Considerations for Validation of Manufacturing Execution Systems

Similar documents
Computer and Software Validation Volume II

GAMP 4 to GAMP 5 Summary

CONTENTS. List of Tables List of Figures

Computer System Configuration Management and Change Control

Validating Enterprise Systems: A Practical Guide

GAMP5 - a lifecycle management framework for customized bioprocess solutions

Computer System Configuration Management and Change Control

Testing Automated Manufacturing Processes

Process Validation: Practical Aspects of the New FDA Guidance

The Paperless QMS March 2012

This interpretation of the revised Annex

White paper: FDA Guidance for Industry Update Process Validation

STS Federal Government Consulting Practice IV&V Offering

SaaS Adoption Lifecycle in Life-Sciences Companies

Pharma IT journall. Regular Features

A Pragmatic Approach to the Testing of Excel Spreadsheets

Validation Best Practice for a SaaS

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

PAS X. Competence. Implementation. Support. Services Overview. PAS-X Services. Global Service Centres

Considerations When Validating Your Analyst Software Per GAMP 5

Monitoring the autoclaving process in the pharmaceutical industry

Qualification Guideline

FDA Software Validation-Answers to the Top Five Software Validation Questions

Infor CloudSuite Industrial (SyteLine) for Medical Devices

Computer System Validation - It s More Than Just Testing

Siemens Industry Automation Division

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Risk-Based Validation of Commercial Off-the-Shelf Computer Systems

Risk-Based Validation of Computer Systems Used In FDA-Regulated Activities

Effective Asset Management for Life Sciences

New changes to cleanroom & clean air device classifications: ISO & 2

Validated SaaS LMS SuccessFactors Viability

Conducting a Gap Analysis on your Change Control System. Presented By Miguel Montalvo, President, Expert Validation Consulting, Inc.

Clinical database/ecrf validation: effective processes and procedures

TrackWise - Quality Management System

A Model for Training/Qualification Record Validation within the Talent Management System

Clinical Platform Compliance in the Cloud

Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January Change Control

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

Services Providers. Ivan Soto

Validation Approach and Scope for Business Process System Validation. Epitome Technologies Private Limited

Documenting Distribution Operations: FDA Validation Beyond the Laboratory and Manufacturing Facility

Making SOP Training More Effective

Balancing cgmp vs. SOX. Compliance Guidances

QUESTIONS FOR YOUR SOFTWARE VENDOR: TO ASK BEFORE YOUR AUDIT

Risk management is one of the new requirements for. An Integrated Risk Assessment for Analytical Instruments and Computerized Laboratory Systems

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

Emptoris Contract Management Solution for Healthcare Providers

Cost of Poor Quality:

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

Request for Proposal for Application Development and Maintenance Services for XML Store platforms

Full Compliance Contents

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

ICH Public Meeting. Joseph C. Famulare. October 2, Acting Deputy Director Office of Compliance CDER / FDA Office of Compliance

Calibration & Preventative Maintenance. Sally Wolfgang Manager, Quality Operations Merck & Co., Inc.

Designing a CDS Landscape that Ensures You Address the Latest Challenges of the Regulatory Bodies with Ease and Confidence

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

The PNC Financial Services Group, Inc. Business Continuity Program

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Cloud Computing in GxP Environment

Complete Document & Process Management for Life Sciences on SharePoint 2010

Reaching CMM Levels 2 and 3 with the Rational Unified Process

Compliance Focused Preapproval Preparation Program. By Mike Ronningen, RAC

How to Survive an FDA Computer Validation Audit

Data Management and Good Clinical Practice Patrick Murphy, Research Informatics, Family Health International

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

ORACLE PROCESS MANUFACTURING QUALITY MANAGEMENT

GAMP 5 and the Supplier Leveraging supplier advantage out of compliance

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

GE Healthcare Life Sciences. Validation Services. Compliance support through life cycle management

Optimizing Quality Control / Quality Assurance Agents of a Global Sourcing / Procurement Strategy

Domain 1 The Process of Auditing Information Systems

Monitoring manufacturing, production and storage environments in the pharmaceutical industry

Design Verification The Case for Verification, Not Validation

Project Management Office Best Practices

Pharma CloudAdoption. and Qualification Trends

Library Guide: Pharmaceutical GMPs

A Quality System Approach to Retrospective Validation of Manufacturing Support Systems William Lodato, P.E.

