regulatory compliance in manufacturing -...

2014 Software Global Client Conference

WW OPS EXEC-07

Regulatory

Compliance in

Manufacturing

Jonathon Thompson

Director Compliance Consulting

Michael Schwarz

MES/MOM Product Marketing


NERC

CFR 49

21 CFR Part 11

FSMA

21 CFR Parts 210 and 211

Annex 11

21 CFR Part 820

GAMP V

ASTM E2500

ISA S88

ISA S95

ISO 13485

Serialization/ePedigree

Farm to Fork


● Wide Range of Regulations and Standards

● Apply Across a Range of Industries (not just

pharma any more)

● Solutions are compliant, not software

systems

● Documentation and Consistency are key


● Inadequate response and/or corrective action

has the potential for severe consequences:

● Substantial fines

● Prolonged time to market

● Damaged company reputation

● Plummet in share price

● Revocation of manufacturing license

● Indefinite plant shut down

● Product recalls

● Product abandonment

● Incarceration

Noncompliance – substantial risk

Avoid

Major

Revenue

Losses!

What is 1 day of production worth to you?


Good engineering – well documented

There shall be written procedures for production and process control

designed to assure that the drug products have the identity, strength,

quality, and purity they claim.

Establishing documented evidence, which provides a high degree of

assurance that a specified process will consistently produce a product

meeting its predetermined specifications and quality attributes.

Alternatively, the requirements for a system have been defined in

advance, the system has been tested to prove that these requirements

have been met, and documented proof that each step has been completed.

Documentation is imperative - If it is not documented, it did not happen

Validation defined


How does Schneider Electric address Compliance?

●Services

●Compliance Consulting

●Cyber Security

●Product Features

●System Platform

●Workflow

●InBatch

●Global Standard Solutions

Compliance Consulting


Compliance Consulting at a Glance

Compliance Consulting Services encompass the entire project life cycle, including:

• Operations, Process, and Quality Systems Improvements

• Life-Cycle Validation Solutions and Planning

• Training and Audits


Compliance

Consulting

Value Proposition

Experience

Capabilities

Differentiators

• Compliance Audits and Remediation

• Project/Program Management

• Compliance Program Definition and Implementation

• Modernization and Factory of the Future Strategies

• Technology Definition and Implementation

• Requirements Gathering

• Vendor Selections

• Standards Governance

• Glocal Delivery Model: Local Delivery with Global

Reach

• 20+ consultants with more than 15 years of

experience in Life Sciences compliance

• Platform independence with access to Schneider

portfolio

• PMP certified project managers

• Understanding of industry best practices and

standards, such as S88, S95, GAMP V

• Continued monitoring of regulatory trends and industry

drivers

• Over 20 years in the FDA compliance space

• Executed projects for all of the top 20 pharma

• Managed vendor search and/or implementation of

ERP, LIMS, MES, QTS, DCS, SCADA, Batch and

other automated systems

• Defined global, site and local validation, change

management, exception and CAPA systems

• Executed compliance audits for corporate and

regulatory standards

• Worked to define “Factory of the Future”

• Compliance Consulting shares our expertise with our

customers to enable them to:

• Modernize operations through technology with

minimal risk to compliance

• Implement industry best practices while

keeping up with regulatory trends

• Understand the strategic roadmap for

technology and compliance


Industry awareness

● Many different interpretations and expectations of regulations

● Client should determine the scope of validation using a risk analysis

● No advantage to needlessly adding scope and validating non-critical items

● Be wary of claims that systems are 21 CFR Part 11 compliant or validated

● Compliance can only be claimed (and possibly required to be defended to the FDA)

by the end-user as a result of thorough system testing (for actual installed conditions)

and ongoing good operating practices

● Proper system implementation is as important as system design – no automation

system is compliant “out of the box.”


Traditional GAMP-V model

Key life cycle methodology documentation often referred to as “V” model


Repeat Protocol Model

Repeat only a random sampling of the commissioning test protocols under rigorous

validation change control guidelines. Reference the remainder of the tests.

Risk-Based Model

Repeat the most critical commissioning test protocols or any that were troublesome

(and/or required change control) under rigorous validation change control guidelines.

Reference the remainder of the tests.

ASTM E2500: Two distinct approaches

In both cases, it is common that the PQ is completed as normal, as usually

only a smaller subset of the PQ is tested in an commissioning environment.

