This page lists the European Medicines Agency's answers to frequently asked questions, as discussed and agreed by the Good Manufacturing Practice (GMP) / Good Distribution Practice (GDP) Inspectors Working Group.
Further questions and answers are published as the need arises. Individual questions and answers may be removed when the relevant GMP guidelines are updated.
- H: applicable to human medicines
- V: applicable to veterinary medicines
Table of contents
- European Union (EU) GMP guide part I: Basic requirements for medicinal products: Chapter 3: Equipment
- European Union (EU) GMP guide part I: Basic requirements for medicinal products: Chapter 5: Qualification of suppliers
- EU GMP guide part II: Basic requirements for active substances used as starting materials: GMP compliance for active substances
- EU GMP guide part II: Basic requirements for active substances used as starting materials: GMP compliance for active substances in investigational medicinal products (IMPs)
- EU GMP guide annexes: Supplementary requirements: Annex 1: Manufacture of sterile medicinal products
- EU GMP guide annexes: Supplementary requirements: Annex 6: Manufacture of medicinal gases
- EU GMP guide annexes: Supplementary requirements: Annex 8: Sampling of starting and packaging materials: Glycerol
- EU GMP guide annexes: Supplementary requirements: Annex 8: Sampling of starting and packaging materials: Use of near-infrared (NIR) technology for container-wise identity testing
- EU GMP guide annexes: Supplementary requirements: Annex 11: Computerised systems
- EU GMP guide annexes: Supplementary requirements: Annex 13
- EU GMP guide annexes: Supplementary requirements: Annex 16
- EU GMP guide annexes: Supplementary requirements: Annex 19: Reference and retention samples (Updated)
- General GMP
- GMP certificates
- Inspection coordination
- Data integrity (NEW August 2016)
- Related links
European Union (EU) GMP guide part I: Basic requirements for medicinal products: Chapter 3: Equipment
- 1. Should metal detectors be used routinely in manufacturing processes for certain dosage forms e.g. tablet compression and encapsulation processes? H+V February 2015
Metal could originate from raw materials as well as from equipment in manufacturing processes where metal parts could generate fragments due to the conditions of operation or damage to the equipment.
It is recommended that metal detection is used for processes prone to this.
In order to avoid routine use of metal detectors the company must demonstrate that it has identified and managed the risks such that the use of metal detectors for that particular process is not needed.
European Union (EU) GMP guide part I: Basic requirements for medicinal products: Chapter 5: Qualification of suppliers
- 1. Is an audit performed by a third party acceptable? H+V July 2006
The document 'guidance on the occasions when it is appropriate for competent authorities to conduct inspections at the premises of manufacturers of active substances used as starting materials', published as part of the Community procedures, states that it is expected that manufacturing-authorisation holders will gain assurance that the active substances they use are manufactured in accordance with GMP through audit of the active-substance suppliers. Small manufacturers may not have the necessary expertise or resource to conduct their own audits.
Section 5.25 of the GMP guideline requires starting materials to be purchased from approved suppliers and about whom the manufacturer has a particular and thorough knowledge.
An audit conducted by the manufacturing-authorisation holder itself should be integral to the manufacturer's quality-assurance system and subject to the basic GMP requirements, i.e. conducted by properly qualified and trained staff, in accordance with approved procedures. It should be properly documented. These aspects can be inspected as necessary by the competent authorities.
If a third party is involved, the arrangements should be subject to chapter 7 of the GMP guideline. There should be evidence that the contract-giver has evaluated the contract-acceptor with respect to the aspects described above.
All parties involved should be aware that audit reports and other documentation relating to the audit will be made available for inspection by the competent authorities if requested. This should normally provide sufficient assurance that the results of an audit carried by the third party are credible, thus waiving the need for an audit conducted by the manufacturing-authorisation holder itself. However, it must also be satisfactorily demonstrated that there are no conflicts of interests. Conflicts of interests could arise for example from:
- a commercial relationship between the organisation performing the audit and the organisation being audited;
- a personal conflict on the part of the auditor where he / she has been employed by the organisation being audited in the recent past (i.e. within the last three years) or has a financial interest in it.
This topic should also be addressed in the technical contractual arrangements. Any measures taken by the contract-giver should be documented, e.g. signed undertakings by the auditors.
Similarly, the principles outlined above could be used to allow sharing of audit reports between different manufacturing-authorisation holders using the same active substance supplier, provided that the scope of the audits can be shown to be applicable to the active substances of mutual interest.
- 2. Is it possible to use multiple batch numbers in packaging of medicinal products? H+V January 2005
GMP inspectors have discussed the desirability of more than one batch number appearing on the packaging of medicinal products.
It is normal practice for companies to use a bulk batch number that is different from the finished product batch when the bulk is packaged as several sub-batches. There is normally an element in the numbering format common to the bulk batch and finished product batches that clearly ties these together. The difference normally takes the form of a suffix, prefix or both.
A matter of concern for the inspectors is when the bulk and finished product batch numbers are completely different and there is no obvious connection between the two. Even though the manufacturer has a system of traceability, the inspectors agree that this is an undesirable practice and should be avoided. The main reasons for this are:
- patients and healthcare professionals may mistakenly believe that there has been a packaging error;
- hospitals often remove products from the outer packaging and traceability may therefore be lost;
- confusion may occur in the case of recall, rendering such action potentially ineffective.
It is accepted that there may be exceptional cases where multiple batch numbers are displayed on a pack, such as in combination product packages. In addition, products that require relabelling following parallel distribution are expected to display the original manufacturer's batch number. Manufacturers are recommended to discuss individual cases with the relevant supervisory authority. In all cases, traceability must be maintained.
- 3. What are the expectations with regard to documentation and verification of the supply chain for active substances (ref. Paragraph 5.29, Chapter 5 EU GMP Guide)? H+V August 2015
The supply chain for each active substance must be established back to the manufacture of the active substance starting materials. This should be documented and must be kept current. The risks associated with this supply chain should be formally documented. Control of each incoming consignment of active substance should include verification that it has been received from the approved supplier and approved manufacturer. The entire supply chain should be verified for a supplied batch periodically to establish a documented trail for the batch back to the manufacturer(s) of the active substance starting materials. The frequency of this verification should be based on risk.
EU GMP guide part II: Basic requirements for active substances used as starting materials: GMP compliance for active substances
- 1. How can GMP compliance for active-substance manufacturers be demonstrated? H+V April 2011
Directive 2001/83/EC as amended (Directive 2001/82/EC for veterinary medicinal products) states that manufacturing-authorisation holders are obliged to use, as starting materials, only active substances that have been manufactured in accordance with the detailed guidelines on GMP for starting materials. Thus the legislation puts the responsibility on the manufacturing-authorisation holders using the active substance and does not foresee mandatory routine inspections of active-substance manufacturers.
To provide guidance on how GMP compliance of active-substance manufacturers should be established, guidance documents have been published on this website, including the 'guidance on the occasions when it is appropriate for competent authorities to conduct inspections at the premises of manufacturers of active substances used as starting materials' as part of the Community procedures. This document states that it is expected that manufacturing-authorisation holders will normally gain assurance that the active substances it uses are manufactured in accordance with GMP through audit of the active-substance suppliers.
In addition, a number of questions and answers on audits of active-substance manufacturers on this page provide further guidance.
- 2. Do I need to perform an audit of an active substance supplier if it has been inspected by an inspectorate from a European Economic Area (EEA) Member State and a valid GMP certificate is available? H+V July 2006
Manufacturing-authorisation holders sometimes confuse the role of inspectorates with their own obligations but nevertheless, when inspection reports or GMP certificates issued by European Economic Area (EEA) mutual-recognition-agreement (MRA) partners or other recognised authorities are available, these can provide useful information to manufacturing-authorisation holders.
However, these alone cannot fulfil the statutory obligations of the manufacturing-authorisation holder or the requirements of section 5.29 of the GMP guideline, but the results of inspections may be used together with other supporting information in a risk-based approach by the manufacturer in establishing priorities for its own audit programme of active-substance suppliers.
- 3. Is it acceptable to perform a remote assessment based on, for example, questionnaires, review of documents, Internation Organization for Standardization 9000 certification, results of analytical testing and historical experience with the supplier? H+V July 2006
The EEA inspectorates are not generally in favour of 'paper-based audits' per se as they do not provide the same level of assurance as on-site assessments, but do accept that they have a part to play in a risk-based strategy.
They may be particularly applicable when recent positive inspection information is available and where satisfactory audits have been concluded in the past. They cannot replace on-site audits of active-substance suppliers but can be a useful interim and temporary measure within the manufacturer's audit programme.
