Risk Management Performing FAT and SAT - CBI D_Cordero_pres.pdf · ISPE on GAMP 5 Guidance define...

[ 1 ] CONFIDENTIAL

Risk Management – Performing FAT and SAT

Jorge A. Cordero-Monroig; BSChE, MBA-GM

Validation Site Leader

B+L Greenville Solutions Plant

[ 2 ]


Agenda:

Concept and Definitions

Why risk management

How to implement risk management to FAT and SAT

Interactive Exercise: Develop a risk management model to be implemented during FAT and SAT

Bonus Material

Q&A

[ 3 ]



What is a Risk Management ?

Risk Management is defined by Business dictionary.com as the identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. Read more: http://www.businessdictionary.com/definition/risk-management.html#ixzz3BVbyA7DN

ISPE on GAMP 5 Guidance define Quality Risk Management Approach as a systematic process for the assessment, control, communication, and review of risks.

http://www.businessdictionary.com/definition/risk-management.html



[ 4 ]


What is a Risk Management ?

Two categories of Risk Management : QA Risk (GMP Risk). and Business Risk (Non-GMP).

Quality Risk Management Approach are based on clear process understanding and potential impact on patient safety. In other words, Quality Risk Management is based on GMPs systems/ equipment and how the patient safety could be impacted.

Business Risk Management is concentrated to ensure that business goals are accomplished. Therefore, make sense for business implement Quality Risk Management.


[ 5 ]

How to classify Systems / Equipment

Pre-defined on SOPs and/or Validation Master Plan

Using Impact Assessments

Systems/Equipment Classifications:

Direct Impact

Indirect Impact

No Impact


[ 6 ]

Direct Impact Systems/Equipment shall answer YES to one of the following questions:

Does the Systems/Equipment come in direct physical contact with the product?

Example: Filler, Tanks, Clean Steam, Filtered Compressed Air etc…

Does the Systems/Equipment produce or distribute a material that has direct contact with product?

Example: Bottles/Caps Molding machines, Form Fill & Seal (FFS) Machines, etc…

Is the Systems/Equipment used in cleaning, sanitizing or sterilizing?

Example: Clean Steam, CIP systems, Autoclaves, etc…


[ 7 ]

Does the Systems/Equipment create or maintain a specified environmental condition required to preserve product quality?

Example: HVAC, Class A / ISO 5 rooms, etc…

Does the Systems/Equipment produce, monitor, evaluate, store or report data used to accept or reject product or GMP materials or data used to support Regulatory Compliance-Practices?

Example: PCS, EMS, Delta V, e-Batch Records, etc…

Does the Systems/Equipment perform a critical process step or operation in the manufacturing, processing, packaging, labeling testing or holding of the product?

Example: Inspections Systems, Vision Systems, Vacuum Systems, etc…


[ 8 ]

Indirect Impacts Systems/Equipment shall answer YES to the following question:

Is the Systems/Equipment linked or support a direct impact systems?

Example: DI Water Systems, Chillers, Boilers, etc…

No Impact Systems/Equipment answer NO to all previous questions.

Example: Cooling Towers, Sand Filters, Office HVAC Units, OEE Systems, Palletizer, etc…

No impact Systems/Equipment are not critical for the product quality but for business.


[ 9 ]

What is the difference between GMP critical and Business Critical

GMP Critical = Direct Impact :

Direct impact in the safety, identity, potency-strength, quality and/or purity of the product.

Direct impact to regulatory aspect such as labeling, and evaluation, generation, archiving, and reporting data that is used for release

Maintain, control, and monitor environmental conditions to preserve product quality

Used to clean, sanitize, or sterilize to preserve product quality


[ 10 ]

Business Critical = Indirect Impact/No Impact:

Elements that affect the ability to manufacture and operate efficiently such as Boilers, Plant Steam, Compressed Air, Secondary / Tertiary Packaging

Elements that affect customer satisfaction such as cosmetic defects, failures in deliver on time, and missing promotional material

Systems that evaluate and monitor operation efficiencies

Equipment that help to improve operation efficiencies

Must comply with GEP (Good Engineering Practice):

Fitness to purpose, reliable, cost effective

Design follow industries guidance and statutory requirements

Take inconsideration GMP, Safety, Health, Environmental, ergonomic, operational, and maintenance requirements

Proof professional and competent design, construction, installation testing, and commissioning

Appropriate documentation such as design concepts, as build drawings, manuals, certifications, maintenance instructions, and test records.


[ 11 ]


When use Risk Management ?

Any time - It is a good process to ensure and demonstrate that any project is conducted properly.


[ 12 ]



Factory Acceptance Test (FAT) – Formal testing performed at the vendor/factory site to determine if a system / equipment meet the specifications and acceptance criteria agree between the customer and the factory/vendor.

