0
shares

So the Validation Department generate the protocol and the Quality Department are involved in reviewing the protocol. Having worked on various different projects it has become quite apparent that the quality review on any protocol is a very important review as it irons out all of the documentation mistakes that occur when the document is being generated.

Quality Vs Validation  - Good Vs Evil
Quality Vs Validation - Good Vs Evil

On the other hand I often wonder if quality takes this review too far, and if they do why?

Quality Review

For example if you have a quality person reviewing an IQ or OQ protocol on a computer application, is it acceptable for them to review it having little knowledge of the application.

Does this lead to the quality person reviewing the protocol with an overly cautious approach to the point where the validation engineer is ready to pull their hair out in frustration.

A Simple Scenario

Lets take a very simple scenario. A test protocol usually has the following fields:

  • Test Procedure
  • Acceptance criteria
  • Meets Acceptance Criteria Yes/No
  • Performed by /Date

The column to take note of in this scenario is the Acceptance Criteria and the Performed by/Date field.

Lets discuss the acceptance criteria field first, this field usually contains the criteria that must be met in order to pass a test section. If the test is carried out and the acceptance criteria are not met then this usually results in a deviation or an event being raised.

I don’t think anyone has an issue with this scenario, but in terms of acceptance criteria what is acceptable?

Let take a simple example:

Test Procedure: Click the Yes radio button
Acceptance Criteria: Deviation message is displayed
Meets acceptance criteria: Yes
Performed by: Joe Soap 12/12/09

Is this acceptable from a quality perspective though, I mean when you sign the performed by section do you mean that the test has been completed or do you mean that the deviation message was displayed and the test was completed.

Screenshots

If the quality department are not happy with the latter then they will require a screenshot as evidence that the deviation message was displayed.

Do you see what I am getting at here; does this mean that screenshots are required for all acceptance criteria?

If so then your protocol will contain numerous attachments and a long review time.

Before your protocol is approved you really need to work closely with the quality department in order to understand what is acceptable from an acceptance criteria view point.

If you would like further assistance with protocol generation please feel free to contact Premier Validation

0
shares

  • maryacton

    Nice post – Yes we have the same issues with quality, they are important to the overall process but it is important that validation and quality work together and not think they are on different teams.

  • maryacton

    Nice post – Yes we have the same issues with quality, they are important to the overall process but it is important that validation and quality work together and not think they are on different teams.

  • S. J. D’Souza

    Documentation corrections do not equal spelling mistakes. There is more to a quality review that just spell check. On the surface it seems so much easier to have to review a document than having to create it in the first place. Having to write a protocol for anyone to understand decreases the efficiencies of the risk based approach or quality by design. IMHO it is incumbent of the quality approver to educate him/herself of the application in question before/while approving. Approval should be an iterative process to deliver the best qualification document.

  • S. J. D’Souza

    Documentation corrections do not equal spelling mistakes. There is more to a quality review that just spell check. On the surface it seems so much easier to have to review a document than having to create it in the first place. Having to write a protocol for anyone to understand decreases the efficiencies of the risk based approach or quality by design. IMHO it is incumbent of the quality approver to educate him/herself of the application in question before/while approving. Approval should be an iterative process to deliver the best qualification document.

  • gokeeffe

    Hi S. J. D’Souza,

    Thanks for the comments, in your experience could you provide a list of other aspects of a quality review?

    Cheers

    Graham

  • gokeeffe

    Hi S. J. D’Souza,

    Thanks for the comments, in your experience could you provide a list of other aspects of a quality review?

    Cheers

    Graham

  • snaranjo

    Quality involvement on Computer validation is essential to success, but also to concentrate on relevant testing and documentation. We can take tons of screenshots as evidence of standard functionalities (hardly tested by the supplier) and miss the opportunity to test critical or risky configuration. Then we have a very nice but useless documentation. In other words, validation effort should be focussed on demonstrating that system (or system configurations) meet the user processes without compromising electronic records. Documentation is a part, not the goal of validation, and quality people not always has this view. In my opinion, testing must be done by a well-trained or experienced user who write “pass/not pass” and sign the execution. A second user (witness or not) review the results and take part on resolution of fails/non conformities. We use to involve QA as final test reviewer (and protocol/report approvers).

