Internal Audits: Improving Companies One Department at a Time

Internal Audits: Improving Companies One Department at a Time

Is your company ready for an inspector to audit your departments? If you’re thinking to yourself, “I’m not too sure,” then it is time to get prepared and begin conducting some internal audits. What exactly is an internal audit? Internal audits evaluate the company’s control and compliance with federal regulations. These types of audits are a great way to identify gaps in the company’s processes and policies, which will allow you to close those gaps before a significant audit occurs.

Gaps in your companies processes and policies can be a serious issue for audits and may result in a Form 483. Your company wants to avoid any 483’s from the FDA. Identification of gaps is one reason why internal audits are an excellent tool for the company’s success. Let’s look at how an internal audit should be conducted.

Internal Audits

Each department within the company should have at least two internal audits a year and more if possible. The department should be audited on their process and the policy that makes up that specific department. Usually, the quality assurance department will determine which department and when that department’s internal audit will occur. Here is the process for internal audits.

    • Quality Assurance (QA) will determine which department will be audited. A member of the QA department will create a schedule for what the audit will consist of and what exactly they are auditing. Once the QA manager has looked over the schedule, a date will be picked out. That department will be notified about the upcoming audit.
    • When the day arrives for the audit, the QA member will notify the department manager to let them know the internal audit will begin. The internal audit begins and should be conducted as if you were from the FDA or any other auditor that may come to your company. The auditor then starts running through their list of items they want to inspect and go through. The auditor should take notes and take pictures of any items they see that are questionable.
    • Once the internal audit is complete, the auditor must compile a list of the observations found and present them to that department’s manager. Once that department has been given their observations, they must now correct them. The amount of time given to complete the corrections should be stated in the internal audit SOP.
    • As soon as the observations have been corrected, the internal audit report can be completed.

Quality Assurance and management need to keep up with performing these internal audits. They keep the department up to date and on their toes. Successful audits come from being prepared, and internal audits are a great tool to keep your company one step ahead. For more on audits and inspections, check out our blogs for information on everything from first impressions to wrapping up the inspection.

PSC Biotech® consultants can help you achieve success on every audit.  We have over 25 years of experience with audits, audit preparation, mock audits, and compliance gap analysis.  Consider using PSC’s AuditUtopia® and ACE Inspection® audit management software to automate and simplify your audit process.  PSC® is your one-stop solution for audit and inspection success.


Written by Ashley Castro, PSC Biotech® Consultant

Edited by Crystal McClain, PhD

See Also

PSC Software Solutions


Hire Consultants

PSC Biotech Services provide fast, budget-friendly, high-level expertise.

Follow Us

Share, Engage, Stay Current

Related Articles

Benefit- Risk Assessment for Regulatory process 

Benefit- Risk Assessment for Regulatory process 

Benefit-risk assessment is critical to the regulatory review process for life science companies and healthcare products, including drugs, biologics, and medical devices, before it is approved for use by regulatory agencies such as the Food and Drug Administration...

Grant Writing For Regulatory Processes – Whitepaper

Grant Writing For Regulatory Processes – Whitepaper

Grant writing is preparing and submitting proposals to secure funding from grant-making organizations such as government agencies, foundations, and corporations. Grant funding can be a critical source of revenue for non-profit organizations, academic institutions, and...

Navigating Regulatory Inspections: Top 5 Remediation Best Practices

Navigating Regulatory Inspections: Top 5 Remediation Best Practices

Regulatory compliance is essential in all industries, but it is easier said than done. Regulatory agencies strictly monitor organizations to ensure they adhere to the applicable rules and regulations. In doing so, they conduct regular inspections, and companies can...

Disinfectant Efficacy Testing: Being Prepared is Half the Battle

Disinfectant Efficacy Testing: Being Prepared is Half the Battle

Written by: Crystal Booth, M.M.- Regional Manager, Southeast USA, PSC Biotech™

Disinfectant efficacy testing is a means to measure the effectiveness of disinfectants that are employed to clean, sanitize, or disinfect surfaces. It plays an important role in controlling microbial contamination on surfaces. 

There are many regulations and guidance documents that discuss disinfectant efficacy testing and the topic is fair game in regulatory audits. There three well-known versions of the test, the use-dilution test, surfaces challenge tests, and in-situ field studies.  

The use-dilution test is also known as in-suspension studies. It is a quick screen that can be performed with new environmental isolates that are found in environmental monitoring. It is not a replacement for the surface challenge test. Simply, you inoculate approximately 1 X 106 CFU of the microorganism into 9.9 mL of the working disinfectant solution.  After the allotted contact time has expired, you process the solution and test for viable microorganisms.

The surface challenge test, also known as the coupons study or the carrier surface study, is the most common method for testing disinfectant efficacy. It involves using coupons made of the materials that are the surfaces in your facility. You should use a risk-based approach to select the worst-case surface coupons, microorganisms, disinfectant working solution concentration, and wet-contact times for the test. You inoculate the coupon surfaces with microorganisms, dry the surfaces gently, and then apply the disinfectant as it would be in the manufacturing environment. After the allotted contact time expires, you process the coupons are processed to test for any remaining microorganisms.

