| Department | Validation/Technical Services | Document no | VAL-055 | ||
| Prepared by: | Date: | Supersedes: | |||
| Checked by: | Date: | Date Issued: | |||
| Approved by: | Date: | Review Date: | |||
Document Owner
Validation Manager
Affected Parties
All Validation, Technical Service, Operations, Quality Assurance, Engineering and Project staffs involved in computer validation projects.
Purpose
The purpose of this document is to provide guidelines on conducting Design Qualification (DQ) during the conceptual and detail design phase for the implementation of a GMP facility, process and equipment (including computerised systems) to ensure conformance to operational and regulatory expectations.
Scope
The guideline will provide the basis for conducting and documenting Design Qualification to all projects involving the introduction of, or significant change to, any facility, system or equipment that potentially impacts on product quality and is suitable for its intended purpose.
Definition
System | An organisation of engineering components that have a defined operational function (e.g. piping, instrumentation, equipment, facilities, computer hardware, computer software, etc.) |
| Impact Assessment | The process of evaluating the impact of the operating, controlling, alarming and failure conditions of a system on the quality of a product. |
| Direct Impact System | This is a system that is expected to have a direct impact on product quality. These systems are subject to qualification. |
| Indirect Impact System | This is a system that is not expected to have a direct impact on product quality, but typically will support a Direct Impact System. These systems are subject to design, installation and commissioning in accordance with GEP. |
| No Impact System | This is a system that will not have any impact, either directly or indirectly, on product quality. These systems are subject to design, installation and commissioning in accordance with GEP. |
| HAZOP | Hazard and Operability Review |
| GMP | Good Manufacturing Practice |
| URS | User Requirement Specification |
| FS | Functional Specification |
| FMEA | Failure Modes Effect Analysis |
| GEP | Good Engineering Practice |
| FAT | Factory Acceptance Test |
| SAT | Site Acceptance Test |
| DQ | Design Qualification |
Related Documents
| VAL-005 | Validation-Concept and Procedure |
| VAL-040 | Computerised Systems Validation – Overview |
| VAL-030 | Equipment Specification and Qualification |
| VAL-045 | Impact Assessment for Computerised Systems |
EHS Statement
A critical outcome of the Design Qualification is the assurance that all hazards and credible risks to Safety, Health or the Environment associated with the operation and maintenance of the facilities, systems and equipment have been adequately assessed and addressed.
1. Responsibility
It is the responsibility of the Project Manager assigned to the project to ensure Design Qualification activities are conducted and documented appropriately.
Cross-functional participants should be selected to support the activities, they should be fully aware of the objectives of the design review, their responsibilities and their required contributions. A typical list of participants may include:
a. Project Manager or Project Coordinator
b. Discipline Engineers
c. Design Representatives from contractors and suppliers
d. Representatives from Operations/ Production, Maintenance, Quality, Validation and Safety, Health and Environmental, as appropriate.
2. Approach
Compliance with both cGMP and suitability of use should be documented. DQ integrates the URS and FS and relevant design documents e.g. design specifications, in assuring that what has been designed will meet both regulatory and internal requirements. The underlying theme of assuring design compliance prior to the construction or manufacture of the facility, system or equipment is inherently logical and avoids costly errors in judgment.
The documentation of the DQ aspects of the qualification phase should be referenced in the Validation Plan or in a DQ Protocol. The actual specification documents to be reviewed and the responsibilities for both the technical and cGMP compliance review of the design should be clearly mandated.
It is crucial to start off with a User Requirement Specification (URS) for the project. It ensures that the user has defined exactly what is required, by specify operating and output requirements, any critical control requirements and any internal and regulatory standards, which may apply. All Requirement Specification documents should be approved by appropriate stakeholders including the quality group for GMP compliance, and used as primary referenced document in the design review process. See SOP VAL-030.
Once compiled, this information will provide the project team with a basis for discussions and clarification of the system through the design phase of the project and to enable functional specification to be drawn up and reviewed.
