Most people will have some involvement with being audited. In general audits are classified into one of three different types; namely first party, second party and third party.

First party audits are often called internal audits or self-inspections. Here you are audited by others from your own site. Second party audits are either you auditing a supplier or a customer (of which you are a supplier) auditing you. This leaves third party audits whereby you are audited by a Regulatory Authority or external body. This also leave the notion of corporate audits; audits by people from within the same organisation but from another site. There is a case for classifying these as either 1st, 2nd or 3rd party audits – a discussion we will save for another day!

As a pharmaceutical trainer, auditor and consultant I meet a lot of auditors and look at audit mechanisms a great deal. The following appears to be the case in most pharmaceutical manufacturing sites.

First party audits:

We do these because we have to! Often seen as a regulatory necessity! Areas are often only audited once a year (if that) with limited time given to perform the audits. These audits are often moved “when something more important comes up”, are poorly planned and prepared for, the audit programme is often not adhered to, reports are completed late and non-conformities/ corrective actions highlighted during the audit are rarely completed. Evidence to support that true corrective actions have been taken (that proves that the problem has been sorted for good) are rarely seen.

Second party audits:

These are generally done OK. We like doing these. If it involves us performing supplier audits then it gets us out of the office, involves travel and allows us to meet new people. If it’s us being audited by a customer it gives us an opportunity to show them what we can do and how good we are. This article is not really about this type of audit – we will re-visit these another day.

Third party audits:

These are dealt with completely differently from first party audits. As soon as a site knows that the Regulatory Authority is coming all holidays are cancelled. Teams of people will meet every week to plan the audit, all documentation and records will be re-reviewed and put in a (war) room with an armed guard at the door! There will be none of that “we’ll deal with any non-conformities in due course” with these audits – people are re-trained, procedures are re-issued and facilities repaired whilst the audit is still going on!

Now, I am generalising here, and I am trying to bring an element of fun and humour into this article, so please don’t be offended by this. However – here is the general lesson. We generally pay a bit of lip-service to the first party (internal) audit and take the third party (regulatory) audit much more seriously. And here is where the focus is wrong. Surely if we gave the first party audits much more focus and priority (after all it’s the prime way of evaluating your system) then wouldn’t second and third party audits be much easier to prepare for and be more successful?

I know that having a bad third party audit is a disaster for any site, so they do need to be well prepared for and managed. However giving more focus and effort to our own first party audits pays dividends. This can be summed up with my final thought. Aren’t non-conformities raised at third party audits telling you something about your first party audits? Surely the first party audits should be picking up findings ourselves before the Regulatory Authority finds them!

Of course what I say above involves a lot of generalisation, it does however appear to be generally agreed by people who I meet. If this is not the case in your own organisation then this is great news, and I would be delighted to hear from you in a comment below.

Please feel free to comment. For details of our courses in this area select this link: QMS Courses

THIS ARTICLE WAS FIRST PUBLISHED IN 2012 AND MOST RECENTLY UPDATED IN SEPTEMBER 2022.

Annex 1 has finally arrived, 25th Aug 2022 saw the publication of Annex 1. Normally, updates to GMP chapters and Annexes have a 6-month lead time for implementation. In the case of the new Annex 1, the lead time is 12 months, except for clause 8.123 relating to lyophilization which has 24 months lead time.

Annex 1 was first issued in 1971 as the only annex in the first ever UK guide to Good Manufacturing Practice. Since then, there have been several updates but not full revisions. In 2012 there was a proposal to revise Annex 1 with a re-proposal in 2014 by the UK’s MHRA. At the time, a full rewrite was considered unlikely and instead the intention was to provide a document that would confirm regulatory expectation and as such, not place any new requirements or costs on the pharmaceutical industry.

While this principle, is still upheld, it was clear from the first draft for public comment of December 2017, that a rewrite was being undertaken. The first draft created around 6200 comments coming from regulatory organizations, such as the pharmaceutical cooperation scheme, regulatory bodies outside of the EU, support organizations such as the Parenteral Drug Association, the Parenteral and Healthcare Sciences Society, the Pharmaceutical Microbiology Interest group as well as representatives from the manufacturers within the pharmaceutical industry to name just a few. Rarely do updates require a second public consultation but in the case of the annex 1 update a second draft was issued in March 2020 although this was a more targeted review in terms of the sections and clauses that comment was being sought for.

About the author

Andy Martin

Andy started working in the Pharmaceutical industry in 1985 as a lab technician for Smith & Nephew. Following this he had a number of roles culminating when he took over as QA Microbiology Manager. In 2003 he moved into Pharmaceutical Training and then in 2007 he moved back into Microbiology when he took up the position of Microbiology Manager for Catalent Pharma Solutions. Since 2012 he has operated as a consultant specialising in Microbiology and Quality Systems.

Training courses on Annex 1

There are a number of half-day workshops organised to take you through the changes in more detail and to look at how they relate to your organisation.

More details

Our 2-day course is updated for Annex 1 changes

Find Out more

Find out about our course ranges

Free Taster courses

To try a free taster of our online courses to see if they are of interest visit this page.

← Previous Article Next Article →

7 Comments

Gareth on February 9, 2012 at 8:22 am
Hi Dominic – really interesting post. I’s like to interview you on this topic for in-Pharmatechnologist.com. Drop me a line if you are interested.
Hope to hear from you
Gareth
Arie Menachem on February 12, 2012 at 1:41 am
I think that the way to deal with the disparity you mention is to ensure that those of us who perform second or third party audits is to focus very carefully on the site’s internal audit program. This is important for a few reasons – firstly to understand how risks are handled on site for the 360 or so days there is not a third party / corporate audit (and in the case of a second party / supplier audit – the number of days is usually at least double that) and secondly to impress upon the local leadership that they are held accountable for the effectiveness of their audit program. In one of the companies I worked at, if we made a finding that was understood and managed by the site, this was given a lot less weight than one that hadn’t been discovered by the site or had been known by the site but inadequately managed. If that kind of system is implemented – it incentivizes the site to implement a robust internal audit program.
amit on February 13, 2012 at 3:46 am
Is First Party audits is a general practice among big pharmaceutical companies like Amgen, Genetech etc. Do they use same teams for GMP and GLP validation audits.
Andy Nichols on February 13, 2012 at 10:42 pm
So what can be done to improve the way internal audits are perceived and performed? Any clues?
- Ron Orme on February 14, 2012 at 7:51 am
  I think Dominic’s point is that the same importance and approach needs to be adopted for internal audits as for third party and external audits.
- Dominic Parry on February 14, 2012 at 8:53 am
  More focus and buy in from Top Management generally is needed.
Peter Lavis [Lead Auditor] on February 14, 2012 at 2:20 pm
What is absolutely essential here is the integration of ‘business’ requirement [ie. the pursuit of organisational efficiency] with the requirements set down through GMP [ie. effectiveness]. Thus the perception of Internal Audits will change – they will then be seen as a ‘value-adding’ activity rather than simply a ‘necessary evil’, a mechanism put in place to satisfy Chapter 9. The key to this is to ensure that process interface, internal customer requirements and continual improvement issues etc are being addressed during Internal Audit and that ‘Managers’ see themselves as Process Owners, rather than owners of functional silos. In this way the requirements of GMP and the ‘whole business’are being addressed through the Internal Audit process – and we employ best business practice [as seen through ISO 9001] alongside the requirements of GMP – and this ties in very nicely with the ISO 9001 / GMP article. This way of thinking is coming the Pharma-way, in part via ICH Q10, and in part through economic necessity. The Pharmaceutical Industry needs effective and efficient organisations – not just effective ones.