Medical Device Regulations for Process Validation: Review of FDA, GHTF, and GAMP Requirements

Job description. Job title. Process Engineer. Responsible to. Process Engineering Manager. Hours/sessions per week 37.

Template K Implementation Requirements Instructions for RFP Response RFP #

CMS Policy for Configuration Management

ALS Configuration Management Plan. Nuclear Safety Related

Aligning Quality Management Processes to Compliance Goals

Off-the-Shelf Software: A Broader Picture By Bryan Chojnowski, Reglera Director of Quality

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A

Using the ISPE s GAMP Methodology to Validate Environmental Monitoring System Software

White paper: How to implement a Quality Management System

COTS Validation Post FDA & Other Regulations

ICH Q10 - Pharmaceutical Quality System

Guidance for Industry: Quality Risk Management

Company Background EMAGINED SECURITY All rights reserved.

TIBCO Spotfire and S+ Product Family

Bringing Safe and Cost Effective Products to Market

Validation Consultant

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

Risks in ERP implementation

Transcription:

Considerations for Validation of Manufacturing Execution Systems Chris Wubbolt and John T. Patterson ABSTRACT Manufacturing execution systems (MES) are increasingly commonplace in pharmaceutical manufacturing environments. MES are used for many purposes within manufacturing environments and can be interfaced with many different types of systems, equipment, and instruments. Control of the manufacture for pharmaceutical and medical device products is of critical importance to assure product quality and patient safety. Therefore, the initial validation and on-going control of MES is of utmost significance and interest to regulatory authorities when they perform inspections of manufacturing facilities. This article discusses current topics, considerations, and controls necessary for the validation and ongoing compliance activities required for MES. INTRODUCTION Improvements in computer-based control systems through technological breakthroughs in integrated circuit manufacturing and software design have been essential to the development of the modern day pharmaceutical manufacturing facility. Automation of processes have improved efficiency, reduced costs, and increased compliance for the manufacture of pharmaceutical products. The MES represent one of the more recent offspring of these technological improvements and are capable of a high degree of integration with different types of equipment and systems including both shopfloor automation equipment (e.g., DCS, PLC) and the business management systems such as enterprise resource planning (ERP) systems. The MES also enables critical functionality including electronic batch records (EBR) that help ensure the highest level of consistency and reproducibility, thereby ensuring the highest level of product quality and corresponding assurance of patient safety. Because of the favorable business case provided by the MES for pharmaceutical and medical device products, their use within these types of manufacturing environments is increasing. A common architecture for an MES system is shown in Figure 1. VALIDATION STRATEGY AND APPROACH To ensure the appropriate validation of an MES design, it is essential to have a well-defined validation strategy that is based on company validation and quality standard operating procedures (SOPs) and further detailed in an approved quality assurance plan (QAP) or equivalent validation or quality planning document. GAMP5 provides an excellent basis for development of a companywide quality management system that comprehensively addresses requirements for validation, implementation, and use of computerized systems, including explanation of key principles as well as templates and additional guidance and instruction (see Reference). For MES, several elements that would normally be considered in a validation or quality assurance plan are as follows: System scope including interfaces with other IT/ automation systems System description and intended use Roles and responsibilities during the validation effort, including required approvals on deliverables Governing quality management system and system development lifecycle (SDLC) policies and SOPs, including: Computer system validation policy and procedures Risk management ABOUT THE AUTHORS For more Author Chris Wubbolt is a principal consultant at QACV Consulting specializing in computer systems compliance, including information, validation, as well as quality assurance activities such as auditing, training, and six sigma quality improvement processes. go to He may be reached by e-mail at chris.wubbolt@qacv.net. John T. Patterson is the Senior Director of IT Compliance and gxpandjvt.com/bios[ is responsible for the overall regulatory compliance and inspection readiness of IT and Automation capabilities within the Manufacturing and Supply Chain function of Merck & Co. He may be reached by e-mail at john_patterson@merck.com. 80 Journal of Validation Technology [Winter 2012] ivthome.com

