Validation of MES and Manufacturing Automation systems

Transcription

1 Validation of MES and Manufacturing Automation systems The FDA Group Presentation APRIL 26, 2017 Chinmoy Roy, B.S. (Hons.) MSCS Industry Consultant 1

2 Agenda What is a MES Validation concepts Validation s life cycle approach User Requirements Specifications (URS) 2

3 What is Validation MES: BASIC CONCEPTS 3

4 Production-Integrated enterprise Manufacturing Automation system architectures that will serve as enablers to an integrated family of systems for automated planning, dynamic scheduling and fully optimized production processes to control unit production cost Such an architecture should also reduce the cyber attack surface area of the business 4

5 Manufacturing automation system 5

6 Control Hierarchy Level 0: Field instrument/sensing layer Level 1: Process control layer: PLCs,, SLCs Level 2: Process management: DCS, MCS Level 3: Manufacturing management: MES, LIMS Level 4: Production management, ERP 6

7 What is an MES MES = Manufacturing Execution System Receives vast quantities of data from other levels Converts to useful information Scheduling Materials management Quality samples 7

8 ERP MES CONTROLS 8

9 MES FUNCTIONS Planning Material Handling Finite Scheduling Container Management Material Management KPI Monitoring Data X fer Dispensing Production Warehousing Material Flow Line Monitoring Data Collection Maintenance Management Personnel Training Checklist Management EBR Batch Recipes Organization Documentation Plant Operation Courtesy: Guy Wingate 9

10 What is Validation VALIDATION: BASIC CONCEPTS 10

11 What is Validation FDA has defined Validation as: Establishing documented evidence which provides a high degree of assurance that a specific manufacturing process will consistently perform to produce a product meeting its pre-determined specifications and quality attributes Key words: Documented evidence Pre-determined specifications 11

12 Qualification and Validation Qualify an installation Establish documented evidence of what hardware and software is installed to include make, model, version number, serial number, description of components, environmental conditions, location etc. Validate a function Establish documented evidence that a software along with the installed hardware, performs the function that it has been designed to perform 12

13 Challenges of CSV Poorly defined requirements Unrealistic schedule Inadequate testing Requirements creep/change Miscommunication during design and development 13

14 Challenges of CSV 14

15 What is Validation LIfE CyCLE APPrOACh TO VALIDATION 15

16 Phases: The V-model (cradle to grave) Plan URB, System Boundary SIA Design /Build URS FS DS Validates Build Verification Did we build the right system? IQ Validate Operate Retire OQ PQ Operational Monitoring, SOPs Change Control Revalidation & Periodic Review Discrepancy Managemen t Maintenanc e Calibration Program Validation Did we build the system right? Retirement Plan 16

17 CSV Activities - sequencing Planning Specification & Design VPP RMP URS Vendor Audit Approve Planning docs Supplier QP Test Plans FRS PV Plan IQ, OQ, Qual. Tests HDD SDS Develop Hardware Develop Software FAT (IQ & OQ part.) Verification SOP PV Retirement Plan Access Security Backup & Restore Business Continuity Disaster Recovery Validation Report SAT (IQ & OQ ) LEGEND: User Developed Vendor Developed Acceptance & Release 17

18 CSV Governance documents Ensure CSV Governance documentation systems are in place Quality Manual Quality Policy Quality Standard VMP, SOPs etc. Vendor Management Personnel Training Change Control Access Security Document Management Deviation Management Backup & Recovery 18

19 Documents/deliverables of CSV VPP Plans Req.& Design Test Test Results Reports SOPs Project Plan Test Plan Vendor Audit Plan RMP Validation Project Plan (VPP) P) VPP: Validation Project Plan RMP: Risk Management Plan SDD: Software Design Description FRS: Functional Requirement Specs. URS: User Requirement Specs. DDS FRS URS PV Test OQ Scripts Test IQ Scripts Test Scripts Commissioning Test Scripts PV: Performance Validation OQ: Operational Qualification IQ: Installation Qualification URS: User Requirement Specs SOP: Standard Operating Procedure. Dev. PV Resolution Test OQ Results Test IQ Results Test Commissioning Results Test Results SLA VSR Training Records RTTM RMR RCS VSR: Validation Summary Report RTTM: Requirements to Test Trace Matrix RMR: Risk Management Report RCS: Risk Control Strategy URS: User Requirement Specs. SLA: Service Level Agreement 19 DR Access Sec. BC BR Re- Validation

20 ASTM E process Product Knowledge GOOD ENGINEERING PRACTICE Process Knowledge Regulatory Requirement Requirements Specification And Design Qualification & Validation Acceptance and Release Operation Company Quality Requirement RISK MANAGEMENT DESIGN REVIEW CHANGE MANAGEMENT 20

21 The Validation stages Validation Plan Installation Qualification (IQ) Operational Qualification (OQ) Performance Qualification (PQ) 21