- 4. How do the new requirements affect importers of medicinal products? H+V July 2006
Importers are manufacturing-authorisation holders and so the obligations under Article 46f/50f of Directive 2001/83(2) apply to them. For importers, the possibility of a second-party audit performed by the third-country manufacturer that uses the active substance as a starting material may be a further option.
Importers are already obliged to ensure that the third-country manufacturer complies with standards of GMP equivalent to those of the European Community and should have established arrangements in line with chapter 7 of the GMP guideline. They should therefore be fully satisfied that the third-country manufacturer has adequately demonstrated that the active substances it uses for products destined for the European Community have been manufactured in accordance with GMP.
Importers may of course choose to verify the standards of GMP at the active-substance suppliers themselves or through a third party. Whichever option is chosen, the questions and answers above are also relevant.
- 5. Is it possible to ask for a voluntary inspection of an active substance manufacturer? H+V February 2015
First, the responsibility for only using active substances that have been manufactured in accordance with GMPs is placed on the holders of a manufacturing authorisation (MA). An inspection of the active substance manufacturer by an EEA authority does not liberate a MA holder from this responsibility.
Article 111 (1f) of Directive 2001/83/EC and Article 80(1) of Directive 2001/82/EC, have provision for the competent authority of the Member State concerned to carry out inspections of starting material manufacturers at the specific request of the manufacturer. The request for the inspection should be made to the EEA competent authority where the site is located or, in case of sites located in third countries, to a competent authority where the starting material is used in the manufacture of medicinal products. If this is not the case, any EEA authority can be approached.
There is no guarantee that such a request will be fulfilled since competent authorities primarily use risk-based principles to plan starting material inspections. Thus, when a starting material manufacturer applies for a voluntary inspection, this does not constitute an obligation for the competent authority to trigger an inspection.
- 6. The notice to applicants requires the submission of a declaration signed by the qualified person (QP) that the active substance used is manufactured in accordance with GMP. The active substance in my product is widely used, but not normally as a pharmaceutical active substance, and I am having some difficulty in confirming compliance. What should I do to furnish the required declaration? H+V September 2008
Full compliance with GMP for finished products and active substances is a legal obligation for manufacturing-authorisation holders. It is recognised that for a small number of medicinal products, the primary use of the active substance is not in a medicinal product and the producer may therefore not be aiming to meet the specific requirements of pharmaceutical customers that represent an insignificant volume of business.
Alternative sources should normally be sought, but in exceptional circumstances the manufacturing-authorisation holder should assess and document to which extent GMP is complied with and provide a risk-based justification for the acceptance of any derogation.
The declaration provided by the QP should set out in detail the basis for declaring that the standards applied provide the same level of assurance as GMP. The European Medicines Agency will collect experience with this approach, which can be used as a basis for discussion on related amendments to guidelines in the future.
- 7. What kind of GMP documentation is needed for an active-substance manufacturer that performs sterilisation of an active substance? July 2010
The GMP basic requirements for active substances used as starting materials (EU GMP guideline part II) only applies to the manufacture of sterile active substances up to the point immediately prior to the active substance being rendered sterile. The sterilisation and aseptic processing of sterile active substances are not covered by this guideline and should be performed in accordance with GMP for medicinal products (Commission Directive 2003/94/EC as interpreted in the basic requirements for medicinal products including annex 1 of the EU GMP guideline part I). This implies that for any active-substance manufacturer that performs sterilisation and subsequent aseptic handling of the active substance, a valid manufacturing authorisation or GMP certificate from an EEA authority or from an authority of countries where MRA or other Community arrangements apply has to be submitted.
The active-substance manufacturer also has to submit data on the sterilisation process of the active substance (including validation data) to the marketing-authorisation applicant or holder for inclusion in the dossier submitted for the finished product and approval by the licensing authorities.
- 8. During inspections, why do inspectors sometimes ask to see reports of audits of active substance manufacturers carried out by the medicinal product manufacturer? H+V May 2013
Inspectors may need to see audit reports during inspections as part of the assessment of the manufacturing-authorisation holder’s systems for confirming GMP compliance of active substance manufacturers or suppliers. Inspectors will expect to see the full details of these reports upon request, including responses received from the audited site, indication of closure of deficiencies raised or commitments made.
- 9. What expectations do inspectors have for the content of reports of audits of active substance manufacturers carried out by the medicinal-product manufacturer? H+V May 2013
As a minimum, the following is expected to be included in the report:
- The full postal address of the site. The auditors must be identified by full name and their employer recorded. If the audit is conducted on behalf of other parties this should be clear in the report. Where an audit report is obtained through a third party, the manufacturing-authorisation holder is responsible for ensuring the validity and impartiality of the audit report. The identity of key staff participating in the audit should be recorded along with their roles.The full contact details of the person through which the audit was arranged should be recorded including contact details (e-mail address, telephone number). The dates of the audit should be recorded, with the full-day equivalents clarified if full days were not spent on site. A justification should be recorded for the duration of the audit. If, in exceptional circumstances, the audit had to be restricted to fewer days on site than required by the scope of the audit, the reasons should be explained and the conclusions with respect to the GMP status of the site should be justified.ackground information on the active substance manufacturer should be recorded; this should include the company ownership, the age of the site, the number of staff employed in total and for the specific products being audited. The role of the site in manufacture of the active substances being audited should also be clarified for each of the active substances being audited, e.g. if the site performs the full manufacture or only part of the manufacture.
- The scope of the audit should be clearly stated e.g. what activities (against European Union GMP part II / International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH) Q7 chapters) were covered. The activities which were not covered by the audit should also be clearly recorded. Auditors should identify the high risk areas for audit specific to the site or products being audited. For example, these could include but not be limited to:
- process, cleaning or validation;
- risk of cross-contamination with other active substances or other substances;
- potential for generation of unknown impurities;
- risk of mix-up of materials and products through materials handling or packing;
- change control;
- deviation recording or management;
- security sealing of active substance containers and security or temperature control of shipments.
- Subsequent audits conducted as part of the ongoing supplier audit program may have a reduced scope focusing on the highest risk areas. In such cases the highest risk areas should be identified and justified.
- A list should be recorded of all active substances directly included in the audit scope plus other active substances or intermediates (or other products) manufactured at the site.
There should be a clear record of the products, the stages of manufacture and the buildings audited. If access was denied to any relevant areas of the site this should be recorded and explained. The list should clarify which of the active substances in the scope of the audit are manufactured in multi-purpose equipment or buildings as either final product or any of the intermediate stages.
- Dates of any previous audit conducted by or on behalf of the same manufacturing-authorisation holder should be recorded. If any of the audits did not conclude with a positive GMP compliance status, a brief summary of the reasons for this should be recorded.
- Each of the applicable sections of EU GMP part II should form sections of the report with a summary of what was examined, the key findings and compliance with the requirements of each section. The report should clearly state findings against each activity audited with particular focus on the high risk areas. Any GMP deficiency identified during the audit must be clearly recorded with its criticality defined. An explanation should be given, in the report or in a supporting standard operating procedure, of the categorisation system used to classify deficiencies, e.g. critical, major or minor.
- Responses to the audit by the active-substance manufacturer should be reviewed by the auditors. Corrective and preventative actions and timescales for completion should be assessed by the auditors to establish whether these are appropriate to the findings. Further clarification or evidence of completion should be requested, commensurate to the risk.
- A summary assessment of the status of corrective and preventive actions should be recorded by the auditors once these have been received and assessed. An overall recommendation should be made in the final report. The summary should include whether the auditor regards the actions as satisfactory. The responsible QP should ensure that he or she, or someone to whom it is delegated, is in agreement with the overall recommendation of the final report. The QP must not release the relevant medicinal products without knowledge of a positive recommendation from the auditors. This recommendation should include the GMP compliance status of the site and whether any reduced controls on materials receipt at the finished product manufacturing site are supported by the auditors.
- A proposed re-assessment period should be recommended.
- The final report should be signed and dated by, at least, the lead auditor.
- 10. How should active substance auditors be qualified? H + V May 2013
Auditors should have sufficient scientific, technical and other experience to enable them to perform an adequate and thorough audit of the active substance manufacturer, as related to the planned scope of the audit. Where a proposed auditor lacks an appropriate level of direct experience in the field of active substance manufacture, he or she should undergo a documented training and assessment programme in the areas that are relevant to the audit, taking into account the auditor’s anticipated role in the audit and the technologies that are likely to be encountered during the audit. Auditors must also be trained and assessed in their knowledge and understanding of EU GMP part II and in auditing techniques in general. The training and assessment should be fully documented.
The qualification and experience of contracted auditors are the same as the requirements for the manufacturing-authorisation holder’s own auditors.
