104/105, Kaalika Tower, opp Pratap Cinema, Kolbad Road,

Thane (W). 400604. India. Tel: +91-22-25475532 / 5054.

www.technolutions.co.in

The need for Validation

Risks are a constant companion of every activity and decision that we take (or do not take!).
Pharma business is no exception.
It is the manufacturer‟s responsibility, legal as well as moral, to ensure that the patient
receives the products that are safe, effective and easy to use at an affordable cost.
Whether we work in production or QC or engineering, our prime or indeed the sole
objective is to consistently manufacture products of the required quality at the lowest
possible cost to the manufacturer and hence to the patient.
Validation is essential for the achievement of this objective.

The USFDA defines process validation as “establishing documented evidence which

provides a high degree of assurance that a specific process will consistently produce a
product meeting its predetermined specifications and quality attributes”.

Validation and qualification are essentially the same concept.

Validation is the documented act of proving that any procedure, process, equipment, material,
activity or system actually leads to the expected results.

Qualification is the act of planning, carrying out and recording of tests on equipment and
systems that form part of the validation process, in order to demonstrate that it will perform as
intended.

Validation, therefore, refers to the overall concept of validation, including process validation,
while qualification refers to the validation part of equipment and systems. In this sense,
qualification is part of validation.

Risk Assessment and the Validation Process:

A Risk Based Approach Quantitative evaluation methodology Page 1 of 1
There are three reasons for validation:
1. Validation is essential for assurance of quality: Validation implies that a process is
well understood and is in a state of control. GMPs and validation, two concepts that
cannot be separated, are essential to QA
2. It is effective in reducing costs: A validated process is a more efficient process that
produces less reworks, rejects and wastage.
3. It is a regulatory requirement: Validation is an integral part of GMPs. Compliance
with validation requirements is necessary for obtaining approval to manufacture and
to introduce new products

The Validation activities are divided into the following steps,

1) Validation Master Plan (VMP)
2) User Requirement Specification (URS)
3) Risk Assessment (RA)
4) Design Qualification (DQ)
5) Installation Qualification (IQ)
6) Operational Qualification (OQ)
7) Performance Qualification (PQ)
8) Process Validation (PV)
9) Cleaning Validation (CV)
10) Computer Validation (CSV) & Automation Systems
11) Analytical method validation
12) Validation Report (VR)
13) Revalidation (ReV)

A schematic representation of the interrelationships of these components of

Validation Philosophy is given below.

Risk Assessment and the Validation Process: Page 2 of 2

A Risk Based Approach Quantitative evaluation methodology
Risk Assessment and the Validation Process: Page 3 of 3
A Risk Based Approach Quantitative evaluation methodology
Now consider your facility. Try to calculate the scope of the validation activity and the time
frame and the resources available. Now try to put a plan for implementation. Also
remember that it is a legal requirement.

You all shall agree that it now looks much bigger a job than anticipated (and hoped).

When faced with this situation, people tackle it in a number of ways:

1. Validate everything (the classic “Carpet Bombing approach”).
2. Validate nothing (not many of this type exist, hopefully)
3. Validate what seems important.
4. Validate scientifically and systematically.

The people who belong to the group 4 above shall be our role models.

The „Risk Assessment‟ process should start with questioning and finding answers to1:
 Does this system require validation?
 If yes, how much?
 What aspects of the system or process are critical to product and patient safety?
 What aspects of the system or process are critical to business?

The questioning is important because it is impractical to completely test every aspect of the
system. We should therefore find out and focus our efforts on the critical areas.

Risk Analysis (RA) as a tool

Risk Analyses like Failure Mode and Effects Analysis (FMEA) have been carried out in the
industry in the field of safety engineering.
For a long time, such analyses were only used in high-risk industries (aerospace, nuclear
engineering, etc.).
As the benefits of RA became apparent, pharma industry started thinking, could RA be put to
use in the Pharma industry for the Validation activity?
USFDA thought so and in September 2004, published “Pharmaceutical CGMPs for the Twenty-
First Century—A Risk-Based Approach”.

