Rick Jairam, M.Sc.

, PMP
GlaxoSmithKline

What is Analytical Equipment Lifecycle

Management?
Purchasing through decommissioning. Includes
equipment
q p
selection,, validation,, calibration,,
incident handling/troubleshooting, change
control, periodic review.
Focus on GxP COTS (Commercial Off the Shelf)
equipment following SILC (software
implementation lifecycle)

Impacts: business cost,

cost lab efficiency
efficiency, compliance
GAMP quote: In a typical regulated laboratory, if the
validation process is not well devised and executed,
lab computerized systems may cost nearly as much
to validate as they do to purchase.
purchase.
About 10% of COTS instrumentation will not meet
user requirements
i
after
f
delivery.
d li
IIssues may iinclude
l d
software bugs, method requirements, pharmacopeia
requirements,
q
, throughput
g p requirements
q
((automated
systems), 21 CFR 11etc.

Poor Management of the lifecycle can lead to:

`

`
`
`

Delay the use of new systems for several

months.
I fl t validation
Inflate
lid ti
costs
t
Exposure to unnecessary compliance risk
Reduce
d
return on investment b
by increasing
equipment down time.

1.
2.
3.
4
4.
5.
6.
7
7.
8.
9.
10.
11.
12.
13.
14.

Validation Plan
Risk assessment
User requirements
Supplier assessment
IQ/OQ
PQ/PM/Calibration
Configuration Management
Tracematrix & VSR
Training, Use SOPs
Ch
Change
Control
C
l
Data Backup/recovery & System administration
Incident handling and troubleshooting
Periodic Review
Decommissioning

Select right equipment to meet user

requirements
Single set of global requirements desirable
but often difficult to achieve.
Supplier Assessment looking for evidence of
a quality management system based on
equipment risk categorization.
categorization
Initial installation/validation and ongoing
vendor
support from vendor.

`
`

>90% of analytical equipment in a typical lab

is Commercial Off The Shelf (COTS)
COTS systems allow a streamlined,
streamlined simplified
validation process without dealing with
design elements.
elements
Relies on vendor to have a good quality
management system risk deflection
Need to have COTS definition
Risk based approach: GAMP categorization

Attributes:
` Exist a priori not to be developed
` Non trivial install base (more than a few
copies)
` Buyer
B
h
has no access to
t source code
d
` Vendor controls development

V.Basili, B.Boehm. COTS-Based Systems Top 10

List IEEE Computer 34(5), May 2001, pp 91-93

`
`

Risk Based approach cGMPs for 21st century

Scale validation effort based on equipment
complexity and likelihood of problem
detection (risk to data integrity) - GAMP
C A
Cat

C B
Cat

C C
Cat

C D
Cat

C E
Cat

Simple
firmware

Simple
firmware

Complex
firmware

Software

Software

No computer

No computer

No computer

computer

computer

No data
output

Calibration
storage

Method
storage

Data storage

Data storage
and
processing

Stirrers,
sonicators

pH meters,
balances

HPLC
connected to
validated CDS

HPLC with
Chemstation
control only
y

HPLC with
Chemstation

`
`
`
`
`

May be generic for COTS equipment

Specifies approach (risk based)
Key Deliverables
Responsibilities
D il d project
Detailed
j
W
Work
kB
Breakdown
kd
S
Structure
(WBS), task duration, task sequencing,
resource assignments
i
t b
bestt h
handled
dl d b
by a
business (non GxP) project plan, e.g. MS
Project
Project.

`
`
`
`
`
`

Operation range
Performance requirements
Software inputs
inputs, outputs,
outputs calculations
Data integrity 21CFR11 requirements
M
Must
b
be verifiable
ifi bl
Must be traceable to test cases

Correct installation of hardware and software

` Identification of all hardware and software Inventory update
Configuration:
` Definition
D fi iti
off system
t
` Security settings
` Communication, data
d
acquisition and
d
processing settings
` Data Backup - Automated means preferred.
`

Testing that the system will function

according to operational specifications
g
intended operational
p
range
g throughout
verification of correct operation of hardware
and software.
Vendor
d protocoll can b
be used,
d b
but need
d to b
be
reviewed to ensure that it meets user
requirements offers time and resource
savings.
Responsibility for validation is on customer
customer,
not vendor.

`
`

System reliably meets user requirements in

production - Ongoing testing to maintain
validated state
Determine appropriate system suitability,
calibration tests and limits
Scheduling system
System for OOT investigations and business
notification

`
`
`

`
`

Trace requirements to testing

Summarize validation activities
Incidents/deviations resolution of exception
reports
Li it ti
Limitations
on use
Release system for use

`
`
`
`

Mechanism for requesting,

requesting evaluating,
evaluating
authorizing, testing and implementing
changes to a validated system
system.
Emergency repair
Proceduralized pre-approved
pre approved
Planned - future
M td
Must
define
fi what
h t aspects
t off equipment
i
t
lifecycle will be under formal change control
Ch
b agile
il to allow
ll
Change
controll system must be
rapid changes

`
`

`
`

Incident/Problem reporting and resolution

input to change control process
Vendor/internal resource
Generally more cost effective to use internal
resource however need to consider:
resource,
Internal skill set
R
Response
Ti
Time required
i d

`
`
`
`

Setup user groups and accounts to meet data

integrity requirements
Control access to system and any external
data
Computer system maintenance
System restoration in event of failure
I id t reporting
Incident
ti
and
d managementt
Typically independent of user to maintain
d
iintegrity
i
data

`
`

`
`
`
`
`
`

Maintaining validated state

What category of system will require formal
review.
review
How often? 1-3 years
Wh t tto review
What
i
Changes to hardware, software, location
Documentation is current user requirements
Security
Incidents

`
`
`
`

May be driven by usage metrics

metrics, age/support
age/support,
incidents.
Inventory updates
Close out calibration
R
Removal
l off software
ft
& hardware
h d
Record retention software and data

`
`

`
`

Validation expectations and equipment

complexity /computerization has increased.
Most medium/large
g pharma companies have
responded by having dedicated resource/ group
to manage the lifecycle efficiently
Alternatively have contracted aspects to vendor
or third party.
Cost of contracting generally about 50% higher.
Still need to have internal accountability (audits)
and governance. Training and retention of
kill d personnell iis k
f l iinternall
skilled
key to a successful
group.

`
`
`

Parts of the lifecycle may be handled as projects,

e.g validation benefit from the application of
good project management best practices
(PMBOK ).
(PMBOK)
Others are ongoing operations
Need to have integration
g
between projects
j
and
operations.
Detailed knowledge of equipment that is
developed during validation may be needed later
in the lifecycle (calibration, use, troubleshooting
etc.)
Integration is helped by a good electronic
equipment management system.

COTS Equipment Lifecycle Management

Validation Plan

Risk
Assessment
A

Generic and
C
Combine
bi

Project start

Project end

User
Requirements

Supplier
Assessment

Configuration
Management

IQ

OQ/PQ

Traceability
matrix and
VSR

Data Backup
and Recovery

Training

Electronic
Equipment
Management
System

Change
C t l
Control

Periodic
R i
Review

Use,
Use
Calibration
SOPs

Incident
Handling
g&
troubleshooting

Decommissioning

PQ /
C lib ti
Calibration

Software
Ad i i t ti
Administration

Proper management of the analytical

equipment lifecycle is required to meet
business and regulatory requirements
requirements.
Efficient control of the lifecycle can be
achieved using good project and risk
management practices.
Equipment validation adds business value and
should not be viewed as only a regulatory
exercise that is measured by the amount of
paper generated.