Fundamental Elements of 21 CFR Part 11 & GMP Annex 11

Along with providing monitoring and validation systems, we often delve into issues that arise for our customers when they are interpreting regulations and guidance. We receive many questions on 21 CFR Part 11 and Annex 11.  In this article we we offer some background and a brief overview of three focal points of both of the "Elevens"  including:  System Controls, Validation and Archiving.

It's important to note that Part 11 is a requirement in the US, whereas Annex 11, which applies to the EU, is a guidance document only. By the way, we are assured by those in the know that the "11" in the titles are  incidental. Someone please correct us if we've been misinformed!

Background:

Computerised systems — crucial to pharmaceutical, medical device, and biotechnology manufacturing and distribution operations — differ from paper-based systems and  manual systems traditionally used for creating and archiving records are becoming rare. 

This is (partly) why the FDA and EMA  created 21 CFR Part 11 and Annex 11. But the real basis for of "the elevens" is to ensure that the quality and safety of drugs and biologicals do not suffer as a result of computerized systems replacing a manual system.  

 Annex 11 states:

"Where a computerized system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process." 

The FDA similarly says that the purpose of Part 11 is to make sure electronic records are: 

"...trustworthy, reliable, and generally equivalent to paper records."

The FDA's statement entails the fact that for generations, paper records were all we had to depend upon to ensure that processes and conditions that preserved the safety and quality of drugs were performed properly. 

Both Part 11 and Annex 11 remind us of the importance of safety, and address the need to set up standards to make ink and electronic or digital signatures equivalent in their effect.

Controls: Human Readable, Unmodifiable, Authorized 

Both Part 11 and Annex 11 include the following elements: 

• Validation

• Human Readable Copies

• Protection and retention of records

• Audit trails

• Restricted access for authorized users only

• Authority checks

• Device checks

• Training

• Written procedures

• System documentation

One glimpse at the list shows that each is in some part a method for controlling the function and outputs of a system. 

In 21 CFR Part 11  "Controls for Closed Systems" states: 

(b) "The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review and copying by the agency."

The fact that there is a specific regulation regarding human-readable copies demonstrates how far technology has evolved.  It would be hard today to imagine a user-friendly system that did not allow for the printing of documents and data.   

For most monitoring systems, the records of interest are the actual historical monitoring values.  And  creating a human-readable copy likely means that historical data and event logs may be printed out in a secure format.

In 21 CFR Part 11 (e) in "Section 11.10 - Controls for Closed Systems we read: 

"Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying."

In terms of your environmental monitoring  applications, this simply means that, in order for your records to comply, the electronic records (data and events) cannot be manually modifiable or deletable.

In addition, the Audit Trail of your system needs to capture any changes to metadata (schedules and report templates) and configuration data without obscuring earlier entries.   If your system doesn’t allow any changes to values once recorded, it complies with those sections of both Part 11 and Annex 11.

As a closed system, your monitoring system needs to limit access to only "authorized individuals." That's item (d) in Section 11.10 of Part 11. Typically this means that all who have access to the system have a distinct username and secure password. Often a system will integrate with your OS authentication to leverage commonly used, pre-existing password management tools. 

Validation: Prove it Works & Document your proof

With regard to validation, Part 11 lays out the need for validation in the first item of Section 11.10: "Controls for Closed Systems":

(a) "Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records."

In Annex 11, the "Project Phase" section covers validation in  eight fairly brief, fairly straightforward points: 

Use risk assessment to justify standards, protocols, acceptance criteria, procedures and records

Use correct change control documentation practice to report deviations

Keep an Inventory of your computerised systems with descriptions, interfaces, processes, software and hardware

Use risk assessment to assess the GMP impact of User Requirements Specifications 

Audit suppliers’ Quality Management Systems

Validation of computerised systems covers the entire life-cycle of the system 

Document testing 

Validate data transfers

We see that Annex 11 is more explicit in recommendations for validation. 

