My name is Lynsay Hunter and I am the newest recruit to the MHRA laboratories inspection team, having previously worked in a variety of laboratory and quality assurance roles. My first MHRA event was the annual laboratories symposium held in Birmingham on the 22 September 2016.
The event was designed to provide a platform to share current issues encountered by inspectors and to allow stakeholders to expand their knowledge and understanding to continually improve compliance in their workplace.
Our interactive events are a key part of our continued commitment to protect public health and support the scientific community. This year’s laboratories symposium was a popular event with a total of 174 delegates attending in addition to the members of the inspectorate present. Attendees included representatives from commercial and non-commercial organisations across the scientific and medical community. The symposium provided an opportunity for the laboratory inspectors to interact and share expectations with stakeholders on current regulatory challenges, as well as hearing participant’s feedback and questions.
Inspectors presented on hot topics such as the GxP Data Integrity Guidance (which closed for comments on the 31 October 2016) and OECD Guidance document No. 17 on the Application of the GLP Principles to Computerised Systems.
During event breaks the ‘Inspectors desk’ was manned by members of the inspection team to provide attendees with advice, to answer queries and to offer technical support. There were also iPads available on every table to allow questions to be submitted on the presentation content as well as a final Q&A session before the closing address.
With so many delegates present it was not possible to answer all questions submitted at the symposium itself, however, we have sorted through some important questions which we didn’t have time to answer and these are addressed below.
Answers to questions submitted to the GLPMA in the lead up to and during the 2016 symposium.
- “GLP and GCLP are used interchangeably by many people, is there a clear definition of when each applies?
Response: Good Clinical Practice (GCP) is the regulatory requirement that must be complied with when analysing human clinical samples as part of a clinical trial. Good Laboratory Practice (GLP) applies to all non-clinical safety studies which are designed to determine the effects of a chemical on human health, animal health and the environment. Both GLP and GCP are statutory requirements, in contrast GCLP is a term for various guidance documents produced by a number of non-government organisations. Adherence to this guidance is not a statutory requirement and is not assessed during regulatory GCP laboratory inspections performed by organisations like the MHRA. It is important that laboratories are aware of the regulatory requirements that apply to the work that they are performing to ensure compliance.
2. “Do you provide GCP certificates for laboratories?”
Response: GCP certificates are not currently issued by the MHRA. Following the completion of a GCP laboratory inspection an inspection closing statement is issued to confirm that the inspection took place. This does not certify or accredit a laboratory.
- “Can you give some pointers on what would be acceptable as a certified copy?”
Response: Scanned copies should be fully readable and complete i.e. not just single un-attributable signature pages. For example if the original copy was colour coded the certified copy would also need to be colour coded. For electronic documents the associated metadata would always need to be considered to ensure it is retained. All copying processes must be validated.
- “Does the requirement to validate a computerised system include an inherent requirement to qualify supporting IT infrastructure and processes which underpin the operation, availability and security of the system? Are these considerations within scope of an inspection/audit?”
Response: Systems which support regulatory testing are within the scope of an inspection and may be assessed, this will include the IT infrastructure which is used to validate and maintain computer systems.
- “What are the expectations when validation activities are outsourced?”
Response: If validation activities are outsourced, the onus is on the facility to demonstrate appropriate oversight of the activities performed. This includes ensuring that the activities performed meet pre-defined criteria. The facility/laboratory would be expected to ensure that the vendor was capable of performing the work that had been contracted to them. This would include an assessment of the vendor’s quality system and oversight of the work by the facility/laboratories quality assurance department. The facility will also need to ensure that all documentation associated with the validation is appropriately archived so that it is available for the purposes of reconstruction if required. If the validation was performed at the vendors own facility there would be a requirement to re-assess key functionality of the validated systems in their final operating environment.
- “Do you expect every change to a computerised system to trigger a full validation?”
Response: This issue must be assessed on a case by case basis. In all cases a risk assessment must be performed to assess the impact the change is likely to have on the integrity of data generated by the system. The level of revalidation that is required following the change should be driven by the conclusions of the risk assessment and justified by the system owner.
- “Is the Data Integrity Guidance going to be retrospectively applied to legacy decommissioned systems?
Response: There is no expectation that previously retired equipment will comply with the guidance. However there has always been an expectation that all archived data should be readily accessible if it is needed to enable reconstruction of activities.
- “For a new system being validated real lab data/reports are not available for QA review. Is a staggered approach then more appropriate to release a full validation?”
Response: It is important to ensure that a system is fully validated prior to generating any regulatory data. There are a number of validation approaches available and the most appropriate should be selected.
- “How will inspection focus change to ensure DI requirements are assessed?”
Response: Safeguarding data integrity has always been a fundamental aim of the GLP and GCP regulations, consequently the focus of inspections will not change substantively. However the route used to verify data integrity may change depending on the technology used by a facility.
- “Do study directors need training to navigate electronic data if they are to approve raw data?”
Response: OECD Schedule 1, part I, 2. (1) and (2) focus on Study director responsibilities. Study directors should be trained appropriately to allow them to carry out their role as the single point of study control.
- “What is the Agencies view of a tiered approach to analytical method validation where for early studies methods are qualified rather than full validation?”
Response: The requirements for method validation must be assessed on a case by case basis. If data from a study is likely to be superseded by more detailed or relevant data produced in later studies validation requirements for the early study may be reduced. However, generally speaking there is an expectation that all methods are fully validated prior to the completion of a regulatory study.
- “If a sponsor provides a laboratory manual with a method to process samples (and confirms this has been validated by them) would a clinical laboratory be expected to validate the process in-house?”
