I
N
S
I
G
H
T
|
 |
Are all Corrective Actions alike or How to
keep Internal Audit
Corrective Actions out of FDA review?
The FDA is deciding to play a little game with the industry as part of
their interpretation of the revised GMP which went into effect June 1,
1997. They have now obtained the right to review corrective actions to
determine if they had been addressed. But, is the FDA entitled to review
all corrective actions, including those corrective actions resulting
from Internal Audits?
Internal Audit findings have been sacred ground for the industry since
the inception of the GMPs back in 1978. The concept of keeping internal
audit findings free from FDA review was to provide companies assurance
that the FDA would not use any audit findings against them. The FDA
hoped that this would allow for "real" value auditing and hopefully with
effective corrective actions to assure that the company stays in
compliance.
This is still the basis of the GMP or the QSR which it is now called.
The internal audit report (it is now called "Quality Audits" section
820.22 of the QSR) is still considered off limits (as indicated in
section 820.180(c) Records) to the FDA investigators (though it could be
obtained by subpoena under special conditions). But, it appears that
the FDA has thrown in a little wrench into the works with the wording of
the Corrective Action section of the QSR. In the Corrective Action
section of the QSR (section 820.100(a)(1), the FDA is entitled to review
corrective actions even those that were as a result of quality audits,
to see if they had been implemented, verified and analyzed. So, is
there a conflict in complying with the QSR and still protecting the
integrity of the Audit Reports? Is the FDA entitled to review Audit
Corrective Actions or not? It could present a dilemma on how to handle
the FDA investigator when he/she wants to review the Corrective Actions
section of your quality system.
If Quality Audits are correctly carried out, then many of the findings
of these audits could result in a corrective action. So how should a
company handle these corrective actions showing that they have been
prepared, corrective action taken, implemented, verified and analyzed
but still keep them confidential?
So I followed this idea to the FDA headquarters to see what was their
enforcement policy on reviewing Corrective Actions. The following is
what I came up with:
The FDA is not interested where the Corrective Action was initiated,
only that the Corrective Action was implemented, verified and analyzed.
The FDA has the right to review all corrective actions for this purpose.
They do not feel that it is a conflict to review the Corrective Actions
that resulted from Quality Audits. The Compliance officer I spoke with
stated that the FDA investigator does not care how the Corrective Action
was initiated only that the Action was addressed, implemented and
verified. In other words, they want to make sure that the Corrective
Action section of the QSR is being properly implemented.
So how should this be handled to 1) keep the Quality Audit findings
confidential as they are intended to be and 2) still allow the FDA to
review Corrective Actions that are as a result of the Quality Audit.
This is one possible solution:
As part of your Corrective Actions you should be maintaining a
Corrective Action Log. This log usually has the following information:
Corrective Action Assigned Number, description of the Corrective Action
Report, the date the Correction Action was written, to whom it was
assigned, the date due, date verified, by whom and analyzed.
This log should be maintained for all Corrective Actions, but for
Corrective Actions that were written as a result of the Quality Audit
the following information on the log would be omitted: description of
the Correction Action and to whom it was assigned. In its place write
the word "Quality Audit," which would indicate that this Corrective
Action was generated by the Quality Audit. By doing this you accomplish
the intent of the QSR, by allowing the FDA to see that Corrective
Actions taken as a result of the Quality Audits are being attended to,
verified and analyzed but you are still keeping the Audit information
confidential. This solution works for both parties.
The actual Corrective Actions written as a result of the Quality Audit
would be keep as part of the Quality Audit file and marked
"Confidential."
By the way remember, if your are being audited for ISO certification,
all Corrective Actions would be open for their inspection. The ISO
Notified Body is not a regulatory agency as is the FDA. Their review is
a review of the Quality System and they are not concerned with
regulatory follow up.
Being audited under two different systems, the FDA and ISO could cause
havoc in trying to maintain your quality system. It is important to
always be aware of the differences in the requirements and your
responsibilities to assure your compliance and to avoid unnecessary
problems. And it is better to have one Quality System that addresses
both requirements.
Let me hear your thoughts on this subject.
If you have any comments
on these INSIGHTS we hope that you let us hear them. If you have any of your own INSIGHTS
that you feel would be of value to other companies, we would be pleased to hear from you
and to discuss them with you and if you allow, we would even put them up on this site for
others to learn from.
e-mail INSIGHT |
