Risk-based validation – knowing what and how much to validate

In times of increased competitiveness and ever more stringent regulatory directives and norms, pharmaceutical companies have to continually optimize their operations; reduce operating costs and increase efficiency. An effective risk-based validation approach saves time and effort spent on validation and can assist organizations to achieve these optimization goals.

The FDA defines validation as “establishing documented evidence that provides a high degree of assurance that a specific process or system will consistently produce a product; meeting its predefined specifications and quality aspects.” The phrase “high degree of assurance” enables companies to regulate the appropriate level of inspection for the system being implemented themselves.

The traditional method or approach to validation involves the assessment of each system requirement in the same comprehensive manner without taking into account how much risk a failure of the function would add to the patient, product, machine and operator. All functions are systematically tested, which may result in testing of positive and negative scenarios to ensure all oversight points are equally and exhaustively tested.

This approach ensures that every requirement is thoroughly verified, but experience has shown that it causes unnecessary delays in the validation process of the system; it usually produces tonnes of paper to review and delays further release of critical systems.

By implementing a risk-based validation solution the mountains of paperwork can be avoided. See the info box on page 16 for a definition of risk.

Implementing risk-based validation

Risk-based validation is now a commonly heard expression in the pharmaceutical industry, but the methods to implement it are not clear. An effective risk-based validation process can reduce the overall time and effort spent on validation, thereby increasing productivity and profitability within the company.

Risks could also be assessed at the functional requirement level, thereby focusing validation efforts on those system functions that are at high risk with respect to data security, system security, operator safety and product and patient safety.

Risk assessments are conducted to determine the risk level of the requirements in the system, in the case of adverse events related to the requirements. The risk levels help to determine the scale of testing that is needed to be performed on that function. This requires the ability to approach the requirements at a system-level, in order to identify the broader risks and to identify the specific risks concerning that function at a micro-level.

It is also important to ensure individuals from various cross-functional disciplines within an organization participate in the process. This ensures that risks are assessed from commercial, technical, regulatory and other aspects. This is an acceptable investment in view of the validation efforts saved thereafter.

Risk definition

From the Pharmaceutical Industry’s perspective, risk can be defined as the resultant of the probability of occurrence of harm and the severity of that harm to the company and its shareholders and employees, regulatory agencies, producing systems and the population at large.

Getting started with a risk-based approach

Diagram 1 provides an overview of the risk-based validation approach and the steps involved.

The first step is the System Impact Assessment (SIA) where the individual system is assessed for its impact on the product, operator safety and patient safety. The systems are divided into two groups as either having ‘No impact’ or ‘Impact System’.

This is followed by the Component Criticality Assessment (CCA). Based on the SIA, only impact systems are considered for validation and component criticality assessment is done for ‘Impact System’ only. This allows the system components to be divided into ‘Critical & Non Critical Components’ based on factors such as data security, system security, operators safety and product and patient safety.

Only ‘Critical Components’ are considered for validation and are subjected to a Component Risk Assessment (CRA). Based on the SIA, CCA and CRA, validation protocols are generated and executed.

Validation protocols are then written for Impact systems only. Each validation protocol includes only the critical components of the Impact Systems. The protocol contains the parameters on which basis it is segregated as a critical component.

Diagram 1. An overview of risk-based validation

The advantages of adopting a risk-based validation approach

Risk-based validation enables organizations to focus more closely on the areas of the process or system that pose the greatest threat to product quality and patient safety, in the event of a failure.

It reduces the cost of validation within the organization, and as a result throughout the industry. An industry-wide shift towards a risk-based validation approach, as opposed to a conventional validation approach, would allow innovations to be introduced without adversely affecting product quality or patient safety.

The original text was published in our 2/2014 Top Engineer magazine

Text: Elomatic India