We have benefited from the consideration of these difficult issues by the PCLOB and the PRG and it is a pleasure to appear with them today. In his speech on January 17th, the President laid out a series of measures to reform our surveillance activities that draw upon many of the core recommendations issued by the PCLOB and Presidential Review Group.

At the Department of Justice, we are devoting significant resources and energy to fighting computer hacking and other types of cybercrime. The recent revelations about the massive thefts of financial information from large retail stores have served as a stark reminder to all of us about how vulnerable we are to cyber criminals who are determined to steal our personal information. The Justice Department is more committed than ever to ensuring that the full range of government enforcement tools is brought to bear in the fight against cybercrime.

Two Florida men were sentenced today to serve 84 months in prison for defrauding thousands of homeowners in a $4 million nationwide home loan modification scheme.

"As you know, this Sunshine Week we will celebrate the fifth anniversary of the Attorney General’s FOIA Guidelines. Issued during Sunshine Week on March 19, 2009, those Guidelines address the presumption of openness that the President called for in his FOIA Memorandum, the necessity for agencies to create and maintain an effective system for responding to requests, and the need to improve timeliness and to work to reduce backlogs," said Pustay.

Today, the Justice Department sought a federal court order temporarily restraining the Ohio Department of Youth Services (DYS) from unlawfully secluding boys with mental health needs in its juvenile correctional facilities.

More than ever before, the Department’s law enforcement work today must contend with new and emerging technology, including virtual currencies such as Bitcoin. Virtual currencies can pose challenges for law enforcement given the appeal they have among those seeking to conceal illegal activity. This potential must be closely considered. We are working with our financial regulatory partners to account for this emerging technology.

The Justice Department announced today that it has reached an agreement with the New Jersey Judiciary to provide comprehensive language assistance services to limited English proficient (LEP) individuals.

Three individuals have been indicted for their alleged roles in an approximately $32 million fraud against a Federal Communications Commission (FCC) program designed to provide discounted telephone services to low-income customers.

The Justice Department today announced it has reached an agreement with the Rhode Island Judiciary to ensure that limited English proficient individuals will have access to timely and competent language assistance at no charge in all court proceedings, services and programs throughout the state court system.

A Maryland man was sentenced today to serve one year and a day in prison for defrauding thousands of homeowners in a $4 million nationwide home loan modification scheme.

A soldier in the Texas Army National Guard pleaded guilty today for his role in a bribery and fraud scheme that caused more than $30,000 in losses to the U.S. National Guard Bureau.

Former Specialist Christopher Renfro, 26, of Houston, Texas pleaded guilty today to two counts of wire fraud and one count of aggravated identity theft. Previously, on March 24, 2014, Renfro pleaded guilty to one count of conspiracy and one count of bribery in connection with the same scheme.

Today, U.S. District Judge Gustavo A. Gelpí approved the selection of Arnaldo Claudio to serve as Technical Compliance Advisor (TCA), overseeing the implementation of sweeping civil rights reforms under the Agreement for Sustainable Reform of the Puerto Rico Police Department.

Attorney General Eric Holder announced today that the Obama administration, as part of successfully concluding negotiations on the E.U.-U.S. Data Protection and Privacy Agreement (DPPA), would seek to work with Congress to enact legislation that would provide E.U. citizens with the right to seek redress in U.S. courts if personal data shared with U.S. authorities by their home countries for law enforcement purposes under the proposed agreement is subsequently intentionally or willfully disclosed, to the same extent that U.S. citizens could seek judicial redress in U.S. courts for such disclosures of their own law enforcement information under the Privacy Act

"The computers of American citizens and businesses are, as we speak, under attack by individual hackers and organized criminal groups using state-of-the-art techniques seemingly drawn straight from a science fiction movie," said Assistant Attorney General Caldwell

A North Carolina couple pleaded guilty for leading a Costa Rican sweepstakes fraud scheme that defrauded hundreds of elderly Americans

A former LaPorte County deputy auditor has been indicted by a federal grand jury in the Northern District of Indiana for embezzling over $150,000 from the LaPorte County government and committing tax fraud.