Archiving: Validated, Secure, Accessible

The protection and retention of records, as described in Part 11's Section 11.10 (c) means that whatever data your system produces, it may not be altered.  In addition, to meet the requirement of "ready retrieval throughout the records retention period," your data needs to be archived in a way that it can be conveniently accessed – you don’t want to make an auditor wait, 

If you store the data permanently within your database, the database should be designed in such a way system's performance should not degrade as the database grows over time.  How you meet this requirement of 21 CFR Part 11 may have as much to do with the design of your system as it does with your system administration policies around archival.

In Annex 11 under “Data Storage” it is recommended that data be securely stored, and backed up BOTH physically and electronically and regularly checked for accessibility, readability and accuracy.  Annex 11 also mentions is the need to validation data restoration abilities of the system. 

Part 11 and Annex 11 were introduced to address the key differences between computerized and manual systems and make electronic records equivalent to paper records as evidence of quality process execution. Today, most environmental monitoring systems used in GxP compliant firms are inherently aligned with the requirements of both the "Elevens." However, the risk comes not from the systems themselves, but in how they are implemented and maintained. 

Although your monitoring system probably included User and Administrator manuals and CDs that are fairly easy to integrate into your Document Management System, the procedures that control documentation are still your responsibility.  As good as your monitoring system may be (and, if you have a Vaisala system, it's awesome!), only the procedures of your Quality System keep you in compliance with Part 11/Annex 11. 

We didn't cover Electronic Signatures because that's a specialized software function. Specialty enterprise software exists for implementing Electronic Signatures within an Electronic Document Management System (EDMS).  For Vaisala's monitoring solution, we use a "hybrid" system, which means it uses electronic records combined with handwritten signatures, wherein the PDF outputs can be imported into and EDMS. 

FDA's First Draft Guidance Under DSCSA

On June 10th, the long-awaited first draft guidance under the DSCSA was released by the FDA. For those holding high expectations that the guidance would offer specific direction on how to handle suspect/illegitimate products internally, you may come away feeling a little shortchanged. However, in the past, the FDA has come under scrutiny for using guidance to replace rule making, since this requires legislative involvement, so the lack of detail in the draft may be an effort to make room for flexibility that industry felt they weren’t getting before.

Whatever the intent, the draft guidance does provide some learning opportunities and also a very subtle call to action. I recently spoke with David Colombo and Dawn Wang with KPMG Life Sciences Advisory to find out what can be learned from this draft and where we go from here.

What We Can Learn:

As stated on page four of the Draft Guidance for Industry: Drug Supply Chain Security Act Implementation: Identification of Suspect Product and Notification, the document is “intended to aid trading partners (manufacturers, repackagers, wholesale distributors, or dispensers) in identifying a suspect product and terminating notifications regarding illegitimate product.” Since these terms and their definitions were already defined in the legislation, it would seem that the other piece to be provided would be how a company would investigate and handle them. This is a major area where the draft falls short. There is no detail around what these internal processes should look like; however, this is where Colombo and Wang say this room for interpretation should encourage action on behalf of all trading partners.

Dave Colombo, KPMG Life Sciences Advisory

In most organizations, the quality group will already have standard operating procedures (SOPs) outlining the internal processes around product investigations, complaints, “suspect” or “illegitimate” products, as well as corrective and preventative action (CAPA) responses. Matching terms used in these existing processes with those used in the regulation allows a company to then assess which definitions need edited in order to align with the FDA’s terms and definitions. “If an organization hasn’t formally established terms that align with the definitions provided under the DSCSA, then those need to be addressed. In the case that terms have been established, they will need to be reviewed to ensure that any overlaps or conflicts in the interpretation can be addressed,” says Colombo.

“As an example, in the past, an organization may use different SOPs to respond to stolen versus counterfeit products. Under the DSCSA, the definition of suspect and illegitimate can apply in cases identified across various SOPs and will now require standard ways of quarantining, reporting, and dispositioning of the product,” adds Wang about the draft and the process it outlines for reporting illegitimate products through the new Form 3911, which must occur no later than 48 hours after determining that a product is indeed illegitimate. “Fortunately, the guidance provides some clarity to the piece on notifying and reporting to authorities, if not to the piece on the coordination with trading partners. The nature of relationships with trading partners, though, is quite different than that with authorities, so it may be good to keep the definition of business relationship processes out of scope of the guidance. Organizations are starting with baseline SOPs to build off of and will just need to examine the elements of the law and guidance to make sure they are all tied in.” Part of updating these procedures includes making sure that outdated pedigree legislation is not mentioned in any existing SOPs. This would include state laws that were preempted by the passing of the DQSA, or soon-to-be-outdated legislation, such as the Prescription Drug Marketing Act (PDMA), which is going to be sunsetted as of January 1st, 2015.

