The FDA and EU regulatory authorities have taken action against API manufacturers in the past ten days. The EU Croatian authorities found that a site in India does not comply with the EU Guidelines for manufacture of APIs. The FDA issued four warning letters regarding sites outside the US: China, India, Italy and Germany. Three of the four warning letters cite concerns with data integrity. All sites manufacture API’s and the site in Italy also manufactures injectable dosage forms.
The competent authority of Croatia determined that Dhanuka Laboratories Ltd. (India) are not operating in compliance with GMPs for active substance manufacture. The inspection was conducted February 19, 2016. The named active substance in question is Cefixime. The inspection identified thirty-two (32) deficiencies, one was deemed critical and seven were classified as major. The critical observation states: “The QA system implemented on site, which related to the workshops that were engaged in the manufacture of Cefixime, was found to be weak and not capable of proper design, planning, implementation, maintenance and continuous improvement of a system that allows the consistent delivery of products with appropriate quality attributes. These observations are accordingly identified in the relevant sections. The GMP violations were considered as very severe and thus bearing a risk to either human or veterinary patients.”
The Croatian authorities recommend withdrawal of the GMP certificate issued by Poland, removal of the MA should be considered, and no additional material should be provided for distribution while the non-compliance determination is in force.
Tai Heng Industry Co., Ltd (Shanghai, China) received a warning letter dated May 12, 2016 based on an inspection ending May 11, 2015. The firm manufactures APIs and is not yet listed on the import alert listing on the FDA website. Deficiencies include but are not limited to:
- Samples were routinely tested until passing results were obtained. Failing results were not reported, investigated or included in the official records.
- The QC analysts had ADMIN privileges and shared passwords and manipulated the HPLC computer clocks to change the chronology of testing events. FDA further states that the firm “relied on incomplete records to evaluate the quality of your drugs and to determine whether your drugs conformed with established specifications and standards.”
- Rather than completing batch records contemporaneous with performance of the activities, the firm used ‘mock’ sheets and completed the official record afterward and then backdated the production records. The firm could not produce evidence that the “official” record was accurate.
In addition to responding to the specific observations, the firm is requested to:
- “A comprehensive investigation into the extent of the inaccuracies in data records and reporting. Your investigation should include:
- A detailed investigation protocol and methodology; a summary of all laboratories, manufacturing operations, and systems to be covered by the assessment; and a justification for any part of your operation that you propose to exclude.
- Interviews of current and former employees to identify the nature, scope, and root cause of data inaccuracies. We recommend that these interviews be conducted by a qualified third party.
- An assessment of the extent of data integrity deficiencies at your facility. Identify omissions, alterations, deletions, record destruction, non-contemporaneous record completion, and other deficiencies. Describe all parts of your facility’s operations in which you discovered data integrity lapses.
- A comprehensive retrospective evaluation of the nature of all data integrity deficiencies. We recommend that a qualified third party with specific expertise in the area where potential batches were identified should evaluate all data integrity lapses.
- A current risk assessment of the potential effects of the observed failures on the quality of your drugs. Your assessment should include analyses of the risks to patients caused by the release of drugs affected by a lapse of data integrity, and risks posed by ongoing operations.
- A management strategy for your firm that includes the details of your global corrective action and preventive action plan. Your strategy should include:
- A detailed corrective action plan that describes how you intend to ensure the reliability and completeness of all of the data you generate, including analytical data, manufacturing records, and all data submitted to FDA.
- A comprehensive description of the root causes of your data integrity lapses, including evidence that the scope and depth of the current action plan is commensurate with the findings of the investigation and risk assessment. Indicate whether individuals responsible for data integrity lapses remain able to influence CGMP-related or drug application data at your firm.
- Interim measures describing the actions you have taken or will take to protect patients and to ensure the quality of your drugs, such as notifying your customers, recalling product, conducting additional testing, adding lots to your stability programs to assure stability, drug application actions, and enhanced complaint monitoring.
- Long-term measures describing any remediation efforts and enhancements to procedures, processes, methods, controls, systems, management oversight, and human resources (e.g., training, staffing improvements) designed to ensure the integrity of your company’s data.
- A status report for any of the above activities that are already underway or completed.”
- The firm does not have stability data to support the expiration date assigned to the API. The firm responded that they would now follow their SOP and perform stability testing but their response was deemed inadequate because they did not include any retesting of the API already distributed.
- The firm does not have a change management system. In the specific example cited, a crude raw material supplier was not adequately evaluated nor was the change adequately documented.
- The firm documented an OOS result that was possibly due to the change in supplier, but other lots made with the material from the new supplier were not evaluated.
- Computer systems employed shared passwords and did not have audit trail capabilities. All analysts had ADMIN privileges. Electronic data could be deleted or manipulated without being able to trace the action to a single individual. Data from instrument were copied to a CD and then deleted from the instrument system to free up space on the hard drive. There was no demonstration that all data were accurately transcribed to the CD.
In addition, the firm was required to: “In your response to this letter, investigate your retention and review of CGMP data and provide the results. Focus on your firm’s review and retention of laboratory raw data. In addition, provide your interim plan for reviewing and retaining data while your firm is in the process of implementing access controls and audit trail capabilities.”
CordenPharma (Sermoneta, Italy) received a warning letter dated May 20, 2016 based on the outcome of an inspection ending May 29, 2015. The firm manufactures both APIs and sterile drug product. Fierce Pharma reports that “CordenPharma last year got FDA approval to produce sterile products at a plant in Italy. Now, it has gotten an FDA warning letter for a host of issues for its aseptic filling, including the fact the FDA doesn’t like the plant’s design when it comes to sterile production.” It seems odd that a facility with inadequate design and the problems described in the warning letter would have been approved in the first place. Deficiencies include but are not limited to:
- “Black grime and filth” were visible on the tiles in the aseptic processing area. FDA reminds them that floors in an aseptic processing area should be smooth hard surfaces, and they ask for photographic evidence of the “floor replacement” as well as requalification of the environmental monitoring and a media fill strategy. These are not the type of remediation that will happen quickly.
- Cleaning procedures in the aseptic area involved spraying of water that left standing water pools that could be a source of microbial contamination.
- Bulk drug product samples are not taken and tested for sterility.
- Sixty-one media plates used in environmental monitoring were damaged or in a condition where they may have resulted in an under estimation of microbial contamination.
- The sterile API rooms had floor drains which FDA states are not consistent with ISO5/ Grade A area facility design and operation. The firm is provided a link to the FDA’s Guidance on Aseptic Processing.
All these observations beg the question of why these deficiencies were not identified during the PAI, assuming one was conducted.
DRUGS, API: Megafine Pharma Limited (Mumbai, India) received a warning letter dated May 19, 2016 based on the outcome of an inspection ending May 15, 2015. The firm was placed on import alert on October 14, 2015. The firm manufactures APIs. Lack of data integrity was the predominant feature of the deficiencies identified in the warning letter. Deficiencies include but are not limited to:
- The chromatogram for a reference standard was substituted for a 12-month stability result.
- Multiple analysts deleted peaks in chromatograms without justification. Of particular concern are peaks that may be due to residual solvents.
- The Quality Unit released an API lot even though it failed a specification for an impurity.
FDA further states, “Your quality system does not adequately ensure the adequacy and integrity of data to support the safety, effectiveness, and quality of drugs you manufacture. We acknowledge that you are using a consultant to audit your operation and assist in meeting FDA requirements.” They are also required to provide responses to three multi-part requests that have become common boiler-plate in FDA warning letters as in the first warning letter addressed above. This will be expensive in time and personnel and will not happen quickly.