I don’t like the term validation deviation, preferring to use discrepancy to cover the errors or failures that occur during qualification/validation, such as when the actual results of a test step in a protocol do not match the expected results. These discrepancies can arise for various reasons, including errors in the protocol, execution issues, or external factors.
I don’t like using the term deviation as I try to avoid terms becoming too overused in too many ways. By choosing discrepancy it serves to move them to a lower order of problem so they can be addressed holistically.
Validation discrepancies really get to the heart of deciding whether the given system/process is fit-for-purpose and fit-for-use. As such, they require being addressed in a timely and pragmatic way.
And, like anything else, having an effective procedure to manage is critical.
Validation discrepancies are a great example of building problem-solving into a process.
ASTM E2500, the Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment, is intended to “satisfy international regulatory expectations in ensuring that manufacturing systems and equipment are fit for the intended use and to satisfy requirements for design, installation, operation, and performance.”
The ASTM E2500 approach is a comprehensive framework for specification setting, design, and verification of pharmaceutical and biopharmaceutical manufacturing systems and equipment. It emphasizes a risk- and science-based methodology to ensure that systems are fit for their intended use, ultimately aiming to enhance product quality and patient safety.
Despite its 17-year history, it is fair to say it is not the best-implemented standard. There are still many unrealized opportunities and some major challenges. I don’t think a single organization I’ve been in has fully aligned, and ASTM E2500 can feel aspirational.
Key Principles
Risk Management: The approach integrates risk management principles from ICH Q8, Q9, and Q10, focusing on identifying and mitigating risks to product quality and patient safety throughout the lifecycle of the manufacturing system.
Good Engineering Practices (GEP): It incorporates GEP to ensure systems are correctly designed, installed, and operated.
Flexibility and Efficiency: It strives for a more flexible and efficient organization of verification activities that can be adapted to each project’s specific context.
Regulatory agencies expect drugmakers to persuade them that we know our processes and that our facilities, equipment, systems, utilities, and procedures have been established based on concrete data and a thorough risk assessment. The ASTM E2500 standard provides a means of demonstrating that all of these factors have been validated in consideration of carefully evaluated risks.
What the Standard Calls for
Four Main Steps
Requirements: Define the system’s needs and critical aspects. Subject Matter Experts (SMEs) play a crucial role in this phase by defining needs, identifying critical aspects, and developing the verification strategy.
Specification & Design: Develop detailed specifications and design the system to meet the requirements. This step involves thorough design reviews and risk assessments to ensure the system functions as intended.
Verification: Conduct verification activities to confirm that the system meets all specified requirements. This step replaces the traditional FAT/SAT/IQ/OQ/PQ sequence with a more streamlined verification process that can be tailored to the project’s needs.
Acceptance & Release: Finalize the verification process and release the system for operational use. This step includes the final review and approval of all verification activities and documentation.
Four Cross-Functional Processes
Good Engineering Practices (GEP): Ensure all engineering activities adhere to industry standards and best practices.
Quality Risk Management: Continuously assess and manage risks to product quality and patient safety throughout the project.
Design Review: Regularly reviews the system design to ensure it meets all requirements and addresses identified risks.
Change Management: Implement a structured process for managing system changes to ensure that all modifications are appropriately evaluated and documented.
Applications and Benefits
Applicability: The ASTM E2500 approach can be applied to new and existing manufacturing systems, including laboratory, information, and medical device manufacturing systems.
Lifecycle Coverage: It applies throughout the manufacturing system’s lifecycle, from concept to retirement.
Regulatory Compliance: The approach is designed to conform with FDA, EU, and other international regulations, ensuring that systems are qualified and meet all regulatory expectations.
Efficiency and Cost Management: By focusing on critical aspects and leveraging risk management tools, the ASTM E2500 approach can streamline project execution, reduce time to market, and optimize resource utilization.
