Topic/Issue Ref Priority

Quality management
Principle

Maintain a quality system setting out responsibilities, processes and risk

1.1.1
management principles in relation to their activities.

All distribution activities should be clearly defined and systematically reviewed. 1.1.2

All critical steps of distribution processes and significant changes should be

1.1.3
justified and where relevant validated.

The quality system is the responsibility of the organisation’s management and

requires their leadership and active participation and should be supported by staff 1.1.4
commitment.
Quality System

The system for managing quality should encompass the organisational structure,
procedures, processes and resources, as well as activities necessary to ensure
1.2.1
confidence that the product delivered maintains its quality and integrity and
remains within the legal supply chain during storage and/or transportation.

The quality system should be fully documented and its effectiveness monitored.
All quality system-related activities should be defined and documented. A quality 1.2.2
manual or equivalent documentation approach should be established.

A responsible person should be appointed by the management, who should have

clearly specified authority and responsibility for ensuring that a quality system is 1.2.3
implemented and maintained.

The management of the distributor should ensure that all parts of the quality
system are adequately resourced with competent personnel, and suitable and 1.2.4
sufficient premises, equipment and facilities.

The size, structure and complexity of distributor’s activities should be taken into
1.2.5
consideration when developing or modifying the quality system.

A change control system should be in place. This system should incorporate

1.2.6
quality risk management principles, and be proportionate and effective.

The quality system should ensure that:

(i) medicinal products are procured, held, supplied or exported in a way that is
1.2.7i
compliant with the requirements of GDP
(ii) management responsibilities are clearly specified 1.2.7ii

(iii) products are delivered to the right recipients within a satisfactory time period 1.2.7iii

(iv) records are made contemporaneously 1.2.7iv

(v) deviations from established procedures are documented and investigated 1.2.7v

(vi) appropriate corrective and preventive actions (commonly known as CAPA)

are taken to correct deviations and prevent them in line with the principles of 1.2.7vi
quality risk management

Management of outsourced activities

The quality system should extend to the control and review of any outsourced
activities related to the procurement, holding, supply or export of medicinal
1.3.1
products. These processes should incorporate quality risk management and
include:

(i) assessing the suitability and competence of the Contract Acceptor to carry out
1.3.1i
the activity and checking authorisation status, if required

(ii) defining the responsibilities and communication processes for the quality-
1.3.1ii
related activities of the parties involved
(iii) monitoring and review of the performance of the Contract Acceptor, and the
identification and implementation of any required improvements on a regular 1.3.1iii
basis

Management review and monitoring

The management should have a formal process for reviewing the quality system
1.4.1
on a periodic basis. The review should include:
(i) measurement of the achievement of quality system objectives 1.41i

(ii) assessment of performance indicators that can be used to monitor the

effectiveness of processes within the quality system, such as complaints,
deviations, CAPA, changes to processes; feedback on outsourced activities; self- 1.4.1ii
assessment processes including risk assessments and audits; and external
assessments such as inspections, findings and customer audits

(iii) emerging regulations, guidance and quality issues that can impact the quality
1.41iii
management system

(iv) innovations that might enhance the quality system 1.4.1iv

(v) changes in business environment and objectives 1.4.1v

The outcome of each management review of the quality system should be

1.4.2
documented in a timely manner and effectively communicated internally

Quality risk management

Quality risk management is a systematic process for the assessment, control,

communication and review of risks to the quality of medicinal products. It can be
applied both proactively and retrospectively. Quality risk management should
ensure that the evaluation of the risk to quality is based on scientific knowledge,
experience with the process and ultimately links to the protection of the patient. 1.5
The level of effort, formality and documentation of the process should be
commensurate with the level of risk. Examples of the processes and applications
of quality risk management can be found in guideline Q9 of the International
Conference on Harmonisation (ICH)

Personnel
Principle
There must be sufficient competent personnel to carry out all the tasks for which
2.1.1
the wholesale distributor is responsible
Individual responsibilities should be clearly understood by the staff and be 2.1.2
recorded
Responsible person
The wholesale distributor must designate a person as Responsible Person. The
Responsible Person should meet the qualifications and all conditions provided for 2.2.1
by the legislation of the Member State concerned.
A degree in pharmacy is desirable. 2.2.2
The Responsible Person should have appropriate competence and experience as
2.2.3
well as knowledge of and training in GDP.
The Responsible Person should fulfil their responsibilities personally and should
2.2.4
be continuously contactable.

The Responsible Person may delegate duties but not responsibilities. 2.2.5

The written job description of the Responsible Person should define their
2.2.6
authority to take decisions with regard to their responsibilities.

The wholesale distributor should give the Responsible Person the defined
2.2.7
authority, resources and responsibility needed to fulfil their duties.
The Responsible Person should carry out their duties in such a way as to ensure
that the wholesale distributor can demonstrate GDP compliance and that public 2.2.8
service obligations are met.
The responsibilities of the Responsible Person include: 2.2.9
(i) ensuring that a quality management system is implemented and maintained 2.2.9i
(ii) focusing on the management of authorised activities and the accuracy and
2.2.9ii
quality of records
(iii) ensuring that initial and continuous training programmes are implemented and
2.2.9iii
maintained
(iv) coordinating and promptly performing any recall operations for medicinal
2.2.9iv
products
(v) ensuring that relevant customer complaints are dealt with effectively 2.2.9v

(vi) ensuring that suppliers and customers are approved 2.2.9vi

(vii) approving any subcontracted activities which may impact on GDP 2.2.9vii
(viii) ensuring that self-inspections are performed at appropriate regular intervals
following a prearranged programme and necessary corrective measures are put 2.2.9viii
in place
(ix) keeping appropriate records of any delegated duties 2.2.9ix
(x) deciding on the final disposition of returned, rejected, recalled or falsified
2.2.9x
products
(xi) approving any returns to saleable stock 2.2.9xi
(xii) ensuring that any additional requirements imposed on certain products by
2.2.9xii
national law are adhered to
Other personnel
Adequate number of competent personnel involved in all stages of the wholesale
2.3.1
distribution activities of medicinal products.
The organisational structure of the wholesale distributor should be set out in an
organisation chart. The role, responsibilities, and interrelationships of all 2.3.2
personnel should be clearly indicated.

The role and responsibilities of employees working in key positions should be set
2.3.3
out in written job descriptions, along with any arrangements for deputising

Training
All personnel involved in wholesale distribution activities should be trained on the
requirements of GDP. They should have the appropriate competence and 2.4.1
experience prior to commencing their tasks
Personnel should receive initial and continuing training relevant to their role,
based on written procedures and in accordance with a written training
2.4.2
programme. The Responsible Person should also maintain their competence in
GDP through regular training
In addition, training should include aspects of product identification and avoidance
2.4.3
of falsified medicines entering the supply chain
Personnel dealing with any products which require more stringent handling
conditions should receive specific training. Examples of such products include
hazardous products, radioactive materials, products presenting special risks of 2.4.4
abuse (including narcotic and psychotropic substances), and temperature-
sensitive products.
A record of all training should be kept, and the effectiveness of training should be
2.4.5
periodically assessed and documented
Hygiene
Appropriate procedures relating to personnel hygiene, relevant to the activities
being carried out, should be established and observed. Such procedures should 2.5
cover health, hygiene and clothing.
Documentation
Principle

Good documentation constitutes an essential part of the quality system. Written

documentation should prevent errors from spoken communication and permits the 4.1
tracking of relevant operations during the distribution of medicinal products.