22 What is Validation USEr requirements SPECIfICATION (UrS) 22

23 What is a URS Document that defines clearly and precisely what the regulated company wants the system to do and state any constraints State requirements in simple language and avoid any technical terms Should be platform independent and state the What instead of the How It serves as a root document for Validation and testing It is a live document and hence is subject to continuous update to reflect changes in requirement 23

24 Why is a URS important URS is a key CSV document and is frequently audited The URS is used as the root document to develop a road map for the design and project deliverables. Being involved in the requirements definition phase will streamline the project later on Helps fast track testing if URS is short, concise, testable and traceable Poorly written URS is one of the top 10 citations 24

25 What should URS contain 1. Operational requirements 2. Functional requirements 3. System requirements 4. Data requirements 5. Interface requirements 6. Environment requirements 7. Performance requirements 9. Availability requirements 10. Security requirements 11. Maintenance requirements 12. Regulatory requirements 13. Migration requirements 14. Constraints to be observed 15. Life cycle requirements 8. Compliance requirements 25

26 Typical contents of a URS 26

27 Requirements to Test Trace Matrix (RTTM) 27

28 What is Validation CASE STUDy 28

29 URS for CASE STUDY Modification traceability Use of secure, computer-generated, time stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. They must be legible and exportable on a standard PC. It is necessary to record unsuccessful access attempts by an authorized user. Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated audit trail ). For change or deletion of GMP-related data, the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed 29

30 What are resources for Validation The FDA Group is a global leader in GxP auditing, remediation, and quality system resourcing. We utilize a proprietary talent selection process of former FDA & industry professionals, amplified by a corporate culture of responsiveness and execution. Headquartered in Westborough, Massachusetts, The FDA Group has more than 355 specialists (60 of whom are former FDA Investigators) across 42 states. 30

31 QUESTIONS?

32 Thank You Contact the experts at The FDA Group (508) TheFDAGroup.com

33 MES SYSTEM INTERFACES Access security ERP Interface Order, MDM Recipes MES EBR Display Automation DCS, PLC Material Manage Other PLM, Planning 33

34 DI items in the URS (minimum) ID ERES1 ERES2 ERES3 ERES4 ERES5 ERES6 ERES7 Requirement Retained records including associated electronic signatures, audit trail, and metadata are retrievable in a human readable format and reproducible for viewing throughout the record retention period. The system supports on-site inspection, review, and copying of records in a human readable form. The system automatically generates an audit trail which is accessible for review and correctly captures the User ID, date, and time The system requires and authenticates a unique User ID and password combination for each individual user account. The system prevents the re-use or re-assignment of User ID and password combinations System passwords cannot be viewed in human readable form System technical controls give the administrator the ability to deactivate and change the authorization for a user or user group The system shall have provisions to require a password change once within one year of last change in password. 34

35 DI items in the URS (minimum) ID ERES8 ERES9 ERES10 ERES11 ERES12 ERES13 ERES14 Requirement The system is configured to record failed logon attempts and to deny access (i.e., lockout) after a pre defined number of attempts If a particular operation or workflow must occur in a specific sequential order, then systems must be designed to enforce proper sequencing of steps and events. This also applies where the meaning and integrity of records is dependent upon the proper sequencing of events Where the meaning and integrity of records is dependent upon data coming from a specific source (e.g. from a specific terminal only), the systems must be designed such that these data can only come from that valid, specific source The audit trail records cannot be modified, deleted, or the feature disabled. Electronic Signatures are provided by the system The electronic signature includes the following: i. The printed name of the signer. ii. The date and time the signature was executed. iii. The meaning associated with the signature. Record changes do not obscure previously recorded information (e.g., old values can still be displayed) 35

36 Quality attributes of URS Specify What not How Complete Traceable Unambiguous Verifiable Clear Consistent 36

37 Quality attributes of URS Requirements specify the what and not the how Not the HOW 6.1 The SSP software shall communicate with Genentech s security server in a hosted environment using TCPIP communication protocol But the WHAT 6.1 The SSP software shall have the capability to communicate with Genentech s security server 37

38 Quality attributes of URS Requirements are complete Not recommended 6.1 Requirement only states WHAT happens on Power Fail Recommended 6.1 Requirement states WHAT happens on Power Fail & Power Restore 38

39 Quality attributes of URS Requirements are traceable Not recommended Drying times for all vials shall not exceed 5 sec. Drying times for 5cc vials shall not exceed 3 sec. Recommended 6.1 Drying times for all vials shall not exceed 5 sec. 6.2 Drying times for 5cc vials shall not exceed 3 sec. 39

40 Quality attributes of URS Requirements are unambiguous (cannot be interpreted in more than one way) Not recommended 6.1 Drying times for all vials shall not exceed 5 sec. 6.2 Drying times for 5cc vials shall not exceed 3 sec. Recommended 6.1 Maximum drying times for vials are as follows: seconds for 5cc vials seconds for the rest of the vials 40

41 Quality attributes of URS Requirements are verifiable Not recommended 2.1 The Graphic software shall be capable of providing fast screen updates. Recommended 2.1 Graphic screens shall update at least once every 5 seconds 41