Verification of an excipient's pedigree and comprehensive incoming inspection data are important elements of supply-chain
security. Without adequate implementation of both components, a pharmaceutical company can be exposed to nefarious activities
comparable to a computer user whose Internet activities are unprotected by a firewall and antivirus software. As demonstrated
by recent global supply-chain breaches, excipients are vulnerable to contamination, counterfeiting, and adulteration.
In May 2010, the International Pharmaceutical Excipient Council (IPEC) published criteria for excipient pedigrees (1). Pedigree
criteria is based on good distribution practice (GDP) guides from the World Health Organization, IPEC, and the Product Quality
Group (PQG), and cover auditing, Certificate of Analysis (CoA) data, distribution and holding, and more. The specific criteria
can be implemented using the checklist for supply-chain security (see sidebar, "Checklist for supply-chain security"), and
can be supported by the supply-chain security flow diagram shown in Figure 1. Use of these materials can help industry confirm
that a purchased excipient arriving at the receiving dock has been produced in substantial conformance to excipient good manufacturing
practice (GMP) and minimizes risk that the material has been tampered with or otherwise adulterated en-route.
Checklist for supply-chain security
Authenticity and quality
The first task in establishing excipient-pedigree authenticity is to identify the path from receipt of material back to the
original excipient manufacturer. Unless the excipient is shipped directly from the manufacturer, the excipient user must trace
the material's path from the final shipping point upstream to the manufacturer. This process can involve several stops along
the distribution supply chain. At each stop, the pharmaceutical user should confirm through review of the shipping papers
(i.e., papers included in the US Bill of Lading or Airway Bill) that the excipient lot in question was handled by the distributor
and is traceable upstream to the previous stop. The path ends when the excipient manufacturer's shipping papers are identified,
thus confirming the identity of the manufacturer and the full supply chain.
Figure 1: Supply-chain security flow diagram. GMP is good manufacturing practice; GDP is good distribution practice; CoA is
Certificate of Analysis. (FIGURE IS COURTESY OF THE AUTHOR)
The second step in implementing the checklist involves performing an assessment of the manufacturer to confirm that the
excipient was produced using an excipient GMP compliant quality system (2). In addition, each stop in the distribution supply
chain must be assessed to confirm that the excipient was handled in compliance with applicable GMP and GDP requirements (3).
Industry best practice is to visit and audit the original excipient manufacturing site. Relying solely on responses from questionnaires
no longer meets regulatory expectations under current GMP for supplier qualification. In a recent conference presentation,
FDA announced that pharmaceutical users may soon be expected to audit their excipient suppliers themselves or to use a qualified
third-party auditor (4). The pharmaceutical user should assess the third-party provider and confirm that it is qualified.
At the conference, FDA said pharmaceutical manufacturers would be expected to audit their suppliers or use an accredited third
party or qualified third party to do so. The American National Standards Institute (ANSI) has accredited an organization to
provide certification to excipient GMPs that is accepted by FDA.
Before any on-site audit, it is advisable to send the supplier a pre-audit questionnaire that includes a request for the manufacturer
to list the applicable quality system under which the excipient was manufactured. The pre-audit questionnaire can also facilitate
the site audit by providing applicable background information. The questionnaire should identify the scope of operations conducted
at the site. For the manufacturer, the response should identify contract operations, which also require auditing.
For the distributor, the response to the pre-audit questionnaire must identify the scope of its operation and whether other
on-site operations might affect excipient quality. For example, the distributor may package bulk excipient or repackage excipient
into smaller packages. The pharmaceutical manufacturer also must confirm that the distributor samples and tests the excipient
to confirm there has been no contamination or degradation of the material. Once the pre-audit questionnaire is completed,
the pharmaceutical user can finalize an audit plan and schedule the on-site audit.