New documents or drafts for comment
There are no new Organisation for Economic Co-operation and Development (OECD) documents or drafts released for comment since the August update, however, it is anticipated that the OECD GLP Data Integrity Guidance will be released for consultation shortly.
Medicines and Healthcare products Regulatory Agency (MHRA) “Clinical investigations of medical devices – guidance for manufacturers” has been updated in January 2020. This revises the section on practical decisions on when a clinical investigation is required.
European Commission (EC) version 2.3 of the Questions & Answers paper relating to the Clinical Trials Regulation (EU) No 536/2014 (CTR), issued in November 2019. Certain sections of the Q&A document are not yet complete, updated sections are being published progressively.
The EC has also issued “Guidelines on Good Clinical Practice specific to Advanced Therapy Medicinal Products” in October 2019.
European Medicines’ Agency (EMA) draft “Guideline on the quality requirements for drug-device combinations” has reached the end of its consultation period, the agency plans to finalise the guideline before the regulation fully applies on 26th May 2020.
EMA draft document “Reflection paper on Good Manufacturing Practice and Marketing Authorisation Holders” was released for public consultation and is open until 17th April 2020.
World Health Organisation (WHO) “Guideline on Data Integrity” is undergoing consolidation of comments received and review of the feedback with an aim of completion in 2020.
The International Organization for Standardization (ISO) issued its revised standard ISO 14971:2019, on “The application of risk management to all phases of the life cycle medical devices”, giving more attention to the benefits expected from devices, as well other clarifications and additions from the previous version. The revised document also provides an explanation of how senior management needs to define a policy for establishing criteria for risk acceptability based on national / regional regulations and relevant international standards.
There are a number of Veterinary Products EMA Guidance Documents open for consultation, please see the latest Research Quality Assurance (RQA) magazine Quasar or contact the Discovery and Development team directly for further details (GLP@tmqa.co.uk).
The MHRA presented the following points at their Good Practice for Laboratories held on 12th February and following the theme of “Fit for Intended Use.” The points discussed were defined as applicable to all of the good practice arenas i.e. GLP, GCP and GMP which is where determination, documentation and justification for what you intend to do becomes the critical component in operating in compliance with your regulations.
- Change: Progress is a constant and as scientists we are often at the forefront of innovation, that being said, we also require to be in control of everything we do in a regulated environment. We need to ensure that all the improvements and changes we make are based on sound scientific judgements and undertaken in a controlled and compliant manner.
– Monitoring changes in the regulatory environment. How do you do this? Who is responsible for it? How do you document whether an update is applicable for you or not?
– Change control is a critical component and culture as well as people and systems must all be considered during this process to ensure no one aspect can put the whole at risk of failure. Ensure you have captured the interactions between facets including people, equipment, measurement, materials, methods and environment.
– And once you’ve made the change, be sure to confirm its effectiveness.
- Equipment: most labs are used to validation but are you doing enough or focusing on the correct areas? How much do you rely on the vendor to do and is this level of delegation appropriate for you to be able to evidence control and confirmation that the system / item is fit for your intended use?
– User Requirement Specifications (URS): Define them before you get going; from balances to LCMS, update them when there are changes and use them if you get a vendor to support you in implementation or qualification.
– Acceptance Criteria: Define them before you get going and assess against them. You know what you want the system to do. This doesn’t stop you taking advice but be clear on what you need it to do then make sure it does it. If you’re using a vendor to do periodic maintenance this point still applies, set the criteria then ensure you have documented your verification against your criteria.
– Vendor oversight: Are you in control of how they perform qualification or maintenance? How do you ensure they are performing the tasks you need them to i.e. work instruction or approval of their testing instruction? Does their data recording comply with data integrity guidance? How do you ensure ALCOA data recording is applied?
– Calibration of temperature probes: single point calibration of probes used to assess temperature ranges is not considered sufficient. The probe should be assessed over a range of points that it is expected to measure e.g. at least 3 temperatures.
– Computerised systems bring an additional level of complexity and topics covered included:
> Historical records of permissions? How do you evidence the permissions an individual had on a certain date?
> Good practice training for any IT staff. If they have a role in the operation or maintenance of the system from admin rights to electronic archivist, they need to understand the regulatory requirements.
> Back up and archive: These are not the same thing. The length of storage and levels of control of items in each of these circumstances is not the same and processes should reflect this.
