Lead Auditors Training Course
Short Description
Internal Quality Audit...
Description
LEAD AUDITORS’ TRAINING COURSE Darren Freestone Senior Consultant SeerPharma (Singapore) Pte, Ltd Aug. 1-2, 2012 @ FDA Alabang
ECHO SEMINAR August 17, 2012
Training Course Outline
Audit Program Audit Procedures Lead Auditors
REFERENCE GUIDELINES
Inspectorates PIC/S PI 037-1 Companies (Manufacturers) PIC/S PE 009-9
ICH Q9 ICH Q10 GMP Guideline Harmonized Tripartite Guidelines
INSPECTORATE Two Roles: 1.
Inspectorates meets requirements of PIC/S PI 037-1
2. Companies (Manufacturers) program meets requirements of PIC/S PE 009-9
PIC/S Expectations for Audits Principles for Internal Audit
All aspects of GMP should be audited periodically and thoroughly by an independent competent person, team or consultant, according to a written program A “rolling” audit of individual sections that nevertheless covers all aspects in a prescribed time is preferred to a single, exhaustive audit A written report of each audit should be prepared. Evidence should be available that the program is written and followed and that follow-up activity results
Q9 Expectations for Audits Principles for Internal Audit
All aspects of GMP activities should be assessed for risk to product quality. This include Supply Chain and Distribution Chain
Audit frequency, duration and allocation of resources to be based on risk
Deficiencies should be assessed in terms of risk to the product and customer, not just against GMP clauses. Deficiencies and appropriate escalation should be in place
Residual risk should be assessed upon completion of corrective actions
Q10 Expectations for Audits Principles for Internal Audit
Demonstrated management commitment to effective implementation of Internal Audit program (commitment clearly communicated, provision of adequate resources, authority of auditor/team) Regular management review of the effectiveness of the Internal Audit Program Results of reviews and recommendations / actions are documented Follow-up from previous recommendations / actions are documented
Audits types
Regulatory by Legal Agencies (FDA, HSA, EMEA,… etc) Certification Audits – Certification bodies (TUV, BSI, ISO, HALAL, etc) Vendor / Supplier and Sub-contractor audits Internal Audits or Self Inspections
GMP Compliance Specific / focused (e.g. deviation or customer complaint) Analyzing process, environmental data Corporate
External, e.g. Customers
Audit intent and Purpose
Irrespective of the audit type, the purpose is:
To establish and monitor the implementation and compliance of the quality assurance systems and to ensure that the requirements of cGMP are met To propose necessary corrective and preventive actions To improve the quality systems One way to demonstrate commitment to continuous improvement
Responsibility (1) Senior Management (Q10)
Set direction (Formal Policy)
Provide resources
Require the establishment of a program
Provide Authority
Responsibility (2)
Quality Assurance (Q9)
Define and formalize program methodology (SOPs) Allocate program resources Establishes competencies base Determine measures Implements the program Monitor performance
Responsibility (3) Lead Auditor (PIC/S and Q9)
Reviews and implements program based on risk Plans and implements audits Allocates audit resources Ensures auditor competencies Documents metrics Reviews performance
Responsibility (3.1)
Additional Responsibilities (outside audits)
Organizing the logistics Travel Accommodation Liaising with the Auditee Working out time and costs of the audit
Vendor / Supplier Audits
Scope of Vendor / Supplier Assurance Programs Audits/evaluation are typically carried out on:
API manufacturers Sub-contract manufacturers Contract test laboratories Excipient suppliers Warehouse and distribution train – cold chain system Pre-printed (coded) matter suppliers Component/packaging suppliers Processing aids providers (filters, resin…) Calibration service providers Contract research organizations Software developers Etc..
Purpose of Vendor / Supplier Assurance Programs Regulatory Requirement
Clause 5.26 “Starting materials should only be purchased from approved suppliers…….And, where possible directly from the producer. It is recommended that the specifications established by the manufacturer for the starting material be discussed with the supplier…”
Contract Manufacture
Clause 7.3 “The contract giver is responsible for assessing the competence of the contract acceptor to carry out successfully the work required for ensuring….that the principles and guidelines of GMP…”
Clause 7.5 “The Contract giver should ensure that all products and materials delivered by the Contract acceptor comply with their specifications or….”
