Professional Documents
Culture Documents
Chapter 18
Ben Gilkes
CONTENTS
THE SCENARIO
473
The team made a conscious decision not to directly follow the “V” model, outlined
in detail in the GAMP 4 guidelines. Although the “V” model is a sound and entirely
logical process model, it was accepted early on that disruption to the teams who were
implementing and running our computer systems should be minimal. Consequently
the decision was taken to utilize existing project methodology, already of a high
standard. This enabled the teams to refer to terminology already well understood
within the business.
During successive brainstorming sessions with various members of the project
delivery teams the existing project lifecycle were mapped to the key phases.
Using the process flows detailed in Figure 18.2 [4] and Figure 18.3 [5] of the
GAMP 4 guide, the team analyzed the existing life cycle in terms of the key
validation phases and process steps. As a result, the implementation lifecycle was
broken down into four distinct project phases:
Each phase was then broken down (as illustrated in the figures) to represent the
activities and documents required by the project and validation teams, the software
houses and the organization’s quality assurance team in order to produce a fully
validated system. The results are illustrated in Figure 18.2.
The swimming lanes highlight the ownership of each document or process step.
This schematic illustrates how the business development team finalize the
requirements for the system solution (e.g., a new warehouse management system) to
be implemented. In tandem, the project team will create implementation and project
plans, along with a project definition document (PDD) as a general reference for
project information. These three high-level project documents will all be inputs into
the first project document that is reviewed by the validation team, the high level
business processes (HLBP) (in some cases the HLBP document may be included as
part of the user requirements specification.). The planning documents also feed into
Exel
SLA's
Exel Project Team (Operational Resource, Systems
Delivery)
Hand Over
Update/amend
Accept Cut Over Testing Change Control Go-Live Complete PIR
Appropriate Doc
Procedures
Completed
Change Control
Docs V Va Va Validation Review
Reports
477
Figure 18.2 Planning and Specification.
© 2005 by Taylor & Francis Group, LLC
Chapter18 27/6/05 8:09 pm Page 478
the first documents produced by the validation team, the validation master plan
(VMP) and the individual validation plans (VP).
The distinction between the VMP and VP is key to the way that the organization
approaches validation of its systems. The VMP will lay out the general approach to
validation of all systems as part of an overall project implementation or site activity
whereas the VP will describe in detail the activities to be undertaken in validating a
particular instance of a system for a particular client. The organization will therefore
not say that it has validated one particular system but instead, in most cases, will state
that it has validated a system as it is used by a specific customer. This is because of
the differences in configuration, network requirements, and hardware that occur
between multiple users of the same system. This approach is a direct consequence of
operating sites on a multiuser basis in order to make best use of key areas of expertise
across a number of clients. Operating multi-user facilities is another key factor in the
approach that the organization has taken to computer system validation. Where a
manufacturer validates a computer system used for a specific task, the organization,
as the logistics partner for several manufacturers, will be operating a system that
contains data sets for all the manufacturers using the same set of programs.
Although not explicitly using the “V” model, many of the principles are derived
from it. Ensuring that every activity or step laid out in the VP is referred to in the
final Validation Report guarantees that each activity is verified.
For a new supplier, a supplier assessment is conducted to gauge quality processes
and procedures in place before detailed project and validation planning documents
are put together. In the model shown in Figure 18.2 this occurs at a later stage. This
is a key step in the validation process for the organization. One reason for the
importance attached to the assessment is that Exel’s healthcare sector division does
not design any of its software solutions itself. Consequently any system that is to be
validated will be designed and constructed by a third-party supplier. The supplier
assessment therefore has to thoroughly ensure that the process of code design,
construction and testing is sound. (This also explains why the model lacks any
process steps for software design reviews, as they are not carried out by the
organization.) The procedure or template for carrying out a supplier assessment
reflects these needs.
Following the production of the VMP, VP, and HLBP by the validation and
project teams respectively, the project team then constructs its user requirements
specification, following a set procedure or template. This URS is reviewed and
signed off internally and by client before it is submitted to the supplier (subject to
a successful supplier assessment).
The supplier will then respond to the URS by providing a formal functional
specification document, which is fully referenced to the URS and details how each
requirement is to be satisfied. One key output of the GAMP 4 guide is a quality plan.
