The 2011 US Food and Drug Administration Process Validation Guidance has revolutionized the expectations of manufacturers in managing and controlling variation and, subsequently, managing the risk associated with the variation. Managing risk—defined as the probability of harm occurring combined with the severity of said harm—will not only increase the quality of the product or process but also assure regulators of a firm’s ability to handle risk and produce safe goods.
The Process Validation Guidance, with its three-stage lifecycle approach, has transformed validation processes across the life science manufacturing world. Each stage of process validation; Process Design, Process Qualification, and Continued Process Verification; has their own set of risk assessments that are dependent on the activities required in that stage. Based off of a presentation from Tim Fields at IVT’s Validation Week East Coast Update, the following are the risk activities to perform for each stage of the lifecycle approach.
1. Process Design
Process design, or Stage 1 of the lifecycle approach to process validation, is where the manufacturing process is defined. The manufacturing process will be built on sound scientific data from development and scale up activities. Risk assessments in this stage include product form, patient population, and assessing risk in materials, equipment, processing flow, and unit operations.
Risk assessment in this stage will begin with understanding the sources of variation in the process; this will identify the risk. When defining the process to be validated, identify the critical process control parameters (CPPs) and critical quality attributes (CQAs). Understanding the risk associated with each parameter can be determined by asking the following questions:
- What happens if this parameter is out of control?
- What parameters really affect the process?
Identifying risk in such a way will help define the scope of validation.
Risk should also be assessed for each unit operation (e.g., mixing, milling, chromatography). The controls needed to reduce risk should be established. A higher degree of control is appropriate for attributes or parameters that pose a higher risk.
In this stage, many practitioners will find that fault tree analysis (FTA) is a beneficial risk assessment tool. FTAs begin with a failure event and uses logical schemas to establish the series of events required to cause a failure. Thusly, FTAs are often used when determining qualification and control strategies. As the design matures, failure mode and effects analysis (FMEA) can be used. This is a risk assessment method that can assign a numerical risk priority number established on perceived risk. Another risk assessment, hazard analysis and critical control points (HACCP), is a seven-step risk assessment tool required by FDA for the seafood industry. Used in the pharmaceutical industry, it can be used towards the end of Stage 1 to verify and optimize the design concepts or changes.
2. Process Qualification
Process qualification, or Stage 2, is what is considered to be “traditional validation.” The design of the process, created during Stage 1, is determined to be capable of reproducible commercial manufacturing.
In this stage, what needs to be qualified (e.g., HVAC, water systems, cleaning processes) will need to be identified. These activities need to be prioritized as well as the subsequent level of effort in the performance and documentation of qualification activities.
Risk will be assessed when establishing the required amount of sampling and testing. The number of samples should be adequate to provide sufficient statistical confidence of quality both within a batch and between batches. The confidence level selected can be based on risk analysis as it relates to the particular attribute under examination. Risk assessment will also support the rationale for testing batches.
When developing the validation plan, potentially the most important Stage 2 document, the risk assessment process should be defined.
3. Continued Process Verification
Continued process verification, Stage 3, is ongoing assurance that process remains in a state of control.
One aspect of this stage is change control. When enacting a change control, the impact of the change will need to be evaluated. Furthermore, the risk to the patient, product/process, potential change, compliance risk, and business risk needs to be determined for the potential risk. Moreover, when evaluating and documenting deviations or non-conformances in this stage, the risk associated with each deviation should be assessed. Completed risk assessments with applicable validation documents should be maintained.