General
Documentation comprises all written procedures, instructions, contracts, records
and data, in paper or in electronic form. Documentation should be readily 4.2.1
available/retrievable

With regard to the processing of personal data of employees, complainants or

any other natural person, Directive 95/46/EC on the protection of individuals 4.2.2
applies to the processing of personal data and to the free movement of such data.

Documentation should be sufficiently comprehensive with respect to the scope of

the wholesale distributor’s activities and in a language understood by personnel. 4.2.3
It should be written in clear, unambiguous language and be free from errors

Procedures should be approved signed and dated by the responsible person.

Documentation should be approved, signed and dated by appropriate authorised
4.2.4
persons, as required. It should not be handwritten; although, where it is
necessary, sufficient space should be provided for such entries.
Any alteration made in the documentation should be signed and dated; the
alteration should permit the reading of the original information. Where 4.2.5
appropriate, the reason for the alteration should be recorded

Documents should be retained for the period stated in national legislation but at
least 5 years. Personal data should be deleted or anonymised as soon as their 4.2.6
storage is no longer than necessary for the purpose of distribution activities.

Each employee should have ready access to all necessary documentation for the
4.2.7
tasks executed.

Attention should be paid to using valid and approved procedures. Documents

should have unambiguous content; title, nature and purpose should be clearly
stated. Documents should be reviewed regularly and kept up to date. Version
4.2.8
control should be applied to procedures. After revision of a document a system
should exist to prevent inadvertent use of the superseded version. Superseded or
obsolete procedures should be removed from workstations and archived.

Records must be kept either in the form of purchase/sales invoices, delivery slips,
or on computer or any other form, for any transaction in medicinal products 4.2.9
received, supplied or brokered.
Records must include at least the following information: date; name of the
medicinal product; quantity received, supplied or brokered; name and address of
4.2.10
the supplier, customer, broker or consignee, as appropriate; and batch number at
least for medicinal product bearing the safety features.
Records should be made at the time each operation is undertaken. 4.2.11
Operations
Principle
All actions taken by wholesale distributors should ensure that the identity of the
medicinal product is not lost and that the wholesale distribution of medicinal
products is performed according to the information on the outer packaging. The 5.1.1
wholesale distributor should use all means available to minimise the risk of
falsified medicinal products entering the legal supply chain.

All medicinal products distributed in the EU by a wholesale distributor must be

5.1.2
covered by a marketing authorisation granted by the EU or by a Member State.

Any distributor, other than the marketing authorisation holder, who imports a
medicinal product from another Member State must notify the marketing
authorisation holder and the competent authority in the Member State to which
5.1.3
the medicinal product will be imported of their intention to import that product. All
key operations described below should be fully described in the quality system in
appropriate documentation.
Qualification of suppliers

Wholesale distributors must obtain their supplies of medicinal products only from
persons who are themselves in possession of a wholesale distribution
5.2.1
authorisation, or who are in possession of a manufacturing authorisation which
covers the product in question.

Wholesale distributors receiving medicinal products from third countries for the
purpose of importation, i.e. for the purpose of placing these products on the EU 5.2.2
market, must hold a manufacturing authorisation

Where medicinal products are obtained from another wholesale distributor the
receiving wholesale distributor must verify that the supplier complies with the
principles and guidelines of good distribution practices and that they hold an
5.2.3
authorisation for example by using the Union database. If the medicinal product is
obtained through brokering, the wholesale distributor must verify that the broker is
registered and complies with the requirements in Chapter 10

Appropriate qualification and approval of suppliers should be performed prior to

any procurement of medicinal products. This should be controlled by a procedure 5.2.4
and the results documented and periodically rechecked

When entering into a new contract with new suppliers the wholesale distributor
should carry out ‘due diligence’ checks in order to assess the suitability, 5.2.5
competence and reliability of the other party. Attention should be paid to:

(i) the reputation or reliability of the supplier; 5.2.5i

(ii) offers of medicinal products more likely to be falsified; 5.2.5ii
(iii) large offers of medicinal products which are generally only available in limited
5.2.5iii
quantities; and
(iv) out-of-range prices. 5.2.5iv
Qualification of customers
Wholesale distributors must ensure they supply medicinal products only to
persons who are themselves in possession of a wholesale distribution
5.3.1
authorisation or who are authorised or entitled to supply medicinal products to the
public.

Checks and periodic rechecks may include: requesting copies of customer’s

authorisations according to national law, verifying status on an authority website,
5.3.2
requesting evidence of qualifications or entitlement according to national
legislation.
Wholesale distributors should monitor their transactions and investigate any
irregularity in the sales patterns of narcotics, psychotropic substances or other
dangerous substances. Unusual sales patterns that may constitute diversion or
5.3.3
misuse of medicinal product should be investigated and reported to competent
authorities where necessary. Steps should be taken to ensure fulfilment of any
public service obligation imposed upon them.
Receipt of medicinal products
The purpose of the receiving function is to ensure that the arriving consignment is
correct, that the medicinal products originate from approved suppliers and that 5.4.1
they have not been visibly damaged during transport.
Medicinal products requiring special storage or security measures should be
prioritised and once appropriate checks have been conducted they should be 5.4.2
immediately transferred to appropriate storage facilities.

Batches of medicinal products intended for the EU and EEA countries should not
be transferred to saleable stock before assurance has been obtained in
accordance with written procedures, that they are authorised for sale. For batches
coming from another Member State, prior to their transfer to saleable stock, the 5.4.3
control report referred to in Article 51(1) of Directive 2001/83/EC or another proof
of release to the market in question based on an equivalent system should be
carefully checked by appropriately trained personnel.

Storage
Medicinal products and, if necessary, healthcare products should be stored
separately from other products likely to alter them and should be protected from
the harmful effects of light, temperature, moisture and other external factors. 5.5.1
Particular attention should be paid to products requiring specific storage
conditions.
Incoming containers of medicinal products should be cleaned, if necessary,
5.5.2
before storage.
Warehousing operations must ensure appropriate storage conditions are
5.5.3
maintained and allow for appropriate security of stocks.
Stock should be rotated according to the first expiry, first out (FEFO) principle.
5.5.4
Exceptions should be documented.
Medicinal products should be handled and stored in such a manner as to prevent
spillage, breakage, contamination and mix-ups. Medicinal products should not be
5.5.5
stored directly on the floor unless the package is designed to allow such storage
(such as for some medicinal gas cylinders).
Medicinal products that are nearing or are beyond their expiry date/shelf life
should be withdrawn immediately from saleable stock either physically or through 5.5.6
other equivalent electronic segregation.
Stock inventories should be performed regularly taking into account national
legislation requirements. Stock irregularities should be investigated and 5.5.7
documented.
Destruction of obsolete goods

Medicinal products intended for destruction should be appropriately identified,

5.6.1
held separately and handled in accordance with a written procedure.

