The current version of the EU GMP Annex 1 provides the pharmaceutical industry with a comprehensive guide on requirements, expectations, and best practices with respect to the manufacture of sterile products [1]. The Annex 1 revision, which became effective in 2023, describes within its early paragraphs how Quality Risk Management (QRM) is applied throughout the guidance document. It directly calls on manufacturers to adopt a proactive approach to the identification, evaluation and management of potential quality risks by implementing a Contamination Control Strategy (CCS). Whilst this industry requirement is not new, it is now formalized and has presented some hurdles for manufacturers in CCS development and implementation.
Why is a Facility CCS Important?
The purpose of developing a CCS within the facility is to identify where contamination risks exist in the process(es) and understand the current respective controls and detection measures in place. (for instance microbial, viral, particulate, cross product or chemical contamination) along with the appropriateness of the control measures to prevent, remove, or reduce these to acceptable levels. The facility CCS should show how the identified risks are mitigated to ensure the quality and safety of the product.
Completing the CCS Activity
As found during interactions with manufacturers and at industry events, the latest version of Annex 1 continues to present challenges to manufacturers in addressing the CCS requirement and understanding what the expectations will be from regulators. Development of the CCS has taken several avenues: some companies have implemented a structured repository, some have gone down a less centralized route via individual systems and processes, and some have had difficulties in developing a suitable approach. We have encountered several frequent questions from manufacturers and have developed advice to address these.
- What should the CCS look like?
There is no standard required format for a facility CCS. However, it should be based on a Contamination Control Risk Assessment (CCRA) that uses a holistic QRM-based approach to identify, assess, and control potential contamination risks across the manufacturing process. Annex 1 section 2.4 states “Contamination control and steps taken to minimize the risk of contamination from microbial, endotoxin/pyrogen and particle sources includes a series of interrelated events and measures. These are typically assessed, controlled, and monitored individually but their collective effectiveness should be considered together.” Based on this requirement, it is best to document the CCS within a single repository. This will serve as complete, accessible, documented evidence during an inspection process. All the required information about the end-to-end process steps involved, identified associated risks, the controls in place and mitigation actions (where deemed necessary) will be immediately available.
- How do we approach it?
It is critical to the success of the CCRA and CCS that the team involved in its development are knowledgeable in the processes and associated risks under evaluation. The task in hand and the objective need to be understood. This is not a tick box exercise. Otherwise, the importance of assessing, controlling and mitigating quality risk to the manufacturing process will fall between the cracks.
Decide how the CCRA is to be documented and have well-defined risk questions, scope and assumptions and refer to these often throughout the process to maintain the correct focus.
Break the process down into manageable pieces. Determine the unit operations via a process flow and then work out the contamination risks associated with each process step.
- Who should be involved?
It is important that the CCRA and CCS be completed with input from a cross-functional team and subject matter experts. People in the plant with unique process knowledge are invaluable. Having the right people involved from the outset, and allowing every member to have a voice will improve the chances of a meaningful and effective CCRA and CCS. Encourage honesty, as the risk assessment needs to be objective and true.
- What methodology should be used?
A CCRA is a complex project so it is advisable to adopt a quantitative approach. For example, the use of Failure Mode Effect Analysis (FMEA) methodology has been successfully applied. It is recommended to use a pre-defined scoring scheme for adequate separation between risk levels in order to provide meaningful prioritization of risks, for example by using Risk Priority Number (RPN). [7] is a numerical value that helps quantify the residual risk remaining after evaluation of severity, probability, and detectability of these potential risks.
- What is in scope?
The CCRA/CCS scope should look at the end-to-end manufacturing process and consider the type of contamination risks (viral, microbial, particle, chemical, cross product) and the inclusion of all required unit operations and process steps where process contamination ingress risk exists. The CCRA should also be completed based on routine operation of the process, and assumptions need to be made and documented to keep the risk assessment process within the agreed scope and risk question. For example, assumptions may include facility, equipment, and process operate as intended, or procedures will be followed as intended by all personnel, etc.
- What is out of scope?
Areas that are out of scope also need to be clearly defined within the CCS (for example Environmental Health and Safety (EHS), shipping to the customer, etc.). These do not fall within the remit of the CCRA process.
- What pitfalls should we be aware of?
