regulatory compliance in manufacturing -...
TRANSCRIPT
WW OPS EXEC-07
Regulatory
Compliance in
Manufacturing
Jonathon Thompson
Director Compliance Consulting
Michael Schwarz
MES/MOM Product Marketing
2014 Software Global Client Conference
NERC
CFR 49
21 CFR Part 11
FSMA
21 CFR Parts 210 and 211
Annex 11
21 CFR Part 820
GAMP V
ASTM E2500
ISA S88
ISA S95
ISO 13485
Serialization/ePedigree
Farm to Fork
2014 Software Global Client Conference
● Wide Range of Regulations and Standards
● Apply Across a Range of Industries (not just
pharma any more)
● Solutions are compliant, not software
systems
● Documentation and Consistency are key
2014 Software Global Client Conference
● Inadequate response and/or corrective action
has the potential for severe consequences:
● Substantial fines
● Prolonged time to market
● Damaged company reputation
● Plummet in share price
● Revocation of manufacturing license
● Indefinite plant shut down
● Product recalls
● Product abandonment
● Incarceration
Noncompliance – substantial risk
Avoid
Major
Revenue
Losses!
What is 1 day of production worth to you?
2014 Software Global Client Conference
Good engineering – well documented
There shall be written procedures for production and process control
designed to assure that the drug products have the identity, strength,
quality, and purity they claim.
Establishing documented evidence, which provides a high degree of
assurance that a specified process will consistently produce a product
meeting its predetermined specifications and quality attributes.
Alternatively, the requirements for a system have been defined in
advance, the system has been tested to prove that these requirements
have been met, and documented proof that each step has been completed.
Documentation is imperative - If it is not documented, it did not happen
Validation defined
2014 Software Global Client Conference
How does Schneider Electric address Compliance?
●Services
●Compliance Consulting
●Cyber Security
●Product Features
●System Platform
●Workflow
●InBatch
●Global Standard Solutions
2014 Software Global Client Conference
Compliance Consulting at a Glance
Compliance Consulting Services encompass the entire project life cycle, including:
• Operations, Process, and Quality Systems Improvements
• Life-Cycle Validation Solutions and Planning
• Training and Audits
2014 Software Global Client Conference
Compliance
Consulting
Value Proposition
Experience
Capabilities
Differentiators
• Compliance Audits and Remediation
• Project/Program Management
• Compliance Program Definition and Implementation
• Modernization and Factory of the Future Strategies
• Technology Definition and Implementation
• Requirements Gathering
• Vendor Selections
• Standards Governance
• Glocal Delivery Model: Local Delivery with Global
Reach
• 20+ consultants with more than 15 years of
experience in Life Sciences compliance
• Platform independence with access to Schneider
portfolio
• PMP certified project managers
• Understanding of industry best practices and
standards, such as S88, S95, GAMP V
• Continued monitoring of regulatory trends and industry
drivers
• Over 20 years in the FDA compliance space
• Executed projects for all of the top 20 pharma
• Managed vendor search and/or implementation of
ERP, LIMS, MES, QTS, DCS, SCADA, Batch and
other automated systems
• Defined global, site and local validation, change
management, exception and CAPA systems
• Executed compliance audits for corporate and
regulatory standards
• Worked to define “Factory of the Future”
• Compliance Consulting shares our expertise with our
customers to enable them to:
• Modernize operations through technology with
minimal risk to compliance
• Implement industry best practices while
keeping up with regulatory trends
• Understand the strategic roadmap for
technology and compliance
2014 Software Global Client Conference
Industry awareness
● Many different interpretations and expectations of regulations
● Client should determine the scope of validation using a risk analysis
● No advantage to needlessly adding scope and validating non-critical items
● Be wary of claims that systems are 21 CFR Part 11 compliant or validated
● Compliance can only be claimed (and possibly required to be defended to the FDA)
by the end-user as a result of thorough system testing (for actual installed conditions)
and ongoing good operating practices
● Proper system implementation is as important as system design – no automation
system is compliant “out of the box.”