- Analytical Methods: A mixture of points was presented here. While it was acknowledged there are differences across the good practices, many items are considered best practice even if not a requirement.
– Method transfer: without performing an assessment, how do you demonstrate the method is fit for purpose? The criteria and number of replicates are not mandated but demonstration of assessment of risk is an expectation. Sponsor determination, like vendor determination in equipment qualification may provide useful information but you are the experts.
– System Suitability Tests: running of a sample to evidence the appropriate response of your system cannot include the use of samples under examination.
– Out of specification investigations: inspection findings have noted non-definitive outcomes including e.g. “subtle differences in mobile phase.” In a controlled environment, with trained staff and controlled methods and procedures, these types of responses are not appropriate.
- Training: Individuals performing tasks must be appropriately trained and understand both the task and the systems and regulations surrounding it.
– Culture plays a key role; are your staff able to speak up about queries and concerns? Are they valued for highlighting flaws and risks or punished? Is risk assessment a task for QA and not for all stakeholders?
– Re-evaluation / assessment: While reassessment is required for GMP, it must not be forgotten to ensure people are fit for purpose as a critical factor of all good practices. It should also be tied in with other updates and effectiveness checks following changes.
– Key training and optional or additional components: Define each for clarity.
– Evidence: You should be able to demonstrate that topics, and in addition the level of detail, covered are appropriate e.g. slides and notes if slides are high level.
– Job descriptions: There should be visibility of acceptance by both management as the people assigning the role and the individual as the person accepting on documents e.g. by dated signature.
- Data flows, mapping and reporting: While it can be overwhelming there are tools including overlays and definitions of criticality.
– Engagement with different stakeholders from IT and QA to analysts, metrology technicians and management is key to a well rounded assessment. Each will likely approach risk from a different perspective all of which can be vital. In addition, the link to the integrity of the report should not be excluded from any assessment.
– The use of caveats and inclusion of “unreliable data” in reports was highlighted. All reports are required to be transparent, complete and reliable.
– Interim reports and GLP compliance statements: The MHRA position has not changed. Statements should not be included except at the express request of a regulatory authority. The MHRA guidance paper on this topic is progressing and is expected in the near future.
- GCP labs
– Know your work. Understand what work is ongoing at your facility and what area it is in e.g. GCP, research, etc. The MHRA makes no distinction about the criticality of endpoints, if your endpoint is in the protocol, then it is required to meet GCP.
– The lab inspection programme is out of pilot and into operation. There is no intention to publish the inspection process but there will be notification of metrics and a blog on the subject.
The Good Clinical Practice (GCP) Symposium was held on 13th and 14th February 2020 in partnership with the FDA aimed at commercial organisations and covered topics such as sponsor oversight of clinical sites and laboratories, eSource including electronic health records, protocol deviations featuring the impact on data reliability as well as subject safety and the challenges in ensuring data quality in novel clinical trial designs. Keep your eye on our clinical regulatory news if this is your area of interest.
MHRA Inspectorate Blog
List of new publications since the August 2019 Laboratories Regulatory Update:
- 8th August 2019 by Tracy Moore “Falsified Medicines and the supply chain”, regarding supply chain security as Falsified medicines can pose as a threat to the legitimate supply chain.
- 21st August 2019 by Ione Gyamfi “Analytical Quality by Design (AQbD): questions and answers” on Analytical Quality by Design and why is the MHRA interested in it for Pharmacopoeial Standards.
- 16th September 2019 by Terry Madigan “Supply chain security: part 1 – introduction”, the first of a series of blog posts aimed to assist distributors to improve security standards by sharing best practice within the industry and developing a good security culture.
- 4th October 2019 by Asif Janjua “MHRA Process Licensing: useful information”, discussing the responsibilities of the Process Licensing Office, which deals with the manufacture, assembly and wholesale distribution of medicinal products under UK and EU legislation, an overview of the MHRA Process Licensing Portal and the Heads of Medicines Agencies Portal is also given.
- 8th October 2019 by Paula Walker, Gail Francis and Jennifer Martin “Round Table: The impact of Electronic Health Records on UK Clinical Trials” a roundtable discussion which was held on 28th October 2019 by the GCP inspectorate aimed at suppliers of electronic health records in both primary and secondary care
- 25th October 2019 by Jason Wakelin-Smith “Inaugural GCP Laboratories Stakeholder Engagement Meeting (StEM)” providing a summary of the meeting that had taken place on 7th May 2019 at MHRA offices in London.