- 11. What is the frequency for the routine re-inspection of an active substance manufacturer? H+V February 2015
Article 111 (1b) of Directive 2001/83/EC requires that Member States have a system of supervision including inspections at an appropriate frequency based on risk, at the premises of the manufacturers, importers, or distributors of active substances located on its territory.
In line with the document “Model for Risk Based Planning for Inspections of Pharmaceutical Manufacturers” available in the Compilation of Union Procedures, sterile and biological active substances are considered a relatively higher risk. Consequently, competent authorities may decide to submit these substances to a higher or a set inspection frequency.
EU GMP guide part II: Basic requirements for active substances used as starting materials: GMP compliance for active substances in investigational medicinal products (IMPs)
- 1. Are active substances used as starting materials in the production of IMPs subject to GMP? H July 2006
Directives 2001/82/EC and 2001/83/EC, as amended, include obligations for manufacturing-authorisation holders only to use active substances that have been manufactured in accordance with GMP. Provision is also made for inspections of active-substance manufacturers but only under certain specified circumstances.
IMPs are unaffected because the obligations of manufacturing-authorisation holders in this case are laid down in Directive 2005/28/EC, which does not contain corresponding requirements for active substances. Furthermore, this is made clear in the introduction to part II of the GMP guideline.
Part II of the GMP guideline does include a short section on new active substances to be used as starting materials for IMPs and these remain as recommendations with no mandatory force. Nevertheless, active substances used in the manufacture of marketed products are already required to comply with GMP irrespective as to whether they may also used in the manufacture of IMPs.
EU GMP guide annexes: Supplementary requirements: Annex 1: Manufacture of sterile medicinal products
- 1. How should the integrity of sterilising filters be verified? H+V June 2007
Annex 1, paragraph 85 states, 'the integrity of the sterilised filter should be verified before use and should be confirmed immediately after use by an appropriate method such as a bubble-point, diffusive-flow or pressure-hold test.'
The filter-sterilisation process may be physically stressful for the filter. For example, high temperatures during the process may cause the filter to distort, potentially leading to fluid pathways that allow the passage of particles greater than 0.2 µm in size. The performance of a filter can improve with use, as particles begin to block individual pathways and remove larger pathways that smaller particles could successfully navigate. For these reasons, filters should be tested both before use but after sterilisation and again after use.
Furthermore, testing should be performed in situ in order to verify the integrity of the filter complete with its housing.
- 2. What are the sampling requirements for sterility testing when a finished product batch of a terminally sterilised medicinal product is made up of more than one steriliser load? H+V October 2008
The sampling plan for sterility testing should take account of the definition of a batch as stated in the glossary of the GMP guideline together with the recommendations of annex 1 section 93 (section 127 in the February 2008 revision). Each steriliser load is considered to be an independent sub-batch. Consequently, one sterility test should be performed per sub-batch. The number of samples per steriliser load should conform to European Pharmacopoeia requirements, section 126.96.36.199.
Can there be any exceptions to this rule?
For large-volume parenterals where the sterilisation cycle has been qualified with an overkill level, an alternative sampling plan in accordance with a specific internal procedure agreed with the supervisory authority can be accepted (unless already specified in the marketing authorisation).
This procedure should state the need to sample from each steriliser load including the coolest location identified during the steriliser qualification. The number of samples per load should be defined based on a risk-based approach and the overall number of samples per batch should conform to European Pharmacopoeia requirements, section 188.8.131.52. An alternative option, which would require a variation to relevant existing marketing authorisations, would be to introduce a system of parametric release, thereby avoiding the need to carry out the sterility test.
- 3. What are the key changes in the 2008 revision of annex 1 of the EU GMP? H+V January 2010
The revision provides updated guidance on:
- classification of the environmental cleanliness of clean rooms;
- guidance on media simulations;
- guidance on capping of vials;
- bioburden monitoring prior to sterilisation.
- 4. The new revision to the annex includes a number of revised requirements. What steps are being taken by EU authorities to assure the consistent interpretation of the requirements of the revised annex by EU GMP inspectors during inspections? H+V January 2010
GMP inspectors from the EU have worked together with inspectors from Swissmedic to prepare harmonised guidance on the interpretation of the revised annex to be used during the inspection of manufacturers by their Inspectors. This document has subsequently been proposed and adopted as draft guidance by the Pharmaceutical Inspection Cooperation Scheme (PIC/S): GMP annex 1 revision 2008: Interpretation of most important changes for the manufacture of sterile medicinal products.
- 5. For an aseptically produced product, where should bioburden monitoring take place? H+V May 2013
According to the EU GMP guideline (annex 1), the bioburden should be monitored before sterilisation and testing should be performed on each batch.
For routine commercial manufacturing, bioburden testing should be performed on the bulk solution, immediately before its sterile filtration. If a presterilising filter is additionally installed, then sampling for bioburden testing may be performed prior to the prefiltration, provided that no holding time is scheduled for the solution between the two filtration steps.
- 6. What is the maximum acceptable bioburden level? H+V May 2013
The specification limits for bioburden should be NMT 10 CFU/100 ml, in line with the human and veterinary notes for guidance on manufacture of the finished dosage form (CPMP/QWP/486/95 and EMEA/CVMP/126/95).
When a prefilter is installed, unless otherwise justified, a bioburden limit of 10 CFUs/100 ml before first filtration is achievable in principle and is strongly recommended from a GMP point of view. Higher bioburden limits should not be justified by the high capacity of two consecutive bacteria retaining filters.
However, when appropriate justification is submitted (processes involving fermentation or other biological or herbal components, use of purified water for ophthalmic preparations, etc.), a bioburden limit of higher than 10 CFUs/100 ml before prefiltration may be acceptable. In such cases, it should be demonstrated that the first filter has the capability to achieve a bioburden prior to the last filtration of NMT 10 CFUs/100 ml, in line with the notes for guidance on manufacture of the finished dosage form (CPMP/QWP/486/95 and EMEA/CVMP/126/95).
EU GMP guide annexes: Supplementary requirements: Annex 6: Manufacture of medicinal gases
- 1. What is traceability? H+V July 2010
Traceability is the ability to retrieve the history of the manufacturing and distribution operations of a batch of a medicinal product.
The data recorded through the traceability system should allow efficient investigation in case an incident occurs and should allow recalls of (potentially) defective products.
In the case of packaged medicinal gases, the packaging components (shells and valves) are reusable. It is therefore necessary to record additional information, in particular in relation to the use and maintenance of these components.
- 2. Which items should be recorded in the case of medicinal gases filled into cylinders to enable traceability? H+V July 2010
Packaging components (shells and valves)
The cylinder is the combination of the shell and its valve.
For safety reasons, shells are individually identified (specific reference). Individual traceability is therefore possible. The date of the last hydrostatic pressure test (or equivalent test) should be recorded.
Shells may be fitted with simple valves (e.g. pin-index valves) or integrated valves. Integrated valves are individually identified (individual identification reference). Individual traceability is therefore possible. This is not the case for simple valves, which mostly have only a serial number corresponding to a group of valves.
The design of integrated valves, which are medical devices, is complex. These valves are also subject to periodic preventive maintenance operations. In terms of risk, more serious incidents have been reported with cylinders having this type of valve.
- in the case of simple valves, the type of valve should be recorded, as well as the name of the manufacturer and the serial number, if one is available;
- in the case of integrated valves, traceability should be ensured for each valve. Records should include in particular the type of integrated valve (including the version), the individual identification reference of the valve, the name of the manufacturer, the date of the last (or next) preventive maintenance and details of any preventive maintenance performed on the valve.
Shell and valve
Each shell-and-valve combination should be traceable.
The manufacturing batch records should include the individual identification references of the cylinders of each batch of finished product (see EU GMP guideline annex 6, section 17, (g) and (m)).
The distribution records should include the individual identification references of the cylinders delivered to each customer.
- 3. What means should be implemented to ensure traceability? H+V July 2010
In practice, depending on the scale of operation, it may be difficult to ensure effective traceability without a computerised system. Use of bar codes or electronic chips on the cylinders may facilitate this. Any computerised system used to ensure traceability should conform to the requirements of annex 11 of the EU GMP guideline.
- 4. What should be possible through the system of traceability? H+V July 2010
Should a manufacturer of a medicinal gas receive a serious complaint relating to the quality of the medicinal gas itself or the packaging components, the system in place should allow the identification of the affected cylinders and, where necessary, the recall of any affected cylinders from the market.
A defect relating to packaging components may require identification of specific cylinders within a finished product batch or identification of cylinders present in a number of finished product batches in order to establish the extent of any recall required.