During initial validation exercises the validation team did produce a quality plan
with the QA staff in conjunction with the VMP. However, as the process evolved, the
quality plans for each system were so similar in content that the decision was taken
to produce a single high-level quality plan. This could be applied to any system
implementation. It states the commitment to quality in certain defined areas and
describes how the organization would achieve its aims in the area of quality through
the quality manual.
Though not represented in Figure 18.3, the validation team also establish an
ongoing risk, threat, and issue log which tracks all issues considered to have a
potentially detrimental impact on the ultimate validation of the system.
Once these documents have been produced, all the deliverables for the planning
and specification stage are in place and the first formal validation review can take
place. Following a set procedure the validation team will meet with the project team
and a representative of the QA team to review each document against the
procedures laid out in the quality manual. During this review each document will
be checked for adherence to the quality plan, consistency and completeness, and
against all the checklisted points of the review procedure. At this point the review
members can make a decision, based on the review checklist, as to whether to
accept the documents in their current state and proceed to the design phase or to
recommend necessary amendments before progressing. A formal report detailing
the results of the review process forms an input into the final validation report.
Upon successful review of the planning and specification stage, the system
implementation then moves into the “design” phase. Having established the key
specification documents, the project team now create a new series of documents,
which detail the configuration of the system. Existing and well-established
procedures are followed to produce specifications for hardware, network and
software configurations. (The latter only applies where there will be interfaces
between different software modules.) There will also be a master data definition
document outlining which static data needs to be set up on the system prior to full
testing and operation. An example of such data are the locations of defined pick
faces or customer and supplier address details. This is a document that is not
included in the GAMP guidance. However, the characteristics of the multiuser
environment not only necessitate this, but mean that it becomes a key specification.
As the validation and project teams handle individual instances of the same system
with data sets for each client, the static data, which needs to be configured prior to
live operations for a client, becomes a vital area when maintaining close control
over the system for each client. Similar issues can be seen in the software
configuration specification required for modular computer systems.
Other documents produced by the project team during this phase are the disaster
recovery and business continuity plan. The testing specification document defines
the approach to testing from the philosophy to the structure of the scripts, their
acceptance criteria and the testing scripts themselves.
The project team will also at this stage compile a traceability matrix linking all
the key system documentation and the functional areas within them. This allows an
external reader such as an inspector, to follow any functional requirement, from the
initial specification or business process document through to the eventual testing of
Expand on High
Create Network Create Interface Complete Test Complete Testing Update/Correct
Level Business
Design Spec Layout Docs Spec Traceability Matrix Failed Document
Processes
CONSTRUCTION
PROCESS
Create Disaster
Recovery Docs
Create Hardware
Config Spec
High Level
Business Reject
Software
Interface Layout Change Disaster Recovery
Configuration
Docs Requests Docs Carry Out Design Accept or
Spec
Validation
Review Reject?
Team
that function in the delivered system. This matrix is updated throughout the system’s
life by the site support teams reflecting any changes resulting from change requests.
These are recorded and retain full traceability for the URS, the FS, and the testing
scripts. Using such a matrix has also been an incidental benefit of implementing
GAMP methodology, since tracking areas of functionality through documentation
had occasionally been a problem area. This is now much improved in terms of speed
and reliability
Again, when the deliverables are in place, the validation, project, and quality
team members will carry out a formal review of the project phase before deciding
whether to proceed to the construction and testing phase (Figure 18.4).
Moving into the third project implementation phase, the initial versions of the
software were installed. The testing strategy laid out previously in the testing
specification can now be implemented. The schematic for this project phase lays out
all the possible areas of testing, and also bridges the terminology gap between
GAMP and the existing project terminology. The IQ, OQ, and PQ steps are
identified without creating extra process steps for the testing teams.
The testing specification is included in this phase as well as the previous one.
Here it is used as a reference to ensure that the test scripts have been produced
according to the testing plan.
If the business processes are to be expanded then they should be included in this
section. The other key deliverable here is the structured training material that is
produced to support users of the finally implemented system. This may include
project training material. As before, once all the deliverables are in place, a formal
review will determine whether the project team can progress to the final phase of the
implementation (Figure 18.5).
The final project phase involves completing the system testing (as per the testing
specification) so cutover testing documentation is included. All of the change
control documentation is also collated for future reference. This involves making
sure that all the specification and testing documents, as well as the traceability
matrix, are current prior to the handover from the project to the site support team.
This will also be documented, following a predefined procedure or template. Upon
completion, the final review can take place. Once all the project deliverables have
been satisfactorily completed, then the final validation report can be written. This
report will be written by the validation team, reflecting the results of all the
activities planned, in light of the original validation plan.
