Developing eResearch: Challenges and Possibilities for the Social Sciences
Developing a Risk Based Approach to Validation for Life Sciences
description
Transcript of Developing a Risk Based Approach to Validation for Life Sciences
Developing a Risk Based Approach to Validation for Life Sciences
Presented by Bill GarganoMarch 20, 2012
Core Definitions Categorizing risks and their respective plans Reduce Testing in a Risk Based Environment Developing a “How To” Guide Developing documentation standards Differentiating tasks that will reduce time and
effort Impacting strategies for maintenance Optimizing the Validation Plan
Topics
As far back as August 2002 the Food and Drug Administration (FDA) urged an industry change creating a Quality Systems Framework.
• Encourage implementation of risk-based approaches that focus both industry and Agency attention on critical areas
• Ensure that regulatory review, compliance, and inspection policies are based on state-of-the-art pharmaceutical science
When and Why?
• Hazard – Potential source of harm; condition that can cause harm or lead to a mishap
• Harm, mishap – Injury or death to persons, damage to property or the environment, or damage to or loss of data
• Risk – Combination of the probability, severity, and the likelihood of that harm
• Hazard Analysis - A technique used to identify conceivable failures affecting system performance, human safety, or other required characteristics.
• Risk Analysis - Systematic use of available information to identify hazards and to estimate the risk
• Risk Assessment - An overall process comprising a risk analysis and a risk evaluation
• Risk Evaluation - Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context based on the current values of society
• Risk Management – Bringing all of the above together in one process
Core Definitions
RISK MANAGEMENT Ask questions – Apply the process
Risk Analysis What COULD go wrong?IDENTIFY what could go wrong
Risk Evaluation How bad is it?Estimate the:SEVERITY – LIKELIHOOD - DETECTABILITY
Risk Control Can the situation be improved?Take preventive or corrective actions
Post Production Info What have we LEARNED from this?Check and review actual results!
Risk Management
• The risk based approach tailors the level of validation activity to the increased complexity or increased impact of the system. Im
pact
ComplexityActi
vities
High
Low High
The Risk Based Approach
Activities Involved in Risk
• Test the areas pose the greatest risk to product quality and patient safety
• Overall validation costs are reduced and efficiency is increased
• Identify all relevant systems that require validation
• Determine how to validate, and the extent of validation required, for the systems that have been identified
Justification
Identifying, evaluating, controlling, and mitigating risk may allow for:– Shorter development cycle– More robust product/process– Fewer complaints, returns, and warranty claims– Fewer recalls and less subsequent agency
attention– Continuous improvement of Risk Assessment
techniques and practices
Biz Considerations
Total Cost of Ownership using a Risk Based Methodology is lowered.
– Better predictability for Time to Market– ROI based Risk strategies result in almost 99% defect free
validated applications– Overall knowledge domain of staff increased by utilizing
specialized skill sets and testing methods– Better software quality – reduction in help-desk calls– Consolidation of the enterprise testing infrastructure– A reduction of up to 20% in the Cost of Quality, as defects are
identified and corrected earlier in the process
TOC
How / where to initiate a RBV approach?– Start a new corporate initiative– Enhance and establish a standard or FRAMEWORK for
Risk– Perform a part 11 risk assessment to identify
remediation targets– Develop a new manufacturing process– Determine the extent of validation needed for new
applications
Why?
• FTA – Fault Tree Analysis• FMEA – Failure Mode and Effects Analysis• FMECA - Failure Mode and Effects Criticality
Analysis• NIST Special Publication 800-30 –
Government standard for use with IT systems (National Institute of Standards and Technology)
• MIL-STD-882D – Used by DoD• ISO – Standards• HACCP – Hazard Analysis and Critical Control
Point -Standard for food products• GAMP 5 – European voluntary standard, pharma
automation
Existing Models
How Activities Correlate to Risk
Release Management
Design
Project Coordination
Vendor Management
Traceability Business Impact Analysis
TrainingSupport
Configuration Management
Phase Review
Development Standards
Failure Analysis
Data Management
Code Review
Safety Impact Activities
Compliance Impact Activities
Validation Reporting
Change Management
Validation Planning
TestingRequirements Management
Core Validation Activities
Incr
easi
ng L
evel
s of
Impa
ct
Severity /Detectability/Likelihood
How severe can the problem be?
How easy is the problem able to be detected?What is the likelihood that this problem will occur?
Assign Ratings
• Assign Risk Priority Number (RPN)• Taking into consideration the severity of the
risk, the likelihood of the risk occurring, and the detectability of that risk as it is occurring, a risk priority number can be calculated using the formula:
Severity x Likelihood x Detectability = RPN
• RPN also referred to as a Risk Index (RI)
Risk Priority Number
Ranking Rating Criteria
1 Low Minor negative impact, no long-
term detrimental impact2 Moderate Moderate negative
impact, someshort-to medium-term
detrimentalimpact
3 High Very significant negative impact,
significant long-term effects and
potentially catastrophic short-term
impacts
FMEA Rankings
Assign Risk Classification• Having assigned
the likelihood and business impact, use a matrix to classify the risk• Level 1 is highest• Level 3 is lowest
Risk Classification
Determine Appropriate Measures for Risk Mitigation• By combining Risk
Classification with Probability of Detection, prioritize based upon those areas of greatest vulnerability
• Modify process or system elements
• Modify project strategy• Modify validation
approach• Eliminate risk
Risk Mitigation
SYSTEM GAMP
HIGH RISK ON SITE VENDOR AUDIT
MEDIUM RISK ASSESSMENT VIA MAIL(Checklists)
LOW RISK DOCUMENTATION FROM VENDOR, REPUTATION
Incr
easi
ng C
ontr
ols
Incr
easi
ng C
osts
Example: Vendor Assessment
COMPUTER SYSTEM DOCUMENTATION
HIGH RISK All including SAD, SID, IQ, OQ, PQ, QA Checklist, and more
MEDIUM RISK Same as Low – Add IQ and OQ alone, Risk Assessment
LOW RISK VMP, URS/FRS, IQ/OQ, Single Summary ReportIn
crea
sing
Doc
umen
tatio
n
Incr
easi
ng C
osts
Example: CSV Validation
Plan Testing Mapping
• Assess current Risk Model :– Look at standards, validation procedures, previous RA,
governance• Establish NEW Risk Model:
– Work with client to pinpoint areas of highest concern (Mfg, Lab, Clinical)
– Begin with current RCM Framework and modify to client needs
• QA:– Need to gain acceptance from this group in a non-
threatening way– Typically set in their ways – culture change
• “We have a model already”:– Is everyone following that model?– What savings have you seen? In other words, is it
working?
Where to Start and Challenges
“Don’t worry Jim, what’s the worst thing that can happen?”
THANK YOU FOR YOUR TIME!