Not only is it important to identify the definition of a “suspect” and “illegitimate” products (which is done in the legislation itself), but it’s also important to be aware of situations when there is a heightened risk for a suspect product to enter the pharmaceutical supply chain. While it is stated it is not an exhausted list, the draft guidance does offer possible scenarios industry should be aware of when: engaging with trading partners and product sourcing that put the product at risk; dealing with a product that is vulnerable based on its supply, demand, history, and value, and/or a product that has suspicious form or packaging.

What We Still Need To Know:

As indicated in the legislation, the suspect product must be put in quarantine to prevent it from being shipped. Once this is done, the first step is to make sure the expiration date on the product and the relevant transaction data, which is the transaction associated with the lot number, have the right association. As previously stated, the company must provide these materials within 24 hours or a maximum of 48 (if the notification of verification request occurred over the weekend) and then complete an investigation and report the results to the FDA. If you’ve determined the product does not actually seem to be suspect, when can the quarantine end and shipping resume? While this is not clearly identified in the draft, Wang says having the lot-level data at your fingertips will allow for a quicker investigation, which should reduce the amount of time any product is under quarantine. “The intent of the requirements on product verification within the law is to make lot-level product date more readily available in order to aid stakeholders to identify or clear suspect and illegitimate product. With this data, stakeholders should be able to more accurately define the impact of the suspect or illegitimate product, and reduce the amount of time a product sits in quarantine.”

Also, many questions still swarm around what should happen if an illegitimate product is found. Does the entire lot have to go back to the manufacturer, does it all have to be destroyed, or does a company just continue what they would do in the situation of a theft or a counterfeit? Like any draft guidance, the FDA is soliciting comments from interested stakeholders for 60 days from the date of publication. It is through these comments where good discussions and thoughts may drive an industry standard, even if the FDA doesn’t necessarily do something tangible with those that are submitted. Additionally, keeping an eye on information coming from organizations, such as the Healthcare Distribution Management Association (HDMA) or the Pharmaceutical Distribution Security Alliance (PDSA), may prove beneficial if the FDA coordinates behind the scenes efforts with these organizations to fill in the gaps through suggested best practices. “Most stakeholders understand that the FDA, industry associations, and standards organizations have different roles and areas of expertise when it comes to defining requirements versus issuing technical guidance or implementation methods. Industry stakeholders will apply the requirements to specific scenarios that are applicable to them. One example of this is that HDMA is planning to release its interpretation of the types of transaction scenarios that occur in the distribution chain, and what data elements are required to be sent and received in each of those cases,” explains Wang.

Although the ambiguity of the guidance leaves many unanswered questions, the fact that the FDA is allowing stakeholders to develop their own processes should be embraced as something positive. A trust is building between the industry and the regulators that has resulted in some level of independence, and it’ll be interesting to see how this develops as the remaining milestones in the DQSA play out over the next 9 ½ years. Not just domestically but internationally, we are attempting to take back the supply chain from the vulnerability it’s been exposed to for so long and protect the patients who trust us to do. The commitment from the FDA to release the guidance this month as promised (even if it is a little late) shows that the effort is well underway.

Read More...

Marriage of Biology and Chemistry through ADC

The development of an antibody drug conjugate (ADC) represents a marriage between the disciplines of biology and chemistry. The creation of an ADC involves a combination of bioprocess manufacturing techniques with traditional synthetic chemistry skills to make the small molecule part, then conjugating it to the biologic. SAFC has positioned its ADC manufacturing within its large molecule plant in St Louis, rather than housing it in a small molecule facility. This gives the advantage of having the knowledge in handling biologics, as well ready access to the expertise and extensive tool kit required for analytical characterisation capabilities to manufacture and test a complex biologic. Apart from the manufacturing challenges, ADCs pose interesting questions in the regulatory arena. As the biologic and the HPAPI can both be considered to be active ingredients, they both need to be characterised and produced according to GMP rules before they are brought together in the final, conjugated molecule that is delivered as a therapeutic. 