    Regards

  • snaranjo

    Quality involvement on Computer validation is essential to success, but also to concentrate on relevant testing and documentation. We can take tons of screenshots as evidence of standard functionalities (hardly tested by the supplier) and miss the opportunity to test critical or risky configuration. Then we have a very nice but useless documentation. In other words, validation effort should be focussed on demonstrating that system (or system configurations) meet the user processes without compromising electronic records. Documentation is a part, not the goal of validation, and quality people not always has this view. In my opinion, testing must be done by a well-trained or experienced user who write “pass/not pass” and sign the execution. A second user (witness or not) review the results and take part on resolution of fails/non conformities. We use to involve QA as final test reviewer (and protocol/report approvers).

    Regards

  • http://www.validationplusinc.com jeff gassman

    Several interesting points should be clarified:

    1) prior to writing a protocol, I recommend that a team be established including the writer, the system owner, and the quality reviewer. This allows the team members to learn their strengths, weaknesses, and personality traits (if the quality reviewer is weak in computer validation the others can diplomatically provide suggestions, learn that the quality reviewer is not open to suggestions, or learn what the quality reviewer expects). Having written over a hundred protocols, I highly recommend this.

    2) prior to writing a protocol, I recommend that the writer generate an outline of what will be tested and identify the template to be used (to achieve team consensus). For example, I recommend that you include columns for “Expected Results” and “Actual Results” so that the reviewer can determine if actual results met expected results.

    3) getting to know the team members before writing the protocol improves the likelihood of it being right-first-time (minimizing protocol approval time and protocol review time after execution).

    4) it is important that a protocol be written such that execution and review is not open to interpretation (the team, including the executor, knows what is expected as does the reviewer). As an example, state when a screenshot is required (attach printout demonstrating that ….). Screenshots are required to demonstrate tasks have been performed successfully. As a rule of thumb, one or two, per test case.

    If you have any questions, you can reach me via email at: jeffreygassman@validationplusinc.com

  • http://www.validationplusinc.com jeff gassman

    Several interesting points should be clarified:

    1) prior to writing a protocol, I recommend that a team be established including the writer, the system owner, and the quality reviewer. This allows the team members to learn their strengths, weaknesses, and personality traits (if the quality reviewer is weak in computer validation the others can diplomatically provide suggestions, learn that the quality reviewer is not open to suggestions, or learn what the quality reviewer expects). Having written over a hundred protocols, I highly recommend this.

    2) prior to writing a protocol, I recommend that the writer generate an outline of what will be tested and identify the template to be used (to achieve team consensus). For example, I recommend that you include columns for “Expected Results” and “Actual Results” so that the reviewer can determine if actual results met expected results.

    3) getting to know the team members before writing the protocol improves the likelihood of it being right-first-time (minimizing protocol approval time and protocol review time after execution).

    4) it is important that a protocol be written such that execution and review is not open to interpretation (the team, including the executor, knows what is expected as does the reviewer). As an example, state when a screenshot is required (attach printout demonstrating that ….). Screenshots are required to demonstrate tasks have been performed successfully. As a rule of thumb, one or two, per test case.

    If you have any questions, you can reach me via email at: jeffreygassman@validationplusinc.com

  • http://etech-group.com/index.php?page=ServicesWeProvide&textsec=8 Validation Specialist

    Excellent comments – particularly the detail from Jeff.

    Something to keep in mind is that there are several common rationales or approaches to validation. These can typically vary by company, by division within a company, or even by the project that you are representing. Understanding the validation approach for your particular project is critical if you expect to be successful when it comes time for a quality review. Deliverable types that were acceptable on your last project may no longer apply, even for the same type of system.