2014 Software Global Client Conference
Traditional GAMP-V model
Key life cycle methodology documentation often referred to as “V” model
2014 Software Global Client Conference
Repeat Protocol Model
Repeat only a random sampling of the commissioning test protocols under rigorous
validation change control guidelines. Reference the remainder of the tests.
Risk-Based Model
Repeat the most critical commissioning test protocols or any that were troublesome
(and/or required change control) under rigorous validation change control guidelines.
Reference the remainder of the tests.
ASTM E2500: Two distinct approaches
In both cases, it is common that the PQ is completed as normal, as usually
only a smaller subset of the PQ is tested in an commissioning environment.
2014 Software Global Client Conference © Invensys 13 October 2014 Invensys proprietary & confidential 14
Specification, Design and Verification
Process The life cycle approach proposed in GAMP5 aligns with the general specification, design and verification process described in ASTM E2500.
2014 Software Global Client Conference
© Invensys 13 October 2014 Invensys proprietary & confidential 15
Coding / Configuration
Reporting Planning
Verification
Specifications
Validation Life Cycle
Performance
Qualification
User
Requirement
Specifications
Functional
Specifications
Design
Specifications
System Build
Operation
Qualification
Installation
Qualification
System
Functionality
Map
Related To
Related To
Related To
Validation
Master Plan
Final Validation
Report
Software Quality
Plan
Operation /
Continuous
Improvement
Protocol and Test Script Documentation
SOP Development
System Development Documentation
System
Architecture
Diagram
Technical
Architecture
Specification
Risk
Assessment
RA Review
Risk Control
2014 Software Global Client Conference
Cyber Security Cyber security is a global issue. Why do it?
● Increase safety
● Reduce down time
● Protect intellectual property
● Industry or internal policy
● It could be the law
How to do it?
● Leverage Product Security Features
● Augment with Cyber Security Knowledge and Solutions
● Repeat
2014 Software Global Client Conference
HACKERS
• Low-cost tools
• Low skills
• Dynamic landscape
• Hacking is all they do
INDUSTRY
• High-cost prevention
• High skills
• Static networks
• Cyber security is not
what they do
Cyber Security Problem
• Companies continue to rely only on software/hardware point solutions for perimeter defense.
• Unfortunately, cyber threats continue to evolve faster than technology can keep pace. The results are
a false sense of security:
• 76% of organizations rely on point solutions such as traditional firewalls for security
• 97% of organizations have had a security breach – the attacker got through the perimeter
security
The Schneider Electric cyber security consulting team provides a holistic approach – identifying
the requirements to define the needs
2014 Software Global Client Conference
It’s all about compliance
Development
Product Security Standards
Cyber Security Solutions
Regulatory Requirements
Customer requirements built on customer expectations
Customer Compliance
2014 Software Global Client Conference
Cyber Security Consulting
• Long History Performing Cyber Security Services in Industrial Automation
• Largest ICSS based Security Group in the market
• Delivering Cyber Solutions to a Global Customer Base
• Experienced with IT technologies but with a Process Automation mindset
Why Schneider Electric?
2014 Software Global Client Conference
Products + Consulting = Compliance ● Schneider Electric provides a full life cycle cyber security
methodology - NOT a product centric point solution like many
IT based security companies do.
● Point solutions such as anti-virus software or firewalls on
their own fall short and miss the security target.
● The integration of sound cyber security best practices that
encompass best-in-class commercial off-the-shelf products
provides and enables a complete and holistic cyber security
compliance solution that hits the target
2014 Software Global Client Conference
What Makes the Cyber Security Team Unique? Platform Independent The Schneider Electric solution portfolio will work on ANY control system platform, expanding the market beyond the traditional Schneider Electric customer base.
Network Agnostic The Schneider Electric solution portfolio can be deployed on any network topology or technology, independent of network life cycle, due to the life cycle methodology of the solution portfolio.
Industry Relevant The Schneider Electric solution portfolio is applicable to any industrial manufacturing industry, whether the focus is on cyber security compliance or network systems optimization.
Solution Eco System Schneider Electric is greater than the sum of its parts: cyber security consulting, network compliance, regulatory experts, auditors, network systems design and implementation, system integrators, and trusted advisors.