- 31st October 2019 by Mark Birse “Digital Health and Pharma 4.0”, discussing the MHRA’s work on digital health. This can be divided into three key areas: cross–government work on Artificial Intelligence (AI); cross healthcare landscape work on digital and AI and internal MHRA work.
- 17th December 2019 by Anna Adams and Trevor Watson “Passing the baton from GPvP to GMP: Three top tips for protecting patients and staying compliant.”
- 23rd December 2019 by Jennifer Martin “MHRA GCP Non-Commercial Symposium 2019”, providing a summary of the annual GCP Symposium held by the MHRA on 11th September 2019 in Manchester.
- 11th February 2020 by Graham Carroll “The 2019 GMDP Symposium” providing a summary of the meeting which this year focused on supply chain challenges faced by wholesalers.
For further information visit https://mhrainspectorate.blog.gov.uk/
The MHRA has issued the following updates:
- 16th September 2019, list of laboratories that are members of the UK GLP Compliance Monitoring Programme.
- 1st October 2019, meeting minutes and the presentation from the GCP Stakeholder Engagement Meeting.
- 8th January 2020, list of accredited Phase I units.
EQA European Conference Dublin November 2019
Research Quality Association’s (RQA) third European conference 2019 was held at the Convention Centre, Dublin over three days on 6th – 8th November 2019 hosted by RQA, German Quality Management Association (GQMA) and Société Française d’Assurance Qualité (SOFAQ) with the support of other European Associations. Representatives from JSQA and SQA were also in attendance in anticipation of the global conference in Sendai, Japan in 2020.
Presentations were provided on a number of topics and disciplines and some laboratory specific highlights are described below:
- E-Archiving in the Cloud: The session included discussion of the compliance, strength and limitations of archiving using cloud based systems. The need for system validation was reiterated including ensuring reliability, authenticity, integrity and usability of the archived data, with readability being checked at appropriate intervals. System security from both a physical and virtual perspective is also critical. Potential risks and limitations to be considered were highlighted as change controls, software updates, periodic review and ensuring readability of the data. The retention period may also differ depending on the period defined by national laws and regulations, expedited retrieval of the data could also be affected by different time zones and different file properties could hamper reprocessing or reimporting to the original system.
- ICH E6 (R3): This revision of the document will include full re-write of principles and annexes aligned with ICH E8 as appropriate. A clear and concise scope where expectations are fit for purpose, focusing on principles and objectives critical to quality design aspects addressing differences between regulatory trials of unapproved drugs compared to pragmatic trials of approved drugs. Focus remains on investigator site practices and overarching principles – human subject protection and data quality using a risk-based approach to oversight and monitoring.
- GLP specific expectations:
– Review of study plans by QA prior to initiation. Regulators agree that before study initiation the study plan should be supplied to QA for review.
– Changes of product (test item) name post report finalisation. A report amendment can be issued to change the name of the test item with Sponsor request attached and determination of the equivalence or Test Item.
– Electronic data from GLP studies may be stored and / or archived in data centres managed by third parties e.g. Amazon Web Services. These data centres, in general, are not considered to be GLP test facilities, however, there is an expectation from some monitoring authorities that the data centre should be inspected by the national monitoring authority of the country in which it is based at. In the UK, as long as test facility has sufficient oversight and performed a vendor assessment, the data centre would only be inspected by GLP monitoring authorities if there was an issue and / or potential legal breaches.
– Electronic Signatures on GLP Documents. Any GLP document is accepted with a validated electronic signature, it must be retained on an electronic format with full accountability, signature clearly traceable. Docusign does not meet the requirements of a qualified electronic signature system as far as German regulators are concerned and the Environmental Protection Agency (EPA) does not accept qualified electronic signatures which may be a problem for multi-country submissions.
– Terminated GLP Studies. For a GLP study terminated before the end of the study, an amendment needs to be written and short summary report subjected to QA. It is unlikely to be able to claim compliance as it has not met the study’s objective.
– Use of Non-GLP Personnel, Sites or Activities. The MHRA suggests formal advance notification to extend footprint to another organisation. It requires risk assessment and justification included to explain why decisions have been made to select a nonGLP site. France and Austria would not give “authorisation” or approval to use.