C h r i s W u b b o lt a n d J o h n T. Pat t e r s o n Figure 1: Common architecture for an MES system. Change control Training MES vendor involvement (additional discussion pertaining to vendor involvement is provided below) Testing and qualification strategy SDLC deliverables, including: Quality assurance plan Requirements Functional specifications System design specifications Risk assessments Design qualification Qualification protocols Qualification and test summary reports Electronic batch record (EBR) development SOPs Part 11 compliance documentation, including electronic record and electronic signature applicability assessments Security and access controls, including user groups and roles Definition and description of batch end reports Development phase issue management (e.g., test incident reports) Documentation management Validation summary reporting Incident, change, and problem management SOPs (operational phase) Back-up and recovery processes EBR operational phase change management SOPs Periodic review reports Decommissioning (if required). LEVERAGING MES VENDOR QUALITY PROCESSES Implementation and validation of MES is a considerable undertaking and requires significant organizational resources. The ability to leverage the MES vendor s design, development, testing and verification, and quality pro- gxpandjv t. com Journal of Validation Technology [Winter 2012] 81

cesses and documentation may help to streamline the validation and implementation processes while maintaining a high level of quality and compliance. The MES vendor s quality processes and documentation must be formally assessed to allow leveraging of existing documentation and testing that the vendor may have conducted. Typically, for critical systems such as an MES, an on-site audit must be conducted to adequately assess the vendor s quality systems and system development lifecycle methodology. A vendor audit normally includes assessment of the following vendor processes: Overall quality system Organizational structure System development lifecycle methodology, including System functional and detailed design specifications Coding standards and code review Unit testing Integration and system testing Incident, problem, and change management Release management processes, including major, minor, and patch releases Training program Customer support. The ability to leverage a vendor s previous efforts is dependent upon the quality of the vendor s documentation and processes, particularly those related to their SDLC processes. Although software vendors are typically not regulated by the US Food and Drug Administration (unless the vendor produces software used in medical devices), if vendor documentation, including testing, can be leveraged it must be at a GMP quality level. GMP quality documentation processes typically include adherence to applicable SOPs, version control, approved documents, and an appropriate level of quality review and approval. Testing and incident resolution, including review and approval of test results, should also be carefully evaluated during the vendor assessment and audit process. The results of the vendor assessment are typically summarized within a vendor self-assessment or audit report depending on the criticality of the vendor supplied software. If vendor documentation and processes are utilized during the validation process, the vendor self-assessment, audit report, or supporting documentation should clearly indicate the quality processes and documentation that were assessed. If the vendor s processes and documentation are deemed adequate, it may be possible to leverage the vendor s documentation and previous SDLC activities during the MES validation effort. If quality issues are identified during the vendor assessment, the ability to leverage vendor activities and documentation may be limited. The amount of vendor documentation to be used during the validation effort should be documented within the project validation or quality plan, or risk assessment documentation, along with appropriate justifications. GLOBAL VS. LOCAL IMPLEMENTATIONS For multi-site organizations, another consideration is whether to develop individual (i.e., stand alone) MES instances versus a global instance, which could better facilitate the highest level of standardization within the organization, as well as allowing leveraging of resources. Although this may not be a priority, particularly for smaller organizations, significant efficiencies can be gained through the use of a single (or minimum) number of global instances from which all other local MES instances can be more efficiently configured. If such a global and local approach is pursued, it is important to consider how their respective quality and validation planning processes will work and coordinate with each other, including roles and responsibilities within the local and global organizations. For example, to ensure the ability to update the global instance independent of the local instances, it is considered beneficial to have a separate quality or validation plan in place for any global instances. The local MES quality or validation plan will also need to appropriately reference and align with the global quality and validation plan because it would be assumed that the local instances would leverage significant testing and qualification (e.g., operational qualification [OQ]) from the global, both of which may be needed as documented evidence during regulatory inspections. Finally, one final consideration is whether the global instance is for testing purposes only, or whether it is also used for manufacture of product. Either approach can be used and ultimately depends on what makes sense for the organization, although the global approach will require more rigorous project management, communication, and configuration management controls and processes. RISK MANAGEMENT One other important consideration is the use of the risk management techniques in ensuring appropriate risk failure scenarios are identified and appropriate mitigations are put in place prior to use of the MES in pharmaceutical or medical device manufacturing. Such risk assessments should be used wherever possible, particularly when there may be limited knowledge of the possible failure 82 Journal of Validation Technology [Winter 2012] ivthome.com

