18.10.2016 |

LOGFILE No. 39/2016 – Managing Process Validation

Validation Planning

An excerpt from the GMP Focus download Managing Process Validation: A Drugmaker's Guide

by Dr. Christine Oechslein


All recent rules and regulations for qualification and validation emphasize the importance of careful, documented planning. However, there is no “one-size-fits-all” standard validation plan. The subject of the validation dictates how the planning and implementation of the validation is organized. Does the case in hand concern the handover of a validated procedure with a low level of technical know-how required and a “low-risk” product to another production site? Or is it the validation of a new operation that deals with innovative, technologically highly complex dosage forms? The organization of the specific pharmaceutical company must also be taken into account.

Determining the Scope and Extent of Validation

The validation activities required for a process or product depend on the type of manufacturing operation and the use of the product. It is easy to appreciate that a complex manufacturing process that requires technically sophisticated equipment, specially trained staff and permanent process monitoring and that concerns a product with a narrow therapeutic range for parenteral use must be validated more thoroughly than a skin antiseptic solution for use on intact skin. It is expected by regulatory authorities that a systematic, documented approach is done for each validation project in order to determine how much validation work is necessary in each individual case. Risk analysis is one of the best tools for evaluating the scope and extent of validation activities.

Carrying Out Risk Analysis

Risk analysis is a universal tool that can be used when preparing and performing qualification and validation at different stages. Even after validation has been completed, it is advisable to perform risk assessments in order to weigh the need for revalidation measures. When changes, deviations, OOSs, customer complaints or returns are processed, it also makes sense to define the necessary follow-up measures on the basis of risk assessments.
Safety risk analyses have for decades been a standard feature in the pharmaceutical industry. By contrast, until a few years ago quality risk analysis was a voluntary but recommended activity.

Today however, quality risk analysis is an essential step required by regulators in conjunction with validation. Quality risk analysis can be used at several points in time:

  • When the validation master plan and validation matrix are created in order to assign priorities to the validation projects;
  • In order to justify joint validation of various strengths of a product;
  • To establish product families/product groups which are to be validated together;
  • When validation plans are created in order to evaluate the individual product risk and process risk;
  • To classify individual process steps/process parameters as critical or non-critical;
  • To evaluate deviations from the validation plan;
  • To evaluate unexpected validation results or deviations from acceptance criteria; and
  • To evaluate deviations from or changes to validated processes.

The advantage of risk analysis is that, owing to the structured approach, the danger of for-getting important aspects is lower. When documented properly, the results of risk assessment are also transparent for external parties (e.g., customers or regulators) and can be reproduced even years later.

There are three fundamental questions to address in risk analysis:

  1. Product risk: Does the product itself present certain risks, for example due to its administration route (e.g., parenteral), its narrow therapeutic range or physiochemical properties (e.g., sensitivity to light)?
  2. Process risk: Is the process complex? Does it consist of many individual steps?Does it have to be precisely monitored? Does it require specially trained members of staff? How much experience is there with the facilities/equipment used?
  3. Quality assurance activities: Are there opportunities to detect any errors that may have occurred?

There are many well-established methods of assessing risk, such as failure mode and effects analysis (FMEA), fault tree analysis, fishbone analysis, and hazard analysis and critical control points (HACCP). According to the FMEA approach, for example, the entire production process is divided into individual processing steps and each processing step is assessed with regard to the possible failures that might occur. Each failure is then assigned a probability rank and a significance of occurrence factor, as well as a determination of the ability to detect a failure in case the error really had occurred.

The International Conference on Harmonization (ICH) guideline Q9: Quality Risk Management (see Appendix D)describes the aim and purpose of risk control, risk communication and risk monitoring. The guideline does not, however, mandate a specific risk analysis method. Instead, it gives a manufacturer the freedom to select the approach that best fits its situation. For example, a company that produces food or dietary supplements in addition to pharmaceuticals would be familiar with the HACCP method and could apply it to pharmaceutical operations as well.

Whichever technique is used, it is important that the result of the risk analysis identifies the critical and non-critical parameters, those in which minor changes could have a great influence on the quality of the product. Non-critical process steps or parameters or those in which any fault that occurs would be detected with absolute certainty do not need to be validated. In such cases, validation documentation should show that these parameters or steps have deliberately not been validated on the basis of risk analysis to avoid creating the impression later that they had been forgotten.

The risk analysis can be drawn up as a separate document. For small validation projects, it also may be part of the validation protocol. Risk analysis can also be used in validation master plans, in order to establish weightings to sub-projects within the VMP.

The GMP Focus PDF Download Managing Process Validation gives you the information you need to craft a solid validation program, including:

  • How to choose the appropriate validation method (prospective, retrospective or concurrent)
  • How to build a validation team and assign tasks and responsibilities
  • Factors to consider when outsourcing validation
  • Setting critical process parameters and operational ranges
  • Dealing with equipment calibration and qualification
  • Validating computer systems
  • How to develop a validation matrix
  • What information to include in a validation protocol
  • How to document the validation


Dr. Christine Oechslein
GMP-Praxis, Bad Säckingen