Destruction of medicinal products should be in accordance with national or

5.6.2
international requirements for handling, transport and disposal of such products.

Records of all destroyed medicinal products should be retained for a defined

5.6.3
period.
Picking
Controls should be in place to ensure the correct product is picked. The product
5.7
should have an appropriate remaining shelf life when it is picked
Supply
For all supplies, a document (e.g. delivery note) must be enclosed stating the
date; name and pharmaceutical form of the medicinal product, batch number at
least for products bearing the safety features; quantity supplied; name and
address of the supplier, name and delivery address of the consignee ( 1 ) (actual 5.8
physical storage premises, if different) and applicable transport and storage
conditions. Records should be kept so that the actual location of the product can
be known.
Export to third countries

The export of medicinal products falls within the definition of ‘wholesale

distribution’ ( 2 ). A person exporting medicinal products must hold a wholesale
5.9.1
distribution authorisation or a manufacturing authorisation. This is also the case if
the exporting wholesale distributor is operating from a free zone.

The rules for wholesale distribution apply in their entirety in the case of export of
medicinal products. However, where medicinal products are exported, they do not
need to be covered by a marketing authorisation of the Union or a Member State
( 3 ). Wholesalers should take the appropriate measures in order to prevent these
medicinal products reaching the Union market. Where wholesale distributors 5.9.2
supply medicinal products to persons in third countries, they shall ensure that
such supplies are only made to persons who are authorised or entitled to receive
medicinal products for wholesale distribution or supply to the public in accordance
with the applicable legal and administrative provisions of the country concerned.

Complaints, returns, Suspected falsified medicinal products and medicinal

product recalls
Principle

All complaints, returns, suspected falsified medicinal products and recalls must be
recorded and handled carefully according to written procedures. Records should
be made available to the competent authorities. An assessment of returned
6.1
medicinal products should be performed before any approval for resale. A
consistent approach by all partners in the supply chain is required in order to be
successful in the fight against falsified medicinal products.

Complaints
Complaints should be recorded with all the original details. A distinction should be
made between complaints related to the quality of a medicinal product and those
related to distribution. In the event of a complaint about the quality of a medicinal
product and a potential product defect, the manufacturer and/or marketing 6.2.1
authorisation holder should be informed without delay. Any product distribution
complaint should be thoroughly investigated to identify the origin of or reason for
the complaint.

A person should be appointed to handle complaints and allocated sufficient

6.2.2
support personnel.
If necessary, appropriate follow-up actions (including CAPA) should be taken after
investigation and evaluation of the complaint, including where required notification 6.2.3
to the national competent authorities.
Returned medicinal products

Returned products must be handled according to a written, risk- based process

taking into account the product concerned, any specific storage requirements and
the time elapsed since the medicinal product was originally dispatched. Returns 6.3.1
should be conducted in accordance with national law and contractual
arrangements between the parties.

Medicinal products which have left the premises of the distributor should only be
6.3.2
returned to saleable stock if all of the following are confirmed:
(i) the medicinal products are in their unopened and undamaged secondary
packaging and are in good condition; have not expired and have not been 6.3.3
recalled;
(ii) medicinal products returned from a customer not holding a wholesale
distribution authorisation or from pharmacies authorised to supply medicinal
6.3.4
products to the public should always be returned to saleable stock if they are
returned within an acceptable time limit, for example 10 days.
(iii) it has been demonstrated by the customer that the medicinal products have
been transported, stored and handled in compliance with their specific storage 6.3.5
requirements;
(iv) they have been examined and assessed by a sufficiently trained and
6.3.6
competent person authorised to do so;

(v) the distributor has reasonable evidence that the product was supplied to that
customer (via copies of the original delivery note or by referencing invoice
6.3.7
numbers, etc.) and the batch number for products bearing the safety features is
known, and that there is no reason to believe that the product has been falsified.

Moreover, for medicinal products requiring specific temperature storage

conditions such as low temperature, returns to saleable stock can only be made if
there is documented evidence that the product has been stored under the
6.3.8
authorised storage conditions throughout the entire time. If any deviation has
occurred a risk assessment has to be performed, on which basis the integrity of
the product can be demonstrated. The evidence should cover:
(i) delivery to customer; 6.3.8i
(ii) examination of the product; 6.3.8ii
(iii) opening of the transport packaging; 6.3.8iii
(iv) return of the product to the packaging; 6.3.8iv
(v) collection and return to the distributor; 6.3.8v
(vi) return to the distribution site refrigerator. 6.3.8vi
Products returned to saleable stock should be placed such that the ‘first expired
6.3.9
first out’ (FEFO) system operates effectively.
Stolen products that have been recovered cannot be returned to saleable stock
6.3.10
and sold to customers.
Falsified medicinal products
Wholesale distributors must immediately inform the competent
authority and the marketing authorisation holder of any
medicinal products they identify as falsified or suspect to be 6.4.1
falsified (1). A procedure should be in place to this effect. It
should be recorded with all the original details and investigated.
Any falsified medicinal products found in the supply chain should immediately be
physically segregated and stored in a dedicated area away from all other
6.4.2
medicinal products. All relevant activities in relation to such products should be
documented and records retained.
Medicinal product recalls

The effectiveness of the arrangements for product recall should be evaluated

6.5.1
regularly (at least annually).

Recall operations should be capable of being initiated promptly and at any time. 6.5.2
The distributor must follow the instructions of a recall message, which should be
6.5.3
approved, if required, by the competent authorities.
Any recall operation should be recorded at the time it is carried out. Records
6.5.4
should be made readily available to the competent authorities.

The distribution records should be readily accessible to the person(s) responsible

for the recall, and should contain sufficient information on distributors and directly
supplied customers (with addresses, phone and/or fax numbers inside and
6.5.5
outside working hours, batch numbers at least for medicinal products bearing
safety features as required by legislation and quantities delivered), including
those for exported products and medicinal product samples.

The progress of the recall process should be recorded for a final report. 6.5.6
Outsourced activities
Principle
Any activity covered by the GDP Guide that is outsourced should be correctly
defined, agreed and controlled in order to avoid misunderstandings which could
affect the integrity of the product. There must be a written Contract between the 7.1
Contract Giver and the Contract Acceptor which clearly establishes the duties of
each party.

Contract Giver
The Contract Giver is responsible for the activities contracted out. 7.2.1

The Contract Giver is responsible for assessing the competence of the Contract
Acceptor to successfully carry out the work required and for ensuring by means of
the contract and through audits that the principles and guidelines of GDP are
followed. An audit of the Contract Acceptor should be performed before 7.2.2
commencement of, and whenever there has been a change to, the outsourced
activities. The frequency of audit should be defined based on risk depending on
the nature of the outsourced activities. Audits should be permitted at any time.