Site Acceptance Test (SAT) – Formal testing performed at the customer site to determine if once it is installed in real conditions the system / equipment still operating properly.

Commissioning – Engineering test (check list) as part of the system start up using real conditions to ensure that the system / equipment is performing as expected. It is used to release the system / equipment for production or to the validation group, as applicable.

[ 13 ]


Who is responsible of FAT and SAT?

Vendor – Design, develop, and execute test that demonstrate that the system/equipment is meeting the specification as and acceptance criteria.

Customer Engineering Group – Review and approve FAT and SAT test, ensure that GEP (Good Engineering Practices) were followed.

Validation Group – Review and approve FAT and SAT test, ensure that GMPs (Good Manufacturing Practices) were followed.


[ 14 ]


Why Risk Management?

Benefits

Model

Requirements

[ 15 ]

Benefits:

Help to classify the system / equipment as GMP or Business Critical.

Provide a clear justification of the decision made based on risk criticality.

Identify and evaluate every single risk of the system / equipment.

Identify areas that will require more evaluation, adjustments , or re-design prior to the implementation.

Provide controls to reduce risk to an acceptable level.

Avoid waste effort and duplication while minimize down time.


[ 16 ]

Risk Management Model

System / Equipment URS

Impact Assessment

GMP or Business

Critical

Abbreviated

Qualification

Commissioning / SAT

FAT

(Equipment Only)

FAT

(Equipment Only)

GEP

Business GMP

Risk Assessment

PFMEA/FTA/HAZOP/Risk

Priority/etc...

Performance Testing

Risk Assessment

Review

(as applicable)

Risk Assessment and

Traceability Matrix Review

Final Report


[ 17 ]

Risk Management Model:

GMP Systems / Equipment:

User Requirements, Functional Requirements, and/or Design Review

Risk Analysis

Validation Strategy based on complexity

FAT (All configurations/capacities/functionalities)

Commissioning

Risk Analysis Review (as applicable)

Qualification (Abbreviated)

Risk Analysis Final Review

Traceability matrix

Final Report


[ 18 ]

Risk Management Model:

Non-GMP (Business Critical) Systems / Equipment:

User Requirements, Functional Requirements, and/or Design Review

Project Plan

Risk Analysis

FAT / SAT (All configurations/capacities/functionalities)

Commissioning (Assurance at real conditions)


[ 19 ]

Requirements:

Quality shall be involved from the beginning of the project.

Process Owner and Project Engineer shall provide a detailed requirements.

All deliverables and risk assessments shall be revised and/or approved by quality.

GEP must be followed all the time.

Periodic Risk Assessment review shall be performed.

Validation strategy shall be revised as necessary.

Any test or requirement leverage from FAT or Commissioning shall be justified.

All requirements shall be tested in at least one of the executable deliverables


[ 20 ]

How to implement risk management to FAT and SAT?

Task and Responsibility

Tools

Role of the User Functional and Design specifications

How to measure Success


[ 21 ]

Task and Responsibility

Legend:

D = Develop

E=Execute

R=Review

A=Approval

Process

Owner

Project

Engineer

Commissioning /

Executer Leader

QA-

Validation

Vendors/

Contractor

Project Proposal / Request D D R

User Requirement Specification D R/A R/A

Impact Assessment R/A R/A D

Risk Assessment (URS and Process) D R/A R/A

Validation Strategy R/A R/A D

Functional Requirements specification R/A R/A R/A D

Design Specification R/A D R/A R/A

Risk Assessment (Functional and

Design Requirements) D R/A R/A D

Traceability matrix development R/A R/A D R/A D

Design Review (Enhance Design

Review) R/A D R/A R

Factory Acceptance Test Development R/A R/A D R/A D

Factory Acceptance Test Execution R/A R/A E R/A E


[ 22 ]

Task and Responsibility Cont.

Legend:

D = Develop

E=Execute

R=Review

A=Approval

Process

Owner

Project

Engineer

Commissioning /

Executer Leader

QA-

Validation

Vendors/

Contractor

Commissioning Development R/A R/A D R/A D

Commissioning

Execution/Verification R/A R/A E R/A E

Risk assessment

review/update R/A R/A E R/A E

Installation Qualification R/A R/A R R/A D/E

Operational Qualification R/A R/A R R/A D/E

Performance Qualification R/A R/A R R/A D/E

Individual summary reports R/A R/A R R/A D

Final Risk Assessment

Update R/A R/A E R/A E

Traceability matrix update R/A R/A E R/A

Final Report R/A R/A D


[ 23 ]

Tools

Options and Tools to justify Quality Risk Management approach strategy:

Vendor documentation

Industry Guidance such as ISPE

Statistical Analysis:

