Category Archives: Qualification

PLC/HMI IOQ – What to Test?

PLC

Hello good people of the world! Today’s post is on initial control system Installation and Operational Qualification (IOQ) of a simple system consisting of an Human/Machine Interface (HMI), Programmable Logic Controller (PLC), and any number of end devices (valves, pumps, sensors, etc.). The question is what should be tested?

Obviously there’s a ton of guidance out there (see e.g.: GAMP) that will have a lot more detail than this post. The purpose here is to list at a high level the tests that could be expected. So let’s get started!

Installation Qualification
IQ can be its own protocol or combined with OQ in an IOQ for cases without a ton of complexity. IQ is supposed to verify the installation of hardware, software, and any peripherals. You also want to check what documentation is available/applicable here. IQ tests may include:

  • Documentation Verification (e.g. SOPs, EREC/ESIG assessment, operating/maintenance manuals, panel and electrical drawings, etc.)
  • Hardware Verification: verify the make and model of major components at a minimum
  • Software Verification: verify/record software versions. You’ve got to know what you’ll be OQ’ing!
  • Configuration Verification: verify any hardware and/or software configuration. This could be two tests, one for hardware, one for software.
  • Loop Check Verification: verify loop checks are performed.
  • Alarm Configuration Verification: ideally alarms a setup in such a way that you don’t have to functionality test them all!
  • Any other critical installation items

Operational Qualification
OQ is the meat of your control qualification. Here you want to test critical functions, that hopefully you have identified earlier (see here for one approach). OQ may test:

  • Interlock Verification including e-stops. A lot of interlocks are safety/business related, but they’re often included in OQ due to how critical they are.
  • Functional Alarm Verification – be sure to include data loss/communication alarms
  • HMI Navigation and Layout Verification
  • Restart/Recovery Verification
  • Sequence of Operations Verification

What kinds of testing are you sure to cover in your control system IOQ protocols? Comment below.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

ISPE’s Commissioning and Qualification Guide Second Edition

Hello good people of the world! Today’s post covers ISPE’s release of the second edition of their commissioning and qualification guide. This is volume 5 of the baseline guides. The first edition was first released way back in March 2001, so we should expect this to be a significant revision. Please note this guide is not available for free.

One very nice thing about this second edition is that it not only updates the first edition of the volume 5 guide, but incorporates scope from two other now-outdated guides as well: “Science and Risk-Based Approach for the Delivery of Facilities, Systems, and Equipment” and “Applied Risk Management for Commissioning and Qualification.” So if you have these in your library, you can safely archive them.

It’s always important to note that industry guides such as this one do not constitute regulations and are not required to be followed. It is often the case however that best practices documented in guides become industry standard, and then set expectations for regulators. Per the guide, it is intended to comply with EU GMP Annex 15FDA Guidance on Process Validation, and ICH Q9.

The table of contents shows the following sections:

  1. Introduction
  2. User Requirements Specification
  3. System Classification
  4. System Risk Assessment
  5. Design Review and Design Qualification
  6. C&Q Planning
  7. C&Q Testing and Documentation
  8. Acceptance and Release
  9. Periodic Review
  10. Vendor Assessment for C&Q Documentation Purposes
  11. Engineering Quality Process
  12. Change Management
  13. Good Documentation Practice for C&Q
  14. Strategies for Implementation of Science and Risk-Based C&Q Process

And the following appendices:

  1. Regulatory Basis
  2. User Requirements Specification Example
  3. System Classification Form Example
  4. Direct Impact System Examples
  5. System Risk Assessment Example
  6. Design Review/Design Qualification Examples
  7. Supporting Plans
  8. System Start-Up Examples
  9. Discrepancy Form Example
  10. Qualification Summary Report Examples
  11. Periodic Review Example
  12. Periodic Review for Controlled Temperature Chambers
  13. Vendor Assessment Tool Example
  14. Organizational Maturity Assessment Example
  15. Approach to Qualifying Legacy Systems or Systems with Inadequate Qualification
  16. References
  17. Glossary

You’ll have to purchase the guide to get all the details, but below are some highlights that stuck out to me:

