250 likes | 468 Views
Developing a Risk Based Approach to Validation for Life Sciences. Presented by Bill Gargano March 20, 2012. Topics. Core Definitions Categorizing risks and their respective plans Reduce Testing in a Risk Based Environment Developing a “How To ” Guide Developing documentation standards
E N D
Developing a Risk Based Approach to Validation for Life Sciences Presented by Bill Gargano March 20, 2012
Topics • Core Definitions • Categorizing risks and their respective plans • Reduce Testing in a Risk Based Environment • Developing a “How To” Guide • Developing documentation standards • Differentiating tasks that will reduce time and effort • Impacting strategies for maintenance • Optimizing the Validation Plan
When and Why? As far back as August 2002 the Food and Drug Administration (FDA) urged an industry change creating a Quality Systems Framework. • Encourage implementation of risk-based approaches that focus both industry and Agency attention on critical areas • Ensure that regulatory review, compliance, and inspection policies are based on state-of-the-art pharmaceutical science
Core Definitions • Hazard – Potential source of harm; condition that can cause harm or lead to a mishap • Harm, mishap – Injury or death to persons, damage to property or the environment, or damage to or loss of data • Risk – Combination of the probability, severity, and the likelihood of that harm • Hazard Analysis - A technique used to identify conceivable failures affecting system performance, human safety, or other required characteristics. • Risk Analysis - Systematic use of available information to identify hazards and to estimate the risk • Risk Assessment - An overall process comprising a risk analysis and a risk evaluation • Risk Evaluation - Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context based on the current values of society • Risk Management – Bringing all of the above together in one process
The Risk Based Approach High • The risk based approach tailors the level of validation activity to the increased complexity or increased impact of the system. Activities Impact Low Complexity High
Justification • Test the areas pose the greatest risk to product quality and patient safety • Overall validation costs are reduced and efficiency is increased • Identify all relevant systems that require validation • Determine how to validate, and the extent of validation required, for the systems that have been identified
Biz Considerations Identifying, evaluating, controlling, and mitigating risk may allow for: • Shorter development cycle • More robust product/process • Fewer complaints, returns, and warranty claims • Fewer recalls and less subsequent agency attention • Continuous improvement of Risk Assessment techniques and practices
TOC Total Cost of Ownership using a Risk Based Methodology is lowered. • Better predictability for Time to Market • ROI based Risk strategies result in almost 99% defect free validated applications • Overall knowledge domain of staff increased by utilizing specialized skill sets and testing methods • Better software quality – reduction in help-desk calls • Consolidation of the enterprise testing infrastructure • A reduction of up to 20% in the Cost of Quality, as defects are identified and corrected earlier in the process
Why? How / where to initiate a RBV approach? • Start a new corporate initiative • Enhance and establish a standard or FRAMEWORK for Risk • Perform a part 11 risk assessment to identify remediation targets • Develop a new manufacturing process • Determine the extent of validation needed for new applications
Existing Models • FTA – Fault Tree Analysis • FMEA – Failure Mode and Effects Analysis • FMECA - Failure Mode and Effects Criticality Analysis • NIST Special Publication 800-30– Government standard for use with IT systems (National Institute of Standards and Technology) • MIL-STD-882D – Used by DoD • ISO – Standards • HACCP – Hazard Analysis and Critical Control Point -Standard for food products • GAMP 5 – European voluntary standard, pharma automation
Assign Ratings Severity /Detectability/Likelihood How severe can the problem be? How easy is the problem able to be detected? What is the likelihood that this problem will occur?
Risk Priority Number • Assign Risk Priority Number (RPN) • Taking into consideration the severity of the risk, the likelihood of the risk occurring, and the detectability of that risk as it is occurring, a risk priority number can be calculated using the formula: Severity x Likelihood x Detectability = RPN • RPN also referred to as a Risk Index (RI)
FMEA Rankings Ranking Rating Criteria 1 Low Minor negative impact, no long- term detrimental impact 2 Moderate Moderate negative impact, some short-to medium-term detrimental impact 3 High Very significant negative impact, significant long-term effects and potentially catastrophic short-term impacts
Risk Classification Assign Risk Classification • Having assigned the likelihood and business impact, use a matrix to classify the risk • Level 1 is highest • Level 3 is lowest
Risk Mitigation Determine Appropriate Measures for Risk Mitigation • By combining Risk Classification with Probability of Detection, prioritize based upon those areas of greatest vulnerability • Modify process or system elements • Modify project strategy • Modify validation approach • Eliminate risk
Example: Vendor Assessment Increasing Costs Increasing Controls
Example: CSV Validation Increasing Costs Increasing Documentation
Where to Start and Challenges • Assess current Risk Model : • Look at standards, validation procedures, previous RA, governance • Establish NEW Risk Model: • Work with client to pinpoint areas of highest concern (Mfg, Lab, Clinical) • Begin with current RCM Framework and modify to client needs • QA: • Need to gain acceptance from this group in a non-threatening way • Typically set in their ways – culture change • “We have a model already”: • Is everyone following that model? • What savings have you seen? In other words, is it working?
Questions Thank you