The ASTM E2500 approach provides a structured, risk-based framework for specifying, designing, and verifying pharmaceutical and biopharmaceutical manufacturing systems. It emphasizes flexibility, efficiency, and regulatory compliance, making it a valuable tool for ensuring product quality and patient safety.
What Makes it Different?
ASTM E2500
The more traditional approach
Testing Approach
It emphasizes a risk-based approach, focusing on identifying and managing risks to product quality and patient safety throughout the manufacturing system’s lifecycle. This approach allows for flexibility in organizing verification activities based on the specific context and critical aspects of the system.
Typically follows a prescriptive sequence of tests (FAT, SAT, IQ, OQ, PQ) as outlined in guidelines like EU GMP Annex 15. This method is more rigid and less adaptable to the specific needs and risks of each project.
Verification vs Qualification
The term “verification” encompasses all testing activities, which can be organized more freely and rationally to optimize efficiency. Verification activities are tailored to the project’s needs and focus on critical aspects.
Follows a structured qualification process (Installation Qualification, Operational Qualification, Performance Qualification) with predefined steps and documentation requirements.
Role of Subject Matter Experts
SMEs play a crucial role from the start of the project, contributing to the definition of needs, identification of critical aspects, system design review, and development of the verification strategy. They are involved throughout the project lifecycle.
SMEs are typically involved at specific points in the project lifecycle, primarily during the qualification phases, and may not have as continuous a role as in the ASTM E2500 approach.
Integration of Good Engineering Practices
Offers greater flexibility in organizing verification activities, allowing for a more efficient and streamlined process. This can lead to reduced time to market and optimized resource utilization.
While GEP is also important, the focus is more on the qualification steps rather than integrating GEP throughout the entire project lifecycle.
Change Management
It emphasizes early and continuous change management, starting from the supplier’s site, to avoid test duplication and ensure that changes are properly evaluated and documented.
It emphasizes early and continuous change management, starting from the supplier’s site, to avoid test duplication and ensure that changes are properly evaluated and documented.
Documentation
Documentation is focused on risk management and verification activities, ensuring compliance with international regulations (FDA, EU, ICH Q8, Q9, Q10). The approach is designed to meet regulatory expectations while allowing for flexibility in documentation.
quires extensive documentation for each qualification step, which can be more cumbersome and less adaptable to specific project needs.
Opinion
I’m watching to see what the upcoming update to Annex 15 will do to address the difficulties some see between an ATSM E2500 approach and the European regulations. I also hope we will see an update to ISPE Baseline® Guide Volume 5: Commissioning and Qualification to align an approach.
ISPE Baseline® Guide Volume 5
ATSM E2500
Design inputs Impact assessment Design Qualification Commissioning Multiple trial runs to get things right IQ, OQ, PQ, and acceptance criteria GEP Scope and QA Scope overlapped Focused on Documentation Deliverables Change Management
Design inputs Design Review Risk Mitigation Critical Control Parameters define Acceptance Criteria Verification Testing Performance Testing GEP Scope and QA Scope have a clear boundary Process, Product Quality and Patient Safety Quality by Design, Design Space, and Continuous Improvement
To be honest I don’t think ATSM E2500, ISPE Guide 5, or anything else has the balance just right. And your program ends up being a triangulation between these and the regulations. And don’t even bring in trying to align GAMP5 or USP <1058> or…or…or…
And yes, I do consider this part of my 3-year plan. I look forward to the challenges of a culture shift, increased SME involvement, formalization of GEPs (and teaching engineers how to write), effective change management, timely risk assessments, and comprehensive implementation planning.
Risk management plays a pivotal role in validation by enabling a risk-based approach to defining validation strategies, ensuring regulatory compliance, mitigating product quality and safety risks, facilitating continuous improvement, and promoting cross-functional collaboration. Integrating risk management principles into the validation lifecycle is essential for maintaining control and consistently producing high-quality products in regulated industries such as biotech and medical devices.
We will conduct various risk assessments in our process lifecycle—many ad hoc (static) and a few living (dynamic). Understanding how they fit together in a larger activity set is crucial.
