What You Need to Know About GxP Independent Compliance Audits, Part 2

Welcome to Part 2 of our blog series on "What You Need to Know About GxP Independent Compliance Audits." In Part 1, we discussed the importance of GxP audits, the different audit types, and why utilizing independent auditors is crucial for successful compliance assessments. Now, in Part 2, we will delve deeper into the key elements of GxP independent compliance audits, how compliance is assessed, the audit process, and the roles and responsibilities of both the auditee and the auditor during the audit.

We will also explore what to expect during health authority inspections and the potential consequences of non-compliance. Additionally, we will highlight how organizations can proactively leverage independent compliance audits to strengthen their compliance efforts and minimize the impact of health authority inspections.

Key Elements of GxP Independent Compliance Audits

The primary objectives of GxP independent compliance audits are to assess the organization's adherence to GxP regulations, guidelines, and quality systems, and to ensure compliance with industry best practices. These audits are designed to provide assurance that the organization is operating in a compliant manner, following the prescribed regulations and guidelines, and maintaining the required quality standards. The scope of GxP independent compliance audits typically includes the following aspects:

• Regulatory Compliance
• Quality Systems
• Documentation and Recordkeeping
• Facilities, Equipment, and Infrastructure
• Training and Competence
• Supplier and Vendor Management
• Risk Management and CAPA

How is GxP Compliance Assessed?

Compliance in GxP independent audits is typically assessed against a range of criteria, which may include:

• Regulatory Requirements: Compliance with specific regulations, guidelines, and laws applicable to the GxP area, such as FDA regulations, ICH guidelines, or ISO standards.
• Industry Standards and Best Practices: Adherence to industry-accepted standards, best practices, and guidelines relevant to the specific GxP area, such as ISO 13485 for medical devices or GAMP (Good Automated Manufacturing Practice) for computerized systems.
• Quality Systems: Compliance with quality management system requirements, such as those defined in ISO 9001 or the applicable GxP-specific quality systems.
• Standard Operating Procedures (SOPs): Adherence to documented standard operating procedures that govern GxP activities, ensuring consistency, repeatability, and compliance with established processes.
• Data Integrity: Compliance with data integrity principles, including the accuracy, completeness, consistency, and security of GxP-related data throughout its lifecycle.
• Good Documentation Practices: Adherence to good documentation practices, such as proper documentation of activities, recordkeeping, version control, and archiving.

During GxP independent compliance audits, auditors evaluate the organization's practices, systems, and controls against these criteria to determine the level of compliance and identify areas that require corrective actions or improvements.

Learn more about GxP Compliance with these blog posts:

• Understanding GxP Compliance in Drug and Medical Device Development Lifecycle
• Recognizing the Value of Outsourcing GxP Audits

The Audit Process

The typical audit process for GxP independent compliance audits involves several stages, including planning, execution, documentation, and reporting. While each audit will have its own unique process based on your organization’s needs, here is a breakdown of the types of activities take place in each stage.

Planning:

• Scoping: Define the objectives, scope, and focus of the audit based on regulatory requirements, industry standards, and organizational priorities.
• Audit Team Selection: Determine the composition of the audit team, considering their expertise and experience in the relevant GxP area.
• Audit Plan Development: Develop a detailed audit plan outlining the audit activities, timelines, resources required, and specific areas to be assessed.

Execution:

• Opening Meeting: Conduct an opening meeting with the auditee to communicate the purpose, scope, and expectations of the audit.
• Document Review: Review relevant documentation, such as SOPs, batch records, protocols, and other records, to assess compliance and identify areas for further investigation.
• Interviews and Observations: Conduct interviews with personnel involved in GxP activities to gather information, clarify procedures, and assess compliance. Additionally, observe operations to validate the implementation of documented practices.
• Sampling and Testing: Select representative samples of records, processes, or products for further examination, verification, and testing to evaluate compliance.
• Non-Conformance Identification: Identify any instances of non-compliance, deviations, deficiencies, or observations that do not meet regulatory requirements or organizational standards.

Documentation:

• Audit Findings: Document and record the audit findings, including non-conformances, observations, and deficiencies, along with supporting evidence and references to applicable regulations, guidelines, or standards.
• Evidence Collection: Maintain proper documentation of evidence, including notes, photographs, test results, or any other relevant documentation that supports the findings.
• Audit Trail: Maintain a clear audit trail, documenting the activities performed, areas reviewed, personnel interviewed, and any modifications made during the audit process.