For example, an effective traceability system should allow effective recalls of cylinders fitted with defective valves based on:
- specific type, version or manufacturer’s batch for the valves;
- maintenance and calibration operations for the valves during a specific time period.
EU GMP guide annexes: Supplementary requirements: Annex 8: Sampling of starting and packaging materials: Glycerol
- 1. What is the background regarding international incidents of glycerol contamination? H+V December 2007
There is a history of sporadic reports from around the world of supplies of glycerol contaminated with diethylene glycol (DEG) resulting in mortality and serious morbidity in patients receiving contaminated products.
In late 2006, DEG-contaminated glycerol in cough syrup was the cause of about 50 deaths in Panama. DEG-contaminated glycerol in paracetamol syrup was also attributed to at least 80 deaths in a similar incident in Haiti in 1995-1996. Other incidents have been reported in Argentina, Bangladesh, India and Nigeria and attributed to the deaths of hundreds of children. DEG was also responsible for a poisoning incident resulting in the death of 107 people in the United States in 1937, following ingestion of contaminated sulphanilamide elixir.
These incidents were related to both accidental cross-contamination of glycerol with industrial grade materials and, in some cases, to intentional substitution.
Recent cases show the following similarities:
- pharmaceutical manufacturers of products containing contaminated glycerol did not perform full identity testing or tests to determine DEG on the glycerol raw material;
- pharmaceutical manufacturers of contaminated products relied on certificates of analysis (COAs) provided by the supplier;
- the origin of glycerine was not apparent from the COA. The COA provided with the glycerol raw material may have been a copy of the original on a distributor letterhead. The supply chain for glycerol was not readily known by the medicinal-product manufacturer because the glycerol may have been sold several times between its manufacture and the medicinal-product manufacturer.
- 2. How is the EU patient protected from similar contamination occurring in EU products? H+V December 2007
EU GMP requires all manufacturing companies to confirm that all its raw materials are checked on receipt to confirm their identity and quality. Competent authorities expect product manufacturers to routinely ensure that incoming samples of glycerol are tested according to the European Pharmacopoeia monograph.
The European Pharmacopoeia monograph for glycerol includes a specific limit test for diethylene glycol (0.1%).
- 3. Annex 8 of the GMP provides for derogations from the requirement for identity testing of every container where there is a validated supply chain. Can I use this derogation for the glycerol I purchase? H+V December 2007
It is correct that annex 8 does provide for a relaxation of identity testing of every container, but it also states that this would not normally be possible if brokers or intermediates were involved in the chain of supply.
Glycerol is a commercial article that is widely used in the food and other industries. Generally speaking, the supply chain for glycerol tends to be complex and lengthy. The involvement of brokers is common in the supply chain.
- 4. What steps are expected of manufacturers based in the EU when purchasing glycerol or of manufacturers based in third countries supplying glycerol-containing medicines? H+V December 2007
When designing supplier-assurance and incoming-goods-control programmes, companies should consider glycerol a higher-risk material.
Companies should be able to exhibit a good knowledge of starting material supply chains and apply this knowledge and principles of quality risk management to their programmes for supply-chain management. Inspectors will look to ensure that the basis for qualification of the supply chain is demonstrably robust for higher-risk materials such as glycerol. It is expected that identity testing and the European Pharmacopoeia limit test for DEG will be performed on each container as a matter of routine.
- 5. The European Pharmacopoeia limit test for DEG involves a gas chromatographic method, which may be difficult to perform on a large number of containers. H+V December 2007
This point is acknowledged and currently, alternative tests are under consideration with a view to work up a possible change to the identity tests in the monograph. The European Pharmacopoeia DEG limit test remains the official method for confirmation of compliance with the monograph.
- 6. Are there any considerations applicable to the pharmaceutical assessment of marketing-authorisation applications? H+V July 2008
In application dossiers for new marketing authorisations (MAs), or in case of relevant variations for existing MAs (for example, replacement of an excipient with glycerol) for medicinal products containing glycerol, confirmation of the tests applied on receipt of batches of glycerol to control the risk from potential DEG contamination in relation to the specific intended use of the product should be provided. A test for DEG content should be conducted in addition to identity testing for glycerol. A suitable control for DEG is included in the European Pharmacopoeia monograph for glycerol.
Sufficient information regarding satisfactory control of this risk will be required in the dossier before approval of the MA application or variation.
For existing approved medicinal products, no variation application is required, except for those few specific types of variations referred to in the first paragraph. However, as a minimum, the specific European Pharmacopoeia control for DEG should be conducted along with the identity test at receipt of each batch of glycerol. The excipient is required to comply with the current European Pharmacopoeia glycerol monograph, and as the specification approved in the dossier will have been that of the European Pharmacopoeia, the risk of DEG contamination will have been appropriately controlled. Compliance with this requirement will be verified during GMP inspections.
- 7. My company manufactures products for external use. Does this guidance apply? H+V July 2008
Where a company manufactures products for external use, and when it has justified that the presence of DEG in these products poses a low risk, the omission of the test for DEG on each container may be accepted by the supervisory authority.
EU GMP guide annexes: Supplementary requirements: Annex 8: Sampling of starting and packaging materials: Use of near-infrared (NIR) technology for container-wise identity testing
- 1. The registered specifications of our starting materials include conventional or pharmacopoeial methods for the confirmation of identity but we wish to use NIR to perform identity testing on each container of starting materials used in the manufacture of parenteral products. Is the use of this alternative method acceptable?
Annex 8 of the GMP guideline states that the identity of a complete batch of starting materials can normally only be ensured if individual samples are taken from all the containers and an identity test performed on each sample. It is permissible to sample only a proportion of the containers where a validated procedure has been established to ensure that no single container of starting material has been incorrectly labeled. However, the annex goes on to say that it is improbable that a procedure could be satisfactorily validated for starting materials for use in parenteral products.
Unless variations are submitted for all affected products, the registered method for confirming identity should be performed. However, there is no restriction on the performance of additional testing and the use of NIR to confirm container-wise confirmation of identity can provide useful information. Under these circumstances, the requirements of the marketing authorisation will be deemed to have been met by carrying out the registered method for confirmation of identity on a statistically representative composite sample when this is supplemented with NIR analysis of every container.
The NIR method should be validated in line with the recommendations of the draft guideline on the use of near infrared spectroscopy by the pharmaceutical industry and the data requirements for new submissions and variations.
EU GMP guide annexes: Supplementary requirements: Annex 11: Computerised systems
- 1. Appropriate controls for electronic documents such as templates should be implemented. Are there any specific requirements for templates of spreadsheets? H+V February 2011
Templates of spreadsheets help to avoid erroneous calculations from data remaining from previous calculations. They should be suitably checked for accuracy and reliability (annex 11 p7.1). They should be stored in a manner which ensures appropriate version control (chapter 4 p4.1).
- 2. What type of accuracy checks (annex 11 p 6) are expected for the use of spreadsheets? H+V February 2011
Data integrity should be ensured by suitably implemented and risk-assessed controls. The calculations and the files should be secured in such a way that formulations are not accidentally overwritten. Accidental input of an inappropriate data type should be prevented or result in an error message (e.g. text in a numeric field or a decimal format into an integer field). So-called 'boundary checks' are encouraged.
- 3. Are there any specific considerations for the validation of spreadsheets? H+V February 2011
Validation according to paragraph 4 of annex 11 is required at least for spreadsheets that contain custom code (e.g. Visual Basic for applications). Formulas or other types of algorithm should be verified for correctness.
- 4. What measures are required to ensure data security of databases? H+V February 2011
Data security includes integrity, reliability and availability of data. During validation of a database-based or inclusive system, consideration should be given to:
- implementing procedures and mechanisms to ensure data security and keeping the meaning and logical arrangement of data;
- load-testing, taking into account future growth of the database and tools to monitor the saturation of the database;
- precautions for necessary migration of data (annex 11 p17) at the end of the life-cycle of the system.
- 5. At which phases of the system life-cycle is risk management recommended? H+V February 2011
Risk management should be applied throughout the whole life-cycle. A first risk assessment should be performed to determine the GMP criticality of the system, i.e. does the system have an impact on patient safety, product quality or data integrity? User-requirement specifications are usually developed with consideration of potential risks and form the basis for the first formal risk assessment.
Complex systems should be evaluated in further more detailed risk assessments to determine critical functions. This will help ensure that validation activities cover all critical functions.
Risk management includes the implementation of appropriate controls and their verification.
- 6. Are user requirements needed as part of the retrospective validation of legacy systems? H+V February 2011
The way to check whether a computerised system is fit for its intended purpose is to define user requirements and perform a gap analysis to determine the validation effort for retrospective validation. These user requirements should be verified.