2014 Software Global Client Conference
A Foundation for Cyber Security
The cyber security team represents a
cross section of industries such as oil,
gas, mining, nuclear, telecom, and
power generation that provides them
with the ability to work alongside their
clients and communicate effectively with
cross functional teams.
The core cyber security team is made up of
process engineers, network engineers, and
IT specialists with backgrounds in systems
security, network remediation, data
communications, and systems.
CISSP
CCNP
CCS1
CCSA
CWNA
NNCDA
CCNA
CCDA
CEH
ECS
MCSE
CISM
CISA
CCSE
2014 Software Global Client Conference
Wonderware is committed to lowering the cost
of developing and maintaining FDA 21 CFR Part
11 compliant applications. Just like it is
committed to lowering the cost of ownership of
the entire application.
2014 Software Global Client Conference
21 CFR Part 11 Deployment Documentation
Deployment Guide (On DVD): Product User Guides
…
…
2014 Software Global Client Conference
Ap
plic
ati
on
& R
ep
ort
ing
Clie
nts
Wonderware Operational Management
In Context with the Supply Chain & Automation
Batch Continuous Discrete
ERP PLM EAM SCM
3rd Party Lev
el 0, 1 &
2
Co
ntr
ol
Lev
el 3
M
an
ufa
ctu
rin
g E
xecu
tio
n S
yste
m
Lev
el 4
B
usin
ess
Pla
nn
ing
&
Lo
gis
tics
Production & Performance Applications
Wonderware Enterprise Integrator (WEI)
2014 Software Global Client Conference
Enhanced Electronic Signature support
(System Platform 2012 and newer)
●Features:
•New Secured Write Dialog
•New Verified Write Dialog
•Customizable Comment Field
•Comment and Action taken are
logged in the Alarm and Events
system logger
●Benefits:
•Greater flexibility complying with
21CFRp11 or…
•Other Regulatory requirements
•More Accurate Action/Approval
Tracking
•Easier to implement.
Slide 29
2014 Software Global Client Conference
System Platform 2012 and newer Secured Write Dialog
Reason for Signature Field Attributes – Associated Description Other Attributes – Object Description Script Function – Custom Message
Point Being Written
Value Being Written
User Entered Comment
Credentials Username/Password SmartCard/PIN
2014 Software Global Client Conference
System Platform 2012 and newer New Verified Write Dialog
Reason for Signature
Point/Value Being Written
User Entered Comment
Credentials Username/Password SmartCard/PIN
2014 Software Global Client Conference
Configuring Done By/Checked By Permissions
• Verified Writes – Require 2 Signatures (Done By/Checked By)
• New Operational Permission for Checked By signature; “Can Verify
Writes”
• Usage: Can create a separate role for Operators and Supervisors so
that actions must be checked by Supervisors.
Slide 32
Done By Permission
Checked By Permission Verifier Role
2014 Software Global Client Conference
Electronic Records Storage – Enhancements
Type of Write Verified, Secured, or Unsecured
User Entered Comment Verified, Secured, or Unsecured
Reason for Signature
Alarm/Events Comment Field - 1024 Characters Max (truncated)
2014 Software Global Client Conference
Signed Alarm Acknowledgement Dialog
User Entered Comment
Credentials Username/Password SmartCard/PIN
2014 Software Global Client Conference
Wonderware Skelta BPM for the Industry
Wonderware Skelta BPM is the only full cycle BPM
software offering for enterprise business process and
industrial operations process management.
• Native integration with Wonderware System Platform
• Connectivity to Wonderware MES, InBatch, IntelaTrac and Avantis EAM (EAM = Enterprise Asset Management )
• Integration to enterprise applications such as Microsoft SharePoint and Office
• Generic connectivity to integrate with e.g. ERP, PLM and QM systems
Enables a model driven approach to MOM and standardization of operational processes
2014 Software Global Client Conference
Electronic Signature in Forms (introduced with the ArchestrA Workflow 2012 release)
• Electronic Signature Support (Done By)
– Authenticate a user via their electronic signature in
workflow forms
Slide 38
2014 Software Global Client Conference
Fujirebio Diagnostics, Inc. provides innovative solutions in clinical diagnostics. with products in support of cancer biomarkers.