Reporting:

• Draft Audit Report: Prepare a comprehensive and objective audit report that includes an executive summary, audit scope, methodology, findings, observations, and recommendations for corrective actions.
• Review and Approval: Ensure the audit report is reviewed internally, considering the accuracy and completeness of the findings, and obtain necessary approvals before finalization.
• Communication: Share the final audit report with the auditee, highlighting the findings, observations, and recommendations.
• Corrective Action Plan: Request the auditee to develop a corrective action plan addressing the identified non-conformances, observations, or deficiencies within a specified timeframe.
• Follow-up: Schedule follow-up activities to verify the implementation and effectiveness of the corrective actions taken by the auditee.

Throughout the audit process, auditors maintain objectivity, confidentiality, and professionalism. They should also adhere to applicable ethical standards, code of conduct, and confidentiality agreements.

It's important to note that the specific steps and processes may vary depending on the organization, regulatory requirements, and the complexity of the GxP area being audited. The audit process should be flexible enough to accommodate unexpected findings or issues that may arise during the audit.

Roles & Responsibilities

During the audit process, both the auditee (the organization being audited) and the auditor have specific responsibilities to ensure a smooth and effective audit. Below we'll review the general responsibilities of each party.

Responsibilities of the Auditee:

• Cooperation and Access: Provide full cooperation to the auditor throughout the audit process, including granting access to facilities, documentation, and personnel relevant to the audit scope. Assist the auditor in understanding the organization's processes, systems, and controls.
• Preparation: Prepare relevant documentation, records, and evidence in advance to facilitate the audit process. Ensure that the auditee's personnel involved in GxP activities are adequately trained, competent, and available for interviews or discussions during the audit.
• Communication: Act as the primary point of contact for the auditor and promptly respond to any inquiries or requests for information during the audit. Provide accurate and complete information in response to auditor queries or requests.
• Compliance Assistance: Demonstrate compliance with relevant regulations, guidelines, and industry best practices during the audit process. Address any identified non-conformances or deficiencies promptly and develop appropriate corrective action plans.
• Confidentiality: Respect and maintain the confidentiality of audit-related information, ensuring that sensitive or proprietary information is appropriately protected.

Responsibilities of the Auditor:

• Impartiality and Objectivity: Maintain independence, impartiality, and objectivity throughout the audit process. Avoid conflicts of interest or any behavior that could compromise the integrity or credibility of the audit.
• Compliance Expertise: Possess in-depth knowledge of the relevant GxP regulations, guidelines, and industry best practices. Stay updated with the latest regulatory requirements and industry trends to provide accurate assessments.
• Planning and Execution: Develop a detailed audit plan, including scoping, objectives, and activities. Execute the audit in accordance with the plan, ensuring that all relevant areas are assessed and findings are properly documented.
• Professional Conduct: Conduct the audit professionally, demonstrating respect, courtesy, and professionalism towards auditee personnel. Maintain the confidentiality of auditee information and adhere to any confidentiality agreements.
• Documentation and Reporting: Document audit activities, observations, and findings accurately, thoroughly, and objectively. Prepare a comprehensive audit report that clearly communicates the audit scope, methodology, findings, observations, and recommendations.
• Compliance Guidance: Provide guidance and clarification to the auditee regarding compliance requirements and industry best practices. Offer recommendations for improvement or corrective actions to address identified non-conformances or deficiencies.

Both the auditee and the auditor should work collaboratively to ensure a productive audit process and facilitate the organization's compliance with regulatory requirements, industry standards, and best practices. Clear communication, mutual respect, and a shared commitment to quality and compliance are key to a successful audit.

What to Expect When the Health Authorities Inspect

A health authority inspection is an official examination of a facility and its quality systems to determine its compliance with laws and regulations within the jurisdiction.

Type and length of audit depends on the GxP area to be examined, type of products, and the health authority that performs the inspection. The goal of each type of inspection is to help protect consumers from unsafe products. Inspections are generally conducted for three reasons:

• Pre-approval Inspection (PAI): In order for a new medicinal product to be approved, a PAI is required by the country’s regulating agency.
• Routine Inspection of a Regulated Site/Activity: Depending on the authority and risk associated with activity, routine inspections are conducted at initial license application and at intervals of 1-3 years to assure continued regulatory compliance.
• “For-cause” Inspection: This type of inspection is conducted on short notice or with no notice at all if the regulator receives intelligence or for other reason suspects critical compliance, quality, or safety breaches.

Regardless of the type of inspection, noncompliance with regulations and commitments made to the governing health authority can result in harsh consequences.

Avoidable Consequences of Noncompliance

There is a wide range of consequences for lack of compliance. Specific enforcement activities include actions to correct and prevent violations, remove noncompliant products from the market, and punish offenders. The type of enforcement activity the health authorities use depends on the nature of the violation.

