Managing Post-Approval CMC Changes with RIM & QMS

Picture of Sean Carpenter
Sean Carpenter
November 2, 2022

Perhaps no aspect of Regulatory Information Management (RIM) is more complicated than CMC changes. 

  • A wide variety of stakeholders are involved, from manufacturing/supply change to corporate quality to regulatory affairs and regulatory operations.
  • A diverse set of independent or loosely integrated systems are involved: Enterprise Resource Planning (ERP) or Manufacturing Execution Systems (MES), Quality Management Systems (QMS) or other Change Control systems, Document Management Systems (EDMS), labeling systems, RIM, and dossier publishing.
  • A collection of use cases exist, ranging from emergency, reactive changes (my supplier has been shut down!) to carefully planned strategic changes.
  • A complicated impact analysis is needed to identify where changes must be submitted, approved or implemented.
  • Different requirements apply in each market.

The published RIM Framework Interim Consensus Paper identifies CMC as a key element of RIM. It raises a number of interesting points related to CMC changes and submissions. Among other points, they ask: Who owns what data? If there are a CMC system and a Regulatory system both creating and consuming the same data for different purposes, who owns it?

What is Regulatory Chemistry, Manufacturing and Controls (CMC)?

Chemistry, Manufacturing and Controls (CMC) of a medicinal product is a collection of information that defines the manufacturing process, quality control release testing, specifications and stability of the product. It also outlines the manufacturing facility along with its support utilities, including design, qualification, operation, and maintenance. To achieve compliance, CMC practices are executed in accord with regulatory agencies requirements and expectations. Since these guidelines and requirements can change over time, CMC practices must be updated accordingly to remain compliant.

How Can Technology Help?

For the most part, this is a business process question, and we all know that attempting to solve such problems with technology is ill-advised. So, what role should technology play in this particular area?

  • Removing barriers: A technology infrastructure should be designed to ensure that all users have the information they need to work effectively and efficiently. 
  • Eliminating time lags: When an action is initiated or completed, impacted users should receive immediate notifications. For example, when an unexpected change concerning a manufacturer occurs, regulatory affairs should be automatically notified as soon as it is initiated. They should also be advised when it is completed. Otherwise, they might not find out for weeks or months.
  • Removing manual steps: When a Health Authority approves a CMC change (if this is needed), no one should have to send an email to close the loop so that the change can be implemented. End-to-end workflows can include all sets in the process. For example, the addition of a new clinical investigator in an eTMF can trigger an alert and workflow task for submission in RIM. After the investigator’s documents have been submitted, notifications back to a study manager can confirm that the investigator can now administer a study drug to subjects.
  • Increasing insight: Being able to monitor all relevant processes improves planning. Identifying potential failures to comply with required timelines and other risk areas increases both compliance and quality. Notifications and task dashboards can help users to understand upcoming and overdue tasks. They can also highlight areas that need investigation or decisions.
  • Eliminating data silos: When there is a single set of data (a single source of truth), the question of who owns the data decreases in significance. Primary responsibility must still be defined, but each group will have access to the same information.

A truly unified technology platform goes beyond the sharing of documents and data to achieve these goals. Integrated workflows, notifications, dashboards and reports are needed to support end-to-end processes.

What does CMC mean for Biotech, Pharmaceutical, and Regulatory Affairs?

CMC regulatory compliance means that, if a biotech, pharmaceutical, or regulatory organization has made CMC-specific commitments to regulatory agencies, CMC practices are carried out accordingly.

An Example CMC Change Process

Let’s consider an example of adding a drug substance manufacturer in the US. CDER must be notified when a manufacturer changes to a manufacturing site that is different from those specified in the approved application.

The FDA has defined specific reporting categories for changes based on their potential to have an adverse effect on the identity, strength, quality, purity, or potency of the drug product. These categories impact how changes are reported to the FDA (supplement, annual report) and whether prior approval is required.

The MA holder must assess the effects of the change before distributing a drug product made with a manufacturing change (§ 314.70(a)(2)). For each change, the supplement or annual report must contain information determined by FDA to be appropriate. It must include the information developed by the applicant in assessing the effects of the change.

In this case, FDA recommends that a move to a different manufacturing site, when it is a type of site routinely subject to FDA inspection, be submitted as a prior approval supplement if the site does not have a satisfactory CGMP inspection for the type of operation being moved.

The steps in this process would include:

  • An impact assessment to understand which products and applications are impacted, in the US and potentially in other markets as well. RIM would have information on all planned pending and approved applications that pertain to the drug substance or substances that would be added at the new facility. This assessment would also determine if the change needs to be submitted in a CMC supplement, annual report, or another submission. It would also determine if the new substance manufacturer has a Drug Master File (DMS) for the substance that can be referenced.
  • Preparation and approval of change control in a QMS.
  • Update and approval of documents in a Regulatory DMS.
  • Preparation of one or more submissions to the FDA other Health Authorities using dossier preparation (electronic publishing) software.
  • If needed, approval of the change (tracked in RIM, communicated to QMS).
  • Implementation of the change in QMS (also tracked in RIM to close the activity).

RIM clearly sits in the middle of all of these activities. Without a unified data model, end-to-end workflows, and a framework of notifications, alerts, and automated trackers, there are many manual steps and opportunities for mistakes.

Conclusion

For some organizations, this vision may be out of reach. Many companies work with a collection of disparate tools supporting regulatory, quality, pharmacovigilance safety, and clinical processes. 

For those companies, they may want to consider if some of their technology is nearing end of life, based on cost to operate, efficiency and risk. When considering a replacement, business processes need to be examined before, or in conjunction with technology. Asking the right questions when choosing new technology will help to move closer to a better Regulatory Information Management solution.

Share :

Facebook
Twitter
LinkedIn
Picture of Sean Carpenter

Sean Carpenter

Sean has over 20 years of experience in delivering Regulatory and Pharmaceutical Record Management solutions for a wide array of large and small Life Science companies. He has experience as a consultant, product owner, business analyst and director of IT for software and services companies, from small start-ups to global multi-national organisations.

Read more posts