- 7. When do I have to revalidate computerised systems? H+V February 2011
Computerised systems should be reviewed periodically to confirm that they remain in a validated state. Periodic evaluation should include, where applicable, the current range of functionality, deviation records, change records, upgrade history, performance, reliability and security. The time period for revaluation and revalidation should be based on the criticality of the system.
- 8. What are the requirements for storage time of electronic data and documents? H+V February 2011
The requirements for storage of electronically data and documents do not differ from paper documents. It should be ensured that electronic signatures applied to electronic records are valid for the entire storage period for documents.
- 9. What are the relevant validation efforts for small devices? H+V February 2011
Small devices are usually off-the-shelf pieces of equipment that is widely used. In these cases, the development life-cycle is mainly controlled by the vendor. The pharmaceutical customer should therefore reasonably assess the vendor’s capability of developing software according to common standards of quality.
A vendor assessment needs to be performed and the application needs to be verified against the requirements for the intended use. From the perspective of the regulated industry, the implementation of such a device is driven by an implementation life-cycle. At minimum the following items need to be addressed:
- requirement definition for the intended use including process limitations. This should also include a statement indicating whether data are stored or transferred to another system. As per the definition of a small device, data are not stored permanently but temporarily and are not to be modified by a user. Therefore, limited user access handling is acceptable. It needs to be ensured that parameter data influencing the device's behaviour may not be altered without suitable permission;
- risk assessment, taking into consideration the intended use and the risk to patients for associated with the process supported by the small device;
- vendor assessment;
- list of available documentation from the vendor, especially those describing the methodology used and the calculation algorithm, if applicable. A vendor certificate or equivalent detailing the testing performed by the vendor may also be included;
- calibration certificate, if applicable;
- validation plan according to the risk-assessment results;
- verification testing proving that the device fulfills the requirements for the intended use. It may be equivalent to a PQ-phase.
Small manufacturing devices are sometimes only equipped with microprocessors and firmware and are not capable of high-level administration functions. Moreover, data is often transient in nature in these devices. Due to the latter there is no risk of inadvertently modifying data. An audit trail is therefore not necessary and user access may be limited to those functions of parameter control.
- 10. What alternative controls are accepted in case a system is not capable to generate printouts indicating if any of the data has been changed since the original entry? H+V February 2011
As long as this functionality is not supported by the supplier, it may be acceptable to describe in a procedure the fact that a print-out of the related audit trail report must be generated and linked manually to the record supporting batch release.
EU GMP guide annexes: Supplementary requirements: Annex 13
- 1. At what point of processing or incorporation would an active substance be considered a product intermediate and therefore an IMP? H June 2007
Commission Directive 2001/20/EC defines an IMP as 'a pharmaceutical form of an active substance or placebo being tested or used as a reference in a clinical trial, including products already with a marketing authorisation but used or assembled (formulated or packaged) in a way different from the authorised form, or when used for an unauthorised indication, or when used to gain further information about the authorised form.'
An active substance would be considered an IMP if presented in a packaged form for use in a clinical trial. Any such packaging operation could only be carried out by a site holding an IMP manufacturing authorisation.
Any form of mixing or processing the active substance with other substances would also result in the need for a manufacturing authorisation for IMPs if the resulting product is to be used in a clinical trial.
Physical processing such as milling of an active pharmaceutical ingredient would not constitute IMP manufacturing.
The above does not refer to reconstitution. Separate guidance on this subject is under development.
- 2. How can the QP of a site assure compliance with the requirements of the clinical-trial application in situations where a QP may be required to certify a batch before the application is submitted to, or accepted by, the competent authority? H June 2007
The QP of a site that is manufacturing a drug product intermediate should assure that the product is produced and controlled in compliance with the EU GMP guideline, in particular the requirements of annex 13.
A product specification file should be developed with contributions from the QPs and other technical personnel of the sites involved with the other manufacturing activities of the IMP. The sponsor of the clinical trial should also be involved in this process. While this may be in a rudimentary form and contain little detail, it should be developed as knowledge of the product evolves and include specifications for critical parameters and controls. The product specification file should be updated and evolve in line with the product development as envisaged in annex 13.
The development of the product specification file should be managed under a technical agreement or a number of technical agreements between the various manufacturing sites. These should include the QP responsible for the final certification of the product and the sponsor, if the sponsor has already been appointed. In any event, final release of the product to trial sites should take place only when the sponsor has established that the product has been manufactured in compliance with the terms of the approved clinical-trial application (as required by annex 13.44). This is defined in annexes 13.40 and 13.44: 'The sponsor should ensure that the elements taken into account by the QP when certifying are consistent with the information notified pursuant to Article 9(2) of Directive 2001/20/EC.'
- 3. Is it possible to perform packaging or labelling at the investigator site? H September 2007
This is normally possible only if a manufacturing authorisation has been granted to the site by the national competent authority.
According to Article 9(1) of Directive 2005/28/EC, the “authorisation, as provided for in Article 13(1) of Directive 2001/20/EC, shall be required for both total and partial manufacture of IMPs, and for the various processes of dividing up, packaging or presentation.”
However, an exemption to this obligation is foreseen in Article 9(2) of Directive 2005/28/EC: 'Authorisation, as provided for in Article 13(1) of Directive 2001/20/EC, shall not be required for reconstitution prior to use or packaging, where those processes are carried out in hospitals, health centres or clinics, by pharmacists or other persons legally authorised in the Member States to carry out such processes and if the IMPs are intended to be used exclusively in those institutions.' In addition, reference should be made to section 33 of annex 13 in respect of any re-labelling to extend shelf life.
- 4. Who is responsible for the packaging or labelling activities carried out at the investigator site? H September 2007
The sponsor has the ultimate responsibility for all trial activities performed at the investigator site, but should seek the advice of the QP of the IMP manufacturer, if possible, or the clinical-trials pharmacist at the investigator site regarding:
- adequacy of premises and equipment (storage conditions etc.);
- adequacy of written standard operating procedures;
- training of personnel involved, both on GMP requirements and any protocol specific requirements for the IMPs;
- written instructions to perform activities;
- forms to document the activities carried out;
- checks to be done;
- the keeping of retention samples;
- 5. Who is responsible for the transport and storage conditions when an IMP is transported from the manufacturer to the distributor or investigator sites? H May 2009
The sponsor should exercise control over the entire chain of distribution of IMPs, from manufacture or importation into the EEA, through to supply to the investigator sites, so as to guarantee that IMPs are stored, transported, and handled in a suitable manner.
When an IMP originates from a third country, the importer is responsible for verifying that the transportation and storage conditions for the product are suitable. For products originating within the EEA, the manufacturer is responsible for transportation and storage conditions. The respective responsibilities of the sponsor, manufacturer, importer and, where used, distributor should be defined in a technical agreement.
- 6. What measures should be taken to ensure that the IMPs are kept under suitable conditions during transportation between the manufacturer or distributor and the investigator sites? H May 2009
Storage conditions during transportation should be validated or monitored using a suitable temperature-measuring device that is capable of showing fluctuations in temperature e.g. Temperature Logger. The choice of method of transport should be influenced by the nature and sensitivity of the product and should ensure timely delivery of IMPs to the investigator sites.
The outer packaging should be labelled showing the final destination, the name of manufacturer or sponsor and the storage conditions required.
- 7. What measures should be taken to ensure that IMPs are kept under suitable conditions during storage at the investigator sites? H May 2009
IMPs should be packaged to prevent contamination and unacceptable deterioration during storage. The sponsor should determine acceptable storage temperatures and any other required storage conditions for the IMPs (e.g. protection from light).
The sponsor should ensure that all involved parties (e.g. monitors, investigators, pharmacists, storage managers) are aware of these conditions and the actions to be taken in the event that the conditions are not met.
Where appropriate, there should be a restricted area for the storage of IMPs. The temperature of the areas and equipment used for the storage should be monitored using suitable means, such as a temperature recorder or, as a minimum, a record of the maximum and minimum temperatures, at a suitable frequency (for example, daily).
- 8. What written procedures should be in place at the investigator site regarding IMPs? H May 2009
The sponsor should ensure that written procedures include instructions that the investigator or institution should follow for the handling and storage of IMPs. The procedures should address adequate and safe receipt, handling, storage, where relevant any reconstitution process to be carried out before administration, retrieval of unused product from subjects, and return of unused IMPs to the sponsor (or alternative disposal, if authorised by the sponsor and in compliance with the applicable regulatory requirements).
Procedures should also give instructions on the actions to be taken when defined conditions are not met.