In addition to specifications for release testing, a more extensive set of analytical tests is needed to characterise the conjugate. This involves looking at the purity and potency of the small molecule component, linker, and the large molecule – typically a monoclonal antibody, although some novel drug conjugates are using alternative scaffolds. It also means looking at any process or product-related impurities that might be brought into the process from either of these components, or created during the conjugation process itself. Clearly, a multidisciplinary team will be required to assemble all the necessary analytical and other data and documentation for filing and review.

Product considerations:

Current ADC manufacturing technology relies on creating an active site on the antibody, and an active site on the small molecule drug via a linker, before the two are covalently coupled. There are two well-developed platforms for covalently coupling active sites. Seattle Genetics uses cysteine-based linker chemistry to create ADCs. This was used to create brentuximab vedotin (Adcetris), which is marketed in collaboration with Takeda to treat lymphoma. ImmunoGen’s linker chemistry is based on lysine; this is the technology behind trastuzumab emtansine (Kadcyla), which was developed and is sold by Roche.

Seattle Genetics and ImmunoGen both have numerous other products in internal development, as well as through collaboration or licences with partners.

However, neither method is perfect. Each of these chemistries gives a heterogeneous population of ADCs; in other words, the number of HPAPI molecules and their location on the biologic varies from one conjugate to the next. So a product may have a drug antibody ratio of 4, which is a key attribute in terms of potency, but there will actually be a Gaussian distribution of the amount of payload drug that is loaded onto the antibody molecules across the entire population of ADCs. This is a concern for the regulatory authorities, as they prefer well-characterised drug substances. So while the overall manufacturing processes may be reproducible when they are well controlled, the result will still always be a heterogeneous population of ADCs.

Newer technologies that give more reproducible results are now starting to enter development. Current pipelines largely rely on the SeaGen and ImmunoGen technologies that have already been validated in the clinic and by commercial approval, and this is likely to continue for the next decade as those products move through the pipeline. But in the future, conjugation techniques that are more site-specific will become increasingly important because of their ability to produce a more tightly controlled product distribution.

However, with the two current technologies, there are moves to improve reproducibility. In particular, it is important to control the stoichiometry of the reactions. Drug-antibody ratio is, clearly, one key aspect that needs to be controlled, representing a measure of the potency of the molecule. This can be achieved, to some extent, by keeping a tight rein on the stoichiometry of the initial reaction that is used to develop reactive sites on the antibody, and subsequently driving complete coupling of the drug-plus-linker moiety to the antibody. Controlling the availability and accessibility of these conjugation sites on the antibody is key to reducing variability.

Once the ADC has been formed, it is important to be able to characterise it carefully. Analytical techniques have evolved significantly in recent years, and it is now possible to characterise the site of the attachment of the antibody to the payload using mass spectrometry. A fully characterised distribution and heterogeneity of the ADC population is something the regulators are increasingly looking for in terms of proof that the process delivers the correct product in a reproducible manner.

Product-related impurities can also be minimised through careful control of the reaction conditions, which also helps ensure controlled activation of the protein scaffold for a well-defined range of accessible sites. Aggregation can be a particular problem, as aggregated proteins appear to be related to immunogenicity and other potentially adverse clinical reactions. They therefore represent a particular focus for the regulators. The tendency towards aggregation can be minimised by careful control of process conditions such as ionic strength, temperature and pH. Chromatographic techniques are increasingly being used to remove any aggregates that form.

In terms of the design of the manufacturing facility, there are two conflicting requirements that must be balanced. One is the containment of the HPAPI in terms of maintaining the safety of the personnel handling the materials; the other is ensuring appropriate environmental controls are in place to guarantee the quality and safety of the product being manufactured. Yet requirements for environmental classifications and room pressurisations are the exact opposite of each other.

