In this two-part blog series, we delve into the critical realm of commissioning and qualification (C&Q) in life sciences. We begin with the rationale behind C&Q. Then, we outline a risk-based framework for integrating the different lifecycle phases of C&Q, offering best practice examples for each phase. Finally, we highlight the pivotal role of digitalization in optimizing C&Q processes.
Why Are We Talking About C&Q?
Understanding the significance of commissioning and qualification (C&Q) is crucial for several reasons. It's a universal regulatory expectation that pharma manufacturing facilities, systems, and equipment meet stringent criteria for suitability. C&Q is instrumental in establishing the fitness of these elements for their intended purposes, helping you meet this expectation.
An integrated approach to C&Q ensures coordination and synchronization between your commissioning and qualification activities, enhancing regulatory compliance and product safety. The ISPE Baseline Guide: Commissioning and Qualification (Second Edition) adjoins the terms commissioning and qualification (C&Q), highlighting the need to unify these activities in a science- and risk-based lifecycle approach. The concepts put forth in the Guide drive the strategies and best practices outlined in this blog series.
C&Q Phases and Best Practices
Full lifecycle management comprises five stages: requirement, design, verification, quality decision, and operation, as shown in Figure 1. Each phase plays a crucial role in ensuring the final product's or system's safety, efficacy, and compliance. While full lifecycle management is a broader consideration, let's focus here on phases one through four, which is what C&Q is all about.
Figure 1: The suggested framework for the risk-based implementation of integrated C&Q.
Phase One: Requirement Phase
Phase one is the Requirement Phase, where the user's expectations for systems, equipment, or utilities are defined. It consists of several key elements and activities:
- Intended purpose: This involves clearly stating why the system is needed. For example, if the system is a piece of manufacturing equipment, the intended purpose could be to increase production efficiency. The intended purpose provides a foundational understanding of the project, guiding stakeholders in the development and implementation process.
- Verifiable form: Verifiable requirements are described in a tangible, measurable form, allowing for objective assessment and validation. These requirements are specific, quantifiable, and testable. For example, instead of stating a vague requirement like "the system should be user-friendly," a verifiable requirement would specify measurable criteria such as "the system shall have a maximum response time of three seconds for user inputs."
- Requirement category: This involves categorizing requirements by type (e.g., user, quality, safety, business, environmental, etc.). Categorization allows stakeholders to prioritize and address them systematically.
- Requirement source: Identifying the origin of each requirement involves documenting where the requirement came from, e.g., user needs, regulatory standards, stakeholder input, etc. Understanding the source of requirements ensures they are relevant and aligned with stakeholder expectations.
- Data integrity: Data integrity requirements specify how data should be handled to maintain accuracy, consistency, and reliability throughout the system lifecycle. Adherence to data integrity requirements is crucial for regulatory compliance.
- Data storage and display: Defining requirements for data presentation involves specifying how data should be stored, organized, and displayed within the system interface. Clear requirements ensure that data is presented in a user-friendly and meaningful manner, facilitating effective decision-making and user interaction.
- Critical alarms: Identifying necessary alarm functionalities involves determining the types of alarms and alerts essential for system operation and user safety. Critical alarms notify users of abnormal or potentially hazardous conditions, prompting timely action to mitigate risks. Requirements for critical alarms may include specifications for alarm thresholds, prioritization, escalation procedures, and alarm response protocols.
- System automation: Outlining the desired level of automation involves defining the extent to which the system should operate automatically without manual intervention. This includes specifying automation features such as automatic data logging, process control, error detection and recovery, and decision-making algorithms. System automation requirements aim to improve efficiency, consistency, and reliability while reducing the need for human intervention.
Phase One Best Practices
When developing the URS, it's essential to understand the product being manufactured and the processes involved. This includes identifying the critical quality attributes (CQAs) of the product that must be met and the critical process parameters (CPPs) that affect product quality. By thoroughly understanding these critical aspects, you can ensure that the equipment and systems being commissioned and qualified will meet the necessary standards and specifications.
Other best practices include:
- Ensure compliance with regulatory requirements: Incorporating relevant regulatory requirements into the URS is critical. This may include adherence to regulations such as FDA 21 CFR Part 11 for electronic records and signatures or other industry-specific guidelines.
- Include quantity, range, and accuracy specifications: The URS should specify quantitative requirements for the commissioned systems or equipment. This includes production capacity, operational ranges, and accuracy tolerances. By clearly defining these specifications, you provide a clear benchmark for system performance and ensure that the commissioned systems meet the necessary production demands within specified parameters.
- Refer to engineering and industry standards: Standards such as those from ASTM, ASME, or ISO provide guidelines and best practices for system design, operation, and maintenance. By referencing these standards in the URS, you ensure that the commissioned systems adhere to recognized industry norms, enhancing reliability, interoperability, and safety.