2014 Software Global Client Conference © Invensys 13 October 2014 Invensys proprietary & confidential 14

Specification, Design and Verification

Process The life cycle approach proposed in GAMP5 aligns with the general specification, design and verification process described in ASTM E2500.


© Invensys 13 October 2014 Invensys proprietary & confidential 15

Coding / Configuration

Reporting Planning

Verification

Specifications

Validation Life Cycle

Performance

Qualification

User

Requirement

Specifications

Functional

Specifications

Design

Specifications

System Build

Operation

Qualification

Installation

Qualification

System

Functionality

Map

Related To

Related To

Related To

Validation

Master Plan

Final Validation

Report

Software Quality

Plan

Operation /

Continuous

Improvement

Protocol and Test Script Documentation

SOP Development

System Development Documentation

System

Architecture

Diagram

Technical

Architecture

Specification

Risk

Assessment

RA Review

Risk Control

Cyber Security


Cyber Security Cyber security is a global issue. Why do it?

● Increase safety

● Reduce down time

● Protect intellectual property

● Industry or internal policy

● It could be the law

How to do it?

● Leverage Product Security Features

● Augment with Cyber Security Knowledge and Solutions

● Repeat


HACKERS

• Low-cost tools

• Low skills

• Dynamic landscape

• Hacking is all they do

INDUSTRY

• High-cost prevention

• High skills

• Static networks

• Cyber security is not

what they do

Cyber Security Problem

• Companies continue to rely only on software/hardware point solutions for perimeter defense.

• Unfortunately, cyber threats continue to evolve faster than technology can keep pace. The results are

a false sense of security:

• 76% of organizations rely on point solutions such as traditional firewalls for security

• 97% of organizations have had a security breach – the attacker got through the perimeter

security

The Schneider Electric cyber security consulting team provides a holistic approach – identifying

the requirements to define the needs


It’s all about compliance

Development

Product Security Standards

Cyber Security Solutions

Regulatory Requirements

Customer requirements built on customer expectations

Customer Compliance


Cyber Security Consulting

• Long History Performing Cyber Security Services in Industrial Automation

• Largest ICSS based Security Group in the market

• Delivering Cyber Solutions to a Global Customer Base

• Experienced with IT technologies but with a Process Automation mindset

Why Schneider Electric?


Products + Consulting = Compliance ● Schneider Electric provides a full life cycle cyber security

methodology - NOT a product centric point solution like many

IT based security companies do.

● Point solutions such as anti-virus software or firewalls on

their own fall short and miss the security target.

● The integration of sound cyber security best practices that

encompass best-in-class commercial off-the-shelf products

provides and enables a complete and holistic cyber security

compliance solution that hits the target


What Makes the Cyber Security Team Unique? Platform Independent The Schneider Electric solution portfolio will work on ANY control system platform, expanding the market beyond the traditional Schneider Electric customer base.

Network Agnostic The Schneider Electric solution portfolio can be deployed on any network topology or technology, independent of network life cycle, due to the life cycle methodology of the solution portfolio.

Industry Relevant The Schneider Electric solution portfolio is applicable to any industrial manufacturing industry, whether the focus is on cyber security compliance or network systems optimization.

Solution Eco System Schneider Electric is greater than the sum of its parts: cyber security consulting, network compliance, regulatory experts, auditors, network systems design and implementation, system integrators, and trusted advisors.


A Foundation for Cyber Security

The cyber security team represents a

cross section of industries such as oil,

gas, mining, nuclear, telecom, and

power generation that provides them

with the ability to work alongside their

clients and communicate effectively with

cross functional teams.

The core cyber security team is made up of

process engineers, network engineers, and

IT specialists with backgrounds in systems

security, network remediation, data

communications, and systems.

CISSP

CCNP

CCS1

CCSA

CWNA

NNCDA

CCNA

CCDA

CEH

ECS

MCSE

CISM

CISA

CCSE

Product Features


Wonderware is committed to lowering the cost

of developing and maintaining FDA 21 CFR Part

11 compliant applications. Just like it is

committed to lowering the cost of ownership of

the entire application.