C h r i s W u b b o lt a n d J o h n T. Pat t e r s o n Figure 2: MES validation process. scenarios and should be focused on failure scenarios that can have impact on product quality or patient safety. For example, risk assessments of interfaces between MES and business ERP systems can be effective in identifying possible failure points that can be used to ensure appropriate monitoring is put in place prior to the commencement of manufacturing. Mitigation strategies identified as a result of the risk assessments may include, but are not limited to, identification of the need for additional testing (or, in some cases, reduced testing or testing that leverages vendor-supplied documentation), system re-design, procedural controls, or increased monitoring of system operations. After a mitigation strategy is implemented, it is important to verify the effectiveness of the mitigation strategy. One way to assess the effectiveness of a mitigation strategy is to re-rank the risk scenario to determine if the mitigation strategy has reduced the risk to a lower priority. Risk Assessment Example The use of a risk assessment to focus validation efforts to critical activities may include, for example, the ability to leverage unit testing or development testing in place of operational qualification or system testing during the validation effort. The risk assessment effort should be completed following an approved SOP and documented accordingly, typically within a risk assessment report. In addition, the unit or development testing must be of GMP quality and completed in a controlled testing environment. A risk assessment that identifies low risk functionality (as defined by the risk assessment SOP) may allow unit or development testing to be used in place of operational qualification or integrated system testing. Low risk functions typically refer to those functions that have minimal impact on product quality, patient safety, or data integrity. SYSTEM DEVELOPMENT LIFECYCLE One final consideration for the MES validation and quality planning process is the type of software development process (e.g., traditional waterfall, rapid prototyping) that will be used. In general, if only very limited configuration changes are planned then a traditional waterfall method is probably more appropriate. However, if more sophisticated software configuration or some customization is needed, a more efficient iterative or rapid prototyping method should be used and appropriately managed using pre-approved SOPs and work instructions to ensure appropriate control of the software development process. OPERATIONAL CONTROLS Once the initial MES validation is completed, it is equally important that operational phase processes including change, incident and problem management, and periodic review along with appropriate business gxpandjv t. com Journal of Validation Technology [Winter 2012] 83

and quality governance be established to ensure that the MES maintains a state of on-going validation. It is critical that such operational phase processes exhibit the following characteristics: Managed by defined processes including approved SOPs and work instructions IT-based incident and problem management systems aligned with any business corrective action preventive action (CAPA) systems Change management processes that include both business and regulatory quality involvement Periodic review is performed at appropriate time intervals Risk assessments be revisited (as appropriate based on incident or problems) Ongoing auditing of activities by independent quality group. When properly implemented, the MES validation process will include both initial development and operational phase processes as described in Figure 2. SUMMARY In summary, the considerations for validation of an MES system are similar to any other type of IT or automation system used in pharmaceutical manufacturing. However, it is important to understand that in many cases the technological complexity of the MES versus many other control technologies, including the interfaces with other systems, may increase the need for more rigorous review, testing, and oversight of the MES validation process. This increase in technical complexity and the prevalent use of paperless batch records afforded by MES will demand the highest level of inspection readiness during regulatory (e.g., EMA, FDA) reviews. REFERENCE ISPE, GAMP 5: A Risk-Based Approach to Compliant GxP Computerized Systems, GAMP 5, February 2008. JVT 84 Journal of Validation Technology [Winter 2012] ivthome.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information