STEP BY STEP

Reviews
Shared by: amberp
Categories
Tags
Stats
views:
25
rating:
not rated
reviews:
0
posted:
11/6/2008
language:
English
pages:
0
AUTOMATION No need to panic: A structured approach takes the sting out of validation of computerised systems in medical technology (Figure: photocase.de) STEP BY STEP RISK ASSESSMENT MINIMISES EFFORT IN THE VALIDATION OF COMPUTERISED SYSTEMS The introduction of computerised individual plant, production lines, analytical equipment in the laboratory, or overarching IT systems (such as ERP or MES) in the production, storage, and control of medical devices are GMP-relevant, as in the case of the pharmaceutical sector, and therefore have to be validated. This means that the principles of validation set out in the rules of Good Manufacturing Practice (GMP) and appropriate annexes have to be observed and implemented. Although this represents a huge obstacle for many companies, especially smaller enterprises, it can be overcome step by step. I f a computerised system takes the place of a likewise GMP-relevant manual process, neither the quality nor the safety of the products may deteriorate. Nor may information be lost through reduced personnel participation. The very specific demands of CFR Part 11 regarding the handling of electronic records and electronic signatures, which go beyond the general validation obligations of the German AMWHV Ordinance (Ordinance on the Production of Drugs and Author Wolfgang Hähnel, Head of Sales and Marketing, Gempex/GMP Consulting & Execution, Mannheim, w-haehnel@gempex.com Active Substances), GMP Guideline and its Annex 11, have increasingly been the focus of attention in recent years. Yet the general demands applicable to the validation of computerised systems within the GMP guidelines provide only a very general framework for the extent and depth of validation activities. It is not easy for a manufacturing company to decide which measures it has to adopt on the basis of these requirements. More specific proposals concerning the approach to qualification of hardware and validation of software are to be found in the recommendations of interest groups and associations. For example, these include GAMP 4 (Good Automated Manufacturing Practice), “Validation of Process Control Systems” of the International Society of Pharmaceutical En- gineering (ISPE), and “Good Practice for Computerised GXP-Environments” of the Pharmaceutical Inspection Co-Operation Scheme (PIC/S PI011–2). Legal demands upon a computerised system, which provide the very basis needed in order to undertake and complete GMPcompliant validation in the first place, are laid down in so-called Predicate Rules. These also include CFR 21 Part 11. Validation Master Plan as Basis Validation of complex, overarching ERP systems such as SAP or Manufacturing Execution (MES) or document management systems should be divided up into three phases. In Phase 1 (initialisation) the procedure and strategy within the project are set out in a validation plan (VP). Owing to 68 MedPLAST · May 2007 MARKET OPPORTUNITIES Set-by-Step Validation Complex systems or control of large-scale sequences of events are no longer insurmountable barriers in the qualification of hardware and the validation of software if a step-by-step approach is adopted. Classification according to a well-structured risk assessment minimises the effort required and provides clarity. the complexity and the differing responsibilities of computerised system it is recommended that a separate validation plan be drawn up for these systems. This document, known as the VMP, provides the responsible departments, management, and the relevant authorities with a comprehensive update of all validation activities. In parallel, the User Requirement Specifications (URS) identify and record the GMP-critical process parameters and other quality-relevant requirements. The URS should therefore describe all demands on the system to be acquired and on the vendor in a very consistent, wellstructured manner, including as many details as possible. Among others, the following points should be addressed: relation to VMP, predicate rules relating to the process chain, consideration of the actual status wherever possible, description of the sequence of processes, target status of process chain, nature and execution of the new introduction or of the release change, hardware specifications (PCs, servers, redundant systems, etc.), security concept (firewalls, virus scan, etc.), business process continuity (failure, down-time, etc.), fall-back scenario (reversion to former release or system when problems occur), archiving concept for GMP-relevant data, demands of programming rules/ guidelines in the specifications, demand of source-code review by impartial persons, consideration of third-party systems, assessment of vendors and audit (obligatory from software category 4), list of vendors’ suppliers, maintenance, hot line, service agreements, personnel training. MedPLAST · May 2007 69 AUTOMATION