But even before that, in March 2001, the ISPE published the “Pharmaceutical Engineering
Guides for New and Renovated Facilities: Volume 5 – Commissioning and Qualification”2.
The USFDA had actively cooperated with ISPE in the development of this guide and
virtually endorsed the guide.

Risk Assessment and the Validation Process: Page 4 of 4

A Risk Based Approach Quantitative evaluation methodology
The goal of the RA should be elimination of duplication of effort and costly practices of:
 Repeating qualification steps during process validation
 Qualifying systems that require only commissioning
 Generating insufficient or excessive documentation
 Excessively long project schedules and
 Delays which can result in product supply interruptions or delayed product
launches

The basic philosophy2 should be:

1. Good Engineering Practice (GEP) makes a significant contribution to meeting the
regulatory demands.
2. GEP is a satisfactory approach for “Indirect” and “No Impact” systems.
3. For systems having a “Direct Impact” on product quality, supplementary Qualification
Practices (in addition to GEP and commissioning) are required to fully address the
pharma industry demands.

The methodology used in this baseline guide is “Qualitative” and not “Quantitative” in
nature.

In 2001 ISPE also published “GAMP guide for Validation of Automated Systems (GAMP4)”.

This guide described the “Risk Assessment” process in great detail. This was a “semi
quantitative” method.

We have followed the same philosophy in the RA process but what we have tried new is
further simplification of the RA process and full quantitation of the process.
The model we have created is easy to understand and easy to use for all the stake holders.
This results in rapid and unbiased processing of the data by the stake holders and because
the decision making is embedded in the system, personal bias in decisions is removed.

Before we embark on the process, let us categorise systems based on their impact on
product quality2.
1. A “Direct Impact” (DI) system has a direct impact on product quality. Such systems are
commissioned in line with GEP and in addition, are subjected to Qualification Practices.
2. An “Indirect Impact” (IDI) system does not have a direct impact on product quality, but
supports a “Direct Impact” system. Such systems are designed and commissioned
following GEP only.
(The potable water system has no direct impact on product quality. However, it
provides input to the Purified Water system, a “Direct Impact” system. It is therefore an
“Indirect Impact” system. The performance of the potable water system has a potential
to affect the performance of the Purified Water system and hence the interfaces between
these two systems need to be carefully assessed.)
It is important to ensure that the DI systems could detect or prevent a product quality
threatening problem with an “Indirect Impact” system linked to it.
3. A “No Impact” (NI) system will not have any impact, either directly or indirectly, on
product quality. Such systems are designed and commissioned following GEP only.
Risk Assessment and the Validation Process: Page 5 of 5
A Risk Based Approach Quantitative evaluation methodology
 Security Cabin

Fire Fighting System

No Impact Systems
ETP

Gardening

Chilled water

Cooled Water

Soft Water

Plant Steam

Compressed Air Indirect Impact Systems

(The design and use of these
systems may affect their impact)
Purified Water System

Autoclave

Tunnel Steriliser Direct Impact Systems

Process Area HVAC

WFI System

Pure Steam Generator

N2 Generator System

Critical Component: A component within a system whose operation, contact, data, control,
alarm, or failure may have a direct impact on the quality of the product.

With these tools in hand, let us now embark on the process of Risk Assessment (RA).

The Risk Assessment Process

Before we start the RA process, we should identify the systems that impact quality so that
our resources are allocated and used effectively. This exercise is called System Impact
Assessment (SIA) Exercise.

System level Impact Assessment. This will divide the identified systems in to DI, IDI and
NI groups.

Risk Assessment and the Validation Process: Page 6 of 6

A Risk Based Approach Quantitative evaluation methodology
Remember that we have decided to do this exercise scientifically and systematically. The
results are open to scrutiny by the auditors and must be able stand up to it.

I know that an old hand performing this exercise shall intuitively „know‟ the categorization
for a number of systems without going through the formalities. But by definition, validation
is “… documented evidence…” and hence we have to document the decision making
process with the rationale behind it.