Some examples of common pitfalls that have been observed include:
-
- Misunderstanding the purpose or process for risk management and risk assessment
- Inadequate or incomplete process flows
- Inadequate scope setting
- Multiple scopes are assessed in the same risk assessment, or the scope is too broad.
- Risk assessing worst case scenarios – this can derail a risk assessment e.g. trying to risk assess failure to follow standard operating procedures throughout a process.
- Bias – a risk assessment needs to be objective and true.
- Are there any tools we can use to help simplify the process?
Consider the use of an electronic tool that can assist with the CCRA and CCS process. The points above describing the use of the FMEA-based approach with an appropriate risk measurement mechanism such as RPN, are based on observation by the author of successful outcomes of this approach and positive reception by regulators. Therefore, it is advised to source a tool which is based on this methodology. Look for a format which will allow your team to easily map out the process under its unit operations and process steps to allow for clear determination of the associated risks.
The selection of the right electronic tool can help to provide structure to your CCRA, real-time accessibility and easy navigation of the information. The ease of re-visiting and updating the CCRA and CCS should also be considered in the selection of an electronic tool, as these are living documents and should be updated appropriately as is required by Annex 1 section 2.6. If you choose to work with an electronic tool, ensure that it is compliant with FDA 21 CFR Part 11 [5] and EU GMP Annex 11 requirements [6].
- Is the Requirement for a CCS only Applicable to Manufacturers of EU Marketed Product?
A proactive approach to quality risk management is considered best industry practice and the concept of a CCS for identifying and preventing contamination risk has been in place for many years. This expectation is not a new regulatory requirement; Annex 1 has simply taken steps to formalize it.
Whilst companies manufacturing EU marketed products must have a CCS in place to comply with Annex 1 requirements, this does not preclude manufacturers of non-EU products. There is evidence that the US Food and Drug Administration (FDA) considers contamination control risk assessments essential, as is evidenced in recent warning letters. The FDA has stated the response to a warning letter should include “A comprehensive risk assessment of all contamination hazards with respect to your aseptic processes, equipment, and facilities, including an independent assessment.” [2,3]
It should also be noted that the Annex 1 is adopted by the Pharmaceutical Inspection Co-operation Scheme (PIC/S) [4] of which the FDA is a member. The FDA also has mutual recognition agreements with the EU, UK, and Switzerland. PIC/S members also include a large number of worldwide pharmaceutical and health product regulatory agencies; therefore, the expectations detailed in EU GMP Annex 1 should not be limited to products intended for the EU market.
Conclusion
The implementation of an appropriate, comprehensive, well-structured, and centralized CCS is by no means a straightforward activity. Completion of this task since the revision Annex 1 continues to raise some questions for many companies. However, with correct understanding of the objective, the right approach, and with the proper support, the development of a robust CCS can be achieved successfully.
Are you struggling with implementing a CCS in accordance with Annex 1? We would be interested in hearing your experience.
About the author:
Noelle Clifford is a Manager/Consultant with over 15 years of experience gained in world-leading pharmaceutical and biotechnology companies. Noelle has worked in all phases of pharmaceutical operations, from setting up a new greenfield site to working in established operational facilities. She has expertise in equipment validation, data integrity, quality management systems, and QC laboratory and manufacturing operations. She is a qualified and experienced Microbiologist with a BSc. in Industrial Microbiology from University College Dublin
References
- EudraLex Volume 4, Annex 1: Manufacture of Sterile Medicinal Products https://health.ec.europa.eu/document/download/e05af55b-38e9-42bf-8495-194bbf0b9262_en?filename=20220825_gmp-an1_en_0.pdf
- Reference: FDA.gov (2023). Warning Letter-Cipla Limited. Retrieved from https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/cipla-limited-660904-11172023
- Reference: FDA.gov (2023). Warning Letter-K.C. Pharmaceuticals Inc. Retrieved from https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/kc-pharmaceuticals-inc-654986-08032023
- Pharmaceutical Inspection Co-operation Scheme (PIC/S) https://picscheme.org/en/picscheme
- FDA Part 11, Electronic Records; Electronic Signatures – Scope and Application https://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
- EU GMP Annex 11 https://health.ec.europa.eu/system/files/2016-11/annex11_01-2011_en_0.pdf
- Science Direct – Risk Priority Number, Quality Management in Plastics Processing, 2016, Section 8.12. https://www.sciencedirect.com/topics/engineering/risk-priority-number