Validation strategy in three steps In addition to the validation plan and the URS, the Standard Operating Procedures (SOPs) have to be considered in the first phase. All instructions necessary for subsequent operation and maintenance should be listed here. Required by the Authorities: Risk Assessment One of the most important instruments for performing a well-structured validation of these systems, without going beyond what is actually required, is a risk assessment as demanded by the authorities. This has the goal of identifying those processes, from among the totality of all processes involved and their resulting functions, with which GMP-relevant data can be generated, displayed, erased, or modified in the individual departments. In large computerised systems, such as ERP, GMP risk assessment should be divided into two separate sections. Risk assessment serves, on the one hand, to establish whether the system under consideration is a so-called legacy system and, on the other, to identify the GMP-relevant business processes installed by the company or the corresponding third-party systems. Alongside the predicate rules applicable to the computerised system, the basis of risk classification is provided by the process sequence plans, with the aid of which the individual business processes can be described as a sequence of functionally related business activities. There ultimately results an overview of all business processes which describes the assignment of transactions to the desired functionality. Within the framework of risk classification all third-party systems with an interface to the ERP system also have to be identified and categorised. In an second step, i.e. in Phase 2, all business modules and business processes classed as GMP-relevant are subjected to a detailed risk analysis and assessed for their risk potential at the transaction level. However, this step can only take place after transfer of the GMP-relevant demands of the URS into the supplier specifications. Because it is only then that the precise branching within the modules and the number of transactions are known. Risk analysis can be based, for example, on the FMEA (Failure Mode and Effects Analysis) method. The resulting assignment to a risk category provides the basis for specification of the extent of testing, the depth of testing, and the level of documentation of validation. Proof of validity has to be documented for every individual transaction considered to be critical. Moreover, within the risk analysis the interfaces between the transactions and the possible third-party systems are to be examined and assessed for their GMPrelevance. If necessary, the validity of the individual interfaces has to be established by corresponding operational tests and documented during operational qualification (OQ). In Phase 3 (Implementation) userspecific programming, factory acceptance testing (FAT) and site acceptance testing (SAT), as well as the validation activities installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ) are undertaken within the development, validation, and productive system. infoDIRECT Supplementary documents are available for download: Schematic of GMP risk assessment, form for risk classification, example of FMEA risk analysis. www.plastverarbeiter.de Searching: MedPlast07Gempex 70 MedPLAST · May 2007

Related docs
STEP
Views: 10  |  Downloads: 0
Step
Views: 10  |  Downloads: 1
STEP
Views: 8  |  Downloads: 0
Step by Step
Views: 71  |  Downloads: 0
Step-by-step
Views: 57  |  Downloads: 5
Step by Step
Views: 35  |  Downloads: 2
Step by Step
Views: 11  |  Downloads: 1
STEP BY STEP
Views: 54  |  Downloads: 5
Step by Step
Views: 29  |  Downloads: 2
Step by Step
Views: 58  |  Downloads: 2
Step by Step
Views: 15  |  Downloads: 1
STEP-BY-STEP
Views: 110  |  Downloads: 9
Step By Step
Views: 17  |  Downloads: 0
STEP-BY-STEP
Views: 6  |  Downloads: 0
Step by step
Views: 14  |  Downloads: 0
Other docs by amberp
EHD_Demonstration_Lab
Views: 158  |  Downloads: 0
Java Interface
Views: 1206  |  Downloads: 8
INDEPENDENT CONTRACTOR AGREEMENT
Views: 426  |  Downloads: 25
Preliminary report on application for title insurance
Views: 124  |  Downloads: 1
16th Amendment to the U S Constitution -Federal Income Tax (1913) -1
Views: 237  |  Downloads: 0
All corporate personal propert1
Views: 132  |  Downloads: 0
Dred Scott v Sanford info
Views: 264  |  Downloads: 2
Agreement for sale of insurance company division with reinsurance provision
Views: 189  |  Downloads: 2
Transcript of Dawes Act
Views: 221  |  Downloads: 0
Co-Signer_Agreement
Views: 243  |  Downloads: 2
Arbitration or appraisement to determine rent on renewa1
Views: 258  |  Downloads: 0
Mortgagor and mortgagee as lessors
Views: 1785  |  Downloads: 4
Agreement for dissolution with sale of partial proprietary interest to other partner
Views: 322  |  Downloads: 4
Application for requisition
Views: 220  |  Downloads: 0
16th Amendment to the U S Constitution -Federal Income Tax (1913) - 2
Views: 432  |  Downloads: 0