Department | Quality Management | Document no | QMS-080 | ||
Title | GMP Audit Procedure | ||||
Prepared by: | Date: | Supersedes: | |||
Checked by: | Date: | Date Issued: | |||
Approved by: | Date: | Review Date: |
Document Owner
Quality Assurance Manager
Affected Parties
Qualified Auditors, Audit Advisor and Quality Assurance Officer.
Purpose
The purpose of this SOP is to describe the process of planning, performing, reporting and follow-up of an
a. Internal Quality audit
b. Vendor audit
c. Environmental Health and Safety (EHS) audit
d. EHS workplace inspection
e. Housekeeping audit
And the process to be followed by Sydco personnel during an audit from a Regulatory authority.
Scope
The scope of this procedure is to describe the process to be followed by auditors, EHS committee members and Housekeeping auditors who conduct Internal audits, Vendor audits, EHS audits, EHS workplace inspections or Housekeeping audits.
This procedure is to be followed by all personnel during an audit from a Regulatory Authority.
Definition
EHS | Environmental Health and Safety |
DR | Deviation Report (DR) is a documentation system for recording, investigation and analyzing material and processes that do not comply with internal requirements |
Observations | Identified deficiency, graded to Critical, Serious and Standard (as defined under section 1.5). For EHS audits, observations are rated according to the risk assessment matrix between 1 – 6 depending on severity and likelihood (see EHS Workplace inspection checklist). |
Satellite File | A folder or number of folders to keep hard Approved copies of Quality documents, Master Documents and Audit Documents for use of separate teams and administered by a file administrator. |
Related Documents
TEM-080 | Internal Audit Report Template |
TEM-120 | Vendor Audit Report Template |
Form-385 | Vendor Audit Questionnaire |
Form-445 | EHS Workplace Instruction Checklist |
QMS-010 | All Documents – Classification, Definition and Approval Matrix |
EHS-010 | Environmental, Health and Safety – Risk Management |
QMS-015 | Quality Documentation Management and Change Control |
QMS-030 | Preparation, Maintenance and Change Control of Master Documents |
QMS-025 | Quality Documentation – Control, Tracking and Distribution |
QMS-035 | Deviation Report System |
QMS-105 | House Keeping Audit Procedure |
QMS-045 | Vendor Selection and Evaluation |
EHS Statement
Audits must be conducted with due concern for employee safety and environmental protection.
Overview
An audit is a systematic and independent review to verify compliance, suitability and/or data integrity.
Audits may assess: systems, processes, procedures, facilities, products, records and/or data for compliance with policies, standards, procedures, guidelines, regulations or regulatory submissions.
The Documentation Database:
The Documentation Database is used to facilitate creation, control, maintenance and tracking of Quality, External and Master file documents. These are also referred to as “Controlled Documents. The Documentation Database is divided into three (3) of areas of control:
“Quality Documents-In-house and external” – the area of the Documentation Database which stores data for controlling and maintaining Quality Documentation (See SOP QMS-015 and SOP QMS-025).
“Quality Audits” – the area of the Documentation Database, which facilitates control of the Quality Audit program including scheduling and auditor assignment. (Covered by this SOP)
“Master File Documents” – the area of the Documentation Database which stores data for controlling and maintaining Master file which is comprised of both Technical and quality documents needed for manufacturing a product (See SOP QMS-030).
The Quality Documents and Quality Audit section of the database is maintained by QA and EHS and accessible by all employees.
Procedure
1. Internal Quality Audit
1.1. Schedule
Internal auditing schedules are to be prepared annually, commencing from the beginning of the year and maintained on an as needed basis by QA
The schedule date is assigned taking into account area coverage, auditee, DR reports, process availability etc. The audit is to be completed and issued prior to the scheduled date. Any audits performed outside this window should have reasoning fully documented. Changes to the scheduled date for internal audits may be considered on the grounds of process availability, system change, auditee request etc, but must be advised to QA prior to the date of the audit. The audit schedule in the Quality Documentation Database will be amended accordingly. Reason for change is noted in the comments field.
The assigned auditor must not be directly responsible for the area under review.
In addition to the planned audits, additional audits may be arranged in response to an undesirable occurrence, adverse trend, new supplier or a new system. These audits are added to the schedule and assigned an auditor, audit number and date.
The annually prepared schedule is printed and approved by the Quality Assurance Manager and the EHS Manager. Changes to the scheduled or addition of audits may be made at the discretion of the Lead Auditor.
