Beruflich Dokumente
Kultur Dokumente
www.technolutions.co.in
Validation is the documented act of proving that any procedure, process, equipment, material,
activity or system actually leads to the expected results.
Qualification is the act of planning, carrying out and recording of tests on equipment and
systems that form part of the validation process, in order to demonstrate that it will perform as
intended.
Validation, therefore, refers to the overall concept of validation, including process validation,
while qualification refers to the validation part of equipment and systems. In this sense,
qualification is part of validation.
You all shall agree that it now looks much bigger a job than anticipated (and hoped).
The people who belong to the group 4 above shall be our role models.
The „Risk Assessment‟ process should start with questioning and finding answers to1:
Does this system require validation?
If yes, how much?
What aspects of the system or process are critical to product and patient safety?
What aspects of the system or process are critical to business?
The questioning is important because it is impractical to completely test every aspect of the
system. We should therefore find out and focus our efforts on the critical areas.
Risk Analyses like Failure Mode and Effects Analysis (FMEA) have been carried out in the
industry in the field of safety engineering.
For a long time, such analyses were only used in high-risk industries (aerospace, nuclear
engineering, etc.).
As the benefits of RA became apparent, pharma industry started thinking, could RA be put to
use in the Pharma industry for the Validation activity?
USFDA thought so and in September 2004, published “Pharmaceutical CGMPs for the Twenty-
First Century—A Risk-Based Approach”.
But even before that, in March 2001, the ISPE published the “Pharmaceutical Engineering
Guides for New and Renovated Facilities: Volume 5 – Commissioning and Qualification”2.
The USFDA had actively cooperated with ISPE in the development of this guide and
virtually endorsed the guide.
The methodology used in this baseline guide is “Qualitative” and not “Quantitative” in
nature.
In 2001 ISPE also published “GAMP guide for Validation of Automated Systems (GAMP4)”.
This guide described the “Risk Assessment” process in great detail. This was a “semi
quantitative” method.
We have followed the same philosophy in the RA process but what we have tried new is
further simplification of the RA process and full quantitation of the process.
The model we have created is easy to understand and easy to use for all the stake holders.
This results in rapid and unbiased processing of the data by the stake holders and because
the decision making is embedded in the system, personal bias in decisions is removed.
Before we embark on the process, let us categorise systems based on their impact on
product quality2.
1. A “Direct Impact” (DI) system has a direct impact on product quality. Such systems are
commissioned in line with GEP and in addition, are subjected to Qualification Practices.
2. An “Indirect Impact” (IDI) system does not have a direct impact on product quality, but
supports a “Direct Impact” system. Such systems are designed and commissioned
following GEP only.
(The potable water system has no direct impact on product quality. However, it
provides input to the Purified Water system, a “Direct Impact” system. It is therefore an
“Indirect Impact” system. The performance of the potable water system has a potential
to affect the performance of the Purified Water system and hence the interfaces between
these two systems need to be carefully assessed.)
It is important to ensure that the DI systems could detect or prevent a product quality
threatening problem with an “Indirect Impact” system linked to it.
3. A “No Impact” (NI) system will not have any impact, either directly or indirectly, on
product quality. Such systems are designed and commissioned following GEP only.
Risk Assessment and the Validation Process: Page 5 of 5
A Risk Based Approach Quantitative evaluation methodology
Security Cabin
Gardening
Chilled water
Cooled Water
Soft Water
Plant Steam
Autoclave
WFI System
N2 Generator System
Critical Component: A component within a system whose operation, contact, data, control,
alarm, or failure may have a direct impact on the quality of the product.
With these tools in hand, let us now embark on the process of Risk Assessment (RA).
Before we start the RA process, we should identify the systems that impact quality so that
our resources are allocated and used effectively. This exercise is called System Impact
Assessment (SIA) Exercise.
System level Impact Assessment. This will divide the identified systems in to DI, IDI and
NI groups.
I know that an old hand performing this exercise shall intuitively „know‟ the categorization
for a number of systems without going through the formalities. But by definition, validation
is “… documented evidence…” and hence we have to document the decision making
process with the rationale behind it.
Make a „comprehensive‟ list of all the systems without any bias (remember the
adage, “Not Guilty” [or “Guilty”, based on your inclination, I want to be „Unbiased‟
here] unless proved otherwise).
Clean Steam
WFI
Tablet presses
Autoclave
Fire Protection
Once defined, these systems should form the basis of a project referencing system or
be integrated within it.
2. Define the system boundaries. A System Boundary is a limit drawn around a system
to logically define what is, and is not, included in the system.
1. Does the system have a direct contact with the product (air quality, Material of
Construction-MoC)?
5. Does the system produce data which is used to accept or reject product (e.g.
electronic batch recording system, or critical process parameter chart recorder)?
6. Is the system a process control system (e.g. PLC, Supervisory Control And Data
Acquisition - SCADA or distributed control system - DCS) that may affect product
quality and for which there is no system for independent verification of control
system performance in place.
