Techniques For Risk-Based Validation Using ASTM E2500

By Michele Levenson, Pharmatech Associates

Today, ASTM standard E2500, Specification, Design, and Verification of Pharmaceutical and Bio-pharmaceutical Manufacturing Systems and Equipment,¹ elevates risk-based validation as a critical aspect of GMP manufacturing, based on managing risk in a structured approach to segment unit operations and leveraging engineering activities to reduce qualification risk as the process moves from asset acquisition to process implementation. This article will explore validation’s role in efficiency and cost management, in an approach to ASTM E2500 from a scientific, value-added perspective. We describe the challenges inherent in good engineering practices (GEPs) that lead to what to consider in evaluating risk. By comparing the organizational structures based on the classic validation V-model and contrasting those with the framework for risk-based validation, it is possible to evaluate the pitfalls that would impede the successful implementation of ASTM E2500. Finally, we will outline the business considerations for streamlining project execution in line with cGMPs.

Risk Management And Validation

Depending on where your organization is on the pendulum of risk tolerance, there are many benefits to adopting risk-based validation (RBV) and ASTM E2500 within an overall validation strategy, as long as the organization is structured appropriately. First let’s understand what risk is.

Risk is defined as the probability of occurrence of harm combined with the severity of that harm that affects all stakeholders. Stakeholders in this case can include the company itself, its shareholders, employees, regulatory bodies, and—most importantly—the public. When we apply this concept to validation activities, a risk-based approach is intended to lower the overall risk in the overall validation strategy, not add risk to the process by reducing validation activities.

To reduce risk, three elements are essential: 1) the risk must be formally identified and quantified, 2) effective control measures can be implemented to reduce the risk to an acceptable level, and 3) validation can be performed to a level that is commensurate to the risk. In other words, after assessing the system’s various failure modes, mechanical and/or automated controls should be rolled out to reduce or eliminate the risk and validation performed to demonstrate the effectiveness of these controls.

Historically, there has been a steady evolution toward integrating risk-based tools to increase the value and effectiveness of a validation program. Many companies deploy a validation strategy that includes performing a system-level impact assessment (SIA) to determine the system’s GMP impact on the process. The level of validation required could be determined, based on this assessment. Alternatively, some companies adopt an ASTM E2500 approach for their validation program, which distributes the responsibilities of validation to earlier in the system’s development process.

RBV Displaces Classic Validation Model

Often referred to as the validation V-model, the classic validation paradigm satisfied regulatory compliance requirements and industry’s needs. However, it takes a significant effort to complete because all system features are validated, regardless of the cost or resources required to achieve a successfully validated system. Furthermore, if a change were to occur midway through the implementation, all relevant test and specification documentation would have to be updated to reflect the change. In this scenario, quality was placed above all else, meaning checks and balances were repeated throughout the system’s development process, through the final validation activity, to ensure the validation was complete and thorough.

As companies became more efficient and more risk-cognizant, RBV became a more attractive approach for streamlining validation activities. The goal of RBV is to use a risk management tool, such as failure mode and effects analysis (FMEA), to evaluate the impact, likelihood, and detectability of a failure mode in order to establish the overall risk of each failure mode within a piece of equipment. Risk is then assessed using system impact assessments, where each functional requirement of the system is weighted and tested, based upon its potential impact on the product, process, or quality attributes. This approach is contrary to the classical validation paradigm, where each functional requirement of the system would be tested equally.

ASTM E2500 Applies Risk- And Science-Based Approach

ASTM E2500 is a type of RBV that utilizes concepts from ICH Q8,² ICH Q9,³ and the FDA’s Pharmaceutical cGMPs for the 21^st Century – A Risk-Based Approach.⁴ ASTM E2500 is a guideline, not a requirement or regulation, that uses a risk- and science-based approach, beginning with the specification and design process and continuing through to the verification of manufacturing systems and equipment that have the potential to affect product quality and patient safety. ASTM E2500 §6.2.2.1 states, “The evaluation of risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient.” In essence, this guideline provides us with a road map to ensure that systems are fit for their intended use and that risk to product quality is effectively managed. In fact, we initially saw this idea coming from the FDA when it introduced its 2011 Guidance on Process Validation,⁵ which moved away from the prescriptive structure of IQ, OQ, and PQ traditionally used in validation strategies. Instead, the FDA strongly recommends leveraging risk management principles and scientific understanding as a foundation for demonstrating equipment stability.

In ASTM E2500, the sequential Commissioning and Qualification activities are replaced with “Verification” to encompass both of these phases. In an ASTM E2500 approach, the Design Qualification is replaced with a Design Review by a subject matter expert (SME). These concepts drift away from the classic validation paradigm of incorporating repetitive, non-value-added checks and balances as part of the validation of a system.