21 CFR Part 11 Deployment Documentation

Deployment Guide (On DVD): Product User Guides

…

…


Ap

plic

ati

on

& R

ep

ort

ing

Clie

nts

Wonderware Operational Management

In Context with the Supply Chain & Automation

Batch Continuous Discrete

ERP PLM EAM SCM

3rd Party Lev

el 0, 1 &

2

Co

ntr

ol

Lev

el 3

M

an

ufa

ctu

rin

g E

xecu

tio

n S

yste

m

Lev

el 4

B

usin

ess

Pla

nn

ing

&

Lo

gis

tics

Production & Performance Applications

Wonderware Enterprise Integrator (WEI)


Slide 28


Enhanced Electronic Signature support

(System Platform 2012 and newer)

●Features:

•New Secured Write Dialog

•New Verified Write Dialog

•Customizable Comment Field

•Comment and Action taken are

logged in the Alarm and Events

system logger

●Benefits:

•Greater flexibility complying with

21CFRp11 or…

•Other Regulatory requirements

•More Accurate Action/Approval

Tracking

•Easier to implement.

Slide 29


System Platform 2012 and newer Secured Write Dialog

Reason for Signature Field Attributes – Associated Description Other Attributes – Object Description Script Function – Custom Message

Point Being Written

Value Being Written

User Entered Comment

Credentials Username/Password SmartCard/PIN


System Platform 2012 and newer New Verified Write Dialog

Reason for Signature

Point/Value Being Written




Configuring Done By/Checked By Permissions

• Verified Writes – Require 2 Signatures (Done By/Checked By)

• New Operational Permission for Checked By signature; “Can Verify

Writes”

• Usage: Can create a separate role for Operators and Supervisors so

that actions must be checked by Supervisors.

Slide 32

Done By Permission

Checked By Permission Verifier Role


Electronic Records Storage – Enhancements

Type of Write Verified, Secured, or Unsecured

User Entered Comment Verified, Secured, or Unsecured

Reason for Signature

Alarm/Events Comment Field - 1024 Characters Max (truncated)


Signed Alarm Acknowledgement

Slide 34


Signed Alarm Acknowledgement Dialog




Wonderware Skelta BPM (formerly ArchestrA Workflow)

Slide 36


Wonderware Skelta BPM for the Industry

Wonderware Skelta BPM is the only full cycle BPM

software offering for enterprise business process and

industrial operations process management.

• Native integration with Wonderware System Platform

• Connectivity to Wonderware MES, InBatch, IntelaTrac and Avantis EAM (EAM = Enterprise Asset Management )

• Integration to enterprise applications such as Microsoft SharePoint and Office

• Generic connectivity to integrate with e.g. ERP, PLM and QM systems

Enables a model driven approach to MOM and standardization of operational processes


Electronic Signature in Forms (introduced with the ArchestrA Workflow 2012 release)

• Electronic Signature Support (Done By)

– Authenticate a user via their electronic signature in

workflow forms

Slide 38


Fujirebio Diagnostics, Inc. provides innovative solutions in clinical diagnostics. with products in support of cancer biomarkers.

Objectives:

Allow personnel to monitor equipment from their

Workstations

Maintain all temperature readings in electronic records

Generate electronic GMP reports for “review by exception”

Provide authorized personnel electronic signature capabilities

to approve reports

Notify authorized personnel in event of adverse temp trends

Reduce current paper-based logging effort (now over 1100

hrs.)

Implement an Operations Information Infrastructure to

simplify future “electronic initiative” projects

Environmental Monitoring System


Solution Summary

Temperature data is automatically logged • Exceptions are identified by EMS and

owners notified • Equipment owners comment on

exceptions & sign-off • Exceptions and sign-offs captured for

Summary Report

Report Approval Routing • Reports only contain exceptions • Routed to departments including QA for

review/approval • 2 Levels of Escalation

EMS automatically stores approved SR’s as e-files

• SRs available for future access as needed • Historical data available to generate

equipment logs

• As an Operations Information Infrastructure, this system is already being used to provide data input for continuous improvement.

• Future benefits of Wonderware System Platform include process analytics via (PAT) Framework, Batch Automation, EBR Approval Routing for release.


Wonderware InBatch

Slide 41


What is Wonderware InBatch?