2.1. Design Qualification Process
The Design Qualification process should address the following points:
a. What will be reviewed? (Documented in Validation Plan or DQ protocol)
b. What methods or approach will be followed? (Documented in Validation Plan or DQ protocol)
c. List of documents to be reviewed and consulted (Documented in Audits report or in design review minutes)
d. List of members involved in the DQ review session (Documented in Audits report or in design review minutes)
e. Conclusions and actions required (Documented in DQ protocol)
The level of Design Qualification applied to any design should be based on a consideration of the complexity and novelty (to the user) of each system, and the impact of each system on the product quality. (See SOP VAL-045., section 3.1 and 3.2 for a list of questions assess whether an Item/Function has a “Direct or Indirect Impact” on the quality of a product/process).
Figure: System Impact Vs System Complexity / Novelty
Highly complex, “Direct Impact” system, warrant a greater degree of scrutiny than simple, familiar system of no impact.
2.2. Selecting a Design Qualification Review Method
The Project Manager or Project Coordinator will determine the most appropriate review method, based on the system impact, complexity and novelty. Below are few approaches that may be applied during the Design Qualification, but not limited to:
a. Review the Functional and Project Specifications against the URS and manufacture literature.
b. Verification of cGMP requirements are reviewed and evaluated
c. Supplier Assessment /Audit
d. Factory and or Site Acceptance Testing
e. Design Review Checklist – see Appendix 1.
f. Conduct HAZOP or FMEA – see Appendix 2 and 3 respectively.
g. Risk Assessments on Product Quality – see Appendix 4.
3. Design Qualification Reporting Process
A Design Qualification Protocol should be produced with the outcome of the review process providing evidence that the design is satisfactory and complies with cGMP and user requirements. Also it should cross reference and index all aspects of the Design Qualification process, including:
a. Minutes of all review meetings held during the design development phase.
b. Audits and assessment reports.
c. All relevant documents including User Requirement and Functional specifications.
d. Findings of the design review & risk assessment process.
e. Detail any further testing requirements, (e.g. Factory Acceptance (FAT) & Site Acceptance (SAT) Testing or during Qualification Phase).
f. List deviations, remedial actions, follow up and close out activities.
g. In addition, list constraints & assumptions made in evaluating the design (refer to individual reports).
These templates will provide the basis for completing the Design Qualification process with approval from the Quality Assurance and System Owners.
4. Appendix 1 – Design Review Checklist
A design review considers the characteristics of a good design and ensures all relevant and appropriate aspects are examined. Suggested criteria for use in assessing design are given below in two examples, but not limited to:
Example 1: General Checklist
– Design satisfies GMPs and other regulatory requirements
– Design meets performance criteria (User Requirement and Functional Specifications)
– Design considers facility airflow and pressure regimes
– Design considers process Flow – potential for product contamination
– Design considers personnel flow
– Design considers materials of construction
– Design considers cleaning requirements
– Design considers reliability & efficiency
– Design considers commissioning requirements
– Design considers equipment “constructability” and installation requirements
– Design considers maintenance & access requirements
– Design considers start-up and shut-down procedures
– Design considers safety and environmental impact
– Design considers degree of innovation
– Design considers use of “standard” solutions
– Design considers the ability to perform necessary testing (in-use or for Validation)
– Design considers process controls, monitoring and response measures
– Design considers the required documentation.
Example 2: Structured Design Review checklist
The generation of system-specific design review (structured) checklists may be necessary and will benefit both the design review and further risk assessments, below is example for a critical HVAC system.
– Will the dedicated User Areas be served by dedicated HVAC systems?
– Will the air handling system adequately cope with external and internal environmental loads?
– Will the system recirculate air?
– Will the system operate 24 hours a day, 365 days a year?
– Will the supply air supply be located in the ceiling?
– Will the exhaust air extract be located at low level?
– Will the HVAC system be interconnected with other HVAC systems?
– Will the HVAC system be adversely affected by other HVAC systems being turned off?