Response: With respect to methods required for the sampling and subsequent processing (e.g. centrifugation, aliquoting) of clinical samples by an investigator site a suitably detailed laboratory manual and work instructions will suffice (assuming the sample processing method has been suitably validated by the sponsor)”. It is expected that the facility conducting the analysis of the samples perform an appropriately detailed method transfer assessment and suitable method validation if analytical methods are provided by the sponsor.
- “OECD 17 states that computerised systems should be periodically reviewed to make sure they remain in a validated state. How should this review be done in practice?”
Response: Both GLP and GCP facilities/laboratories should have documented procedures detailing how computerised systems are validated and how the validation status is maintained throughout the life of the system. How facilities develop and implement such policies will depend on the nature of their operations.
- “What is the MHRA recommendation for archive duration for human tissue samples and slides (stained and unstained) taken in clinical trials for inclusion/ exclusion criteria and/ or primary or secondary endpoints? Are digital images acceptable replacements for the slides, for long term archive?”
Response: There is no requirement to retain human tissue samples or slides in The Medicines for Human Use (Clinical Trials) Regulations. In reality, slides are read and a report generated stating the slide reader’s interpretation of what was seen on the slide(s) and it is this report which would be used to support inclusion/exclusion criteria or primary or secondary endpoints. Consideration should be given to the future worth of the slides/tissue particularly in light of new scoring and grading approaches which may require the slides to be reread. If tissues are retained for possible use after a clinical trial then these are subject to the requirements of the Human Tissue Act.
Digital images of slides (certified copy – see also question 3) would be considered acceptable assuming that suitable validation of the imaging processes existed and appropriate electronic archiving arrangements were in place.
- “Are balances, refrigerators etc. considered within the scope of OECD Guidance document No. 17 Section 1.1?
Response: Any equipment using electronic data capture would be considered to be within the scope. However, as document 17 outlines, the level of complexity of a system will dictate the validation and data integrity requirements.
- “What level of GLP training is expected for global or corporate IT teams or for external and internal IT service providers who may work in accordance with quality management systems other than GLP’? Is Good documentation practice and best IT practices enough?”
Response: The extent of training required is dependent on the types of functions the external and internal IT service providers perform. The level of GLP training provided should be commensurate with their role and take into account the risk associated with the tasks they are asked to perform.
- “If Local Test Facility Management & its parent organization are within the same company, can global SOP’s be considered as meeting the requirement of OECD 17 for assigning responsibilities for validation and maintaining the validated status and GLP compliant operation of computerised systems?”
Response: The use of global SOPs is acceptable as long as their content is applicable, and does not run contrary, to business practices at each facility. There is an expectation that each facility using the global SOPs reviews them to ensure they are fit for purpose.
- “How should a Study Director document their verification of the validation status of computerised systems to be used in a GLP study? Additionally, is the requirement also applicable to Principal Investigators, or is it sufficient that processes / QMS ensure that only validated systems are used in GLP studies?"
Response: When a study director signs a study plan they should ensure that the equipment to be used on their study is validated, written procedures should describe that by signing the study plan the Study Director has made this assessment. The same principle would apply to the Principal Investigator with respect to their phase of the study. With the additional expectation that any deviations relating to the validation status of equipment would be reported to the Study Director
- “OECD Guidance document No. 17 Section 1.3, Line 29 states ‘Quality assurance should be able to verify the valid use of computerised systems’ – Is the review of validation documentation by QA enough or should documents also be approved”?
Response: There is an expectation that quality assurance departments will review validation reports in the same way they would a study report to ensure that what has been reported reflects the raw data/testing. This review will also serve to verify that a computerised system is fit for purpose.
- “OECD Guidance document No. 17, Section 1.5, Line 33 states ‘an up-to-date listing (inventory) of all GLP-relevant computerised systems and their functionality should be maintained. The list should cover all GLP-relevant computerised systems, regardless of their complexity’ which systems should the information cover and how should it be presented?"
Response: Inspectors will routinely request a list of all computerised systems used by the facility prior to or during the inspection. There are no specific requirements linked to how this information is recorded and stored but there is an expectation that it is readily available and complete.
- “OECD Guidance document No. 17 Section 1.7, Line 42 states ‘user requirement specifications should be written for any application that is based on a COTS product.’ - Are user requirement specifications (URS) expected for refrigerators?”
Response: If a computerised system is responsible for data capture/monitoring then it would be expected that an assessment had been made to ensure that the system is fit for intended use. This would include a specification that would consider temperature range, alarms etc. It would be expected that with respect to the refrigerator that when sourced it was fit for purpose and was capable of delivering the required performance (which may require equipment validation such as temperature mapping).
- “OECD Guidance document No. 17 Section 1.7, Line 56 states ‘user requirement specifications are of paramount importance for all validation activities and should be generated for all GLP-relevant computerised systems regardless of the system's complexity’ - If an excel spreadsheet contains simple calculations that are printed out (together with used formula and QC check), are user requirements necessary?”
Response: If a spreadsheet is subject to a formal validation process then user requirement specifications are required. On the other hand, if the spreadsheet is not validated because the data is always subject to 100% QC checks, this requirement would not apply. Consideration should always be given to ensure the source data is suitably controlled to maintain traceability and allow reconstruction especially if there are changes to raw data.
If you have additional queries on the symposia content, or indeed on other regulatory topics which were not covered at the symposia, we encourage you to email them to our mailbox.
Don’t miss the next post, sign up to be notified by email when a new post is published on the Inspectorate blog.
Access our guidance on good practice for information on the inspection process and staying compliant.