Upload
nguyendung
View
217
Download
0
Embed Size (px)
Citation preview
Regulatory Compliance through Computer System Validation
Arjun Guha Thakurta M. Pharm., CISA, SAP
Director of Operations
31 Jan 2014
Computerized systems are used extensively to capture, analyze, store data, report information and to control equipment and processes in life sciences industry at laboratories and manufacturing facilities. Internal and external audit of pharmaceutical and biopharmaceutical industry has consistently indicated a lack of validated computer control in the industry. Computer systems validation has become one of the key areas of strong emphasis for regulatory agencies.
Background
By: Arjun Guha Thakurta CONVALgroup Program 2
Center Name 483s Issued
Food 3057
Devices 1090
Drugs 787
Human Tissue for Transplanta>on
138
Biologics 237
Others 1097
Total 6406
The Business Case for CSV USFDA 483s Worldwide
(01-10-2011 to 30-09-2012 )
By: Arjun Guha Thakurta CONVALgroup Program 3
Center Name NAI VAI OAI
Drug Quality Assurance
107 222 11
Food 67 122 6
Devices 2 17 2
Others 28 22 2
Total 204 383 21
The Business Case for CSV USFDA Inspections in India (01-10-2008 to 31-03-2013)
By: Arjun Guha Thakurta CONVALgroup Program 4
• NAI - (No Action Indicated) meaning that there were no significant deviations from the rule observed during the inspection.
• VAI - (Voluntary Action Indicated) meaning that significant deficiencies were observed, but the establishments should be able to correct deficient practices without any official action by FDA.
• OAI - (Official Action Indicated) meaning that the objectionable conditions observed are egregious and warrant an official action by FDA, such as a Warning Letter to these establishments.
Ref No. Short Desc Frqncy
21 CFR 211.22(d) Procedures not in wri>ng, fully followed 169
21 CFR 211.192 Inves>ga>ons of discrepancies, failures 119
21 CFR 211.100(a) Absence of WriSen Procedures 116
21 CFR 211.160(b) Scien>fically sound laboratory controls 115
21 CFR 211.110(a) Control procedures to monitor and validate performance
89
21 CFR 211.67(b) WriSen procedures not established/followed 73
21 CFR 211.68(a) Calibra>on/Inspec>on/Checking not done 69
21 CFR 211.25(a) Training-‐opera>ons, GMPs, wriSen procedures 65
21 CFR 211.67(a) Cleaning / Sani>zing / Maintenance 65
21 CFR 211.100(b) SOPs not followed / documented 64
21 CFR 211.165(a) Tes>ng and release for distribu>on 62
The Business Case for CSV USFDA Inspections Top 10 Citations
By: Arjun Guha Thakurta CONVALgroup Program 5
The Business Case for CSV USFDA Inspections India Citations in 2011-12
By: Arjun Guha Thakurta CONVALgroup Program 6
Ref No. Short Desc Frqncy
21 CFR 211.22(d) Procedures not in wri>ng, fully followed 0
21 CFR 211.192 Inves>ga>ons of discrepancies, failures 1
21 CFR 211.100(a) Absence of WriSen Procedures 4
21 CFR 211.160(b) Scien>fically sound laboratory controls 3
21 CFR 211.110(a) Control procedures to monitor and validate performance
1
21 CFR 211.67(b) WriSen procedures not established/followed 1
21 CFR 211.68(a) Calibra>on/Inspec>on/Checking not done 1
21 CFR 211.25(a) Training-‐opera>ons, GMPs, wriSen procedures 4
21 CFR 211.67(a) Cleaning / Sani>zing / Maintenance 3
21 CFR 211.100(b) SOPs not followed / documented 2
21 CFR 211.165(a) Tes>ng and release for distribu>on 1
Ref No. Short Desc Frqncy
21 CFR 211.68(a) Calibra>on/Inspec>on/Checking not done 69
21 CFR 211.68(b) Computer control of master formula records 19
21 CFR 211.68(a) WriSen calibra>on / inspec>on records not kept 9
21 CFR 211.68(b) input/output verifica>on 6
21 CFR 211.68(b) Backup data not assured as exact and complete 4