- 9. What records must be kept at the investigator site regarding the abovementioned procedures? H May 2009
The sponsor should ensure that the documents listed in chapter 8, 'essential documents for the conduct of a clinical trial' of the guideline for good clinical practice are maintained and accessible to those parties authorised to review them.
EU GMP guide annexes: Supplementary requirements: Annex 16
- 1. Can a site have more than one QP performing certification of batches?
EU legislation requires a manufacturer to have at least one QP at its disposal but a site may have more than one QP who may certify batches on behalf of the manufacturer.
- 2. Can there be more than one QP involved in the certification of a given batch?
Annex 16 of the EU GMP guideline gives guidance in relation to situations where different stages of manufacture of a batch take place at different manufacturing sites.
In such cases, the overall responsibility for correct manufacture of the batch lies with the QP performing final certification of the batch before release for sale. It is also possible that, at a single manufacturing site, different QPs could be responsible for certification of different stages of manufacture of the batch. However, as before, the QP performing final certification before release holds overall responsibility for manufacture of the batch in accordance with GMP and the marketing authorisation.
EU GMP guide annexes: Supplementary requirements: Annex 19: Reference and retention samples (Updated)
- 1. Is it necessary to retain a sufficient number of samples of each batch of a sterile medicinal product in order to carry out a sterility test on two separate occasions? H+V October 2008
For retention purposes, it is not necessary to keep the full number of samples required in table 184.108.40.206 of the European Pharmacopoeia sterility test monograph to repeat the sterility test performed for release purposes, but only a sufficient quantity to allow the carrying out, on two occasions, of a confirmatory test using the minimum quantities described in table 220.127.116.11 of the monograph.
- 2. In which cases does the exemption for a fully packaged unit as retention sample apply as referred to in section 2.1 of EU GMP Part I, annex 19: “There may be exceptional circumstances where this requirement can be met without retention of duplicate samples e.g. where small amounts of a batch are packaged for different markets or in the production of very expensive medicinal products”? H+V December 2013
Firstly, the supervisory authority should grant such an exemption upon request from the manufacturer. The relevant authority may agree to this when one or more of the following criteria are met:
- A batch size of less than 50 units;
- High value/low volume medicinal products and the high value price of the medicinal product as determined by each individual competent authority;
- Large size of one packaged unit e.g. some veterinary pre-mixes or hospital packages.
Parallel imported/distributed medicinal products will not be granted an exemption from keeping a fully packaged unit if the products have been re-packaged.This is because the exemption refers to “duplicate samples”, and in these cases no reference sample is required to be kept by the parallel distributor/importer.
On the other hand, where the secondary packaging of the source product is not opened by the parallel importer/distributor only samples of the additional packaging material used needs to be retained.
- 3. In those cases where the supervisory authority agrees that the criteria mentioned in the answer to question 1 are met, what should be retained instead of a fully packaged unit? H+V December 2013
The original batch specific primary packaging material with print/imprint, if any, all the original batch specific secondary packaging materials e.g. labels and leaflets with print/imprint including Braille, and dosing aids, if any, must be kept.
The use of photocopies of the fully packaged unit to replace the retention sample are not acceptable as some details e.g. braille and holograms may not show correctly.
- 4. Do different requirements for reference and retention samples apply for some medicinal products? H+V December 2013
The requirements pertaining to retention samples for investigational medicinal products are covered in annex 13. There may be specific national requirements for compassionate use medicinal products, extemporary produced pharmacy products etc.
- 1. What are the differences between EU and World Health Organization (WHO) requirements for GMP? H July 2006
EU GMP principles and guidelines are laid down in Directive 2003/94/EC (human medicines) and Directive 91/412/EEC (veterinary products). These principles and guidelines are subject to further detailed guidance in the form of the EU GMP guideline with its annexes.
WHO publishes its own GMP guidance documents.
Although EU and WHO GMP guidance documents do differ in some details, the main principles remain the same. EU requirements fulfil all the recommendations of WHO.
- 1. What is a GMP certificate and what is the difference between GMP certificates, certificates of medicinal product (CMPs, also called certificates of pharmaceutical products, CPPs) and certificates of suitability to the monographs of the European Pharmacopoeia (CEPs)? H+V July 2006
A GMP certificate is a certificate issued following a GMP inspection, by the competent authority responsible for carrying out the inspection, to confirm the GMP compliance status of the inspected site.
GMP certificates are site-specific, but can be restricted to particular activities depending on the scope of the inspection (e.g., manufacturing activities related to a specific product). Directives 2001/82/EC and 2001/83/EC, as amended state that after every GMP inspection, and within 90 days of the inspection, a GMP certificate shall be issued to a manufacturer, if the outcome of the inspection shows that the manufacturer complies with GMP.
CMPs are product-specific certificates issued by the competent authority that granted the marketing authorisation. The European Medicines Agency issues CMPs on behalf of the European Commission for centrally authorised products.
CMPs are issued in the context of the World Health Organization certification scheme on the quality of pharmaceutical products moving in international commerce, to confirm the marketing-authorisation status of the products. These certificates also confirm the GMP compliance status of the manufacturing sites. CMPs are mainly used by companies to support applications to export their pharmaceutical products to countries with less-developed regulatory systems.
CEPs are certificates issued by the European Directorate for the Quality of Medicines and Healthcare (EDQM) to confirm that a certain active substance is produced according to the requirements of the relevant monograph of the European Pharmacopoeia or of the monograph on transmission spongiform encephalopathies.
CEPs can be used by companies when submitting an application for marketing authorisation, and replace much of the documentation required for the active substance in the marketing-authorisation dossier. GMP inspections of active-substance manufacturers can be requested by EDQM in the context of the CEP certification scheme.
- 2. Does the Agency issue GMP certificates? H+V July 2006
No, the competent authority responsible for carrying out the inspection issues the GMP certificate, or makes an entry of non-compliance into the EudraGMP database.
- 3. Which EU and EEA authorities conduct mutually recognised inspections and issue GMP certificates? H+V November 2011
All EU and EEA national competent authorities conducting inspections are obliged to enter GMP certificates in the EudraGMP database. Hence, any GMP certificate appearing in the database is mutually recognised and the database authenticates the certificate.
If a certificate cannot be found in the database, the issuing authority should be contacted.
- 1. Does the Agency perform GMP inspections? H+V July 2006
The Agency does not perform inspections. They are carried out on its behalf by the national competent authorities of the member states of the EEA, in connection with products under the centralised marketing-authorisation procedure.
- 2. If a site in a third country has plans to export products to the EEA, is it possible to apply for a GMP inspection on a voluntary basis? H+V July 2006
Normally, the need for inspection under these circumstances is triggered by an application for a marketing authorisation. It may be possible to request an inspection on a voluntary basis, but as the competent authorities will have other priorities, there is no guarantee that such a request will be met.
To explore this possibility, the authorities of the Member State into which the product will be imported into the EEA should be approached. In any case, applicants are encouraged to approach the relevant authority in advance of submission in order to facilitate third-country inspection planning.
- 3. When a new application is submitted in the EEA and a GMP inspection is deemed necessary, which competent authority carries out the inspection? H+V July 2006
If the site is located in the EEA, the competent authority of the Member State where the site is located carries out the inspection.
For sites located in countries outside the EEA, the responsible authority for inspection (the 'supervisory authority') is the authority in whose territory the importing site is located. If the supervisory authority is not able to carry out the inspection for any reason, it can be delegated to another EEA competent authority.
If there is a mutual recognition agreement (MRA) in place between the countries where the site is located and the European Community, the results of GMP inspections carried out by the MRA partner authority are normally recognised by the EU authorities.
Data integrity (NEW August 2016)
- Data integrity
Data integrity enables good decision-making by pharmaceutical manufacturers and regulatory authorities.It is a fundamental requirement of the pharmaceutical quality system described in EU GMP chapter 1, applying equally to manual (paper) and electronic systems.
Promotion of a quality culture together with implementation of organisational and technical measures which ensure data integrity is the responsibility of senior management. It requires participation and commitment by staff at all levels within the company, by the company’s suppliers and by its distributors.
Senior management should ensure that data integrity risk is assessed, mitigated and communicated in accordance with the principles of quality risk management. The effort and resource assigned to data integrity measures should be commensurate with the risk to product quality, and balanced with other quality assurance resource demands. Where long term measures are identified in order to achieve the desired state of control, interim measures should be implemented to mitigate risk, and should be monitored for effectiveness.
The following questions and answers describe foundational principles which facilitate successful implementation of existing guidance published by regulatory authorities participating in the PIC/S scheme. It should be read in conjunction with national guidance, medicines legislation and the GMP standards published in Eudralex volume 4.