  • This second edition introduces the term Critical Design Elements (CDEs). CDEs are defined as “design functions or features of an engineered system that are necessary to consistently manufacture products with the desired quality attributes.”
  • Concepts that were removed from this edition of the guide include Component Criticality Assessment, Enhanced Commissioning, Enhanced Design Review, Enhanced Document, Indirect Impact (systems are either direct impact or not direct impact now), and the V-Model.
  • A Direct Impact system is defined as a system that directly impacts product CQAs, or directly impacts the quality of the product delivered by a critical utility system. All other systems are considered to be not direct impact. An example included in section 3 demonstrates the previously categorized “indirect impact” systems would become not direct impact systems and would be commissioned only, although the commissioning for these system may be more robust than a purely “no impact” system. The guide provides an eight (8) question process for determining if a system is direct impact.
  • System boundaries should be marked on design drawings.
  • Inputs to the URS should include: CQAs, CPPs, regulatory, organization quality, business, data integrity and storage, alarm, automation, and health, safety, and environmental requirements, and engineering specifications and industry standards. The example URS template does include a classification of each requirement (e.g. business, safety, quality).
  • A system risk assessment is performed to identify CDEs and controls required to mitigate risks. Standard off-the-shelf systems typically do not require a risk assessment. Risk levels are defined as low, medium, and high and the risk assessment approach is not a typical FMECA process. Instead each CQA at each step gets one entry on how the CQA can be impacted, what are the design controls around that CQA and any alarm or procedural controls to mitigate risk. The residual risk post-controls is includes as low, medium, or high.
  • Design Qualification looks somewhat informal 0=- no DQ protocol, but a DQ report that summarizes other documents (URS, SIA) and design review meetings.
  • A C&Q plan should include clear scope, the execution strategy, documentation expected for each system (URS, FAT, SAT, IOQ, SOPs, etc.), and roles and responsibilities (e.g. approval matrix).
  • The discrepancy form has closure signatures only (no pre-implementation signatures)
  • For legacy systems without adequate C&Q documentation, focus should be on identifying product and process user requirements including Critical Quality Attributes (CQAs) and Critical Process Parameters (CPPs), and then the Critical Design Elements (CDEs) that affect them. It is necessary to confirm that accurate drawings exist, that maintenance files are up-to-date, and there is test evidence to support changes since commissioning. A risk-based approach can be used to qualify the system in the absence of typical C&Q documentation.

Do you use the ISPE guides for your C&Q approach? Comment below.

Like this MWV (Mike Williamson Validation) blog post? Be sure to like, share, and subscribe!

 

WHO’s Draft Guidelines on Validation May 2016

Hello good people of the world! On May 15, 2016, the World Health Organization released its draft Guidelines on Validation. It is available on the WHO website for download here.

This post covers my review of the guidance. Continue reading WHO’s Draft Guidelines on Validation May 2016

Commissioning and Qualification of Process Instrumentation

Pressure Transmitter

Hello good people of the world! Today’s post is on the commissioning and qualification of instruments used in process measurement and control. Instruments may be used to measure such things as flow, temperature, pressure, level, weight, conductivity, etc. In use, many of these parameters may be quality critical, so proper commissioning and qualification is key! Continue reading Commissioning and Qualification of Process Instrumentation

Quality During Construction

Construction Quality Assurance

Hello good people of the world! This blog post covers Construction Quality Assurance, based on an article that appeared in the Nov/Dec 2012 edition of Pharmaceutical Engineering titled “Assured Construction Quality Saves Time and Money.” All credit goes to the authors: Jay Lad of Skanska Pharmaceutical Group and Bruce Beck of Eli Lilly. Continue reading Quality During Construction

SharePoint 2013 in a GMP Environment

SharePoint

Hello good people of the world! Today’s post is about implementing and using Microsoft SharePoint 2013 in a regulated (GMP) environment.

Microsoft has published a comprehensive guide to SharePoint 21CFR11 compliance, which can be downloaded for free here.

Basic software requirements are:

Continue reading SharePoint 2013 in a GMP Environment

Container Closure Integrity Testing

Hello good people of the world! The present post concerns itself with Container Closure Integrity (CCI) testing. CCI testing is an integral part of packaging validation, involving primary packaging such as ampoules, blisters, bottles, vials, syringes, tubes, etc. Biopharmaceuticals are typically packaged in hermetically-sealed containers to prevent the ingress of any liquid or gas that could be reactive or carry microorganisms. Packaging may also by light-resistant, if light could affect the properties of the product.

There are three regulatory/industry guidelines typically cited in the U.S. regarding CCI testing:

  1. FDA Guidance for Industry (2008), Container and Closure System Integrity Testing in Lieu of Sterility Testing as a Component of the Stability Protocol for Sterile Products
  2. PDA Technical Report No. 27 (1998), Pharmaceutical Package Integrity (not available for free)
  3. USP <1207>, Sterile Product Packaging – Integrity Evaluation

CCI testing is either physical (bubble, liquid tracer, vacuum/pressure decay, dye ingress, etc.) or microbial (microbial ingress).

Each has it’s advantages and disadvantages, as shown in the below from American Pharmaceutical Review:

When should these tests be performed? CCI testing is applicable to new container closure systems and can be performed on newly sealed containers to validate sealing performance, and then annually and at the expiration date to validate stability.

What are your preferred methods of Container Closure Integrity Testing?

Like this MWV (Mike Williamson Validation) post? Be sure to like, share, and subscribe!