The Contract Giver should provide the Contract Acceptor with all the information
necessary to carry out the contracted operations in accordance with the specific 7.2.3
product requirements and any other relevant requirements.
Contract Acceptor
The Contract Acceptor should have adequate premises and equipment,
procedures, knowledge and experience, and competent personnel to carry out 7.3.1
the work ordered by the Contract Giver.
The Contract Acceptor should not pass to a third party any of the work entrusted
to him under the contract without the Contract Giver’s prior evaluation and
approval of the arrangements and an audit of the third party by the Contract Giver
or the Contract Acceptor. Arrangements made between the Contract Acceptor 7.3.2
and any third party should ensure that the wholesale distribution information is
made available in the same way as between the original Contract Giver and
Contract Acceptor.
The Contract Acceptor should refrain from any activity which may adversely affect
7.3.3
the quality of the product(s) handled for the Contract Giver.
The Contract Acceptor must forward any information that can influence the quality
of the product(s) to the Contract Giver in accordance with the requirement of the 7.3.4
contract.
Self-Inspection
Principle

Self-inspections should be conducted in order to monitor implementation and

8.1
compliance with GDP principles and to propose necessary corrective measures.

Self-inspections

A self-inspection programme should be implemented covering all aspects of GDP

and compliance with the regulations, guidelines and procedures within a defined
8.2.1
time frame. Self- inspections may be divided into several individual self-
inspections of limited scope.

Self-inspections should be conducted in an impartial and detailed way by

designated competent company personnel. Audits by independent external
8.2.2
experts may also be useful but may not be used as a substitute for self-
inspection.
All self-inspections should be recorded. Reports should contain all the
observations made during the inspection. A copy of the report should be provided
to the management and other relevant persons. In the event that irregularities
8.2.3
and/or deficiencies are observed, their cause should be determined and the
corrective and preventive actions (CAPA) should be documented and followed
up.
Questions

Are roles and Responsibilities sufficiently defined?

Is risk management comprehensively applied?

Are the Management Reviews conducted?

Are internal audits conducted as per schedule?
Is there a Risk Assesment of the GDP Processes?

Is there sufficient QA Resource?

Are there some SOP process flows described?

Is there an up-to date signed dated Org Chart?

Is SMF and Quality manual up to date?
Are there any missing SOPs to be written or revised?

Is this described in the RP Job Description?

Is there sufficient QA Resourse?

Enough space in storage locations?
Overview of Capacity utilisation levels and expansion plans?
Is there a Business Continuity Plan?
What is the sttaus of implementing an electronic system is for a new
Documentaiton System?
Is Change Control Connected to Risk management?
Is the CC SOP adequate?
Are QA reviews at every step?
Seperation of Document Control changes from General Change Control
should be a priority.
What about changes that might take more time? - extensions allowed? how
many?
Effectiveness of Change (4 weeks) - Is this due date tracked?
If these 4 weeks are overdue - Justification is added? follow up?
Check CC tracker - how many CC open? Overdue CC? (total)
Is there a measured % GDP compliance for GDP activities?
Are there any compliance KPIs in place?
Are there Job Descriptions for Management and Employees Defined?
Are products are delivered to the right recipients within a satisfactory time
period?
Is there a Good Documentation Practices SOP?

Are there examples of Root Cause analysis techniques and are they trained
with training material or external courses?
Is RCA included in the Deviations and Complaints Process?

Are there CAPA effectiveness checks?

Are timelines defined?
Are QA reviews at every step?
Clarify what happens if the CAPA is not effective. A new CAPA will be open?
How many extensions are allowed per record?
Check CAPA Tracker
How many open CAPAs? Overdue CAPAs? (Total)
Clarification on the QA role in CAPA process is needed

What is included in Outsourced activities?

(quality risk management, auditing, check autorisation status, contract,
periodic review)

Does Supplier assessment include all as a supplier or only product suppliers

are suppliers'?
Is there a comprehensive Approved Supplier List (ASL)?
Are GMDP certificates and non-Compliance Reports checked or only
Licences?
How often are re-checks performed?
What is the status of Company Audit CAPA and re-audit?
How are Suppliers monitored? Are all companies also Monitored?

Management review on periodic basis (objectives, performance indicators,

regulations, innovations, changes)

There is an 'Improvement points overview'

Are All subject in the Management Review SOP included as per GDP
subjects?

Are Quaterly and 6 monthly Reviews conducted regularly?

Risk Assessments is not a listed subject in the SOP

Not listed as a subject in the SOP

Not listed as a subject in the SOP

Is Computer system and validation status included?

Is management review outcome effectively communicated internally?
How are actions from previous Management Reviews followed up?
Are Open changes tracked?
Are Management Review Documents Controlled Documents?

There is a Risk management SOP referencing ICHQ9?

Is there a log of Risk Analysis?
How many Risk analysis have been done and reviewed?
Is residual risk before and after mitigation actions calculated?
Are there criteria for deviation classification? - it should apply a risk based
approach
Are there instructions on how to document and track the actions that came
out of the risk assessment?
Is there a last approved annual quality plan?

Are there job descriptions of QA head and QA officer?

Is there an RP, organisation chart (independent of operations), qualification,
job description?

Who is the back up of RP? How is this documented in case of absence?

(formal letter is recommended - RP needs to approve the delegation)

Check RP job description - All the these responsibilities must be included in

the JD

Check RP job description - All the these responsibilities must be included in

the JD

Is Accuracy and quality of recordsspecifically mention in the RP JD?

How is the RP involved in the Training Plan?

Is there a record of delegated duties, if any?

Cost Model for determined levels of Staff required

Are there job descriptions of QA?

Does the RP Deputise to the QA?

Is there a Training SOP, training plan (program), training records,

qualification? Checked Training matrix/ plan
To clarify how the training is assessed

Is continuing training of sufficient frequency?

Is there Training on all topics including temeprature sensitive products?

Observing at least SOP once and GDP training every 3 years is infrequent
Are External Documents controlled and monitored for updates?

Is documentation defined clearly in SOP as retention period 5 or 7 years?

Is there an SOP specific on traceability?

Are GMDP certificates checked as well as MIA/WDA licences?

Is there a risk-based supplier annual re-audit FMEA?

Are ii iii and iv described in the quality System?

Are Periodic Re-checks Performed?
Is there an SOP on cycle or wall to wall counts?

Does the SOP define requirements for a Destruction certificate?

Is there a classification of complaints?

Is information included in the SOP regarding investigation and possible

follow ups on what concerns product complaints?

Is there clear differentiation between handling of product complaints and

distribution complaints?

Are there instructions on what type of information must be collected during

the incoming return?

Are all criteria included in Returns SOP/Form?