Objectives:
Allow personnel to monitor equipment from their
Workstations
Maintain all temperature readings in electronic records
Generate electronic GMP reports for “review by exception”
Provide authorized personnel electronic signature capabilities
to approve reports
Notify authorized personnel in event of adverse temp trends
Reduce current paper-based logging effort (now over 1100
hrs.)
Implement an Operations Information Infrastructure to
simplify future “electronic initiative” projects
Environmental Monitoring System
2014 Software Global Client Conference
Solution Summary
Temperature data is automatically logged • Exceptions are identified by EMS and
owners notified • Equipment owners comment on
exceptions & sign-off • Exceptions and sign-offs captured for
Summary Report
Report Approval Routing • Reports only contain exceptions • Routed to departments including QA for
review/approval • 2 Levels of Escalation
EMS automatically stores approved SR’s as e-files
• SRs available for future access as needed • Historical data available to generate
equipment logs
• As an Operations Information Infrastructure, this system is already being used to provide data input for continuous improvement.
• Future benefits of Wonderware System Platform include process analytics via (PAT) Framework, Batch Automation, EBR Approval Routing for release.
2014 Software Global Client Conference
What is Wonderware InBatch?
●InBatch is control system independent Batch Management Software,
Designed to effective Model and Automate Batch Processes
Successfully used, globally since nearly two decades:
●1000 + installations globally
●Verticals: Pharmaceutical, Healthcare, Chemical, Petrochemical,
Food &Beverage, Construction materials etc.
●Long term domain expertise in Ecosystem and Employees
●Used with all major PLC brands and Foxboro I/A Series DCS
●Continuous Investment and Industry Standards Support
2014 Software Global Client Conference
Wonderware InBatch Strength ● InBatch software excels at automating the simplest to the most complex
batch processes or when demanding high flexibility in recipe creation and
modification.
● Empowers Process engineers
to rapidly implement recipe changes or
new product recipes
● Maximizes production throughput
through it’s multi stream, multi product
batch execution and automation capabilities
● Reduces compliance cost
with a comprehensive electronic batch record,
material genealogy, security system event trail
and large set of reports
2014 Software Global Client Conference
Biotech Modernization Project
●Project Background
● Large Cell Culture Production Facility
● Upstream and Downstream Process Trains (27 Bioreactors)
● 24/7 Full GMP Production Operation
● Over 60 Controllers Managing 8,000 I/O Points and Batch Sequence Logic
● More that 100 Major Process Units and 500 Recipes
● 65 Operator Stations with Nearly 1,000 Displays
●High Level Requirements
● DCS Life Extension
● Preserve Interfaces to Laboratory and Business Systems
● Improve System Reliability and Supportability
● Minimize Impact to Production Schedule
● Minimize Overall Lifecycle Costs
● Provide Path for Continued Upgrades
2014 Software Global Client Conference
Biotech Modernization Project Technical Scope
• Replace existing DCS Supervisory layer
with Wonderware System Platform
• Migration of existing batch system to
Wonderware InBatch
• Replace existing HMI with
Wonderware InTouch
• Replace existing process historian with
Wonderware Historian
• Implemented on new ‘virtualized’
computing and network infrastructure
2014 Software Global Client Conference
Biotech Modernization Project
●Delivery Approach ● Collaborative effort between Invensys, SI,
Customer
●Invensys development and quality oversight
●Engineering testing leveraged to reduce validation testing
● Robust configuration management to track objects across all five environments
● Leverage object templates to reduce development and testing efforts
