43

SOPs, Working Documents, Manuals, Guidelines

United States, European Union, and other health authority regulations require that companies have written standard operating procedures (SOPs) to handle drug safety and pharmacovigilance. These documents in the aggregate are known as “procedural documents.” These are documents that describe the general or specific steps to be done in a process, job, or function to ensure that the result is obtained in a complete, reproducible fashion and delivers what is sought. The procedure should be descriptive and may be used for training and as a reference document.

The following is from the U.S. Food and Drug Administration’s (FDA’s) document for inspectors conducting adverse event (AE) audits (Chapter 53: Post-Marketing Surveillance and Epidemiology: Human Drugs, Enforcement of the Post-Marketing Adverse Drug Experience Reporting Regulations, September 30, 1999, Field Reporting Requirements. See Web Resource 43-1):

In the European Union, Volume 9A specifies that written procedures exist and goes on to list those that are required (at a minimum).

• The activities of the QPPV and the back-up procedure to apply in their absence;
  
• The collection, processing (including data entry and data management), quality control, coding, classification, medical review, and reporting of ICSRs:
  
• Reports of different types:
  
  
  
  • Organized data collection schemes (solicited), unsolicited, clinical trials, literature
    
  • The process should ensure that reports from different sources are captured:
    
    
    
    • EEA and third countries, healthcare professionals, sales and marketing personnel, other Marketing Authorization Holder personnel, licensing partners
      
    • Competent Authorities, compassionate use, patients, others;
  
  
• The follow-up of reports for missing information and for information on the progress and outcome of the case(s);
  
• Detection of duplicate reports;
  
• Expedited reporting;
  
• Electronic reporting;
  
• Periodic Safety Update Reports (PSURs):
  
  
  
  • The preparation, processing, quality control, review (including medical review) and reporting;
  
  
• Global pharmacovigilance activities applying to all products: Continuous monitoring of the safety profile of authorized medicinal products
  
  
  
  • Signal detection and review;
    
  • Risk-benefit assessment;
    
  • Reporting and communication notifying Competent Authorities and healthcare professionals of changes to the risk-benefit balance of products, etc.;
  
  
• Interaction between safety issues and product defects;
  
• Responses to requests for information from regulatory authorities;
  
• Handling of urgent safety restrictions and safety variations;
  
• Meeting commitments to Competent Authorities in relation to a Marketing Authorization;
  
• Global pharmacovigilance activities applying to all products (signal detection, evaluation, reporting, communication, etc.);
  
• Management and use of databases or other recording systems;
  
• Internal audit of the pharmacovigilance system;
  
• Training;
  
• Archiving.

A list and copies of the global and EEA procedures should be available within 24 hours on request by the Competent Authorities. Any additional local procedures should be available to respond to specific requests.

One of the first requests that an inspector from the FDA, the Medicines and Healthcare Products Regulatory Agency (MHRA), or European Medicines Agency (EMA) will make at the beginning of a drug safety inspection is for copies of the drug safety SOPs and related documents (such as guidelines, working documents, manuals, etc.). Usually, the company has an index or listing of these documents that is given to the inspector, who then chooses which ones to examine. Companies then must expect that the government inspectors, corporate auditors, vendors doing due diligence, and others will read the SOPs in detail and expect those people in the company governed by the SOPs to follow them scrupulously. Auditors will also look at working documents, manuals and guidelines, and other documents (see below) that groups prepare to aid in their work in addition to SOPs. The auditors also expect the staff to adhere to these guidelines too, especially if they are approved by some formal or semiformal company mechanism. Note that putting a process or requirement in a working document rather than in the SOP does not free the staff from adhering to the requirement. Thus, it is not a good strategy to relegate certain requirements to a working document or guideline in the hope that the inspector will not examine them or hold the staff responsible for these requirements too. All procedural documents are “fair game.”

Companies or health agencies may create multiple levels of procedures. For a large company, there may be a very high-level (or “global” or “corporate”) SOP that states the scope, mission, and broad outlines of the safety policy. Then, each division within the scope may develop its own localized policy, and subdivisions may then develop theirs. Usually, two to three layers are the practical limit of this hierarchy. For example, for a large multinational company, one way to approach this is to create three levels of SOPs:

1. High-level corporate policy that applies to all divisions of the company: This is the corporate policy to collect, analyze, and report to the appropriate health authorities and internal and external clients all AEs, product quality complaints, and medication errors that the company learns about its products that occur in humans and animals.
   
2. Division level: Each division of the company then prepares a more detailed version of the high-level policy that applies only to that division:
   
   
   
   • Human products division: Creates a broad policy to put the high-level policy into effect. This would cover all research and marketing in the home country and abroad (directly or via subsidiaries or affiliates) and directs them to prepare their own local SOPs (in their local language with a translation into English for review by the quality group).
   