A former salesman at a prominent Los Angeles car dealership and another Southern California man were charged with odometer tampering, the Justice Department announced today.

A dual United States-Costa Rican citizen pleaded guilty today for his role in a $1.88 million sweepstakes fraud scheme that defrauded hundreds of elderly Americans.

Attorney General Eric Holder announced today that the Department of Justice and 19 states and the District of Columbia have entered into a $1.375 billion settlement agreement with the rating agency Standard &s Financial Services LLC, along with its parent corporation McGraw Hill Financial Inc., to resolve allegations that S&s 2013 lawsuit against S& true credit risks. Other allegations assert that S&s business relationships with the investment banks that issued the securities.

By Sheila Plant, PhD, MHS, RAC, Senior Director, Regulatory Strategy, CATO SMS Special Interest Guidances/Information Date Posted Recommendations to Reduce the Possible Risk of Transmission of Creutzfeldt-Jakob Disease and Variant Creutzfeldt-Jakob Disease by Blood and Blood Components; Draft Guidance for Industry: Draft Guidance for Industry – Draft Guidance 30 Jan 2020 Arthroscopy Pump Tubing Sets …

Continue reading »

By Sheila Plant, PhD, MHS, RAC, Senior Director, Regulatory Strategy, CATO SMS    Special Interest Guidances/Information Date Posted Policy for Diagnostics Testing in Laboratories Certified to Perform High Complexity Testing under CLIA prior to Emergency Use Authorization for Coronavirus Disease-2019 during the Public Health Emergency: Immediately in Effect Guidance for Clinical Laboratories and Food and …

Continue reading »

By Sheila Plant, PhD, MHS, RAC, Senior Director, Regulatory Strategy, CATO SMS FDA guidances from March 2020 as well as upcoming advisory committee meeting announcements are below.  We note that approximately one-third of FDA’s guidances this past month are related to COVID-19.    Special Interest Guidances/Information Date Posted Enforcement Policy for Gowns, Other Apparel, and …

Continue reading »

By Zachary Swan, PhD, RAC, Associate Director, Regulatory Affairs at CATO SMS    Special Interest Guidances/Information Date Posted Exemption and Exclusion from Certain Requirements of the Drug Supply Chain Security Act During the COVID-19 Public Health Emergency: Guidance for Industry – Final Guidance 30 April 2020 FDA Deems Certain Tobacco Products Subject to FDA Authority, …

Continue reading »

From : Communities>>Regulatory Open Forum
I disagree with Richard. I just had a conversation with the COVID-19 hotline (11:45 am, May 7) and asked about this issue after having read an update from the FDA that said UDIs for EUA devices are waived and GMPs are under limited enforcement. The person I spoke with said the update is correct and that UDIs are waived for EUA devices.  Feel free to contact me if you have any questions.  Bob Bard ------------------------------ Robert Bard JD, RAC [Managing Director] South Lyon MI United States - [More]

From : Communities>>Regulatory Open Forum
Bob, I stand corrected; if you confirmed with FDA that is good.  From what I was reading and seeing (I must have missed that update) there was nothing addressing UDI or no UDI.for EUA products.  (Personally I am a bit surprised at this since the whole concept of UDI is traceability and they waive this for emergency use products - when there is an issue this is where UDI becomes so important.  Shrugs.) ------------------------------ Richard Vincins RAC Vice President Global Regulatory Affairs --- [More]

From : Communities>>Regulatory Open Forum
Hello Richard, Yesterday, I received a follow up from the Hotline (CDRH-EUA-Templates ) to my query. I was reminded that the waiver to good manufacturing practice and labeling requirements were included in the individual authorization letter. The person responding to my question concerning the UDI requirement provided the following: UDI is not specifically noted; however we are not enforcing UDI during the emergency. The specific authorization letter I was reviewing was for [More]

You know you need a computer systems audit, but that’s literally the extent of what you know.
Has this ever been you?