– Will the method of fumigation/sanitation be appropriate?
– Will the system components be constructed of suitable materials?
– Will pressure test certificates be provided for AHU’s and ductwork?
– Have the design of dampers been specified in accordance with operating requirements?
– Will there be access for test instruments? (e.g. Thermocouples)
– Have the secondary services to the HVAC been clearly specified?
– Will there be any potential hazard from discharge air?
– Will air supply HEPA filters be terminally located?
– Will air exhaust HEPA filters be located in a safe-change unit in plant room?
– Will the final filters be of the correct classification to ensure that the quality of the air entering the user areas meets specifications?
– Will the final filters be protected by lower grade filters within the systems?
– Will there be means of monitoring the performance of the filters?
– Is there a list of all the filters specifying number and type?
– Will filter housings be cleanable?
– Will filters be integrity testable?
– Will the air be temperature or humidity controlled?
– Do the specifications for temperature meet cGMP?
– Will the air temperature be monitored?
– Will the air be humidity controlled?
– Do the specifications for humidity meet cGMP?
– Will the humidity be monitored?
– Do the specifications for the number of air changes per hour meet cGMP?
– Do the specifications for the air velocities in critical areas meet the requirements of cGMP?
– Will air flow patterns/ distribution in rooms be suitable for process requirements?
– Will terminal devices produce the required air flow patterns/distribution within the rooms?
– Do the specifications for room pressure regimes meet cGMP?
– Will air pressure differentials be adequately controlled?
– Will air pressure differentials be adequately monitored?
– Will an alarm system be activated if air pressure differentials are outside limits?
– Have dust and process extracts been considered in the air balance?
– Will the critical openings be protected by interlocked doors?
– Do the specifications for the upper acceptable limit for particles of defined size meet cGMP?
– Do the specifications for the upper acceptable limit for viable organisms meet cGMP?
– Will ductwork be clearly identified?
– Are the commissioning tests clearly explained?
– Will commissioning method statements be provided?
– Are the validation tests clearly explained?
– Will all instruments be calibrated?
– Will all instruments be calibratable?
– Will calibration certificates be provided?
– Will the design facilitate maintenance?
– Will the design facilitate cleaning?
– Will as-built drawings be provided?
– Will manuals covering operation be provided?
– Will manuals covering maintenance be provided?
– Will the cleaning method be clearly specified?
The responses to these aspects should be documented in detail and a list of deficiencies, remedial actions and issues for resolution produced.
5. Appendix 2 – HAZOP
HAZOP refers to a formal and structured Hazard and Operability study. It is a systematic and detailed study following a preset agenda and involving a team with a variety of backgrounds and responsibilities. It involves an examination of the possibility and consequences of deviations from normal or acceptable conditions in an attempt to ensure all possible EHS risks and risks to product quality are foreseen and addressed.
For each operation or activity associated with the system a list of possible deviations is considered. For each possible deviation, the severity and likelihood of the deviation is assessed and, if warranted, the issue is listed as a problem to be solved. A list of keywords is used as prompts for the HAZOP team. The key words used in a HAZOP will vary depending on the nature of the system under analysis. However, if a keyword is not relevant it will take little extra time to dismiss it. Whereas, if a keyword is left out, the risk of missing a deviation is increased. Refer to section 5.2 for an HAZOP example.