Risk Assessment and the Validation Process: Page 8 of 8
A Risk Based Approach Quantitative evaluation methodology
If answers to all the six questions are “NO”, ask the 7th question:
At the end of this exercise, about 20-30% systems may get eliminated from the validation
scope altogether.
Stage 1: Component level Criticality Assessment for the DI systems. This will divide the
components in to two groups - components critical to quality and components not critical to
quality.
For the IDI systems, only those components of the system that are part of the „indirect‟
portion of the IDI system are assessed and categorised similarly.
Stage 2: Evaluate the quality critical components for the risk to product quality. Identify all
the possible failure modes associated with the component. Evaluate the impact of each
failure mode product quality to arrive at the level of validation effort deserved by it. Identify
the proper stage of the qualification at which the failure mode would be most appropriately
addressed.
At the end of this very comprehensive and systematic exercise you shall have your
qualification matrix ready.
The components within the DI and IDI systems should be assessed for their criticality to
product quality.
Before you start this exercise you should have with you the Design Specification (DS) and
Functional Specification (FS) and the Piping and Instrumentation Diagrams (P & ID) of the
equipment / system from the concerned vendor.
With the help of these documents, prepare a complete and unbiased list of all the
components of the DI system.
Take the help of the experienced project / maintenance engineers or the vendor to
understand the “Contact” interpretation.
Ask the following seven questions to each component. If the answer is yes for even one
question, it is a critical component.
1. Is the component used to demonstrate compliance with the registered process (e.g.
Chart recorder of stability chamber, temp recorder of steriliser etc.)?
2. Does normal operation or control of the component have a direct effect on product
quality (e. g. RPM of a homogeniser)?
3. Does the failure or alarm of the component have a direct effect on product quality or
efficacy (e.g. Temperature controller or indicator)?
4. Is the info from this component recorded as part of the batch record, lot release data,
or other GMP related documentation (e.g. Temp. or pH indicator , online check
weigher, online particle analyser etc.)?
5. Does the component have direct contact with product or product components (e.g.
pH meter probe, Pressure gauge, Tamping pin, Punches, Dies, Manufacturing vessel,
Syringes/pumps, silicone tubes etc.)?
6. Does the component control critical process elements that may affect product quality,
without independent verification of the control system performance (e.g. PLC)?
The system specific risk assessment is based on the system‟s Functional and Detailed
Design Specification.
The assessment lists each critical function, identified during the CCA, from the
functional specification. Each function or subsystem is determined to be critical,
major, minor, or cosmetic in affecting product quality, strength, identity, purity, and
efficacy.
Each of these is determined assuming the “addressed via” is not in place i.e.
assuming that there is no solution to the problem.
The validation method is determined by combining the assessment for the function
being evaluated with the risk priority. Risk Priority is determined from the Risk
Classification and the Probability of Detection. The team evaluates the design to
determine the probability of detection of the failure of the function. Risk
Classification is determined from the Risk Likelihood and the Customer Risk. The
Risk Likelihood and Customer risk are determined from the team‟s application of
established criteria to the design and function of the system.
For a GMP risk, the Risk Likelihood (frequency with which a failure occurs or can occur) is
of great importance. The more frequently a failure occurs, the higher is the risk. The
numerical values from 1 to 3 ascend with increasing likelihood.
Risk Likelihood
Numerical
Likelihood Value Criterion Examples
assigned
Occurrence could happen Malfunction of a Differential
but not likely, probably Pressure (DP) gauge
Low 1 once in 10,000
transactions.
Numerical
Magnitude Value Criterion
assigned
(Business Impact)
Customer Risk Low Medium High
(internal/external)
Probability of Detection
Numerical
Magnitude Value Criterion
assigned
STEP 3
Numerica
Assessment l Value Criteria
assigned
Critical 3 1. Directly or indirectly affects product quality, identity,
purity, strength, or efficacy.
2. Failure of the function or system would result in customer
harm.
3. Usually the main function of the system
4. Direct or likely regulatory impact
5. Requires several layers of risk mitigation, designed into
the system, in process checks, release testing or in
standard operating procedures.
6. Operator safety would be in jeopardy if failure occurred
7. Customer complaints likely if function fails
Validation Method
Validation
Risk Priority
Method
System/Function
Low Priority Medium Priority High Priority
Assessment
Cosmetic /
Verify Directly or
Operator Minimal Verification Minimal Verification
Indirectly
Enhancement
Verify Directly or
Minor Minimal Verification Verify Directly
Indirectly
Verify Directly or Indirectly – A specific test or an indirect verification, must reside in the
protocol. Indirect verification may include verification of the system working i.e. the
function must be documented as working.
Revisit project structure and makeup, e.g. induct experienced staff, provide
risk specific training.
4. Eliminate Risk:
Avoidance: The risks are so high that the system needs to be abandoned.
We would welcome comments and suggestions from our readers on the usability and suitability of
this model.
Bibliography:
1. GAMP guide for validation of automated systems (GAMP4), December 2001.
2. Pharmaceutical Engineering Guides for New and Renovated Facilities: Volume 5 –
Commissioning and Qualification, First Edition, March 2001.