Vendor audit

GLP regulations require QA personnel to inspect/audit each study conducted, but the extent to which QA personnel are involved in software development and the val-idation/verification process varies from company to company. In some companies, there is little or no QA involvement in these processes, whereas in others QA personnel are involved. QA personnel can provide assistance in the area of vendor audits for purchased software or can conduct inspections of in-house software development to ensure that internal procedures are being followed. QA personnel, who conduct in-process inspections and review the resulting data and validation report for accuracy, could provide inspection support during the validation and verification process. During system development and validation, properly trained QA personnel can provide the regulatory advice needed to ensure that the system will meet government standards. QA personnel become more familiar with the system(s) that will be used when they are involved early in the validation process. 

After successful vendor auditing, it can be determined whether purchased ingredients and materials can be accepted on the basis of suppliers certificates, with minimized inspections of incoming goods to a certain level. Vendor certification leads to reduction of costs and release times. 

Vendor s reliability. The vendor that supplies the instrument should have a track record of providing high-quality instruments and after-sale support. A vendor audit should be conducted for a new instrument supplier to evaluate the company s ability to build high-quality products. Purchasing an instrument from a financially unstable vendor is risky. 

The most important factors for the entire process of equipment qualification and computer system validation in analytical laboratories are proper planning, execution of qualification according to the plan, and documentation of the results. The process should start with the definition of the analytical technique and the development of user requirement and functional specifications. For computer systems, a formal vendor assessment should be made. This can be done through checklists and vendor documentation with internal and/or external references. For very complex systems, it should go through a vendor audit. 

In business terms, auditing of software developers will allow you to assess the vendor s technical competence, vendor reaction to your company s user requirements specification (URS), vendor QA system adequacy, supplier experience with GXP systems, and quality level of vendor-prepared validation and qualification protocols. In short, vendor auditing is a regulatory expectation and auditing provides a means of assessing the supplier s ability to deliver a validatable system that will achieve the requirements of your company s URS. 

Vendor documentation Vendor audit reports Engineering peer reviews Module testing Protocols Protocol reports... 

As with pharmaceuticals themselves, remember that you can t test quality into the finished software product it must be produced utilizing quality processes throughout. Require evidence of quality assurance and development processes within your firm and during vendor audits. 

Anderson, B. (1996), Vendor Audits, Computer System Validation A Practical Approach, Management Forum Seminar, London, March 26 and 27. 

ISO 9001 has a guideline ISO 9000-3 for developing and programming a computer system. This is useful when programming or when performing a vendor audit (see Vendor Audit ). 

Requirements for the pharmaceutical industry, at least in the United States and the European Union, is that the system shall be developed in a quality environment. The FDA does not accept any certification, including ISO 9001, as a replacement for your own audit. The reason is that the development of the system shall be according to your requirements, not according to someone else s. The conclusion is that the organization needs to perform its own vendor audit. The explanation on how to perform a vendor audit can be found in the literature. The result from the audit shall be a factor in the selection of the system. 

The person performing an IT vendor audit needs to know the standards used, understand how an IT developer organization works, and what to expect of them. Being a GMP auditor does not make a person competent to perform IT vendor audits. It might be wise to obtain help from an external consultant if your company does not have the skills internally. 

Various types of validation generally required in biopharmaceutical manufacturing include process validation, facility and equipment validation, analytical method validation, software validation, cleaning validation and expression system characterization. Combined with other elements of cGMP, including lot release testing, raw material testing, vendor quality certifications, and vendor audits, the quality of product can be consistently assured. 

Alternatively, if the decision is made to buy only commercially available software, or only commercially developed add-ons or automation scripts, then the pharmacometrician needs to participate in the key processes used to evaluate the vendor. The occurrence of key quality failures in widely used software has been previously documented (14). Therefore, the pharmacometrician should be intimately involved in the vendor audit process. If the vendor is not performing the quality assurance procedures just outlined for internal development, the cost (both in quality and accuracy of future work) will be in jeopardy. As discussed later in the section on validation documentation, the ability to state what the vendor s quality processes are will mitigate the need to perform functional software testing at the same level that has already been executed by the vendor s quality assurance group. 

While the previously described tasks can be considered as rather straightforward, the issue of the suitability determination of apparatus, equipment and computerised systems may involve complex investigations, inquiries at the manufacturer or vendor, extensive acceptance testing and validations and/or vendor audits in order to render these systems GLP compliant. Most certainly the amount of work involved in these aspects will necessitate the prioritisation of the various systems in use at the test facility. In the assumed case of a test facility having been in operation for some time already, albeit not under GLP, these apparatus and systems may be credited to a certain extent with the assumption of suitability for their purposes. In a first round, therefore, only the relevant documentation already available on their performance need be collected, while a formal retrospective evaluation and acceptance testing may be deferred to a later time point. The policy document of test facility management dealing with the time plan for the introduction of GLP should include therefore also a timetable for such further activities to be performed after the successful implementation of GLP. 

Pre-shipment inspection can be performed along with vendor audits to address issues such as software development and quality assurance plans, operational reports, and specific vendor/purchaser inspection reports. 

APPROVED SUPPLIER A supplier of starting materials of known origin who is recognised as reliable, based on a history of deliveries which all met specifications and were well packaged and intact on receipt and, where possible, based also on a vendor audit (see also Certified Supplier). 

For phase II, no specific process validation activity is required unless process improvement changes potentially affect prior phase I validation work [14], Assay validation efforts should continue, however, so assays are ready for phase III validation and process development should be finalized before phase III [14], Most process and assay validation activities begin in phase II and often extend far into phase III [4], occurring in parallel with phase II and phase III clinical material production [3], Intensive process characterization often is delayed until after completion of phase II studies to conserve resources [65], About 12-15 months are allowed for its completion before the process validation runs [65], To minimize risk, if all phase II clinical data are not available, these activities can be ramped up slowly over the first few months. Raw material vendor audits should be performed between phases II and III before the manufacturing process is fixed [47]. 

Longevity Mechanical and Possibility to do vendor audits (initially and... 

For major updates or new releases of validated systems, the change control process might include a (more or less extended) vendor review, which may need to be followed hy an on-site vendor audit. In any vendor review or audit process, there should he QA involvement. 

Vendor audit In Figure 7, a line is drawn under the URS and the qualification stages of the V model. The reason is that for a commercial system, all the stages under the line are the responsibility of the vendor and one should see if the system offered is suitable in one s laboratory. In regulated laboratories such as in the pharmaceutical industry, there will be a requirement to see if the application software were developed in a quality manner. Hence, the need for a vendor audit. 

Information only — limited Regulatory-filled release — SQ and vendor audit supplement Development — SQ ... 

Control of the raw material constituents is critical to the reproducibility and ultimate performance of thick-film products. Traceability of each of the components and the intermediates is imperative for the quality control function in order to comply with the high standards of lSO-9000 and continuous improvement programs. Routing equipment calibration programs, vendor audits, and utilization of statistical process control techniques are also necessary to... 

---