If you were just notified of an FDA inspection and you don’t think you are ready, using tricks to hide your problems is a huge mistake. I have heard a few recommendations over the years for “secrets” to hide those problems. In this post, I share my favorite “secrets”–and why they DON’T work.
Here are my top 10 ways to make an FDA inspection worse:
10. Stalling when the inspector makes a request – This just irritates inspectors. At best the inspector will use the waiting time to identify additional documents to sample or to review the information you have provided more closely. At worst the inspector will accuse the company of not cooperating with the inspection and the inspector may return the following week with several more team members to help them. Whenever this occurred during a 3rd party audit that I conducted, I would move on to another area and interview someone. However, before I left the person that was slow to respond, I provided the person with a list of documents and records that I expected to be waiting for me upon my return. In extreme cases, I had to bluntly tell the management representative that I needed documentation more quickly. As an instructor, I teach auditors techniques for coping with this tactic.
9. Suggesting records for the inspector to sample – This is specifically forbidden in the case of 3rd party inspections and audits. The FDA has work instructions for identifying sample sizes and samples are supposed be selected randomly. In reality, samples are rarely random and usually the inspector is following a trail for a specific lot, part number, etc. When clients offered me samples, I tried to be polite and review the record they provided. However, I also would request several other records–or follow a trail as I have indicated above. Another approach I often use is to focus on high-risk items (i.e. – a risk-based approach to sampling). In general, you can expect the FDA inspectors to sample more items than a registrar–and sample sizes are often statistically derived if the number of records is sufficiently large. When sample sizes are quite small, I recommend sampling 100% of the records since the previous inspection/audit. This is not always possible for 3rd party auditors, but internal auditors often can achieve this.
8. Outsourcing processes to subcontractors – The FDA recently re-instated the requirement for contract manufacturers and contract sterilizers to be registered with the FDA by October 1, 2012. Therefore, hiding manufacturing problems from the FDA by outsourcing manufacturing is increasingly more difficult to do. In addition, the FDA focuses heavily on supplier controls and validation of outsourced processes. Therefore, an inspector will identify high-risk processes performed by subcontractors and request documentation of process validation by that supplier. If the company does not have the validation reports–this could quickly escalate to a 483–and possibly a visit to the subcontractor.
7. Trying to correct problems during the inspection – This is what I like to call the document creation department. At one company I worked for, we noticed a mistake across several of the procedures and made a change overnight between the 1st and 2nd day of the audit. When the auditor asked for the procedures in the morning, he asked “Is the ink dry yet?” The auditor then proceeded to request records that demonstrated compliance with the newly minted procedures. As you might have guessed, this resulted in several nonconformities. When clients attempt to correct problems found by an inspector, the inspector typically will respond with the following statement, “I applaud you for taking immediate action to contain and correct the problem. However, you still need to perform an investigation of root cause and develop a corrective action plan to prevent recurrence. To do this investigation properly may take several days.” I also teach auditors to memorize this phrase.
6. Writing a letter to file – When companies make minor design changes, one of the most common approaches is to “write a letter to file.” This phrase indicates that the design team is adding a memo to the Design History File (DHF) that justifies why design validation is not required or why regulatory notification/approval is not required. The FDA used to publish a decision tree to help companies make these decisions. In fact, such a decision tree is still part of the Canadian significant change document. The FDA recently withdrew a draft document that eliminated many perceived opportunities to utilize the “letter to file” approach. However, the FDA will still issue a 483 to a company if the inspector can identify a change that required validation that was not done or a 510(k) that was not submitted for a design change. In fact, the FDA specifically looks for these types of issues when an inspector is doing a “for cause” inspection after a recall or patient death.
5. Shut it down – Not running a production line that has problems is a favorite strategy for hiding problems. However, the FDA and auditors will simply be forced to spend more time sampling and reviewing records of the problematic production line. If you need to shut a line down, make sure everything is identified as nonconforming and segregate rejected product from good product carefully. You should also use these problem lines as an opportunity to show off your investigation skills and your ability to initiate CAPAs. If you simply forgot to validate some equipment or do some maintenance, take your lumps and keep production running. If you are a contract manufacturer, never shut it down without notifying the customer. If you do not tell your customer, you will get a complaint related to on-time delivery and a 483.
4. Storing all records off-site – I first heard about this tactic during an auditor course I was co-teaching. During the course we had many reasons why the company should be able to provide the records in a timely manner. However, I have experienced this first-hand as a 3rd party auditor. When this happens, I do three things: 1) I increase my sampling of records that are available, 2) I carefully review the supplier controls and supplier evaluation of the storage facility (assuming it is outsourced), and 3) I verify that the company has a systematic means for tracking the location (i.e. – pallet and box) for every record sent to storage. FDA inspectors will simply move along to another record and follow-up on their earlier request with a second visit or a request to send a copy of the document to them after the inspection.
3. Identifying information as confidential – A company can claim information is confidential and may not be shared with the public, but very little information is “Confidential” with regard to the FDA or Notified Bodies. Therefore, this strategy almost never works. In fact, this will enrage most FDA inspectors. In training courses, I train auditors to ask the auditee to redact confidential information. For example, a CAPA log may have confidential information in the descriptions but the trend data on opening and closing dates is never confidential.
2. The FDA is not allowed to look at those records – Although this statement is technically true for internal audit reports and management reviews, the FDA always says that they can get at this information through the CAPA system. What the FDA means is that there should always be evidence of CAPAs from internal audits and management reviews. If there is not, then this will quickly become a 483. Another person I met tells the story that when they agreed to share the management review records with the inspector, the inspector rarely issued a 483. When they refused to share the management review with the FDA, the inspection went quite badly from that point forth. I don’t agree with being vindictive, but it happens.
1. Show me where that is required – This is just silly. Inspectors and auditors are trained on the regulations, while you are trained on your procedures. Spend your time and effort figuring out how your procedures meet the regulations in some way. Challenging the inspector excites the inspector. We all like a challenge–and we rarely lose. One auditee tried this approach with me in front of their CEO. This experience gave me the opportunity to show off that I had memorized the clause in question–and the corresponding guidance document sections. I think the CEO realized quickly that the Management Representative was not terribly qualified.
My final advice is to do your best to help the inspector do their job, and treat every 483 as “just an opportunity to improve.” Just make sure you submit a response in 14 days or you will receive a warning letter too!
13485cert
QC is Dead 