In the Facility, Utilities, Systems, and Equipment (FUSE) space, we are taking the process understanding, translating it into a design, and then performing Design Qualification (DQ) to verify that the critical aspects (CAs) and critical design elements (CDEs) necessary to control risks identified during the quality risk assessment (QRA) are present in the design. This helps mitigate risks to product quality and patient safety. To do this, we need to properly understand the process. Unfortunately, we often start with design before understanding the process and then need to go back and perform rework. Too often I see a dFMEA ignored or as an input to the pFMEA instead of working together in a full risk management cycle.
The Preliminary Hazard Analysis (PHA) supports a pFMEA, which supports a dFMEA, which supports the pFMEA (which also benefits at this stage from a HAACP). Tools fit together to provide the approach. Tools do not become the approach.
Design and Process FMEAs
DFMEA (Design Failure Mode and Effects Analysis) and PFMEA (Process Failure Mode and Effects Analysis) are both methodologies used within the broader FMEA framework to identify and mitigate potential failures. Still, they focus on different aspects of development and manufacturing.
DFMEA
PFMEA
Scope and Focus
Primarily scrutinizes design to preempt flaws.
Focuses on processes to ensure effectiveness, efficiency and reliability.
Stakeholder Involvement
Engages design-oriented teams like engineering, quality engineers, and reliability engineers.
Involves operation-centric personnel such as manufacturing, quality control, quality operations, and process engineers.
Inputs and Outputs
Relies on design requirements, product specs, and component interactions to craft a robust product.
Utilizes process steps, equipment capabilities, and parameters to design a stable operational process.
Stages in lifecycle
Conducted early in development, concurrent with the design phase, it aids in early issue detection and minimizes design impact.
Executed in production planning post-finalized design, ensuring optimized operations prior to full-scale production.
Updated When
Executed in production planning post-finalized design, ensuring optimized operations before full-scale production.
The design qualification phase is especially suitable for determining risks for products and patients stemming from the equipment or machine. These risks should be identified during the design qualification and reflected by appropriate measures in the draft design so that the operator can effectively eliminate, adequately control, and monitor or observe them. To identify design defects (mechanical) or in the creation of systems (electronics) on time and to eliminate them at a low cost, it is advisable to perform the following risk analysis activities for systems, equipment, or processes:
Categorize the GMP criticality and identify the critical quality attributes and process parameters;
Categorize the requirements regarding the patient impact and product impact (for example, in the form of a trace matrix);
Identify critical functions and system elements (e.g., the definition of a calibration concept and preventive maintenance);
Investigate functions for defect recognition. This includes checking alarms and fault indications, operator error, etc. The result of this risk analysis may be the definition of further maintenance activities, a different assessment of a measurement point, or the identification of topics to include in the operating manuals or procedures.
Additional risk analyses for verifying the design may include usability studies using equipment mock-ups or preliminary production trials (engineering studies) regarding selected topics to prove the feasibility of specific design aspects (e.g., interaction between machine and materials).
Too often, we misunderstand risk assessments and start doing them at the most granular level. This approach allows us to right-size our risk assessments and holistically look at the entire lifecycle.
I often get asked why I moved from a broader senior role in Quality Management to a particular but deep role in Quality Engineering and Validation. There are many answers, but the biggest is that validation is poised for some exciting shifts due to navigating a complex validation landscape characterized by rapid technological advancements, evolving regulatory standards, and the development of novel therapies. Addressing these challenges requires innovation, collaboration, and a proactive approach to risk management and data integration. Topics near and dear to me.
Today’s Challenges in Biotech Validation
1. Rapid Technological Advancements
The biotech industry is experiencing rapid technological advancements such as AI, machine learning, and automation. Integrating these technologies into validation processes can be challenging due to the need for new validation frameworks and methodologies.
2. Regulatory Compliance
Maintaining compliance with evolving regulatory standards is a significant challenge. Regulatory bodies like the FDA continuously update guidelines for technological advancements.
