The number of Warning Letters sent by the FDA to API facilities in the last eleven and a half months has remained constantly high compared to the previous years. In fiscal year (FY) 2016, 22 have been issued; in FY 2017, 23 and in FY 2018 - which is approaching the end - already 20. Still, among the Warning Letters' addressees the proportion of companies from the Far East is high: 9 come from China, 5 from India, 3 from Japan, 1 from Australia, 1 from Canada and 1 from the Netherlands.
As in the previous fiscal years, FDA inspectors found again a number of GMP violations in the last months too in the area of Laboratory/Quality Control; particularly regarding the handling of analytical data. The respective provision which has been neglected by 7 facilities in total is laid down in ICH Q7 Chapter 6 "DOCUMENTATION AND RECORDS", 6.6 "Laboratory Control Records" paragraph 6.60:
"Laboratory control records should include complete data derived from all tests conducted to ensure compliance with established specifications and standards…"
Please find below some original citations from the Warning Letters showing which deficiencies were discovered by the FDA inspectors:
"Your firm failed to retain and locate the analytical raw data for batches … which you shipped to the United States …"
"You released numerous drugs without completing all required testing. You claimed that the drugs were tested for identity and assay, and met required specifications for these attributes. However, these tests were never conducted …"
"… we found test data sheets with missing sample weights for identity testing, batch/lot numbers for reference standards and reagents, equipment identification, and complete thin layer chromatography data for related compounds."
Another frequent error - also in the Quality Control area - relates to the handling of OOS results. ICH Q7 requires in Chapter 11, "LABORATORY CONTROLS", 11.1 "General Controls" paragraph 11.15 a root cause analysis and clarification for an OOS result:
"Any out-of-specification result obtained should be investigated and documented according to a procedure. This procedure should require analysis of the data, assessment of whether a significant problem exists, allocation of the tasks for corrective actions, and conclusions. Any resampling and/or retesting after OOS results should be performed according to a documented procedure."
Here, 6 companies out of 20 haven't complied with this requirement and either ignored "inappropriate" analytical results or didn't clarify their root cause sufficiently.
"Your firm ignored aberrant analytical test results rather than investigating them, determining the root cause, and implementing appropriate corrective actions."
"Our review of your out-of-specification (OOS) investigations found that you lacked adequate procedures for investigating, and scientific justification to invalidate, OOS results."
As in the last two fiscal years, "data integrity" has remained an important topic which plays a significant role in the Warning Letters from FY 2018 too. In 5 (out of 20) facilities, quality-critical electronic data haven't been sufficiently protected from unauthorised access and manipulation as required in ICH Q7 Chapter 5 "PROCESS EQUIPMENT", 5.4 "Computerized Systems" paragraph 5.43:
"Computerized systems should have sufficient controls to prevent unauthorized access or changes to data. There should be controls to prevent omissions in data (e.g. system turned off and data not captured). There should be a record of any data change made, the previous entry, who made the change, and when the change was made."
The detailed description for this deficiency in the following example from a Warning Letter issued to a Chinese API manufacturer demonstrates the extent of such GMP violations:
"Laboratory equipment used to generate analytical data for batch release purposes by your quality unit lacked restricted access. For example, the high-performance chromatography (HPLC) and gas chromatography systems each had a single username with administrator rights. All users could delete or modify files, and there was no mechanism to trace individuals who may have created, modified, or deleted data generated by computerized systems."
However, the proportion of companies with data integrity issues has slightly decreased compared to FY 2017 and 2016: respectively 7 out of 23 and 12 out of 22.
The graph below shows the repartition of the 4 most frequent GMP deviations in FY 2018.
Observing the Warning Letters and the violations they describe demonstrates how important handling (raw) data, managing deviations (OOS) and ensuring data integrity for passing an FDA inspection are. Besides, inspectors on site also keep a very watchful eye on elementary "good manners" in the production of APIs such as bringing the evidence that cleaning procedures or the analytical methods used are efficiently validated.
Studying the Warning Letters delivers thus valuable information which can be really useful for preparing for an inspection or a supplier audit too.
Note: A detailed analysis of the API Warning Letters will be published in the January issue of our GMP Journal. In the ECA Members Area, you will find soon a detailed evaluation of the Warning Letter quotations from FY 2016 to 2018 in form of a data collection as well as the respective frequency distribution of the single topics.