Once the validation team is satisfied that the system has been implemented in line
with all the processes and procedures as set out in the quality manual and all risk
and issue logs are closed out, then a validation certificate will be issued and the
systems or validation register is updated. This will then reflect that the system
implemented in this particular instance is considered validated and inspection ready.
House
S/W
Construction
Development
Exel Project Team (Operational Resource, Systems Delivery)
SLA's
Accept
Constructing Create Training
Accept Software Plan and
Configuration Material
ACCEPTANCE TESTING
& OPERATION
Business Process
Test Scripts Document
Validation Team
Exel
SLA's
Exel Project Team (Operational Resource, Systems
Delivery)
Hand Over
Update/Amend
Accept Cut Over Testing Change Control Go-Live Complete PIR
Appropriate Doc
Procedures
Completed
Change Control
V Va Va
Docs Va Va Validation Review
Reports
483
Figure 18.5 Validation process: acceptance testing and operation.
8.5
5.10 Fail
Maintaining
Systems/
Validated State
Validation Register
Operations &
Systems Team
Procedures
8.2 5.10
Validation Team
8.1
Validated Monitoring of
Send Reminder to
8.3 8.6 Accept or
Update Systems/
Operations that Hold Maintaining Pass Validation Register
System Systems/ Set up meeting Reject
review will take Validation Review & set date for next
Validation Register
place review
8.7
One of the biggest misconceptions that we encountered within the organization was
that once we had implemented a validated system all the work is done!
Using MS Visio Process models and IDEF0 charts we also constructed detailed
mechanisms for maintaining the validated state, which were held within the quality
manual.
The emphasis here is on the work to be done by the site support team who provide
live support to the individual clients once the system has been implemented.
Typically there will be one analyst or super user per client who will have support
from the validation team in maintaining the validated state.
The overall process is represented in Figure 18.6.
This time the starting point is the systems or validation register, which shows the
validation status of each system, and reflects the work required to achieve and
maintain this status. The work flow for the site team begins by following the
operational plan as laid out in the quality manual. This details how the system must
be maintained in terms of:
• Training.
• Problem management,.
• Service level agreements (SLA).
• System backups.
• Business continuity planning.
• Performance monitoring.
• System security.
• System retirement.
The retrospective process therefore forms the third plank of this approach to
validating all systems with GxP implications (e.g., after new systems and
maintaining the validated state).
This is still very much based on the processes already discussed. However the
emphasis here is on ensuring that the key deliverables are already in place. This
involves carrying out “gap analysis” and then performing any necessary remedial
work. In this sense the organization’s approach as a distributor does not differ
significantly from a manufacturer, although the deliverables do, of course.
As in a prospective implementation, validation plans are created. Once all the
documents have been collated then a series of validation reviews will determine if
the system meets the required standards prior to production of a final report, and
update of the systems or validation register.
The area of electronic records and signatures is no easier for those working to cGDP
than it is for those working to cGMP, cGCP, or cGLP. Also the recent withdrawal of
guidelines and recent interpretations of the CFR 21 Part 11 legislation makes this a
very difficult area in which to achieve full compliance.
The Approach
The organization has incorporated the ER/ES requirements within the overall
validation approach. There is no separate plan to achieve Part 11 compliance per
system. There is a policy document that states how to achieve compliance published
within the quality manual, detailing the requirements of each section of the
regulation and sets out how compliance is achieved.
This approach is illustrated by the extract from the quality manual shown in
Figure 18.7.
• Policies.
• Protection of records.
• Security (system and logical).
• Sequential checks.
• Training.
• Documentation.
Suppliers'
technical
controls
Admin. Systems
control procedures
policies
The quality manual was first launched in the final quarter of 2002 as the validation
and project team members used the new processes and procedures to retrospectively
validate the core versions of the key healthcare warehousing solutions. These are
the warehouse management system (WMS), task management system and the
integration solution that links the WMS with our clients own ERP and MRP
systems. This exercise was termed the validation of generic versions of the systems.
Identification of core functionality through the high-level business processes was
followed by the creation of a URS, supplied to our software suppliers in conjunction
with supplier audits. As previously illustrated this assessment is vital to ensure the
software design quality, achieved through rigorously challenging the potential
supplier’s design methods.
