| Department | Validation/Technical Services | Document no | VAL-160 | ||
| Prepared by: | Date: | Supersedes: | |||
| Checked by: | Date: | Date Issued: | |||
| Approved by: | Date: | Review Date: | |||
1.0 DOCUMENT OWNER
Validation / Technical Services Manager
2.0 PURPOSE
To detail the Periodic Review Systems and Processes at a GMP manufacturing facility.
3.0 SCOPE
This SOP covers the validated Direct Impact Systems (including the facilities, utilities, equipment, process control systems, computer / automation systems) and Processes in production, storage and distribution of drug products in a GMP site.
4.0 RESPONSIBILITY \ BUSINESS RULES
4.1 Validation / Technical Services
Maintain a status and schedule of performed and upcoming periodic reviews.
Perform risk assessment for systems and processes.
Complete the periodic review when required.
Review and approve the periodic review report.
4.2 Engineering
Perform risk assessment for systems and processes.
Perform and complete periodic review when required.
4.3 Production
Perform risk assessment for systems and processes.
Perform and complete periodic review when required.
4.4 Quality Assurance
To review and approve all periodic review report(s).
Perform risk assessment for systems and processes.
Perform and complete periodic review when required.
4.5 Business Rules
4.5.1 Validated systems and processes should be periodically evaluated through periodic review to verify that they remain in a validated state.
4.5.2 The periodic review frequency shall be based on the results of risk assessment and/or regulatory requirements.
4.5.3 A risk-based approach can be applied to prioritise periodic review and routine re-qualification of validated systems and processes including test methods, equipment, utility and computer systems, manufacturing processes, and equipment cleaning procedures.
4.5.4 Periodic reviews shall be conducted within the time interval not to exceed 5 years.
4.5.5 In the absence of a risk-based schedule, the periodic review shall default to no more than 2 years.
4.5.6 Periodic review of validated process is not required as the evaluation of deviations, changes and process trends is covered and combined with the Annual Product Records Review.
4.5.7 The results of the periodic review shall be documented, reviewed and approved by the site validation committee.
4.5.8 The review may result in the need for additional studies (e.g. supplemental validation or revalidation).
4.5.9 For processes with systems with lower risk, a periodic review with evidence that the process or system is consistently producing product meeting its specifications fulfils the need for revalidation.
4.5.10 For system that has not been impact assessed, its impact will be assessed to determine whether the system is a direct impact, indirect or non-impact system prior to periodic review.
5.0 PROCEDURE
5.1 Periodic Review of System
A system’s first periodic review will cover the time period from the completion of the system’s most recent full validation to the review date. Subsequent reviews then cover the time period since the completion of the most recent periodic review.
During the periodic review, the following will be evaluated:
– Review of system description, including complete listing of critical subsystems / components (e.g. equipment, hardware, software).
– Review of the cumulative and/or repetitive effect of all changes (e.g. Change Controls) to include an assessment of whether further action is warranted.
– Review of all deviations (e.g. Deviations, Incidents) including frequency and reasons, to determine whether there is a trend away form the qualified state.
– Review of appropriate maintenance and calibration records (as applicable) to determine whether the system has been properly maintained.
– Review performance trending, if applicable (e.g. system logs).
– Review system against applicable regulatory, GMP and Site requirements established since the last periodic review or qualification.
5.2 Periodic Review Report
After performing a periodic review, a periodic review report should be written. This report should be reviewed and approved by the validation committee. Any corrective actions should be listed in this report and tracked to successful completion by the system owner.
A conclusion that the periodic review has determined that the system has:
– Not changed, and revalidation or remediation not required.
– Not changed, but revalidation or remediation is required to meet new standards.
– Changed, and was properly documented.
– Changed, and requires additional revalidation or remediation.
5.3 Periodic Review Frequency and Scheduling
The frequency of periodic review for direct impact systems is determined by risk assessment. The process for determining the frequency and scheduling of periodic reviews should be defined and documented in this procedure. The assignment of frequencies based on risk should be approved by the validation committee.
The risk should be based on the system requirements documentation and any system or component level impact assessments that have been previously completed. The risk assessment should be conducted jointly by representatives of the Quality Assurance and the system owner and other potential stakeholders (e.g. Engineering). As a minimum, the risk assessment should include an evaluation of the system criticality. In addition, an evaluation of the probability of an adverse event and detectability can be used to provide further justification of the level of quality risk associated with a system.
5.3.1 Low Risk Priority
Frequency of maximum 5 years. It may also be possible to justify no fixed frequency and use trending of existing systems such as change management, calibration and preventative maintenance, system security reviews and system deviations and failures.
The trigger to imitate a periodic review in this case should be clearly defined for each of the supporting systems.
5.3.2 Medium Risk Priority
Periodic review should be conducted at least every 3 years, actual frequency should be assigned and justified based on system usage.
5.3.3 High Risk Priority
Annual periodic review is recommended.
5.4 Risk Assessment Process
The risk assessment process includes the following three stages:
– System criticality / severity of impact.
– Probability of an adverse GMP / product quality event.
– Probability of detection.
– It is not necessary to conduct all three stages of the risk assessment but an assessment of the system criticality (Section 5.4.1) should be done as a minimum.
5.4.1 System Criticality / Severity of Impact
The criticality of a system is a quantitative measure of the severity of the impact of an adverse GMP / product quality event occurring in the system that would affect GMP regulatory compliance and/or the critical quality attributes of any relevant products.
When assessing the criticality of a system, the system impact on product quality may include:
5.4.1.1 Direct product contact.
5.4.1.2 Production of any excipient or ingredient.
5.4.1.3 Cleaning, sanitisation or sterilisation.
5.4.1.4 Preservation of products status.
5.4.1.5 Generation of data / records used to reject or accept product.
5.4.1.6 Control of a process without independent verification.
Based on this assessment, the criticality level of the system may be defined:
Low – minor negative impact, no direct effect on patient, no long-term GMP regulatory compliance effect.
Medium – moderate impact, possible long-term effect on patient, short to medium term GMP regulatory compliance impact.
High – very significant impact, direct and immediate effect on patient, long term GMP regulatory compliance effect.
5.4.2 Probability of an Adverse GMP / Product Quality Event
The probability is a measure of the probability of an adverse GMP / product quality event occurring. This should take into account the complexity of the system, its robustness and its frequency of use. The probability should be assigned based on an estimate of how often an adverse event would expect to occur, as below:
Low – one adverse GMP / product quality event in 10,000 operations
Medium – one adverse GMP / product quality event in 1000 operations
High – one adverse GMP / product quality event in 100 operations.
Figure 1: Risk Classification
5.4.3 Probability of Detection
The probability of detection is an indication of how likely it is that an adverse GMP / product quality event would be detected. For example, routine calibration may (depending on frequency) give a high probability of detecting that a critical temperature transformer was not functioning correctly.
Figure 2: Probability of Detection
5.4.4 Risk Priority
Based on the above considerations, an overall qualitative measure of the risk of a system can be assigned, based on the systems vulnerability to an undetected adverse GMP / product quality event that impacts GMP regulatory compliance and/or product quality.
5.5 Periodic Review of Process
Periodic review of validated process will be combined with the Annual Product Records Review as per QMS-060 Annual Product Review.
6.0 DEFINITIONS / ACRONYMS
None
7.0 REFERENCES
| QMS-060 Annual Product Review |
8.0 SUMMARY OF CHANGES
| Version # | Revision History |
| VAL 160 | New |