Importance of Cross-Functional Review in Change Control Systems

Introduction to the Audit Finding

1. What Was Observed?

The change control process lacked a defined cross-functional review mechanism. Changes were initiated and approved within a single department without input from impacted teams.

2. Why This Is a Compliance Risk

• Unassessed impact on quality, validation, regulatory filings, and training
• Increased chance of implementation errors
• Failure to identify downstream risks in other functions

3. GMP Context

This finding reflects a failure to recognize change control as a multi-departmental responsibility essential for maintaining a robust GMP compliance framework.

Regulatory Expectations and Inspection Observations

1. 21 CFR 211.100(a)

Requires thorough review and approval of changes to procedures with an emphasis on quality impact assessment.

2. EU GMP Chapter 1

Highlights the need for coordinated quality management and proper documentation of roles in decision-making.

3. WHO GMP

Change control must be systematically evaluated by all impacted stakeholders.

4. Example Observations

• FDA: “Change #1123 lacked documented review by QA, validation, and regulatory functions.”
• MHRA: “Systemic issue where change controls are closed without cross-functional assessment.”

Root Causes of Missing Cross-Functional Review

1. Siloed Departmental Culture

Departments initiate and approve changes without communication with other stakeholders.

2. Poorly Designed Change Forms

No fields or steps exist to record reviews by other functional areas.

3. Inadequate SOPs

Current SOPs do not mandate review or signoff from QA, validation, regulatory, or production.

4. Lack of Training on Impact Assessment

Change initiators are unaware of how their modifications affect broader operations.

Prevention of Review Gaps in Change Control

1. SOP Revision for Functional Review

• Define minimum required reviewers for different change types
• Include RACI matrix in change control SOP

2. Standardized Change Templates

Introduce forms with mandatory reviewer sign-off fields for QA, Regulatory Affairs, Production, and Validation.

3. Cross-Functional Change Control Team

Form a permanent review team including department heads or designated reviewers for changes involving quality, process, or regulatory impact.

4. Electronic QMS Integration

Use change workflows that auto-assign reviewers and prevent closure without their approval.

5. Training and Governance

Reinforce training through examples from Stability Studies where change implementation failed due to missed cross-functional alignment.

Corrective and Preventive Actions (CAPA)

1. Immediate Corrective Actions

• Review all open and recent change controls for missing cross-functional input
• Require retrospective assessments where reviewers were omitted
• Delay implementation of unreviewed changes pending formal approval

2. Preventive Actions

• Amend SOPs to include multi-functional review for every change category
• Link each change to associated risk assessments and validation protocols
• Include change impact reviews in QA internal audits

3. Governance & Monitoring

Implement dashboards and KPIs to monitor % of changes reviewed cross-functionally. Establish escalation protocols for missed reviews.

4. Regulatory Framework Support

Align internal review processes with agency expectations such as CDSCO and USFDA guidelines for pharmaceutical change management.

GMP Risk of Document Revisions Without QA Oversight and Approval

Introduction to the Audit Finding

1. Undocumented Revisions

When documents such as SOPs or protocols are revised without formal QA approval, changes go undocumented and unverified.

2. Bypassed Quality Gate

QA serves as the final checkpoint to ensure controlled changes. Skipping this gate leads to non-compliance and data integrity gaps.

3. Operational Chaos

Multiple departments may unknowingly use different versions of the same document, causing procedural inconsistency.

4. Regulatory Violation

Controlled documentation is a core GMP requirement. Unapproved revisions violate 21 CFR Part 211 and GMP documentation principles.

5. Untrained Personnel

Employees may operate under revised procedures without training, increasing deviation risks.

6. No Change Justification

Without QA approval, there’s no documented reason or risk evaluation for the revision.

7. Lost Audit Trail

Investigations and audits become challenging due to absence of change history and documented approvals.

8. Increased Inspection Observations

Regulators consider this a serious gap in documentation and quality systems — often issuing major observations.

Regulatory Expectations and Inspection Observations

1. 21 CFR 211.100(a)

States that any written procedures must be reviewed and approved by the quality control unit before implementation.

2. EU GMP Chapter 4

Emphasizes that any GMP documentation changes must be reviewed and approved by QA before issuance.

3. WHO TRS No. 986

Recommends that no GMP document be updated without formal approval and documented rationale.

4. MHRA Warning Letters

Examples include: “Critical: Unapproved changes made to procedures governing aseptic processing.”

5. EMA Audit Focus

Audits target document version control, change logs, and evidence of QA approval workflows.

6. CDSCO Observations

Findings like “QA was unaware of changes made to master manufacturing instructions” are common in domestic audits.

7. USFDA 483 Citations

Frequent observations include: “Lack of documented QA review for SOP revisions” and “Uncontrolled documentation updates.”

8. GxP System Impact

This issue disrupts the integrity of not just manufacturing but also validation, calibration, and stability testing procedures.

Root Causes of Uncontrolled Document Revisions

1. Lack of Awareness

Functional teams may not understand the requirement for QA review of all controlled document changes.

2. Weak SOP Governance

No master SOP outlines who is responsible for authoring, reviewing, and approving revisions.

3. Decentralized Document Control

Departments manage their documents independently without coordination with the QA unit.

4. No Access Control

Unrestricted editing rights in shared folders or systems allow unauthorized changes.

5. Pressure to Implement Changes

Operational urgency may push users to revise procedures without waiting for formal QA clearance.

6. Manual Systems

Lack of electronic document management systems results in procedural lapses and tracking difficulties.

7. Undefined Approval Flow

No defined workflow outlining approval stages, roles, and documentation needed.

8. Ineffective Auditing

Internal audits fail to detect unauthorized revisions due to inadequate checklist or oversight focus.

Prevention of QA Approval Gaps in Document Revision

1. Define SOP Revision Workflow

Develop a document revision SOP that mandates QA approval before any implementation.

2. Control Access Rights

Restrict editing rights to trained personnel and use version-locking software for compliance.

3. Link to Change Control

Ensure all document updates originate from approved change control requests.

4. Use Document Management Systems

Implement systems that enforce review, approval, and release workflows for all GMP documents.

5. Train Cross-Functional Teams

Train authors, reviewers, and approvers on the importance of documentation integrity and regulatory consequences.

6. Audit Document Changes

QA should conduct periodic audits of document change logs and version control histories.

7. Establish Document Numbering Protocol

Each version should be uniquely identified, and obsolete versions archived clearly to avoid use.

8. Senior Management Review

Present document control compliance metrics during periodic QA reviews for visibility and oversight.

Corrective and Preventive Actions (CAPA)

1. Stop Uncontrolled Revisions

Immediately suspend editing rights for GMP documents until a formal approval workflow is implemented.

2. Revise Document Control SOP

Include explicit responsibilities, approval flow, version control, and archiving steps.

3. Conduct Impact Assessment

Identify all documents revised without QA approval and assess impact on quality and compliance.

4. Reissue Controlled Versions

Revalidate and formally approve all impacted SOPs, assigning proper version numbers and change logs.

5. Train on New Controls

Conduct mandatory refresher sessions on document control procedures for all departments.

6. Validate Document Systems

Ensure systems used for document storage and revision are validated for GMP use and include audit trails.

7. Monitor Document Revisions

Track revision frequency, unauthorized access attempts, and QA review compliance as KPIs.

8. Include in Audit Scope

Make document revision control a permanent component of internal and supplier audit checklists.