Yes, you use computers on a daily basis, and you may even use the system that needs to be audited. But you don’t spend your day thinking about where all the system components are located, how services and software are combined, and what Part 11 requirements apply. Terms like “cloud computing” make you feel slightly queasy. You’d rather get a root canal than discuss “distributed processing.” Your expertise is in manufacturing. Or clinical research. Or non-clinical lab operations. And somehow it’s your job to make sure an effective and properly-sized system audit is conducted. Great.



Yet your Quality Assurance colleagues -- whether they’re from your internal QA department or an external compliance company -- need your input. They need to understand what software is being purchased, what services are being contracted, how and where components of the system are being implemented, and how the system will be used.

The good news is that the QA auditors can help you. They know that FDA favors a risk-based approach to validation and Part 11 implementation, and they even know what that means. They love to talk about configuration management and change procedures. They love gathering evidence that demonstrates your system works correctly and is in a state of control, and they know what rocks they should look under to find and fix vulnerabilities.

What follows are examples of the types of information you need to convey to QA – and that they should be asking you about – to properly size and scope an audit.

How do You Plan to Use the System?

Suppose you need to audit the supplier of a new Document Management System. The first thing an auditor would need to understand is how you plan to use the system. How mission critical are the documents you’re looking to store?  Are they covered under regulatory scope?  Maybe you plan to use the system as a collaboration environment for developing new SOPs. That would require a relatively low level of scrutiny, especially if you only plan to print out the finalized documents for wet ink signature. (As a point of comparison, if you plan to use the system to finalize SOP approval, the auditor would need to check that Part 11 requirements for electronic signatures are properly implemented.) What if the Document Management System will be housing critical GxP documents, such as Trial Master Files, Master Schedule Sheets, or Master Batch Records? In these cases, the validation would have to be far more thorough, and Part 11 electronic record features, such as audit trails and archiving functionality, would have to be implemented and verified.

Here’s another “use” example. Similar to the term “Document Management System,” the term “Analytics System” does not tell the whole story. From a business perspective, study start up (SSU) metrics may be vital for sponsors and CROs to collect and analyze. But since they have no regulatory impact, the FDA would not require an SSU analytics system to be validated. (That doesn’t necessarily mean you might not want to, though.) On the other hand, a system that performs statistical analysis on study data for regulatory submission is about as critical as it gets, and would require thorough validation and Part 11 implementation. Other analytics systems, such as dashboards that pull data from critical systems, might fall somewhere between these two extremes.

What is the Vendor Providing? And How? And Where?

If you need to audit a complex system, the questions QA will ask you will go beyond system use. The auditors will need to understand the combination of software and services the vendor is providing, and where the software and data reside.

• Does the software and data reside internally at your company or does the vendor provide a hosting service?
  If the vendor is hosting, the auditor needs to tour the facilities and review SOPs and records to evaluate physical security, staff training, environmental controls, backup procedures, disaster recovery plans, data retention, computer infrastructure, and change control.
  
  
• Does the hosting vendor own its own servers or does it, in turn, outsource that function to a 3rd party hosting company, (possibly even in the cloud)?
  If the hosting is outsourced, ideally an auditor would be able to visit the hosting site. Failing that, the auditor would ask questions about the vendor’s qualification processes and review SOPs that govern vendor selection/management procedures. If the vendor outsources other services beyond hosting, those services might need to be considered, as well.
  
  
• Is the vendor providing any other services?
  Many EDC vendors will provide study-specific services such as screen development and data entry validation edits. Auditors would need to review SOPs for providing these services and understand how the vendor tests and manages modifications to these components as the study proceeds.
  Sometimes computer systems vendors provide ancillary services, such as help desk functions and user account management. That would mean additional SOPs and training records for the auditor to look through.

Other Considerations

There are many. For example, where are you in the product life cycle? You ask different questions about a new system than you would about one that has been operating for a few years. Is the product Commercial off-the-shelf (COTS) or highly customized? COTS systems vendors often have their own validation package which auditors would review, and then ensure proper operation in the sponsor/CRO’s specific environment. A highly customized or custom-built system would require a more extensive validation process.