21 CFR 211.68(b) WriSen record not kept of program and valida>on data 2
The Business Case for CSV USFDA Inspections 21 CFR 211.68 Citations
By: Arjun Guha Thakurta CONVALgroup Program 7
The Business Case for CSV USFDA 483s India 2013
By: Arjun Guha Thakurta CONVALgroup Program 8
CDER LeAer Issued Data Integrity Issue
xyz Limited 25-‐11-‐2013 Yes
xyz Limited 09-‐09-‐2013 Yes
xyz Limited 09-‐08-‐2013 Yes
xyz Limited 02-‐08-‐2013 Yes
xyz Limited 30-‐07-‐2013 Yes
xyz Limited 18-‐07-‐2013 Yes
xyz Limited 01-‐07-‐2013 Yes
xyz Limited 28-‐05-‐2013 Yes
xyz Limited 28-‐05-‐2013 Yes
xyz Limited 07-‐01-‐2013 Yes
The Business Case for CSV EMA (EU-GMP) Non-Compliance Reports (2013)
By: Arjun Guha Thakurta CONVALgroup Program 9
EU-‐GMP LeAer Issued Data Integrity Issue
Xyz Ltd (MHRA) 18-‐09-‐2013
Data falsifica>on, PQR data fabrica>on, HPLC electronic data manipula>on, Stability -‐ products not covered
Xyz Ltd. (MHRA) 26-‐07-‐2013
Data Integrity, dele>on of electronic files, valida>on & qualifica>on, failure to to record cri>cal data, failure to raise devia>ons
Xyz Ltd. (MHRA) 22-‐03-‐2013 Data falsifica>on, Devia>on Management,
hygiene, No Sr. QA on-‐site
Xyz Ltd. (MHRA) 15-‐05-‐2013 Cross-‐contamina>on, Data falsifica>on,
traceability
Xyz Ltd. (MHRA) 26-‐04-‐2013 Data Integrity, misleading data, Sterility
assurance
Xyz Ltd. (Spain) 06-‐02-‐2013 Fraudulent Data, Traceability of RM, R&D
out of QA
The Business Case for CSV EMA (EU-GMP) Non-Compliance Reports (2013)
By: Arjun Guha Thakurta CONVALgroup Program 10
EU-‐GMP LeAer Issued Data Integrity Issue
Xyz Ltd. (France) 01-‐02-‐2013 QA documenta>on, traceability, sanita>on,
analysis
Xyz Ltd. (France) 11-‐10-‐2013 OOS/CAPA/Change Control/Training/VMP
Xyz Ltd. (Finland) 13-‐04-‐2013 Fraudulent Data, traceability of RM, Criminal
ac>vity
Xyz Ltd. (MHRA)
14-‐11-‐2012/ 15-‐11-‐2012
Data Integrity and Quality Management, QRM, Fraudulent data Refusal to inspec>on to shared site
Constant Compliant State Reactive Approach Compliance-Driven
Approach Risk-Based Approach Business-Oriented
Approach
• CSV is seen as necessary evil.
• Silo-based monitoring.
• Reactive and tactical.
• Check-box mentality. • Tactical defence
supported with SOPs and uncontrolled CSV documentation.
• Pro-active, interconnected and continuous monitoring and assessment.
• Closed-loop, risk-based validation based on defined methodology.
• Connected to overall Enterprise Validation Management Processes.
• Cross-department participation across finance, operations and QA.
èObjective is to defend during FDA audits and somehow ‘Manage’ the show for the time-being.
èObjective is to achieve point-in-time Compliance Certification from FDA.
è Preventive Mentality. Better prepared long before the FDA audits and managing ‘Steady-State Compliance’
è’Constant-Compliant State’ resulting in increased business efficiency and effective business decision.
Strategic TacJcal
By: Arjun Guha Thakurta CONVALgroup Program 11
Project - References
By: Arjun Guha Thakurta CONVALgroup Program 12
Why computer systems require validation? • Defects are unintentionally built into software • Manufacturer testing is limited • Software is released with known defects. • Many defects reported after release are not corrected. • The software might not work properly in a given
enterprise IT architecture.
Why CSV?
By: Arjun Guha Thakurta CONVALgroup Program 13
(1) Systems to make decisions on market release of drugs and quasi-drugs, and to create and retain market distribution records
(2) Systems to create and retain manufacturing orders and manufacturing records, etc.