To monitor the implementation and compliance of the suppliers quality assurance systems and to ensure that suppliers meet the requirements of cGMP, product quality, and To propose necessary corrective and preventive measure.
Who should assess vendors?
Quality Assurance oversight the program QA responsible to conduct internal reviews and external audits Lead Auditor usually part of QA QA assign status to GMP related vendors Purchasing (PIC/S 5.25)
* Should be supported by a company procedure
Requirements of Vendor / Supplier Assurance Programs
Must include the identification, evaluation and approval of suppliers and subcontractors:
‘New’ supplier assessment and evaluation – sample testing and preliminary evaluation eg quality survey Qualification, requalification and disqualification SOPs Establishment of GxP “Technical Agreements” / contracts Ongoing evaluation of supplier and material / service / components by combination of testing and site audits
The comprehensive testing of goods is no substitute for an efficient site supplier audit program Vendor program must be planned and ongoing
Strategies for Vendor / Supplier Assurance Programs
Vendor /Suppliers assurance programs typically encompass one or combination of
Quality and GxP Surveys Monitoring of incoming materials Site audits (do not always have to audit) Feedback into CAPA and Purchasing systems
The type / method is dependent on the product and process risk Program of vendor performance trending (quality, cost and timeliness)
Vendor / Supplier Rating Example
Categories of Vendors (Vendor Rating System)
Monitoring programs adjusted based on rating and performance Vendor rating responsibility: both QA and Purchasing Rate their “weighted” performance annually
Disqualified New Approved Preferred Certified
Quality x Delivery Performance x Cost
Vendor / Supplier rating can be influenced by the results of Inwards Goods Surveillance and other Vendor/Supplier assurance programs
Quality Surveys typically include requests for information on:
Company profiles (size, sites) and management structure Types of products manufactured on site Dedicated or multi-product plant Manufacturing history Regulatory Licenses Regulation Audit History References to DMFs and Site Information Files Quality System Information – List of SOPs, Manuals Subcontracting / other sites arrangements Quality Control Policies to allowing clients to audit operations
Outcomes of Vendor Surveys (QA report) Vendor surveys should lead to an initial risk rating for the supplier. Document decisions / risk mitigations e.g. Should more information be requested Whether a direct qualifying audit is required Whether initial samples should be evaluated What level of inward goods sampling and test should initially occur
Should the vendor be dis-qualified
Building a PROFILE
Workshop # 1
As applicable to your own experience, list down as many examples as you can in the lefthand column- under each of the headings/titles below: Contract (Toll) Manufacturer API Manufacturer Excipient Manufacturer Contract Laboratory Printed Matter Suppliers Unprinted Primary Packaging Suppliers And enter these into the 2012 Profiles (workbook provided)
Must Use Risk-Based Decision Making To Determine: What type of audit Frequency of audit Team composition Duration of the audit In order to: Prepare the schedule Which must be: Authorized by all Department Heads Adhered- to absolutely Under Change Management
Workshop # 2 Using the example “Supply Chain Quality Factors” (next slide) and the example “Risk Matrix Vendors/Suppliers – Recommended Actions” in your workbook, complete the 2012 profile for each of the manufacturers previously identified.
Contract (Toll) Manufacturer API Manufacturer Excipient Manufacturer Contract Laboratory Printed Matter Suppliers Component Suppliers
Possible Supply Chain Quality Risk Factors
Patient Risk Factor
5. 4. 3. 2. 1.
Parenteral / Sterile / Biotech Rx / prescription product OTC Complementary (HRP, Food Supplement) Excipient
Patient Risk Factor
5. 4. 3. 2. 1.
Known poor quality Unknown history / New vendor Known quality - OK > 10 batches, all OK Long good supply history
Patient Risk Factor
5. 4. 3. 2. 1.