Is there a dedicated area for falsified medicines?

When was mock recall last performed?

Are there Quality Agreements for outsourced activites?
Is there an Approved Supplier List?
Is it clear when to perform a supplier audit or just sending the
questionnaire?

How are risk based annual re-qualifications performed is there an FMEA for
each supplier?

How often in the company audited and is there CAPA response plan from
the last audit?
What is the status of the internal audit plan for 2020 and 2021?

What are the requirements to be an internal Auditor?

Is there a list of internal auditors?

What is the status of the CAPAs from internal audit plan for 2020/2021?
Example Findings

The actions for deviations, CAPAs and change controls are

determined by the management of the company, and not by the
Quality function, impairing the independent assessment and
determination of these actions. The RP closes the CAPA when the
determined actions have been completed.

Processen voor kwaliteitsbeoordeling en continue verbeteren

(PDCA cirkel) zijn niet voldoende geborgd.

Noodzakelijke kwaliteitsprocedures ontbreken, zijn onvolledig of

onvoldoende geborgd met betrekking tot de EU GMP of worden
niet nageleefd.

There is no documented procedure or Business Continuity Plan

which prescribes the pandemic prevention measures.

Change control maakt er geen onderdeel van uit en er is geen

change aangemaakt voor de overgang naar een nieuw
computersysteem.

Wijzigingen (Change Control) zijn niet altijd voorzien van een

einddatum.
In de procedure “Technische Klachten” zijn geen
afhandelingstermijnen noch de ernst van de classificatie
opgenomen

Bij logistieke klachten worden geen route cause analyses

uitgevoerd en trends worden niet gevolgd. Dit is in strijd met de
procedure, die beschrijft dat dit wel uitgevoerd dient te worden

Een systematiek voor het initiëren en afhandelen van changes,

deviaties en CAPA’s ontbreekt.
De betekenis van de velden in het webformulier Deviaties staan
niet in de procedure.

Het is niet aantoonbaar dat er CAPAs zijn genomen in lijn met de

beginselen van kwaliteitsrisicobeheer

Een deviatie kan afgerond worden zonder dat alle noodzakelijk

velden, waaronder de overweging wel of geen CAPA, in te vullen.
Het management review is daarnaast niet getekend door de RP

De uitbestede activiteiten worden niet voldoende besproken in

het management review

Hierdoor is een evaluatie niet mogelijk en zijn innovaties,

veranderingen en continu verbetering niet geborgd

De opvolging van acties die voortkomen uit het Management

Review is niet gewaarborgd in een procedure

Er is geen procedure Kwaliteitsrisicomanagement aanwezig

Er zijn geen risicoanalyses uitgevoerd
Een totaal overzicht van GDP risico’s is nog niet aanwezig
In organogram van ontbreken de RP’s die de 1e RP vervangen
tijdens zijn afwezigheid

De verdeling van de GDP-verantwoordelijkhedentussen de drie

RP’s is niet expliciet vastgelegd en daardoor niet duidelijk

Een overeenkomst waaruit blijkt dat de RP is niet aanwezig

In het kwaliteithandboek staat vervallen versie van de

functieomschrijving van de RP gepubliceerd

De functieomschrijving van de RP bevat in algemene termen en

niet specifiek de GDP verantwoordelijkheden en taken zoals
genoemd in hoofdstuk 2.2 van de GDP richtsnoer

De RP beschikt over onvoldoende kennis van de EudraGMDP

database en hoe die te gebruiken voor het controleren op
aanwezigheid van een vergunning van de leveranciers
Het Documentatie Beheer Systeem is operationeel onvoldoende
gevalideerd. Validatie is gepland voor het einde van 2019. Gezien
het feit dat er tijdens de inspectie 2 SOPs over hetzelfde
onderwerp zijn aangetroffen duidt op een onvoldoende
kwalificatie en borging van het documentatie beheer systeem en
dus op de borging van het kwaliteitssysteem

Er is geen validatie/kwalificatie uitgevoerd voor het operationele

Documentatie Beheer
Bij de kwalificatie van groothandels wordt niet gekeken of deze,
naast een groothandelsvergunning, ook beschikt over een GDP-
certificaat dat aangeeft dat de groothandel voldoet aan GDP

Periodieke controle op GDP/GMP-certificaten dient frequent

plaats te vinden

Bij de controle van de bevoegdheden van leveranciers wordt geen

gebruik gemaakt van de GMDP database.
B.V. levert het geneesmiddel..........rechtstreeks af aan een kliniek.
Groothandels zijn niet bevoegd geneesmiddelen rechtstreeks aan
klinieken af te leveren als daar geen apotheek met een gevestigd
apotheker of een ziekenhuisapotheek aanwezig is, waardoor
geneesmiddelen heeft afgeleverd aan een onbevoegde.
In de klachtenprocedure is geen classificatie van klachten
opgenomen; tevens ontbreekt per classificatie een responstijd

Er vindt nog geen trendanalyse plaats van deviaties, CAPA’s,

Changes en klachten volgens een beschreven process

De procedures voor retouren is niet aangepast naar de nieuwe

FMD-richtlijnen met betrekking tot doorlooptijden

In de uitzondering retouren is niet beschreven welke waarborgen

gecheckt moeten worden indien er wel retour wordt aangenomen
In de procedure uitvoeren recall is niet beschreven dat bij het
uitvoeren van een recall op eigen initiatief achteraf een evaluatie
van de recall dient te worden uitgevoerd

De procedures voor recall is niet aangepast naar de nieuwe FMD-

richtlijnen met betrekking tot doorlooptijden
Staat niet beschreven welke bronnen geraadpleegd dienen te
worden bij zowel nieuwe kwalificatie als herkwalificatie

Het audit rapport van ... heeft geen referentie naar het EU GDP-
richtsnoer

De resultaten van audits en de follow up daarvan zijn

onvoldoende in beeld

De herzieningsperiode van het contract met ...wordt niet gehaald.

Bovendien zijn bepaalde verantwoordelijkheden onjuist belegd en
contractuele verplichtingen niet nagekomen

Er is geen auditfrequentie vastgelegd

Niet alle transporteurs zijn voldoende gekwalificeerd.

In het rapport zijn veel Major bevindingen gedaan, maar een CAPA
rapport is niet aanwezig

Het is niet aantoonbaar dat Dhr. een gekwalificeerde auditor is

voor het uitvoeren van GDP audits

Bij het overnemen van een auditrapport van derden wordt niet
gecontroleerd of de auditor gekwalificeerd is
Niet beschreven aan welke eisen een gekwalificeerde auditor
moet voldoen om een audit uit te kunnen voeren

Periodieke zelfinspecties van de relevante GDP activiteiten vinden

niet plaats

Een zelfinspectieplanning voor 2019 is nog niet opgesteld

In 2019 de geplande audit niet uitgevoerd en zonder

verklaring/onderbouwing doorgeschoven naar 2020
Example Findings

Het Site Master File beschrijft de toekomstige situatie bij Pharma. Er is vastgesteld
dat de in het SMF benoemde procedures nog niet effectief zijn en geautoriseerd zijn
(niet afgetekend door QP) en dat de acties die zijn beschrevenhet SMF, waaronder
procesvalidatie, niet zijn uitgevoerd. Het SMF beschrijft daarmee niet de actuele
situatie.

