FDA警告信—风险评估

beiwei5du

FDA Warning Letters - Risk Assessments


IntroductionAlthough to date I have not found any references within the FDA warning letters directly relating to computerised systems and risk assessments within the pharmaceutical / biotechnology industry it is interesting to review inspection findings where risk assessments have been detailed.

In this post there is a review of two FDA warning letters which reference the use of documented risk assessments.


Observation 1Date: 28 May 10
Link FDA Warning Letter (New Window)

3. Your firm has not established separate or defined areas or such other control systems as necessary to prevent contamination or mix-ups during aseptic processing. [21 CFR. 211.42(c)]. For example,

Observation 2Date: 28 Dec 10
Link FDA Warning Letter (New Window)

1. Your firm has not established appropriate written procedures designed to prevent microbiological contamination of drug products purporting to be sterile, including procedures for validation of all aseptic and sterilization processes [21 C.F.R. § 211.113(b)]. For example:

In your response, your firm states that you have amended your Standard Operating Procedure (SOP) (b)(4) to “bracket” the container sizes by utilizing both the (b)(4) and (b)(4) volumes. Your response, however, is inadequate because you have not provided a risk assessment that examines the effects of differences between product fill sizes (i.e., fill speed, operating methods, container opening size, mass) to determine if bracketing is appropriate.（是指灌装瓶（比如西林瓶）大小的变化？？在未经风险评估情况下从而影响灌装速度，操作方法，灌装瓶开口大小从而导致无菌保证的缺失？？？）

Comment
As stated in the introduction these observations do not relate directly to a computer system. However the approach is worth noting. The FDA encourages sound risk assessment approaches to address hazard identification, exposure consequences, and implement controls designed to prevent and detect cross-contamination .

The second post could fit to the functional aspects of a computerised control system. The identification of critical attributes and validated range would support the risk assessment process.

The point of interest is the level of controls should be based on (documented and justified) risk assessment（控制的级别应该建立在书面和合理的风险评估基础上）, which can be applied to many areas of computer systems validation.

During the design and implementation phase of the project（在设计阶段和实施阶段均需要进行相应的风险评估）， risk assessments should be used to identify the critical attributes and determine the controls required to assure product quality, patient safety and record / data integrity（现在很多验证没有风险评估，那么就没有验证的目的性，验证行为就没有有效性）. In the initial design phases this should identify technical controls and improvements in the design to reduce risk, later to support the level of validation that should be performed and the operational (procedural) controls that must be established.

The risk assessments in the operational phases should be performed to ensure the continual compliance of the system（操作阶段也应进行相应的风险评估以保证持续的系统合规性）. This includes:

• security controls
• controls required to assure the integrity of electronic records
• levels of back up processes and the testing of restoration procedures
• proposed changes to the system
  

Risk assessments should form part of the lifecycle documentation of the computerised system. They should not just be filed away at the end of the implementation part of the project but referenced and updated throughout the operation of the computerised system. （风险评估应该是计算机系统的生命周期文件的一部分，不仅仅只是在项目实施结束阶段作为文档归档，而应该在后续的操作阶段不断被使用涉及和持续的更新）

All GMP decisions made throughout the lifecycle of the computerised system should be based on documented and justified risk assessments. This ensures that at all times product quality, patient safety and data integrity are assessed throughout the lifecycle. Risk Assessments provide a sound rationale to the decisions made throughout the operation of the computerised system and ensure that the appropriate controls established to operate the system in compliance.

Posted by Barry Tedstone      

Labels: FDA Warning Letters, Quality Risk Management

亦心

楼主辛苦了，谢谢楼主