No site assessment No international GMP audits International GMP audits QA reviewed QA vendor audited > 1 cycle
Workshop #3 Audit Schedule Now we know:
Manufacturer (Workshop #1) Associated Risk Audit type Audit frequency Audit Team Composition Audit Duration
Determine the audit schedule of your vendors and suppliers based on risk. Enter each into applicable Audit schedule for 2012/2013
Audit Frequency and Scheduling “The frequency of audit of manufacturers of therapeutic gods is based on the degree of risk to patients and consumers” Ongoing basis, the risk factors taken into account when scheduling audits are:
Result of previous GxP audit [ no NCs vs. critical NCs] Regulatory Agency Intelligence:
Product recalls since last audit Medicine adverse reaction reports Adverse comments from other agencies that have an impact on GMP
Product complaints since last audit Deviations Trend reviews Significant changes within the company
Workshop #4 Metrics What metrics could we use for the schedule? How do we rate these metrics? Example…. On-time Audits
1, 2, 3, 4, 5
Missed Audits
5, 4, 3, 2, 1
Closed on Time
1, 2, 3, 4, 5
Supplier Audit Programs – in summary
Must have SOP + schedule under GMPs Based on “risk management” Define term “supplier” vs “manufacturer” Define term “audit” and “assessment” carefully
Direct site visit by QA Inward goods QC program Surveys and profiles
Document the supplier qualification results in records Must be annually reviewed for effectiveness and opportunity for improvement
Internal Audits
Common Mistake Manufacturers have the advantage of time. Should not try to audit everything in one large auditing “session”
WHY?
Break it up and spread it out over the year Prioritize according to risk Some areas may be required to be audited 2, 3 or more times per year (if high risk)
Be specific
Try to avoid auditing areas like: Production Facilities Quality Systems Scope is LARGE, need a lot of experience
For Example….. Quality System Elements (QSEs)
HVAC Equipment Personnel and Training Customer Complaints Market Authorization Cleaning / Sanitation Materials Storage and Handling Production Controls Validation Programs Laboratory Controls Computer Systems Solid Dose Sterile – aseptic filling Preventive maintenance Change Control Purified water
Movement of Personnel Document Control CAPA Product Quality Review Validation Master Plan Out of specification Inwards Good receipt Release for supply Stability Retention samples management Control of NCP Housekeeping Deviations Risk Management Sampling Supplier Management
Use Risk-Based Decision Making To determine: What QSE to audit Frequency to audit Team composition Duration of the audit In order to: Prepare the schedule Which must be: Authorized by all Department Heads Adhered-to absolutely Under Change Management
Workshop #5 Assume that the following QSEs are applicable to your manufacturing operations: o Inwards Good and Sampling o Validation o Training o Laboratory o Calibration o Maintenance o Release for supply o Purified water o Deviations and CAPA o Process Controls o Marketing Authorization
Workshop #5 - continued Refer to: “QSE Quality Risk Factors” (next slide) “Risk Matrix (QSE) – Recommended Actions (workbook) 1.
2.
Complete the Audit Team Schedule 2 012/2013 in your workbook Using the completed Audit Team Schedule 2012/2013, develop the final Internal audit schedule for 2012/2013 in your workbook
QSE Quality Risk Factors (examples)
Category 1
Parenteral/ Sterile / Biotech Process is Complex in nature Across all/most departments No previous assessment Poor previous assessment History of Deviations / Complaints
Category 2
Rx/Prescription products Process not overly complex Previous assessment satisfactory Occasional deviation/complaint
Category 3
OTC / Complimentary products Simple in complexity Previous assessment excellent No deviations / complaints
Prioritizing GxP Audits based on Risk
Facility Control
Direct Impact Equipment
Personnel / Training
Quality Systems
Market Authorization
Cleaning / Sanitation
Materials / Supply
Production Control
Validation Programs
Laboratory Controls
Computer Systems
Compliance Product Exposure Consequenc es
Assessment
Schedules/Prior ity Mgmt
Likelihood
CAPA Trends / History
Write This Down !! Make sure ALL concerned parties:
sign-off the Audit Team Schedule!!! Includes:
Quality Assurance Area Head Area Head of audit team members
Audit Programme Written Procedures (1) Audit program procedures should address the following: a) b)
c)
Planning and scheduling audits Assuring the competence of auditors and audit team leaders Selecting audit teams assigning their roles and responsibilities
d)
Conducting audits
e)
Conducting audit follow-up, if applicable
f)
Maintaining audit program records
g)
h)
Monitoring performance/effectiveness of the audit program Reporting to top management on the overall achievements of the audit program
Audit Programme Written Procedures (2) Audit program procedures should address the following: a)