We experienced some issues with our suppliers because they supply systems that
are not used exclusively in a healthcare environment. They also wanted to know
afterwards if they were then “GAMP compliant.” (The answer was that there is no
such thing as being “GAMP compliant,” however vendors could be technically
compliant with the guidance but this is heavily dependant on the administrative and
procedural controls applied by their customers as illustrated in Figure 18.8.)
Another benefit of doing the work was that we were able to improve, or suggest
potential improvements, for some of their procedures with regard to future software
development.
We have also found that audited and potential suppliers with previous experience
of applying the GAMP principles were much further ahead in areas such as QMS,
continuous improvement, code design and review, in comparison to their uninitiated
counterparts.
We were then able to follow through the rest of the validation processes, holding
formal reviews at predefined stages of the implementation lifecycle to ensure that
the key documents had been produced to satisfactory standards and in line with the
established procedures, for example, the user requirements specification, the
functional specification and the testing specification and attendant scripts. This
culminated in the production of final validation reports for each of the systems,
which summarized the results of each of the validation reviews and the creation of
a systems or validation register, updated with the results as well as any actions,
which remained outstanding.
Since the completion of the generic validation project the validation protocol has
been fully deployed to validate specific instances of the WMS and several other
systems such as those used for clinical trials logistics and temperature monitoring.
The regulatory environment has changed while the validation protocol has been
developed, the merger between the MCA and the MDA to form the MHRA in the
UK demonstrates how it is vital to constantly review the environment that we as a
business operate in. Regular housekeeping tasks now include reviewing the main
regulatory communications channels for white papers and new draft guidance
documents. This is increasingly done in partnership with our colleagues in the U.S.
and APAC regions.
More specifically, recent guidance issued by the FDA, following on from the
ISPE’s white paper has led to a different, narrower interpretation of the scope and
application of 21 CFR Part 11 [6]. This has meant that we have reviewed our
approach to the issues of electronic records and signatures, and revised the
documentation within the quality manual where necessary to do so.
MOVING FORWARD
There has been some organizational resistance by parts of the business community
who have viewed validation as a commercial option rather than a necessity. It was
viewed as adding to the paper workload and being an “IT” cost rather than adding
any value, so a lot of education and communication has been required. This
communication has taken the form of internal presentations at different levels of the
business and production of information packs for project, site support, and business
development teams. The validation team has tried to remove the perception that
validation is something which the IT community come and do to the operations and
encourage the philosophy that the organization builds validation into our way of
doing things such that it becomes part of good project and support practice.
There has also been a presumption that operations more concerned with medical
devices have a lesser regulatory onus than for pharmaceuticals. The recent merger
of the MCA and MDA to form the MHRA in the U.K., and the inevitable
harmonization of regulatory requirements, is evidence that this will no longer be the
case. Again, by building the validation protocol into standard project practice this
problem is gradually being eliminated.
Misconceptions in some European locations have included varying interpretations
of the stringency of country regulations when compared to the U.K. and U.S. Also a
different perception existed in some countries of what validation involves. The
organization has addressed this issue at the highest level by building validated
systems into our healthcare sector brand through an insistence that all new system
implementations will be validated.
Another misconception has been by the third party software suppliers that has
ISO900x accreditation can act as a substitute for following GAMP! The challenge
here was enforcement of any noncompliance since we do not have any direct power
to enforce changes without resorting to the commercial arrangement. Through our
existing excellent supplier relationships we have worked together to reach a point
where we are happy that our suppliers fulfil their obligations to us and our
requirements.
There was also a feeling early on that only the warehouse management systems
required validation, little regard was given to other software or even process control
systems. Subsequently Exel’s healthcare sector having recently built a new UK
pharmaceutical export warehouse facility has extended validation to the building itself
as part of the process of gaining MCA license approval, including the temperature
monitoring system, the access control system, and the chilled goods storage areas.
As has already been seen, perceptions like this would be a one-off exercise that
the IT community would perform. However, as part of the education and
communication process, emphasis has been placed on the importance of
maintaining the validated state following initial implementation and this is a
message that has gradually been accepted by the business and is now owned by the
various support functions.
Members of the validation team are now often present at early stage meetings or
presentations to potential clients or where we are trying to extend the scope of our
business with existing customers. Senior management have recognized that many
pharmaceutical and medical devices manufacturers will not consider us as a third
party logistics partner if we cannot offer validated systems to them. It is now
recognized as an important tool by which we can differentiate itself from its peer
group and provide us with a distinct competitive advantage.
REFERENCES