The FDA inspected Mylan Laboratories Limited, a Viatris company, from June 14 to June 26, 2024. The inspection uncovered critical cGMP violations across quality control, laboratory practices, and data integrity. These lapses have resulted in the firm’s drug products being classified as adulterated under Section 501(a)(2)(B) of the FD&C Act.

The violations demonstrate systemic weaknesses in quality systems and data management, posing significant risks to drug quality and patient safety. Below, we analyze key violations and their implications in depth.

Key Non-Conformances Identified

Some of the key non-conformances cited in the warning letter include:

1. Failure to Establish and Follow Quality Control Procedures (21 CFR 211.22(d))

Observation Details

• Analysts were absent during testing, yet they reported results as if they had conducted the analysis.
  • Biometric access records revealed that these analysts were not physically present at the facility.
  • Testing was conducted on (b)(4) identification of components in the Packaging Material Laboratory.
• Multiple discrepancies in four test worksheets were observed, undermining the credibility of reported results.

FDA’s Concerns

• The firm delayed addressing known issues, with awareness of the data integrity problems dating back to January 2024.
• The response lacked clarity on:
  • The full extent of the data integrity violations.
  • Specific actions to ensure compliance across all laboratory operations.
  • Global plans to prevent recurrence.

Implications

• Data integrity violations raise doubts about the reliability of all quality-related data generated by the firm.
• Inaccurate or fabricated data directly jeopardizes the safety and efficacy of drug products.

2. Inadequate Investigation of Discrepancies and OOS Results (21 CFR 211.192)

Observation A: Stability Testing OOS Results

• Two batches of (b)(4) mg tablets produced out-of-specification (OOS) and out-of-trend (OOT) results during stability testing:
  • Batch (b)(4): OOS results at the 18-month long-term stability time point.
  • Batch (b)(4): OOT results at the 3-month long-term stability time point.
• The analyst aborted the HPLC sample set sequence without providing adequate justification for the discontinuation of testing.

Observation B: Invalidated Assay Results

• Anomalous results for content uniformity in (b)(4) mg capsules were dismissed during retesting.
  • Retesting attributed the issue to HPLC column leakage, but the equipment’s audit trail did not record such an error.
  • The firm invalidated the results without a thorough scientific rationale.

FDA’s Concerns

• The response lacked:
  • Evidence supporting the conclusions of OOS investigations.
  • Robust root cause determinations for invalidated results.
  • A clear plan for addressing the gaps in laboratory investigations and ensuring consistent, compliant practices.

Implications

• If OOS and OOT results are not adequately investigated, they may indicate more profound issues in manufacturing, raw materials, or equipment processes.
• Repeated dismissal of results without justification undermines the credibility of the firm’s quality control systems.

3. Ineffective Quality Systems

Observation Details

• Multiple violations reflect broader systemic weaknesses in the firm’s Quality Unit (QU):
  • The QU failed to ensure reliable oversight of laboratory operations and adherence to cGMP.
  • Executive management was not effectively involved in monitoring and enforcing compliance.
• Inadequate governance led to delayed investigation and insufficient corrective actions even after data integrity violations were identified internally.

FDA’s Concerns

• The response did not outline actionable steps for executive management to enforce cGMP standards across operations.

RELATED: GMP vs cGMP

Implications

• Lack of adequate quality systems exposes the firm to ongoing risks of non-compliance, jeopardizing public safety and regulatory approvals.

4. Data Integrity Deficiencies

Observation Details

• Widespread lapses in maintaining accurate, contemporaneous, and complete records were identified:
  • Instances of non-contemporaneous record-keeping.
  • Omitted or destroyed records.
  • Invalid or altered test results.

FDA’s Concerns

• The firm failed to present a comprehensive, risk-based assessment of all operations potentially affected by data integrity breaches.
• The response lacked a clear strategy for remediating underlying cultural and procedural issues.

Implications

• Data integrity issues compromise the ability to produce reliable evidence of product safety, efficacy, and quality.
• Regulatory confidence in the firm’s submissions is severely undermined.

RELATED: Data Integrity in GMP

CAPA Plan Recommendations

To address these critical deficiencies, Mylan Laboratories must implement a comprehensive CAPA plan. Below are the recommended actions for each non-conformance:

1. Failure to Establish and Follow Quality Control Procedures (21 CFR 211.22(d))

Root Cause Analysis (RCA)

1. Governance Failures:
   • The Quality Unit (QU) lacked adequate oversight and control mechanisms to monitor laboratory operations and ensure compliance with cGMP.
   • No formalized process existed for validating the presence of analysts during critical testing.
2. Data Integrity Weaknesses:
   • Analysts exploited process gaps to manipulate testing records without detection.
   • Inadequate training in cGMP-compliant data handling practices contributed to falsifications.
3. Cultural Deficiencies:
   • The organizational environment did not enforce accountability for non-compliance.

Corrective Actions (CA)

1. Data Validation Measures:
   • Implement biometric access and e-signature systems for test initiation and result reporting.
   • Restrict access to critical testing areas and systems to authorized personnel only.
2. Staff Overhaul:
   • Remove personnel involved in data falsification and retrain remaining staff on cGMP and data integrity.
3. Internal Audit:
   • Conduct an immediate audit of all historical data generated by the Packaging Material Laboratory.

Preventive Actions (PA)

1. Policy Revision:
   • Establish stringent SOPs for quality control operations, including verification of test authenticity.
   • Mandate independent review of critical test data before batch release.
2. Training and Culture Shift:
   • Initiate comprehensive training programs for all staff on cGMP compliance and data integrity.
   • Foster a whistleblowing culture with protections for employees reporting non-compliance.
3. Continuous Monitoring:
   • Implement real-time data monitoring systems with automated alerts for suspicious activity.