1.2. Audit Numbering
Audits are to use the following numbering system for its name AUD-YY-XX where YY is the year, and XX the sequential reference number for the type of audit. The Audit report number is allocated and documented on the issued schedule.
1.3. Planning
The auditor should agree dates/venues/participants with the auditee. The audit purpose, scope and the standards to be audited against should be established and communicated in advance.
Resources for preparing for the audit may include:
a. Deviation Reports
b. Quality Systems Manual
c. Regulatory requirements: cGMP,
d. Records of previous audit reports
e. Batch Documentation for the area
f. Standard Operating Procedures of the area
g. Equipment Validation Status
h. Environmental data
i. Contract
j. Supplier Information File
k. Technical Files
l. Relevant Regulatory Standards
m. Supplier Risk Assessments
n. Records of previous EHS Workplace Inspections
o. Registered Details
p. Other Relevant Documentation
1.4. Audit Performance
Management Representatives should be invited to the opening and close out (debrief) meetings.
The purpose, scope, audit process and reporting/follow-up procedures should be made clear to all involved. Observations made during the audit should be discussed with personnel, preferably at the time they are observed, so that observations are clearly understood by all involved. At the completion of the audit, the auditor should give a verbal summary, which should aim to balance positive feedback with any observations made.
Should a Critical Observation be observed, it should be reported immediately to the Quality Assurance Manager, EHS manager and Production Manager.
1.5. Audit reporting
An Internal audit is to be prepared, executed, reported and issued prior to the scheduled date. The draft report is to be filed as the audit number in the Draft folder in the Quality Audit section of the Document Database, using the template TEM-080 which is available in the template directory of the database. The report should summaries the scope, the extent of the audit, and the audit findings, including any observations that require written responses and the time scale for response.
Audit Observations should be classified as Critical, Major or Other as outlined below;
1.5.1. Critical Observations:
“Deficiencies with Company Standards, and/or current regulatory expectations that provide immediate and significant risk to product quality, patient safety or data integrity, or a combination/repetition of major deficiencies that indicate a critical failure of systems.”
These are to be considered as an Incident in the Deviation Report System and a DR is raised.
Critical Observation is the first text to be written in the “description” long text of the DR.
Immediate corrective action and reporting to Management is required.
1.5.2. Serious Observations:
“Deficiencies with Company Standards and/or current regulatory expectations that provide a potentially significant risk to product quality, patient safety or data integrity, or could potentially result in significant observations from a regulatory agency, or a combination/repetition of “other” deficiencies that indicate a failure of system(s).”
These are to be considered as a Deviation, in the Deviation Report System, and raised as a DR.
Serious Observation is the first text to be written in the “description” long text of the DR.
A response indicating responsibilities and timescales of corrective actions is required.
1.5.3. Standard Observations:
Observations of a less serious or isolated nature that are not deemed Critical or Major, but require correction, or suggestions given on how to improve systems or procedures that may be compliant, but would benefit from improvement (e.g. Good Practice seen elsewhere).
These are to be considered as a Deviation and raised as a DR.
Standard Observation is the first text to be written in the “description” long text of the DR.
A response indicating responsibilities and timescales of corrective actions is required.
All tasks in the audit Deviation Report are to be reviewed and approved by QA/auditor. Any problems relating to agreement of corrective action are to be reported to the Quality Assurance Manager, EHS Manager or Production Manager for resolution.
A copy of the draft report is to be forwarded to QA for review. After the debrief meeting, and agreement is reached between the auditor and auditee, a signed copy is to be forwarded to QA.
The report is to be issued as per SOP QMS-015 in the Quality Audit area in the Documentation Database as a confidential document to management of the audited area and Manufacturing Management Team.
(The content of internal audit reports are confidential and will not be shared with any external regulatory agency, unless approved by Quality Assurance Manager, however audit schedules/logs may be reviewed).
1.5.4. Audit Outcome Review
All Observations are to be raised as Deviation Report. Auditors are to record all audit DRs in a Tracking Spreadsheet, so tracking and trending of topics of DR can take place. The spreadsheet will be reviewed by QA department on a quarterly basis. Any significant observations or trends should be referred to QA Management and together with corrective actions will be considered, implemented and follow up.
1.5.5. Archiving of Documentation
Master copies of audit reports and related documentation are to be filed in a satellite file location for QA and retained as listed in the document Retention time section of SOP QMS-010. Soft copies of the report are to be stored in the document database by report number.
