Guide

How to Navigate GxP Compliance in the Pharmaceutical Industry

Keeping up with regulatory standards while ensuring quality, traceability, and documentation is no small task. Without it, you risk delays, recalls, and legal issues. For a smoother FDA or EMA submission process, read on!

Read More
astellas
Genmab
merck
johnson and johnson
World Health Organisation
Kenvue
Phuse
Phuse
astellas
Genmab
merck
johnson and johnson
World Health Organisation
Kenvue
Phuse

Table of contents

Heading 2
Heading 3

Is your company a part of a highly regulated industry?

Keeping track of regulatory standards while maintaining high levels of quality control, traceability, and documentation is no small task. It often requires a team of seasoned professionals working full-time. But without it, you risk costly delays, product recalls, and even legal liabilities. If you want your FDA or EMA submission process to go as smoothly as possible, read on!

GxP (Good Practices) is a set of guidelines your company can follow to ensure the product meets the enforced guidelines. If we’re talking about clinical software development, GxPs ensure your software used for clinical tests, patient records, or drug manufacturing is reliable, secure, and compliant. In other words, GxP guidelines GxP’s are here to help, but you first need to understand them.

That’s where this page comes in.

After reading, you’ll have a complete understanding of how GxPs tie to FDA and EMA submissions through 6 distinct categories. You’ll also learn 7 software engineering good practices that will ensure your FDA and EMA submissions go smoothly over a minimum number of iterations.

Let’s dig in!

Why is GxP Validation and Compliance Important?

Before even discussing FDA/EMA submissions and good practices tied to software engineering, let’s first discuss the general importance of GxP validation and compliance. 

In a line of work as regulated as the pharmaceutical industry, we found GxP guidelines to be of vital importance in many areas. These five we’ll share with you carry the most weight, but keep in mind it’s not an exhaustive list:

  • Promotes Product Quality and Consistency: If you’re developing a pharmaceutical product, quality is a non-negotiable requirement. Adhering to GxP guidelines ensures that every production aspect, from initial research to final distribution, is consistent and repeatable. Different software systems are used in different stages of production, but all of these must adhere to rigorous standards to prevent variability and error. In other words, you don’t want inconsistent manufacturing processes or software errors to introduce varied effectiveness of your product.
  • Enhances Operational Efficiency: Getting started with GxP takes time and can have a steep learning curve, but it provides you with tangible long-term benefits. By implementing validated software systems, pharmaceutical companies can streamline processes, automate repetitive tasks, and reduce the likelihood of errors. Just think of document management software that meets GxP standards - it ensures seamless version control and traceability which saves you time during audits. It’s just one example, but you get the point.
  • Improves Trust with Stakeholders: This one is not tangible, sure, but it’s an invaluable asset in the pharmaceutical world for a simple reason - when companies comply with GxP guidelines, they foster trust among patients, regulators, and business partners. If you’re known as a company that prioritizes safety and data integrity, you’ll likely find it easier to attract investors, form partnerships, and reassure healthcare providers about the quality of your products and services. It doesn’t guarantee it, though, just makes it more likely.
  • Facilitates Regulatory Compliance: One of the main benefits of GxP validation is the simplification of regulatory submissions. Think of it this way - software systems that are pre-validated reduce the workload during audits and inspections. For this reason, when a regulatory body like the FDA or EMA comes knocking on your doors, you can quickly present evidence of compliance and avoid lengthy investigations or disruptions altogether. On the other side, this compliance-first approach also shortens your time to market for new drugs. Even more, if you expand into international markets, adhering to widely recognized GxP practices makes it easier to satisfy multiple regulatory authorities at the same time.
  • Improves Risk Management: A major aspect of GxP compliance is risk mitigation. The process of validating software systems helps you identify and address potential risks before they become significant problems. You should aim to be proactive in areas that reduce the risks for your organization and compliance, such as data handling and equipment monitoring for example. The prior ensures the stability and security of the systems and prevents breaches or data loss, while the latter enables automated alerts and diagnostics to reduce the chance of failures.

You now know the obvious benefits of GxP validation and compliance, so next, you’ll learn what goes into an FDA or EMA submission and how it ties to GxP.

What is an FDA/EMA Submission and How it Ties to GxP (Good Practices)

An FDA Submission refers to the process in which companies submit data and documents to the U.S. Food and Drug Administration (FDA) to gain approval for a product, such as a new drug or medical device. An EMA submission is the same, but for the EU.

