Stan O’Neill
Managing Director
The Compliance Group
22 May 2014

• The system is in control.
• How do you demonstrate this?
• How do you convince the Inspector of
“your story”?

• Traditionally been outside the experience of inspector recruits
• Necessary to learn “the trade” within the
Inspectorate
• Other compliance issues traditionally been more significant
• Inspectors not inspecting the area.
• No significant problems identified or self evident.

• Commercial courses difficult to identify
• Courses specialise in “How to Validate” rather than “How to Inspect”

• Inspectors often gaining experience
• Normally max. 4 hours on subject
• Exceptions where up to 2 days on subject
• List of systems prepared by companies
• Quality Audits performed of Vendors

• Focus on specific areas
– Electronic release procedures
– Status control of materials and products
– Approach to laboratory systems
– Approach to key manufacturing systems
• If these can be quickly handled, the
Inspectors quickly gain confidence.

• Extensively referenced within Annex 11
• Put in place at the request of the industry
• Some points to note............

• A note on Risk – ICH Q9
– ICH process negotiates standards between industry and regulators.
– Adopted in EU as Annex 20, then Part III
– A voluntary annex
– Concept of risk accepted by EU Member
States, but subtleties sometimes lost with the passage of time

• Important to understand the difference between risk assessment (the individual documents) and risk management (the holistic process).
• Risk assessments often by industry to justify pre-decided positions.
• Very few (if any?) risk assessments conclude that the proposed process is unacceptable.

• Using true Experts in the Risk Management
Process
• Planning the process
• Building confidence in the Inspectors that
– The process was under control
– Good science was used.
– Everything is in place
• Enthusiastic / energetic engagement during inspections

• Poor cross referencing
• Obvious gaps in criticality assessments
• Inappropriate assignment of “non-critical”
• Slow delivery of requested information
• Incomplete packs of information
• Incomplete follow up of outstanding information identified in the documentation

• How different is the department?
– Different SOP format?
– Different vocabulary to Inspector?
– Different vocabulary to rest of organisation?
• Are the company representatives practised in the inspection environment?

• Does the IT Department operate it’s own change control?
• Is it a separate system, different SOPs, different principle actors?
• Inspector has more assurance when a different system is not-so-different.
– e.g. Similar format of SOPs
• Next best - Inspection Host should be conversant in the different system

• Interpretation of a COTS
• Acceptability of spreadsheets
• “Hybrid” systems (signed spreadsheets)
• Availability of information
• Availability of staff to discuss CSV
• Availability of audit reports

• Visibility of CS issues within the deviation management system
• Recovery of archived information from redundant systems
• Re-interpretation of the GAMP categories
• An incomplete list of CSs and GAMP ratings

– All reasonable steps had not been taken to ensure that software, used in connection with
GMP operations at the site had been produced in accordance with systems of
Quality Assurance.

• The preventative maintenance programme was inadequate in that:
– The XXXXXX system record reverted to a positive result for all tests when the checklist had been verified.
(other subcomponents omitted)

• The computerised interfaces between the Principle’s inventory management system and the Distributor’s
Service’s inventory management system had not been adequately qualified for the following reasons: -
– No qualification protocol had been drawn up which outlined the qualification criteria and the items that were to be qualified;
– For three of the test reports inspected which related to changing of stock status, the required tests were not completed and the results of the tests performed were not documented;
– There was no qualification report drawn up to document the outcome of the qualification of the tests.

• 1 Laboratory equipment was not subject to the requirements of computerised system validation.
• 2 The “Approved by” section of part 6.0 was not completed on the OQ of software changes for the XXX system on hold tanks VABC and
VDEF.

• 3 During a detailed review it was evident that the company had re-interpreted the
GAMP categories so that the categories in use were slightly different.
• 4 Common scenario where an affiliate in
Ireland is a “user station” for a system which is based in the US, and the US company had responsibility for maintaining the system and ensuring its validated status. No technical agreements in place

• A site in control, with actors in control
• The use of good science
• An optional extra – people who are “into it”!

Contact details: stanoneill@compliancegroup.eu
+353 86 603 2297