Specifications: How to Write Them

GAMP V Model

Hello good people of the world! Today’s post is about the left side of GAMP’s V-model: specifications. Specifically, their purpose and how to write them.

Of course there are many variations of the V-model, and it is best to find what suits your organization and processes. For the purposes of this discussion, I’ll refer to the basic GAMP V-model, pictured above.

The specifications are: User Requirements Specification, Functional Specification, and Design Specification. In general each feeds in to the next. Also, Installation Qualification may test the details of the Design Specification, Operational Qualification may test the functional descriptions in the Functional Specification, and Performance Qualification may test the high-level requirement’s of the User Requirements Specification, although these boundaries are often blurred in practice.

Any new project should start with a User Requirements Specification which clearly defines the testable user requirements. It is important that requirements are testable, and often a SMART approach is applied: each user requirements should be Specific, Measurable, Achievable, Relevant, and Time-bound. It is also helpful to categorize user requirements upfront, since not all will be quality-related. This makes it easier to rationalize the requirements that are explicitly tested in qualification protocols versus commissioning or not at all. Typical categories include: business, safety, maintenance, and quality.

The Functional Specification is then a response to the User Requirements Specification, typically provided by the vendor, explaining in detail how automated components will function to fulfill the user requirements. Functional Specifications are often confused with Functional Requirements or Functional Requirements Specification, which may be another document defined by a process. GAMP’s V-model does not intend the Functional Specification to document new or further detail requirements, but to define the functionality employed to meet the requirements defined in the User Requirements Specification. The Functional Specification can describe sequence of operations, interlocks, alarms, etc.

The Design Specification should provide sufficient detail that an engineer could recreate the control system from scratch if need-be, to recreate the functionality described in the Functional Specification to meet the user requirements. The Design Specification is typically provided by the vendor and should contain such details as I/O list, alarm list, HMI security levels, sequence of operations details including device positions at each step and transition conditions. This should be a very detailed document, and if you’re working with 10-20 pages it is too light.

Documentation can be expensive and is maybe not fun to generate and review, but is critical to a highly effective validation program.

What do you like to see in specifications?

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

 

Basic Components of a Test Form

Hello good people of the world! Today’s post is a short one on what are the basic components of a test form. In Validation, you’re going to record a lot of data, and you want this data to be well organized and easily understood. Here are the basic components I think every test form should have:

  1. Numbering! Each step should have a unique number so that it is easily identifiable and easy to reference elsewhere.
  2. A Title! What is this test all about? A short description should be provide.
  3. Purpose! What is the purpose of the test? Make it clear.
  4. Verification Steps! Clearly define what steps need to be performed.
  5. Expected Results! Clearly define what the expected results are. Does every step need an expected result? Every step can have one, so include it.
  6. Actual Results! This is where the actual data is collected. The actual results can be recorded exactly as the expected results are stated to avoid any confusion.
  7. Pass/Fail! Did the step pass or fail? This will quickly tell you. Also a good place to reference any comments.
  8. Initials/Date! In order for the data to be attributable, initial/date uniquely identifying the test executer must be included for each step.

What basic components do you include on your test forms? Comment below.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

What NOT to Re-qualify

autoclave
Hello good people of the world! Today’s post is on what NOT to include in requalification/revalidation. I was recently on a site that had a five (5) year requalification requirement for sterilizers per a site SOP, which sounds reasonable (continuous monitoring would be better). But then I noted they included in their requalification requirements a re-execution of the entire initial controls system IOQ! The requalification included verification of:

  • Hardware/software installation
  • E-stop, guarding, and door interlocks
  • Restart and recovery
  • Recipe management
  • Temperature, pressure, and time control
  • Communication
  • Security

And it was expected that this would be done every five years! It just so happened that in 2014 they paid a contractor to do the work, who sadly did not help the site out by letting them know the wastefulness of such an endeavor. This is an egregious example of resource misuse and not understanding the expectations of a validation program/taking a risk-based approach. The point of requalification/revalidation is to look for drift in processes, not blindly repeat testing already performed.

What misunderstanding-of-validation-expectation horror stories do you have? Comment below.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

Serialization Basics

vials
Hello good people of the world! Today’s post is high-level regarding serialization. Serialization is a process mandated by the world’s regulatory agencies to reduce counterfeit drug products in the market. Besides being costly to drug companies, counterfeit drug products are often less efficacious and less safe than the real drug they are purporting to be. Additionally, counterfeit drug products can be contaminated with other APIs and/or toxic excipients.
Continue reading Serialization Basics

How to Store an Electronic Signature

Electronic Signature

Hello good people of the world! Today’s post is a short one on the topic of electronic signatures. 21CFR11 includes requirements around the use of electronic signatures in place of traditional handwritten signatures and these requirements are fairly well understood at this point. The question of this post is, how should your electronic system store the electronic signature?

It is important to understand that electronic signatures are meta-data. That is, they are data about data. So if you have an electronic batch record, for example, the electronic signature recorded during approval is not part of the batch record data, but meta-data of the batch record data. In this example, it is specifically the who, what, and when of the batch record approval.

Given that, electronic signature data should not be included in the same record (table row, document, etc.) in the electronic system. It is meta-data and should be handled as such, an important consideration in electronic system design. This will ensure electronic signature data is robust, auditable, and readily available.

How do you store electronic signatures? Any lessons learned? Comment below.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

Validation of Legacy Processes and Equipment

abandoned factory
Hello good people of the world! Today’s post is about dealing with legacy processes and equipment from a validation perspective.

I’ve worked in two plants that have legacy processes/equipment. By legacy, I mean processes/equipment that can be decades old. These processes have been producing products for the market for a long time. Initial validations will not meet the standards of today, if they exist at all. It is typical that documentation for legacy processes/equipment will not meet the today’s standards as well, and may also be nonexistent.

So how do you handle legacy processes/equipment from a validation point-of-view? First it is important to consider that because the product has been on the market for some time, there is a proven track-record. This must be leveraged. Also, legacy processes have been audited internally and externally many times. It is important to look at those audits to see what gaps and/or risks have been identified.

The next challenge is how to document changes to legacy processes/equipment. It can be difficult to track changes to equipment that, for example, does not have up-to-date P&IDs (Piping and Instrumentation Diagrams). Because creating missing documentation after installation can have a large resource cost, it will be up to the organization to determine their documentation needs and what risks they are willing to assume. This can lead to challenging conversations within the organization and unique validation programs.

What have you learned working with legacy processes/equipment? Comment below.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

Corrective Action / Preventive Action (CAPA)

CAPA Process
Hello good people of the world! Today’s post is about Corrective Action / Preventive Action, typically referred to as CAPA. CAPA is an integral part of any Quality System, and certainly one of the first things an agency will look at in any audit.

There is a ton of good information out there already on CAPA, including FDA’s own guidance from 2014.

I’ve personally used a few software packages for CAPA management, including MasterControl and Oracle’s Agile, among others, but have not seen any standouts.

The key points of the CAPA program are:

  1. Issue identification, i.e. ensuring the issue is truly understood and well documented
  2. Root cause analysis, i.e. identifying the root cause of the issue
  3. effectiveness check, i.e. verifying actions have actually resolved the issue

What tips have you learned from your CAPA program? Comment below.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!