Rick Jairam, M.Sc.

, PMP
GlaxoSmithKline
` What is Analytical Equipment Lifecycle
Management?

` Purchasing through decommissioning. Includes

equipment
q p selection,, validation,, calibration,,
incident handling/troubleshooting, change
control, periodic review.

` Focus on GxP COTS (Commercial Off the Shelf)

equipment following SILC (software
implementation lifecycle)
` Impacts: business cost,
cost lab efficiency
efficiency, compliance

` GAMP quote: “In a typical regulated laboratory, if the

validation process is not well devised and executed,
lab computerized systems may cost nearly as much
to validate as they do to purchase.”
purchase.

` About 10% of COTS instrumentation will not meet

user requirements
i after
f delivery.
d li IIssues may iinclude
l d
software bugs, method requirements, pharmacopeia
requirements,
q , throughput
g p requirements
q ((automated
systems), 21 CFR 11etc.
Poor Management of the lifecycle can lead to:

` Delay the use of new systems for several

months.
` I fl t validation
Inflate lid ti costs
t
` Exposure to unnecessary compliance risk
` Reduce
d return on investment b
by increasing
equipment down time.
1. Validation Plan
2. Risk assessment
3. User requirements
4
4. Supplier assessment
5. IQ/OQ
6. PQ/PM/Calibration
7
7. Configuration Management
8. Tracematrix & VSR
9. Training, Use SOPs
10. Ch
Change Control
C l
11. Data Backup/recovery & System administration
12. Incident handling and troubleshooting
13. Periodic Review
14. Decommissioning
` Select right equipment to meet user
requirements
` Single set of global requirements desirable
but often difficult to achieve.
` Supplier Assessment – looking for evidence of
a quality management system – based on
equipment risk categorization.
categorization
` Initial installation/validation and ongoing
vendor
support from vendor.
` >90% of analytical equipment in a typical lab
is Commercial Off The Shelf (COTS)
` COTS systems allow a streamlined,
streamlined simplified
validation process without dealing with
design elements.
elements
` Relies on vendor to have a good quality
management system – risk deflection
` Need to have COTS definition
` Risk based approach: GAMP categorization
Attributes:
` Exist a priori – not to be developed
` Non trivial install base (more than a few
copies)
` Buyer
B h
has no access tot source code
d
` Vendor controls development
V.Basili, B.Boehm. “COTS-Based Systems Top 10
List” IEEE Computer 34(5), May 2001, pp 91-93
` Risk Based approach cGMPs for 21st century
` Scale validation effort based on equipment
complexity and likelihood of problem
detection (risk to data integrity) - GAMP
C A
Cat C B
Cat C C
Cat C D
Cat C E
Cat
Simple Simple Complex Software Software
firmware firmware firmware
No computer No computer No computer computer computer

No data Calibration Method Data storage Data storage

output storage storage and
processing
Stirrers, pH meters, HPLC HPLC with HPLC with
sonicators balances connected to Chemstation Chemstation
validated CDS control only
y
` May be generic for COTS equipment
` Specifies approach (risk based)
` Key Deliverables
` Responsibilities
` D il d project
Detailed j W
WorkkBBreakdown
kd S
Structure
(WBS), task duration, task sequencing,
resource assignments
i t bbestt h
handled
dl d b
by a
business (non GxP) project plan, e.g. MS
Project
Project.
` Operation range
` Performance requirements
` Software inputs
inputs, outputs,
outputs calculations
` Data integrity 21CFR11 requirements
` M
Must b
be verifiable
ifi bl
` Must be traceable to test cases
` Correct installation of hardware and software
` Identification of all hardware and software -
Inventory update
Configuration:
` Definition
D fi iti off system
t
` Security settings
` Communication, data d acquisition and
d
processing settings
` Data Backup - Automated means preferred.
` Testing that the system will function
according to operational specifications
g
throughout intended operational
p range
g -
verification of correct operation of hardware
and software.
` Vendor
d protocoll can b be used,
d bbut need
d to b
be
reviewed to ensure that it meets user
requirements – offers time and resource
savings.
` Responsibility for validation is on customer
customer,
not vendor.
` System reliably meets user requirements in
production - Ongoing testing to maintain
validated state
` Determine appropriate system suitability,
calibration tests and limits
` Scheduling system
` System for OOT investigations and business
notification
` Trace requirements to testing
` Summarize validation activities
` Incidents/deviations – resolution of exception
reports
` Li it ti
Limitations on use
` Release system for use
 Mechanism for requesting,
requesting evaluating,
evaluating
authorizing, testing and implementing
changes to a validated system
system.
` Emergency – repair
` Proceduralized – pre-approved
pre approved
` Planned - future
` M td
Must define
fi whath t aspects
t off equipment
i t
lifecycle will be under formal change control
` Ch
Change controll system must beb agile
il to allow
ll
rapid changes
` Incident/Problem reporting and resolution –
input to change control process
` Vendor/internal resource
` Generally more cost effective to use internal
resource however need to consider:
resource,
` Internal skill set
` R
Response Ti
Time required
i d
` Setup user groups and accounts to meet data
integrity requirements
` Control access to system and any external
data
` Computer system maintenance
` System restoration in event of failure
` I id t reporting
Incident ti and
d managementt
` Typically independent of user to maintain
d
data iintegrity
i
` Maintaining validated state
` What category of system will require formal
review.
review
` How often? 1-3 years
` Wh t tto review
What i
` Changes to hardware, software, location
` Documentation is current – user requirements
` Security
` Incidents
` May be driven by usage metrics
metrics, age/support
age/support,
incidents.
` Inventory updates
` Close out calibration
` R
Removal l off software
ft & hardware
h d
` Record retention – software and data
` Validation expectations and equipment
complexity /computerization has increased.
` Most medium/large g pharma companies have
responded by having dedicated resource/ group
to manage the lifecycle efficiently
` Alternatively have contracted aspects to vendor
or third party.
` Cost of contracting generally about 50% higher.
Still need to have internal accountability (audits)
and governance. Training and retention of
kill d personnell iis k
skilled f l iinternall
key to a successful
group.
` Parts of the lifecycle may be handled as projects,
e.g validation – benefit from the application of
good project management best practices
(PMBOK ).
(PMBOK®)
` Others are ongoing operations
` Need to have integration
g between projects
j and
operations.
` Detailed knowledge of equipment that is
developed during validation may be needed later
in the lifecycle (calibration, use, troubleshooting
etc.)
` Integration is helped by a good electronic
equipment management system.
 COTS Equipment Lifecycle Management

Risk Generic and

Validation Plan
Assessment
A C
Combine
bi

Project start Project end

Traceability
User Supplier Configuration
IQ OQ/PQ matrix and
Requirements Assessment Management
VSR

Data Backup
and Recovery

Use,
Use
Training Calibration
Electronic SOPs
Equipment
Management
System

Incident
Change Periodic PQ / Software
Handling
g&
C t l
Control R i
Review C lib ti
Calibration Ad i i t ti
Administration
troubleshooting

Decommissioning
` Proper management of the analytical
equipment lifecycle is required to meet
business and regulatory requirements
requirements.
` Efficient control of the lifecycle can be
achieved using good project and risk
management practices.
` Equipment validation adds business value and
should not be viewed as only a regulatory
exercise that is measured by the amount of
paper generated.