The word “audit” is derived from the Latin verb “audire,” which translates to “to hear” or “to listen.” Generally, this type of operational walkthrough is applicable in a wide range of areas. In the pharmaceutical industry, audits are a central component of GMP-compliant quality assurance (e.g., as required in the EU GMP Guide, Part I, Chapter 9 “Self-inspection”). This is a good thing, because these systematic examinations verify whether the legal requirements and GMP guidelines (Good Manufacturing Practice) are being adhered to. These quality standards do not exist without reason, as they ultimately serve to protect the patient.
What types of audits are there?
- internal
- Quality audit
- Safety audit
- external
-
- Authority audit
- Customer audit
What is an internal audit?
Internal quality audits serve to verify compliance with all applicable standards and processes on a regular basis and to identify deviations at an early stage. Such internal reviews, for example, by Quality Assurance, reveal potential weaknesses that can thus be remedied early.
Another type is safety audits. Depending on the risk assessment and the size of the company, in workplaces with regularly more than 20 employees, a safety officer must be appointed (§ 20 DGUV Regulation 1 / DGUV Vorschrift 1). Safety officers support entrepreneurs and managers in implementing occupational safety, and, within the scope of their tasks, can accompany walkthroughs or safety audits. However, the legal responsibility for compliance with occupational safety regulations remains with the employer.
What are external audits for?
In contrast, there are external operational inspections, which include authority audits. In the USA, for example, the FDA carries out GMP inspections. In the EU, GMP inspections are carried out by the national competent authorities; the EMA coordinates inspections mainly for medicines authorised via the centralised procedure or in the context of referrals, but does not conduct inspections itself. The WHO also inspects production sites within the framework of its prequalification programs to ensure compliance with WHO GMP.
The walkthroughs often last several days, and large parts of the company are inspected (production facilities, laboratories, etc.). If the auditors notice quality deficiencies, these must be promptly remedied by the company. If these are serious, the authorities can even block the company from distributing its products until the processes have been improved.
Why is there the PIC/S model scheme?
PIC/S (Pharmaceutical Inspection Co-operation Scheme) is an international cooperation that harmonises GMP inspections and supports the training of inspectors. Many participating authorities, including the U.S. Food and Drug Administration (FDA), use common standards and guidance to ensure that inspections are carried out as consistently and comparably as possible.
What is the difference between customer audits?
Customer audits also fall under the category of external audits. They typically take place at contract manufacturers, suppliers, or service providers. In this process, auditors normally inspect all areas responsible for processing their product. As a rule, the customer has contractually regulated rights of access to relevant documents that were created in connection with their products. If quality deficiencies are identified, they must be eliminated.
Further forms of operational inspections
Additionally, there is, for example, the data protection review, which checks whether, among other things, the GDPR is being complied with. Likewise, the trade supervisory authority (Gewerbeaufsicht) or the employers’ liability insurance association (Berufsgenossenschaft) can announce their visit.
If a company wants to be certified according to an ISO standard, an operational walkthrough (audit) is conducted by a certification body accredited to ISO/IEC 17021-1 (e.g., TÜV, DEKRA). These independent bodies also conduct targeted inspections of specific processes or facilities to ensure conformity.
Moreover, there are also inspections in which a checklist is typically worked through to verify whether specific safety devices within the company function properly.
The audit process in detail
Generally, external audits are announced; however, authority inspections can also occur without prior notice. As soon as the date is set, it is determined which products and departments are affected. If the exact batches of a product are also known, the complete documentation is prepared and checked in advance. In addition, SOPs (Standard Operating Procedures), as well as process descriptions and test instructions, are updated.
Before conducting critical authority audits, internal operational walkthroughs are undertaken by Quality Assurance to identify and eliminate any deficiencies.
The actual audit begins with an introductory meeting, during which the auditors explain the purpose of their visit. This is followed by a walkthrough of the production and packaging facilities, the storage areas, and the laboratories.
After that, the auditors review documents. This includes SOPs as well as the product documentation, training documents, and maintenance reports for the facilities. In this context, for example, it is checked whether the production facilities are regularly maintained and cleaned, and whether the analytical instruments are in a calibrated state.
During this process, the company’s audit team is available to answer questions. This often consists of the heads of Quality Assurance, Quality Control, and Production. Ultimately, the first result is announced in a closing meeting.
Afterwards, the auditors write their audit report, which also contains recommendations for improvement measures. This is forwarded to those responsible, who eliminate deficiencies to be prepared for a subsequent walkthrough.
These systematic and regular reviews help to ensure a high level of quality that patients can ultimately rely on.