The importance of data integrity to quality assurance and public health protection should be included in personnel training programmes.
- 1. How can data risk be assessed?
Data risk assessment should consider the vulnerability of data to involuntary or deliberate amendment, deletion or recreation. Control measures which prevent unauthorised activity and increase visibility / detectability can be used as risk mitigating actions.
Examples of factors which can increase risk of data integrity failure include complex, inconsistent processes with open-ended and subjective outcomes. Simple tasks which are consistent, well-defined and objective lead to reduced risk.
Risk assessment should include a business process focus (e.g. production, QC) and not just consider IT system functionality or complexity. Factors to consider include:
- Process complexity
- Process consistency, degree of automation /human interface
- Subjectivity of outcome / result
- Is the process open-ended or well defined
This ensures that manual interfaces with IT systems are considered in the risk assessment process. Computerised system validation in isolation may not result in low data integrity risk, in particular when the user is able to influence the reporting of data from the validated system.
- 2. How can data criticality be assessed?
The decision which data influences may differ in importance, and the impact of the data to a decision may also vary. Points to consider regarding data criticality include:
- What decision does the data influence?
For example: when making a batch release decision, data which determines compliance with critical quality attributes is of greater importance than warehouse cleaning records.
- What is the impact of the data to product quality or safety?
For example: for an oral tablet, active substance assay data is of greater impact to product quality and safety than tablet dimensions’ data.
- 3. What does ‘Data Lifecycle’ refer to?
‘Data lifecycle’ refers to how data is generated, processed, reported, checked, used for decision-making, stored and finally discarded at the end of the retention period.
Data relating to a product or process may cross various boundaries within the lifecycle, for example:
- IT systems
- Quality system applications
- Stock management systems
- Data storage (back-up and archival)
- Internal (e.g. between production, QC and QA)
- External (e.g. between contract givers and acceptors)
- Cloud-based applications and storage
- IT systems
- 4. Why is ‘Data lifecycle’ management important to ensure effective data integrity measures?
Data integrity can be affected at any stage in the lifecycle. It is therefore important to understand the lifecycle elements for each type of data or record, and ensure controls which are proportionate to data criticality and risk at all stages.
- 5. What should be considered when reviewing the ‘Data lifecycle’?
The ‘Data lifecycle’ refers to the:
- Generation and recording of data
- Processing into usable information
- Checking the completeness and accuracy of reported data and processed information
- Data (or results) are used to make a decision
- Retaining and retrieval of data which protects it from loss or unauthorised amendment
- Retiring or disposal of data in a controlled manner at the end of its life
‘Data Lifecycle’ reviews are applicable to both paper and electronic records, although control measures may be applied differently. In the case of computerised systems, the ’data lifecycle’ review should be performed by business process owners (e.g. production, QC) in collaboration with IT personnel who understand the system architecture. The description of computerised systems required by EU GMP Annex 11 paragraph 4.3 can assist this review. The application of critical thinking skills is important to not only identify gaps in data governance, but to also challenge the effectiveness of the procedural and systematic controls in place.
Segregation of duties between data lifecycle stages provides safeguards against data integrity failure by reducing the opportunity for an individual to alter, mis-represent or falsify data without detection.
Data risk should be considered at each stage of the data lifecycle review.
- 6. ‘Data lifecycle’: What risks should be considered when assessing the generating and recording of data?
The following aspects should be considered when determining risk and control measures:
- How and where is original data created (i.e. paper or electronic)
- What metadata is associated with the data, to ensure a complete, accurate and traceable record, taking into account ALCOA principles. Does the record permit the reconstruction of the activity
- Where is the data and metadata located
- Does the system require that data is saved to permanent memory at the time of recording, or is it held in a temporary buffer
In the case of some computerised analytical and manufacturing equipment, data may be stored as a temporary local file prior to transfer to a permanent storage location (e.g. server). During the period of ‘temporary’ storage, there is often limited audit trail provision amending, deleting or recreating data. This is a data integrity risk. Removing the use of temporary memory (or reducing the time period that data is stored in temporary memory) reduces the risk of undetected data manipulation.
- Is it possible to recreate, amend or delete original data and metadata;
Controls over paper records are discussed elsewhere in this guidance.
Computerised system controls may be more complex, including setting of user privileges and system configuration to limit or prevent access to amend data. It is important to review all data access opportunities, including IT helpdesk staff, who may make changes at the request of the data user. These changes should be procedurally controlled, visible and approved within the quality system.
- How data is transferred to other locations or systems for processing or storage;
Data should be protected from possibility of intentional or unintentional loss or amendment during transfer to other systems (e.g. for processing, review or storage). Paper records should be protected from amendment, or substitution. Electronic interfaces should be validated to demonstrate security and no corruption of data, particularly where systems require an interface to present data in a different structure or file format.
Does the person processing the data have the ability to influence what data is reported, or how it is presented.
- 7. ‘Data lifecycle’: What risks should be considered when assessing the processing data into usable information?
The following aspects should be considered when determining risk and control measures:
- How is data processed;
Data processing methods should be approved, identifiable and version controlled. In the case of electronic data processing, methods should be locked where appropriate to prevent unauthorised amendment.
- How is data processing recorded;
The processing method should be recorded. In situations where raw data has been processed more than once, each iteration (including method and result) should be available to the data checker for verification.
- Does the person processing the data have the ability to influence what data is reported, or how it is presented;
Even ‘validated systems’ which do not permit the user to make any changes to data may be at risk if the user can choose what data is printed, reported or transferred for processing. This includes performing the activity multiple times as separate events and reporting a desired outcome from one of these repeats.
Data presentation (e.g. changing scale of graphical reports to enhance or reduce presentation of analytical peaks) can also influence decision making, and therefore impact data integrity.
- 8. ‘Data lifecycle’: What risks should be considered when checking the completeness and accuracy of reported data and processed information?
The following aspects should be considered when determining risk and control measures:
- Is original data (including the original data format) available for checking;
The format of the original data (electronic or paper) should be preserved, and available to the data reviewer in a manner which permits interaction with the data (e.g. search, query). This approach facilitates a risk-based review of the record, and can also reduce administrative burden for instance utilising validated audit trail ‘exception reports’ instead of an onerous line-by-line review.
- Are there any periods of time when data is not audit trailed;
This may present opportunity for data amendment which is not subsequently visible to the data reviewer. Additional control measures should be implemented to reduce risk of undisclosed data manipulation.
- Does the data reviewer have visibility and access to all data generated;
This should include any data from failed or aborted activities, discrepant or unusual data which has been excluded from processing or the final decision-making process. Visibility of all data provides protection against selective data reporting or ‘testing into compliance’.
- Does the data reviewer have visibility and access to all processing of data;
This ensures that the final result obtained from raw data is based on good science, and that any data exclusion or changes to processing method is based on good science. Visibility of all processing information provides protection against undisclosed ‘processing into compliance’.
- 9. ‘Data lifecycle’: What risks should be considered when data (or results) are used to make a decision?
The following aspects should be considered when determining risk and control measures:
- When is the pass / fail decision taken;
If data acceptability decisions are taken before a record (raw data or processed result) is saved to permanent memory, there may be opportunity for the user to manipulate data to provide a satisfactory result, without this change being visible in audit trail. This would not be visible to the data reviewer.
This is a particular consideration where computerised systems alert the user to an out of specification entry before the data entry process is complete (i.e. the user ‘saves’ the data entry), or saves the record in temporary memory.
- 10. ‘Data lifecycle’: What risks should be considered when retaining and retrieving data to protect it from loss or unauthorised amendment?
The following aspects should be considered when determining risk and control measures:
- How / where is data stored;
Storage of data (paper or electronic) should be at secure locations, with access limited to authorised persons. The storage location must provide adequate protection from damage due to water, fire, etc.
- What are the measures protecting against loss or unauthorised amendment;
Data security measures should be at least equivalent to those applied during the earlier Data lifecycle stages. Retrospective data amendment (e.g. via IT helpdesk or data base amendments) should be controlled by the pharmaceutical quality system, with appropriate segregation of duties and approval processes.
- Is data backed up in a manner permitting reconstruction of the activity;
Back-up arrangements should be validated to demonstrate the ability to restore data following IT system failure. In situations where metadata (including relevant operating system event logs) are stored in different file locations from raw data, the back-up process should be carefully designed to ensure that all data required to reconstruct a record is included.
Similarly, ‘true copies’ of paper records may be duplicated on paper, microfilm, or electronically, and stored in a separate location.
- What are ownership / retrieval arrangements, particularly considering outsourced activities or data storage;
A technical agreement should be in place which addresses the requirements of Part I Chapter 7 and Part II Section 16 of the GMP guide.
