CMC regulatory affairs: An introduction to CMC and compliance

Chemistry, Manufacturing and Controls (CMC) of a medicinal product is the body of information that defines not only the manufacturing process itself but also the quality control release testing, specifications and stability of the product together with the manufacturing facility and all of its support utilities, including their design, qualification, operation and maintenance. CMC regulatory affairs and compliance is seen as a process of governance which ensures CMC practices are carried out in agreement with regulatory agencies requirements and expectations. Since such requirements and expectations change with time, a function of CMC regulatory compliance is to ensure that all CMC practices are updated accordingly.

CMC regulatory compliance ensures that, if the pharmaceutical organization has made any CMC-specific commitment to regulatory agencies, either verbally or in writing, such CMC practices are carried out.

Within the EU, the marketing authorization holder and Qualified Person will be held responsible if the manufacture of a medicinal product is not undertaken according to the details supplied in the CMC section (CTD, Module 3 or equivalent) of the approved dossier. The legal framework in the EU is defined in Directive 2001/83/EC, as amended, with key statements found within Articles 20, 23 and 51. Similar principles apply to the US and other international markets.

If a marketing authorization holder has a product which is not manufactured, packed, tested or as stable as described in the information supplied to the relevant national authority, then the MA is considered to be in non-compliance with manufacturing procedure.

The consequences of non-compliance can range from having to rectify the differences under the scrutiny of the relevant national authority, to fines, withdrawal of the marketing authorization, or the suspension of product distribution on a national or regional level.

Many companies that find a level of regulatory non-compliance within their manufacturing organization will possibly identify the principal cause to be a lack of robustness in their change control system stretching from the manufacturing quality organization to the regulatory affairs functions at manufacturing, corporate and country-based local regulatory functions.

If the change control system lacks robustness, and clarity in responsibility definition for post-approval actions, changes made at manufacturing level can get overlooked and result in manufacturing details and CMC-registered details being out of sync.

Given the possible consequences of non-compliance, which include damage to the reputation of the whole company, it is best to prevent non-compliance issues from developing initially by strengthening the change control system and company infrastructure in CMC pharma.

If a company as a marketing authorization holder has a portfolio of products where it is suspected there may be divergence between registered CMC details and manufacturing practice, due action should be taken to start or continue a compliance program to identify and rectify compliance issues.

The consequences of an external body identifying non-compliance within an organization and the damage to the company's reputation will be mitigated if a company is already engaged in a thorough, continuous and well-structured compliance program.

Before initiating a compliance program, it is always best to define the scope of the program and assign enough resources to it. The compliance program can range from preparing single marketing authorization in a single country for license renewal, all the way to include a section of the company portfolio or full portfolio in multiple countries.

It is also important to identify clearly the decision-makers, and agree on and define the roles and responsibilities from the beginning, as a compliance program will likely require difficult decisions to be made. Any project of this nature must include the quality organization and specifically the (EU) Qualified Persons (or equivalent) responsible for the release to market of the products in its scope.

Within a CMC pharma, the measurement of compliance can give rise to conflicts of interest, as the results can be seen as a measure of a function's performance. One possible option to avoid this aspect, and ensure a level of impartiality, is to use a suitably experienced regulatory outsourcing provider for critical parts of the project.

In conclusion, organizations that find a level of regulatory non-compliance within their manufacturing organization may identify the principal cause to be a lack of robustness in their change control system. Building robustness also needs senior management to be in agreement about any process change strategy and enabling implementation teams at the ground level to have the authority to drive remediation programs to completion.

Author: Jon Fletcher - Manager, Regulatory Affairs