Information | Understanding | Best Practice.
Deviation Control in a GMP ProcessWhat is a Deviation ?
A deviation is an unplanned event and can be caused by many factors, among them:
Failure of equipment
Process variations, contamination
Extra-ordinary environmental events
Lack of training
Undue care and attention
A deviation would normally be considered an undesirable variation from an approved specification or approved process. Deviations tend not to comply with the intent or rigors of a formal change control process and therefore can be a potential source of risk if not effectively managed and controlled. Ideally all change should be subject to full formal change management. However, in reality, demanding that all change must go through a standard full change control procedure, can have negative business impacts which may be excessive versus the requested deviation.
Regulatory expectations for implementing process or product deviations.
EC GMP Guide Part I (products):
Any significant deviations from defined procedures and instructions … are fully recorded and investigated.
Any deviation … should be avoided as far as possible. If a deviation occurs, it should be approved in writing by a competent person, with the involvement of the QC department when appropriate.
EC GMP Guide Part II (API’s):
Any deviation from established procedures should be documented and explained. Critical deviations should be investigated, and the investigation and its conclusions should be documented.
US FDA CFR Quality System Regulations, Subpart G–Production and Process Controls, Sec. 820.70 Production and process controls.
Where deviations from device specifications could occur as a result of the manufacturing process, the manufacturer shall establish and maintain process control procedures that describe any process controls necessary to ensure conformance to specifications.
Part 211. Current Good Manufacturing Practice for Finished Pharmaceuticals. Subpart F–Production and Process Controls
Written production and process control procedures shall be followed in the execution of the various production and process control functions and shall be documented at the time of performance. Any deviation from the written procedures shall be recorded and justified.
Can planned deviations arise?
Yes there is such a thing as a planned deviation. Planned deviations …
Would normally be limited to minor variations from a standard operating procedure or batch manufacturing record.
Will be faster than going through the full change control process.
Should be short term only.
Using a different balance for weighing ingredients than one stated in the BMR (batch manufacturing record), balance must be within calibration and appropriate for use.
Small alterations to charge materials of a batch due to unavoidable circumstances. Must have no impact on product quality and must be approved by Quality Assurance.
Deviations and Risk Management, Corrective & Preventative Action and the Management Review.Where deviation requests arise, the potential risks associated with either permitting or refusing a deviation need to be considered. For example in allowing a deviation from an approved process are there potential quality or customer risks, alternatively not allowing a deviation may have significant business impacts e.g. process line shut-down. The balance between the potential new risks and benefits need to be carefully considered.
Additionally, deviations need to be included in the CAPA systems. The CAPA Process will need to ensure that solutions are implemented to ensure that similar deviation requests do not arise in the future.
It is good practice for all deviations to be analyzed and summarized in the annual Management Review. A high level of deviation requests, high risk deviations or repeat deviations will indicate a failure within the quality management system and change management processes and may therefore need senior management attention to effectively address.
Product and Process Deviation Management.There needs to be a defined, documented, approved procedure for deviation control, i.e. a “Product and Process Deviation” SOP.
When a deviation request arises it needs to be clearly documented.
The reason for the deviation arising will be outlined and the nature of the extent and duration of the deviation proposed.
A risk assessment will then need to be performed. As many deviation requests arise due to a need for a prompt response versus the often slower review and approval process associated with formal change control, the risk assessment will need to be promptly performed and will need to ensure an appropriate balance between efficiency and depth of analysis.
The outcome of the risk assessment which will include risk benefit analysis will determine if the deviation request can be approved.
In parallel, the CAPA process will be instigated. The corrective action element of the CAPA process will ensure that actions are taken to correct the original reason for the deviation request and any immediate impacts associated with the identified deviation. This will involve root cause analysis and solution identification. The preventative action element of the CAPA process will ensure that longer term actions, or actions with a wider scope are implemented to prevent future deviation repetition.
Approval of the deviation request can happen based on the outcome of the risk assessment. Approval will require competent personnel who understand the risks associated with the requested deviation and who have the authority to over-rule the formally approved procedures and specifications.
The deviation if approved will have a defined life-span and scope of implementation. The objective should be to minimize the use of any deviation,. Where the deviation may be required for medium to long periods of time, then a formal change should be requested and the temporary deviation terminated.
All decisions, actions, approvals, assessments, etc., associated with a deviation request need to be documented and should be subject to process effectiveness analysis i.e. form part of the Management Review.
Key areas of concern from a regulatory perspective:
Root cause analysis not effectively implemented resulting in poor identification and implementation of preventative actions.
Ineffective risk analysis, which can result in unidentified risks for users, customers, patients, staff, the organization.
The impact of deviations on previously completed and approved validations and qualifications are often not effectively considered. The result can be process drift into “out of control” situations.
Where there are yield variations due to process deviations, the basis for original GMP approvals can be compromised. This may not be adequately considered during a deviation approval process.
Deviation investigations – In summary.
Where investigations are to be performed due to a deviation request, the investigation needs to determine, what happened, when it occurred, why it is now been seen versus previous product and process history, what is the scope of the problem, how the deviation arose and who is investigating, who will ensure all the necessary data is gathered and analyzed, who will approve the deviations, what will be the follow-up actions and follow-up applicable processes, will there be regulatory, quality, reliability, costs implementations, are there new risks generated, will the risks be acceptable, ….. etc.. These essential considerations will be pre-determined in the defined, documented and approved, deviation SOP.
Clearly the effort applied to a deviation will relate to the potential risk posed by each individual deviation.
Quality Assurance | Quality Management Systems.
- The Principles of Quality Management
- The Quality Manual
- Quality Standards and Specifications
- The Quality Management System
- Revised requirements of ISO 9001: 2015
- Design Quality – Products & Processes
- Good Manufacturing Practice (GMP)
- CAPA – Corrective And Preventative Action
- Calibration Certification
- Change Management and Control
- Quality Management Training
- Product and Process Validation
- Supplier Quality Assurance
- Audits & Auditing
- Ensuring the Quality Management System is Risk based
- Etc. …. Etc. …. Etc. …
- Information | Understanding | Best Practice >>>