1) Dossier–GMP scope misalignment across the manufacturing network
Pattern: The Module 3 description of sites/activities, import/testing, and batch release responsibilities does not exactly match (a) each site’s manufacturing/import authorisation and GMP certificate in EudraGMDP, (b) the legal responsibilities under EU law, or (c) IRIS-declared inspection scope. This yields preventable questions and clock-stops.
Why it breaks: EU law requires manufacturers/importers in the EEA to hold the proper authorisation and comply with EU GMP; MA applicants are themselves responsible for ensuring that all proposed sites comply with GMP, while NCAs issue authorisations/certificates and record them in EudraGMDP. Any mismatch is a red flag.
Fix: Build a single source of truth that cross-checks: MAA Module 3 site tables ⇄ site authorisations ⇄ valid GMP certificates/non-compliance status in EudraGMDP ⇄ QP certification pathway. Include explicit justifications for importation/testing routes and, where applicable, Mutual Recognition Agreements (MRAs).
2) Inadequate contractual control over outsourced activities (GMP Chapter 7)
Pattern: Submissions assume that a “chain of contracts” is good enough without demonstrating direct, fit-for-purpose agreements among the MAH, the MIA holder responsible for QP certification, and each contract manufacturer, tester, or warehouser.
Why it breaks: The inspectors’ agreed Q&A clarifies that direct written contracts are normally required between MAH ↔ MIA(QP) and MIA(QP) ↔ each contract manufacturer; “chain of contracts” is exceptional and must satisfy stringent communication, access, and PQS governance criteria. Weaknesses here translate into RFI/LoQ on supply chain control and QP oversight.
Fix: Attach a contractual control matrix: for each GMP/GDP actor, show the direct agreement(s), role demarcation, technical terms (e.g., deviation/escalation, data access, audit/audit-trail rights), and how documents are brought under the PQS (Chapter 4). If using a chain, justify it against the Q&A’s three principles and Chapter 7:7.14–7.17.
3) Data integrity and computerized systems gaps (Annex 11, Chapter 4)—now under active revision
Pattern: Submissions rely on vendor claims or high-level SOPs without demonstrating lifecycle validation, risk-based controls, audit-trail review, security/segregation, and e-records governance across hybrid systems (paper/digital), particularly for QC and MES/LIMS.
Why it breaks: Annex 11 already requires lifecycle control and robust data-integrity measures; the 2025 open consultation elevates this further—strengthening requirements on supplier oversight, requirements management, audit trails, e-signatures/security, and embedding QRM into all computerized-system lifecycle steps. Chapter 4’s revision emphasizes complete/legible documentation across all formats and integrated data governance. Submissions that don’t reflect this evolving bar draw scrutiny.
Fix: Provide a System Validation Dossier synopsis per system: intended use; URS traceability; risk-based test coverage; data-integrity model (including ALCOA+ controls, audit-trail review procedures, backup/restore testing); supplier qualification; periodic review; and change-control triggers. Explicitly map these to Annex 11/Chapter 4 language and note awareness of the ongoing revision.
4) Sterile manufacturing CCS that is descriptive rather than demonstrably effective (Annex 1)
Pattern: The Contamination Control Strategy (CCS) reads as a narrative of procedures (EM programs, cleaning, gowning) but fails to integrate risk signals from EM trending, media fills, equipment design, and intervention studies into a closed loop with CAPA effectiveness checks.
Why it breaks: Annex 1 (fully applicable since 25 Aug 2024) expects a living, risk-based CCS that synthesizes controls across facility, process, and people, with evidence of feedback loops and design-level controls (e.g., barrier technology, disinfection rotation, sterile hold times). A non-integrated CCS is one of the most common inspection triggers translated into RFI/LoQ during assessment.
Fix: Include a CCS summary pack: hazard analysis by route (airflow, surfaces, operator, materials); EM design and statistical trending outputs; media-fill design/rationale; rapid micro/qPCR justification if used; glove/sleeve integrity trending; intervention classification & risk reduction; and CAPA effectiveness metrics. Cross-reference Annex 1 clauses in a requirements-trace matrix.
5) API supply-chain and active-substance registration blind spots (Part II, Reg. 1252/2014; Q&A)
Pattern: Files omit a fully verified API supply chain back to starting-material manufacturers, lack up-to-date third-country “written confirmations,” or provide insufficient risk assessments for excipients and transport/receipt checks—especially where multiple brokers are involved.
Why it breaks: Active substance manufacturers must be registered and comply with GMP; import consignments typically need written confirmations from the producing authority (unless a waiver applies). EMA’s Q&A underscores end-to-end supply-chain verification, including periodic deep-trace checks and documentation that each consignment comes from the approved manufacturer via the approved route.
Fix: Submit an API Chain of Custody dossier: OMS-aligned actors; lane-by-lane maps; registration status; written confirmations/waiver basis; excipient GDP/GMP risk assessments (health-based exposure limits as applicable); and a schedule for periodic batch-back verification. Link each control to EU GMP Part II and the Q&A expectations.
Submission hygiene that prevents avoidable LoQs (quick hits)
- Certificate validity & inspection posture: Since the pandemic flexibilities ended 31 Dec 2024, don’t rely on “extended” GMP certificates; show status or NCA-agreed case-by-case arrangements, and reference any IRIS-coordinated inspection scheduling.
- IRIS proficiency evidence: For EMA-coordinated inspections, confirm you’re using IRIS correctly (submission roles, document exchange, status tracking) per the July 2025 IRIS guide; misrouted contacts and missing entitlements generate administrative delays.
- EudraGMDP snapshots: Include timestamped EudraGMDP extracts for each site (auth/cert/non-compliance), with reconciliation to Module 3 and the QP release chain.
What counts as “latest” for GMP right now (anchor points to cite in your cover letter)
- Annex 1 (Sterile): fully in force since 25 Aug 2024.
- Chapter 4 / Annex 11 updates + new AI Annex 22: public consultation open 7 Jul–7 Oct 2025; submissions should at least acknowledge and, where relevant, anticipate the strengthened expectations, especially for computerized systems, documentation governance, and AI-enabled controls.
- GMP certificate extensions ended: general pandemic-era extensions ceased at end-2024; NCAs resumed routine on-site inspections, using risk-based planning.
- IRIS guide refreshed: July 2025 update covering document exchange and status handling—cite compliance with current IRIS procedures in your administrative section.
Template paragraph you can reuse in your MAA cover letter (Regulatory Affairs tone) The applicant confirms that all manufacturing, testing, importation, and certification sites identified in Module 3 are authorised and compliant with EU GMP as evidenced by current entries in EudraGMDP. The Qualified Person certification route and associated contractual arrangements align with EU GMP Chapter 7 and EMA GMDP Inspectors Working Group Q&A. Computerised systems supporting GxP decisions are validated per Annex 11 with risk-based controls for data integrity and electronic records, and the documentation governance model reflects Chapter 4, with awareness of the ongoing Commission consultation (Chapter 4, Annex 11, new Annex 22 on AI, opened 7 July 2025). For sterile operations, the CCS demonstrates integrated risk control consistent with Annex 1 (fully applicable since 25 August 2024). Active-substance supply chains are verified end-to-end, including registration status and written confirmations for third-country consignments as applicable.
No comments:
Post a Comment