The Take Away

CSV/Part 11 audits will never be standardized, cookie cutter type activities; there are simply too many factors -- in too many combinations -- to consider. You want your QA efforts to be worth the money you spend and be able to answer the questions FDA says you need to be asking. If you’re unsure how to do that, that’s ok. Other people know, as long as you can help them understand how you plan to use the system, what software and services are being supplied, and how components of the system are being implemented.

In case you missed it, our previous post was Notes 2 Fix Your Notes 2 File.
_______________________________________________
Many thinks to Lisa Olson for sharing her insights with me.

Last month, I scheduled one-on-one discussions with our most experienced GCP auditors to ask each of them the same question: What surprises you most about the audits you conduct?

I guess you could say that I was the one who was surprised. I’m not sure exactly what I was expecting to hear, but I thought my teammates were going to talk about things that were new. Instead, I heard a lot more about things that have been around for a long time. To a person, my colleagues said they were surprised to be observing some of the same audit findings they were observing 30 years ago...which *is* surprising when you consider most of them were mere children at the time. ;-)  It seems we have some stubbornly persistent quality and compliance issues in the biopharma industry that decades of neither experience nor technology have seemed to remedy. And the problems are not just persistent; they’re interrelated.



Standard Operating Procedures (SOPs)
It’s quite common for auditors to encounter sponsors, CROs, and sites that lack an adequate set of SOPs to describe local procedures. There are several reasons for this. Sometimes it’s a lack of resources. Sometimes smaller, established organizations believe writing it all down is unnecessary, as “people know their jobs.” Sometimes newer companies are simply unaware that written procedures are required for particular operations. But when procedures are not documented, organizations are unable to demonstrate GCP compliance, cannot ensure that activities are performed correctly or consistently, and have difficulty training new staff members. (We’ll come back to training in a bit.)

Frequently missing from a good working set of SOPs are procedures for Disaster Recovery, Handling of Suspected Fraud, and Management of Regulatory Inspections. These SOPs are not used for day-to-day operations, so perhaps that’s why they don’t garner as much attention. Nevertheless, the inability to recover from a disaster, protect the organization from fraud allegations, or pass a regulatory inspection can sink a company.

A fourth SOP that is commonly absent from the set is the document that describes how to write, approve, distribute, revise, and retire SOPs. Also frequently missing from a working set of SOPs is our next topic: Training.

Training
Training can be expensive and time-consuming, and companies increasingly have to do more with less. In-person training has largely been replaced by computer-based systems, on-site training has given way to distance learning, and mentoring has gone the way of the dodo.

The good news is that study sites typically adhere to formal GCP training requirements. What’s often missing, though, is the training that connects GCP concepts to everyday activities. A trainee might correctly answer a multiple-choice question about audit trails, but without that “last mile” of coaching, use Wite-Out to correct a source document error. This is where SOPs come in. When training is conducted using well-written SOPs, it can help bridge the gap between standard GCP training and specific site operations.

It is not uncommon for study-specific training to be lacking in CROs – protocol training, device training, computer systems user training. As part of their vendor oversight procedures (also an SOP!), sponsors should be making sure that CRO staff is adequately trained. 

Trial Master Files (TMFs)
Whether paper or electronic, it’s common for TMF documents to be missing or expired. Replacements for these documents can usually be produced and filed at the time of the audit. Misfiled documents are another matter; they are already there but cannot easily be found. Locating and refiling them essentially doubles the time and cost of the original effort. For example, documents from multiple labs, such as certificates, credentials, vendor audit results, etc., are often mistakenly commingled. Documents must be sorted and refiled so that each facility listed on the 1572 has its own file or electronic folder.


Another very common mistake is treating every document on letterhead as if it’s general correspondence. Search for the word “letter” in the DIA Reference Model and you can see how many opportunities exist for misclassifying correspondence. For example, an IND safety report sent by the sponsor on letterhead should be filed under “Notification of Safety Information,” Section 8.3.18 in ICH E6(R2), not “Relevant Communications,” Section 8.3.11. In an eTMF, an IRB approval letter belongs in 04.01.02, its designated DIA Reference Model position, not 04.04.01, which is reserved for general communication.