The actions taken to ensure the supply of medicinal products is not impaired, when
multiple staff member would be infected, is not described.

Het Change control formulier beschrijft geen opvolgtermijnen bij overschrijding van
deadlines of een mogelijkheid de reden van overschrijding te onderbouwen. Op basis
van het formulier is niet vast te stellen waar de QP voor aftekent; voor goedkeuring
van de aanvraag voor de change, of voor uitvoering van de change. De uitkomsten
van de change worden niet vastgelegd en de effectiviteit van de change wordt niet
bepaald of vastgelegd.
Het is niet eenduidig wat een deviatie is en hoe er mee moet worden omgegaan.

De procedure Deviaties voorziet onvoldoende in het vastleggen, onderzoeken en

afhandelen van deviaties; Bij het printen van bijsluiters zijn meerdere deviaties
opgetreden zoals vastgelegd in het Technisch Logboek. Twee Deviaties zijn
opgevraagd. Beide deviaties zijn niet vastgelegd in een register.

CAPA’s worden in Excel bijgehouden. De beveiliging (o.a. lees en schrijfrechten) van

het Excel bestand is onduidelijk. Geplande termijnen vermeld in het Excel overzicht
zijn regelmatig overschreden

Er is geen opvolging gegeven aan deze deviaties; er zijn geen root-cause analyses of
corrigerende of preventieve maatregelen vastgelegd.

De rol en verantwoordelijkheden van de RP staan niet beschreven in de SOP omtrent

CAPA’s
Jaarlijks worden de prestaties van bestaande leveranciers beoordeeld en
geëvalueerd. Dit proces is echter niet beschreven in een procedure

Actiepunten uit de managementreview worden niet toonbaar vastgelegd en

opgevolgd

Risicoanalyses zijn niet gemaakt en ook niet ingezien van het bedrijf dat ze voor
opslag en transport heeft gemaakt

Er is geen systematisch proces voor het in kaart brengen, controleren en beoordelen

van de risico’s die de kwaliteit van de geneesmiddelen kunnen beïnvloeden
(bijvoorbeeld tijdens transport)
Doordat de verdeelde taken en verantwoordelijkhedenvoor de RP in losse
functieomschrijvingen beschreven zijn bestaat het risico dat het overzicht of alle
verantwoordelijkheden (voldoende) belegd zijn verloren gaat.

Het is aan te bevelen één functieomschrijving voor de RP te maken en hierin te

verwijzen naar de functionarissen (functieprofielen) van de personen die deze rol als
RP vervullen

Jaarlijkse hertraining van medewerkers is niet aantoonbaar gedocumenteerd.

De training van medewerkers in GDP, GMP en GMP-kritische activiteiten is

onvoldoende geborgd

Het opleidingsplan/inwerkschema met betrekking tot opleiding werkzaamheden

bijsluiterruimte is te summier
De principes van good documentation practice worden niet consequent gehanteerd:

Enkele tellijsten van voorraadtellingen waren niet afgetekend door de teller.

De schoonmaakactiviteiten zijn voor de maanden januari, februari, maart ingevuld in

het schoonmaaklogboek... Van de Activiteiten die tot.. hebben plaatsgevonden zijn
data en parafen geantidateerd in het betreffende logboek
Bij de controle van leveranciers wordt in de praktijk alleen gekeken naar het GMP
certificaat

Procedure beschrijft alleen de controle van de vergunning van de leverancier. Echter

tijdens de herkwalificatie van leveranciers moeten zowel de vergunning als het
certificaat gecontroleerd worden

De jaarlijkse controle van leveranciers is niet in lijn met de procedure en is niet

volledig
De kwalificatie van afnemers is niet voldoende geborgd, dit blijkt uit:
- Er is niet vastgelegd hoe de RP de jaarlijkse check vastgelegd
- De lijst waar vanaf de RP de jaarlijkse hercontrole uitvoert bevat geen
afleveradressen, waardoor de hercontrole niet volledig wordt uitgevoerd. Er kan
alleen gekeken worden of de klant bevoegd is, maar er wordt niet gekeken of er ook
op het juiste adres wordt afgeleverd
Bij logistieke klachten worden geen route cause analyses uitgevoerd en trends
worden niet gevolgd

De procedures voor retouren is niet aangepast naar de nieuwe FMD-richtlijnen met

betrekking tot doorlooptijden
As there are no specific considerations towards comparator products, there is no
system or procedure to monitor recalls in countries from which comparator products
are sourced.

This means that should a local Health Authority initiate a recall, there is no activity by
the company to discover this. it is uncertain that regular recall information flows may
reach the supplier of the comparator product in time to prevent dosing in the clinical
trial.

Therefore, active recall monitoring of the comparator products supplies is required.

[Eudralex Volume 4, Annex 13, section 50]
Vaststellen van de frequentie van zelfinspecties wordt gedaan met een risicomodel.
De hierbij maximaal toegestane termijnen voor zelfinspecties van drie of vijf jaar zijn
te ruim.

De rapporten naar aanleiding van zelfinspecties zijn te weinig beschrijvend; er is te

weinig informatie om een goede beoordeling te kunnen geven

De resultaten van audits en de follow up daarvan zijn onvoldoende in beeld

Uitkomsten van zelfinspecties worden niet teruggekoppeld aan de directie

Example Findings

Site Master File indicates that the company is limited to import for clinical
trial materials from almost all countries (so not all). There is no description
or list which countries in the EU are included in the “almost all countries”.

De rol en verantwoordelijkheden van de RP staan niet beschreven in de

SOP omtrent Change Control
Volgens de SOP draagt de Manager QA and RA zorg voor de periodieke
rapportage omtrent Change Control. Er zijn nog geen periodieke
rapportages beschikbaar
De procedure Deviaties heeft een te beperkte doelstelling omdat deze
beperkt is tot deviaties in product, commercie en afwijkingen op de SLA en
zich niet richt op deviaties ten opzichte van GMP en GDP.

De beoordeling en afhandeling van deviaties betreffende afwijkende

primaire verpakking kan niet bepaald worden op basis van het ingevulde
formulier. De afronding is daarmee niet voldoende beschreven.

In de procedure is onvoldoende informatie opgenomen over de uitvoering

van de root cause analyse. De classificatie van deviaties is niet voldoende
gedefinieerd omdat alleen significante deviaties worden benoemd.
De management review procedure is nog niet aangepast met betrekking
tot de tekortkomingen vastgesteld tijdens de inspectie.

