If you haven’t read Part 5 “Focusing on Data Integrity”, click here to read it now!
Performing Regular Audits and Inspections
This post discusses auditing by a drug firm of its internal operations and of its suppliers and contract partners. It does not discuss FDA audits or audits by third-parties.
Auditing of your internal operations and of your suppliers’ operations are an expectation by the FDA and other pharmaceutical regulatory agencies. Regular audits and inspections are essential for identifying compliance gaps and ensuring ongoing adherence to quality standards. Audits and inspections provide opportunities to assess the effectiveness of quality systems, identify areas for improvement, and take corrective actions as needed.
Auditing is defined as the verification activity, such as inspection or examination, of a process or quality system, to ensure compliance to requirements. An audit can apply to an entire department, business unit or manufacturing site or material supplier or contract partner, or it might be specific to a function, process, or production step. Some audits have special administrative purposes, such as auditing documents, risk, or performance, or following up on completed corrective actions. Most audits are conducted in-person, on-site. Since the Pandemic, more arms-length audits, by means of teleconferences, submitted questionnaires or other remote auditing means are being conducted.
Audits and inspections fall into two categories: internal and external.
Internal Audits
An internal audit provides company management with information about how effectively the company controls the quality of their processes and products. Auditors perform the audit in a manner to ensure their company’s compliance with pharmaceutical USFDA CGMP regulations and other quality standards like ICH Q10 Pharmaceutical Quality System are maintained.
An external audit is performed to ensure that the company’s suppliers and contract partners Quality Management System (QMS) is providing the level of compliance which the company’s management and quality organization expects from its suppliers and partners.
Internal audits are usually performed in accordance to the company’s Quality Audits policy or procedures as part of the QMS. As such these are done on a scheduled frequency and are announced audits, e.g., the department or business group or manufacturing site is notified of the pending audit. These audits are conducted by the company itself to evaluate its own operations, identify non-compliance issues, and implement corrective actions. These audits ensure that processes align with established quality standards and usually take a proactive approach for corrective actions. Such internal audits can take the form of a mock FDA audit, to help train employees in handling a future FDA inspection. The object of an internal audit is not to pretend to be the regulatory authority and show up unannounced but rather to work in cooperation with your colleagues to identify and solve potential issues. An effective audit program establishes a partnership between the audit function and the department, business groups or manufacturing sites being audited. The ideal tone for an internal audit should be a team-oriented activity that is instructive, informative, open, honest, and inclusive.
External Audits
External audits are performed on suppliers and contract partners. These audits may be for vendor certification (trusted supplier), or simply to ensure the supplier or contract partner is adhering to their QMS requirements and CGMP compliance. Typically, external audits are scheduled in advance with a formal agenda provided. Scheduling the audit and providing an agenda allows the supplier/partner to have key people available to answer questions and have documentation at hand for inspection.
Supplier audits provide an objective evaluation of supplier processes and compliance with regulatory requirements. These audits are essential for identifying potential issues related to purchased products or services that could impact internal production.
An FDA-regulated manufacturer should perform supplier audits at several key points and under various circumstances to ensure compliance and maintain the quality and safety of their products. Scenarios when supplier audits are typically conducted:
- New Supplier Audit: Before entering into a business relationship, an initial audit is crucial to assess the supplier’s ability to meet regulatory and quality requirements. This is a critical part of supplier qualification.
- Periodic Scheduled Audits: Regularly scheduled audits, often annually or biennially, are conducted to ensure ongoing compliance and to identify any changes in the supplier’s processes or quality systems.
- Risk-Based Frequency: High-risk suppliers, or those providing critical components, may require more frequent audits. The frequency can be determined based on a risk assessment considering factors like the supplier’s past performance, the supplied materials’ criticality, and the manufacturing process’s complexity.
- Product Complaints: If there are market complaints or adverse events related to the quality or safety of the products, an audit may be conducted to investigate if the issue is related to the supplier’s materials or processes.
Too many FDA-regulated manufacturers assume that by outsourcing duties to suppliers, these third parties take on the responsibilities for maintaining regulatory compliance. This is a fundamental misunderstanding of the expectations laid out in 21 CFR Part 820 for medical device companies and FDA’s Q10 Pharmaceutical Quality System guidance for the pharmaceutical industry.