5.1. Keywords
| Variable | Guide Word |
| Timing | Start too early/late, Stop too early/late, Duration, Sequence |
| Position | Too High, Too Low, Too Far, Too Close, Wrong Orientation |
| Direction | To one side, Upwards, Downwards, Reverse |
| Speed | Too Fast, Too Slow |
| Flow | High, Low, Zero, Reverse, 2 phase |
| Level | High, Low |
| Pressure | High, Low, Vacuum |
| Temperature | High, Low |
| Humidity | High, Low |
| Reaction Rate | Fast, Slow |
| Spillage | Into product, Product into other things (equipment, floor, operator), Airborne dust, Toxicity |
| Damage/Deterioration | Impact, Dropping, Vibration, Corrosion, Wear resistance |
| Quality | Concentration, Impurities, Cross Contamination, side reactions, Inspection/sampling points, Attributes defined, Test equipment available, Test equipment location. |
| Materials of Construction | Corrosion, erosion, contamination, reactions |
| Cleanliness | Cleaning, Poor hygiene, Buildup, Deterioration |
| Output | Bottlenecks, Backlogs, Rework, Unreliability |
| Stoppages | Breakage, Blockage, Jamming, Run out of feed, Rectification |
| Control | Response speed, Sensor & display location, Interlocks, E-Stops |
| Breakdown | Loss of services, room pressure, Fail-Safe response, Emergency procedures. |
| Access | Set up, Operation, maintenance, Guarding, Escape, Emergency response |
| Shutdown | Line clearance, Isolation, Purging, Reconciliation |
| Materials handling | Weight, Size, Height, Frequency |
| Startup/Commissioning | Approvals, Training, Resources, Acceptance Criteria |
| Resource use | Water, Electricity, Compressed air, HVAC |
| Safety | Injury, PPE, Emergency stations, (e.g. eyewash, etc.) |
| Environment | Segregation, GMP Grade, Humidity, Noise |
| Waste | Reject product, Oil & liquids, Packaging, Drains, Filter media. |
5.2. HAZOP Findings (sample only)
| Agenda Items 1 & 2 – Building & HVAC | |||||||||
| Item | Deviation | Cause | Effect/Consequence | Control Measure | Comment /Action | Resp. | Compl Date | Risk Rank | |
| Variable | Guide Word | ||||||||
| 1. | Temp & humidity | high | HVAC failure | Product degraded /out of specification | Alarm in InVue & Security | Confirm control measure in place | NB AM PH | TBA | 3 |
| 2. | Pressure | low | HVAC failure /Door open | Dust escapes into liquids area | Alarm in InVue & Security | Confirm control measure in place | NB AM PH | TBA | 4 |
| 3. | Materials handling | weight | Inertia | Injury or damage to building due to 300kg IBC movements | None | Assess standards. Trial IBC handling | CD BW | TBA | 5 |
| 4. | Access | Escape | Fire/spill at lab end of bay | Trapped | Escape via ‘B’ Grade corridor doors | Ensure ‘B’ grade doors openable with emergency handle | MT | TBA | 4 |
| HAZOP – Incomplete Data & Queries Record Sheet (sample Only) |
| Process: |
| ITEM | DESCRIPTION OF HAZARD | RESOLVE BY | |
| WHO? | WHEN? | ||
| 1. | Are delay timers necessary between one rapid roll door opening and the next, to ensure over pressure recovers? | ||
| 2. | Are door sensors adequate to detect all contingencies? e.g. pedestrian, pedestrian with pallet truck, forklift or IBC, forklift tines | ||
| 3. | Are variable timers necessary on open/close delay on rapid roller doors, depending on activity? | ||
| 4. | Is there an alarm should any HVAC parameters fail? (Temperature, pressure, humidity) Does this register with security. | ||
| 5. | Is zoned temperature control required for variable heat load in bays | ||
| 6. | Check MSDS for PPE requirements for HEPA filter replacement & disposal. | ||
| 7. | What is emergency response setup of rapid roller doors. Interlock disabled? All open? | ||
| 8. | Is there a warden phone in the fire hose cupboard? | ||
| 9. | How are rapid roller doors opened in case of power failure? | ||
| 10. | Does glass need to go full height between bays? | ||
| 11. | Hydraulic closures required on office/ lab/ team room doors. | ||
| 12. | Position of bin lifting column & possible HAPA to be determined | ||
| 13. | What are treatment requirements for blister machine cooling water? | ||
| 14. | Is compressed air quality adequate? | ||
| 15. | Is there compressed air over pressure protection? Is it required? | ||
| ASSUMPTIONS |
| Process: Ref: |
| ITEM | ASSUMPTION |
| 1. | Drains are adequate. |
| 2. | Services are adequate. |
| 3. | Air filters adequately rated. |
| 4. | There is an upper limit on WIT test. |
6. Appendix 3 – Failure Mode Effect Analysis (FMEA)
The principle of FMEA is to consider each mode of failure of each component in turn and determine the effects. The FMEA can be undertaken from the perspective of system operation, product quality or EHS but not all three at once. For example, a component whose failure will cause significant downtime, but has little effect on the product, will have high severity consequences for system operation but not for product quality.