2. Vendor Audit
2.1. Schedule
An audit schedule is to be established commencing in the beginning of the year with a 12-36 month period. All audits are to be entered in the Documentation Database with the schedule date reflective of the schedule.
2.2. Preparation
The Vendor Questionnaire (Form-385) may be sent out to the vendor. This will become part of the preparation for the audit.
2.3. Performing the audit
The audit is to be lead by a qualified QA auditor with assistance from Technical, Manufacturing, Engineering, EHS or a relevant staff member, reflecting the audit needs. A maximum of two people should facilitate the audit.
2.4. Reporting
Vendor Audit reports, written using template TEM-120 should be issued within 30 calendar days after the audit, indicating the audit team’s observations and recommended status of the Vendor. The Vendor should be requested to provide a formal response to the audit report within 30 working days of its receipt.
Deviations/deficiencies should be classified as Critical, Serious or standard as reflected by the definition and observation described in section 1.5.
2.5. Archiving
Master copies of reports, questionnaire etc. should be retained as listed in the document Retention time section of SOP QMS-010.
3. Environmental, Health and Safety (EHS) Audit
3.1. Schedule
An audit schedule is to be established commencing in the beginning of the year with a 12 month period. All audits are to be entered in the Documentation Database with the schedule date reflective of the schedule.
The areas are chosen from vital parts of the EHS management system and also suppliers such as waste suppliers and third party contractors. The EHS manager decides the schedule together with the EHS team.
3.2. Planning
If the audit is targeting a supplier, the lead auditor will send a fax with prepared questions to the supplier a month before the audit. The fax will contain documentation references to the suppliers EHS Management system.
If the audits are to be made of certain processes on site, the lead auditor will book the audit and prepare by reading SOP’s and legislation in the area of the audit. To its help there are a number of internal audit checklists referred in the SOP.
3.3. Performing the audit
The audit is to be lead by a qualified EHS auditor with assistance from Technical, Manufacturing, Engineering, QA or a relevant staff member, reflecting the audit needs. A maximum of two people should facilitate the audit.
Deviations/deficiencies should be classified as audit observations defined in section 1.5.
3.4. Reporting
EHS Audit reports should be issued within 20 calendar days together with the observations and recommendations.
If the audit targets internal EHS management system processes the deficiencies will be added into a DR.
3.5. Archiving
Master copies of reports, questionnaire etc. should be retained as listed in the document Retention time section of SOP QMS-010.
4. Environmental, Health and Safety (EHS) workplace Inspection
4.1. Schedule
Internal auditing schedules are to be prepared annually, commencing in the beginning of the year and maintained on an as needed basis by the EHS Department. The annually prepared schedule is printed and approved by the EHS Manager and the EHS Committee. Any changes to the scheduled or addition of audits is made at the discretion of the EHS manager.
The audit is to be completed and issued prior to the scheduled date. Any audits performed outside this period should have reasoning fully documented.
4.2. Planning
The lead auditor should agree dates/venues/participants with the auditee and the second auditor.
The audit purpose, scope and the standards to be audited against should be established and communicated in advance.
Resources for preparing for the audit may include:
a. Deviation Report System.
b. Records of previous EHS Workplace inspections reports.
c. Standard Operating Procedures of the area.
d. Relevant Regulatory Standards.
e. Supplier Risk Assessments.
4.3. Workplace inspection performance
Management Representatives should be invited to the workplace inspection.
The auditors should use the EHS Workplace inspection checklist (Form-445) together with other documentation as above.
The purpose, scope, inspection process and reporting/follow-up procedures should be made clear to all involved. Observations made during the inspection should be discussed with personnel, preferably at the time they are observed, so that observations are clearly understood by all involved. If the observation can be fixed straight away do so, but the observation must still be documented in the report.
Audit Observations should be classified from 1-6 listed in the form, depending on the severity and the likelihood, see matrix on EHS Workplace inspection checklist (Form-445).
At the end of the audit, the auditor should give a verbal summary. This should aim to balance positive feedback with any observations made. A date for corrective action is decided on the spot.
4.4. Audit reporting
The workplace inspection report should be written within 20 days of the inspection.
The draft report is to be filed as the audit number in the Draft folder in the Quality Audit section of the Document Database, using the template TEM-080 which is available in the template directory of the database. The report should summaries the scope, the extent of the audit, and the audit findings, including any observations that require written responses and the time scale for response.
A DR is raised and the lead audit puts in the observations, the DR is saved and the number written in to the audit. Add the corrective actions date in the DR.