The root cause of these misfilings? The filer does not know enough about the filing structure of the TMF and often is not familiar enough with clinical research to know the purpose of each document and where it belongs. The corrective action? Training. Training on the TMF plan, the TMF Management SOP, ICH GCP, and study operations in general.

Technology to the Rescue?
No doubt, CTMSs, eTMFs, eCRFs, ePRO, and other systems have improved clinical operations and reduced error. However, three decades of technological advances have done little to address the most common quality and compliance issues encountered by GCP auditors – and by extension regulators. Some might find that discouraging, but isn’t it also a little satisfying that the solution to our most persistent problems comes down to human communication?

______________________________________________________________________
A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

In an effort to tease out the priorities of a clinical study site audit, I asked six of our most experienced GCP auditors the following question:

If you only had one hour to conduct a study site audit,
what would you look at?
[Obligatory warnings:  Do not try this at home. This is just a simulation. Caveat lectorem. Dinosaurs in the mirror are bigger than they appear. Et cetera.]

Of course it’s not possible to conduct any kind of meaningful audit in so short a time, but it’s an interesting thought exercise because it gets to the heart of study site risk.
In order to respond to this question, the auditors needed to ask themselves:

(1) What are the greatest site risks to a study?
(2) Where can evidence be found that those risks are being managed?

Answering the first question is pretty easy. The very first paragraph of ICH E6(R2) tells us “Compliance with this standard provides public assurance that the rights, safety and well-being of trial subjects are protected…and that the clinical trial data are credible.” So there it is: the reason GCP exists. When we conduct clinical research, our highest priorities are human subject protection and data integrity. It follows, then, that jeopardizing these obligations is our greatest risk.

So with only an hour to evaluate whether a study site is managing these risks, we can move on to the second question. What would our audit (now referred to as “hour audit”) look like?

IRB Approvals

Hour Auditor has decided to spend the first twenty minutes at the site reviewing IRB approvals. Are all of the IRB approval letters in the Investigator Site Files (ISF)? Is the protocol that’s being executed the same version that the IRB approved? Have the protocol amendments and all of the associated Informed Consent Forms (ICFs) also been approved?

Missing approval letters aren’t necessarily the end of the world. It’s quite possible that the required approvals are sitting on the sponsor portal, having been received from a central IRB. Their absence from the ISF could just be a clerical error. However, it’s a first-order finding if the site was responsible for getting approval from its local IRB and failed to do so. The IRB would have to be notified. The FDA would have to be notified. Without review and approval from an ethics body, the safety of study participants is jeopardized and their rights violated. Everything stops.


Informed Consent

With forty minutes left to go, Hour Auditor spends the next twenty minutes reviewing participants’ ICFs. The selection of these participants may be random or targeted, depending on the results of the IRB approval review. Has each participant signed every applicable version of the ICF? Were they signed before any associated study procedures were conducted? If not, was the delay noted in the subject notes? How was the situation remedied? Was there a CAPA to ensure that any other incidents were corrected and future occurrences prevented? Was the IRB informed?


Inclusion/Exclusion Criteria

Now down to the final twenty minutes, Hour Auditor asks to see the Inclusion/Exclusion (I/E) criteria for two screened and enrolled participants. Most likely, the particulars of the study -- the vulnerability of the patient population, the therapeutic area, and the protocol complexity, among other things -- would drive the selection.

We’re running out of time, and this could be our final stop. With so much else to look at, including source data, IP accountability, staff qualification and training, and Adverse Events reporting, why focus on I/E criteria? Because they give us a glimpse of many aspects of study conduct all at once. When a site can assess complex I/E criteria correctly, it demonstrates protocol compliance and a commitment to producing reliable study data. Examining I/E criteria also gives Hour Auditor a chance to assess source data quality and provides further assurance of subject safety.

Best Laid Plans
As with any audit, particular findings at any step could (and should) alter the plans for this one-hour visit. If the ICF review left Hour Auditor concerned about fundamental flaws in the IC process, the rest of the audit might be spent trying to determine the extent of the problem. An incidental discussion could raise red flags about staff proficiency that may have Hour Auditor poring through protocol training records or scrutinizing the Delegation of Authority log. (Plus, Hour Auditor really, really wants to take a peek at the IP accountability records, and so may find a reason to do so*.)