● Full system performance test with physical and simulated APACS controllers
● Project Achievements
● All Project & Technical requirements satisfied
●Functional; System Performance; Project Execution; Qualification
● Delivered highly compatible solution - effectively ‘Like for Like’
●Consistent Batch Manager, HMI Graphics, System integrations
● Minimized impact to Customer’s network supply chain
●8 Hour resumption of manufacturing operations
●10 day resumption of GMP manufacturing
2014 Software Global Client Conference
Design Philosophy
Reusability & Scalability
from start through a Platform based and Programmatic Approach …
To enable/deliver Lower TCO
• Flexibilty • Configurable • Failover • Industry Best
Practices • Virtualization • Reliability • Infrastructure
Required • Object
Oriented • Centralized
Management • Historization • Redundancy • Facility Model • Scripting • Reporting • Data Mining • Collaboration • Industry
Standard • Audit Trail
Architecture & Design
• Technology Know How Industry Expertise
• Regional Support
• Library of Standard Templates
• Standardized/Non
Customized • Configuration
Management • Software
Deployment • Revision
Control • Deployment
Model
Deployment
• Advance Process Control • Visualization • Alarming • Trending • Event Logging • Security • SPC/SQC • Downtime/ OEE • Statistical Analysis • CFR 21 Part 11
Functionality
• Compatibilty with Control Vendors
• Device Integration
• OSI-PI Integration Capability
• Comm. Protocols -PCS -Instruments
• Telephonic Notification
• Business System Integration
• Integration Capabilities -MES -PI -OEM/PCS
Integration
2014 Software Global Client Conference
Object-Oriented Validation Significant Reduction in Validation Effort
Template: “$Motor”
Derived Template: “$MotorVFD”
Instance of “$MotorVFD”
$Motor
$MotorVFD
Instance of “$Motor”
Validation Effort
• Test all functions on a SINGLE instance of $Motor (TransferPump_001)
• Subsequent instances require less testing.
• Leverage testing of $Motor functionality when testing a SINGLE
instance of $MotorVFD functionality, resulting in effort reduction.
• Subsequent instances require less testing
2014 Software Global Client Conference
A Unique and differentiated approach
● Facilitates & Enforces Object-Oriented Design Methodology
● Object instantiation (not just cut-and-paste, true re-use)
● OEM/Control System independent platform
● A single central template repository (change it in one place)
● Lower engineering costs (25-60%)
● Lower maintenance costs
● Lower cost/time-to-validation (25-50%)
● Lower Total Cost of Ownership
2014 Software Global Client Conference
Enhancement & Maintenance
Deploy at Site #1
Deploy at Site #2
Deploy at Site #N Deploy at
Site #2*
Deploy at Site #2
Deploy at Site #N
Implementation Strategy
Build templates
Deploy at Site #1
First Area
Adjust & Package for Deployment
Deploy at Site #3*
Deploy at Site #N*
Build Core Solution Define Design Develop Test
Install and Validate @ 1st site
Global Deployment Analysis/fit-gap and design; Configure; CustomIze (if needed); Instantiate and Scale; Test; Deploy; Validate
Sup
po
rt
Central Repository / Templates Library (Add, Sanitize, Update, Maintain, Improve, Version, Validate)
(Documentation, Training, , Governance, Validation)
Center of Excellence (J&J + Invensys)
Global Program Management Infrastructure (GPMO)
Invensys Best Practices
Tem
pla
te
s Reu
sab
le
/ Tem
pla
tiz
abe
Tem
pla
te
s Reu
sab
le
/ Tem
pla
tiz
abe
Tem
pla
te
s Reu
sab
le
/ Tem
pla
tiz
abe
Deploy at Site #1
Deploy at Site #1 Rest
of Area
Tem
pla
te
s Reu
sab
le
/ Tem
pla
tiz
abe
* Could be deployed in parallel
COE+SI SI
Test + Customer Validation
2014 Software Global Client Conference
Chennai
Delivery Ecosystem Baarn
Shanghai
Tokyo
Sydney
Seoul
Singapore
Crawley
Lake Forest
Paris Foxboro
Bangalore
Buenos Aires
Montreal
Mexico City Abu Dhabi
Melbourne
Houston
Milan
Toronto
Brisbane
Dusseldorf
Cairo
Calgary
Mumbai
Madrid
Caracas
Bogota Lagos
