For many companies, coping with an FDA inspection can be a nightmare. Workloads increase significantly before, during, and after an inspection, and there is always the potential that a major regulatory economic downfall could be part of a company's future if the inspection yields negative or mixed results.
We don't try to predict all the possible questions and concerns that can come up during an inspection. Even an FDA inspector couldn't do that. Instead, we discuss common deficiencies. This survival guide ensures that you know what an inspection is, what aspects of company operations (equipment, documents, tests) are likely to be inspected, and what the most common concerns, problems, and difficulties are — those that FDA inspectors look out for. Then we make sure you know how to address those issues properly (see the "To Prepare for an FDA Inspection" sidebar).Much of an inspection focuses on a company’s quality systems. By definition, a quality system is a program that addresses the needs and elements of a specific part of a manufacturing operation. A training program, for example, is a quality system — a quality system that defines in detail how the company will ensure that its employees have the proper knowledge to carry out their responsibilities.
Pharmaceutical and biotechnology companies typically determine how they are going to classify their quality systems. Quality systems typically include standard operating procedures (SOPs), monitoring programs, change control policies, validation programs, training, deviation and investigation programs, and consistent documentation practices.
Our survival guide, therefore, also begins by focusing on quality systems: on determining those quality systems needed and in place, on ascertaining how practical particular quality systems are, and on checking how well those quality systems have been implemented and followed. It is the responsibility of a company's management to ensure that quality systems are in place, reviewed periodically, upgraded, implemented, and followed.
SOPs — two to do. Two types of SOPs are common. The first type is corporate or global SOPs (policies and procedures set forth by the company’s highest management level), that describe general company policies. A company’s divisions, functions, and groups subject to GMP requirements (that is, all departments excluding functions such as finance, marketing, and sales) are required to comply with global SOPs (1–3).
Local SOPs document routine tasks and make provisions for nonroutine tasks for all specific functions or departments within the company. These documents detail the tasks that must be performed at each step in the manufacturing process. Examples of these tasks include sterilization, equipment operation, emergencies, and documentation practices. Examples of observations that FDA inspectors make about SOPs are listed in the "SOP Failures" sidebar. Remember, SOPs are the first line of defense during an inspection: They describe how procedures and situations are supposed to be handled, even those situations, such as an emergency or a contaminated batch, that a company has never faced before.
Monitoring systems. Another quality system that is closely scrutinized during a typical inspection is the monitoring program. Typically, a production site must have a continuous monitoring program of all critical elements of the manufacturing operation. Critical elements include, for example, building and equipment monitoring, water quality assessment, environmental monitoring, and microbial level measurements in aseptic fill areas.
Monitoring samples. The monitoring program clearly defines what needs to be sampled and when, how the sample is taken, and how the sample must be handled and tested. It also outlines acceptable results supported by validation studies. Monitoring programs must include provisions for test results outside acceptable limits, assigning action and alert limits, addressing who needs to be notified, assessing the effect of the out-of-specification (OOS) result, and approving and implementing a corrective action. Responsibility must be assigned to a specific person who reviews the results in each area and identifies trends in the data.
OOS results. FDA observations about monitoring programs cite the lack of clear specifications for when to sample, the location from which to draw the sample, the number of samples, and poor handling for OOS or failed test results. It is inevitable that at some point a test result will fail. (In fact, an experienced inspector will doubt the validity of test results that remain acceptable over long periods of time.) Inspectors want to know how the failed result was handled, how the effect of the OOS result was assessed, how the corrective action was agreed upon, who approved the corrective steps, what the thought processes were behind the final decision about corrective action, and how the entire episode was documented. Therefore, before your company is notified that an inspection is imminent, review your monitoring programs and make sure they are sound and robust.
Validation Programs At your next staff meeting, ask your coworkers, "Does our company have a comprehensive validation program in place?" Be prepared for several interesting responses.
A comprehensive validation program starts with policies that establish guidelines and responsibilities for validation processes. Those policies typically cover procedures for preparing, reviewing, approving, executing, and completing the validation plan.
In separate documents, the validation requirements for individual areas, such as laboratory equipment and processes, computers, cleaning, and utilities, among others, must be clearly defined. This set of documents establishes a company's commitment to its validation efforts. The documents also establish a requalification program at timely, preestablished intervals to verify the results of the original validation effort.
A validation master plan (VMP) is also essential because it establishes a company's validation plans for the near future. It should include a list of validation activities that the company plans to complete within a reasonable time frame. Once a VMP is approved, periodic reviews will ensure that validation plans are on schedule assuring inspectors that the company is committed to completing its validation tasks. VMPs do not, however, replace completed validation efforts.
Validation protocols are the most critical element of a validation program. Figure 1 shows the validation processes in a typical software life cycle. Creating validation protocols is an extremely detailed process, but as a general rule, companies should ask the questions in the "Before an Inspection" sidebar about the company's validation programs.