How to Conduct an Audit of an Outsourcing Provider

There are several considerations to keep in mind when auditing an outsourcing provider.
Apr 02, 2008
Volume 2008 Supplement, Issue 4

Current regulations require that pharmaceutical companies ensure that all manufacturing—including the manufacture of starting materials—conducted on-site and off-site is compliant with the principles of current good manufacturing practices (cGMPs), as set out by the European Union Guidance 1 and the US Code of Federal Regulations. 2 Therefore, the expectation from the regulatory authorities for work performed off-site is that these processes must be formally evaluated as part of a quality management system to ensure compliance with the regulations. This is usually accomplished by a gap analysis. This compares the operations and systems of an outsourcing provider to predefined criteria, and evaluates the level of compliance to provide justification for either approving or rejecting the service offered. Dependent on the quality management system and the perceived criticality of the service provided, the audit may consist of only a written questionnaire or may also include a physical inspection and assessment of the facilities and proffered services. For example, the supplier of consumables and reagents would only require a written audit, whereas a supplier of contract test services or manufacturing would require an on-site inspection.

In conducting an audit, the choice of service will inevitably determine the questions that have to be answered. A contract manufacturer will require a different focus than a contracted analytical service, and thus it is useful to have questionnaires available to cover different service providers. The Pharmaceutical Inspection Cooperation Scheme3 publishes some helpful checklists on its publications web site which are available for free and are often used as starting points. It is important to remember, however, that such questionnaires are only memory aids. There is no substitute for the power of observation. One should not slavishly follow lists of questions and lose sight of the inspection process itself.

Selecting an Outsourcing Provider and Determining its Quality Status

Before proceeding to the audit stage, a company should seek to identify an outsourcing provider that can provide high quality services. The selection process is dependent on the service required, and the initial stages may involve a proposed provider recommended by other users. The selection process should be described in a standard operating procedure that includes considerations of how many potential providers should be assessed and against what selection criteria. These criteria may include accreditation to a quality standard, reputation in the industry, past experience, and even location.

Quality Status of the Service Provider

When selecting a provider, the first stage often confirms the existence of the provider's quality system. Outsourcing providers may also cite accreditation by a third party inspection body, such as the UK Accreditation Service (UKAS) or the International Standards Organization (ISO). However, it is necessary to consider the relevance of such accreditation with the required standard. Obviously, any company that will provide manufacturing services must follow cGMP requirements. In Europe, contract manufacturers also must be in possession of the relevant licenses and, if applicable, a letter of inspection from the Medicines and Healthcare products Regulatory Agency (MHRA) that says the provider can be named on licenses. This will contribute to the decision as to whether a postal or physical inspection is required.

Another critical consideration is whether or not a provider will allow an audit inspection to take place. If the provider does not welcome an audit inspection, the provider should be excluded from the approval process.

Confidentiality Agreement

Before an audit can be conducted, a confidentiality agreement must be in place. A confidentiality agreement will enable free discussion of any concerns that arise during the course of an audit. If a provider requests a confidentiality agreement be agreed to in advance of the audit, it is a sign that the firm is accustomed to working in a regulatory environment. It is acceptable, however, to wait to sign the actual agreement until the date of the inspection.

Determining the Scope of the Audit

Before the audit is conducted, there should be an introductory meeting to identify the parties involved to establish the scope of the audit. Audit inspections may cover total compliance of the entire facility to cGMP requirements, or be limited to a specific area, such as a single outsourced analytical test. The audit could therefore be narrow in scope or more general, depending on the service provided.

lorem ipsum