Bauer and Meissner shared their experiences with the implementation of Annex 1 in reference to Chapter 4 and Annex 11 based on new developments within the field. They highlighted the expectations from a successful contamination control strategy implementation and on data driven manufacturing processes and quality oversight.
Quality risk management may not begin without first developing a validation strategy. It is important to align the extent of the validation with the complexity of the system and any dependencies that may exist with suppliers irrespective of the type of service; on premise or hosted.
For risk assessments to be effective, it is important to have a clear process with the right team composition having the appropriate qualifications. It is also important to ensure all system elements are evaluated and how the risk analysis feeds into the validation. As with most risk assessments, there are likely to be some residual risks from critical components which need to be managed. Ultimately, it is all about understanding and analyzing the business process and its impact on patient safety, product quality and data integrity.
In general, data integrity needs to be part of the organizational culture and established prior to validation and not just an element of the risk analysis. The ALCOA++ principle is helpful (attributable, legible, contemporaneous, original, and accurate but also complete, consistent, enduring, and available). There must be clarity of the data flow with data governance to direct and control data over the life cycle. Clear roles and responsibilities in data integrity are essential with clarity in data formats in systems whether paper, electronic or hybrid. Note data should be in an integer format to allow the reconstruction and verification of results.
Data may be used to further develop and optimize processes.
Data may be used to further develop and optimize processes. The meta data related to good manufacturing practices (GMP), e.g. who, when, what, may be used to gather useful process information and user behavior and not least when interfacing with incident management, change management and risk management.
A model may be constructed to replace a process when there is a justification for doing so. The model and training (validation) data must be clearly described and representative but at the same demonstrate independence of the test data from the training (validation) data. As with all models, the planning, performance and testing documentation are important. These models are of particular interest when reconstructing false positive or false negative decision making. They can help when performing an impact analysis and when interfacing with incident management, change management and risk management.
There is a lot of data that is collected for sterile manufacturing processes. Examples of the type of data collected are listed below:
- Monitoring of environmental room conditions, e.g. temperature, relative humidity, particulate, microbiology
- Monitoring of process data: e.g., autoclave, depyrogenization tunnel, vial washing, filling lines, inspection
- Monitoring of raw material quality
- Monitoring of water for injection (WFI)
- Maintenance data of equipment: Validation of sterilization processes
- Performance data of process (key performance indicators, corrective action and preventive actions, critical quality attributes)
- Media fill results
- Pharmaceutical quality system related data; e.g., deviations, change control, risk management
- Monitoring of personnel, clean room behavior, access, and more
The environmental monitoring program relies heavily on data with the word “data” mentioned numerous times in Annex 1 in Sections 9.4 to 9.12. The same applies to the establishment of a water monitoring program referenced in Section 6.13, and the need for a sterilization program referenced in Section 8.35. The establishment of a visual inspection program in Section 8.3, and the basis of a batch release in Section 10.10, are further examples of where data is referenced repeatedly.
The concept of a contamination control strategy (CCS) was introduced in the revised Annex 1 and is referenced in Section 2.5 as follows:
“The development of the CCS requires detailed technical and process knowledge. Potential sources of contamination are attributable to microbial and cellular debris (e.g. pyrogen, endotoxin) as well as particulate (e.g. glass and other visible and sub-visible particles).”
The process knowledge and trending of process-related data forms the basis of the CCS lifecycle management and there are three important questions that particularly relevant:
- What systems does one have in place to control the process?
- How does one use the systems to facilitate a state of control?
- How will someone be warned prior to losing a batch or when one has lost control?
In summary, all GMP process steps contain data and data should not be collected only because it is a requirement. The focus needs to be on extracting as much information as possible to build up the knowledge and therefore understanding of the process. Data must not just be considered when operational, but during the process design and lifecycle of the asset; either to control the process and associated risks, or when optimizing the process.
Disclaimer
This is an informal summary of a presentation on 10 December 2024 at the 2024 ISPE Pharma 4.0™ and Annex 1 Conference in Rome, Italy. It has not been vetted by any of the agencies or regulators mentioned in this article, nor should it be considered the official positions of any of the agencies mentioned.