2. Inadequate Investigation of Discrepancies and OOS Results (21 CFR 211.192)

Root Cause Analysis (RCA)

1. Process Gaps:
   • Investigation procedures did not include detailed steps for identifying root causes or justifying retesting.
   • No integration of manufacturing data and laboratory results in OOS investigations.
2. QU Inefficiency:
   • The Quality Unit lacked adequate oversight to ensure investigations were comprehensive and evidence-based.
3. Resource Constraints:
   • Lack of trained personnel to conduct thorough root cause analyses.

Corrective Actions (CA)

1. OOS Review and Action Plan:
   • Conduct a retrospective review of all invalidated OOS and OOT results from the past 3 years.

RELATED: OOS vs OOT vs OOE results in Pharma Industry

• For inconclusive investigations, re-assess potential manufacturing causes and implement necessary process controls.

1. Investigation Protocol Overhaul:
   • Revise SOPs for OOS investigations to ensure:
     • Root causes are systematically identified and documented.
     • Retesting is only conducted after a thorough analysis of initial failures.
2. Equipment and Method Validation:
   • Requalify all HPLC equipment and validate testing methods to eliminate equipment-related anomalies.

Preventive Actions (PA)

1. Proactive Investigation Systems:
   • Establish statistical trend analysis tools to monitor for early signs of OOS and OOT events.
   • Multidisciplinary teams (laboratory, manufacturing, QA) are required to collaborate on investigations.
2. Training Programs:
   • Develop targeted training for analysts and investigators on advanced root cause analysis techniques.
3. Quality Oversight Strengthening:
   • Form a dedicated team within the QU to oversee all OOS and OOT investigations and ensure compliance with revised protocols.

3. Ineffective Quality Systems

Root Cause Analysis (RCA)

1. Leadership Disconnect:
   • Executive management did not adequately oversee or support the implementation of cGMP compliance measures.
2. Fragmented Communication:
   • Poor coordination between the site and global quality organizations delayed necessary investigations and actions.
3. Resource Allocation Issues:
   • Lack of sufficient staffing and funding to address systemic quality issues proactively.

Corrective Actions (CA)

1. Executive-Level Engagement:
   • Form a cGMP Governance Board composed of senior management to oversee compliance initiatives and allocate necessary resources.
   • Conduct an immediate review of all cGMP violations globally and publish a remediation roadmap.
2. Site Accountability Program:
   • Implement a structured accountability framework to ensure site-level quality systems are aligned with global standards.
3. Global Audit of Quality Systems:
   • Commission a third-party audit of quality systems across all Viatris facilities.

Preventive Actions (PA)

1. Enhanced Communication Channels:
   • Introduce routine cross-functional meetings between site and global quality teams to ensure timely information flow.
   • Establish an escalation mechanism for unresolved quality issues.
2. Continuous Improvement Systems:
   • Create a continuous improvement program with defined metrics to monitor the effectiveness of quality systems.
3. Dedicated Training for Leadership:
   • Train executive management on cGMP compliance responsibilities and strategies for systemic quality improvement.

4. Data Integrity Deficiencies

Root Cause Analysis (RCA)

1. Systemic Weaknesses:
   • Lack of robust controls to prevent data alterations or ensure contemporaneous documentation.
   • Absence of audit trails and tamper-proof systems.
2. Cultural Deficiencies:
   • Tolerance for data manipulation due to weak organizational controls and insufficient penalties for violations.

Corrective Actions (CA)

1. Data Governance Overhaul:
   • Implement a centralized, tamper-proof electronic documentation system with full audit trail capabilities.
   • Mandate biometric authentication for data entry and approval.
2. Comprehensive Data Review:
   • Perform a retrospective, independent review of all data generated over the last 5 years to identify inaccuracies.
3. Personnel Accountability:
   • Remove employees involved in data falsification and implement disciplinary measures for supervisory lapses.

Preventive Actions (PA)

1. Data Integrity Policies:
   • Establish clear policies prohibiting data falsification, with strict penalties for violations.
2. Routine Audits:
   • Schedule quarterly internal and annual third-party audits to evaluate data integrity compliance.
3. Data Integrity Training:
   • Develop a comprehensive training program focused on cGMP-compliant data management practices.

Timeline for Implementation

0-3 Months (Immediate):

• Appoint Data Integrity Lead and cGMP Governance Board.
• Suspend non-compliant operations and initiate reserve sample testing.

3-6 Months (Short-Term):

• Complete the retrospective review of OOS results and data integrity breaches.
• Roll out new investigation SOPs and training programs.

6-12 Months (Long-Term):

• Transition to automated data systems with tamper-proof capabilities.
• Establish global CAPA evaluation mechanisms and conduct biannual independent audits.

Beyond 12 Months:

• Conduct comprehensive reviews of CAPA effectiveness and publish a summary report to the FDA for compliance validation.

Key Takeaways for Mylan Laboratories

1. Data integrity must be prioritized through comprehensive remediation efforts.
2. cGMP compliance cannot be reactive; it requires a proactive approach with robust training, oversight, and accountability.
3. Executive management must actively drive systemic improvements across global operations.

Conclusion

FDA’s Warning Letter to Mylan Laboratories highlights serious lapses in quality control, data integrity, and governance, posing risks to product quality and patient safety. These systemic failures, compounded by delayed responses, underscore the need for urgent, comprehensive corrective actions.

Mylan Laboratories must adopt robust reforms to address immediate violations and the underlying weaknesses in its quality systems. Executive leadership must drive these changes, fostering accountability and ensuring sustainable compliance. 

Mylan can rebuild regulatory trust and safeguard its reputation by prioritizing transparent governance, data integrity, and proactive quality oversight. Failure to act decisively risks prolonged scrutiny, import bans, and damage to patient confidence.