API manufacturers perform analytical testing on APIs to confirm that they meet all applicable specifications established for release. Finished drug product manufacturers ensure that APIs used in their products meet all of their established specifications and—for compendial APIs—meet USP requirements. Additional information is provided below.

API Manufacturer Responsibilities
Section 501(a)(2)(B) of the FD&C Act requires all drugs (including APIs) to be manufactured in compliance with CGMP. FDA, therefore, expects API manufacturers to follow the recommendations in ICH guidance for industry Q7 Good Manufacturing Practice Guidance for Active Pharmaceutical Ingredients.   API labeling supplied by the API manufacturer includes a certificate of analysis (COA). Section 11.4 of ICH Q7 recommends that the API manufacturer’s COA should include, as applicable, the API’s name, grade, batch/lot number, date of release, and a list of “each test performed in accordance with compendial or customer requirements, including the acceptance limits, and the numerical results obtained . . . .” For example, for a compendial-grade API, the COA should identify the compendial tests that were performed (as well as customer-specified tests, if any) and the test results. If a compendial-grade API differs from a USP standard of strength, quality, or purity, that difference should be clearly declared on the label.

Finished Drug Product Manufacturer Responsibilities
In the CGMP regulations for finished pharmaceuticals, 21 CFR 211.80 states that “[T]here shall be written procedures describing in sufficient detail the . . . testing . . . of [finished drug product] components . . . .” Additionally, 21 CFR 211.84(d)(2) states that “[E]ach component shall be tested for conformity with all appropriate written specifications for purity, strength, and quality. In lieu of such testing by the manufacturer, a report of analysis may be accepted from the supplier of a component, provided that at least one specific identity test is conducted on such component by the manufacturer, and provided that the manufacturer establishes the reliability of the supplier’s analyses through appropriate validation of the supplier’s test results at appropriate intervals.” Therefore, if the finished drug product manufacturer accepts the test results from an API supplier’s COA rather than performing the tests itself (other than for identity, which the manufacturer is required to perform), the manufacturer must validate the API supplier’s reliability. This validation procedure is established by the finished drug product manufacturer and should be consistent with the principles of CGMP and risk management. The finished drug product manufacturer should also ensure that compendial-grade APIs comply with compendial specifications, either by testing the APIs or by validating API suppliers’ reliability, as described above.

References:

• FD&C Act Chapter V: Drugs and Devices
• 21 CFR 211.80: General requirements
• 21 CFR 211.84: Testing and approval or rejection of components, drug product containers and closures
• FDA Guidance for Industry, 2001, ICH Q7 Good Manufacturing Practice Guidance for Active Pharmaceutical Ingredients