When handling potent materials, it is crucial that they are contained within that space, so operating within a negative pressure environment is preferable. But in terms of handling the bulk drug substance – the ADC – a higher level of cleanliness is necessary to protect the product, and particles must be prevented from coming into the room. This implies a need for positive pressure.

These two conflicting requirements can be balanced to a great extent by segregating some of the unit operations. In SAFC’s new commercial facility, the design includes a separate room where the weighing and dissolution of the HPAPI takes place. This enables highly hazardous steps being contained within an isolator in a room that is under negative pressure, minimising the risk of cross contamination. In contrast, the filling of the drug substance into bulk packaging is carried out in a separate space under positive pressure to provide the necessary protection to the product itself. In addition to the appropriate room classifications, the facility has a single-pass, unidirectional airflow.

Future developments:

Containment requirements are set to become ever more stringent in future, with novel payloads being developed that have an even higher potency than the HPAPIs that are used to make ADCs today. Engineering design and control must be able to cope with the future direction of manufacturing demands, meeting increasingly stringent safety and containment requirements so that more potent payloads can be handled safely.

There is also a growing interest in alternative scaffolds. Those ADCs that are on the market and in late-stage clinical trials today rely on monoclonal antibodies as the targeting portion, but Fab fragments, bi-specific antibodies and other types of protein scaffold are all garnering interest. As additional product types enter the clinical pipeline, there is the potential for more widespread use of ADCs to deliver active molecules other than cytotoxics in diseases and conditions other than cancer, or even as diagnostics.

ADCs as a field of therapeutics is still very much in its infancy. Regulatory agencies are demanding further information and documentation to support product filings, and a good deal of learning is still underway, both among the regulators and at the pharma companies and manufacturers that are pushing these products forward.

There is a concerted effort to consider all quality and control aspects of every single component of the ADC – the biologic, the HPAPI and even the linker. The linker is more than just the ‘glue’ that holds the ADC together – it has significant impact in terms of the drug’s mechanism of action and the delivery of the payload into the cell, and quality must not be ignored here, either.

Fundamentally, regulators want to ensure that the company making the ADC fully understands its manufacturing process. Gone are the days when all drugs were simple, small molecules, whose quality was straightforward to establish. With biological products, especially those that are as complex as ADCs, the manufacturing process is a critical part of the product itself. With the implementation of the ICH guidelines for biologics manufacturing, there is a push for full-process understanding much earlier in a product’s development life cycle. Adequate information and control of all aspects of the production process are essential if the demands of the regulators are to be met.

FDA Guidance :Contract Manufacturing Arrangements for Drugs: Quality Agreements

Last year, FDA published its draft guidance, officially titled “Contract Manufacturing Arrangements for Drugs: Quality Agreements”. Here are some of the highlights.

First, a Quality Agreement between a Sponsor and Contract Manufacturer has never been, nor is it now, explicitly required by FDA regulations. However, responsibilities and procedures of the each company’s respective Quality Units are required to be documented, so a Quality Agreement that outlines the responsibilities of each company is a logical next step. Note that “Contract Manufacturer” refers to any Contracted Facility that provides some or all manufacturing services, including processing, packing, labeling, holding, or testing.

In Europe, Sponsors (or, in the vernacular of the draft guidance, “Owners”) can outsource the final product release/rejection of finished goods for distribution. In the US, sponsors always assume this responsibility and cannot delegate or outsource it.

Because Contracted Facilities often provide services to multiple Sponsors, FDA advises that special consideration be given to reporting information about objectionable conditions.  Sponsors may wish to require that their Contracted Facilities make them aware of manufacturing deficiencies that may impact their products, even if the deficiencies were observed during an inspection of another Sponsor’s product.  (Note, our consultants also suggest that the Quality Agreement require that a Contracted Facility notify its Sponsor whenever the FDA inspects the facility.  The name of the inspected product and its Sponsor would be kept confidential, but this reporting of inspections tells a Sponsor how often FDA visits the site.)

