Assessing Serialization Systems: A Quality Assurance Perspective
For any Quality Assurance and IT Validation team in the Pharmaceutical industry, supporting the life cycle management of a new IT system in an organization generally means a great deal of work and responsibility. Particularly when the primary reason of those systems is to serve regulatory compliance needs, thus becoming a business-critical matter. Considering the level of quality standards in the pharmaceutical industry, the role of the accountable QA expert is key across the whole process to mitigate risks and ensure permanent alignment with the applicable quality system and authorities requirements, from selection and implementation to maintenance.
Serialization Systems: Change Management is at Stake
Serialization systems are no exception. Why? Simply because the global serialization landscape is rapidly evolving. With dozens of differing regulations and laws pertaining to drug serialization, either already in place or pending for enactment around the world, a single serialization system must virtually handle multiple use cases (and thus as many non-compliance risks to mitigate) while regular system updates and upgrades must be anticipated and controlled. Change management is often the greatest source of hassle for QA and IT validation teams but can also be easily manageable, if you select a serialization solution developed to seamlessly support change, by design.
To minimize risks, you should always start with verifying that the considered system has been conceived, if not fully at least partially, according to the applicable pharmaceutical industry’s regulations such as EU GMP Annex 11 for computerized systems, the FDA’s 21 CFR part 11, or standard guidelines such as Gamp 5, providing a solid guidance for an IT system validation. Also, make sure you can keep control over any change in your system over time, which is crucial to maintain your validated state. For instance, system updates and/or upgrades should always be performed with your full consent, when you decide, after a meticulous and documented risks assessment based on a complete changelog and impact analysis supported by the necessary quality documents you need. Change control should definitely be high on your list of key topics to address to your serialization solution vendor in your selection process.
4 Key Points a QA Leader Should Consider When Assessing a Serialization System
Although there are no regulatory guidance documents specifically written for the quality assessment of a serialization system (after all it’s just another IT system), we recommend you take a closer look at the following points and carefully discuss them with your (candidate) solution provider:
- System updates and upgrades: As mentioned previously, you must expect your serialization system to be updated regularly to ensure permanent compliance. How can you analyze risks and impacts? Does your vendor provide the proofs that the new versions will be thoroughly tested and validated against your specifications prior to implementation? Are quality documents always (official release notes and other quality documents) available? Can you decide when you implement a new version or upgrade your validated state?
- Data hosting: Serialization data management is often an underestimated matter despite it’s probably the first consideration to have in a serialization project. Do you own your compliance data? Can you choose the location where you data is stored? Can you store your data in different locations? Remember that some regulations impose that your data is stored (and even sometimes generated) in the exact location where your business operates. For instance, if you sell pharmaceutical products in the EU, your data should be located in a EU member country.
- Data back-up and restore: You must ensure business continuity in case of system failure and demonstrate you have a solid Disaster Recovery Plan quick to activate that can prevent any data loss. Therefore, your compliance data should be mirrored in different servers in different locations. We recommend that you ensure your serialization data is securely stored and replicated in at least 3 locations. Can your vendor ensure replication of your data in multiple locations chosen by you?
- Data security: No need to insist on the fact that drug serialization aims at securing the pharma supply chain and fights against the business of counterfeit and fake medicines. Serialization data therefore becomes an object of interest for illicit traders. It’s important to minimize the risks of data leaks or theft and of course manage the data access through an efficient access profiles management and audit trails implementation. First, you must ensure with your IT department that your solution complies with the highest standards of security for data storage and exchange (such as ISO27k standards for cloud computing). You should also think of best practices to assure the data integrity all along the serialization process. For instance, we recommend that you avoid to commission large volume of serial numbers in advance and instead commission serial numbers based on the actual batch production needs.
System Validation: Make Sure you have the Necessary Documents at your Fingertips
From experience, system validation turns out to be a phase requiring a lot of effort, resources and attention for QAs in the pharma industry. To ease the validation process and enable you to save time and resources, your system vendor should be able to support you with a set of detailed quality documents that conform with current industry standards such as GxP ad FDA regulations, relevant GAMP 5 guidelines/standards and FDA recommendations. Your vendor should offer you validation support services including the following deliverables:
- Validation plan
- Functional specifications
- Traceability matrix
- Test protocols
- User training material
- Validation report
Each of them should be kept constantly accessible, updated, and customizable to perfectly match with your quality system requirements and any local documentary request from authorities. Additionally, your solution provider should be able to act as a trusted advisor to help you fine tune your user specifications requirements, quality plan and risk analysis.
If the provided documents have a high-quality level and the audit grades are very good, you can even use them for your internal validation which will speed up the process, reduce downtime and avoid the need for investing in external consultants.
To conclude, many struggles encountered by organizations in a serialization project come from a lack of preparation and anticipation (particularly when it comes to user training and IT management) that leads to control management issues over serialization systems. Selecting a serialization solution that enables you to keep full control on your data storage and security, system validation and quality documents is key for a long-lasting collaboration with your solution provider and for ensuring flawless compliance now and in the future.
How Can Adents Help?
In accordance with main current regulations and guidelines for IT systems, Adents has developed a standardized and integrated serialization solution covering Level 1 through Level 5 requirements, seamlessly.
- Adents Seriza, a line and site level serialization for manufacturing sites, has been selected by Siemens for its customers.
- Adents Prodigi, a cloud solution jointly developed with Microsoft and powered by Azure technologies, allows for secure data exchange and leverages the power of serialization data.
Adents’ software core foundation is qualified twice a year through PQ process to maintain the validated state using the Gamp 5 best practices. Depending on your Adents’ solution, a User Acceptance Test AT and/or a Factory Acceptance Test will be performed by Adents in-house for each new project. Adents also offers a standardized solution minimizing the need to go through long-lasting repetitive qualification processes for new projects/clients. For Seriza, Adents’ SAT includes IQ and OQ in client facilities, you will only need to dedicate resources to the PQ process. Finally, Adents can accommodate most of the necessary documentary requests for quality purposes. Basically all you need to support quality assurance activities along the entire serialization system lifecycle.