    For example, if your project follows a risk-based approach there will be specific criteria that quality uses as a measuring stick. You may have a full suite of system lifecycle documentation, such as User Requirements, Functional Specifications, and/or a Design Specification of some sort. Depending on how the risk-based approach is structured, quality may expect your protocol to include verifications of specific elements from within these lifecycle documents. Your role in a project may be focused on protocol development, however, it’s critical that you understand validation rationales that may already be planned for your project. This is in alignment with comments by Jeff that you should familiarize yourself with quality’s expectations.

    To summarize, while it’s crucial that protocols and test cases be structured in a manner that eliminates ambiguity, understanding the rationales for testing and the appropriate deliverables that feed into the qualification effort are foundational when it comes time for a quality review.

    As a caveat, there are clearly organizations who don’t require indepth planning or advanced rationales when planning a validation effort. Whereas understanding a risk-based approach to protocol writing is critical if you want to be successful in a risk-based environment, communication of expectations is equally critical in a less rigorous business environment. In either case, the key to successful protocol development is understanding the basis that quality will be using when it’s time to review your work.

  • http://etech-group.com/index.php?page=ServicesWeProvide&textsec=8 Validation Specialist

    Excellent comments – particularly the detail from Jeff.

    Something to keep in mind is that there are several common rationales or approaches to validation. These can typically vary by company, by division within a company, or even by the project that you are representing. Understanding the validation approach for your particular project is critical if you expect to be successful when it comes time for a quality review. Deliverable types that were acceptable on your last project may no longer apply, even for the same type of system.

    For example, if your project follows a risk-based approach there will be specific criteria that quality uses as a measuring stick. You may have a full suite of system lifecycle documentation, such as User Requirements, Functional Specifications, and/or a Design Specification of some sort. Depending on how the risk-based approach is structured, quality may expect your protocol to include verifications of specific elements from within these lifecycle documents. Your role in a project may be focused on protocol development, however, it’s critical that you understand validation rationales that may already be planned for your project. This is in alignment with comments by Jeff that you should familiarize yourself with quality’s expectations.

    To summarize, while it’s crucial that protocols and test cases be structured in a manner that eliminates ambiguity, understanding the rationales for testing and the appropriate deliverables that feed into the qualification effort are foundational when it comes time for a quality review.

    As a caveat, there are clearly organizations who don’t require indepth planning or advanced rationales when planning a validation effort. Whereas understanding a risk-based approach to protocol writing is critical if you want to be successful in a risk-based environment, communication of expectations is equally critical in a less rigorous business environment. In either case, the key to successful protocol development is understanding the basis that quality will be using when it’s time to review your work.

  • waynem

    Nice Post! As I work for a large company with many branches, I have had to work closely with the various Responsible Head of Quality. My experience has shown that one has to understand the Quality “Person” to be able to understand their individual needs. Some are more prone to checking the basic fundimentals such as the font,size, shades of grey, etc of the documentation while others are extremely stroppy with spelling and grammer and yet have no idea of the various tests that are to be performed. Others ignore this and show a keen interest in the why, when, and what’s of the script that one is bombarded with so many questions that one starts to question your own protocol writing skills!! lol.

    As every person has a different outlook/way of doing something such as protocols, as a Protocol writer/executioner (grin..) at least ones life will never be boring.

    Keep the posts rolling. Tx

  • waynem

    Nice Post! As I work for a large company with many branches, I have had to work closely with the various Responsible Head of Quality. My experience has shown that one has to understand the Quality “Person” to be able to understand their individual needs. Some are more prone to checking the basic fundimentals such as the font,size, shades of grey, etc of the documentation while others are extremely stroppy with spelling and grammer and yet have no idea of the various tests that are to be performed. Others ignore this and show a keen interest in the why, when, and what’s of the script that one is bombarded with so many questions that one starts to question your own protocol writing skills!! lol.

    As every person has a different outlook/way of doing something such as protocols, as a Protocol writer/executioner (grin..) at least ones life will never be boring.