(3) Systems to control/manage manufacturing processes and to retain relevant data
(4) Systems to manage storage and inventory, etc. of raw materials and products (including intermediates; the same shall apply hereinafter)
Where CSV is applicable?
By: Arjun Guha Thakurta CONVALgroup Program 14
(5) Systems to control/manage laboratory instruments used for QC tests and systems to retain QC test results and relevant data
(6) Systems to control/manage equipment and facilities, including HVAC and water supply systems, etc., which may have a significant impact on quality of products, and systems to retain relevant data
(7) Systems to create, approve and retain documents (SOPs, Quality Standard Code, Product Standard Code, etc.)
Where CSV is applicable? Contd.
By: Arjun Guha Thakurta CONVALgroup Program 15
CSV Misconceptions?
By: Arjun Guha Thakurta CONVALgroup Program 16
• Misconceptions of Computer Validation – We bought a “validated” system!
– Partial Validation of the System
– Long-term Use equals Validation
– Validation is one-off activity
– Validation does not need documentation
– GMP (Giant Mass of Paper)
– Validation equals software testing
– Validation is a job for IT (QA unsure)
– This is for Pharma Majors and not for SMEs
A complex maze of inter-dependent regulations across major markets. • US FDA Compliance Policy Guidelines (CPGs) • Drugs
– 21 CFR Part 211 (211.68) – Automatic, Mechanical or Electronic Equipment (cGMP for Finished Pharmaceuticals)
– Guide to Inspection of Computerized Systems in Drug Processing, Feb 1983
– Guide to Inspection of Pharmaceutical Labs (July 1993) – 21 CFR 314 (314.70) – Supplements and other changes to an
approved application (Applications for FDA Approval to Market a new Drug)
– Computerized System in Drug Establishments (Feb, 1983) By: Arjun Guha Thakurta CONVALgroup Program 17
CSV Regulations & Guidelines
• Food – Guide to Inspections of Computerized Systems in the Food
Processing Industry (April, 2008)
• Blood Establishments – Reviewer Guidance for a Pre-Market Notification Submission
for Blood Establishment Computer Software – Blood Establishment Computer System Validation in the User’s
Facility – Blood Establishment Computer Cross-match – PIC/S PE-005-3 – Guidance on Parametric Release
CSV Regulations & Guidelines contd.
By: Arjun Guha Thakurta CONVALgroup Program 18
• Medical Devices – 21 CFR Part 820 – Quality System Regulation (Medical
Devices)
• Guidance Documents – General Principles of Software Validation (Jan, 2002) – Review of 510(k) for Computer Controlled Medical Device – Compliance on Off-The Shelf Software Use in Medical Devices
(Sept, 1999) – Cybersecurity for Networked Medical Devices Containing Off-
the-Shelf (OTS) Software (Jan, 2005) – Medical Device Data Systems
By: Arjun Guha Thakurta CONVALgroup Program 19
CSV Regulations & Guidelines contd.
• Guidance Documents (contd.) – General Principles of Software Validation (Jan, 2002) – Review of 510(k) for Computer Controlled Medical Device – Compliance on Off-The Shelf Software Use in Medical Devices
(Sept, 1999) – Cybersecurity for Networked Medical Devices Containing Off-
the-Shelf (OTS) Software (Jan, 2005) – Medical Device Data Systems – ISO 14971 – Application of Risk Management to Medical
Devices – ISO IEC 62034 – Medical device software – Software lifecycle
processes
By: Arjun Guha Thakurta CONVALgroup Program 20
CSV Regulations & Guidelines contd.
• Guidance Documents (contd.) – 7341.002A – Compliance Program Guidance Manual Inspection
of Tissue Establishments (ER/ES requirements) – 21 CFR 1271 (1271.160(d)) – Establishment and maintenance of
a quality program (Current Good Tissue Practice)
• Other Reference Regulations – 21 CFR Part 58 GLP for Non-Clinical Laboratories – 21 CFR Part 312 – Investigational New Drug Application
By: Arjun Guha Thakurta CONVALgroup Program 21
CSV Regulations & Guidelines contd.