●InBatch is control system independent Batch Management Software,

Designed to effective Model and Automate Batch Processes

Successfully used, globally since nearly two decades:

●1000 + installations globally

●Verticals: Pharmaceutical, Healthcare, Chemical, Petrochemical,

Food &Beverage, Construction materials etc.

●Long term domain expertise in Ecosystem and Employees

●Used with all major PLC brands and Foxboro I/A Series DCS

●Continuous Investment and Industry Standards Support


Wonderware InBatch Strength ● InBatch software excels at automating the simplest to the most complex

batch processes or when demanding high flexibility in recipe creation and

modification.

● Empowers Process engineers

to rapidly implement recipe changes or

new product recipes

● Maximizes production throughput

through it’s multi stream, multi product

batch execution and automation capabilities

● Reduces compliance cost

with a comprehensive electronic batch record,

material genealogy, security system event trail

and large set of reports


InBatch- use by verticals


Biotech Modernization Project

●Project Background

● Large Cell Culture Production Facility

● Upstream and Downstream Process Trains (27 Bioreactors)

● 24/7 Full GMP Production Operation

● Over 60 Controllers Managing 8,000 I/O Points and Batch Sequence Logic

● More that 100 Major Process Units and 500 Recipes

● 65 Operator Stations with Nearly 1,000 Displays

●High Level Requirements

● DCS Life Extension

● Preserve Interfaces to Laboratory and Business Systems

● Improve System Reliability and Supportability

● Minimize Impact to Production Schedule

● Minimize Overall Lifecycle Costs

● Provide Path for Continued Upgrades


Biotech Modernization Project Technical Scope

• Replace existing DCS Supervisory layer

with Wonderware System Platform

• Migration of existing batch system to

Wonderware InBatch

• Replace existing HMI with

Wonderware InTouch

• Replace existing process historian with

Wonderware Historian

• Implemented on new ‘virtualized’

computing and network infrastructure


Biotech Modernization Project

●Delivery Approach ● Collaborative effort between Invensys, SI,

Customer

●Invensys development and quality oversight

●Engineering testing leveraged to reduce validation testing

● Robust configuration management to track objects across all five environments

● Leverage object templates to reduce development and testing efforts

● Full system performance test with physical and simulated APACS controllers

● Project Achievements

● All Project & Technical requirements satisfied

●Functional; System Performance; Project Execution; Qualification

● Delivered highly compatible solution - effectively ‘Like for Like’

●Consistent Batch Manager, HMI Graphics, System integrations

● Minimized impact to Customer’s network supply chain

●8 Hour resumption of manufacturing operations

●10 day resumption of GMP manufacturing

Global Standard Solutions


Design Philosophy

Reusability & Scalability

from start through a Platform based and Programmatic Approach …

To enable/deliver Lower TCO

• Flexibilty • Configurable • Failover • Industry Best

Practices • Virtualization • Reliability • Infrastructure

Required • Object

Oriented • Centralized

Management • Historization • Redundancy • Facility Model • Scripting • Reporting • Data Mining • Collaboration • Industry

Standard • Audit Trail

Architecture & Design

• Technology Know How Industry Expertise

• Regional Support

• Library of Standard Templates

• Standardized/Non

Customized • Configuration

Management • Software

Deployment • Revision

Control • Deployment

Model

Deployment

• Advance Process Control • Visualization • Alarming • Trending • Event Logging • Security • SPC/SQC • Downtime/ OEE • Statistical Analysis • CFR 21 Part 11

Functionality

• Compatibilty with Control Vendors

• Device Integration

• OSI-PI Integration Capability

• Comm. Protocols -PCS -Instruments

• Telephonic Notification

• Business System Integration

• Integration Capabilities -MES -PI -OEM/PCS

Integration


Object-Oriented Validation Significant Reduction in Validation Effort

Template: “$Motor”

Derived Template: “$MotorVFD”

Instance of “$MotorVFD”

$Motor

$MotorVFD

Instance of “$Motor”

Validation Effort

• Test all functions on a SINGLE instance of $Motor (TransferPump_001)

• Subsequent instances require less testing.

• Leverage testing of $Motor functionality when testing a SINGLE

instance of $MotorVFD functionality, resulting in effort reduction.