The point of this thought exercise was to consider (1) the obligations of the clinical research industry to protect subjects and produce reliable data, (2) where the biggest risks to that obligation lie, and (3) how site audits should be prioritized to ensure those obligations are being met and those risks are being managed.

_________________________________________________________________________

*The auditors involved in this discussion did their best to honor the absurdly artificial time constraint I gave them. That meant foregoing activities no self-respecting auditor could bear to forego. This paragraph recognizes some of those activities. (Thank you all. I know this hurt.)

A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

Alarm Clock Image via Good Free Photos

Guest Blogger: Greg Weilersbacher
Founder & President, Eastlake Quality Consulting

All companies outsource. It’s a humbling fact that you simply can’t do it all yourself. This often has to do with resource allocation; your company may allocate dollars to build and sustain some activities in-house while choosing to contract higher-cost operations to qualified suppliers who already have the expertise and equipment. 

You may outsource the manufacturing of tablets, sterile injectable, or topical dosage form, or the GMP release and stability testing of your product. Once the production and testing is complete, the product may need to be stored under controlled temperature and humidity conditions and then distributed to locations around the globe. The Contract Development and Management Organizations (CDMOs) who execute these critical operations are of paramount importance to your company’s success. Choosing the right suppliers will also help to minimize stress-induced headaches throughout your organization. Here are the top five ways to get the most out of a supplier audit.



1.  Come to the Audit Prepared
This seems obvious. However, more often than not, quality auditors step into the supplier’s lobby without doing their homework. Ask yourself the following questions: Why am I auditing this supplier? Is this supplier new to my company or one that we have used before? If used previously, have I read over the audit observations as well as the supplier’s responses and do I understand them? Which audit observations do I suspect would be the most challenging for the supplier to address and which are most important to my company’s requirements for this product? Have I reviewed previously executed production batch records and testing data and are there issues that need to be resolved? Are their deviations and CAPAs to follow up on?

Your understanding the supplier’s work proposal is of great value in refining the scope of the audit. Ask yourself:  Which of our products may be manufactured and tested here and which strengths (e.g., potency) will be produced? Which equipment is likely to be used? For a tablet production, the equipment train could include balances, blenders, roller compactor, spray dryer, solvent-rated oven, comils, tablet press and tooling, gravity feeder, coating systems, de-duster, weight sorter, metal detector, tablet counter, etc. This list of equipment will assist you in requesting equipment records during the audit. 

2.  Stay On Point
Proper audit planning will help to keep the audit organized and adhere to the audit timeline. In advance of the audit, provide the audit host with a list of the technical, lab, and manufacturing staff you wish to speak with and the records you need to review. A well-organized host will have this available for your review. Stick to your audit agenda. This is critical. The best way to derail your progress is to spend precious time chasing down minor issues while glaring problems get little to no attention. Continually refer back to the audit agenda and remember to keep the content of your audit report in mind while executing the audit.


3.  Know Your Technical Expertise and Limitations
Many auditors have led previous lives in the laboratory or in manufacturing while others started their careers in quality assurance and may have little technical background with regard to equipment, manufacturing processes, GMP utilities and laboratory testing. Know your limitations and if necessary strengthen them by hiring an expert consultant to assist you during the audit.

A common problem area that is at best glossed over and at worst completely ignored during an audit is the CDMO’s compliance with GMP utilities requirements. All too often, this is due to the auditor’s lack of understanding of the operation, inputs and outputs, validation parameters, and periodic testing and maintenance requirements for utilities such as HVAC, clean or pure steam, purified water and WFI systems, autoclaves, clean compressed air, nitrogen and other gases used for operating equipment or used during processing activities in manufacturing. Typically, these areas are also less well understood by the CDMO’s employees and as a result noncompliance abound. 

Some GMP utilities may be connected to the facility’s building management system, while others may be stand-alone equipment. In either case, the CDMO should have records of alarms (e.g., out of specification or out of range conditions), an acknowledgement of each alarm by designated staff members, and documentation of corrective actions. The last item is key. This is where the execution of quality systems tends to fail. Make a point to request documentation of corrective actions for each utility alarm. 