So here is how we shall proceed:

1. Identify systems. A system is an organization of engineering components that have a

defined operational function (e.g. piping, instrumentation, equipment, facilities,
computer hardware/ software etc).

Make a „comprehensive‟ list of all the systems without any bias (remember the
adage, “Not Guilty” [or “Guilty”, based on your inclination, I want to be „Unbiased‟
here] unless proved otherwise).

Clearly define the scope of each system. e.g.

 Chilled Water system

 Clean Steam

 WFI

 HVAC to process areas

 Effluent Treatment Plant (ETP)

 Tablet presses

 Autoclave

 Fire Protection

Once defined, these systems should form the basis of a project referencing system or
be integrated within it.

2. Define the system boundaries. A System Boundary is a limit drawn around a system
to logically define what is, and is not, included in the system.

The method for SIA is illustrated below graphically2.

Risk Assessment and the Validation Process: Page 7 of 7

A Risk Based Approach Quantitative evaluation methodology
Ask the following six questions to the system. If the answer is yes for even one question, it is
a DI system.

1. Does the system have a direct contact with the product (air quality, Material of
Construction-MoC)?

2. Does the system provide or produce an in-process material or an ingredient /

excipient or solvent, which forms a part of the final product formulation (e.g.
Purified Water, WFI, N2 Generating System)?

3. Is the system used in cleaning or sterilizing or depyrogenation (e.g. DHS, Autoclave,

Tunnel Sterilizer, Clean Steam Generator)?

4. Does the system preserve product status (e.g. N2)?

5. Does the system produce data which is used to accept or reject product (e.g.
electronic batch recording system, or critical process parameter chart recorder)?

6. Is the system a process control system (e.g. PLC, Supervisory Control And Data
Acquisition - SCADA or distributed control system - DCS) that may affect product
quality and for which there is no system for independent verification of control
system performance in place.
Risk Assessment and the Validation Process: Page 8 of 8
A Risk Based Approach Quantitative evaluation methodology
If answers to all the six questions are “NO”, ask the 7th question:

7. Is the system connected to a Direct Impact System?

If answer is “NO” it is a No Impact (NI) system.

If the answer is “Yes” it is an Indirect Impact (IDI) system.

It is strongly recommended, even should be made mandatory by the Validation Steering

Committee (VSC) that this exercise is performed jointly by all the stake holders. It may take
several sittings but the decision on each system must be arrived at jointly and
simultaneously.

Note also that there could be an element of variation of interpretation of answers to a

particular question and there could be disagreements. There shall be debates and long
arguments especially in the initial stages when stake holders are getting a grip on the
methodology. This should be encouraged as brainstormings shall also be a learning process
especially for the juniors in the committee.

At the end of this exercise, about 20-30% systems may get eliminated from the validation
scope altogether.

Risk Assessment (RA) exercise

We propose a two stage model.

Stage 1: Component level Criticality Assessment for the DI systems. This will divide the
components in to two groups - components critical to quality and components not critical to
quality.

For the IDI systems, only those components of the system that are part of the „indirect‟
portion of the IDI system are assessed and categorised similarly.

Stage 2: Evaluate the quality critical components for the risk to product quality. Identify all
the possible failure modes associated with the component. Evaluate the impact of each
failure mode product quality to arrive at the level of validation effort deserved by it. Identify
the proper stage of the qualification at which the failure mode would be most appropriately
addressed.

At the end of this very comprehensive and systematic exercise you shall have your
qualification matrix ready.

Risk Assessment and the Validation Process: Page 9 of 9

A Risk Based Approach Quantitative evaluation methodology
If this exercise is performed in time, it will also tell the VSC and the management about the
scope of validation, it‟s approximate time lines and the resources required at various stages
of the project.

Stage 1: Component Criticality Assessment Process (CCA):

The components within the DI and IDI systems should be assessed for their criticality to
product quality.