• Subsequent instances require less testing


A Unique and differentiated approach

● Facilitates & Enforces Object-Oriented Design Methodology

● Object instantiation (not just cut-and-paste, true re-use)

● OEM/Control System independent platform

● A single central template repository (change it in one place)

● Lower engineering costs (25-60%)

● Lower maintenance costs

● Lower cost/time-to-validation (25-50%)

● Lower Total Cost of Ownership


Enhancement & Maintenance

Deploy at Site #1

Deploy at Site #2

Deploy at Site #N Deploy at

Site #2*

Deploy at Site #2

Deploy at Site #N

Implementation Strategy

Build templates

Deploy at Site #1

First Area

Adjust & Package for Deployment

Deploy at Site #3*

Deploy at Site #N*

Build Core Solution Define Design Develop Test

Install and Validate @ 1st site

Global Deployment Analysis/fit-gap and design; Configure; CustomIze (if needed); Instantiate and Scale; Test; Deploy; Validate

Sup

po

rt

Central Repository / Templates Library (Add, Sanitize, Update, Maintain, Improve, Version, Validate)

(Documentation, Training, , Governance, Validation)

Center of Excellence (J&J + Invensys)

Global Program Management Infrastructure (GPMO)

Invensys Best Practices

Tem

pla

te

s Reu

sab

le

/ Tem

pla

tiz

abe

Tem

pla

te

s Reu

sab

le

/ Tem

pla

tiz

abe

Tem

pla

te

s Reu

sab

le

/ Tem

pla

tiz

abe

Deploy at Site #1

Deploy at Site #1 Rest

of Area

Tem

pla

te

s Reu

sab

le

/ Tem

pla

tiz

abe

* Could be deployed in parallel

COE+SI SI

Test + Customer Validation


Chennai

Delivery Ecosystem Baarn

Shanghai

Tokyo

Sydney

Seoul

Singapore

Crawley

Lake Forest

Paris Foxboro

Bangalore

Buenos Aires

Montreal

Mexico City Abu Dhabi

Melbourne

Houston

Milan

Toronto

Brisbane

Dusseldorf

Cairo

Calgary

Mumbai

Madrid

Caracas

Bogota Lagos

Johannesburg Santiago

Algeria

Moscow

Al Khobar

Local Delivery Centers (Engineering & Services)

Off -Shore Engineering Execution Centers

Bratislava

Taipei

Thailand

Kuwait Baton Rouge Atlanta

Invensys Global Delivery Resource Pool, Headcount

Resource EURA MENA APAC NA LAO EEC Total

Project Manager 69 8 61 45 27 8 218

Application Consultant 11 4 14 39 3 6 77

Lead Engineer 127 47 141 197 28 98 638

Application Engineer 220 68 177 144 68 366 1,043

Technician 29 11 97 79 11 9 236

Total Direct Delivery 456 138 490 504 137 487 2,212

Indirect Management 56 22 60 36 21 15 210

Total 512 160 550 540 158 502 2,422

Sao Paulo

12 distributors 1067 system integrators




Wyomissing


Collaborative Services Delivery Model

Customer

Single Point of Accountability

Right Team For Execution

Resource Pull

Schneider Project Services • Prime Contractor • Safeguarding • Methodologies • Best Practices & Standards • Knowledge Management • Validation

Global Program Management Infrastructure (GPMO)

Invensys Delivery Best Practices

Invensys Prime Implementation

Invensys Prime Support

Partner Prime Implementation

Partner Prime Support

Global Partners

Regional Partners

• Global • By Region • By Business

Subcontractor , Project Delivery, Capacity Augmentation

Or

Schneider Electric • Compliance • GMP QMS applied to

Invensys and Partners • Partner Audit & Assessment • CoE & Governance • Risk Mitigation


Make the most of your energy


Country Regulatory Authority Website

Australia Therapeutic Goods Administration (TGA) www.tga.gov.au/‎

Brazil Agencia Nacional de Vigiloncia Sanitaria (ANVISA ) www.portal.anvisa.gov.br/

Canada Health Canada www.hc-sc.gc.ca/index-eng.php‎

China State Food and Drug Administration www.eng.sfda.gov.cn/‎

Costa Rica Ministry of Health http://www.ministeriodesalud.go.cr/

Denmark Danish Medicines Agency http://laegemiddelstyrelsen.dk/en/

Europe European Medicines Agency (EMEA) www.ema.europa.eu/‎

Germany Federal Institute for Drugs and Medical Devices www.bfarm.de/EN

Hong Kong Department of Health: Pharmaceutical Services http://www.drugoffice.gov.hk/eps/do/index.html