In de managementreview wordt niet teruggekeken naar acties voorgaand

jaar en er worden geen acties voor het komende jaar gedefinieerd. KPI’s
en/of kwaliteit doelstellingen ontbreken in de review

De procedure Risico-analyse is niet geautoriseerd en nog niet effectief. De

procedure is niet verplicht gesteld voor GMP/GDP processen waarbij risico-
analyse wel verwacht wordt conform EU GMP
GDP/GMP training is provided to all staff working in these areas however
GDP refresher training is only completed on a three (3) yearly basis. Current
expectations look for annual refresher training.

Na meelopen bij activiteit (1 uur tot 0.5 dag) en zonder verdere training
mogen al GMP/GDP activiteiten worden uitgevoerd zonder toezicht.

De rol van de RP als eindverantwoordelijke voor dit toezicht is in de nieuwe

situatie nog niet vastgelegd

De training van een nieuwe medewerker heeft niet binnen de in het

formulier gestelde periode plaatsgevonden. Er is geen deviatie geopend.
De medewerker heeft werkzaamheden uitgevoerd.
IGJ FINDINGS
Bij de kwalificatie van leveranciers is het verständig om een score toe te
kennen voor risicolanden en leveranciers met de hoogste score te laten
auditen door een ervaren auditor.
De jaarlijkse check van de klanten/afnemers bestaande uit
ziekenhuisapotheken van diverse ziekenhuizen en medische centra is niet
uitgevoerd en is niet opgenomen in de procedure
Complaint Handling
- The complaint handling system is not thoroughly defined:
Complaints Handling procedure C81, shows that there is no process or form
that is used to document complaints received
Complaint Handling procedure C81, does not provide a process description
or other information towards the complaint handling process, such as how
to investigate complaints, what the timelines are, or how to formulate
actions based on complaints.
Quality complaint form, shows that the system does not investigate the
(root) cause of the complaint and/or formulate CAPAs to prevent the
complaint in the future.
The self-inspection Programme is planned out and recorded on an excel
spreadsheet. Review of the spreadsheet indicated that activities had fallen
a long way behind plan and this needs to be addressed quickly.
Example Findings

Site Master File has not been updated to include the Controlled Substance license.

Change Control - The change control system is not clearly defined:

(a) Control of documentation and CC proceduer does not describe the change control process. It merely
mentions the-to-be used form.
(b) The change control process, as described in the procedure Control of documentation and CC procedure ,
does not cover the requirements of a change control process, such as the pre-approval of a change before actions
are being executed and implemented. The approvals are limited to approval of the created documents.
(c) C2, due date 1 August 2020, is overdue. Control of documentation and CC procedur does not provide
guidance or requirements toward due dates of changes.
De procedure Deviaties wordt niet toegepast conform de doelstelling van de procedure: In production order ... is
een opmerking geplaatst door een QA medewerker zonder datum en paraaf en een doorhaling uitgevoerd door
een QA medewerker zonder datum en paraaf. Er is geen deviatie geopend. Het batch document en product zijn
vrijgegeven.

Op 02JAN2019 is er een overschrijding (19,25°C) geweest van de boventemperatuur (+8°C) van de koelcel. Voor
deze melding is geen deviatie geopend. Daarnaast is er geconcludeerd (Logboek) zonder bewijsmateriaal en
zonder onderbouwing dat deze overschrijding geen impact heeft op de producten. Dit is niet in lijn met de SOP en
niet in lijn met GDP hoofdstuk

Er zijn geen tijdslijnen voorgeschreven in de SOP omtrent CAPA’s

SOP “Melden en afhandelen van deviaties” vermeldt geen tijdslijnen. Deviatieoverzichten van 2018 en 2019
tonen aan dat er veel afwijkingen open staan. Afwijkingen van 2018 worden niet besproken in het periodieke
overleg.
Er vindt nog geen trendanalyse plaats van deviaties, CAPA’s, Changes en klachten volgens een beschreven proces.

In het verslag van de managementreview over 2019 ontbreekt een beschrijving waaruit blijkt of de afgesproken
kwaliteitsdoelstellingen in 2019 zijn gehaald (terugblik) en ontbreekt een beschrijving van de te behalen
kwaliteitsdoelstellingen voor het komende jaar (vooruitblik)

De Procedure risicomanagement is nog niet geüpdatet met betrekking tot de tekortkomingen vastgesteld tijdens
de inspectie
Controle op de afnemers van de opdrachtgevers is onvoldoende geborgd, dit blijkt uit:
Controle van opdrachtgevers wordt niet jaarlijks volgens procedure aantoonbaar uitgevoerd:
Er waren drie verschillende lijsten met goedgekeurde opdrachtgevers, niet aangeven kon worden welke lijst
actueel is.
Oude afnemers die in het systeem blijven staan worden niet periodiek gecontroleerd of het afleveradres nog juist
is en of ze nog bevoegd zijn geneesmiddelen te ontvangen.
Example Findings

SMF still refers to QP’s/RP’s no longer working for the Company and not the QP/RP’s named on the
current licences and who take legal responsibility for their actions and those of the Business.
Deviation handling procedure A81, version 2, dated 20 May 2019, is incorrect as it provides an illogical
and incorrect flow. It also indicates that when a CAPA is identified, form A21A Change Control should
be filled out. This should be form A83A CAPA.

In de product quality review en de management review is onvoldoende uitwerking gegeven aan aard,
onderliggende oorzaak en herhaald optreden van deviaties en klachten. Te vaak wordt een menselijke
fout als onderliggende oorzaak van de deviatie aangewezen.

De CAPA-effectiviteitscheck heeft nog geen invulling gekregen

Corrigerende en preventieve maatregelen onvoldoende vastgelegd en geëvalueerd

Er staan veel CAPA’s open welke in 2018 zijn geopend waardoor de voortgang twijfelachtig is
In de product quality review en de management review is onvoldoende uitwerking gegeven aan aard,
onderliggende oorzaak en herhaald optreden van deviaties en klachten. Te vaak wordt een menselijke
fout als onderliggende oorzaak van de deviatie aangewezen.

Tijdens de inspectie zijn meerdere lijsten, documenten (management review) gezien die niet als
beheerd document in het documentatie beheer systeem staan opgenomen. Het staat niet
beschreven in een R34 procedure wat wel en geen beheerde documenten zijn.

Kwaliteitsrisicobeheer is niet beschreven in een specifieke procedure. In bestaande SOP’s (o.a.

Change Control) wordt verwezen naar een SOP Risicoanalyse. Een beheerde en geldige versie van
deze SOP bestaat niet.
SOP verwijst naar een SOP risicoanalyse. De SOP risicoanalyse blijkt niet als beheerd en geldig
document te bestaan.
Geen risico-inventarisatie opgesteld voor de GDP-activiteiten, zoals controle op vervalsingen,
transport en opslag van de groothandelsproducten.
Example Findings

The SMF fails to describe Falsified Medicines

activities or system.
During the audit, it was noted that the actions
for deviations, CAPAs and change controls are
determined by the management of the
company, and not by the Quality function,
impairing the independent assessment and
determination of these actions.

