3 Problems To Avoid When Establishing A Quality System

By Rosario Quintero-Vives, Senior Regulatory and Compliance Specialist, RQV Consulting

For some products on the market, quality is a luxury or an option. However, when your product is under the FDA umbrella, quality is required by law if you want to do business in the United States. In the pharmaceutical industry, the customers we serve have very precise expectations when it comes to product quality — nothing but the best, with the highest standards of production and manufacturing. Because the end product affects people’s lives, pharma companies aren’t afraid to pay whatever it takes to achieve quality. The stakes are very high, and no one wants to take even the slightest risk. With this in mind, I’d like to share some quality-related situations that are a recipe for disaster, if not taken care of immediately with the right tools.

Importance Of Documentation — A Case Study

Documentation in our business is vital, but it can also get you in trouble if it is not properly managed. Have you ever been told not to ask for more information than you need, or not to keep more data than you need? Let me share an example.

At one particular pharmaceutical company, there was a protocol in place to monitor temperature on a purification system that was noted as highly sensitive to changes by the system’s manufacturer. In the facility, there was a shutdown to repair some chilled water lines, which increased the risk of having changes in temperature. The equipment was supposed to be kept between 4°C and  25°C, and the temperature monitoring protocol for the shutdown was written to be executed for only 24 hours — no more and no less. The purpose was to ensure that there were backup systems in place so the correct temperature was maintained, and to document that the system was kept within expectations. In those 24 hours, the temperature was kept within specifications of the equipment and the components. After the chilled water was resumed, the quality expert,

At the beginning of the next manufacturing campaign, when the data was re-collected and analyzed, they discovered that there were actually two exclusions: one at <4°C and the other at 27°C, which clearly represented a violation of the specifications. With the schedule for the next manufacturing campaign so close, and the need for the purification system to process at least the next three lots, they had to open an internal investigation to verify the equipment and the components were suited for another campaign. In the end, they determined the system could go over and under the desired temperature range.

As a former regulator, I would accept this conclusion, since the process for purification takes place in the 2°C to 6°C range.  However I can’t understand why they decided to specify a range of 4°C to 25°C, since the purification process takes place at 2°C to 6°C.  In this situation, the validation scientist and process development specialist could explain how the system could, in fact, be stored at 28°C, according to the provider of this particular material. With that in mind, it was perfectly acceptable — from my point of view.

Regulatory Issues

Even though the temperature issue in this example could be deemed acceptable, I would like to point out three major problems that could compromise the product purified on that system.

1. There was a change in a protocol that was never documented.
2. While executing a protocol that wasn’t supposed to be running, two exclusions were documented on the specifications established by the company.

The parameters of the protocol were narrower than the agency requires, and there was no action plan in place to handle an exclusion.

Analysis Of The Issues — And What It Means To An Auditor

1. Change In Protocol

This company had a written protocol that specified that any change to a standard operating procedure (SOP), protocol, or manufacturing procedure — in the case of an urgent need — must be documented as a change control in the change control system within 24 hours of the event that promoted the change in procedure. The only exception was to document it no later than 24 hours from the moment the change in procedure was identified. If there were no electronic system to start the document online— like it was for this particular manufacturing site — the person that decided to change the procedure and/or protocol must log it in a change control log book as soon the change control system was back on line. This occurrence should also be assigned with a specific code as evidence a change control was taking place.

Between the execution of this protocol and the closure for it, it took the manufacturing manager almost 10 months. That wouldn’t look good to any auditor. How can you explain that you re-collected all your data required under the scope of a protocol — and not closed it for almost a year? What’s even harder to swallow is why they decided to extend the execution of a protocol for over 21 days, and not make it official — even though their own policy stated that they only had 24 hours to do so. They also never documented that they held a meeting to discuss the extension of the temperature monitoring, so there’s no proof that it ever took place. Not to mention, since there were two exclusions, how could they explain this investigation for deviation of procedure, when there wasn’t supposed to be a temperature monitor and, by default, any data at all? These types of decisions are the ones that could potentially get you in more trouble, rather than solve the issues. If those individuals had documented the extension for the execution, everything would have been perfect.