Differences And Similarities

When comparing a classical validation with an RBV approach, user and functional requirements for each system are generated. In the RBV approach, SIAs are also generated to evaluate and determine the level of validation testing required for each user and functional requirement. In an ASTM E2500 approach, an SIA is not needed; rather, the system and control portions with the potential to impact the product are defined by the SMEs. In classic validation, every requirement is tested with equal weight, while in a RBV or ASTM E2500 approach, requirements are weighted and tested based upon their impact on the process and product.

With classical validation, a vendor is audited and the system evaluated on its capability to meet all user and functional requirements. By contrast, with a RBV or ASTM E2500 approach, a vendor is audited to gain a high level of confidence that the system is able to meet all critical requirements.

Adopting An ASTM Approach Affects Organization Structure

If an organization has adopted the idea of an ASTM E2500 approach, can it simply put plans in place to implement ASTM E2500? There are some organizational considerations to evaluate first. Since the ASTM E2500 approach has a much heavier reliance on critical quality attributes (CQAs) and understanding of the process, it’s important that responsibilities are shared among the most qualified departments (i.e., product/process development, engineering, automation engineering, validation, etc.) earlier in the design phase, so the organization must be structured proportionally to these responsibilities.

If ASTM E2500 is the body of the company’s validation strategy, the validation department becomes the heart of this body. Validation’s role becomes more important when adopting a RBV approach because they understand the system’s intended use, so they can easily ascertain and justify why certain testing is being conducted while other functions are not tested. Validation often has to provide justification on what is important to a system based on the results of the FMEA and SIA, serving as a bridge between engineering and QA.

It is equally important that QA has a strong technical understanding of the process CQAs and constraints of the systems being qualified so they can more easily evaluate the rationale for not testing certain system functionality. Not all system functionality will be validated if a particular feature of a system will not be used and this has been documented and agreed to by the internal stakeholders.

Since risk management principles and scientific understanding are the foundation of ASTM E2500, this results in the responsibility for the equipment’s suitability evaluation by the SMEs to move earlier in the equipment selection process. Additionally, there is an increased focus on performing verification testing at the vendor’s site to leverage the vendor’s expertise and knowledge. This also requires a higher degree of accuracy and quality of supplier documentation, for example, to utilize FAT documentation as part of an IQ and/or OQ execution. SMEs relied upon much earlier in the project not only for their technical understanding but also for overseeing the quality requirements required downstream.

An ASTM E2500 approach also requires engineering to have formalized procedures to manage quality activities. For example, engineering procedures would be required for activities such as vendor technical assessments, construction inspection, instrumentation verification, and installation verification. Therefore, the typical good engineering practices (GEPs) frequently used would need to be formalized and used consistently.

Steps To Successful Implementation

There are many benefits to implementing an ASTM E2500 approach. However, its implementation does require planning and self-evaluation by organizations before taking the plunge. There must be a mutual agreement by all stakeholders on which functions or features of a system will be validated, based on the system’s intended use, risk management, and benefit to patient safety.

More time and effort of the SMEs will be required throughout the project life cycle to support critical decision-making. In the classical validation paradigm, SMEs are required at specific points in the project life cycle to provide their input and deliverables. Once this was delivered, they often moved on to other responsibilities outside of the project. However, the ASTM E2500 approach relies heavily on SME input in the requirements documentation through to the development of the verification plan and testing documentation.

As the deliverables from engineering have more clout in fulfilling the system’s compliance aspects within an organization committing to ASTM E2500, the engineers must be well versed in quality and possess a strong technical understanding of the process and system. This greatly expands upon the role and responsibilities of engineering from the classic validation approach; a robust and adequately staffed engineering team is necessary to meet the needs within an ASTM E2500 methodology.

References:

1. ASTM E2500 – 3, “Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment"
2. ICH Q8 Pharmaceutical Development
3. ICH Q9 Quality Risk Management
4. Pharmaceutical cGMPs for the 21st Century —A Risk-Based Approach
5. FDA Guidance for Industry Process Validation: General Principles and Practices

About The Author:

Michele Levenson specializes in process, equipment, utility, facility, computer, automation validation, and project management in the biopharmaceutical, pharmaceutical, medical device, and diagnostic industries. Her areas of expertise include quality management systems, statistical analyses, process design, and process validation, spanning solid dose manufacturing delivery systems to aseptic biotech processes and drug delivery systems, leading commissioning and qualification mission critical projects for gene therapy, pharmaceutical, and biotechnology companies. Levenson is a Lean Six Sigma Green Belt and Certified Project Management Professional (PMP) with a B.S. degree in general life sciences from Penn State University.