India Central Drug Standard Control Organization (CDSCO) www.cdsco.nic.in/‎

Ireland Irish Medicines Board www.imb.ie/‎

Italy Italian Pharmaceutical Agency www.agenziafarmaco.gov.it/en‎

Japan Ministry of Health, Labour & Welfare(MHLW) www.mhlw.go.jp/english/‎

Malaysia National Pharmaceutical Control Bureau, Ministry of Health www.bpfk.gov.my/‎

Netherlands Medicines Evaluation Board www.cbg-meb.nl/cbg/en‎

New Zealand Medsafe - Medicines and Medical Devices Safety Authority www.medsafe.govt.nz/‎

Nigeria National Agency for Food and Drug Administration and Control (NAFDAC) www.nafdac.gov.ng/‎

Pakistan Drugs Control Organization, Ministry of Health www.dcomoh.gov.pk/publications/ndp.php

Paraguay Ministry of Health www.mspbs.gov.py/

Singapore Centre for Pharmaceutical Administration Health Sciences Authority www.hsa.gov.sg

South Africa Medicines Control Council www.doh.gov.za/show.php?id=2863

Sri Lanka SPC, Ministry of Health www.spc.lk/services.html‎

Sweden Medical Products Agency (MPA) www.lakemedelsverket.se/english/‎

Switzerland Swissmedic , Swiss Agency for Therapeutic Products www.swissmedic.ch/?lang=en‎

Thailand Ministry of Public Health www.eng.moph.go.th/‎

Uganda Uganda National Council for Science and Technology (UNCST) www.uncst.go.ug/‎

UK Medicines and Healthcare Products Regulatory Agency (MHRA) www.mhra.gov.uk/

Ukraine Ministry of Health http://www.moz.gov.ua/ua/portal/

USA Food and Drug Administration (FDA) http://www.fda.gov/

Major regulatory government agencies Around the world

http://www.tga.gov.au/‎

http://www.tga.gov.au/‎

http://www.portal.anvisa.gov.br/

http://www.hc-sc.gc.ca/index-eng.php‎






http://www.eng.sfda.gov.cn/‎

http://www.eng.sfda.gov.cn/‎

http://www.ministeriodesalud.go.cr/

http://laegemiddelstyrelsen.dk/en/

http://www.ema.europa.eu/‎

http://www.ema.europa.eu/‎

http://www.bfarm.de/EN

http://www.drugoffice.gov.hk/eps/do/index.html

http://www.cdsco.nic.in/‎

http://www.cdsco.nic.in/‎

http://www.imb.ie/‎

http://www.imb.ie/‎

http://www.agenziafarmaco.gov.it/en‎

http://www.agenziafarmaco.gov.it/en‎

http://www.mhlw.go.jp/english/‎

http://www.mhlw.go.jp/english/‎

http://www.bpfk.gov.my/‎

http://www.bpfk.gov.my/‎

http://www.cbg-meb.nl/cbg/en‎




http://www.medsafe.govt.nz/‎

http://www.medsafe.govt.nz/‎

http://www.nafdac.gov.ng/‎

http://www.nafdac.gov.ng/‎

http://www.dcomoh.gov.pk/publications/ndp.php

http://www.mspbs.gov.py/

http://www.hsa.gov.sg/

http://www.doh.gov.za/show.php?id=2863

http://www.spc.lk/services.html‎

http://www.spc.lk/services.html‎

http://www.lakemedelsverket.se/english/‎

http://www.lakemedelsverket.se/english/‎

http://www.swissmedic.ch/?lang=en‎

http://www.swissmedic.ch/?lang=en‎

http://www.eng.moph.go.th/‎

http://www.eng.moph.go.th/‎

http://www.uncst.go.ug/‎

http://www.uncst.go.ug/‎

http://www.mhra.gov.uk/

http://www.moz.gov.ua/ua/portal/

http://www.fda.gov/

57 Confidential Property of Schneider Electric

Related Support, Services, Training & Expo Demos

Support

Training

Services

Expo Demos

> Wonderware Skelta BPM 2014 (workflow)

> MES and Recipe Management

regulatory compliance in manufacturing -...

Documents