This article is part one of a two-part series focused on GMP quality audit management.
Although quality audits are traditionally on-site, many regulated companies have experience with remote quality audits, even before the pandemic. The global health crisis forced more companies to embrace the practice overnight, and even regulators adopted it. Are remote audits here to stay?
Also known as virtual audit or desktop audit, it means the auditor and the auditee are not at the same location during the process. Many life science organization as well as other industries with regulatory requirements conduct remote audits for convenience and efficiency. The prerequisite is an automated quality management system (QMS). Remote audits are generally suitable for first-party audits and second-party audits involving low-risk processes. However, the pandemic did create a unprecedented shift: even Good Manufacturing Practice (GMP) audits are now conducted remotely.
This is the first installment of a two-part blog series focusing on GMP audits. We’ll take a look at how remote audits have proven to be a silver lining when on-site GMP audits posed serious logistical problems.
Why Regulated Companies Need Audits
In a basic sense, an audit is a systematic way of examining a product, process, or system. Life science and other companies regulated by the FDA are required to undergo GMP audits, not just once but regularly. Companies that adhere to ISO and similar quality standards also go through GMP audits.
Regulated companies need audits for both compliance and performance, which go hand in hand. Companies need audits to demonstrate that their products, services, and QMS are reliable and safe. In turn, such quality performance serves as the basis for compliance. Companies that succeed in performance audits have no problem passing compliance audits.
Extensive regulations, guidance, and standards are the primary reason pharmaceutical, biotechnology, medical device, and other regulated companies need audits. They include:
- Current Good Manufacturing Practice (CGMP) regulations for pharmaceuticals (21 CFR Part 211)
- Guidance for Industry Quality Systems Approach to Pharmaceutical CGMP Regulations
- CGMP rules for blood and blood components (21 CFR Part 606)
- Guidelines for Quality Assurance in Blood Establishments
- Quality System Regulation for medical device manufacturers (21 CFR Part 820)
- European Union GMP Directives for pharmaceutical companies
- ISO 9001 for manufacturers and other businesses
- ISO 13485 for medical device firms
- ICH Q9 Quality Risk Management Guidance
- ICH Good Clinical Practice guidelines
Likewise, food manufacturers are required to establish preventive-control systems for modern food product safety, the equivalent of QMS in the life science industry. In other words, food companies need audits too.
A regulated company’s suppliers also undergo audits to ensure accountability. In particular, the FDA considers suppliers an extension of the regulated company. It behooves manufacturers to make sure all their suppliers are compliant with GMP standards.
Regulated Industries Embrace Remote Audits
When the pandemic all but made travel impossible, regulators and certification entities were forced to adapt. Indeed, they were under tremendous pressure to work on emergency authorization of COVID-19 vaccines and ensuring the safety of ventilators and PPE, on top of other products that needed approval or clearance.
In 2021, the FDA issued a guidance for remote audits of pharmaceutical manufacturing and bioresearch facilities. A remote interactive evaluation doesn’t replace an inspection, but the FDA uses information gathered during the process to determine the scope of a future inspection.
“For oversight of clinical research, we’ve been able to conduct a mix of mission-critical, on-site inspections and remote record reviews to help ensure product approvals/authorizations did not get delayed,” wrote Janet Woodcock, acting commissioner of food and drugs, and Judy McMeekin, associate commissioner for regulatory affairs, on the FDA’s blog.
The European Commission has similarly allowed notified bodies to conduct remote audits of medical device companies and their suppliers. A survey conducted by the European Association of Medical Device Notified Bodies revealed that remote audits were successful. Majority (86%) of notified bodies that participated in the survey said remote assessments identified about the same number of nonconformities as on-site audits.
The Medical Device Single Audit Program (MDSAP) allowed remote audits as an alternative to on-site audits at the onset of the pandemic. MDSAP lets medical device manufacturers use just one QMS audit for acceptance in Australia, Brazil, Canada, Japan, and the U.S.
Regulatory virtual audits are deemed temporary. But existing regulations that require audits don’t prohibit remote audits, so the possibility that they will remain is there.
“We will continue to study how to incorporate additional data sets and insights and new technologies and tools for facility oversight, including the further use of remote interactive evaluations,” according to Woodcock and McMeekin. As examples, they mentioned the use of remote livestreaming video, teleconferences, and screen sharing.
How to Adopt and Optimize Remote Quality Audits
Now more than ever, you need to equip your teams with the capability to conduct or undergo remote audits. It’s one way to minimize disruptions in your compliance activities when traditional audits are not possible.
While regulations and standards are clear why audits are important, they don’t specify the details of how to conduct them. Therefore, you’ll need to determine for yourself the appropriateness and feasibility of virtual audits.
For example, if you have unresolved quality issues from your last GMP audit, a remote audit is probably unwise. If you still use paper-based quality processes, remote audits may be impossible. If you use unconnected ERP, CRM, PLM, and other electronic systems, you may be able to do it with the right preparation and resources. This is the best time to integrate your disparate electronic systems under a closed-loop QMS.
If your audit management process is automated in your QMS, here are a few tips for adopting and optimizing remote audits:
- Make your IT team a key part of the audit from the start. The planning phase should include any changes in corporate policies that impact IT in relation to quality management.
- Update and strengthen security measures to ensure a secure remote audit.
- Allow more time for planning and actual implementation of a remote audit. As a guide, budget an extra half-day for unforeseen technical or other issues. Unlike an in-person meeting, the back-and-forth between auditor and auditee is likely to take longer. In addition, consider time-zone differences for all parties involved.
- If a virtual tour of a facility or a live demonstration of processes is part of the audit, rehearse the activity to test the effectiveness of the technology you’re using.
- Just like an on-site audit, use a risk-based approach to a remote audit. Consider the possibility that high-risk processes may still need an on-site inspection in the future.
It took a global pandemic to showcase the flexibility and immediacy of remote audits. Now that regulators and certification bodies themselves have adopted the practice, it’s time for you to leverage it as well. You’re going to need to automate any paper-based quality processes and integrate unconnected electronic systems first. If you’re among the early adopters of virtual audits, perhaps it’s time to expand and improve your usage.
Related Reading: Remote Audits in the Age of COVID-19
About the Author
Sal Lucido is Co-Founder and Executive Vice President AssurX. Sal is an unequivocal product evangelist and an expert in the area of quality process automation. He holds a broad array of responsibilities, ranging from overseeing strategic plans and operational improvements to managing tactical alliances.