Johannesburg Santiago
Algeria
Moscow
Al Khobar
Local Delivery Centers (Engineering & Services)
Off -Shore Engineering Execution Centers
Bratislava
Taipei
Thailand
Kuwait Baton Rouge Atlanta
Invensys Global Delivery Resource Pool, Headcount
Resource EURA MENA APAC NA LAO EEC Total
Project Manager 69 8 61 45 27 8 218
Application Consultant 11 4 14 39 3 6 77
Lead Engineer 127 47 141 197 28 98 638
Application Engineer 220 68 177 144 68 366 1,043
Technician 29 11 97 79 11 9 236
Total Direct Delivery 456 138 490 504 137 487 2,212
Indirect Management 56 22 60 36 21 15 210
Total 512 160 550 540 158 502 2,422
Sao Paulo
12 distributors 1067 system integrators
7 distributors 118 system integrators
22 distributors 1256 system integrators
34 distributors 193 system integrators
Wyomissing
2014 Software Global Client Conference
Collaborative Services Delivery Model
Customer
Single Point of Accountability
Right Team For Execution
Resource Pull
Schneider Project Services • Prime Contractor • Safeguarding • Methodologies • Best Practices & Standards • Knowledge Management • Validation
Global Program Management Infrastructure (GPMO)
Invensys Delivery Best Practices
Invensys Prime Implementation
Invensys Prime Support
Partner Prime Implementation
Partner Prime Support
Global Partners
Regional Partners
• Global • By Region • By Business
Subcontractor , Project Delivery, Capacity Augmentation
Or
Schneider Electric • Compliance • GMP QMS applied to
Invensys and Partners • Partner Audit & Assessment • CoE & Governance • Risk Mitigation
2014 Software Global Client Conference
Country Regulatory Authority Website
Australia Therapeutic Goods Administration (TGA) www.tga.gov.au/
Brazil Agencia Nacional de Vigiloncia Sanitaria (ANVISA ) www.portal.anvisa.gov.br/
Canada Health Canada www.hc-sc.gc.ca/index-eng.php
China State Food and Drug Administration www.eng.sfda.gov.cn/
Costa Rica Ministry of Health http://www.ministeriodesalud.go.cr/
Denmark Danish Medicines Agency http://laegemiddelstyrelsen.dk/en/
Europe European Medicines Agency (EMEA) www.ema.europa.eu/
Germany Federal Institute for Drugs and Medical Devices www.bfarm.de/EN
Hong Kong Department of Health: Pharmaceutical Services http://www.drugoffice.gov.hk/eps/do/index.html
India Central Drug Standard Control Organization (CDSCO) www.cdsco.nic.in/
Ireland Irish Medicines Board www.imb.ie/
Italy Italian Pharmaceutical Agency www.agenziafarmaco.gov.it/en
Japan Ministry of Health, Labour & Welfare(MHLW) www.mhlw.go.jp/english/
Malaysia National Pharmaceutical Control Bureau, Ministry of Health www.bpfk.gov.my/
Netherlands Medicines Evaluation Board www.cbg-meb.nl/cbg/en
New Zealand Medsafe - Medicines and Medical Devices Safety Authority www.medsafe.govt.nz/
Nigeria National Agency for Food and Drug Administration and Control (NAFDAC) www.nafdac.gov.ng/
Pakistan Drugs Control Organization, Ministry of Health www.dcomoh.gov.pk/publications/ndp.php
Paraguay Ministry of Health www.mspbs.gov.py/
Singapore Centre for Pharmaceutical Administration Health Sciences Authority www.hsa.gov.sg
South Africa Medicines Control Council www.doh.gov.za/show.php?id=2863
Sri Lanka SPC, Ministry of Health www.spc.lk/services.html
Sweden Medical Products Agency (MPA) www.lakemedelsverket.se/english/
Switzerland Swissmedic , Swiss Agency for Therapeutic Products www.swissmedic.ch/?lang=en
Thailand Ministry of Public Health www.eng.moph.go.th/
Uganda Uganda National Council for Science and Technology (UNCST) www.uncst.go.ug/
UK Medicines and Healthcare Products Regulatory Agency (MHRA) www.mhra.gov.uk/
Ukraine Ministry of Health http://www.moz.gov.ua/ua/portal/
USA Food and Drug Administration (FDA) http://www.fda.gov/
Major regulatory government agencies Around the world
57 Confidential Property of Schneider Electric
Related Support, Services, Training & Expo Demos
Support
Training
Services
Expo Demos
> Wonderware Skelta BPM 2014 (workflow)
> MES and Recipe Management