lundi 22 août 2016

Tendances d'inspection

Une présentation sur les tendances actuelles d'inspections a été publiée par l'agence australienne ; elle est disponible sur le site .

Ce fabricant d'API chinois épinglé par l'US FDA...

Plusieurs manquements aux principes d'intégrité des données ont été relevés dans cette injonction à ce fabricant d'API :

1.      Failure to have laboratory control records that include complete data derived from all tests conducted to ensure compliance with established specifications and standards.
Your laboratory personnel conducted unofficial testing without appropriate documentation, justification, and investigation. 

Our inspection found that analysts performed multiple gas chromatography (GC) analyses of (b)(4) samples for residual solvents. Analysts performed these unofficial analyses and recorded them in separate “R&D” folders before conducting the officially reported sample analyses. The original, unofficial analyses stored in separate R&D folders were not part of the official quality control records for your API, and your firm did not consider the results of these unofficial analyses to evaluate the quality of your API or make batch release decisions for numerous batches of API.

Our investigator reviewed chromatograms found in the R&D folders and noted that some displayed large unknown peaks that were not reported in the official records for the same samples. The presence of such peaks in the chromatograms may indicate the presence of unknown and uncharacterized impurities (including potential contaminants) in your drugs.

In your response, you stated that from April to July 2013 you performed “pre-trial” sample analyses for residual solvent testing of (b)(4) batches to check system suitability. You also stated you were not testing into compliance and attempted to attribute the unknown peaks found in your “pre-trial” sample analyses to operator error. FDA considers the use of an actual sample in test, prep, or equilibration runs as a means of disguising testing into compliance, a violation of CGMP.

2.      Failure to exercise sufficient controls over computerized systems to prevent unauthorized access or changes to data, and failure to provide adequate controls to prevent omission of data.

Our investigator found that your GC system used to test for residual solvents in (b)(4) lacked controls to prevent manipulation, data deletion, and unauthorized access. For example, operators responsible for generating CGMP records had full administrator rights to access the computers containing temporary data prior to routine transfer of the data to a server. All analysts shared a common login ID and password. Your use of universal administrator privileges and a single common login/password meant that actions could not be traced to specific individuals. Additionally, because the audit trail feature on the system’s software was not configured to create a file history for all activities executed by the user during analysis, your electronic data was exposed to manipulation and/or deletion without traceability.

3.      Failure to record activities at the time they are performed.

During the inspection, our investigators observed (b)(4) different analysts pre-dating or backdating results in your API quality control laboratory. Analysts were observed using pre-dated laboratory worksheets to document system suitability testing for high performance liquid chromatography (HPLC) analyses for (b)(4) purity testing. The worksheets were dated five days before the tests that they purported to document were actually carried out. Our investigators also observed analysts signing and dating microbiological testing laboratory worksheets five days before the test results would be available and backdating laboratory worksheets for impurities and content testing by four days.
Plus d'information ici.

mardi 16 août 2016

Ce laboratoire analytique américain épinglé par l'US FDA...

Un laboratoire analytique américain a fait l'objet de plusieurs observations dont une majeure portant sur la "Data Integrity" :

1.    Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).

Specifically, your high performance liquid chromatography (HPLC) and gas chromatography (GC) data acquisition systems did not have sufficient controls to prevent deletion or alteration of raw data files. During the inspection, our investigators observed that your laboratory personnel use a shared password to access the HPLC (b)(4) computer system and that your GC (b)(4) computer system requires no password for access.

In addition, multiple instruments had no audit trail function to record information about each analytical test, such as:
type of injection
date and time
identity of analyst
reason for action taken (for example, modifying a record)
This is a repeat observation from our February 7, 2013, inspection. In 2013, you committed to augmenting the security of your computer systems within six months. However, based on our 2015 inspection, it appears that you have not made appropriate corrective actions such as installing audit trails and ensuring that analysts have unique user names and passwords for your computerized systems.

It is essential that your firm keep track of all changes made to your electronic data. The use of audit trails for computerized analytical instrumentation helps to ensure that all additions, deletions, or modifications of information in your electronic records are authorized. It also allows you to verify the quality and integrity of the electronic data your contract testing laboratory generates for your customers.

We acknowledge your commitment to install and configure appropriate electronic controls to ensure that access to your computerized systems and data is restricted to authorized personnel with access rights specified for each individual. However, your response is inadequate as you did not provide an action plan describing the interim security measures in place prior to your installation of electronic controls. Your response also lacked details regarding the type of electronic controls to be installed, and you did not describe how you will evaluate the effectiveness of these computerized system changes.

Plus d'information ici.

jeudi 11 août 2016

l'EMA publie son Q&A sur "Data Integrity"

L'EMA publie une liste de 23 réponses à 23 questions que vous pourriez vous poser sur la "Data Integrity".

Il est en ligne avec le guide PIC'S sur ce même sujet annoncé précédemment et publié en même temps.

Pour le Q&A de l'EMA, plus d'informations ici.

Pour le guide PIC/S, plus d'informations .

lundi 8 août 2016

Le PIC/S planche sur la "Data Integrity"

Le groupe de travail PIC/S sur l'intégrité des données a terminé un premier projet de document d'orientation sur les bonnes pratiques pour la gestion des données et de l'intégrité dans les environnements réglementés BPF et BPD.

La priorité de ce groupe de travail est passé de l'élaboration de lignes directrices relatives à l'intégrité des données à l'élaboration d'un guide destiné aux inspecteurs. 

Le domaine de l'intégrité des données est complexe et a un large champ d'application dans les BPF et les BPD. 

Afin de répondre au besoin entre les inspections d'avoir une orientation initiale qui facilite une approche harmonisée - compte tenu de l'impact sur la santé publique - ce premier projet d'orientation a été développé afin de fournir une interprétation des exigences actuelles d'intégrité des données BPF et BPD. 

Il énonce les attentes de base pour la bonne gouvernance des données et fait référence à l'influence du comportement organisationnel et des défis mondiaux de la chaîne d'approvisionnement. 

Il est prévu que ce guide sera publié comme un projet dans le cadre d'Août 2016 - pour une mise en œuvre à titre expérimental - pendant que le groupe de travail continuera de réviser et d'élargir le projet de directives, notamment en matière de systèmes informatisés.

Nous vous informerons le moment venu de la publication ce ce guide.

La falsification de certificat d'analyse...

Ce site chinois a été sanctionné par l'agence américaine pour (entre autre) falsification des certificats d'analyse émis par cette société :

 2.    Failure to transfer all quality or regulatory information received from the API manufacturer to your customers.
You repeatedly falsified and omitted information on the certificates of analysis (CoA) you issued to your customers. For example, your firm fabricated the name of an employee, and you used that name as the false signatory authority on the CoA you sent to your customers. You also omitted the name and address of the original API manufacturer and did not include a copy of the original batch certificate. Finally, you included an “expiration date” on your CoA that exceeded the manufacturer’s labeled expiration date, but you had no basis for the extended retest/expiry period. 
Regulators and customers rely on CoA to provide accurate information regarding drug quality and pedigree. Omitting and falsifying information on CoA compromises supply chain accountability and traceability and may put consumers at risk.

Plus d'information ici.