FDA acknowledges that processes can change at both Sponsor and Contracted Facility companies for a variety of legitimate reasons, so communicating changes between the two companies should be discussed in the Quality Agreement. Examples include additional products brought into the line/facility, changes to key personnel and suppliers, and changes resulting from stability studies, process improvement projects, investigations into manufacturing deviations, out-of-specification results, customer complaints, recalls, or adverse event reports.

Finally, a Quality Agreement does not exempt Contracted Facilities from CGMP compliance. Regardless of the allocation of responsibilities in the Quality Agreement, the Contracted Facility cannot essentially agree to manufacture under non-CGMP conditions. Both companies could be held responsible – the Contract Manufacturer for the non-compliance, and the Sponsor for lack of oversight. FDA provided a few examples:

The Contracted Facility receives a Warning Letter for deficient maintenance of facilities and equipment. The Quality Agreement specifies the Sponsor is responsible for this, yet the Owner has failed to provide the requisite resources or carry out the necessary upgrades and maintenance, and the Contracted Facility has continued to operate under non-CGMP conditions. (Possible course of action: the Contracted Facility could bear the costs of modifying operations in order to maintain CGMP compliance, and then seek redress from the Sponsor later.)

Batch records do not match the manufacturing process of adding reclaimed powder, but the Contracted Facility claims that this is just as the Sponsor specified. (Possible course of action: the Contracted Facility could refuse to carry out the additional manufacturing step without including it in the batch record).

The draft guidance concludes by noting that “Owners and Contracted Facilities can draw on quality management principles to carry out the complicated process of contract drug manufacturing by defining, establishing, and documenting the responsibilities of all parties involved in drug manufacturing, testing, or other support operations.”

By Laurie Meehan, Polaris Compliance Consultants, Inc.

Categories of Bio-Medical Waste

---------------------------------------------------------------------------------

Option         Waste Category                     Treatment & Disposal                                                                                 

--------------------------------------------------------------------------------

Category No. I Human Anatomical Waste

               (human tissues, organs, body parts) incineration@/deep burial*

Category No. 2 Animal Waste

               (animal tissues, organs, body parts carcasses, bleeding parts, fluid,         incineration@/deep burial*

               blood and experimental animals used in research, waste generated

               by veterinary hospitals colleges, discharge from hospitals, animal

               houses)

Category No 3 Microbiology & Biotechnology Waste

               (wastes from laboratory cultures, stocks or specimens of micro-                  local autoclaving/micro-organisms live or attenuated vaccines,                    human and animal cell waving/incineration@culture used in research                and infectious agents from research and industrial laboratories,                  wastes from production of biologicals,toxins, dishes and devices                  used for transfer of cultures)

Category No 4  Waste sharps

               (needles, syringes, scalpels, blades, glass, etc. that may cause                  disinfection (chemical treat-puncture and cuts. This includes both                used and unused sharps)ment@01/auto claving/micro-                                waving and mutilation/shredding"

Category No 5 Discarded Medicines and Cytotoxic drugs

               (wastes comprising of outdated, contaminated and discarded                         inc ineratio n@/destruct ion and medicines)drugs disposal in                     secured landfills

Category No 6  Solid Waste

               (Items contaminated with blood, and body fluids including cotton,

               dressings, soiled plaster casts, lines, beddings, other material        incineration@

               contaminated with blood)                                             autoclaving/microwaving

Category No. 7 Solid Waste

               (wastes generated from disposable items other than the waste                       shaprs disinfection by chemical such as tubings, catheters,                       intravenous sets etc). treatment@@ autoclaving/                                  microwaving and mutilation/shredding##

Category No. 8 Liquid Waste

                (waste generated from laboratory and washing, cleaning, house-                    disinfection by chemical keeping and disinfecting                                ctivities) treatment@@ and discharge into drains.

Category No. 9 Incineration Ash

               (ash from incineration of any bio-medical waste)                                   disposal in municipal landfill

Category No. 10 Chemical Waste

               (chemicals used in production of biologicals, chemicals used in                   chemical treatment@@ and disinfection, as insecticides,                           etc.)discharge into drains for liquids and secured landfill for                    solids

---------------------------------------------------------------------------------

@@ Chemicals treatment using at least 1% hypochlorite solution or any other equivalent chemical reagent. It must be ensured that chemical treatment ensures disinfection.

