lundi 23 juin 2014

La qualité des enregistrements au cœur de cette mise en demeure...

Dans cette récente "Warning Letter", la FDA américaine mentionne plusieurs écarts importants dans la gestion des enregistrements réglementés :

1.    Failure to maintain complete data derived from all laboratory tests conducted to ensure compliance with established specifications and standards.

Your firm lacked accurate raw laboratory data records for API batches shipped by your firm. The inspection revealed that batch samples were retested until acceptable results were obtained. In addition, your quality control (QC) laboratory failed to include complete data on QC testing sheets.  Failing or otherwise atypical results were not included in the official laboratory control records, not reported, and not investigated...

2.    Failure to investigate and document out-of-specification results...
Your management failed to prevent the practices of product sample retesting without investigation, and rewriting and/or omission of original CGMP records persisted without implementation of controls to prevent data manipulation...

4.    Failure to record activities at the time they are performed.

Specifically, your staff used “finished product reports review data” worksheets to document critical laboratory information days after the actual testing was performed.  The worksheets reported observations from your firm’s secondary reviewer, and next to each of these listed observations the analyst marked them as corrected. A review of these worksheets revealed that your analysts did not always record data in the laboratory records in a contemporaneous manner as noted in the following examples...

Cette mise en demeure détaille également les missions à confier à un "data integrity" consultant chargé de la mise en conformité GMP :
Your data integrity consultant should:
  1. Identify any historical period(s) during which inaccurate data reporting occurred at your facilities.
  2. Identify and interview your current employees who were employed prior to, during, or immediately after the relevant period(s) to identify activities, systems, procedures, and management behaviors that may have resulted in or contributed to inaccurate data reporting.
  3. Identify former employees who departed prior to, during, or after the relevant periods and make diligent efforts to interview them to determine whether they possess any relevant information regarding any inaccurate data reporting.
  4. Determine whether other evidence supports the information gathered during the interviews, and determine whether additional facilities were involved in or affected by inaccurate data reporting.
  5. Use organizational charts and SOPs to identify the specific managers in place when the inaccurate data reporting was occurring and determine the extent of top and middle management involvement in, or awareness of, data manipulation.
  6. Determine whether any individual managers identified in item (5) above are still in a position to influence data integrity with respect to CGMP requirements or the submission of applications; and establish procedures to expand your internal review to any other facilities determined to be involved in, or affected by, the inaccurate data reporting.
  7. As part of this comprehensive data integrity audit of your laboratory, your audit report also should include any discrepancies between data or information identified in approved applications (including Drug Master Files), and the actual results, methods, or testing conditions submitted to the Agency. Include an explanation of the impact of all discrepancies. Provide a corrective action operating plan describing the specific procedures, actions and controls that your firm will implement to ensure integrity of the data in each application currently submitted to the Agency and all future applications. This should not only cover methods validation, but any other testing (e.g., stability tests, release tests) or operations you have performed for customers that may have been used to support a drug application-related submission to the agency.
 Plus d'information ici.

lundi 16 juin 2014

Des écarts dans la validation des SI pour ces fournisseurs de dispositifs médicaux...

Des mises en demeure récentes de la US FDA mettent en évidence des manquements dans la validation des systèmes informatisés pour des fabricants de dispositifs médicaux :

5.    Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system, as required by 21 CFR 820.70(i). For example, as per CAPA report number AP_009/13 your firm implemented a(b)(4) to conduct quality control functions such as, but not limited to, verifying menstrual pad shape, size, and missing parts. However, your firm was unable to demonstrate that the (b)(4) was validated for its intended use.
 We reviewed your firm’s responses and conclude that they are not adequate. Your firm’s response indicated that your firm has initiated CAPA number AC016/13 to address the above deficiencies. As part of the CAPA, your firm has revised its Process Validation procedure, 8P-44, edition 00. Your firm’s revised procedure is deficient in that it does not reference the process that your firm follows in order to determine whether a process requires validation. Your firm’s response did not indicate whether your firm plans to conduct a retrospective review of existing (b)(4) for similar deficiencies. Your firm’s response indicated that personnel training was conducted; however, training documents were not submitted for review.

3.    Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system, as required by 21 CFR 820.70(i). For example, during the inspection your firm confirmed that its software program(b)(4) version (b)(4) released on August 28, 2009, for documenting condom production control tests has not been validated for its intended uses. 

We reviewed your firm’s response and conclude that it is not adequate. The response indicated that your firm’s supplier has validated the (b)(4) software and validations will be documented by week 49/13. Your firm should clarify the intended uses of the software. If the software is responsible for calculating data, your firm should validate the software as required by 21 CFR 820.70(i). Your firm should provide evidence of implementation of its corrective actions. Specifically, your firm should provide a copy of its software validation procedures, a summary of the validation test results and personnel training records, if appropriate, for review. 

Plus d'information ici et .

mercredi 11 juin 2014

Formation "Cloud Computing" et réglementation pharmaceutique

Le "cloud computing" prend une place de plus en plus importante dans le paysage informatique des sociétés en général et du secteur de la santé en particulier.

Avec ses avantages certains (évolutivité, maîtrise des coûts...), le "cloud computing" dispose également de contraintes particulières liées à son utilisation dans un contexte réglementé.

Plusieurs industriels de la santé se sont lancés dans cette voie ; cette formation proposée par COETIC a pour objet de faire le point sur les différents modes de "cloud computing" proposés, de connaître leurs points faibles vis à vis de la réglementation applicable et d'en déduire un plan de maîtrise des risques adapté.

Cette formation se base sur des études de cas inspirées d'expériences industrielles.

Le programme de cette formation est disponible ici.

N'hésitez pas à nous contacter pour en savoir plus.