Before you start this exercise you should have with you the Design Specification (DS) and
Functional Specification (FS) and the Piping and Instrumentation Diagrams (P & ID) of the
equipment / system from the concerned vendor.

With the help of these documents, prepare a complete and unbiased list of all the
components of the DI system.

Take the help of the experienced project / maintenance engineers or the vendor to
understand the “Contact” interpretation.

Ask the following seven questions to each component. If the answer is yes for even one
question, it is a critical component.

1. Is the component used to demonstrate compliance with the registered process (e.g.
Chart recorder of stability chamber, temp recorder of steriliser etc.)?

2. Does normal operation or control of the component have a direct effect on product
quality (e. g. RPM of a homogeniser)?

3. Does the failure or alarm of the component have a direct effect on product quality or
efficacy (e.g. Temperature controller or indicator)?

4. Is the info from this component recorded as part of the batch record, lot release data,
or other GMP related documentation (e.g. Temp. or pH indicator , online check
weigher, online particle analyser etc.)?

5. Does the component have direct contact with product or product components (e.g.
pH meter probe, Pressure gauge, Tamping pin, Punches, Dies, Manufacturing vessel,
Syringes/pumps, silicone tubes etc.)?

6. Does the component control critical process elements that may affect product quality,
without independent verification of the control system performance (e.g. PLC)?

7. Is the component used to create or preserve a critical status of a system (e.g.

cryogenic storage system, Temp / RH controlled area for product storage.)?

Risk Assessment and the Validation Process: Page 10 of 10

A Risk Based Approach Quantitative evaluation methodology
 Stage 2: System Specific Risk Assessment

Qualification requirements are based on the criticality of the system functions to

product safety, identity, strength, purity and quality (SISPQ). These requirements are
next determined in a system specific risk assessment. The risk assessment can also be
extended to develop the qualifications matrix.

The system specific risk assessment is based on the system‟s Functional and Detailed
Design Specification.

The assessment lists each critical function, identified during the CCA, from the
functional specification. Each function or subsystem is determined to be critical,
major, minor, or cosmetic in affecting product quality, strength, identity, purity, and
efficacy.

Each function or subsystem or component is assessed for specific risks. Team

members determine the specific risks during a formal review of the system.

The system / component function is assessed for:

 The probable type of failure(s) (Failure Modes)

 The probability a failure would be detected

 The impact on the quality from the function failing

 The likelihood the function would fail

Each of these is determined assuming the “addressed via” is not in place i.e.
assuming that there is no solution to the problem.

Validation requirements are then determined by evaluating these levels and

combining them to determine a risk classification and the risk priority.

The validation method is determined by combining the assessment for the function
being evaluated with the risk priority. Risk Priority is determined from the Risk
Classification and the Probability of Detection. The team evaluates the design to
determine the probability of detection of the failure of the function. Risk
Classification is determined from the Risk Likelihood and the Customer Risk. The
Risk Likelihood and Customer risk are determined from the team‟s application of
established criteria to the design and function of the system.

Risk Assessment and the Validation Process: Page 11 of 11

A Risk Based Approach Quantitative evaluation methodology
STEP 1

Evaluate the Risk Classification

For a GMP risk, the Risk Likelihood (frequency with which a failure occurs or can occur) is
of great importance. The more frequently a failure occurs, the higher is the risk. The
numerical values from 1 to 3 ascend with increasing likelihood.

Criteria for Evaluating Risk Classification

Risk Likelihood

Numerical
Likelihood Value Criterion Examples
assigned
Occurrence could happen Malfunction of a Differential
but not likely, probably Pressure (DP) gauge
Low 1 once in 10,000
transactions.

Occurrence would not be Controller failure, blown fuse

unlikely, probably once in
Medium 2 1,000 transactions.

Is expected to occur, Machine jam, system fault, other

High 3 probably once in 100 typical production scenarios
transactions.