Additionally, purified and WFI water systems along with gases, such as clean compressed air and nitrogen, require periodical sampling/testing at each point-of-use. Verify that the timelines (monthly, quarterly, or annual) for sampling and testing were performed as directed by the CDMO’s procedures. These timelines are typically not well adhered to. A clear understanding of all the operations of the supplier’s GMP utility management process will keep your thoughts clear during the audit and help identify areas that are in need of improvement. 

4.  The Auditor’s Job is to Identify the Good and the Bad (Not to Win the Debate)
An important goal of a supplier audit is to identify the supplier’s strengths and weaknesses and come away from the audit with a compliance assessment that your company can use to make important decisions. It is of no value to your company if the goal of the auditor is to show the supplier how much he or she knows by debating the fine points of compliance. GMP auditors with decades of experience generally avoid this competitive exchange as it is unproductive. Rather, it is more important to the spend the necessary time identifying compliance issues, making them known to the audit host in a professional manner, and taking detailed notes that assist in writing the audit report. Your company’s senior managers need to know the supplier’s good and not-so-good points; detailing all of these provides the greatest value. 

5.  Interview the CDMO's Lab Staff, Manufacturing Operators, and Shipping/Receiving Personnel
CDMO’s quality systems are generally written by managers and directors who have many years of industry experience. It is of utmost importance that staff members who execute these systems understand them if your company’s product is to be manufactured, tested, stored, and distributed in a compliant manner. Request to speak with manufacturing staff members who work on the production floor and are likely to work on your product. Ask them about the process they would follow to conduct lines clearance, charge powders to a blender, operate a spray dryer, use a comil, set-up of a tablet press, inspect tablets, use metal detectors, etc. Compare the information they provide to the CDMO’s SOPs to determine if the staff understands their jobs. Listen for phrases such as “I usually do it this way…” or “it’s a different every time but I typically set up the equipment like this…” These phrases reveal a lack of control and adherence to procedures. 

The Take Away
The audit itself lays the foundation for a relationship with the supplier and the take-away message should address the following questions: Will the supplier work to resolve the issues I’ve identified? Am I confident that the supplier will immediately notify and involve my company’s representatives when deviations occur during production or testing? Do the supplier’s quality systems and records meet my company’s requirements and those of regulatory agencies? How confident am I that the supplier will produce and/or test a quality product that my company can stand behind? Is the supplier simply a pair of hands or are they committed to be my partner in this product’s success? The answers will provide you with a comfort level in making the decision to move forward with the CDMO or to look to the their competition.  

*********************************************************************************

A version of this article was first published in Outsourced Pharma.

 About the Author
Greg Weilersbacher is the Founder and President of Eastlake Quality Consulting, a GMP consulting firm based in the Southern California area. Over the last 25 years, he has held director and vice president positions leading Quality Assurance, Quality Control, Analytical Chemistry, Materials Management, GMP Facilities, and Product Manufacturing in biotech and pharmaceutical companies. His unique experiences and technical background have led to the manufacture and release of hundreds of solid oral, sterile, and biologic investigational products to clinics in the U.S. and abroad. Email Greg at weilersbacher.greg@gmail.com.

When it rains guidance, it pours. The MDCG just released Guidance on temporary extraordinary measures related to medical devices Notified Body audits during COVID-19 quarantine orders and travel restrictions. The guidance takes immediate effect and is valid for the whole period of duration of the pandemic COVID-19 as declared by the World Health Organisation. It […]

Over the past year Juul has faced criticism and scrutiny over its role in what public health officials call an "epidemic" of teen nicotine addiction.,

Yokogawa Electric Corporation (TOKYO: 6841) announces that it has entered into a strategic alliance framework agreement to accelerate collaboration with Saudi Basic Industries Corporation (SABIC), ranked among the world's largest petrochemical manufacturers. The agreement includes selection of Yokogawa as a preferred supplier of control systems.

2012 XA133 or city killer as it is being called is the third asteroid heading towards the Earth.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.