my

Deviations and CAPA from the FDA

Perspective
Gary Bird, Ph.D.
PharmaConsult Global
Outline of the Contents
• Look at general deviation information
• Compare regulatory requirements for
CAPA
• Discuss best practices for CAPA

2
By any other name, it’s still a “Deviation”
• Incident
• Non-conformance, nonconformity
• Discrepancy
• Atypical situation
• Errors
• Out-of-specification
• Out-of-trend
• Failures
• Exceptions
Common “other” definitions (company specific)

Deviation • Departure from an approved instruction or

(ICHQ7) established standard..

Nonconformity
• The nonfulfillment of a specified requirement.
21 CFR 820(q)

• Unexpected event with potential to adversely affect

Incident material or drug product quality, safety, efficacy, purity or
stability. Includes unexpected malfunction(s) or issue(s)
(Company) that may adversely impact reliability of equipment or
processes to perform as expected.
Common Observations -2015
% on 678
Citation Observation(s) Inspections
Procedures
21 CFR 211.22(d) Not in writing or fully followed 23.6%
21 CFR 211.160(b) Scientifically unsound laboratory controls 19.2%
21 CFR 211.67(b) Written procedures not established/followed 7.82%
21 CFR 211.100(b) SOPs not followed / documented 7.67%
21 CFR 211.113(b) Sterile drug products 15.3%
21 CFR 211.100(a) Absence of Written Procedures 14.0%
21 CFR 211.198(a) Procedures: Complaint Handling Procedure 5.90%
21 CFR 211.160(a) Following/documenting laboratory controls 5.90%

Deviations: Investigations of discrepancies,

21 CFR 211.192 18.3%
failures
Common Observations -2015
% on 678
Citation Observation(s) Inspections
21 CFR 211.42(c)(10)(iv) Environmental Monitoring System 12.2%
21 CFR 211.165(a) Testing and release for distribution 11.8%
21 CFR 211.110(a) Monitor and validate performance 10.2%
21 CFR 211.67(a) Cleaning / Sanitizing / Maintenance 10.0%
21 CFR 211.63 Equipment Design, Size and Location 8.26%
21 CFR 211.113(b) Validation lacking for sterile drug products 7.82%
Training--operations, GMPs, written
21 CFR 211.25(a) 7.37%
procedures
Written record of investigation
21 CFR 211.192 6.93%
incomplete
21 CFR 211.194(a) Complete test data included in records 5.75%
21 CFR 211: References to Deviations
Sec. 211.86 Use of approved • Components, drug product containers, and closures approved for use
shall be rotated so that the oldest approved stock is used first.
components, drug product Deviation from this requirement is permitted if such deviation is
containers, and closures. temporary and appropriate.

• (b) Written production and process control procedures shall be

Subpart F--Production and followed in the execution of the various production and process
Process Controls; Sec. 211.100 control functions and shall be documented at the time of
Written procedures; deviations. performance. Any deviation from the written procedures shall be
recorded and justified.

• When appropriate, time limits for the completion of each phase of

Sec. 211.111 Time limitations production shall be established to assure the quality of the drug
product. Deviation from established time limits may be acceptable if
on production. such deviation does not compromise the quality of the drug product.
Such deviation shall be justified and documented.

• Written procedures shall be established, and followed, describing the

Subpart H--Holding and distribution of drug products. They shall include:
Distribution; Sec. 211.150 • (a) A procedure whereby the oldest approved stock of a drug product
Distribution procedures. is distributed first. Deviation from this requirement is permitted if such
deviation is temporary and appropriate.

Subpart I--Laboratory Controls; • (a) Any deviation from the written specifications, standards, sampling
Sec. 211.160 General plans, test procedures, or other laboratory control mechanisms shall
requirements. be recorded and justified.
Deviation Investigations/Resolution Process
Yes No
Does It
Function?
Don’t change it Yes Did you
try to fix
it???
Panic
You Idiot!!!
Does No
anyone Yes
else know Yes
about it?
You’re in Deep E. coli Will you be in
TROUBLE???