• Regulatory actions including 483s, warning letters, import bans, product recalls, market withdrawals, or even the suspension or revocation of marketing authorizations or licenses
• Fines and penalties can vary in severity, depending on the seriousness of the non-compliance and the organization's compliance history
• Reputation damage from negative publicity and media attention can lead to decreased consumer confidence and a loss of market share
• Product delays and loss of revenue opportunities and increased costs associated with addressing non-compliance issues
• Legal actions, including lawsuits and product liability claims, can lead to substantial financial losses and reputational damage
• Organizations with a history of non-compliance may face increased regulatory scrutiny, including more frequent inspections and audits, which places additional pressure on the organization to maintain compliance and address any future non-compliance issues
• Loss of business opportunities, as potential partners, distributors, or customers may be hesitant to collaborate with an organization with compliance issues
• Risks to patient safety and product quality compromise an organization's commitment to producing safe and effective products

It's essential for organizations to address non-compliance findings promptly and effectively, implementing corrective actions to mitigate risks and improve compliance. Proactive compliance management, continuous improvement, and a commitment to quality are key factors in avoiding or minimizing the consequences of non-compliance in GxP audits.

Proactive Compliance Management with Independent Compliance Audits

Companies looking to avoid the previously discussed outcomes from their Health Authority inspections proactively leverage independent compliance audits to gain valuable insights into their organization's adherence to GxP regulations and industry best practices. The outcomes of an independent compliance audit are critical when seeking to maintain regulatory compliance and improve your overall quality management systems. When working with independent audits, organizations can identify areas where they need to make improvements ahead of an agency inspection:

• Identification of Compliance Gaps: Independent compliance audits identify areas of non-compliance, deficiencies, or observations in the organization's processes, systems, and controls. These findings highlight specific areas that require attention and improvement to align with regulatory requirements.
• Root Cause Analysis: Auditors often conduct root cause analysis to determine the underlying reasons for non-compliance or deficiencies. Understanding the root causes enables organizations to address the core issues rather than merely treating the symptoms, resulting in more effective and sustainable corrective actions.
• Recommendations for Corrective Actions: The audit report provides specific recommendations for corrective actions to address identified compliance gaps. These recommendations serve as a roadmap for organizations to improve their processes, systems, and quality management practices.
• Validation of Compliance Efforts: Successful independent compliance audits validate the organization's commitment to regulatory compliance and quality excellence. Positive audit outcomes enhance the organization's reputation and build trust with stakeholders, including regulatory authorities, customers, and business partners.
• Opportunities for Continuous Improvement: Audit findings serve as learning opportunities for continuous improvement. Organizations can use the insights gained from the audit to enhance their compliance management systems, promote a culture of quality and compliance, and drive ongoing improvement initiatives.
• Enhanced Risk Management: By identifying compliance gaps, the audit outcomes contribute to improved risk management. Addressing these issues helps mitigate potential risks associated with non-compliance, product quality, and patient safety.
• Preparation for Regulatory Inspections: Positive independent compliance audit outcomes prepare organizations for regulatory inspections. The proactive approach to addressing compliance gaps ensures that the organization is better equipped to handle health authority inspections confidently.

The outcomes of an independent compliance audit provide organizations with valuable information to strengthen compliance, enhance quality, and foster continuous improvement. By addressing audit findings and implementing recommended corrective actions, organizations can demonstrate their commitment to regulatory compliance, risk management, and quality assurance.

Conclusion

Independent auditors help companies avoid consequences from health authority inspections by providing objective assessments of compliance status. They identify gaps and non-compliance issues based on regulatory requirements and industry best practices. By addressing these findings through comprehensive corrective action plans, companies can rectify deficiencies proactively.

Auditors play a crucial role in verifying the effectiveness of implemented corrective actions, ensuring that identified issues are adequately resolved. Additionally, the audit process fosters a culture of compliance within the company, encouraging transparency, accountability, and continuous improvement. Auditors may also share best practices from other organizations, helping companies strengthen their compliance efforts and align with industry standards.

Regular independent audits serve as effective preparation for health authority inspections, equipping companies to handle such visits confidently. Through collaboration with independent auditors, companies can enhance their compliance posture, reduce the risk of adverse consequences from health authority inspections, and maintain a reputation for quality and compliance excellence.

ProPharma is here to help your organization be GxP compliant. Our global auditing team has performed more than 1,000 GxP audits in the past two years. Contact us today to speak with one of our audit experts and tell us how we can help you meet your compliance goals.