Apply Risk Management to Computerized and Automated Systems


Published on

Neil Duser describes potential risks for automate systems in pharmaceutical manufacturing.

Published in: Health & Medicine
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Apply Risk Management to Computerized and Automated Systems

  1. 1. Apply Risk Management for Computerized and Automated Systems IVT 11th Annual Change Control & 3rd Annual Risk Management January, 2013 Presented By: 1
  2. 2. AgendaI.I Terms & Definitions - Q9 Quality Risk ManagementII. GxP AssessmentIII. Risk Identification and PrioritizationIV. Risk Based Test Planning gV. Periodic Reviews of RisksVI. Interactive Exercise 2
  3. 3. AgendaTerms & Definitions - Q9 Quality Risk ManagementICH Q9 “Quality Risk Management”GAMP 5GxP Assessment Procedure Form 21 CFR Part 11 relevanceRisk Identification and Prioritization Severity Probability Risk Class Detectability Risk PriorityRisk based Test Planning ExamplesPeriodic Reviews of Risks Maintaining appropriate risk levels.Interactive ExerciseUsing a real life example, participants study Life Cycle Risk Management 3
  4. 4. Typical Risk Assessment Points throughoutSystem’s Life Cycle 4
  5. 5. Terms & Definitions - Q9 Quality Risk ManagementRisk Identification – What can go wrong?Risk Evaluation – Severity, Occurrence, DelectabilityRisk Analysis – Quantitative (1 -5) Qualitative (High – Low)Risk Control – Reduction Acceptance Reduction,Risk Communication/Review 5
  6. 6. GAMP ApproachUnderstand the processUnderstand the product and dataQuality Management SystemScalable Life Science ActivitiesScience Based Quality Risk ManagementSupplier Involvement 6
  7. 7. 7
  8. 8. GxP AssessmentGxP -- The collective requirements for p q processes, p , personnel, materials ,and equipment used in the manufacture and distribution of foods, drugsand medical devices as defined in 21 CFR for Good ManufacturingPractices (cGxP), Good Clinical Practices (GCP), Good LaboratoryPractices (GLP) and Good Distribution Practices (GDP) GxP may also (GDP).include practices and procedures considered to be “industry standards”.This procedure describes how computerized applications andsystems are assessed for GxP – relevance and 21 CFRcompliance. 8
  9. 9. GxP AssessmentGxP Assessment QuestionsDoes the application control or monitor machinery or instrumentation used in themanufacture of product? This includes critical support systems for steam,compressed air, water for injection, and clean room air.Is thI the application used t d li ti d to document or calculate product, production process, or t l l t d t d timaterial quality information? This includes defect count, defect types, inspectionresults, and QC sample information.Is the application used to document or track which materials were used in ppmanufacture or testing of a product or in-process material?Is the application used to document or calculate the results for a proceduredefined on a material specification?Does th application schedule or t k th calibration or maintenance hi tD the li ti h d l track the lib ti i t history of fitems used in product manufacture or testing?Does the application track or control the issuance of GxP-related documents?Examples: NLR issuance, p p procedure issuance. 9
  10. 10. GxP AssessmentGxP Assessment QuestionsDoes the application provide the original record of an activity required by GxPs?Examples: GxP training, complaint investigations, procedurally required qualitytrending reports.Is thI the application used t support th acceptability of products, materials, or li ti d to t the t bilit f d t t i lprocesses?Does the application support (store e-records, perform calculations) a system orpprocess validation?Does the application support issuance or distribution of product labeling,marketing literature, directions for use, or other similar controlled productliterature?Electronic Record AssessmentEl t i R dA tDoes the application retain a record on durable electronic media (i.e., disk, tape,CD, network or other non-transient media)?Does the application create, modify, store, archive, or transmit a GxP record? create modify store archive 10
  11. 11. GxP AssessmentElectronic Signature Assessment gAre signatures, initials, or other operator identification required for the operationsdocumented by this application?Are decisions made on the information documented by this application prior tooperators signing any h d t i i hard-copy d documents? t ?Section E: GAMP-5 Category Assignment1I f t t Infrastructure Software S ft3* Non-Configured4 Configured5C Custom*Category 2, from GAMP 4, was eliminated in the GAMP 5 revision 11
  12. 12. GxP AssessmentAssessment Conclusions The application is determined to be GxP-related. Validation and controls appropriate for GxP-related applications apply. The application is determined NOT to be GxP-related. No additional controls are required by GxP. The application generates electronic records requiring the controls specified in 21 CFR Part 11. The application does NOT generate electronic records requiring the controls specified in 21 CFR Part 11. The application incorporates or requires an electronic signature for a GxP- related function. The controls specified in 21 CFR Part 11 apply. The application does NOT use or require an electronic signature for a GxP- related function. 12
  13. 13. GxP AssessmentAssessment ConclusionsGAMP-5 Category Assignment 1 Infrastructure Software 3 Non-Configured 4 Configured 5 Custom 13
  14. 14. Risk Identification and PrioritizationSeverity – Impact on p y p patient safety, p y, product q quality and data integrity y g yProbability – Likelihood of the fault occurringRisk Class – Determined by the relationship between Severity andProbabilityDetectability – Likelihood that the fault will be detected prior to harmoccurringRisk Priority – Determined by the relationship between Risk Class andDetectabilitySuccessful execution of this method depends on the ability of the CSRAteam to ag ee o the meaning o High, Medium, a d Low for eac ea o agree on e ea g of g , ed u , and o o eachsegment of the assessment. 14
  15. 15. Risk Identification and PrioritizationGuidance for Functional Risk AssessmentAssess each of the hazards associated with a function in two stages.Stage 1 – Severity of impact on patient safety, product quality and data integrityis plotted against the likelihood that a fault will occur, giving Risk Class.Stage 2 – Risk Class is then plotted against the likelihood that the fault will bedetected before harm occurs giving a Risk Priority. 15