    Keep the posts rolling. Tx

  • R Hess

    Interesting that there seems to be such animosity between validation teams and quality teams. I work for a very small company and the quality and validation duties overlap as far as responsible personnel.
    I have had to do much educating here on what the purpose of validations are in order to be able to work well with all departments. And truthfully, the manufacturing departments are the most resistant to performing validations.
    Maybe this is a strange question, but don’t validation teams want their documents to meet all of the quality standards too? If a question the quality reviewer brings up cannot be answered easily, then maybe the quality reviewer has a point…?
    In our company, the quality department handles most of the external audits and must assist in defending documents to customers, ISO auditors, and government auditors. As both a quality and validation position, I definetly don’t want to be caught in a position with an auditor of any kind where I cannot defend or explain any part of a validation document…

  • R Hess

    Interesting that there seems to be such animosity between validation teams and quality teams. I work for a very small company and the quality and validation duties overlap as far as responsible personnel.
    I have had to do much educating here on what the purpose of validations are in order to be able to work well with all departments. And truthfully, the manufacturing departments are the most resistant to performing validations.
    Maybe this is a strange question, but don’t validation teams want their documents to meet all of the quality standards too? If a question the quality reviewer brings up cannot be answered easily, then maybe the quality reviewer has a point…?
    In our company, the quality department handles most of the external audits and must assist in defending documents to customers, ISO auditors, and government auditors. As both a quality and validation position, I definetly don’t want to be caught in a position with an auditor of any kind where I cannot defend or explain any part of a validation document…

Similar articles:

0
shares

‘To the Cloud or not to the Cloud, that is the question.’

While it’s certainly a familiar question, with apologies to Hamlet, there is a question that tends to come first: “What is the Cloud in the first place?” Have you seen this on-line graphic lately of a young child who is just looking at you with the caption – ‘There is no cloud…’

Information Workers

The reality for most ‘information workers’ is that as long as your keyboard, mouse and monitor have something to plug into and data displays, all you really need to see is where that ‘something’ plugs into the wall so you can be sure you have a physical connection.

What’s on the other side of the wall – or even if there is strictly speaking no ‘other side’ – is not the users concern. You don’t need to have physical computing resources right next to you as long as the ‘virtual machine’ you are working on is properly provisioned and the latency (or ‘lag/response time’) isn’t large enough to be an issue.

Enterprise

The physical computing resources matter if you are doing a lab analysis with physical samples on instruments or using an automated line to produce product. In the land of data analysis, reporting and document production, the data needs to be available, not present.

From the enterprise perspective however, what is ‘present’ behind the wall is a true concern. Since compliance to regulations means ‘control,’ how the cloud supplies and protects those resources and the information they provide needs to be documented under a defined quality management system. While cloud vendors are glad to quote services and prices, they have not always been forthcoming about how things are done in their building.

Outsourcing

The move to the cloud is a physical move – of your data, applications and possibly compute and platforms – to somewhere else. The somewhere is physical while your usage and controls become logical and virtual. If that makes you feel uneasy – or if you prefer ‘risk averse’ – you are not alone.

Outsourcing is a concept that brings joy to financial / accounting types, but for those involved with compliance, quality and validation, it brings a new set of challenges and concerns. It should recall the words of Mr. Murphy – “Nothing is as easy as it looks, everything takes longer than you expect AND if anything can go wrong, it will – usually at the worst possible time.”

Current warning letters addressing data integrity have focused on site forensics – data in trash cans, bags of shredded records. When it comes to the cloud, there is no ‘there’ for you to access – unless there are the careful negotiations, detailed SLAs and rigorous audit/ follow-up required to give your enterprise the confidence it needs to move forward.

Do your current internal resources have the expertise and the flexibility to deal with a vendor you have to trust significantly? This is more complex than a contract manufacturer where you can review the SOPs for compliance, watch the process and then have the product independently tested.

GxP Compliance

The draw of the cloud is that everything is ‘out there’ – available ‘just by an e-mail’ – and not running up costs on your premises. What will happen if suddenly it isn’t ‘there?’ Whose fault will it be – oh, must be the vendor. Good idea – blame the vendor – but there’s many a wire between your ‘here ‘ and their ‘there.’

Will it be your communication vendor, some nameless third party supplier or cloud hardware, software or internal network failure? There are many ABCs in the cloud – SaaS, IaaS, PaaS, Haas, AaaS, ITaaS – and the list goes on. It is critical to have the proper support to be able to straighten all those letters out to spell ‘GxP compliance.’

