SPECIAL FOCUS

 Print this article

The case for validated access control solutions

Walfried Laibacher, Honeywell


BIOMETRIC READER WITH MESSAGE DISPLAY

With pharmaceutical manufacturers under pressure to satisfy regulatory compliance and deliver products to market quicker than ever before, so GMP access control solutions are proving to be a key differentiator in the quest for competitive advantage. Honeywell’s Walfried Laibacher argues that, independent of plant design, they support consistent product quality, productivity improvement and mitigate risk. More than that, he advocates that they should be considered integral to best practice building management in a complex, mission critical environment.

Conventional thinking has been overturned. Building Management Systems (BMS) are now categorised as a one process control system type – with possible direct impact upon drug quality and, therefore, manufacturing integrity. As another BMS application, manufacturers are now turning their attention to GMP plant access control systems. Regulated manufacturers around the world embrace validation of heating, ventilation and air conditioning (HVAC) environmental control solutions as vital for reducing risk of non-compliance. GMP-relevant records typically confirm temperature, humidity, differential pressure and particulate matter in critical clean room, laboratory and production environments. Forward thinking operators are now looking to manage and validate physical access to their manufacturing facilities and laboratories in much the same way. After all, it is common knowledge that FDA regulators are already looking at physical access to pharma manufacturing plants. Take this excerpt from an FDA warning letter:

“... Controlled by an automated building security system that functions with the use of electronic key cards assigned to personnel … management relies upon physical security to access the system. There are some concerns regarding the software controls for this security management system: … functional design requirements are not established … design control documentation has not been established ... eg user groups are not defined, specified configurations for individual user groups are not defined) …records of periodic review of the personnel assigned to each user group are missing …there is no Standard Operating Procedure (SOP) to assign any one user to a specific user group on the system”.

Clearly, the FDA is highlighting the lack of system specification. It is adopting an operational perspective and raising awareness of the potential risk of disruption from non-qualified personnel being able to access the system. Upon entry to the system, they could, for example, add users, deactivate vital security configurations and enable access to non-controlled critical areas.

A risk analysis of current business practices would have brought this issue to light; it would have flagged up the vulnerability of this pharmaceutical manufacturer’s access control system. Very likely it would have prompted a change to its classification – from non-GMP relevant to GMP-relevant. Without a specification detailing how the system should operate, however, this manufacturer was unable to provide elementary validation evidence. It is a major failing – one that puts regulatory compliance and product quality at risk.

Are your access controls performing as intended? So how can you avoid a similar issue? When assessing the GMP impact of automated systems in your pharmaceutical plant, ask yourself:

  • Does the system preserve the product status?
  • Does it produce data to support product acceptance/rejection?
  • Does it control a process eg a Distributed Control System: DCS and therefore impact product quality,
  • Is there independent verification that the control system is performing as intended?

These very same questions pertaining to computerised systems in general are relevant to the analysis of automated access control solutions. The first priority is to consider the GMP Impact Assessment of computerised systems in your plants. As regulated manufacturers your automated solutions are typically listed in an inventory along with their respective validation approaches. This is the framework for the validation planning process; it categorises such systems as GxP-critical or GxP-non-critical.

Invariably a GMP Impact Assessment applied to access control systems prompts a ‘yes’ to at least one issue, thus confirming that system’s categorisation as direct impact – GxP-relevant and requiring validation for confirmation of regulatory compliance.

That said, one ‘yes’ in a GMP impact assessment does not necessarily require you to validate the whole access control system. System boundaries focus qualification and validation effort on the mission-critical components of the direct impact system – not a car recognition subsystem governing access to the parking apron, for example. For a useful guideline and process for determining these boundaries at the planning phase you need look no further than The International Society for Pharmaceutical Engineering’s (ISPE’s) Baseline Guide on “Commissioning and Qualification” .

 

Access controls are critical to preserving security and product integrity. For example:

  • GMP access control systems govern entry to critical plant zones. Only those with current access rights would be able to enter.
  • Failure to implement such a control process risks unauthorised entry to vital storage areas, clean rooms and laboratories.
  • Robust audit trails, supported by documented evidence, provide proof of entry and egress and give assurance that the process operates in accordance with its predefined specification – in other words, validation ensures the automated system works as intended.

Physical entry to qualified drug production areas will require valid SOP training certification. Integration of access controls with an electronic training management system will manage access in accordance with current training competency. Should this lapse, the key card reader display would bar it entry, flag up the reason why and recommend appropriate remedial action. For example, failure to comply with the hygienic requirements required for a clean room will prompt the message: ‘Entry prohibited. No training on SOP Hygienic Instruction, Rev 1.2. Contact site training administrator’.


