Question 21: You have any procedure for revalidate an already
established and previously validated process?
Best Answer:
Validation
is required to ensure that therapeutic goods consistently meet product
specifications and this principle is to be applied for all products (including
complementary medicines).
There
are some critical processes that must be validated and risk assessment would
not justify exemption from validation (e.g. mixing for tablets/capsule/powder
dosage forms). For herbal products grouping can be considered and justification
included in the VMP. Markers can be used for herbal process validation.
The
frequency of periodic revalidation is intentionally not defined because this
will vary according to a large range of factors. Manufacturers need to
determine and justify their own revalidation frequency based on a risk
assessment and other relevant factors.
If
the process has not been previously validated, then it should be validated
retrospectively according to items 31-35 of Annex 15. When retrospective
validation is inadequate, then validation according to Annex 15 is required.
The scope and extent of validation should be based on risk assessment and
should be conducted according to a validation master plan.
Question 22:
How do you deal with automatic updates of Windows or antivirus programs?
Best Answer:
Another item the FDA has started discussing
more in the last few years, in conjunction with the ISPE GAMP v5 Guidance, is
the concept of risk and risk-based validation. One of the things to think about
with operating system and antivirus updates is the relative risk of having e.g.
security problem or virus vulnerability in a system.
Sometimes the update risk may be greater
than the original risk to the system itself (or vice versa). Some companies
have the luxury of staff to deal with networks and server infrastructure
qualification and can insulate operating systems from the software validation
itself, having the responsibility to make sure that the systems are being kept current
with security and antivirus updates.
As a general practice companies should
periodically run a small set of standard regression tests, triggered by
operating system or antivirus updates or simply on a periodic basis, to make
sure that changes do not have any adverse impact on the system.
When a new PC is implemented, is it necessary to revalidate the software?
Best Answer: If the new PC has the same or
greater capabilities than the original and is using the same version of the
operating system and software, revalidation is not necessary since the
functionality of the system is the same.
However, repeating the installation
qualification activities to confirm that the software has been properly
installed or restored properly from the backup onto the new PC is required. One
detail that can make this process more efficient is to avoid overly detailed
specification documents.
Avoid specifying a particular model of PC,
particular processor speed, or a particular memory or disk capacity. Use of the
designation “or higher” will prevent having to continually update the
documentation as technology advances.
Question 25:
Regarding GMP lab data integrity: once data are required, can they
be modified under any circumstances?
Best Answer: Acquired data, the data coming
directly from the instrument captured by the PC should be considered sacred;
raw data should not be modified for any reason.
However, a second kind of data, generated
during post acquisition data analysis and data processing, e.g. reintegration,
changing baselines, deleting peaks that aren’t necessarily relevant to the
analysis, or other calculations, are considered normal parts of data processing
and may be modified under controlled circumstances as captured in audit trails.
Question 26:
Software sometimes has complicated calculations or algorithms in it,
for example, for the integration of chromatograph, are it necessary for the
software user to validate the results?
Best Answer: Yes, calculated results must be
validated. Not all of Microsoft Excel’s calculations, but any specific
calculations programmed into a configurable report, e.g., CDS reporting
capabilities using report templates and automatic calculations.
If calculations are used to determine
whether or not a particular result is within specifications, the calculation
will need to be validated with data both within and out of specification to
ensure that the calculations are working properly.
This validation also evaluates the vendor’s
ability to build good software and perform accurate calculations.
Question 27:
Should the scope
and extent of validation be based on risk?
Best Answer: Yes,
the scope and extent of validation should be based on risk according to the
manufacturer's quality risk management procedures.
Qualification and validation work is required to control the critical aspects of the particular operation and a common sense approach should be applied.
Question 28:
Once a vendor is audited, is there a recommended time within which that
vendor should be re-audited?
Best Answer: There are several factors to
consider when determining the frequency of vendor audits, many related to the
relative risk of the system to patient’s safety, drug product quality, and data
integrity. One factor is the vendor’s performance and response from previous
audits.
If they performed well, re-auditing those
vendors every three years could be justified, but not longer. For other vendors
that are mission critical or perhaps those that didn’t perform well in prior
audits, re-auditing every 12 months is justified to increase scrutiny.
Question 29:
What should the auditing approach be for software such as the CDS
that is no longer supported by the vendor but is still being used within the
validated state?
Best Answer: Vendors will occasionally go out of business, or more commonly, discontinue support of a particular version of their software. If a user continues to use the software, it would be at an increased level of risk because if a problem arises, the vendor may not exist to actually address the defect or willing to correct defects in obsolete versions of software they no longer support.
The risk is, however, somewhat instrument
and software dependent, particularly for older instruments and software. As
long as those systems are being managed and used properly, there may not be a
reason to update them.
Agilent regularly considers whether or not
upgrades provide enough value, enough new functionality, or enough defects
fixes to be able to justify the cost, the time, and the pain involved in
replacing or revalidating the system.
Question 30:
How can I ensure and prove that SOPs are followed?
Best Answer: Through inspection. Inspections are
the only way to follow up to make sure that people are doing what they have
been trained to do.
29) Is performance qualification (PQ) required to be carried out
for each item of critical process equipment, if process validation is performed
on the same equipment?
Answer: PQ is required to
be preceded by IQ and OQ.
For significant changes to equipment (eg. for new or modified
items of equipment), the PQ is separate from and precedes process validation.
For minor changes not impacting on already qualified equipment
(eg. to processing parameters only), process validation could be integrated in
PQ and a repeated IQ and OQ may not be necessary.
Question 31:
What about systems with no audit trail or an incomplete audit trail?
What’s the work-around for such systems?
Best Answer: There are many old systems that still get used in regulated labs, and the systems work perfectly fine to do what they do. But the work-around for this is a heavy dose of procedural controls that would include handwritten records.
Depending on the criticality and the risk
of the particular process that’s involved, or that the system is addressing,
the procedural requirements may need to go as far as a second person
verification of information or actual concurrent witnessing of the work being
performed.
The purpose of the audit trail is to be
able to tell the story or reconstruct the history of an electronic record, not
just the creation of that record but also the changes or the deletion of
records.
If the system has limited or incomplete
audit trail ability, then the record must be supplemented in some other way,
often taking the form of paper records. For example, a use notebook next to an instrument. Technical controls make
everybody’s life much simpler.
“Trust but Verify “ Ronald Reagan
Across the internet, there are millions of resources are available which provide information about Everything.
If you found all content under one roof then it will save your time, effort & you will more concentrated on your important activity.
 |
| Data Integrity App |
Our Data integrity app will helpful for understanding what Data integrity & CSV really means & How 21 CFR Part 11, EU Annex 11 & other regulatory guidelines affects in pharmaceutical Industry.
- Basic Data Integrity Concepts
- ERES & Its Requirement
- CSV & Its best practices
- Mock Inspection and General Q&A
- Checklist for inspection
- Inspection Readiness
- Useful SOP’s
- Stay Regulatory Compliant.
“Stay One Step Ahead in Pharma IT Compliance”
https://play.google.com/store/apps/details?id=com.innovativeapps.dataintegrity
Try our "Data Integrity" app which helps you to better understand current regulatory agencies thinking on Data Integrity & CSV.
Comments
Post a Comment