Next, what about the temperature range and the actions that should have been taken?  Almost a year later, we have to solve the extension of a protocol that was never documented, the exclusions that occurred, and the reliability of temperature control in that particular room. We also need to know the root cause for the exclusion while there wasn’t any interruption in the chilled water.  My advice would be to open the change control immediately, use the investigation of the exclusions as supporting documentation, and start an investigation to understand what happened and why there was an exclusion in temperature.

2. Protocol Deviations

When you impose this type of temperature specification, you can’t suddenly decide to accept the supplier’s suggestions. You have to honor the agreement you have with the regulatory agency. For this particular situation, I would suggest going over your response on this type of exclusion and work around that. Otherwise, a good auditor might question your ability to deal with a much more serious event — if you couldn’t even follow an agreement for this particular type of situation. I would also recommend going over the storage specifications of your purification system, and open a change control with the possibility of a future exclusion in mind. You can set high expectations, but you have to make sure you will be able to keep them.Remember, once this is documented and part of a manufacturing agreement, it is a legal obligation to follow. If you fail your own parameters, you will have to honor your agreement with the agency — no matter how much money it will cost or how much it will delay your manufacturing dates.

3. Manufacturing Agreements

Manufacturing agreements should be taken seriously. There are companies that have lost billions of dollars because of deviations from their own procedures that end up in a consent decree. You could lose credibility and the trust of patients, suffer a shut-down of a manufacturing facility, and even degrade stock value. Deviation of procedure is like an octopus — it has tentacles everywhere in your facility and could impact all operations. There is no such thing as GMP or “non”-GMP, if it could impact your parameters. Manufacturing is auditable and, by default, is cGMP.  Sorry for the unfortunate news, but there are only two things out of reach for the FDA: 1) your employees’ records, especially if you keep medical information, and 2) your financial records (there are other legal ways the government can go there, but not through FDA).

There’s a silent law among regulatory professionals: if there are no procedures in place to manage deviations from a rule…then there  is no true “rule.” This is very important to remember. For example, you should never have sensors or alarms, without a plan to manage any potential scenario. I have seen clients that have had practically thousands of sensors, but the employees had no idea what protocol to follow if any of those sensors were actually activated. Word to the wise – be sure to have a written procedure for any potential situation. An auditor inspecting your facility will ask the question. Whether we are talking about a routine visit or a visit to approve a commercialization agreement, follow this rule if you decide to go above the agency recommendations. Once you take that step, you can’t go back — you have to establish what you will do in case of a deviation or exclusion. If you don’t have a plan, you could end up with:

1. An observation from the FDA that could even become a warning letter or a consent decree in the best-case scenarios.
2. Recall of your products and a burst of extra costs to your clients. (Remember, when you have a recall, you have to write a certified letter to all the drug stores in the nation —costs of paper, certified letters, etc. could add up to around $500K).
3. Loss of the credibility from the agency, the public, and health professionals.
4. A potential public relations nightmare.

When you add up the costs from this silly mistake, especially since your intention was never to compromise the product, it could haunt you for the rest of your career in the pharmaceutical industry.

On a related note, if equipment or raw material systems go above or below your specifications, and your organization doesn’t have documentation to manage it, there’s a possibility that the agency will request that you substitute the equipment or the materials while you resolve the matter.  In that case, you will have a double-problem if you don’t have a backup for that equipment. You will compromise your production schedule, potentially resulting in lost income. If the agency steps in to make the decision on how to manage your situation, know that the actions taken are not always sympathetic toward the manufacturer.  Put simply, they don’t have your stockholders or your board in mind in such scenarios —they are thinking of the patients, the law, and COMPLIANCE.

In conclusion, we are talking about your company’s culture and its ability to manage critical situations. An auditor could see this as a symptom of a very serious disease and approach your organization with a very critical eye — with good reason. This type of problem can start as a small snowball and end up becoming an avalanche. If you see any of these problems in your organization, you must take immediate action with your employees, because they could cut corners later on more serious matters, compromising your entire business and institutionalizing the problem.

About The Author:

Rosario is a regulatory and compliance specialist  with eight years of experience in the pharmaceutical and biopharmaceutical industries. Her expertise is in commissioning, remediation, and CAPA projects in Puerto Rico and the Continental United States — with experience in diverse environments like academia, design, project management, and Quality by Design systems. She has also worked in laboratories for final and intermediate products, addressed Consent Decree and Warning letters, constructions for regulated environments, and commercialization of new drugs.