- 11. ‘Data lifecycle’: What risks should be considered when retiring or disposal of data in a controlled manner at the end of its life?
The following aspects should be considered when determining risk and control measures:
- The data retention period
This will be influenced by regulatory requirements and data criticality. When considering data for a single product, there may be different data retention needs for pivotal trial data and manufacturing process / analytical validation data compared to routine commercial batch data.
- How data disposal is authorised
Any disposal of data should be approved within the quality system and be performed in accordance with a procedure to ensure compliance with the required data retention period.
- 12. Is it required by the EU GMP to implement a specific procedure for data integrity?
There is no requirement for a specific procedure, however it may be beneficial to provide a summary document which outlines the organisations total approach to data governance.
A compliant pharmaceutical quality system generates and assesses a significant amount of data. While all data has an overall influence on GMP compliance, different data will have different levels of impact to product quality.
A quality-risk management (ICH Q9) approach to data integrity can be achieved by considering data risk and data criticality at each stage in the Data lifecycle. The effort applied to control measures should be commensurate with this data risk and criticality assessment.
The approach to risk identification, mitigation, review and communication should be iterative, and integrated into the pharmaceutical quality system. This should provide senior management supervision and permit a balance between data integrity and general GMP priorities in line with the principles of ICH Q9 & Q10.
- 13. How are the data integrity expectations (ALCOA) for the pharmaceutical industry prescribed in the existing EU GMP relating to active substances and dosage forms published in Eudralex volume 4?
The main regulatory expectation for data integrity is to comply with the requirement of ALCOA principles. The table below provide for each ALCOA principle the link to EU GMP references (Part I, Part II and Annex 11):
Basic Requirements for Medicinal Products
Chapter 4(1) / Chapter 6(2)
Basic Requirements for Active Substances used as Starting Materials (Part II) :
Chapter 6(3) / Chapter 5(4)
Annex 11 (Computerised System)
Attributable (data can be assigned to the individual performing the task)
[4.20, c & f], [4.21, c & i],
[6.14], [6.18], [6.52]
, [12.4], 
Legible (data can be read by eye or electronically and retained in a permanent format)
[4.1], [4.2], [4.7], [4.8], [4.9], [4.10]
[5.43] [6.11], [6.14], [6.15], [6.50]
[7.1], , , 
Contemporaneous (data is created at the time the activity is performed)
Original (data is in the same format as it was initially generated, or as a ‘verified copy’, which retains content and meaning)
[6.14], [6.15], [6.16]
Accurate (data is true / reflective of the activity or measurement performed)
[5.40], [5.45], [6.6]
[Paragraph "Principles"],, , , 1Chapter 4 (Part I): Documentation2Chapter 6 (Part I): Quality Control3Chapter 5 (Part II): Process equipment (Computerized system)4Chapter 6 (Part II): Process equipment
- 14. How should the company design and control their paper documentation system to prevent the unauthorised re-creation of GMP data?
The template (blank) forms used for manual recordings may be created in an electronic system (Word, Excel, etc.). The corresponding master documents should be approved and controlled electronically or in paper versions. The following expectations should be considered for the template (blank) form:
- have a unique reference number (including version number) and include reference to corresponding SOP number
- should be stored in a manner which ensures appropriate version control
- if signed electronically, should use a secure e-signature
The distribution of template records (e.g. ‘blank’ forms) should be controlled. The following expectations should be considered where appropriate, based on data risk and criticality:
- enable traceability for issuance of the blank form by using a bound logbook with numbered pages or other appropriate system. For loose leaf template forms, the distribution date, a sequential issuing number, the number of the copies distributed, the department name where the blank forms are distributed, etc. should be known
- Distributed copies should be designed to avoid photocoping either by using a secure stamp, or by the use of paper colour code not available in the working areas or another appropriate system.
- 15. What controls should be in place to ensure original electronic data is preserved?
Computerised systems should be designed in a way that ensures compliance with the principles of data integrity. The system design should make provisions such that original data cannot be deleted and for the retention of audit trails reflecting changes made to original data.
- 16. Why is it important to review electronic data?
In the case of data generated from an electronic system, electronic data is the original record which must be reviewed and evaluated prior to making batch release decisions and other decisions relating to GMP related activities (e.g. approval of stability results, analytical method validation etc.). In the event that the review is based solely on printouts there is potential for records to be excluded from the review process which may contain un-investigated out of specification data or other data anomalies. The review of the raw electronic data should mitigate risk and enable detection of data deletion, amendment, duplication, reusing and fabrication which are common data integrity failures.
Example of an inspection citing:
Raw data for HPLC/GC runs which had been invalidated was stored separately to the QC raw data packages and had not been included in the review process.
In the above situation, the procedure for review of chromatographic data packages did not require a review of the electronic raw data or a review of relevant audit trails associated with the analyses. This lead to the exclusion of records from the review process and to lack of visibility of changes made during the processing and reporting of the data. The company was unable to provide any explanation for the data which had been invalidated.
- 17. Is a risk-based review of electronic data acceptable?
Yes. The principles of quality risk management may be applied during the review of electronic data and review by exception is permitted, when scientifically justified.
Exception Reporting is used commonly as a tool to focus the review of electronic data such as (but not limited to) electronic batch records. Exception reporting rapidly highlights to the reviewer one of the most critical elements of batch review, i.e. the exceptions. The level of review of the full electronic batch record can vary based on the exceptions as well as the level of confidence and experience with a particular process. Appropriate testing and validation must be completed for the automated system and the output Batch Exception Report to ensure its functionality meets the business and regulatory requirements as per GMP.
- 18. What are the expectations for the self-inspection program related to data integrity?
Ongoing compliance with the company’s data governance policy/procedures should be reviewed during self-inspection, to ensure that they remain effective. This may also include elements of the Data lifecycle discussed in Q3-Q9.
- 19. What are my company’s responsibilities relating to data integrity for GMP activities contracted out to another company?
Data integrity requirements should be incorporated into the company’s contractor/vendor qualification/assurance program and associated procedures.
In addition to having their own data governance systems, companies outsourcing activities should verify the adequacy of comparable systems at the contract acceptor. The contract acceptor should apply equivalent levels of control to those applied by the contract giver.
Formal assessment of the contract acceptors competency and compliance in this regard should be conducted in the first instance prior to the approval of a contractor, and thereafter verified on a periodic basis at an appropriate frequency based on risk.
- 20. How can a recipient (contract giver) build confidence in the validity of documents such as Certificate of Analysis (CoA) provided by a supplier (contract acceptor)?
The recipient should have knowledge of the systems and procedures implemented at the supplier for the generation of the CoA. Arrangements should be in place to ensure that significant changes to systems are notified and the effectiveness of these arrangements should be subjected to periodic review.
Data related to activities which are outsourced are routinely provided as summary data in a report format (e.g. CoA). These summary documents are reviewed on a routine basis by the contract acceptor and therefore the review of data integrity at the contract acceptor site on a regular periodic basis (e.g. during on-site audit) takes on even greater significance, in order to build and maintain confidence in the summary data provided.
- 21. What are the expectations in relation to contract calibration service providers who conduct calibrations on-site and/or off-site? Are audits of these companies premises required?
Using the principles of QRM to assess data criticality and risk, the company should include assessment of data governance systems implemented by the service provider when making decisions on service contracts. This may be achieved by on-site audit or desk-based assessment of information submitted by the service provider.
- 22. What is expected of my company in the event that one of my approved contractors (e.g. active substance manufacturer, finished product manufacturer, quality control laboratory etc.) is issued with a warning letter/statement of non-compliance concerning data integrity, from a regulatory authority?
It is considered that the company should evaluate the risk to its products manufactured/released using the principles of quality risk management. Risk assessments should be made available to Inspectors, on request.
Depending on the outcome of the risk assessment, appropriate action should be taken which may entail delisting the contractor from the approved contractor list. In the event that abnormal disruption in supply may result from a contractor compliance situation, relevant regulatory authorities should be consulted in this regard.
- 23. Where does my company’s responsibility begin and end in relation to data integrity aspects of the supply chain for medicinal products?
All actors in the supply chain play an important part in overall data integrity and assurance of product quality.
Data governance systems should be implemented from the manufacture of starting materials right through to the delivery of medicinal products to persons authorised or entitled to supply medicinal products to the public.
Relative responsibilities and boundaries should be documented in the contracts between the relevant parties. Final responsibility of ensuring compliance throughout the supply chain rests with batch certifying QP.
How useful is this page?
Average rating:Based on 224 ratings
Add your rating:
- See all ratings
33 ratings15 ratings17 ratings66 ratings93 ratings