US FDA: Draft on Data Integrity for BE/BA Studies published
At the beginning of April 2024, the draft document "Data Integrity for In Vivo Bioavailability and Bioequivalence Studies" was published on the US FDA website and is now available for comment for 60 days. The document is intended to assist applicants and marketing authorisation holders in the area of data integrity for the clinical and bioanalytical part of bioequivalence and bioavailability studies.
Inspection results often help with the interpretation of regulatory requirements. The FDA Warning Letters are a very good source for that purpose. A recent Warning Letter criticises deficiencies in process validation. What did the FDA object to?
After the ICH and the EMA had already made the documents available for download in December and January respectively, the FDA has now announced the availability of the final guidances for the industry entitled "Q2(R2) Validation of Analytical Procedures" and "Q14 Analytical Procedure Development."
FDA Warning Letter Defines Minimum Criteria for Process Validation
In addition to 21 CFR 210/211 and the related Guides to Inspection of as well as Guidelines/Guidances for Industry, Warning Letters are another way of interpreting the US cGMP regulations. Read more here about FDA's response to a pharmaceutical manufacturer's reference to not being aware of the need to perform process validation.
Cloud Computing: Workaround for non-compliant PaaS
Financial and organizational advantages speak for the use of cloud services in the pharmaceutical environment. However, potential risks and regulatory restrictions should be known. Nine experts from industry and regulatory authorities answer an extensive catalog of questions from various topic areas. Question 19: A non-(GXP-)qualified PAAS could change the versions of some of its generic microservices used by the application to be deployed as a GXP SAAS. Changing the versions of such generic microservices could be beyond the control of the SAAS provider. What would be required to make this scenario GXP-compliant?
Cloud Computing: Validation performed by a CSP on its own - what is the Value?
Financial and organizational advantages speak for the use of cloud services in the pharmaceutical environment. However, potential risks and regulatory restrictions should be known. Nine experts from industry and regulatory authorities answer an extensive catalog of questions from various topic areas. Question 18: What is the value of a "validation" performed by a CSP on its own for the services it provides?
EMA publishes ICH Q14 Guideline on Analytical Procedure Development - Step 5
On 26 January 2024, the European Medicines Agency (EMA) has published the ICH Q14 Guideline on analytical procedure development - Step 5. The date for coming into effect is 14 June 2024.
"Bracketing" in process validation has become common practice. In the USA, bracketing has been practiced for some time, and the topic was included in the Annex 15 revision in 2015 (Chapter 5.4.). However, the bracketing concept must be well justified. This is shown by a recent Warning Letter issued by the US FDA.
Cloud Computing: Can an automated Deployment Chain replace an IQ?
Financial and organizational advantages speak for the use of cloud services in the pharmaceutical environment. However, potential risks and regulatory restrictions should be known. Nine experts from industry and regulatory authorities answer an extensive catalog of questions from various topic areas. Question 17: Can an automated deployment chain replace an IQ? If so, what information must the deployment chain provide?
Cloud Computing: Consequences of different service models for Qualification / Validation
Financial and organizational advantages speak for the use of cloud services in the pharmaceutical environment. However, potential risks and regulatory restrictions should be known. Nine experts from industry and regulatory authorities answer an extensive catalog of questions from various topic areas. Question 16: What are the consequences of the different service models (IaaS / PaaS / SaaS / XaaS) for supplier management and the related qualification / validation?
ICH Guidelines Q2(R2) "Validation of Analytical Procedures" and ICH Q14 "Analytical Procedure Development" published
After the final texts of the ICH Guidelines Q2(R2) and Q14 were adopted at the ICH Assembly Meeting on 31 October and 01 November 2023, the documents are now available for download on the ICH website.
Cloud Computing: Validation of SaaS; who is accountable?
Financial and organizational advantages speak for the use of cloud services in the pharmaceutical environment. However, potential risks and regulatory restrictions should be known. Nine experts from industry and regulatory authorities answer an extensive catalog of questions from various topic areas. Question 15: Special considerations for validation of SaaS; who is accountable?
Cloud Computing: Assessment of Cloud Suppliers from an authority's point of view
Financial and organizational advantages speak for the use of cloud services in the pharmaceutical environment. However, potential risks and regulatory restrictions should be known. Nine experts from industry and regulatory authorities answer an extensive catalog of questions from various topic areas. Question 14: What should the assessment of "cloud suppliers" include from an authority's point of view?
Since 2005, the ICH Q9 Guideline has been the state of the art when it comes to quality risk management. It was initially included in the EU GMP Guidelines as Annex 20 and was then incorporated into Part III. In addition, an ICH Q9 "briefing package" was developed and made available on the ICH website. New training material is now also available for Revision 1 of the ICH Q9 Guideline.
Financial and organizational advantages speak for the use of cloud services in the pharmaceutical environment. However, potential risks and regulatory restrictions should be known. Nine experts from industry and regulatory authorities answer an extensive catalog of questions from various topic areas. Question 13: A cloud service providers refers to SOC reports when assessed, especially to the SOC2 report. Would this report be sufficient as concerns the requirements of the assessment and could it be used?