   
3. Subdivision level: Each section (e.g., the French affiliate) within a division then creates its own SOPs to put the policies noted above into place in their local language. There may be multiple policies needed to accomplish this, and they should specifically cover such things as responsibility by job title (e.g., the medical monitor is responsible for…), timing (e.g., all serious AEs from investigational sites sent to the company within one working day of occurrence by electronic transmission, fax, e-mail…), and so on.

For example, the following units could create one or more SOPs to cover the following:

• The drug safety unit SOPs would cover the specific details of the handling of spontaneous serious AEs, spontaneous nonserious AEs, literature AEs, clinical trial AEs from phase I–IV studies, clinical trial AEs from investigator-initiated trials, AEs from business partners, or AEs from consumers, periodic reporting, signal detection, and so forth.
  
• The clinical research unit SOPs would cover instructions to investigators and monitor what and when to send AEs using a particular written form, or how to handle the case in the electronic case report form (EDC system).
  
• The animal toxicology/pharmacology unit(s) should have SOPs covering how and when animal findings regarding safety and toxicity should be reported and to whom, because in many jurisdictions, animal findings that may result in safety issues in humans must be reported within 15 calendar days as expedited reports.

Other documents at any level can also be created. At any point, a unit may create documents to assist staff in doing their daily jobs. These documents might be manuals (e.g., a data entry manual explaining screen by screen how to enter AE cases into the safety database), guidelines, guidances, “cheat sheets” (e.g., a table of all AEs listed in a drug’s Package Insert to aid in the rapid determination of whether an AE is labeled/listed), process guides, and various other work aids. Ideally, these should be done somewhat formally with version control and verified to be correct and consistent from person to person within a group.

SOPs must be kept in tight control because they represent the “bible” and contain instructions to the employees that must be followed. Only the latest version of the SOP should be used and available to all employees. In theory, keeping only the latest versions of SOPs online ensures that employees do not use older, outdated versions. However, in practice, especially if there are many SOPs, employees print out copies rather than looking online every time they have a question (e.g., they might have to log out of a case they are entering into the database to look up an SOP question). This tends to defeat the purpose of SOPs but is probably unavoidable. In that case, the printed version should contain a statement to the effect: “This printed copy does not necessarily represent the latest in-force version of this SOP. The current in-force copy may be found online at [give link or URL].” Alternatively, the SOP group may issue to every employee covered printed copies of the SOPs that are numbered, dated, and version controlled. When a new version of an SOP is published, a member of the SOP group should update each binder, replacing the old version with the new version.

Clearly, very tight version control must be maintained. This should be spelled out in the SOP that governs SOP creation and maintenance. It should cover how and by whom it is determined that an SOP is needed and its creation, review, approval, and updating. A system of version control and numbering should be described. It should also mandate training appropriate employees on the new procedures.

Copies of older, outdated SOPs should be retained, as a health agency inspector may wish to see the SOP in force at the time when a case that is months or even years old is examined. The company may avoid a citation by showing that a particular SOP requirement that is in place now was not in place when the case was actually received and processed.

Training on SOPs is obligatory. Training should not be simply distribution of the SOPs and having each person read them. Efforts should be made using professional, dedicated trainers (e.g., employees who have some skills in teaching and training) to develop a methodology to ensure that training is effective. This includes setting up training and retraining schedules and curricula and using effective technology (interesting presentations, video, web-based training, etc.). Many companies will conduct testing after the training to ensure that the content was absorbed. This is somewhat controversial, though most companies will test manual data entry, as this critical function must be done correctly. Many companies have training departments that “certify” trainers (“train the trainers”) within divisions of the company. The trainers themselves may not train on all SOPs but may enlist subject-matter experts to do the actual training. The trainers may review and approve the training materials. In addition, detailed records of training must be kept. They should be at the employee level and at the group level so that it can be easily demonstrated (with written records) to an auditor that every employee was successfully trained. Copies of the training materials (such as PowerPoint decks) must also be retained.

It is not sufficient to write and publish SOPs. They must be followed. The quality department should review (audit) SOPs on several levels:

• Do the SOPs meet the mission and standards they set? For example, if a safety SOP requires adherence to U.S. and European Union expedited reporting requirements, the SOP should be audited against the U.S. and European Union regulations, laws, and guidelines. This is often a difficult job for an auditor, because it requires that he or she must be familiar with these laws and regulations. Historically, the groups doing pharmacovigilance audits also did clinical research audits as well as, in some cases, financial, Good Laboratory Practice, and Good Manufacturing Practice audits. This would often mean that the auditors had only a superficial knowledge of safety requirements and best practices. The trend now is for developing specialized drug safety auditing units that have employees with detailed knowledge of PV—often former case processors or staff from the drug safety unit who wish to move out of the “firing line.” Thus, the auditor is able to make a learned judgment on whether the SOP meets the appropriate regulatory requirements and is best (or at least acceptable!) practice.
  
