Using a Third Party to Perform Audits

Q: According to our standard operating procedure (SOP), we perform supplier audits during the selection process and as part of ongoing oversight. Although we try to perform as many of these audits ourselves, we do need to rely on third parties to manage the volume of good manufacturing practice (GMP) audits. Is there an international standard for third-party GMP audits?

A: Interestingly, there isn’t such a standard. There are a large number of articles and presentations freely available on the subject, but these may give you conflicting advice, leaving you perhaps confused. This lack of standardized approach has been realized, and a working group (VDI EE 6306, 3rd Party GMP-Audits) under the auspices of The Association of German Engineers (VDI) was formally established in 2023, with the aim of establishing precisely such a standard. That work has already progressed well, and the document is currently under review by regulators and other interested parties. Its publication in German and English is just a matter of time.

Meanwhile, you could verify that your SOP covers all the key elements relating to audits performed by your third parties, namely:

• Contractual agreement: each audit should be covered by a legal contract and a quality agreement (these can be combined in one document). The scope of the audit and the deliverables should be unambiguously described. Very likely, confidential disclosure agreements between all parties will be required.

• Auditor qualifications: the competency of the auditor or auditors are decisive for reaching the goals of the audit. The competency assessment should address the technical/scientific knowledge and the social competence (e.g., cultural awareness) of the auditors. Additional requirements apply to audit team leaders. Anyone involved in the audit should certify that they have no conflict of interest.
• Types of audits: third parties could be used for on-site, remote, or hybrid audits. Each type should be addressed in the SOP.
• Audit preparation: as audits are typically of a very short duration, planning them is of utmost importance. The aims and the scopes of the audits should be fully aligned with the audit approach, the available resources, and the time available for the audit. The agenda should be agreed between all involved parties.
• Conducting the audit: most audits follow a standard sequence of opening meeting, site tour, and documentation review, followed by a close-out meeting. Provisions should be made if it becomes necessary to deviate from the agenda for whatever reason.
• Audit follow-up: as soon as possible, the third party should provide an update on the audit outcome, whether certain information is still outstanding or if anything else is pending.
• Preparing audit reports: Invariably, an audit report is required, and it should follow the style of the contract giver’s documents to achieve consistency.
• Audit close-out: in all cases (i.e., whether there were observations during the audit that require follow-up or not), there should be formal close-out of the audit. It has to be clear up to what point in this process the third party has to be involved.

The actual standard will of course provide much more detail on each of these aspects, and it will hopefully provide you with exactly what you need.

About the author

Siegfried Schmitt is vice president, Technical, at Parexel.

Article details

Pharmaceutical Technology®
Vol. 47, Number 11
November 2023
Pages: 42

Citation

When referring Schmitt, S. Using a Third Party to Perform Audits. Pharmaceutical Technology 2023 47 (11).