FDA Clarifies When to Report Postapproval CMC Changes

Excipient makers preparing for the new GMP standard NSF/IPEC/ANSI 363 should be aware they are expected to police themselves to determine if they are meeting manufacturing requirements for their products.

The standard is voluntary, but IPEC Americas and its co-developers — NSF International and the American National Standards Institute — are urging the FDA to adopt it as guidance and require drugmakers to enforce it through audits of excipient suppliers.

James Morris, executive director of NSF Health Sciences, explained that the standard sets a higher bar by suggesting that manufacturers conduct a risk assessment, in addition to having a process to review and approve suppliers, as part of the purchasing process. The risk assessment should determine which incoming raw materials, and therefore which suppliers, pose the greatest risk, Morris said during a recent FDAnews webinar.

Supplier Changes

When suppliers change, manufacturers should expect to document the process for selection and approval, Morris adds. A risk assessment should identify areas that are critical to raw material quality, as well as a method for assessing and approving significant changes. The manufacturer should be informed prior to the first excipients shipment after a change is implemented.

Drugmakers are also expected to conduct risk assessments of buildings and facilities to identify areas of potential contamination. And they should assess the risk of contamination by utilities and process materials, ensuring that any potential problems are identified and mitigated.

Even maintenance schedules should be based on a documented risk assessment and any deviations from those schedules must be justified. Deviations from product storage conditions must be assessed and documented as well — a change from existing standards.

Turning to management, the standard calls for supervisors to assure proper and timely reporting of complaints. This means developing written procedures for handling written and oral complaints, including recordkeeping, timeframes for review and specific expectations.

Management roles and responsibilities must be clearly defined and there should be a designated senior-level person from the quality unit to oversee compliance with the standard. Management will be responsible to ensure that vendors agree to comply with the standards.

The section on computer systems is aligned with the existing Pharmaceutical Quality Group guideline. Manufacturers must ensure that changes are made by authorized personnel, as this is often an issue in audits, Morris says.

Document Control

The document control provisions suggest making documents available at the point of use and provide more specifics on record control than the PQG guideline. Drugmakers should retain records for at least one year past expiry or two years past retest, and a minimum of five years past manufacturing if expiry/test aren’t stipulated.

Meanwhile, the 363 standard’s QMS provisions are aligned with the PQG guideline, Morris said. The main difference is an emphasis on scientific knowledge and the importance of quality risk management. For example, excipient makers should have evidence of systems to review and identify opportunities for improving the QMS.

Morris urges manufacturers to ensure suppliers have completed an assessment or been certified to the new standard, and that they have a timeline to address any gaps. Any that aren’t compliant by the proposed Q3 deadline should have a plan for meeting the standard within a reasonable timeframe.

NSF is transitioning its auditors to use the new 363 standard, and certification under the standard may substitute for a supplier audit, Morris notes.

Stay up to date on regulatory stories like this one by subscribing to the Drug GMP Report. For over 20 years, drug manufacturers have relied on DGR for the latest on FDA’s interpretation and enforcement of cGMPs and the Quality Systems Regulation — information you need to stay in compliance.