The Table below is a sample Assessment.
| Function | Failure Modes | Failure Cause | Failure Detection Method | Effect of Failure | Failure Probability | Detection Probability | Severity Factor |
| One function | Several failure modes | Several causes for each mode? | Are each of these causes detectable | Consequences / severity of failure? | How probable is this failure cause? | How sure can we be of detecting the failure cause? | What level of risk does this represent? |
A (1-3) | B (1-3) | C (3-1) | AxBxC |
The severity factor score will highlight the major risks and the priority in addressing them. For example; a failure that has low severity consequences, that is unlikely to occur and has a high probability of detection has a severity factor of 1 (1x1x1). Whereas, a frequent, undetectable failure of severe consequences has a severity factor of 27 (3x3x3).
7. Appendix 4 – Risk Assessment on Product Quality
Risk Assessment on Product Quality evaluates the impact of the system on product quality on areas that have a Direct and Indirect function. The key product quality attributes to be considered are:
a. Identity
b. Safety
c. Efficacy
d. Purity
The risk assessment process allows for early actions to be implemented during the implementation phase to reduce and eliminate risk during the project life cycle.
7.1. Overall Approach
1. The first step is the determination of whether the system function or sub-function represents a risk when assessed against a series of GxP criteria. (See SOP VAL-045. section 3.1 and 3.2.)
2. Having determined that a particular function or sub- functions may have a direct and Indirect GxP associated with it, the assessment should proceed to identify the various risk scenarios. It is useful to consider for each event what is the likely effect will be (note that each event may have more than one effect).
3. For each Event consider the likelihood (frequency or probability) of it occurring. Assign a ranking to the likelihood of low, medium or high. Where the likelihood is unable to be estimated, assign a ranking of high. The GAMP4 suggested method of frequency ranking is
a. Low – The Frequency of the event occurring is perceived to be once per ten thousand transactions (1 in 10,000).
b. Medium – The Frequency of the event occurring is perceived to be once per thousand transactions (1 in 1000).
c. High – The Frequency of the event occurring is perceived to be once per hundred (1 in 100).
4. For each Event, consider the impacts that the effects may have. This includes consideration, not only of the immediate effects, but also of the long term and possibly widespread business impact, (e.g. Regulatory compliance, financial, reputation). The GAMP4 suggested method of impact ranking is:
a. Low – A minor negative impact, not expected to have long-term detrimental effects.
b. Medium – A moderate impact, expected to have short to medium term detrimental effects.
c. High – A very significant negative impact, expected to have significant long-term detrimental effects and potentially catastrophic short-term effects.
5. Assign a Risk Classification Level on the basis of the Likelihood and Business Impact as per the following table:
Figure 2: Risk Classification Level
6. Assess the Probability of Detection
a. Low – Unlikely to be detected (< 1 in 3)
b. Medium – Reasonably likely to be detected (1 in 2)
c. High – Highly likely to be detected (1 in 1).
7. Determine the Risk Priority on the basis of the Risk Classification Level and Probability of Detection as per the following table:
Figure 3: Risk Priority
8. Determine appropriate Risk Mitigation Measures based on the risk priority. Changes and modification that may be applicable, but not limited to:
a. Changes of process or system design.
b. Changes to project strategies.
c. Changes to Validation approach.
8. Summary of Changes
| Version # | Revision History |
| VAL-055 | New |