A GMP audit using A properly designed GMP gap analysis protocol is usually the first thing a Validation consultant is requested to perform on meeting a new client. A reassurance that all discrepancies have been identified and reconciled - in house. When an existing problem is not discovered, acknowledged and remedied, and a visiting regulator discovers it, the issues can be, and very often are damaging to individual careers, and to the company.
Execution of this GMP Gap Analysis gives tremendous reassurance that the validation and compliance requirements of the company are being met.
GMP Gap Analysis tools allow you to systematically challenge the company’s cGMP compliance policies and procedures, comparing them with the regulatory expected standards and enables you to draw up a list of all the delinquencies. Until you can highlight the company’s deficiencies, you are not able to scope the task of becoming compliant. It really is difficult and verging on the impossible to put resources together for an unmeasured task.
Poor CAPA systems remain one of the top problem areas for both the drug and device industries when it comes to FDA inspections. And CAPA citations account for more than 50 percent of FDA warning letters. Are you certain your CAPA system is compliant – if not absolutely certain - CLICK HERE TO DOWNLOAD YOUR OWN CAPA AUDIT
Recently the FDA has created and approved the Quality Systems (QS) guideline to impart a consistent set of requirements that will compliment the current cGMP’s and provide the tools for industry to implement effective QS’s that will guarantee the best product quality for the customers. The next step for most companies is to perform a Gap Analysis (GA) to determine what actions are necessary for them to be in compliance with the new guideline. The GA must be conducted as a planned / organized process and must be documented. The personnel conducting the GA compliance and validation analysis must also be qualified and must prioritize the areas to be inspected. It must be verified that the cascade of documents used in qualifying equipment i.e. VMP
- URS - DQ - IQ - OQ - P1Q - P2Q, are in place and all of them have have been constructed in accordance with the company's practices and procedures manual.
As long as the process operates in a state of control and no changes have been made to the process or output product, the process does not have to be revalidated. Whether the process is operating in a state of control is determined by analyzing day-to-day process control data and any finished device testing data for conformance with specifications and for variability.
Regulators require documents to be based on agreed and approved policies and procedures. That means that the documents must flow from the top policy and procedure documents through the assessment and scoping stage and into the inspection and testing stage. Throughout this flow, traceability must be maintained to demonstrate that the original requirements as documented in the URS have indeed been verified as delivered. You can't start writing an Installation Qualification (IQ), without having an approved Validation Plan in place to scope the all activities, and of course the VP can’t be started unless there is an approved User Requirement Specification (URS), in place. The normal and expected document flow is shown below:
The first document is not mandated, but is always asked for in regulatory reviews. (URS - DQ - VRA) are mandated and self explanatory. (IQ - OQ - P1Q - P2Q). The execution of a GMP Gap Analysis will give verification that these documents are in place and of acceptable standard.
The aim and object of using a GMP Gap Analysis protocol in the bio-med and pharmaceutical industries is to identify the gap between the regulatory requirements governing the company operations and the practices and processes the company has in use. This helps provide the company with insight into areas that have room for improvement. The execution of a GMP gap analysis process involves determining and documenting the variance between requirements and current capabilities. Once the general expectation of performance in the industry is understood it is possible to compare that expectation with the level of performance at which the company currently functions. This comparison becomes the GMP gap analysis results. Such analysis can be performed at the strategic or operational level of an organization.
Of great importance is the review of the company Validation Master Plan (VMP). The VMP must detail the methods to be used and the individual responsibilities for all validation activities, it is therefore imperative that it is correct in all aspects of GMP and company policies and procedures.
Next in importance to the VMP is the assurance that all equipment validation activities are originated from a fully detailed User Requirements Specification (URS). Without the URS all validation activities would be flawed. The more detailed the URS, the easier and quicker the validation exercise is to execute. It therefore pays dividends to get the URS correct.
Companies are now required to establish and maintain an adequate internal control structure and assess its effectiveness on an annual basis. Costs of compliance with Sarbanes-Oxley (SOX) 404 are, however, higher than planned.
Sarbanes-Oxley is the legislation introduced in the USA as a result of the Enron, World-com, and other financial scandals. The legislation currently applies to all USA businesses and any business that trades its shares on a US stock market. Additionally, the UK Government is planning to introduce similar legislation to Sarbanes-Oxley in the near future.
As Sarbanes-Oxley is gradually implemented, it will result in most business looking for systems that:
Improve security and close loop-holes that allow for errors and falsifications in financial records.
Introduce or support transparent processes that include all stake-holders, particularly in areas that have financial implications.
A document store that manages all of the documents, spreadsheets and other file types that need to be tracked and shared in the financial processes.
A system that ensures everyone that they are accessing the latest, correct version, track who made which changes with a full audit trail.
Document audit and edit, "red line" and "mark-up" the document without changing the original.
An audit full audit trail that even tracks if and when documents were read. A notification system that each user sets up, so they know automatically when something has changed, been read or reached a certain stage.
Discussions, bulletin boards and email stores, so that you facilitate process improvements and the move to best practice, and trap and record the history of these internal interactions.
Why does something as simple as a spreadsheet figure in so many regulatory citations? Good question; and at times a difficult one to answer. When you ask a group of compliance personnel the same question you will be informed that Excel cannot be validated because it does not seal the original copy (of the spreadsheet), allows the original to be modified and has an audit trail that can be disabled. All true, but none of these problems interfere with your ability to validate that the spreadsheet is fit for purpose. They only preclude you from using the spread sheet as a compliant repository for any data that has to be store in compliance with 21 CFR Part 11.
If the spreadsheet is signed off and dated by the user, their supervisor and QA, it becomes regulatory acceptable data stored in hardcopy, and Part 11 does not apply.
After numerous requests for this, we have launched our brand new SOP for Spreadsheet Creation to cover these and other known target points that the regulators consistently hone into as soon as they find that spreadsheets are being used. Use this Spreadsheet Creation SOP to ensure that you create spreadsheets that are validatable. Then use our spreadsheet validation pack to validate them.
SOP for Spreadsheet Creation. -- $125.00
The SOP for Computer Equipment Validation
continues to be an extremely popular document. This document leads you through
the validation process, from the URS to the final P2Q. The Risk and Part 11 Validation Risk Assessment (VRA) protocol is becoming the most important document in the validation train. The VRA reassures the regulators that you have looked at specific equipment functionality and considered the appropriate level of validation that is required. You have also considered various aspects of its use and the implications of any malfunctions. From the results of this exercise the scope of all validation activity can and must be justified. This is a robust and simple to execute document, one that will lead you through the process and deliver a result that can be used as the foundation for your validation activities.
SOP Equipment Validation.
Purchase your copy now at Special Price of $22.00.
Validation Risk Assessment (Issue11.) -- $125.00
This VRA now includes the assessment table for categorizing and documenting the new 21 CFR Part 11 guidance ruling on what predicate data must be stored in a Part compliant system, along with the new broadsheet to establish your new database of part 11 records. (now mandatory).
The SOP for Computer Equipment Validation continues to be an extremely popular document. This document leads you through the validation process, from the URS to the final P2Q.
The Risk and Part 11 Validation Risk Assessment (VRA) protocol is becoming the most important document in the validation train. The VRA reassures the regulators that you have looked at specific equipment functionality and considered the appropriate level of validation that is required. You have also considered various aspects of its use and the implications of any malfunctions. From the results of this exercise the scope of all validation activity can and must be justified. This is a robust and simple to execute document, one that will lead you through the process and deliver a result that can be used as the foundation for your validation activities.