## Multilation/shredding must be such so as to prevent unauthorised reuse.

@ There will be no chemical pretreatment before incineration. Chlorinated plastics shall not be incinerated.

* Deep burial shall be an option available only in towns with population less than five lakhs and in rural areas.

SCHEDULE II

(see Rule 6)

COLOUR CODING AND TYPE OF CONTAINER FOR DISPOSAL OF BIO-MEDICAL WASTES

Colour Conding	Type of Container -I Waste Category	Treatment options as per Schedule I
Yellow	Plastic bag Cat. 1, Cat. 2, and Cat. 3, Cat. 6.	Incineration/deep burial
Red	Disinfected container/plastic bag Cat. 3, Cat. 6, Cat.7.	Autoclaving/Microwaving/ Chemical Treatment
Blue/White translucent	Plastic bag/puncture proof Cat. 4, Cat. 7. Container	Autoclaving/Microwaving/ Chemical Treatment and destruction/shredding
Black	Plastic bag Cat. 5 and Cat. 9 and Cat. 10. (solid)	Disposal in secured landfill

Big Data Meets Measurement in Manufacturing

Big Data Meets Measurement in Manufacturing by Lucky Saggi

Big Data headlines not only tech news but also popular news—as in what’s the government doing with all the information it’s storing about us. Big Data comprises just a twig compared with the fullgrown oak that Big Analog Data can generate. National Instruments Fellow Tom Bradicich mentioned twice in separate interviews during NIWeek last month that all of the analog data acquired from manufacturing and products—a.k.a. the Internet of Things (IoT)—dwarfs what is currently known as Big Data.

Keep Your Document Control System in Control

Document control is always an interesting topic for discussion.  It seems like a simple topic and area for compliance, but I often run into companies with document control systems that are overly complicated and difficult to manage.  Many companies separate document control for quality system procedures/processes from other types of change control.  In reality, document control is one element of the overall change control and records management requirements.  There are many procedures, formats, tools, and/or styles for managing quality documents and records.   Let’s take a look at how these key activities are related and why we should focus on implementation of strong change control processes within the quality systems — rather than just a document control process.

As you look at the various regulations and/or standards like 21 cfr (210, 211, 820, 600, etc.), ISO (9001, 13485, etc.), EU, JPAL, etc., they all require document and change control/management.  Additionally, 21 cfr 11 describes the FDA requirements for the use and management of electronic records.

We are all familiar with the standard document control pyramid. The diagram below reminds us of the relationship between documents and records within the Quality Management System.

You can see from this diagram that there are many types of Quality System documents you could generate.  I strongly recommend that you “right size” your procedures and records to assure compliance and simplicity for the organization. 

• Determine the relationship between the various documents and which ones meet the needs of your specific business. 
• The regulations/standards identify the minimal procedures that are actually required to meet the defined requirements. 

The following list was extracted from the ISO 13485 standard

• 4.2.3 Control of documents
• 4.2.4 Control of records
• 6.4 Work environment
• 7.3.1 Design and development planning
• 7.4.1 Purchasing process
• 7.5.1.2.3 Servicing activities
• 7.5.2.1 Validation of processes for production and service provision —
• General requirements
• 7.5.2.2 Particular requirements for sterile medical devices
• 7.5.3.1 Identification and traceability — Identification
• 7.5.3.2.1 Identification and traceability — Traceability
• 7.5.5 Preservation of product
• 7.6 Control of monitoring and measuring devices
• 8.2.1 Monitoring and measurement — Feedback
• 8.2.2 Internal audit
• 8.3 Control of nonconforming product
• 8.4 Analysis of data
• 8.5.1 Improvement — General
• 8.5.2 Corrective action
• 8.5.3 Preventive action

• You do not need a work instruction/procedure for every activity in your operation.  Create these additional documents if they help the employees perform the operations/tasks or assure higher level of quality.   
• Keep it simple.