There are 6 distinct submission types your company can go with:

  • New Drug Application (NDA): Formal request for approving a new pharmaceutical. It’s submitted after clinical tests have proved the drug is safe to use and effective for its use case. Example: after completing Phase 3 clinical trials, a pharmaceutical company decides to submit an NDA for a new drug for lowering cholesterol levels. 
  • Abbreviated New Drug Application (ANDA): Request for approving a generic drug - a chemically equivalent version of a previously approved brand-name drug. It only requires proof that the generic drug is bioequivalent to the original. Example: A company submits ANDA for a generic version of a widely-used antidepressant and demonstrates that their product performs similarly to an already approved drug.
  • Investigational New Drug Application (IND): Request for approval for the start of human clinical trials of a new drug. It’s submitted after preclinical testing has been done in the lab and on animals. Example: A pharmaceutical company has proved their hair loss prevention drug works in animal models, and is now seeking approval to test the drug on humans for the first time.
  • Biologics License Application (BLA): This type of application is required to market biological products such as vaccines, blood products, and gene therapies. Example: A company submits BLA for a new antibody therapy to treat arthritis and includes all the data necessary to show the biologic’s safety and effectiveness in clinical trials.
  • Drug Master File (DMF) and Biologics Master File (BMF): A confidential submission type that provides detailed information about the manufacturing process, facilities, or ingredients used in making a drug. It’s not technically an approval application, but it supports BLAs and NDAs by providing data on the manufacturing aspects of the product. Example: A company submits a DMF to the FDA in which they detail the production process of an ingredient used by pharmaceutical companies in their final product.
  • Emergency Use Authorization (EUA): It allows the FDA to authorize the use of medical products that weren’t approved in public health emergency scenarios, typically when there are no adequate or approved alternatives, and the known benefits outweigh the risks. Example: A pharmaceutical company receives an EUA to distribute a vaccine that has shown promising results in early clinical trials but is not yet fully approved.

Whichever submission type your company opts for, there are certain good practice guidelines you need to follow.

R Shiny apps can be a powerful way to advance FDA/EMA clinical trial submissions - And this is exactly how our Rhino package can help.

We’ll explain 6 GxPs that concern FDA and EMA submissions next.

Technologies such as containers and WebAssembly can streamline the transfer and execution process of FDA/EMA submissions - Learn how Appsilon contributed to the R Consortium.

6 Key GxP Categories in FDA/EMA Submissions

GxP refers to “Good Practice” guidelines for regulations in various industries. These guidelines ensure that products are safe, effective, and of high quality. During the FDA or EMA submission process, compliance with GxP standards is critical.

This section will walk you through 6 distinct GxP guidelines for different product stages.

GLP (Good Laboratory Practice)

Governs the planning, performance, and reporting of non-clinical studies.

These studies are critical for determining the safety and effectiveness of a product before it reaches the stage of clinical trials in humans. The whole suite of good laboratory practices ensures the laboratories are organized, the staff is well-trained, and that documentation exists for all test results. Because of this, bodies like the FDA or EMA can easily reproduce the findings.

GLP is typically broken down into 4 key areas:

  • Facilities: They must be of a suitable design that allows the separation of different activities. Also, the facility in which testing is conducted should be separated from other facilities.
  • Personnel: An organization has to ensure a sufficient number of qualified and well-trained personnel for conducting and supervising laboratory studies. The responsibilities of each employee should be clearly defined.
  • Equipment: All equipment used for measurements and testing should be placed in a suitable location. A procedure should exist that describes how to operate, clean, inspect, and calibrate the equipment.
  • Documentation: A Standard Operating Procedures (SOP) should be established and approved by the management for the test facility and each separate unit. In addition, documents related to specific studies should be available at all times.

GCP (Good Clinical Practice)

Ensures the ethical and scientific integrity of clinical trials.

GCP covers the entire clinical trial process - from designing the study to obtaining informed consent from participants to monitoring and reporting the data. In other words, it’s here to protect the rights of participants while ensuring that the data collected in the clinical trial process is credible and reliable. It’s worth noting that any group or individual conducting clinical trials on humans and animals must comply with GCP.

It has 3 main goals:

  • Data Quality: All evidence and conclusions must be obtained scientifically. Otherwise, clinical trial data is considered unreliable.
  • Subject Safety: Both human and animal subjects in clinical trials must feel safe throughout the entire process. If that’s not the case, the investigators do not comply with GCP.
  • Subjects’s Rights Protection: Participants in clinical trials have at all times the right to confidentiality and privacy, the right to personal information, and the right to withdraw their participation.

GMP (Good Manufacturing Practice)

Ensures products are consistently produced and controlled according to quality standards.