  16. 16. Risk Identification and Prioritization 16
  17. 17. Risk Identification and PrioritizationSystem or Data Destruction yDestruction of system due to power surgeLoss of data due to power outage/brown-outLoss of system access due to power outageLoss of data due to storage faultLoss of system access due to processor or memory failureDestruction of system due to loss of environmental controlDestruction of system due to fireDestruction of system due to earthquake or other disastersBackup/Restore procedure ineffective 17
  18. 18. Risk Identification and PrioritizationSecurity yPhysical security breach of server/computerLogical security breach from outside the organizationLogical security breach from inside the organizationComputer Virus infectionExecution of privileged functions by unauthorized personUntrained operators using the systemForgery of electronic signaturesCopying of electronic signaturesTampering with completed recordsIncomplete electronic signatures accepted 18
  19. 19. Risk Identification and PrioritizationHuman FactorsReliance on (only) color for critical alarmsReliance on (only) audio for critical alarmsCritical faults do not require acknowledgementAlarm conditions not captured in permanent recordPerformanceSystem inability to service maximum number of concurrent usersOperation sequence impacted by system loadAlarms not provided to operators in real timeTime-critical events not serviced in time 19
  20. 20. Risk Identification and PrioritizationLogical gImproper user inputs or sequence corrupts or disrupts systemThroughput cannot meet demandOperators not informed of system or data failureResult algorithms incorrectSafetySystem fault creating an employee safety hazardSafety interlock fails to disable machineImproper wiring creates electrical hazardSystem SpecificList hazards specific to system functionality 20
  21. 21. Severity Characteristic Low Medium High Severity Cosmetic affect, fault forces Alarmed, readily recoverable Unrecoverable or extended excess operator documentation, failure of a key system function, documentation function failure of primary system occasional rejection of good non-critical data loss, failure of a function(s), severe regulatory product, momentary operator minor specification. impact, critical data loss intervention required to correct non-critical function Severity Expected to have a minor Expected to have a moderate Expected to have very significant negative impact. Damage would impact. Damage would be negative impact. The impact not be expected to have long- expected to have short to could be expected to have term detrimental effects. medium term detrimental effects. significant long-term effects and potentially catastrophic short- term effects. Severity Hazard is not expected to result Hazard could directly result in Hazard directly results in the in negative medical moderate injury to the patient or death or serious injury of the consequences or any operator patient or operator complications. Hazard could indirectly affect the Hazard indirectly affects the patient such that delayed or patient such that delayed or incorrect information could result incorrect information could result in moderate injury to the patient. in the death or serious injury to the patient Severity Hazard will cause small damage Hazard will cause considerable Hazard will/is; to the business business or image damage, but Endanger people will not endanger the company Contrary to law or regulation Damage to company image with unforeseeable consequences. 21
  22. 22. Likelihood Characteristic Low Medium High Probability <1 incident per month <1 incident per week, but >1 per Once or more per day month. Probability Frequency of the event occurring Frequency of the event occurring Frequency of the event occurring is perceived to be once per ten is perceived to be once per is perceived to be once per thousand transactions thousand transactions hundred transactions Probability Not expected to, or will rarely Likely to occur infrequently or Likely to occur regularly or many occur during the life of the several times during the life of the times during the life of the product/system under normal product/system under normal product/system under normal operating conditions. operating conditions operating conditions Probability ≥1:1001 – 5,000 =1:101 – 1,000 ≤1:100 Probability The problem will only occur if The problem couldn’t really be Failure will happen at regular several events happen at the excluded for a long time, even intervals same time under normal conditions. 22
  23. 23. Detection Characteristic Low Medium High Detectability Very difficult or nearly Some automated error High level of error impossible to capture the checking processes exist. checking processes error One-over-one review may O i exists. O i One-over-one be required. It’s likely that review required. Missed the error will be captured error will be obvious in in review of outputted review of outputted information. information. 23
  24. 24. Risk Identification and Prioritization 24
  25. 25. RA Form - Example Project Title Example p Project Number XX-XX-XXXX Scope Risk Assessment Relevance Probability Risk Risk Sub- GxP or of Severity Detectability Priority Scenarios ClassFunction Function Business Occurrence Comments A L L 3 L M B L M 3 M L C L H 2 L H D M L 3 H L E M M 2 M M F M H 1 L H G H L 2 H L H H M 1 M H I H H 1 H M 25
  26. 26. Risk Based Test Planning Risk Level Testing Strategy Zero Function is not related to a URS. No testing required required. 4 PQ testing only 3 Positive OQ testing Indirect PQ testing 2 Positive OQ testing Direct PQ testing High Positive and Negative OQ testing Direct Di t PQ testing t ti 26
  27. 27. Risk Based Test Planning – Examples Function Low Risk Medium Risk High Risk Input function with Verify normal data is Boundary testing: 1 Boundary testing: 9.9,acceptable data range accepted value below 10, 1 value 10.0, 10.1, 19.9, 20.0, of 10.0 – 20.0 in range, 1 value above 20.1 20. Null l N ll value challenge h ll Null l N ll value challenge h ll Incorrect decimal precision Alpha characterTemperature control for Verify calibration Verify accurate Verify accurate an instrument procedures calibration throughout calibration throughout operating range operating range 3-point boundary 3 i tb d 6-point b 6 i t boundaryd testing for alarms testing for alarms Challenge control precision against defined process p parameters 27
  28. 28. Periodic Reviews of RisksChange Control Assessments System Upgrades New Interface(s) New Modules 28