b)
Identifying operations/objectives and assessing the risk Monitoring implementation of schedule
c)
Escalation of findings
d)
Linkage to CAPA
e)
f)
Assessing / classifying deficiencies Monitoring effectiveness of corrective actions
Lead Auditor Competencies Suite of SOPs to describe the Audit Program
Basis to develop Lead Auditor Training Needs Analysis
Establish Competencies of Team and Lead
Defines the scope of the program
Defines how the program is implemented
Requires review of effectiveness (performance)
So far…. Vendor and Internal Audits
Pre-requisites in place:
Company Policies (Commitment) SOPs (System) Competencies (Resources) Schedule (Plan)
Internal Audits
GxP Compliance Audit Processes Irrespective of the audit type or reason, all audits are generally structured in the following sequence: 1. Determine audit scope and Intent 2. Define the Audit Team – select specialist(s) 3. Develop and Audit Plan 4. Identify audit standards (establish criteria) 5. Formally notify the auditee 6. Conduct the audit 7. Categorize deficiencies 8. Conduct exit meeting 9. Finalize the audit report 10. Request a documented auditee CAPA response 11. Verify closure (linked to CAPA) if warranted
Why do we conduct internal audits? To verify compliance
To improve systems
Compliance Audit
Systems Audit
Document Deficiencies
Document Improvement
System and Compliance Audits Referenced Regulatory Standards
Standard Operating Procedures Verify Complian ce Practices and Records
Verify System
Audit Methodology – Systems and Compliance A. Systems Audit Prepare list of required SOPs Compare SOPs to Regulations, Policies, Guidelines Verify system is documented Has the system been deployed
C. Training Records
B. Compliance Audit Choose SOPs of particular interest* Review related or exhibit records Verify compliance (evidence) of records to SOPs *These could be used as checklists
5 Key Steps for Internal Auditing
1.
2. 3.
4.
5.
Audit Intent and Purpose Audit Planning Conducting the audit Analyzing results and preparing audit report Response : Present results (CAPA)
5 Key Steps for Internal Auditing
1. Audit Intent and Purpose
Audit Intent & Purpose of Internal Audits The intent and purpose of the audit will define the audit scope:
Routine scheduled GMP audit (surveillance or full) – verify compliance Audit culminating from nonconformities, customer complaints, etc Audit to investigate a specific product or problem Preparative audit for upcoming regulatory audit Verification audit to close-out nonconformities
5 Key Steps for Internal Auditing
2. Audit Planning
Planning –Utilizing Audit Standards Regulations and Codes
Lead Auditor : Audit Team Selection
Audit must be objective – independence of audit team members from activities being audited Ensure there is no potential conflict of interest Ensure auditor and auditees can work cooperatively Ensure auditors comply with confidentiality Determine numbers of auditors and skills needed
Two auditors, if possible, works best Appoint one as the Lead Auditor Technical expertise in the area – need experience to identify and rate issues Consider including auditors in training (under direction)
Checklists
Advantages
Provide a guide to the auditor Provide a “memory jogger” Focuses the auditor and auditee on the issues Provides background for future audits
Disadvantages
Can breed lazy (blurr) auditors – focus on checklist only Standard checklists may not “fit” Can narrow the audit focus too much Must be supplemented with observation/judgement
Audit Plan Structure 1.
Choose the “System” to review. 1. 2.
2. 3. 4. 5.
6. 7. 8.
9.
For example, by QSE Alternatively….industry issues exist, like “How effective is our cleaning program?”, “Have we justified our incoming and in-process sampling?”
Document the audit scope and the objectives Select the team – technical specialists needed? Define the standards to be applied Work out the “critical questions…..Checklist/SOPs Decide which documents and records to review Decide the audit approach Agree proposed audit plan and date(s) with the auditee Finalise and document the audit plan
Understanding the Process Plan to audit the process, not the individual, or department Map the process before you start
o
o
o
Use SOPs, Wi’s, illustrations, drawings, etc.
What is the design? Procedural Engineering Drawing Manufacturing instruction HACCP Analysis Specification
One Page Audit Plan for Change Control Scope: To evaluate the scope and effectiveness of the site change control program. The audit covers Equipment, Processes, Quality Control, Materials and GMP Procedures. It does not cover computerized systems Reference Standards
Doc #
Title
and
Reco rd
Record Review
Title
CFR 820 – Part 30 – Design Control
Engineering Change Notes
FDA Guide QSIT – Section xxx
Change Register 2004
Policy # - Change Management
Selected change Note(s)
“Critical” SOP Questions # xxxx – Change
Validation reports
Control Is there a documented change control program in place?
Are there “silos” or one integrated system?
Do change update decisions involve cross-functional areas for significant changes?
Does change maintain validation, training and registration integrity?
Management of change control records?
“Critical Question” Construction and Development Critical questions should be probing, Must be structured around the audit intent and scope, Regulatory guidance documents are useful in developing questions. Questions usually begin with ‘Is’, ‘Does’, ‘Are’, and usually the following:
Effectiveness or adequacy The presence / availability or absence Responsibilities Mechanisms
Questions may be linked or stand alone.
Example QSE – Purified water (1) Scope
The purified water system that provides purified water to the oral liquids manufacturing
Standards
PIC/S Code of GMP Part 1 and applicable annexes
FDA Guide to inspections of high purity water systems
USP 34 – Water for Pharmaceutical Purposes
Example QSE – Purified water (2) Records
System description As-built drawings Specifications of the water, for Conductivity and TOC Qualification and re-qualification reports and protocols Trend reviews micro, chemical, conductivity, TOC SOPs for operation, sanitation, maintenance + training records SOPs for establishment and monitoring of Alert and Action Limits
Questions
Who “owns” the PW system? Who has the responsibility for ongoing quality and routine monitoring? How do you know water is performing appropriately? How is the release for sale function notified of an OOT or OOS? How do you manage OOS or OOT? Any recent changes to the PW system? Can you show me previous 2 years data trending reports? Can you show me the raw data for the previous 12 months?
Workshop #6.1 Refer to your workbook.
The following internal audit has been scheduled: QSEs to be audited: Equipment Inwards Good Receipt Sampling Testing Storage and Handling
Workshop #6.2 Refer to your workbook. 1. 2. 3.
4.
5.
Work in groups of 2-4 Nominate a Lead Auditor Lead Auditor responsible to Identify Team Composition Team to prepare a one-page audit plan for each area Lead auditor responsible to prepare an agenda to cover the entire audit
By the way, you only have one (1) day to complete the audit.
Preparation for Audit
Check Site Master File Manufacturing license / certification…scope Review registration dossiers ADR reports, Post marketing surveillance reports Previous inspections, including Regulatory and Customer Records Complaints, Deviations and Recalls
Manufacturers should be aware that the Inspectorate…..
…may bring specialists eg. Laboratory, Microbiology, IT – you should too! … have special interests and views …have the authority to audit to registration information and to verify marketing authorization …may include industry issues on the audit agenda …are also assessing the attitude of management, and
5 Key Steps for Internal Auditing
3. Conducti ng the Audit – Tips and Common Mistakes
Some useful audit tools
1
Audit Plan
2
Clipboard
3
Note pad and pens
4
Copy of cGMP or other standards
5
Sharp mind!
6
Good Humor!
7
Audit checklist
8
Calculator
Auditor Attributes (competencies) 1
Objective and independent
2
Competent and experienced
3
Friendly but firm
4
Basic understanding of Technology
5
Thorough and methodical
6
Atmosphere of environment (Can handle Conflict)
7
Communication and Interpersonal skills
8
Clear and established Authority
9
Understanding of Quality Systems / Code Requirements
10
Leadership
11
Excellent Time Management Skills
Lead Auditor Attributes
Time Management
Communication
Delegation of auditing activities and STRICT adherence to timelines described in the agenda Avoidance of “scope-creep” Agreement of audit agenda by all parties Clear explanations of deficiencies at the time of observance Communications to QSE owner
Experience and Authority
Understands the difference between facts and opinions Knows when to “move-on” during an audit Professional and *systems* focused
* ”It’s business, not personal”
If a serious / critical observation is made, IMMEDIATELY make sure that the Area Head and Quality Assurance Head are made aware of the issue
If you cannot associate a deficiency with a specific clause in the Code, then its likely to NOT be a deficiency (opportunity for improvement?).
Write this down in your notes.
The procedure process is not efficient… I don’t like the template you are using… The equipment was too old…
Be specific in your observations during the audit and point out the evidence clearly to the auditees.
The warehouse was overcrowded Sampling was inadequate The equipment was dirty Training records were not detailed enough
5 Key Steps for Internal Auditing
4. Analyzin g Results and Preparin g Audit
Analyse Observations and Results 1
Allow time to summarize findings
2
Group observations that are related
3
Many observations are symptoms of system failure
4
Focus on critical items first
5
Classify issues as critical, major and other
6
Be balanced – state positives!!
7
Be clear on deficiencies – give evidence!!
8
Listen to responses
9
Be prepared to change findings
10
Avoid personal statements – system focus
Note : These will form the basis of the ‘draft’ report
GMP Audit Deficiencies
5 Key Steps for Internal Auditing
5. RESPON SE: Present Results Correctiv e&
Corrective Action Do the Actions meet the following: Address the root cause and contributing factors
“All improvement will require change, but not all change will result in improvement”
Specific Easily understood and implemented Developed by process owners Measurable (Corrective Action did in fact occur)
Audit Closure
Follow-up corrective actions: VERIFY Actions completed (Critical, Major) Everything
verified as closed
Pro-active follow-up Report missed timeliness to management
Target dates are set for completion
Auditing a PRINTER Generally: Printers are NOT required to follow GMP Printers are NOT required to have any Quality certification Good “quality” printers are Sometimes
hard to find Generally more expensive
Auditing a PRINTER Generally, Printers need to: Understand company requirements Understand the RISKS for customers and company Be educated / guided / assisted to implement the controls needed to be in place
Auditing a PRINTER What are the risks: Death, serious injury to consumers
Customer complaints Product recalls
Continuity of supply Rejected deliveries Company profits
Auditing a PRINTER What are the hazards: Mix-ups with other products Mix-ups with different strength of same product Wrong version /text Incorrect counts Batch variation (Color, missing text, faded, illegible)
Auditing a PRINTER Some points to consider: Control of Master Plates and specifications Control of color standards Version control Line clearances Program of Maintenance Print-run records and in-process checks Segregation and control of WIP (un-cut and cut) Verification of count Release to customer Training / competencies
Auditing a PRINTER IMPORTANT!!! Don’t forget Capability of the process (variation) Discuss your critical attributes and variables
Agree on % defect level allowable (critical defects) Agree on % defect level allowable (minor defects) Agree on allowable color variation (light and dark)
Inwards Goods and In-process sampling strategies will be based on this. Don’t forget: Bring along someone from PURCHASING.
INSPECTORATE
Inspectorate program meets requirements of PI 037-1
Overview: PI 037-1
Published 1 January 2012 A recommended model for scheduling routine inspections based on risk Methodology to assign a “risk rating” then use this to assign a frequency for routine inspections The intrinsic risk associated with a site and the compliance risk (based on the last inspection);… is used to assign a risk rating The risk rating is then used to recommend a frequency for routine inspections at the site
Intrinsic Risk (1st page) A combination of:
Complexity (of site, process and product) Large/small
sites Number of different operations on site Dedication of facility and equipment Organizational (# staff) Contract manufacturer or not Sterile process Number of unit operations and critical steps Extent of rework and repackaging Special storage
Criticality Manufactures
as essential product not readily available elsewhere Major or sole supplier of essential product Service (eg. Testing) cannot be performed elsewhere
Intrinsic Risk (1st page) After these points are considered: Rated: Complexity: 1, 2, or 3 Criticality: 1, 2, or 3 Criticality Complexity
1
2
1
1 (low)
2 (low)
3 (med)
2
2 (low)
4 (med)
6 (high)
3
3 (med)
6 (high)
9 (high)
Intrinsic risk:
3
Low, Medium, High
Compliance Risk (1st page) Simple Rating: From the most recent inspection: Low : No critical or major deficiencies Medium : 1-5 Major deficiencies High : 1 or more Critical deficiencies or more than 5 Major deficiencies
Risk Rating and Frequency Intrinsic risk Compliance risk
Low
Medium
High
Low
Risk Rating =A
Risk Rating =A
Risk Rating =B
Medium
Risk Rating =A
Risk Rating =B
Risk Rating =C
High
Risk Rating =B
Risk Rating =C
Risk Rating =C
Risk Rating: A: Reduced frequency, 2 – 3 years B: Moderate frequency, 1 – 2 years C: Increased frequency,
View more...
Comments