No No Can you blame

someone else??? No
Hide it Pretend you don’t
Yes know about it
Then there’s no problem
The impact of deviations can be minimized if…

The
events are
Captured
The potential
impact is The
Evaluated across situation is
product lots and Investigated
product lines

The
The cause
occurrence
is
is
Corrected
Reported

The
activities are
Documented
Use of Contractors
• Manufacturers that use contract services
are ultimately responsible for ensuring
that deviations and failures experienced
by contractors are thoroughly
investigated and resolved before the is
batch released and distributed
The Reference Document – a Quality Agreement
Deviations and • Any Deviations from the Process must be
Out of documented as described in Section X:
Specification Deviations and Out of Specification (OOS)
Results and Approved by the Sponsor.
(OOS) Results

• The Contractor shall conduct and record failure

investigations to ensure root cause identification
and document any Deviation(s) from the Approved
Manufacturing, Packaging or analytical Process
impacting the quality, strength, purity, safety and
Manufacturing compliance of the Product.
Deviations • Unplanned Deviations will be Approved by The
Sponsor prior to Release of impacted Lots.
• The Contractor shall notify The Sponsor of any
Deviations that have an impact on the decision to
Release the Product into the clinic.
Elements of an Investigation: A Reasonable
Deviation Investigation Template
• Product Name • Description of Deviation
• Deviation Number • Relevant Data
• Date of Occurrence • Impact of Deviation
• Initiator • Root Cause (potential, known,
• Executive Summary unknown)
• Notebook / Master Batch Record • Corrective Action (reference to
Reference or SOP Reference other document if necessary)
• Description of Deviation • Preventive Action (reference to
• Description of Immediate other document if necessary)
Corrective Action, if any • Confirm completion
• Probable Root Cause • Completion Date
• Impact Assessment: lot, line, • Does a Method or Procedure
multiple lines, facility, worldwide have to be updated
• Classification • Sign-off (Initiator, Investigator,
– Human Error Management) and dates
– Instrument Failure
– Processing Error
An example of a common deviation issue
• Protocol MFP #4636 relates to the
validation of the lyophilizer used for
freeze drying the final drug product in
vials. The study was terminated after 2
of the 6 lots failed moisture acceptance
criteria. These failures were not
investigated, and the validation report
concludes the lyophilization process is
valid.
CAPA in the EU, US, and ICH
• Expected and required
• Companies must investigate
discrepancies
• The correction process must be a
Different routine process
emphasis but • The preventive program is “continuous
a high level improvement”
of • Information must be assimilated and
consistency acted on
in that: • Processes must be in place to address
issues with Management
• The CAPA process is a lifecycle process,
continuing even when product is
discontinued

14
The Internationalization of CAPA: ICH Q10

System based Structured approach

• CAPA resulting from the investigation • The level of effort, formality, and
of complaints, product rejections, non- documentation of the investigation
conformances, recalls, deviations, should be commensurate with the
audits, regulatory inspections and level of risk, in line with ICH Q9.
findings, trends from process • CAPA methods should result in product
performance and product quality and process improvements and
monitoring. enhanced product and process
understanding.

15
US: CFR 21 Part 211
• Sec. 211.192 Production record review.
– All drug product production and control records, …
shall be reviewed and approved by the quality
control unit …. Any unexplained discrepancy …. shall
be thoroughly investigated, … The investigation
shall extend to other batches of the same drug
product and other drug products that may have
been associated with the specific failure or
discrepancy. A written record of the investigation
shall be made and shall include the conclusions and
follow up.

16
We have a deviation, how do we “fix” it?
CAPA is a well-known CGMP regulatory concept
that focuses on investigating, understanding, and
correcting discrepancies while attempting to
prevent their recurrence.
Remedial corrections of an identified
problem

Quality system models discuss

CAPA as three separate Preventive action to avert recurrence of
concepts, all of which are used a similar potential problem
in this guidance

Root cause analysis with corrective

US FDA Quality Systems
Approach to Pharmaceutical action to help understand the cause of
cGMP Regulations (Sept 2006) the deviation and potentially prevent
recurrence of a similar problem
Corrective action is a reactive tool for system
improvement to ensure that significant problems
do not recur.
Both quality systems and the cGMP (211.192)
regulations emphasize corrective actions
Quality systems approaches call for :
Document
corrective
Effectivenes actions
s of the taken
Selected action taken
action is is evaluated.
Possible taken within
actions are a defined
The root determined,
cause of the timeframe,
SOP(s) to problem is
ensure the investigated,
need for
action is US FDA Quality Systems
evaluated Approach to
relevant to Pharmaceutical cGMP
the possible Regulations (Sept 2006)
results

19
FDA Guidance on CAPA continued

• Key sources of information:

– Nonconformance reports and rejections
– Returns
– Complaints
– Internal and external audits
– Data and risk assessment related to
operations and quality system processes
– Management review decisions
US FDA Quality Systems Approach to Pharmaceutical cGMP Regulations (Sept 2006)

20
Preventive Actions are the proactive component
of an investigation and is an essential tool in
quality systems management
•include succession planning, training, capturing
institutional knowledge, and planning for
personnel, policy, and process changes are
“Soft” actions preventive actions that will help ensure that
potential problems and root causes are identified,
possible consequences assessed, and appropriate
actions considered.

