Maintaining Process Control System Validation - PowerPoint PPT Presentation

1 / 20

About This Presentation

Title:

Maintaining Process Control System Validation

Description:

Plan for validation before you specify ... You have a bookcase full of development documents, manuals, and completed protocols ... – PowerPoint PPT presentation

Number of Views:81

Avg rating:3.0/5.0

Slides: 21

Provided by: steve1507

Category:

more less

Transcript and Presenter's Notes

Title: Maintaining Process Control System Validation

1
Maintaining Process Control System Validation

Its validated now what?

Chris Roerig VAI Automation, Inc. The JETT
Consortium
2
Topics

What is a Validated Control System?
The SOP Umbrella
Important Places
Managing People (Training and Security)
Coping with Change
Periodic Reviews

3
What is a Validated Control System?

Validation is a state, not a task
To get to there
Establish approved user requirements
Plan for validation before you specify
Continually align approved specs with system
features throughout development
Prove document-to-system alignment in
commissioning and qualification

4
What is a Validated Control System?

Now that Im here where am I?
Your name and system description are in the site
Master Validation Plan
You have a bookcase full of development
documents, manuals, and completed protocols
You have an installed control system that QA (and
the FDA) will let you use
You have ongoing validation responsibilities

5
What is a Validated Control System?

When a validated control system gets out of
control it stops being validated
How do you know youre in control?
You have approved and controlled Standard
Operating Procedures (SOPs)
Your SOPs are being followed
Your SOPs cover all the right stuff

6
The SOP Umbrella

Operation and Maintenance
Operation (normal and emergency)
System Maintenance
Calibration
User Training and Records
System Administration
Computer Hardware Database Administration
Computer Security Administration
Issue Reporting and Tracking
Periodic Review

7
The SOP Umbrella

Electronic Records Electronic Signatures
21 CFR Part 11 Interpretation and Compliance
Data Backup Restore, Archive, Retention, Purge
Control of Electronic Signatures
Output (e.g., reports, logs, and recipes)
Controls
Protection
Physical Access Protection
Site Security and Visitor Control
Key Control
Business Continuity (Disaster Recovery)
Change Control

8
The SOP Umbrella

System Specifics
Operation and Maintenance
Training Requirements and Materials
System Backup Restore, Re-build
Data Backup Restore, Purge
System Administration
Periodic Review
Recommend covering system specifics in manuals
and/or consolidated system SOPs

9
Important Places

Transition from Chaos to Control
Wheres the latest PLC software?
Whos got the maintenance manual?
Where do I put this completed change control
form?
How do I get a user account?
Dont we have an offsite repository somewhere?
Whos got the keys to this cabinet?

10
Important Places

Documents and Data
System Documentation Repository
System Backup Repository
Data Backup Repository
Offsite Repository (backups)
Procedures and Forms Repository

11
Important Places

Facilities and Ancillary Equipment
Offline Development Facilities (programming
terminals)
Training Facilities (simulations?)
Spare Parts Repository
Maintenance Facility (calibration equipment, PM
supplies, repair manuals, tools)

12
Managing People

Training its not a one-time thing!
Identify roles (Operators, Supervisors,
Administrators, etc.)
Define training experience according to role
Use self-directed training if possible
If formal training classes are required, provide
for interim apprenticeship or trainee status
Leverage user account administration to limit
system access to qualified individuals

13
Managing People

Access Security - user accounts
Yes, they must be individual and role-based
Periodic account review is required
Establish reasonable policies for account
technical and procedural controls
Document user account administration with Access
Request, Qualification Summary, and
Responsibility Acknowledgement forms
Leverage site control mechanisms if possible

14
Managing People

Access Security chain of custody for data
Use event-based authorization (its not as bad as
you think) to prevent open terminals
Supplement accounts with physical access security
(controlled keys) and paper login where
necessary
Dont neglect instrument, transmitter, I/O, and
terminal connection (i.e., power network)
security but dont go nuts either

15
Coping with Change

Changes come from
Processing Emergencies (newly discovered
undocumented features, misunderstandings)
Imposed rationalization (service packs, virus
definition updates, obsolescence)
User Wish Lists
Internalize the truth you are not immune
Tuning and calibration are changes
Changing a register or attribute is a change
Updating virus definitions is a change
All changes must be backed up

16
Coping with Change

Configuration Management
Change control must be expeditious
Modularity is a must
Consolidate and isolate dynamic system properties
(e.g., parameter and variables)
Formal reporting, prioritizing, planning, and
tracking helps restore order

17
Coping with Change

Dont forget the documents!
Change control qualification should include
re-verification of document-to-system alignment
Match modular logic with modular documentation
and consolidated parameters with document tables
Segregate document sections for easy update
Write IQ/OQ protocols in reusable formats so
they can be leveraged in change control

18
Periodic Reviews

Change control? Prove it!
Yearly detailed system inventory and evaluation
(e.g., re-execute IQ key parts of OQ)
For critical systems, supplement with monthly or
quarterly quick-check reviews
Current backup files exactly match installed
files
Each Change Control form produced a backup

19
Periodic Reviews