EMA last call for public consultation: The Physical Attendance and the Location of Personal Residency of the Qualified Person
On May 11th 2022, EMA released new document for remote batch certification taking into account physical QP location during such certification, for public consultations. These Q&A apply to EU/EEA QP certification/confirmation, as described in Annex 16 of EU GMP. Guideline has been developed in cooperation with European Comission, the Coordination group for Mutual recognition and Decentralised procedures – human (“CMDh”), the Inspectors Working Group, the Coordination group for Mutual recognition and Decentralised procedures – veterinary (“CMDv”) and EMA and is applicable to the manufacture and importation of human and veterinary medicinal products as well as investigational medicinal products.
Here is some short summary of issues raised in the document:
Remote batch certification can be allowed if national competent authority, where authorised site is located, accepts such approach.
Key aspects should be considered:
- Full compliance of the remote certification with EU legislation and EU GMP guidelines
- Batch certification always should take place within EU/EEA
- QPs must be familiar with the products, their manufacturing process as well as pharmaceutical quality system. Time spent by QPs at authorized site should be commensurated with the risks related to the processes at the authorised site
- Electronic access to all information as required by Annex 16 EU GMP
- IT systems must comply with Annex 11 of EU GMP
- All performed actions must be available for competent authorities inspection
- All above should be included and checked during self inspection process.
It should be verified because some member states may have their own requirements.
The risk of remote access and data integrity from the IT point of view is much higher than controlled access on site. Requirements should be assessed based on state of technology employed and full compliant with Annex 11 rules. Following points, among others, should be taken into consideration:
- Any hardware transferred off-side should be identified, inventoried, updated and encrypted
- Security parameters on the network operating system, applications and databases should be established to avoid unauthorized access
- Establish recognized industry standards for authentication and authorization (e.g. two-factor or multifactor authentication)
- Transferred data should be secured by strong encryption
- The MIA holder is responsible for ensuring that only the QP is able to perform remote batch certification / confirmation.
This short (only 4 pages) Q&A document is possible to comment up to 13th of June 2022.
What's your opinion on the released Q&A, does it bring any news for QPs or not?
We encourage you to share your experiences.
Interested in QP Service or GMP audits?
Please, contact us for detailed information.