"SOPs In Action" For Effective QA Audits Of CDMOs

By Louis Garguilo, , Chief Editor, Outsourced Pharma Follow Me On Twitter @Louis_Garguilo

There’s a lot riding on a drug sponsor’s selection of the right CDMO. Kim K. Burson, Head of Quality Assurance (QA) and Quality Control (QC) at Achaogen, has some advice for those initial audits.  

Perhaps the most critical element is the “witnessing” of standard operating procedures (SOPs).  

QC Or QA: A Quality Question

I spoke with Burson from her office in South San Francisco, where she draws her insights from a career spanning Genentech, Millennium (Takeda Oncology), a number of smaller biotechs, and now Achaogen. She currently holds the twin titles of head of QA and QC. Since many of us still blur these two quality functions, I start our conversation by asking her to clarify the roles.  

“Fundamentally,” says Burson, “QC is product oriented, and QA is process oriented. That’s the biggest difference.” (Click here for a chart Burson uses to separate the two.)

“QC is more of the review of the data. They're in charge of the test methods in conjunction with analytical sciences, and QC also makes sure the protocols of those methods are correct per health authority guidelines, before they're actually validated. They look at the stability data and work with the analytical chemists to support the data for the shelf life of the product.”

“QA, on the other hand,” she continues, “is in charge of the quality systems for your company – essentially all of your SOPs [standard operating procedures]. They're responsible for ensuring that changes, deviations, investigations, product complaints, recalls, and field-alerts are all handled correctly. QA is also accountable for the release of the drug product and drug substance.”

Moreover, Burson says, vital to the QA role is the creating of quality agreements and the performing of quality audits of CDMOs. We’ll dive into those audits in a moment.

Regarding the quality agreements, CDMOs typically have templates, “but they are not necessarily favorable to the sponsor.” Therefore, Burson says, it is essential that sponsors should have their own template, or at the least “make sure you get your concerns inserted into theirs.”

That’s because somewhere down the road “a CDMO may say, ‘Well, it's not in the quality agreement, and if it's not, you're accountable as the sponsor.’ I've learned in retrospect it's better to spell out a few more things to make sure we have all the roles and responsibilities figured out ahead of time.”

SOPs In Action

Now to those audits. Burson starts with a top three “must-do” list.

1. Be sure to look as deeply as possible into the CDMOs oversight of their subcontractors. For example, if a CDMO outsources testing, how do they ensure their service provider is doing a good job? Do they audit that company? Do they actually review the data? How do they come to the conclusion that their outsourced work is being done compliantly?
2. Dig into “health authority findings” from the past. Burson says as a QA auditor, you want to receive a list of all the health authority inspections that a CDMO has had, and what their outcomes were. This includes any warning letters. “Sometimes they won't give everything, but this should be a specific area of concern and an effort made to get these documents.”
3. Confirm the CDMO in fact has the technical capabilities for what you're looking for. “This may not necessarily be quality related, but the quality part would be making sure that if they do have the technical abilities, they are practiced in a cGMP manner.”

“Being responsible for the audit teams, QA is partially accountable for making the CDMO selection,” says Burson. “With a smaller company, there's an even higher risk involved, because you only have so much time and money. You have to ensure you are choosing the right partner.”

However, ascertaining the operations and behaviors of a service provider is no easy set of tasks. At times they are not fully forthcoming with all the information drug sponsors’ want – for one thing, the claim is made for client confidentiality.

“When you're doing the CMO selection, that's the biggest challenge.” says Burson, “They just want to show you their SOPs; they won't show you the actual investigations.”

Burson has found a way around any roadblocks.

“What I do is look at their environmental monitoring and pest control programs. I look at all the investigations around those programs,” she explains. “This provides a good idea of how they handle all investigations. I've given a lot of audit findings for incomplete investigations essentially for environmental monitoring. That's one way to get at this.”

“I always tell people: ‘Go to the environmental monitoring, or the pest control, because that is not specific to a customer. That shows how they handle things at the site.’”

In other words, witness the SOPs in action.

Another example is the qualification of equipment. “CDMOs will have an SOP for qualifying a certain piece of equipment,” explains Burson. “You look at that, fine. But follow up by saying, ‘Show me how you qualified this incubator, show me how you qualified this tank,’ and then determine if they've actually followed their SOPs. Did they qualify the equipment per your expectations and the appropriate clinical phase of development?”

“You can’t just review the SOPs verbatim. It’s key to look at the requirements in actual practice. Are they doing what they say they’re doing?”

And if a QA auditor finds actions speak louder than the words written on an SOP, it might be time to audit your next CDMO candidate.