The word audit is derived from the Latin verb “audire”, which translated means “to hear” or “to listen.” In general, this type of operational walkthrough exists in a wide variety of areas. In the pharmaceutical industry, audits are a central component of GMP-compliant quality assurance (e.g., as required in the EU GMP Guide, Part I, Chapter 9 “Self-inspection”). This is a good thing, because these systematic examinations check whether the legal requirements and GMP guidelines (Good Manufacturing Practice) are being complied with. These quality standards do not exist without reason, because ultimately they serve to protect the patient.
What types of audits are there?
- internal
- Quality audit
- Safety audit
- external
-
- Authority audit
- Customer audit
What is an internal audit?
Internal quality audits serve to regularly verify compliance with all applicable standards and processes and to identify deviations at an early stage. Such internal reviews, for example by Quality Assurance, reveal potential weaknessesthat can thus be remedied early.
Another type is safety audits. Depending on the risk assessment and the size of the company, in workplaces with regularly more than 20 employees a safety officer must be appointed (§ 20 DGUV Regulation 1 / DGUV Vorschrift 1). Safety officers support entrepreneurs and managers in implementing occupational safety and, within the scope of their tasks, can accompany walkthroughs or safety audits; however, the legal responsibility for compliance with occupational safety regulations remains with the employer.
What are external audits for?
In contrast, there are external operational inspections, which include authority audits. In the USA, for example, the FDA carries out GMP inspections; in the EU they are carried out by the national medicinal product authorities and coordinated by the EMA. The WHO also inspects production sites within the framework of its prequalification programs to ensure compliance with WHO GMP.
The walkthroughs often last several days and large parts of the company are inspected (production facilities, laboratories, etc.). If the auditors notice quality deficiencies, these must be remedied by the company promptly. If these are serious, the authorities can even block the company from distributing its products until the processes have been improved.
Why is there the PIC/S model scheme?
PIC/S (Pharmaceutical Inspection Co-operation Scheme) is an international cooperation for the harmonization of GMP inspections and for the training of inspectors. This is used in some of these authority audits. In this context, the medicinal product authorities of various countries, including many European states and the USA, have joined together to create uniform standards and procedures for pharmaceutical audits. They establish these jointly and also train inspectors together.
What is the difference to customer audits?
Customer audits also count among the external audits. They typically take place at contract manufacturers, suppliers, or service providers. In this process, the auditors usually inspect all areas that are tasked with processing their product. As a rule, the customer has contractually regulated rights of access to relevant documents that were created in connection with their products. If quality deficiencies are identified, they must be eliminated.
Further forms of operational inspections
In addition, there is, for example, the data protection review, which checks whether, among other things, the GDPR is complied with. Likewise, the trade supervisory authority (Gewerbeaufsicht) or the employers’ liability insurance association (Berufsgenossenschaft) can announce their visit.
If a company wants to be certified according to an ISO standard, an operational walkthrough (audit) is carried out by a certification body accredited according to ISO/IEC 17021-1 (e.g., TÜV, DEKRA). These independent bodies also carry out inspections in which specific processes or facilities are examined in a targeted manner for conformity.
Moreover, there are also inspections in which a checklist is usually worked through to check whether certain safety devices in the company function properly.
The audit process in detail
As a rule, external audits are announced; however, authority inspections can also take place unannounced. As soon as the date is set, it is determined which products and departments are affected. If the exact batches of a product are also known, the complete documentation is prepared and checked in advance. In addition, SOPs (Standard Operating Procedures) as well as process descriptions and test instructions are added, all of which are brought up to date.
Before particularly important authority audits, internal operational walkthroughs by Quality Assurance take place in order to identify and eliminate any deficiencies.
The actual audit itself starts with an introductory meeting in which the auditors explain what the purpose of their visit is. This is followed by a walkthrough of the production and packaging facilities, the storage areas, and the laboratories.
After that, the auditors review documents. This includes SOPs as well as the product documentation, training documents, and maintenance reports for the facilities. In this context, it is checked, for example, whether the production facilities are regularly maintained and cleaned and whether the analytical instruments were in a calibrated state.
During this process, the company’s audit team is available to answer questions. This often consists of the heads of Quality Assurance, Quality Control, and Production. At the end, a first result is announced in a closing meeting.
Afterwards, the auditors write their audit report, which also contains recommendations for improvement measures. This is forwarded to those responsible, who eliminate deficiencies in order to be prepared for a subsequent walkthrough.
These systematic and regular reviews help to ensure a high level of quality that patients can ultimately rely on.