The in-situ field study, also known as statistical comparison tests, is performed in the manufacturing facility, most commonly before and after an area start-up or before and after cleaning and disinfection during normal operations. Simply, environmental monitoring (EM) is performed in the “as is” or “dirty environment”, the area is cleaned, and then the EM is performed again. The results are compared to determine the decrease in microbial numbers.

The best way to present disinfectant efficacy testing to regulators is to be organized and have your data ready in a neat package. Establishing a compliant disinfectant efficacy testing package aids in providing clear documentation that the disinfectants employed in a facility have been analyzed correctly. 

PSC Biotech™ can help ensure your disinfectant efficacy studies as well as your facility and procedures are ready for a regulatory audit. Our professional services team can perform cGMP audits of your facility, including your disinfectant efficacy testing. We can help you prepare to present and discuss your data with confidence during regulatory audits of your facility. Contact us today!

PSC Biotech™ and BIO Business Solutions® are hosting a joint webinar on the Fundamentals of Disinfectant Efficacy Testing. Click the button below to register!

What is Data Integrity and Why Should You Care About it in Your Lab

What is Data Integrity and Why Should You Care About it in Your Lab

Written by: Chris Pardo, Associate Business Development Manager

When you run a test and you get a result or OOS you don’t like, you wish you could delete it and just run a re-test, but we don’t. There is a very good reason we do not do this and you probably aren’t aware you are already complying with data integrity. Data integrity is essential for the life science industry. Most people don’t know why we have data integrity or what it is. Let’s go into what data integrity is and why it is important to maintain.   

What is Data Integrity 

We all have heard the phrase, “if it isn’t written, it didn’t happen”. Data integrity follows that, but takes it up a notch and expects the data to be attributable, legible, contemporaneously recorded, original or a true copy, and accurate  (commonly known as ALCOA). To ensure that data integrity is being met, there must be a record of anything that is changed from the original document while keeping the original document intact. When making a change a reason must be given and recorded. This brings us to an audit trail.  

Following the Trail 

The FDA defines an audit trail as a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the events relating to the creation, modification, or deletion of an electronic record. The audit trail shows us who made changes, why the changes were made, when they were made and what changes were made  

What it All Means

What data integrity means is that not just anyone can either alter data, erase it, or make any changes to a document without a record of the changes being made in an audit trail that can be reviewed. Severe penalties can occur due to not following data integrity such as a warning letter and criminal prosecution. Everything is recorded and made available for review by anyone.

Auditing Services – Data Integrity

Auditing Services – Data Integrity

Data integrity has become crucial to compliance for regulated life science companies.   Data Integrity assures the completeness, consistency, accuracy, authenticity, timeliness, and reliability of your data.

Whether your company is a biotechnology startup, pharmaceutical company, blood bank, gene therapy research institute, medical diagnostics facility, food and beverage corporation, you rely on digital data. Data Integrity shortcomings can lead to increased compliance costs to remediate the FDA citations, Warning Letters, and even delay your product approvals.

  1. Experts recommend that your data integrity program follow the ALCOA+ principles to achieve and maintain data integrity.
  • Attributable to the person, system, or data generating the data: What is the source of the data? Who did the data collection and performed the analyses?
  • Legible, traceable, and permanent: Is the data readable and understandable? Is it stored in a durable medium?
  • Contemporaneous: Where and when was the data created? Was it recorded as it was generated or observed?
  • Original: Is it an electronic record or metadata? Have the original records been preserved? Are they easily retrievable?
  • Accurate: Is the data error-free? Has it been maintained, updated and modified well?
  • Complete: Is all data available? Has anything been deleted?
  • Consistent: Has the data been chronologically arranged? Are there date and time stamps on the records?
  • Enduring: Will the data last even after 20 years? Will it lose readability after a long period of time?
  • Available: Can the data be accessed throughout its lifetime?
  1. Assess your systems for situations that might lead to data security breaches or compliance issues. Implement proper controls.
  2. Identify your products and processes with electronic data capture, such as automated HPLC systems, etc., high rates of Out Of Specifications (OOSs), and restrictive stability specifications. Implement appropriate controls for your high risk systems.
  3. Document results, observations, and discrepancies carefully. Pay special attention to orphan data or excluded data.
  4. Develop and implement corrective and preventive action (CAPA) plans to eliminate undesirable situations and non-conformities, and to improve data integrity.

Our team at PSC Biotech™ understands the data integrity responsibilities and provides audit and remediation services for data integrity.

Our insightful audit reports promote effective data integrity and record management strategies, and encourage data protection and privacy. We ensure our clients meet the standards set by the U.S. Food and Drug Administration (FDA), the European Commission (EC), an regulatory Agencies throughout the world. Whether you do research and development, clinical trials, quality control, manufacturing, data management or inspection, PSC Biotech™ can help you establish, evaluate, and improve your data integrity.

Convinced yet? Give us a call or visit www.biotech.com for more information.