This practice is essential during the manufacturing of pharmaceutical products and medical devices to ensure product safety. In a nutshell, GMP covers every production aspect, from the starting material to the equipment. It requires companies that follow it to document each step of the manufacturing process and provide good traceability.

GMP breaks down into 5 main components:

  • People: All employees must follow manufacturing processes and regulations. Every employee must undertake GMP training to fully understand their role and responsibility.
  • Products: All products have to undergo constant testing, comparison, and quality assurance before they are distributed to the customers.
  • Processes: All processes have to be clear, consistent, properly documented, and delivered to all employees.
  • Procedures: All procedures a company implements must be explained to all employees to ensure consistency in following them. Any deviation should be reported and investigated.
  • Premises: All premises should be organized in a way that avoids cross-contamination and accidents. All equipment should be placed and stored properly and calibrated regularly.

GAMP (Good Automated Manufacturing Practice)

Focuses on the validation of automated systems used in manufacturing and quality control.

In simple words, GAMP ensures that automated systems are reliable, produce consistent results, and meet quality standards. It consists of 7 key principles and components:

  • Risk-Based Approach: GAMP assumes a risk-based approach to validation, in which the level of validation effort is proportional to the risk posed by the system to product quality, patient safety, and data integrity.
  • Lifecycle Approach: It also assumes a computerized system validation that involves planning, specification, testing, operation, maintenance, and retirement phases that are conducted throughout the entire lifecycle of the system.
  • Validation Documentation: GAMP provides guidance on the documentation required, and this documentation should be comprehensive, well-organized, and maintained throughout the lifecycle of the system.
  • Vendor Assessment and Control: Vendors of computerized systems should be assessed and controlled to ensure the products and services meet regulatory requirements and industry standards.
  • Change Control and Configuration Management: Modifications to computerized systems need to be properly evaluated, documented, and validated. These modifications should be assessed for potential impact on product quality, safety, and compliance.
  • Training and Personnel Competence: All personnel involved in the development, operation, maintenance, and validation of a computerized system should be well-trained, and familiarized with relevant procedures, policies, and regulatory requirements.
  • Auditing and Compliance Monitoring: Auditing and compliance monitoring are encouraged to verify that computerized systems are operating in accordance with established procedures, regulatory requirements, and industry standards.

GDP (Good Distribution Practice)

Ensures proper storage, transportation, and distribution of products.

This set of guidelines requires drugs to be stored under correct conditions (think temperature and humidity), but also that distribution is managed in a way that prevents contamination and deterioration. Of course, it also entails proper documentation, as that’s the only way to maintain product integrity from the manufacturer to the consumer.

European Commission lists 9 guidelines on Good Distribution Practices of medical products for human use:

  • Quality System and Quality Management: The system should have the organizational structure, procedures, processes, resources, and actions needed to demonstrate the distributor meets the quality requirements. It should be regularly reviewed and revised according to the risk assessment recommendations.
  • Personnel: A responsible person must be appointed to carry out the duties of activities needed to ensure GDP compliance, such as implementing and maintaining the quality system. The person is tasked with overseeing the organization’s GDP training program which is required for all personnel involved in distribution.
  • Supplier and Customer Qualification: Before selecting a supplier, you must check if they have a wholesale distribution authorization or a wholesale dealer license.
  • Storage: Warehouses should be clean and try. The temperature and humidity levels must be within acceptable ranges. The products should be kept off the floor and away from direct sunlight, if possible.
  • Transportation: Measures and protocols must be established that ensure the medicines are not damaged or contaminated in transit, that the required storage conditions are maintained in transit, and that vehicles and medicines within them are protected against theft.
  • Documentation: All documentation should enable complete traceability of medicinal products across distribution channels. All parties involved in the distribution process should be readily identifiable.
  • Complaints, Returns, Recalls: In case of a quality complaint, the wholesaler must immediately inform the manufacturer or the authorized holder. For distribution complaints, they have to conduct a detailed investigation to identify what caused the mentioned issue. In case of a refund, the wholesaler must perform an adequate assessment before and if they return the product back into saleable stock. For recalls, the wholesaler has to inform the manufacturer (or authorized holder), regulatory authorities, and customers.
  • Falsified Medicines/Counterfeit Pharmaceutical Products: If the wholesaler suspects a medical product to be falsified, they must immediately notify the competent authority and the authorized holder. The suspected products then have to be stored separately from others and labeled as falsified and not for sale.
  • Self-Inspections: It’s a good practice to perform a less frequent comprehensive self-inspection or a more frequent specific inspection. The results must be recorded in a report that notes the observations made. Any form of non-compliance or irregularity must be inspected.

GVP (Good Pharmacovigilance Practice)

Governs the monitoring of drugs once they are on the market.