Risk Assessment and the Validation Process: Page 12 of 12

A Risk Based Approach Quantitative evaluation methodology
Customer Risk (internal/external) (Failure severity)
The severity of a failure is fundamental for its assessment. The severity is determined by the
implications of the failure. If, for example, a patient is harmed as a result of a failure, the
severity must be classified as high. On the other hand, if only a review of the technical
system is required, the severity is to be classified as low. The numerical values from 1 to 3
ascend with increasing severity.

Numerical
Magnitude Value Criterion
assigned

The failure has no or slight impact on the technical operations,

but no impact on the product quality. Customer
Low 1 would not notice effect in quality characteristics or attributes.

Slight deviations in the product specifications can occur

Medium 2 requiring moderate measures (e.g. higher monitoring
frequency in final testing and / or additional testing, etc.).

Significant deviations in the product quality can occur

requiring extensive measures (e.g. rejection of a batch, recall of
High 3 products, etc.).
Deviations can occur that might cause injury to consumers.

Risk Classification Risk Likelihood

(Business Impact)
Customer Risk Low Medium High
(internal/external)

Low 1 (Level 1) 1 (Level 1) 2 (Level 2)

Medium 1 (Level 1) 2 (Level 2) 3 (Level 3)

High 2 (Level 2) 3 (Level 3) 3 (Level 3)

Risk Assessment and the Validation Process: Page 13 of 13

A Risk Based Approach Quantitative evaluation methodology
 STEP 2

Evaluate the Risk Priority

Probability of Detection

To determine the GMP risk, it is important to know if a failure, if it occurred, will be

detected or if it will only be noticed once it has reached the customer.
The easier it is to detect the failure, the lower is the risk. Therefore, the numerical value falls
from 3 to 1 the higher the probability of detection. D = 1 is thus a value that can only be
achieved if a fully automatic, 100% control is integrated in the production sequence. D = 3
means that a failure is not detected.

Numerical
Magnitude Value Criterion
assigned

100 % automatic control, coupled with an alarm system.

Operating failure that is almost certainly noticed or evident in
the subsequent operations.
High 1 100% control, different analysis mechanisms, e.g. monitoring
of process parameters with alarm.
Obvious failure that is very probably detected in the subsequent
operations.

Failure or fault would likely be detected.

Frequent in-process control or continuous monitoring required
Medium 2
/ available.
Easy to recognise failure, which is controlled.

Defect characteristic that is difficult to recognise.

The failure or fault cannot be detected or is not routinely
Low 3
checked.

Risk Assessment and the Validation Process: Page 14 of 14

A Risk Based Approach Quantitative evaluation methodology
 Criteria for Evaluating System Specific Risks

Risk Priority Probability of Detection

Risk Classification High Medium Low

1 1 (Low Priority) 1 (Low Priority) 2 (Medium Priority)

2 1 (Low Priority) 2 (Medium Priority) 3 (High Priority)

3 2 (Medium Priority) 3 (High Priority) 3 (High Priority)

STEP 3

Assign a Validation Method

Measures to eliminate failures

Define measures to be implemented for the estimated Risk Priority i.e., define a failure
prevention program. Below are some examples of such measures:
* Introduction of specific tests in the appropriate qualification stage.
* Introduction of an additional quality check
* Changes to the facility to completely prevent certain failures
* Introduction of an additional check / control point in the context of preventative
maintenance
If you consider the above-mentioned examples of measures, one of the results of a detailed
RA could be a complete list of all necessary tests at different qualification stages.
That means this information is arrived at and is available at a very early stage and the course
of the project or the necessary resources can be planned more accurately.
In addition, time-consuming agreements with vendors at a later time are largely avoided
which, according to our experience, have a very hard impact on the project if the necessary
tests have not been defined at such an early stage.