3. Complexity of New Therapies
Developing novel therapies, such as cell and gene therapies, introduces additional complexity to the validation process. These therapies often require redesigned facilities and equipment to accommodate their sensitive and sterile nature. Ensuring sterility and product quality at each process stage is crucial but challenging.
4. Data Management and Integration
Managing and integrating vast amounts of data has become challenging with the increasing use of digital tools and platforms. Effective data management is essential for predictive modeling and risk management in validation processes. Organizations must adopt robust data analytics and machine learning tools to handle this data efficiently.
Validation processes often require collaboration among various stakeholders, including validation teams, developers, and regulatory bodies. Ensuring real-time communication and data sharing can be challenging but is essential for streamlining validation efforts and aligning goals.
6. Resource Constraints
Smaller biotech companies, in particular, face resource constraints regarding funding, personnel, and expertise. These constraints can hinder their ability to implement advanced validation techniques and maintain compliance with regulatory standards.
Adopting a risk-based approach to validation is essential but challenging. Companies must identify and mitigate risks throughout the product lifecycle, which requires a thorough understanding of potential risks and effective risk management strategies.
Let’s Avoid the Term Validation 4.0
Let’s avoid the 4.0 term. We are constantly evolving, and adding a current ‘buzziness’ to it does no one any favors. We are shifting from traditional, paper-heavy validation methods to a more dynamic, data-driven, and digitalized process. Yes, we are leveraging modern technologies such as automation, data analytics, artificial intelligence (AI), and the Internet of Things (IoT) to enhance validation processes’ efficiency, flexibility, and reliability. But we don’t need buzziness, we just need to give it some thought, experiment, and refine.
I recently got asked what a medical device component manufacturer’s validation requirements are. Here is my answer.
Component manufacturers play a crucial role in the medical device industry by producing various parts and components for proper functioning and assembly. Here are some key expectations and responsibilities of component manufacturers in the medical device sector:
Quality and Precision Manufacturing: Medical device components often require high precision, accuracy, and quality to ensure patient safety and device efficacy. To meet these demanding standards, component manufacturers must adhere to stringent quality control measures, utilize advanced manufacturing techniques, and maintain strict tolerances.
Regulatory Compliance: The medical device industry is heavily regulated, and component manufacturers must comply with relevant regulations and standards set by governing bodies like the FDA, ISO, and others. This includes maintaining proper documentation, implementing quality management systems, and ensuring traceability of materials and processes.
Material Selection and Biocompatibility: Many medical device components come into direct contact with the human body or bodily fluids. Consequently, component manufacturers must carefully select biocompatible, non-toxic, and suitable materials for the intended application. They must also ensure proper sterilization and packaging to maintain sterility.
Design and Engineering Support: Some component manufacturers offer design and engineering services in addition to manufacturing to assist medical device companies in developing new components or optimizing existing ones. This collaboration helps ensure that components meet specific performance, functional, and regulatory requirements.
Supply Chain Management: Component manufacturers must have robust supply chain management systems to ensure the timely delivery of components to medical device manufacturers. This includes maintaining adequate inventory levels, managing logistics, and minimizing disruptions in the supply chain.
Yes, component manufacturers in the medical device industry are expected to validate their manufacturing processes to ensure the components they produce meet specified requirements and perform as intended.
Regulatory bodies like the FDA require that components critical to the safety and performance of medical devices be produced through validated processes. This helps ensure that components consistently meet quality standards.
Component manufacturers must perform Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) on their manufacturing equipment and processes.
Validation requirements apply to finished components and raw materials, sub-components received from suppliers, and any processes involved in producing the component. Traceability of validation activities throughout the supply chain is essential.
The level of validation required depends on the component’s criticality and risk to the final medical device. More stringent validation is expected for higher-risk components that directly contact the patient or are essential for device safety and efficacy.
The component manufacturer must maintain validation documentation such as protocols, test reports, and traceability matrices and provide it to the medical device company upon request for review and auditing purposes.
Investigations of a Dog 