API Auditing System

and Philosophy

Presented by Linda Ambrose

ISPE Indonesia, May 2014
 API Auditing
System & Philosophy

• Why Inspect?
• The standards & Role of the Regulator
• Audit Tips & frequent weaknesses
• Alternatives – to “lighten the load”
 Previous quality incidents

USA 1937 105 died Sulfanilamide elixir

Bangladesh 1990/1992 237 children Paracetamol syrup
Nigeria 1991 100 children Paracetamol elixir
Haiti 1995 89 children Paracetamol cough syrup
India 1998 30 infant died Acetaminophen syrup
China 2006 11 died Armillarisin A injection
Panama 2006 109 died Cough syrup

Glycerin/Propylene glycol contaminated/substituted with Diethylene glycol – Excipient!

 More Recent quality incidents

2008 Heparin Oversulfated 149 Died, 800

chondroitin sulfate Adverse events
(OSCS)
2012 Antibiotics Putrid “gutter” Oil 000s Tons

2012 Gelatin Leather Scraps 43 Manufacturers

Capsules
 A Fatal Example: Heparin

Heparin use: Heart surgery, kidney dialysis,

angioplasty: millions of patients per year

Q1 2008: USA 149 patients reported dead and

ca. 800 adverse reactions due to heparin

Heparin manufacturer in China was never

inspected by FDA or Importer

Contaminated heparin detected in 11 other

countries
 A Fatal Example: Heparin
Contaminant: 5% - 45% Oversulfated chondroitin sulfate
(OSCS)

OSCS molecular structure closely resembles heparin &

mimics heparin in standard testing

OSCS is not a natural compound => synthesized from

Chondroitin sulfate (origin: animal cartilage)

Cheap (< $80 vs. heparin $500-1500)

OSCS most likely added deliberately (12 different sources

China)
 The Standards
API GMP requirements are explicit:
• USFDA requirements
• Guidelines from the International
Conference on Harmonization (ICH Q7) -
now => PIC/S GMP (Pt 2)
• WHO - TRS957_Annex2_GMP-API
• Sterilised API – Annex1 GMP (Pt 1).
 The Standards

If API for dosage forms European Market:

• Falsified Medicines Directive (FMD)
(Directive 2011/62/EU)

….an “alarming increase of medicinal products

detected in the European Union which are falsified
in relation to their identity, history or source”.
 PQG Guide to Supply Chain Risk
Management - Foreward
“… MHRA has implemented a risk based approach
to the inspection of pharmaceutical operations
as a key element of its Better Regulation
initiative.
This approach recognises to a greater degree the
ownership of pharmaceutical companies of the
quality assurance of their total manufacturing
and supply processes.
The industry, therefore, is being expected to take
overall responsibility for the quality of its output.”
Gerald W Heddell, Director
Inspection, Enforcement & Standards Division, MHRA
A Guide to Supply Chain Risk Management for the Pharmaceutical and Medical Device Industries and their Suppliers
 GMP: Know your Supplier

Ch 5: Production
5.25. The purchase of starting
materials is an important
operation which should
involve staff who have a
particular and thorough
knowledge of the
suppliers.
 GMP: Know your Supplier

An 7: Sampling of Starting & Packaging Materials

2. The identity of a complete batch of starting materials can

normally only be ensured if individual samples are taken
from all the containers and an identity test performed on
each sample. It is permissible to sample only a proportion
of the containers where a validated procedure has been
established to ensure that no single container of starting
material will be incorrectly identified on its label.
 GMP: Know your Supplier

An 7: Sampling of Starting & Packaging Materials

3. This validation should take account of at least the following
aspects:
• nature and status of the manufacturer and of the supplier
and their understanding of the GMP requirements of the
Pharmaceutical Industry;
• the Quality Assurance system of the manufacturer of the
starting material;
• the manufacturing conditions under which the starting
material is produced and controlled;
 Why Inspect?

To protect patient safety by:

• Detecting GMP non-compliance
• Detecting Regulatory non-compliance

AND…..

• Detecting Fraud
• Detecting Counterfeiting
 Role of RA Inspection Reports
Manufacturing Authorisation Holders (MAHs) sometimes confuse the
role of Inspectorates with their own obligations

When inspection reports or GMP certificates are available, these can

provide useful information to MAHs.

These alone cannot fulfill the statutory obligations of the MAHs or the
requirements of section 5.25 of the GMP guideline.
(5.25 The purchase of starting materials is an important operation
which should involve staff who have a particular and thorough
knowledge of the suppliers.)
 Can’t Rely on RA to Inspect all!

API/Intermediates worldwide allocation

• 60-70% of APIs are manufactured in
India/China
• 80-90% of API intermediates are
manufactured in India/China
• 10,000-20,000 Pharma related
companies in India and in China
 Role of RA Inspection Reports

Results of inspections may be used together with

other supporting information – use a risk-based
approach to set priorities for its own audit
programme of API suppliers.

Need to ascertain the point within the process

where full GMP requirements are expected to be
applied.
 Customer audits
API manufacturers recognize that hosting
customer audits are a necessary cost of
doing business

Can manage audits - generally anticipate

customers will periodically visit the facility
 Company Process
for Supplier Approval.....
Company should define it’s auditing principles
(methods, frequency)

Which API & purchased Intermediate manufacturers

to audit
Auditing frequency - base on API maufacturing site
quality status and risk assessment

Each new supplier -pre-audit (?)