•include modifications to systems, manufacturing

“Hard” actions processes, expectations for personnel, monitoring
strategies, confirmation that systems are
functioning correctly

•new problems can be identified by reviewing data

and analyzing risks associated with operational
“Proactive” and quality system processes, and by keeping
abreast of changes in scientific developments and
regulatory requirements.
21
Comments and Cautions
• Must have a qualified Quality lead
• Is more important than generally acknowledged
• May cause all product to be adulterated if not properly
resolved
• Can not be dependent upon one person or a small group –
needs many perspectives
• Can not be limited to one general direction, must be able to
evaluate multiple scenarios and results
• Must be a living process
• Multiple processes depending upon which group is
conducting the activity.
• Should have the support of the Management team
• Ultimately, Senior Management is responsible and will be
held accountable.

22
Key Steps
1. Create the team
2. Identify the problem
3. Evaluate the issues
4. Investigate
5. Analyze the issues
6. Create action plans to address the findings
7. Implement
8. Verify effectiveness
9. Follow-up

23
Create the CAPA Team
• Should have a standing Data Integrity Team ready to
function
• Never dismisses a potential major or critical issue without
formalized investigation.
• The Data Integrity Team:
– Quality should always be chair
– Teams should always be expert in the specifics
– Avoid conflicts of interest (specific group or individuals should
not be involved in resolution)
– Identify appropriate witnesses and knowledgeable personnel
– Determine impact of potential data integrity or fraudulent
activities and know a priori what your course of action should
be.
• Periodically activate the team to “keep them fresh” by
conducting an in-depth review of a potentially “suspect”
area.
Identify the problem

Confirm the
source of the
information, e.g.,
deviations, Explain all
process changes, Focus on Document
unscheduled more than observations that the
maintenance, just the issue in great problem, as
audits, personnel at hand = detail but identified,
observations,
requests, data global concisely. really exists.
mining, third-
party reviews,
trend analyses

25
Evaluate the issues

Are there any

easily Where the
identified, Is the issue remediation
Confirm Is there necessary more far is simple, this
likely any remedial reaching than may be the
impact(s) on product actions, e.g., a simple end of the
Is this a repair or investigation
the product risk? “quick fix” or solution and the CAPA
a permanent can be closed.
solution.

26
Investigate

Should generally include

a written plan to
address the identified
Must follow the issue(s): Corroborate with
SOP for • Objective
experts
investigations •
•
Team Members
Rationale
• Strategy
• Extent (boundaries) of
evaluation

27
Analyze the issues
Root Cause
Analysis
• Conduct a
root cause
analysis to
determine
Data is primary
Assimilate all Necessary organized
All cause(s) of
results from the data is and the problem.
potential
investigation available formatted
causes are • List all (but
and confirm to drive for human don’t be
each properly evaluation
the confused with
observation identified where
analysis symptoms)
necessary
• List all
possible
interactions
of the
potential root
causes

28
Create action plans to address the findings

Document the action plan

• Comprehensive
• Interactive
• Time lines
Identify the best • Personnel
methods to correct Requirements and
the existing issues, it Responsibilities
• How much will it cost
recurrence, or
• All tasks required to
related activities complete the action
• Identify any related
products or processes
that will also be
impacted

29
Create action plans to address the findings

Identify
• Timing
Training Needs
• Documents • Timing and requirements
• SOPs related to identified changes
• Physical equipment or system • Must be comprehensive and
changes
involve all affected
• Processing changes
personnel.
• Computer system controls or
validation

30
Implement

Plan Personnel Impact

• Action Plan is
• Technical experts own • System
broken into each of the relevant
understandable sections interactions are
pieces • A list of all activities is
confirmed during
created and implementation
• All tasks are
properly identified documented to • No “unintended
support the changes. consequences”
and described

31
Follow-up

Confirm
Verify
• Resolved root cause
• Results
• Any resulting secondary
• Effectiveness of the CAPA situations have been corrected
• All objectives met • Effective controls in place
• Changes completed and verified • No unexpected consequences
• No reoccurrences of the event • Training updated?

32
A Word About Software Based Solutions
• Software programs are not CAPA, just a tool
• All CAPA programs have something to offer
• May be very expensive to install and validate
• Should be adopted across the entire company for
them to be effective, often difficult to do
• Requires an extremely well defined process
• Requires an owner, generally a Quality function
• Requires maintenance
• Will not provide the “answer” regardless of how
hard it is pushed.

33