• EU Regulations – EC Annex 11 – Computerized Systems (2011) – PIC/S PI 011-3 – Good Practices for Computerised Systems in
Regulated ‘GXP’ Environments – European Medicines Agency answers to FAQs on Annex 11 as
agreed by the GMP/GDP Inspectors Working Group – The APV Guideline “Computerized Systems” based on Annex
11 of the EU-GMP Guideline.
• API – Q7A GMP Guidance for APIs (Aug 2001) – CEFIC – Computer Validation Guide (Jan 2003)
By: Arjun Guha Thakurta CONVALgroup Program 22
CSV Regulations & Guidelines contd.
• Clinical Trials – USFDA Guidance: Computerized System used in Clinical
Investigations (May 2007) – USFDA Compliance Program 7348.810 – Sponsors, CROs and
Monitors (March, 2011) – USFDA Guidance: Electronic Source Data in Clinical
Investigations (Nov, 2012) – USFDA Information Sheet Guidance for IRBs, Clinical
Investigators, and Sponsors FDA Inspections of Clinical Investigators
– EMEA Procedure for conducting GCP Inspections requested by the EMEA (Sept 2007)
By: Arjun Guha Thakurta CONVALgroup Program 23
CSV Regulations & Guidelines contd.
• GAMP (Good Automated Manufacturing Practices, ISPE) – GAMP5 – A Risk Based Approach to Compliant GxP
Computerized System – GAMP GPG – Calibration Management – GAMP GPG – Testing of GxP Systems – GAMP GPG – GxP Compliant Lab Computerized Systems – GAMP GPG – GxP Process Control Systems – GAMP GPG – Electronic Data Archiving – GAMP GPG – Global Information Systems Control and
Compliance – GAMP GPG – IT Infrastructure Control and Compliance – GAMP GPG - MES
By: Arjun Guha Thakurta CONVALgroup Program 24
CSV Regulations & Guidelines contd.
Definition of CS
By: Arjun Guha Thakurta CONVALgroup Program 25
Quality Plan
By: Arjun Guha Thakurta CONVALgroup Program 26
The Quality Plan should address the following topics: • Introduction, Scope, and System Overview • Organizational Structure • Quality Risk Management • Supplier Assessment • Validation Strategy • Deliverables, and Acceptance Criteria • Deviation Management (project and operational) • Change Control (project and operational) • Configuration Management (project and operational) • Standard Operating Procedures • Supporting Processes (Training, Document Management)
System development – Validation approach
V-Model is used as validation approach for establishing validated state for IT Applications
By: Arjun Guha Thakurta CONVALgroup Program 27
Validation Principles • Lifecycle approach to Validation
– Validation of the CS is not a one time activity. It should begin with the User Requirements Phase and should end as the last record generated from that system retires.
By: Arjun Guha Thakurta CONVALgroup Program 28
Validation Principles • Lifecycle approach to Validation
– Create and sign-off the VMP at the Project Initiation and managed it throughout the lifecycle of the system with revisions.
– Verify that User Requirements, Functional Requirements & Specifications and Detailed Design Specifications are created and enforced.
– Develop and execute IQ, OQ, PQ protocols
– Ensure that the validated system is under Change Control.
– Ensure that the preventive maintenance system includes the validated CS
By: Arjun Guha Thakurta CONVALgroup Program 29
• Americas Office 11 CaNord Road Suite: 324 Toronto, Ontario Canada, M3J 1P9 e: [email protected]
• Europe Office Ekinciler Cad. Ertürk Sok. Mehmet Özçelik İs Merkezi No: 5 K: 1 PK: 34810 Kavacık – Beykoz – İstanbul/Turkey e: [email protected]
• Asia Office Life Science ConsulJng Pvt Limited D-‐67, Rahul Complex, Paud Road, Kothrud, Pune 411038, Maharashtra, India e: [email protected] Contact: Mr. Madan Joshi [email protected] M: 9920912162
Contact us
By: Arjun Guha Thakurta CONVALgroup Program 30
Page 31
Q&A
By: Arjun Guha Thakurta CONVALgroup Program 31
Page 32
Thank you
By: Arjun Guha Thakurta CONVALgroup Program 32
By: Arjun Guha Thakurta CONVALgroup Program 33