The RP closes the CAPA when the determined

actions have been completed
Het Management Review vermeld niet duidelijk
of en welke doelstellingen zijn beoordeeld en
behaald.

In de Management Review wordt niet

voldoende aandacht gegeven aan de follow up
van correctieve acties.

Risk Management - Quality Risk Management is

part of the Quality Management System as
indicated in the Site Master File . The SMF
indicates that the company uses the FMEA
approach for risk assessment. There is no
specific risk assessment procedure or form
available, nor has a risk assessment been
performed for any of the activities.
Topic/Issue Priority

Premises / Equipment - Chapter 3

Where premises are not directly operated by the wholesale distributor, a contract
should be in place. The contracted premises should be covered by a separate
wholesale distribution authorisation.
(EU GDP 3.2.2)

Products pending a decision as to their disposition or products that have been

removed from saleable stock, any product suspected of falsification and returned
products, received from a third country but not intended for the Union market, any
falsified medicinal products, expired products, recalled products and rejected
products.
(EU GDP 3.2.4)

Transportation - Chapter 9

A risk-based approach should be utilised when planning transportation.

(EU GDP 9.1)

Risk assessment of delivery routes should be used to determine where

temperature controls are required
(EU GDP 9.2)

Where transportation is performed by a third party, the contract in place should

encompass the requirements of Chapter 7
(EU GDP 9.2)

GMP - Manufacturing
Refer to Eudralex Volume 4 EU GMP Guidelines
Action

Audit every 1 or 2 years - more frequently based on an outsourced activity risk

assessment

Plan next routine audit in schedule – a month in 2021/2

Conduct a follow up audit to check CAPA effectiveness

Focus on Areas described in Dutch inspection reports

Focus on areas interfacing with company (e.g. release)

Qualification of Transport Providers

Qualified GDP Transport Auditors to conduct audits

QA Agreement Contract with Transportation Providers

Risk Assessment of Transportation

Warehouse Procedures for cold pack management

Based on the GMP Process GAP assessment

Conduct an objective FMEA risk assessment

Define Acceptable Risk

Quantify Risk before mitigation factors

Implement effectively Risk Reduction Actions

Re-Measure The Residual Risk

Determine the need for further actions

Based on Objective Acceptability of Risk

Example Findings

Geen risico-inventarisatie opgesteld voor de GDP-activiteiten,

zoals controle op vervalsingen, transport en opslag van de
groothandelsproducten

Niet alle transporteurs zijn voldoende gekwalificeerd

In het rapport zijn veel Major bevindingen gedaan, maar een CAPA
rapport (pva) is niet aanwezig
De batch documentatie bevat doorhalingen zonder datum en
paraaf of alleen en datum. De batch documentatie is goedgekeurd
door de QP zonder aantoonbare vervolgacties of vastlegging van
de afwijking.

De cumulatieve buiten-de-koelkast-termijn van geneesmiddelen

wordt niet beoordeeld voor vrijgifte van de geneesmiddelen door
de QP.
Example Findings

De schriftelijke procedure temperatuurbeheersing schrijft voor dat bij ernstige en

langdurige temperatuursafwijkingen de RP dient te worden geïnformeerd. Definities
van ernstige en langdurige temperatuursafwijkingen staan niet gedefinieerd.

Specificaties en controle van temperaturen tijdens transport komen niet in alle

gevallen overeen met de productspecificaties.

Tussen dec 2018 en jan 2020 zijn diverse temperatuuroverschrijdingen in het

magazijn niet opgemerkt

De CAPA die is opgesteld als opvolging van de temperatuurexcursies in 2019 is

onvoldoende gedocumenteerd

De rapportage van de zomermapping 2018 was nog niet beschikbaar

IGJ FINDINGS:

Bij de audit van een vervoerder is de kwalificatie van het twee compartimenten
model niet aan de orde geweest
In geval van afwijkingen is er geen verplichting opgenomen de afwijking vast te
leggen of de QA afdeling te informeren.

Het sluitzegel is nog niet gevalideerd. Het validatierapport van de sluitzegels van de
toeleverancier is nog niet beschikbaar.

De termijnen waarop goederen met speciale bewaarcondities ... buiten de

koelruimte zijn worden niet vastgelegd in de production order, of op enig andere
wijze.
Example Findings

Er is nog geen validatieprotocol voor de ambient situatie, Bij de distributie

van ambient geneesmiddelen zijn er nog geen maatregelen genomen om
de temperatuur te beheersen. Het controleformulier is nog niet geënt op
de ambient specificities

In de overeenkomst is niet opgenomen dat er een

temperatuurbeheersysteem op de locatie moet zijn, dat deze moet worden
onderhouden, een mapping moet worden uitgevoerd en excursies moeten
worden doorgeven
De line clearance van de etikettenprint ruimte en bijsluiterprint ruimte is
niet opgenomen in de werkinstructie

De uitvoering van het printen en de opslag van geprinte etiketten en

geprinte bijsluiters sluit het risico op mix-up van geprinte etiketten en
geprinte bijsluiters niet uit
Example Findings

Contract met vervoerder … dateert van voor de huidige GDP-richtsnoer. Het is niet aantoonbaar dat het contract
en de verantwoordelijkheden voldoen aan de huidige GDP-richtsnoer. Het is niet toonbaar dat de chauffeurs op
GDP zijn getraind
GMP - IGJ FINDINGS

Op omgepakte geneesmiddelen wordt door een medewerker een vrijgiftesticker aangebracht voordat de QP
heeft vrijgegeven.

De documentatie van goedkeuring van binnenkomende zending, waaronder controle temperatuurgegevens

transport, is niet standaard beschikbaar voor de QP tijdens batch release en wordt hierbij niet betrokken.

Vergelijken van kleine details van binnenkomende verpakkingen is niet goed mogelijk doordat referentie met
voldoende detail niet beschikbaar is.

Versie van de bijsluiter gedefinieerd in de CVP komt niet overeen met de versie die daadwerkelijk is gebruikt.
Example Findings

Company Audit

Transportation is outsourced to five (5) key suppliers; ARRA, Frigotrans, VTS, Fiege BV and QuickSTAT.
The 3rd party supplier questionnaire for each was reviewed with the following findings:
Arra indicate they have mapped their vehicles with two (2) data loggers. This is not possible.
Frigo indicate they have mapped their vehicles with three (3) data loggers
VTS did not even bother to complete this section, yet it has been signed off as approved
There is no RP approval on the QTA’s
The QTA with QuickSTAT indicates that they cannot store product longer than 72 hours. UK law does
not allow storage without a WDA for more than 36 hours and not for anytime with cold products. The
QTA should also reflect national law.
Example Findings

Company Audit

Route risk assessment should be performed on delivery routes

to determine where temperature controls are required. Even
when controlled transport conditions are in place, risk
assessments should include for example, driver training, theft,
potential falsification, equipment breakdown etc that may be
possible on any route. No route risk assessment have been
performed.