 Main challenges
Often large number of manufacturers should
be regularly audited – Resources &
Expertise available?
Lack of reliable API/Intermediates sources
Reluctance by dosage-form manufacturers to
invest in low-price products
Perceived high cost of auditing activities
(compare to the cost of not auditing!)
 Specific Challenges
Challenges of Auditing in India/China
• Culture and language difficulties
• Complicated supply chain (pharma
contractors, distributors, brokers,
agents, etc.)
• Frequent site transfers and ownership
changes
• Distance, logistics, costs, expenses…
 Quality Audit Definition (1)
US Code Federal Regulations for Medical Devices & ISO:

“Quality audit means a systematic, independent examination

of a manufacturer's quality system that is performed at
defined intervals and at sufficient frequency to determine
whether both quality system activities and the results of
such activities comply with quality system procedures, that
these procedures are implemented effectively, and that
these procedures are suitable to achieve quality system
objectives.”
(21CFR820 - Medical devices, General provisions)
 Quality Audit Definition (2)
US Code Federal Regulations for Medical Devices & ISO:
“Systematic, independent and documented process
for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit
criteria are fulfilled.”
(ISO 9000, ISO 19011 )
 API Audit – some tips
Think about the api manufacturer as an
extension of the quality of the finished
dosage form.

Even if using “checklists” –

hold the whole operation in
mind.
How do the pieces of the
jigsaw fit together?
 API Audit – some tips
Use PIC/S Inspectors Aide-Memoire to help
you understand regulatory expectations

Begin with the end in mind –

the report format.

Be clear where GMP begins

according to the substance
 API Audit – The Report
Regulatory Guidance is available:
Information on high risk areas and focus on:
• Process, cleaning and validation;
• Risk of cross contamination with other active substances or
other substances;
• Potential for unknown impurities;
• Risk of confusing materials/products – handling/packing;
• Change control;
• Deviation recording and management; and
• Security sealing of API containers and security or
temperature control of shipments.
 API Audit – Tips for Planning

Use PIC/S Inspectors Aide-Memoire to help

you understand regulatory expectations

Educate & Understand the

API Manufacturing process
& risks

Be clear where GMP begins

according to the substance
 API Audit – common weaknesses

Risk of Cross contamination

• Lack of cleaning concept, cleaning
techniques – Insufficient residue limits
• Insufficient analytical methodology
• Deficient production lines and cleaning
areas design
 API Audit – common weaknesses

Contamination from deficient production lines

design and maintenance
• Foreign particles problem (unknown source)

Deficient prevention of outside
contamination?

Old equipment?

Insufficient process mechanical filtration?

Lack of foreign particles quantification
methodology and clear release criteria
 API Audit – common weaknesses

Deficient Change Control

• Intermediates
• APIs with complicated supply chain
• Uncontrolled process/ equipment
changes
• Unpredictable quality issues from
process/ equipment changes
 API Audit – common weaknesses

• Lack of computerized system and process

parameters monitoring
• Lack of reporting culture on deviations
from Production to Quality units
• Weak investigation knowledge and
practice
• Lack of organisational power of Quality
group
 Checking for API fraud
Check the site actually exists where they claim eg Google Earth

Check for large discrepancies between annual output and sales

(Purchasing API and re-labelling? Enough starting materials for
output/sales?)

Check the label book for labels from other manufacturers

(Labelling own API as if produced by others?)

Check if any API is shipped in neutrally labelled packaging

(Illegitimate re-labeling at receiving end?)
 Checking for API fraud
Follow your own agenda – not the company’s; ask to see
things that were not expected by the company
Insist on inspecting during manufacture of your API

Check for compliance of all data included within the API

registration documents (e.g. CEP dossier or DMF)

Check raw data rather than “summaries” or review

reports
Double-check any reports of inspections of the
site performed by other reputed authorities
Check multiple rows of drums
(back rows unlabelled?)
 Checking for API fraud
Check on EDQM’s website if the manufacturer holds any
CEPs suspended or withdrawn

Check purchasing records and sales records for illicit

transactions

Compare API samples analytically fingerprinted vs. an

original sample and/or compare with registered API
quality in CEP dossier or DMF

Check shipped batches, dates and clients and

double-check if possible
 Checking for API fraud
Look for traces of activities of replacing original labels by
different labels (e.g. equipment to remove labels:
e.g. a burner)

Check for the presence of API in warehouses with

labels from producers not included in official
documentation

Scrutinize entire labels production, management

and reconciliation system for irregularities
 Main challenges - revisited

Often large number of manufacturers should

be regularly audited
Perceived high costs of auditing activities
(compare to the cost of not auditing!)
 Main challenges - revisited

How to Lighten the

Load?

Often large number of manufacturers should

be regularly audited
Perceived high costs of auditing activities
(compare to the cost of not auditing!)
 Lightening the Load
Potential for Third Party Audits
• EU* & US FDA stated “Third Party Audits can be
used as one option to verify the compliance
status of a supplier.”

Challenges

Auditor must be properly “qualified” and
experienced & audit to approved procedures

Must demonstrate no conflict of interest

Reports must be accessible to Competent
Authority
* EMEA Guidance (2006)
 Lightening the Load
Potential for Purchase or Sharing of Audit
Report & CAPA
• May be acceptable to Regulator
• Challenges

Limited “Shelf-Life”

Scope may not be site or line specific
enough for own api

Must comply with the requirements for
“Third Party Audits (previous slide)
 Positive Future trends
Intensification and widening of US and EU
Regulatory Inspection
Strengthening of Chinese sFDA

Anti counterfeiting pressure

Increasing “third party” & audit sharing

resources
 Take Home messages
Increasing Regulator expectation for API
Audit programmes & Improved Supplier
Qualification - Industry is Responsible!
Standards are clear – standard “Audit” and
checking for fraud/counterfeiting.
The workload seems high – need process,
structure & resources to manage
Third Party support is acceptable (with
some “boundaries”)
And Finally…
Contact me………

Linda @Qualitymindset.com