Cloud Provider

Everyone wants their cloud provider to look like the image below. But that will take attention to detail, technical understanding and the ability to ask ‘the next questions’ needed to assure quality and compliance.

Those will include security at multiple levels and how are they going to maintain those perfect cables when the one in the middle breaks?

There are many items to be considered – here are some more:

  • What application(s) and data are going to be ‘sent to the cloud?’
  • What in-house processes / systems need to access that data?
  • Where will the data physically be held and what are the laws in that location if outside of the USA?
  • What are the backup provisions for the cloud providers’ servers and storage?
  • What is the security plan – including physical, logical and access controls?
  • How will your audit resources be granted access and under what ground rules?
  • Does the vendor provide a Quality Manual or Quality Management System document for review?
  • Does their contract include a ‘non-cookie cutter’ Service Level Agreement (SLA) that details your focus points?

John English is an independent contractor with The Azzur Group.

If you would like any help with CSV related projects please visit www.azzur.com.

0
shares

Similar articles:

0
shares

Changes to equipment and documentation is an integral part of the whole GMP process in any regulated facility. In this article we will discuss how equipment is designed in a GMP facility and how good documentation practices are an essential part of quality assurance and GMP.

The content of this article has been taken from module 7 of our eLearning module on Good Manufacturing Practices (cGMP) within the life sciences.

You can view this module in full by viewing the video below.

cGMP eLearning Module – Compelling, Engaging and Interactive

 

Equipment

All equipment is designed, constructed and located to suit their intended use and to facilitate easy maintenance and cleaning.

Equipment is installed in such a way as to prevent any risk of error or of contamination, and cleaned according to detailed and written procedures and stored only in a clean and dry condition.

Production equipment should be designed in such a way as not to present any hazard to the products.

The parts of the production equipment that come into contact with the product must not be reactive, additive or absorptive to such an extent that it will affect the quality of the product and thus present any hazard.

Any defective equipment should, if possible, be removed from production and quality control areas, or at least be clearly labelled as defective. When not in use, equipment should be covered to ensure it remains clean.

Balances

Balances and measuring equipment of an appropriate range and precision should be available for production and quality control operations.

All measuring devices are required to be calibrated and checked at defined intervals by appropriate methods, and adequate records of such tests should be maintained.

Utilities

Fixed piping should be clearly labelled to indicate the contents and where applicable, the direction of flow.

Water pipes used in production (e.g. Purified Water, Water for Injection) are sanitised according to written procedures that detail the action limits for microbiological contamination and the measures to be taken.

Electrical circuits should be identified, and a record maintained of the load on each circuit to prevent inadvertent overload.

Documentation

Good Documentation Practices are an essential part of quality assurance and GMP.

It is important for a manufacturer to get the documentation right in order to get the product right.

GMP Documentation e.g. Site Master File, Specifications, Batch Manufacturing Formulae, Batch Manufacturing Records, Processing, Labelling, Packaging, Testing Instructions, Standard Operating Procedures, Protocols, Technical Agreements, Records, Certificates of Analysis, Reports etc. should contain the following attributes of a good document:

They should be:

  • Attributable
  • Legible
  • Contemporaneous
  • Original
  • Accurate
  • Complete
  • Durable
  • Corroborated
  • Version Based
  • Accessible
  • And Authorized

Change Control

Change to GMP documentation, equipment, processes, systems, instrumentation, test methods, etc. are required to be controlled under a formal change control program.

This program must consist of Quality oversight to review the proposed changes, evaluate the potential impact of the change, determine any potential risk to product quality, and to establish the required level of supplemental validation/documentation required for the change.

In many instances, changes will also require submission to the Health Authority for approval of the change.

For example, changes impacting the submission documentation are subject to post approval change guidances according to the Health Authority regulations.

Change Control is a critical aspect of the GMP systems.

If you want to learn more about cGMP or if you want to evaluate our eLearning module for your company you can find more information here.

0
shares

TOP

Similar articles: