and related services.

Harmonization at the core

It thus becomes clear that quality management systems, which are the means to ensuring these requirements, constitute the heart of ISO 13485:2003. This Standard’s essential objective is to foster and bring about harmonization among medical device regulatory requirements for meeting quality management systems. This Standard superseded the earlier version, the ISO 9001. It did away with some of the requirements of that Standard.

When a medical device company deals with medical devices it may not manufacture; it is its responsibility to ensure that processes applicable to the medical device(s) required by ISO 13485:2003, are accounted for in the organization’s quality management system.

In a nutshell, these are some of the requirements set out from Part 4 of ISO 13485:2003 onwards, the Part at which quality requirements begin:

4.1: Establish a quality system for medical devices;

4.2: Document your medical device quality system;

5.1: Support Quality;

5.2: Focus on customers;

5.3: Establish a Quality Policy;

5.4: Perform Quality Planning;

5.5: Control your Quality Management System;

5.6: Carry out management reviews;

6.1: Provide quality resources;

6.2: Provide Quality personnel;

6.3: Provide quality infrastructure;

6.4: Provide quality environment

8.2: Monitor and measure quality;

8.3: Control your nonconforming products;

8.5: Take required remedial actions


Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.

Satisfying compliance for 21 CFR Part 11 is very important when considering cloud hosting

21 cfr part11 Compliance

Ever since the sensational arrival of cloud computing on the IT industry horizon, it has made life different in more ways than could be imagined, to make an understatement. With organizations realizing the enormous advantage cloud computing offers; almost every conceivable type of document is being pushed to the cloud.

The advantages are obvious, but let us repeat them at the cost of sounding banal: on-demand availability of data, flexibility, scalability, pay-for-use, and the choice of usages.

For the life sciences

So, why should life sciences, medical devices and pharmaceutical companies leave out documents pertaining to regulatory mechanisms, such as 21 CFR Part 11 and related regulations like Annex 11, and the cGMP’s?

It certainly makes immense sense to have these documents on the cloud. Or does it? Let us look at it this way: having 21 CFR Part 11 and related regulations on the cloud is not going to cost the company anything more; on the other hand, there is no headache involved in having to maintain them on the company premises.

It’s compliance, sir!

So, when companies decide to indeed go on the cloud for 21 CFR Part 11 and related regulations, what should they bear in mind? First of foremost, compliance! This is the mantra that they need to drill into their very being. Nothing moves forward without compliance. Compliance comes first, and everything else follows. Naturally, companies ought to ensure that compliance is built into every step of the planning, delivery and maintenance of their hosted solution.

There has always been the apprehension on the part of Part 11-regulated companies that using third party providers for hosting applications and data is not the wisest of steps to take because these parties may not be able to meet security concerns, audit transparency requirements and privacy laws. Many Part 11-regulated companies also feel that external, third party providers do not have the mechanisms to document policies and procedures in the prescribed manner to satisfy compliance for 21 CFR part 11 hosting.

Companies need to take the following into consideration if they have to satisfy compliance for 21 CFR part 11 hosting:

o Do the providers implement a service level agreement?

o What do they do about handling change control?

o What is their level of knowledge of and expertise in handling installation qualification?

o What is their way of handling encryption?

o What is their approach to handling an inspection or audit?

o What do they do in the event of a disaster?

o Do they have a standard set of SOP’s that the company can see?


Click to access us_lshc_CloudComputing_121611.pdf

Meeting FDA Expectations on Supplier Audit Program

The FDA, being what it is; has enormous power over the working of a medical device’s supply chain. It can virtually intercept a medical device at almost any stage through its various mechanisms such as recalls, injunctions, seizures and others. In its enthusiasm to ensure higher quality for medical devices, it has sometimes gone overboard to the extent that it is now a highly mistaken and feared regulatory body.
Making Supplier Audit Program comprehensible
Taking note of this perception, the FDA has been working hard to appear softer. One of the regulatory changes it has made to enforce this thinking has been to clearly state the conditions for meeting its expectations on Supplier Audit Program. The logic for choosing to make changes into the Supplier Audit Program is simple –as we just saw; it does not want to be seen as being arbitrary in selecting and punishing companies during their supply trail. It has set out a number of regulations and directions aimed at making the Supplier Audit Program simple and understandable.
Ask these questions to meet expectations
As a result, if companies have to meet the FDA’s expectations on Supplier Audit Program, they will need to ask themselves and answer questions such as: how do we address the FDA’s stated desire to require “on-site” audit of all Pharma suppliers? What expectations does the FDA have for meaningful, results-driven actions that address and resolve any underlying compliance issues or product problems? How do we reevaluate our vendors and the methods used in selecting, evaluating, auditing, retaining or cutting adrift such regulatory “partners” if we have to meet the new regulatory climate and be competitive?


Supplier Audits

More Guidance Regarding Medical Device Development Tools from the FDA

In line with the aim of accelerating medical device development, the FDA has issued its as-yet latest guideline, entitled “Draft Guidance for Industry, Tool Developers, and Food and Drug Administrative Staff” (called just the “Draft Guidance”) on November 13, 2013.
This guideline is a voluntary process for the qualification of Medical Device Development Tools (MDDT) used in device development and evaluation programs in the Center for Devices and Radiological Health (CDRH). The aim of this qualification process is to foster “the development and timely evaluation of innovative medical devices”. The FDA seeks to do this by putting in place a relatively more competent and predictable way of garnering the necessary information needed to make regulatory assessments.
Targeting biomarkers
The Draft Guidance applies to therapeutic and diagnostic devices. It is specifically aimed at biomarker tools, which are considered critical to some personalized medicine diagnostics.
Applications and uses
The Draft Guidance lists the parameters that the CDRH looks for among qualified Biomarker Tests (BT’s) that it considers as being worthy of relying upon for device-related regulatory decision-making for the designated use. To quote some examples, these guidelines may be used to select patients for a device clinical trial. They could also serve as instructions to monitor treatment response. They could also relate to prediction or identification of safety problems related to treatment with a medical device. Or, they could be used to identify patients who are or are not candidates for certain forms of tests or therapies.
The FDA says it has four clear cut goals in setting out these guidelines:
o To enable quicker and more efficient development of devices
o To promote the development of new MDDT’s
o To help optimize the developments in the field of regulatory science into new MDDTs
o To engender faster and more effective communication to stakeholders the MDDT’s that are appropriate for use in development programs.