Anova: Analyze difference in performance

% of missing caps in Capper machines

Determine cold spot in a Autoclave

Control Chart: Demonstrate that the parameters are within the acceptable range

Fill Volume

Temperature Range

Cpk: Demonstrate that a process is in control and centered

Cap torque

Part or component measure


[ 24 ]

Tools

Options and Tools to justify decisions on Risk Management approach

strategy:

User Requirements

Functional Requirements

Design Specification

Impact Assessments

Risk Assessments


[ 25 ]

Role of the User, Functional and Design specifications:

User Requirements Specifications (URS) is the document that specify the minimum requirements that the user needs for the acquisition or modification of a system / equipment. This is considered the guidance for the vendor to develop and provide the system / equipment that will fulfill the user needs.

Functional Requirements Specifications (FRS) is the document that specify how the system / equipment will comply with the user needs. This document is typically develop by the vendor or an expert in the subject.

Design specifications is the document that establish what equipment, instruments, hardware, and software are required to achieve the functions required to meet the user requirements.


[ 26 ]

Role of the Impact and Risk Assessments:

Impact Assessment (IA) is the document that define the system / equipment criticality (Direct , Indirect, or No Impact). This document is the key to develop the risk management approach for the entire project.

Risk Assessment (RA) is the documents that identify the potential risk associated with the system/equipment, process, and /or project constraints. Multiple risk assessments can be performed to cover different aspect of the project. Risk assessments should define the following items

System/Equipment description

Potential failure / risk

Severity

Probability

Detectability

Risk level


[ 27 ]

How to measure Success

Traceability Matrix (TM) - This document breakdown all the requirements on the URS, FRS, and DS and tabulate where each one was addressed.

Create a document that breakdown that tests require to validate the system/equipment and assess the test criticality and the risk of leverage some test.

E.g.. Qualification Test Risk Based Approach Evaluation - this evaluation includes the following elements:

• Test description

• Criticality Level (Low, Medium, High)

• Rational for criticality level

• Testing area (FAT/SAT/IQ/OQ/PQ/PV)

• Verification Level (Mandatory, Abbreviated, Optional)

• Rational/assumptions for verification level decision


[ 28 ]

Summary of how implement Risk Management to FAT and SAT

Impact Assessment by answer the critical determination questions

Write a URS document that describe all the process owner requirements.

Perform a risk assessment that covers URS

Most Common Models:

FMEA (Failure Modes & Effects Analysis), FTA (Fault Tree Analysis)

HAZOP (Hazard Operability Analysis), Risk Priority, Etc…

Validation Strategy (GMP Critical) – Establish the risk based approach strategy. How, when, and who will be testing and verifying the risk assessment outcomes

Develop FRS (for Equipment and Utilities that have control systems/software)

Perform a risk assessment that covers FRS


[ 29 ]


Perform Factory Acceptance test

Drawings and Specs , Material of Construction

Alarm & Interlocks, Power Failures, Loss Communication

EHS (Environmental Health and Safety) Evaluation

Critical Instruments and Major components

Performance (Cycles, set-ups, Range, sizes, etc…)

Programs and logics

Revise the risk assessment and/or validation strategy based on FAT/SAT results. Rational for change in strategy must be provided.

Perform commissioning to ensure that the installation was performed adequately, verify changes in software, confirm that all documentation was provided, and verify that the

system/equipment components work as specified.


[ 30 ]


Revise the risk assessment and/or validation strategy based on Commissioning results, as applicable. Rational for change in strategy must be provided.

Perform abbreviated qualification to demonstrate that the system/equipment is suitable for intended used.

Worst case scenarios or bracket approaches (Equipment only)

Critical Parameter verification under operation conditions

Environmental Monitoring

Area Classification, Air Flow pattern, Air Changes, pressure, and

Temp. & RH, etc…

Final Review to Risk Assessment to answer how the identified risk were mitigated, controlled or monitored.

Traceability Matrix to track all critical requirements (Recommended)

Final Report to close the qualification/validation


[ 31 ]

Interactive Exercise:

Using real life examples, participants study how to evaluate a Systems / Equipment and develop a Risk Management Approach

Systems:

Environmental Monitoring Systems

Process Control System

Equipment:

Filling Machine

Capper bowl

Packaging Line

Autoclave


[ 32 ]

Bonus Material

Impact Assessment Determination and Qualification Requirements Charts

Risk Assessments Templates

Qualification Test Risk Based Approach Evaluation


[ 33 ]

Questions and Answers

?


Risk Management Performing FAT and SAT - CBI D_Cordero_pres.pdf · ISPE on GAMP 5 Guidance define...

Documents

Transcript of Risk Management Performing FAT and SAT - CBI D_Cordero_pres.pdf · ISPE on GAMP 5 Guidance define...