There is specific information that should be addressed as you implement the document/record/change control system:

1. Document identification/number system – develop a simple but intelligent number system.  I have seen everything from basic sequential numbering (1, 2,3,etc.) to extremely long alpha/digit numbers with built in intelligence.  I recommend something that is meaningful and simple for the employees to understand and find documents.

• Revision control – identify how the employee knows they are using the correct version of the SOP.  There are many approaches including, but not limited to, alpha characters, numbers, and date codes, to name a few.
• Purpose – why are you generating the procedure? If you can’t explain why you are writing the document in a couple of sentences, maybe you should think about whether or not it is really needed. 
• Scope – what/who is impacted by this procedure.  There are times a procedure is not applicable to all functions/sites.  This is a great time to identify what is or isn’t included in the scope of the process.
• Definitions – this is really a tricky area.  I prefer a stand-alone glossary of terms, rather than building them into the procedure.  Putting all definitions/terms into a glossary document assures consistency in how terms are used.
• Roles and responsibilities – You may choose to use the RACI (Responsible, Accountable, Consult, Inform) model to identify what roles different functions have in the process. Another option is to call out cross functional  and or interrelationship responsibilities.
• Records – it is always good practice to identify the records generated as a result of the procedure. 
• Procedure – this is the actual process being documented.  There are many forms/formats for writing the procedures.  A process flow diagram may work and be more effective than a 14-page document.  Select the format that best meets the process and is easy to demonstrate compliance.

Procedures and records can usually be distributed into three major buckets:

• Product – those documents that support the design and development of products.  These records make up the Design History File (DHF) and serve as the master record for how the product was designed.
• Process – those documents that support the manufacturing, procurement, and/or operations of the organization.  These records make up the Device Master Record (DMR) and serve as the master record/recipe for how a particular product is manufactured.
• Quality System – these documents define the activities and processes necessary to support the quality system requirements. These procedures do not normally impact product design or manufacturing operations.

Implementing an effective document/record control system requires a simple change control process. The FDA is taking a much closer look at planned changes in relation to product and process design.  Unplanned changes are normally documented as deviations and should be included in the evaluation of nonconformances, as a feeder to the CAPA systems.    

There is no requirement to have a separate change control system for each type of document.  One simple process can be established to support all types of changes.  Evaluation of changes should use a risk approach based on major/minor types of change.  The risk based definitions must be included in your procedures and should be determined on specific business needs.  Administrative changes (typo, wording clarification, page numbers etc.) must be addressed but do not require the same level of scrutiny or evaluation.  A good rule of thumb to use when evaluating change is the impact of the change on the form, fit, or function of the product/activity. 

I have seen change processes implemented in many different ways.  I recommend one basic process to address all types of change, rather than individual change processes.  You can develop one process flow and form to support all areas of the quality system.  The following table gives you an example of how you might establish a risk based approach to change control with one process:

Change Control
	Product	Process	Quality System	Administrative
Requirements	X	X	NA	NA
Risk Assessment	X	X	NA	NA
Product Verification	X	X	NA	NA
Product Validation	X	X	NA	NA
Training	X	X	X	NA
Process validation	X	X	X	NA
Process Risk Assessment	X	X	X	NA

There are several very effective automated tools on the market that could be considered to support the document/record/change control processes.  The key is to have thought through how you want the processes to work, map out a plan for implementation, validate that the tool meets your business needs and requirements, educate the organization on how the system works and why key decisions were made.

I strongly recommend defining user needs and requirements for the document/record/change control electronic tool prior to purchasing.  Having a defined procedure and process will facilitate the selection activity.  Identify those functions/features the system MUST have versus those that would be NICE to have.  Build a table of these requirements and ask the various suppliers to address your needs.  Each system/tool will have key features and benefits  Knowing what your business needs and wants before making the selection will make the implementation much more effective.

In summary,

• Document/record control is one of the main cornerstones for a successful quality management system.
• It is critical that you establish the document/record/change process and controls as simply and clearly as possible.  Make it easy for the employees to understand and use.
• Change control should be simple and risk based.
• Automation is great – as long as you are clear about what you are automating and how it needs to work for your business.