When the report is finished the draft report will be moved to its correct folder “Audits”. The report will be printed out and sent to the lead auditor. The lead auditor signs and sends the report to the EHS Committee to sign. The report is send back to the EHS Advisor who distributes the report and files the signed copy.
The EHS Workplace inspection checklist is used as a guide and do not need to be included in the report.
4.5. Archiving
Master copies of reports should be retained as listed in the document Retention time section of SOP QMS-010.
5. Housekeeping Audits
Housekeeping audits are performed on a weekly basis by either a designated Housekeeping auditor, or Quality Assurance Officer and Process Manager.
(Refer to SOP QMS-105 for specific housekeeping auditing procedures).
The auditors should use the Housekeeping checklist for area audited. Non-conformances made during the inspection should be discussed with personnel at the time they are observed, so that observations are clearly understood by all involved. Non-conformances should be resolved as soon as possible, and are to be documented in the housekeeping checklist. Non-conformances are also captured using the Deviation Report system and are to be raised by the designated Housekeeping Auditor or Process Manager. DR number must be recorded on the Housekeeping Checklist.
6. Regulatory inspection
6.1. Schedule
Regulatory Agency inspections may be announced or unannounced. The Quality Assurance Manager is the primary contact for Regulatory Agency Inspections. Should the Quality Assurance Manager not be available on site, this responsibility will be defined in the letter of delegation issued prior to planned absences.
6.2. Planning
For Regulatory inspections, either announced or unannounced, the following should be identified and made available in a timely manner to facilitate the auditing process.
An inspection team with specific roles such as runners, scribes and subject experts to be able to quickly respond to the needs of the auditor.
An appropriate individual to assist the auditor in conducting the audit and be available at all times to the auditor to facilitate the timely gathering of information.
A conference room or office available to the auditor for the purpose of reviewing notes, inspection of company documents and /or use of telephone to contact his/her office.
The auditor should be made aware that the taking of photographs, use of tape recorders or other electronic equipment, the listening to, reading and signing of affidavits, the review of internal audit reports and the allowing of access to computer databases is NOT ALLOWED and requires consultation with the Quality Assurance Manager.
6.3. Audit Performance
Once the Regulatory Inspection has commenced, the following process should be followed:
Senior management should be present at the opening and closing meeting of a regulatory inspection. It is suggested that the senior management give a brief introductory presentation to the Regulatory Authorities (with their agreement) covering the department, function or site being audited.
Auditors should be accompanied at all times to meet the organization’s EHS requirements and to facilitate the provision of documents, information and movement through the facility.
Auditor’s questions must be answered truthfully and honestly, in the most direct manner to ensure prompt provision of information and adherence to the audit schedule timeliness.
Auditors must go through proper Induction Training Programs for areas audited should they request entrance into restricted areas of facility.
Inspection team members should keep accurate detailed notes on issues, products, operations, documents reviewed and samples taken during the audit, to facilitate timely clarification and resolution of issues arising during the audit.
Documents or copies of documents provided to the auditor should be stamped as “CONFIDENTIAL” to ensure company confidentiality and a duplicate copy of these documents must be included as part of the inspection file at QA Office to facilitate the timely resolution of any future queries from the Regulatory Agency relating to the audit, should they arise.
Daily summary sessions (daily wrap-up meetings) with the auditors at the end of each day’s activities should be requested for the purpose of clarifying any issues that may have been unclear during the audit, informing the auditor of any immediate corrective actions completed and taking the opportunity to discuss the next day’s auditing program.
A short summary of significant issues or concerns raised each day of the audit should be communicated to site management.
6.4. Final Wrap-Up and Reporting
During the final wrap-up session with the Regulatory Agency auditors, all written observations and any verbal comments made should be agreed to, any clarification relating to observations or comments should be sought and any misunderstandings arising during the audit should be resolved whenever possible before closure of meeting.
Written responses to written observations will be prepared and submitted for each observation within an agreed timeframe and whenever possible within 30 days of issue of the report.
Written responses to Regulatory Authorities must be agreed to by appropriate senior management and should list each observation separately along with the agreed response. Where appropriate, evidence should be provided that the appropriate corrective action has been taken such as a copy of a revised SOP.
6.5. Archiving
Copies of Regulatory Agency observations and site written responses should be retained as listed in the document retention period in section 7 of SOP QMS-010.
Summary of Changes
Version # | Revision History |
QMS-080 | New |