What happens if the CSP does not allow audits

The trend in the pharmaceutical industry is also moving towards cloud computing. Financial but also organizational advantages speak for the cloud. At the same time, however, potential dangers and regulatory restrictions should also be taken into account. Nine experts from the pharmaceutical industry and regulatory authorities answer a comprehensive catalog of questions from the following GxP-relevant topics:

Basics of Cloud Computing Technology
Regulations and Expectations of Inspectors
Customer-Supplier-Relationship
Requirements for Cloud Service Providers (CSP)
Requirements for Supplier Evaluation and Supplier Audits
Requirements for Qualification / Validation
The following question is one of a series of questions that we will publish in further GMP News articles on this site in the coming weeks

If quality-related services are outsourced by the pharmaceutical company to third parties, the contractors must be assessed for their competence and suitability; this assessment must be available in writing. Such obligation also extends to service providers in the cloud area, where a summarized assessment might also have to be presented to the pharmaceutical inspector. Unfortunately, global cloud service providers (CSP) are often quite arrogant and do not accept audits, in particular, if the pharmaceutical company is small.

An alternative is a postal audit, where a detailed questionnaire is sent to the CSP hoping that it will be returned completed. Answering such a list of questions is quite complicated for the CSP and takes a lot of time, provided that precise and complete answers to the individual questions are given. Once the completed questionnaire has been received, the individual elements are evaluated in a (short) summary, where the CSP is classified (e.g. approved, approved with restrictions, not approved) by the relevant department, with the involvement of quality assurance.

Furthermore, it is sometimes possible to clarify important questions during a short assessment in a telephone conversation with the quality manager of the CSP. Then they are summarized in a memo/statement, together with other documents, allowing at least a reliable and GMP compliant classification of the provider.

If the CSP is not prepared to make any compromises, documents available on the Internet must be used. Information proving that the CSP has worked in the GMP area and provided services to other pharmaceutical companies is particularly useful. In this context, reference could be made to the Microsoft Azure GxP Guidelines (White paper, July 2020), where the most relevant quality elements are outlined on around 100 pages. Amazon Web Services (AWS) is also providing similar single documents, but unfortunately only after the contract has been signed, which is too late for the classification. In this case, too, the reviewed documents must be evaluated in summary form to enable the classification of the CSP.

Comments

Post a Comment

Popular posts from this blog

FDA describes detailed CAPA Procedure in Warning Letter

An FDA Warning Letter is a formal communication from the US Food and Drug Administration (FDA) notifying a company or individual of regulatory violations. These typically describe observations made during an inspection and list violations found (referencing the specific sections of the FD&C Act, the Code of Federal Regulations (CFR), and other applicable laws as appropriate). In addition, specific measures are listed that the recipient must take to remedy the violations. It does not go into great detail, especially not with regard to instructions on the desired procedure. In a Warning Letter issued to Sun Pharmaceutical Industries Limited (India) at the beginning of July, this is now different. It describes in great detail what the FDA considers to be appropriate CAPA measures in a specific case. What happened? The company was criticised for not adequately cleaning and maintaining the equipment used to manufacture drug products. According to the company's response, a defective ...
Read more

FDA Warning Letter Missing Ongoing Stability Studies for APIs

Company Antaria Pty. Ltd, Australia Synopsis  1.Inadequate Investigation  2. Own Analytal Methods used but proved to equivalent to USP methods 3.Annual Stability missed 1.Failure to adequately investigate and document out-of-specification results and implement appropriate corrective actions . Your firm manufactures API (b)(4) USP, labeled in part to be the active ingredient used in (b)(4). You failed to adequately investigate out-of-specification (OOS) test results. Specifically, your firm lacked adequate investigations and corrective actions for numerous OOS results obtained during laboratory testing of your API, including assay and loss on ignition (LOI) testing. The root causes were not clearly defined nor adequately documented, and lots with OOS results were released by your quality unit (QU). In your response, you state that staff turnover and insufficient staff training attributes to the lack of competency in good laboratory practices . Additionally, you state that you...
Read more

Understand ICH Q7

What is meant by ‘quality unit(s) independent from production The intent of the term ‘independent’ is to prevent any conflict of interest and ensure unbiased decision-making regarding quality-related decisions in the organization structure. The person in the quality unit who is responsible for final decision-making (e.g., batch release decision) should not have responsibilities for production activities [ICH Q7, 2.13]. Does ICH Q7 expect that the quality unit performs API release testing While the quality unit has responsibility for the release of the API, which includes oversight of the testing and results, ICH Q7 does not prescribe specifically who performs testing. ‘Quality control’ in the ICH Q7 Glossary [ICH Q7, 20] refers to the activities, not the organisational structure. For examples of quality responsibility related to testing and release, refer to [ICH Q7, 2.13, 2.22, and 11.12]. Appropriate laboratory controls should be followed [ICH Q7, 11.10, 16.10] regardless of who ...
Read more