Risk Assessment and the Validation Process: Page 15 of 15

A Risk Based Approach Quantitative evaluation methodology
Criteria for Evaluating Functions

Numerica
Assessment l Value Criteria
assigned
Critical 3 1. Directly or indirectly affects product quality, identity,
purity, strength, or efficacy.
2. Failure of the function or system would result in customer
harm.
3. Usually the main function of the system
4. Direct or likely regulatory impact
5. Requires several layers of risk mitigation, designed into
the system, in process checks, release testing or in
standard operating procedures.
6. Operator safety would be in jeopardy if failure occurred
7. Customer complaints likely if function fails

Major 2 1. Failure of function causes system to fail or leads to

significant production downtime
2. Failure of function results in product hold, significant
amount of lost units, added inspection, etc
3. Failure of function has a potential to have a regulatory
impact
4. The failure has a potential to cause customer harm
5. Operator safety would be a major concern, if failure
occurred
6. Potential customer complaints if the function fails

Minor 1 1. Failure in extreme circumstances could cause customer

harm
2. If failed, would result in occasional lost units
3. Unlikely possibility of regulatory impact
4. Operator safety would be of a minor concern, if failure
occurred
5. Downtime would be negligible when failure occurs
6. Customer complaints would be unlikely

Risk Assessment and the Validation Process: Page 16 of 16

A Risk Based Approach Quantitative evaluation methodology
 Numerica
Assessment l Value Criteria
assigned
Cosmetic / 0.5 1. Adds cosmetic value only to product or system
Operator 2. Unlikely or no regulatory impact
Enhancement 3. Failure could in no way cause customer harm
4. Function helps operator job, function could be
performed manually
5. Customer complaints could not be attributed to the
functions failure
6. Minimal safety concern if equipment or system was
misused

Validation Method

Validation
Risk Priority
Method
System/Function
Low Priority Medium Priority High Priority
Assessment

Cosmetic /
Verify Directly or
Operator Minimal Verification Minimal Verification
Indirectly
Enhancement
Verify Directly or
Minor Minimal Verification Verify Directly
Indirectly

Verify Directly or Verify Directly and

Major Verify Directly
Indirectly Risk Mitigation

Verify Directly and Verify Directly and

Critical Verify Directly
Risk Mitigation Risk Mitigation

Risk Assessment and the Validation Process: Page 17 of 17

A Risk Based Approach Quantitative evaluation methodology
Verify Directly and do Risk Mitigation – A specific test must reside in the protocol
including verification test or evaluation of risk mitigation

Verify Directly – A specific test must reside in the protocol

Verify Directly or Indirectly – A specific test or an indirect verification, must reside in the
protocol. Indirect verification may include verification of the system working i.e. the
function must be documented as working.

Minimal Verification – Verification requires inspection, visual verification, testing,

documentation, or other simplified means.

Risk Mitigation Strategies:

(Mitigation : The action of lessening in severity or intensity)

1. Modification of the process or system design elements to mitigate the risk.

 Modify process design, e.g. introduce additional verification checks within

the system design (software design).
 Introduce external procedures, e.g. double checking (manual/ instrumental).
 Modify product / system design

2. Modify project strategies

 Revisit project structure and makeup, e.g. induct experienced staff, provide
risk specific training.

3. Modify validation approach

 Increase scope and / or level of testing applied during the various stages of
the validation process.
 Develop specialized testing designed to detect the failure.

4. Eliminate Risk:
 Avoidance: The risks are so high that the system needs to be abandoned.

Risk Assessment and the Validation Process: Page 18 of 18

A Risk Based Approach Quantitative evaluation methodology
We have used this methodology coupled with our in-house software that we have successfully used
to perform and record these activities over the last two years and have used it in the field also.
It has been our experience that it has reduced the subjectivity factor from the assessments, has
increased buy in by the stake holders, has enhanced the confidence level of both the user and the
auditors and at the same time has introduced a fun element in the exercise.

We would welcome comments and suggestions from our readers on the usability and suitability of
this model.

Bibliography:
1. GAMP guide for validation of automated systems (GAMP4), December 2001.
2. Pharmaceutical Engineering Guides for New and Renovated Facilities: Volume 5 –
Commissioning and Qualification, First Edition, March 2001.

==================================================== End of File

Risk Assessment and the Validation Process: Page 19 of 19

A Risk Based Approach Quantitative evaluation methodology