• The second level of review is the more common and, in general, easier level to audit: Are employees adhering to the requirements of the SOP? If the SOP is clear and prescriptive, the auditor is easily able to verify whether the procedures are done appropriately. For example, if the SOP requires that each AE report coming into the safety department is manually or electronically date-stamped immediately on receipt and then entered into the database within 2 working days, it is relatively straightforward for the auditor to check the date stamp and compare it with the date of data entry.

Another level of review is internal consistency. If each subsidiary in the countries where a multinational company sells the drug has a safety SOP, these SOPs should be reviewed for consistency with the higher level SOP and, if desired and appropriate, with each other.

Although CIOMS and ICH (see Chapters 36 and 37, respectively) have done much work to harmonize requirements and regulations, there are still significant differences between and among each country’s requirements, particularly in clinical trials, where there is less harmonization than in the marketed drug arena. These differences, on the working level, can be substantial and difficult for companies to work out in a manner satisfactory to all parties.

In our age of globalization, it is now common for companies to work with many other companies (either pharma/biotech companies or CROs) in codevelopment, comarketing, and other joint arrangements. Some of these can involve multiple companies throughout the world. Such situations require that some level of coordination and agreement is reached on how SOPs and processes will be handled.

The specific requirements of SOPs may also present problems in such situations. If one company uses only E2B case submission and the other company uses MedWatch or CIOMS I forms, there will be issues to resolve. Or, if two companies agree to exchange with each other completed CIOMS I forms for all serious AEs and one company bases its procedure on completing the forms by calendar day 7 and the other by calendar day 11, there may be significant timing and process issues, forcing one of the companies to alter its procedure to accommodate a shortened preparation schedule. One company may require a legal review of each case and the other may not. At some point, most companies harmonize as much as they can and “agree to disagree” on the remainder of the issues. Generally, the larger the company, the less flexible it is.

Although it would be ideal to have only one set of SOPs in place for a study or drug on the market, it is often the case that each company uses its own SOPs. Differences in case handling, processing, medical review, and so forth, must be ironed out before the study is begun or the drug marketed. There is no one correct or ideal way to do this. Each situation is usually customized, and compromise may be required by one or all parties. This can be difficult for large companies with rigid systems in place that do not wish to make exceptions or “one-offs.” Sometimes companies may not permit their (highly proprietary) SOPs to leave their building. The other company may see them but only by physically visiting the site where the first company keeps the SOPs. This can make harmonization of SOPs between the companies rather difficult. See Chapter 47 on safety exchange agreements.

The listing of European Union SOPs that should be present is fairly complete. In addition to those, it is usually wise to have SOPs that cover other areas, including:

• Handling AEs in clinical research, including investigator-initiated trials as well as phase I–IV studies
  
• Handling AEs from marketing and sales, legal, telephone operators, webmasters, and the mailroom
  
• Reporting requirements for employees not normally involved in safety, specifying that all AEs must be sent to drug safety within certain time frames (i.e., if an accounting department employee hears from a neighbor over the weekend that one of the company’s products made him sick, that AE should be reported to drug safety)
  
• Handling of AEs in animals
  
• The mechanics of the drug safety department:
  
  
  
  • Receipt of AEs from trials, spontaneous reports, consumers, electronic data capture, logging, database entry, quality review, narrative preparation, the Medical Dictionary for Regulatory Activities coding conventions, drug naming conventions, breaking the blind in clinical trials, literature review, medical review, querying, and follow-up
    
  • Handling of 7-day expedited reports
    
  • Handling of 15-day expedited reports (clinical trial and postmarketing)
    
  • How to develop safety agreements with partners; handling of reports sent to business partners and internal clients
    
  • E2B reporting
    
  • Preparation of Investigational New Drug Application annual reports, Annual Safety Reports, New Drug Application periodic reports, Periodic Safety Update Reports, and other aggregate reports
  
  
• Contacts with government agencies
  
• Crisis management and disaster recovery
  
• Database management and access
  
• How to handle an audit
  
• Archiving and filing; record retention
  
• Signaling
  
• Life cycle risk management and preparation of risk documents (e.g. REMs and RMPs)
  
• Medication error handling
  
• Product quality handling
  
• Quality assurance and quality compliance
  
• SOP preparation and maintenance
  
• Litigation
  
• Training

This list is not complete and will be tailored by each organization. Some organizations will be “lumpers” and others will be “splitters,” creating fewer or more SOPs.

All SOPs, working documents, manuals, and such should be reviewed periodically (at least yearly and more frequently if appropriate) to be sure they are still applicable and up to date. They should, in particular, be compared with regulations and requirements in force, best practices, and what is really happening in the organization they apply to. It may surprise that what is written in the SOP may not be what is really happening “in the trenches.” Adjustments in process and SOP should be made. All changes in the documents should be carefully documented and noted in the “changes in the new version” section of the document. Training should be performed as necessary.

For a good review of SOPs in the pharma industry, see Gough, Hamrell, Standard Operating Procedures (SOPs): How to write them to be effective tools. Drug Inf J. 2010;44:463–468.

Stay updated, free articles. Join our Telegram channel

Join