- Obtain the quality team's approval for source documents: By getting approval for source documents, such as engineering specifications or industry standards, from the quality unit upfront, you streamline the review and approval process for the URS. This saves time and ensures that all stakeholders are aligned on the requirements, reducing the likelihood of delays or discrepancies during later stages of the project.
System Classification and System Risk Assessment
Between phase one (the Requirement Phase) and phase two (the Design Phase) lies the crucial stage of system classification and system risk assessment.
System classification categorizes systems as direct or non-direct impact using a simple question-and-answer model. A comprehensive risk assessment is essential for direct impact systems, considering every possible scenario that could affect product quality. This assessment involves identifying, assessing, and recording quality risks to CQAs and determining preventive and design controls. The involvement of stakeholders, including users, engineers/maintenance personnel (if not a user), process engineers, vendors, and sometimes quality representatives, is important in this process.
The system risk assessment should be conducted after concept design completion but before detailed engineering begins. This ensures that you address risks before finalizing design drawings and specifications. If the assessment identifies inadequate controls, revisions to the user requirements specification (URS) may be necessary to incorporate additional safeguards.
Phase Two: Design Phase
Phase two of the integrated C&Q approach involves two critical elements: design review (DR) and design qualification (DQ). According to ISPE, "DR confirms design meets organization and regulatory requirements and is aligned with organization best practices. DQ reviews critical design elements (CDEs) and confirms controls are appropriately designed."
Let's explore both activities in greater detail.
Design Review
The design review is a systematic evaluation of specifications, design development, and continuous improvement. It ensures that the design aligns with standards and requirements and identifies problems for corrective action. The design review evaluates both critical and non-critical aspects of system design. Following the review, documented results serve as the basis for design modifications. When properly executed, DRs minimize the need for expensive design-related change orders.
Critical steps in the DR process include designating a design review lead; forming a design team; defining the scope and boundaries of the review; conducting the review of design requirements against design documents (or drawings or specs); summarizing design review activities and resolving gaps, evaluating the summary; and obtaining approval.
Design Review Best Practices
- Add a quality unit rep to the design review team for systems with direct quality impact.
- Involve vendors in design reviews for complex systems to ensure alignment with expectations.
- Cover both engineering design (operability, maintainability, safety) and quality design (compliance, critical aspects).
Design Qualification
Design qualification verifies that the design of a new or modified direct impact system meets user requirements and adequately controls quality and safety risks. It begins with identifying the scope and requires three inputs: the system URS, the design review report, and design documentation. The next step is to verify that the CDEs and quality and regulatory requirements have been met. The process concludes with obtaining approval for the design qualification.
Design Qualification Best Practices
- Assign a project manager to oversee prerequisites, including the URS, design documents, and document review.
- Divide design qualification into stages for larger projects to expedite the process and meet timelines.
The ISPE Baseline Guide states, "DR and DQ are not intended to be separate activities, but rather separate documentation. There should be minimal duplication of work; the final report from the design review is a key input into the design qualification process."
C&Q Planning is a Regulatory Expectation
Before we can advance to phase three (Verification), C&Q planning must occur. Your C&Q plan should include the following five activities:
- Define the scope of testing: Determine the extent and parameters of testing required for the system, considering factors such as system classification, risk assessment outcomes, and user requirements.
- Identify source documents: Compile and reference all relevant documents, including the URS, risk assessment reports, design drawings, specifications, vendor correspondence, standard operating procedures (SOPs), change control documentation, execution documents, discrepancies or deviations records, and turnover packages (TOPs). Access to these source documents ensures that C&Q activities are done correctly and consistently.
- Appoint a project manager: Designating a project manager is crucial for overseeing and coordinating various aspects of the C&Q project.In complex C&Q projects, multiple project managers may be assigned to specific tasks or phases, such as factory acceptance testing (FAT), installation verification, and qualification phases, to ensure effective management and timely completion.
- Define documentation: Identify the required deliverable documents, establish protocols for document creation, review, approval, distribution, and retention, and ensure compliance with regulatory standards and project requirements. Document types may include protocols, reports, standard operating procedures, change control records, and other relevant documentation for documenting C&Q activities and outcomes.
- Create a signatory matrix: A signatory matrix clarifies roles and responsibilities regarding document review, approval, and sign-off within the C&Q project team. By defining roles upfront, the signatory matrix streamlines document workflows, minimizes delays, and fosters effective communication and collaboration among project stakeholders.
A good C&Q plan ensures the thorough preparation, documentation, and coordination essential for successfully executing commissioning and qualification activities. It's also a regulatory expectation!
Up Next ...
In Part Two, we explore phases three (Verification) and four (Quality Decision), reveal more best practices, and discuss leveraging technology for more efficient, cost-effective, and compliant C&Q projects.
Note: This blog series is based on the “Best Practices in Commissioning and Qualification" webinar hosted by Saurabh Joshi, Director of Industry Solutions at ValGenesis. For a deeper dive into this topic, watch the webinar.