It’s a set of guidelines that aim to reduce the harm and damage caused by adverse drug reactions. The term “pharmacovigilance” involves tracking adverse events, understanding risk, and assessing the risk-benefit profile of a drug in real-world use. It’s of vital importance for the company, as some side effects of their products might not be apparent before the drug reaches a broader population.

For companies, it’s essential to research their country’s GVPs and find out what agencies are in charge of overseeing compliance. In the EU, that’s EMA, for the US it's FDA, and for Canada, that’s Health Canada.

Every pharmaceutical company that sells medical products must follow GVP.

Up next, we’ll shift our focus to Software Engineering good practices your company has to follow when making FDA submissions.

Software Engineering Good Practices (GSEP) in FDA and EMA Submissions - 7 Categories to Follow

Good software engineering practices are essential during the FDA and EMA submission process, especially if the software is used in the development, manufacturing, or control of drugs/medical devices.

In plain English, these Good Practices ensure the software systems are safe, reliable, and compliant with regulatory requirements. On the other hand, poor software practices can lead to data integrity issues, security vulnerabilities, and product safety risks, all of which could result in FDA/EMA rejections, delays, or costly recalls.

There are 7 distinct good practice categories tied to programming with 2 additional management portions, all of which are shown in the image below:

In short:

  • Good Development Practices: These allow your team to build robust and reliable software that’s easy to maintain in the long run. It consists of 4 key areas - Definition of Done, Version Control, Code review, and Build Automation. 
  • Good Reproducibility Practices: Reproducibility is essential in highly regulated environments because the person the the approval team must be able to replicate an exact version of the software you’ve submitted. This is accomplished through 4 key principles - Version Control, Change Control, Dependency Management, and Documentation.
  • Good Software Validation Practices: This set of practices ensures your software works as intended in all conditions, even the ones not predicted in the first place. You can rely on a series of different tests to build confidence in your software, such as Verification and Validation, Unit Testing, Integration Testing, End-to-End Testing, Manual Testing, Performance Testing, and Risk-Based Validation Testing.
  • Good Cybersecurity Practices: It’s no news that pharmaceutical and medical sectors are sensitive in nature, so it’s mandatory that you follow strict good cybersecurity practices. These typically include Vulnerability Management, Validating Open-Source Packages, and Secure Software Development Principles.
  • Good Access Control Practices: Controlling who has access to which software and what they can do with it is the focal point of Good Access Control Practices. These typically include limiting access control through Role-Based access and keeping track of Audit Trails.
  • Good Documentation Practices: Good documentation makes software maintenance easier in the long run, but is also mandatory for FDA and EMA submissions. The project documentation should be complete, understandable for regulatory bodies, and in general help with reproducibility.
  • Good Data Management (Governance) Practices: If your software deals with sensitive patient data, it’s mandatory that you manage data integrity, accuracy, and security through a suite of good practices tied to Data Governance.
  • Sofware Development Life Cycle Management: SDLC refers to the process that the development teams use when designing and building software, and it consists of 6 steps - Requirement Definition, Designing, Coding, Testing, Validation, and Maintenance.
  • Risk Management: Finally, this phrase is crucial when working on software for highly regulated industries, as it ensures that potential failures are identified and mitigated before they become real issues. The process of risk management is typically split into two parts: Risk Assessment and Failure Mode and Effects Analysis (FMEA).

It’s a vast topic on its own, so we decided to dedicate an entire article to go over good practices in software development in depth.

It was published recently on our blog, so make sure to read it to get your software ready for FDA/EMA submissions.

Summing up GxP Compliance in the Pharmaceutical Industry

To conclude, there’s a lot that goes into understanding GxP in Pharma and clinical software development, but there’s no other way around it.

Ignorance and non-compliance are one-way tickets to get your FDA or EMA submission denied. If you get your product/service approved but fail to maintain GxP practices in the long, this can also lead to hefty fines. Nobody wants that.

This page should hopefully leave you with zero questions about GxP’s. However, going from theory to practice is a much more involved process than it seems. Smooth regulatory approvals, fast time-to-market for new products, and increased trust from both regulators and consumers take time - but it’s the only way to fast and sustainable growth in highly regulated industries.

If your company needs assistance in implementing and following GxP, make sure to reach out to Appsilon. We’ve worked with multiple Fortune 500 companies and are happy to help.

R is Revolutionizing Pharma and Life Sciences: Find out how it makes SAS obsolete.

Explore Possibilities

Share Your Data Goals with Us

From advanced analytics to platform development and pharma consulting, we craft solutions tailored to your needs.

Talk to our Experts