First three layers of enterprise control system model (Purdue University)

There are many opportunities to validate access control solutions for regulatory compliance, including video recording door entry points to critical production areas. This provides for a visual check of SOP deployment – real time and/or historically – while the recorded footage supports a validated security system. Intelligent access control systems can also be deployed to accept or reject a product. Not only will they alarm in the event of unauthorised entry to a critical plant area, the transit log report will document evidence supporting product acceptance/rejection. This is particularly important given the growth of pharmaceutical counterfeiting.

Smart access controls can also govern entry to areas housing direct impact systems such as DCS or Enterprise Resource Planning (ERP). Validation supports the use of integrated building and process control solutions by making use of the same electronic key cards for accessing rooms and DCS login. Alerts are generated automatically in the event of a DCS key holder using a second key card to make system changes under an assumed name. Even though this second card would, in principle, give access to the process control system, DCS login is denied because the corresponding key owner has not physically entered the control room – another good reason for classifying them as GxP-critical. Verification between integrated systems only serves to enhance security in a regulated manufacturing environment.

A recommended approach towards regulatory
compliance

The Good Automated Manufacturing Proactive Guide (GAMP) for validation of automated systems is the industry standard for automated technology. Recommended by the FDA, this proven GAMP-based approach for validating HVAC environmental control systems can be applied to access control solutions. This is because access control architecture follows the same three-layer model as for environmental management:

Supervisory level: the level of presentation (status and alarms), human-system interface (application parameters, system configuration and system control) and historical data management (events, values and transits).

Peripheral level: the level of decision-making and feedback, it comprises controller devices specialising in the management of specific applications.

Field level: the level at which the system interacts with the external world (employees, visitors, gates and detectors for example). It comprises readers, displays, keyboards, actuators and digital sensors.

In an environmental context temperature, humidity and pressure sensors (field level) control an air handling unit. With access control systems we are talking about key card readers and door contacts. In both the application logic resides at the peripheral level while the management application on the supervisory level may even be the same in an integrated building management solution.

GAMP groups software into five different categories, from category one, describing the validation approach of software type ’Operating Systems’, to category five, ‘custom or bespoke code’. HVAC environmental control systems, DCS or SCADA systems fall into category four, ’configurable software package’ (though specific business operations may vary from this assessment). Likewise a computerised access control system can be assigned to this group.

From this it follows that a lot of common practices for HVAC hardware and software qualification can be duplicated and applied to access controls. Transit management, key card management for users and zones, Present-in-Zone and anti-passback configuration are functions that all come to mind in respect of operational qualification (OQ).

Driving productivity improvement

The ability to validate an access control solution for regulatory compliance enables pharmaceutical manufacturers to leverage operational productivity improvement. And the good news is that it is relatively straight forward to do.

In the context of an environmental control system, for example, correct control deployment is vital to staying GMP compliant. Set point changes on room temperature force adoption of control parameters in line with SOP on change control. Access control systems, however, rarely require change control deployment. It only comes into play in the event of system expansion. Rather, day-to-day actions in the operational phase – shift workers and visitor management for example – are recorded in the event buffer for audit trail. This makes it much easier to maintain the validated operational state.

FDA 21 CFR Pt 11 guidelines also accept Electronic Records and Electronic Signatures (ERES) and, with this, electronic data reports, for regulatory inspection.

ERES usage satisfies other crucial FDA 21 CFR Pt 11 compliance criteria, notably:

  • Generation of exact, timely and tamper-proof records.
  • Chronological audit trails. Synchronisation with a master clock on an organisation’s IT network guarantees that all events and transits are in the same time reference as all other company systems.
  • Training. Your access control solution can help to ensure that only trained personnel monitor and configure the system. Operators can be assigned a profile that contains information on their security level and area assignments. Classification as such can be used to manage operators; to restrict them to seeing and controlling only those parts of the system for which they are currently qualified. Their scope can be changed, on line, as new training occurs. Operator permission can be configured down to the smallest detail – to monitor and configure certain procedures within a given area. Timely refresher courses can also be managed in this way, preserving product integrity and optimal plant uptime.

The GAMP Good Practice Guide on ERES can help pharmaceutical manufacturers around the world to identify their critical e-records. In providing a focused approach on this subject, it follows the efficient top-down principle on critical evaluation of e-records rather than expensive, bottom-up evaluation of computerised systems. It considers and complies with international regulations and, being aligned to the principles presented in the 2004 FDA Part 11 guidance, its recommendations are well thought through.

Coping with change

But one thing is for certain, things change. New regulations are always evolving and whilst a pharmaceutical manufacturer may currently assess its access control system as a non-GMP system, best practice may change as the ‘c’ in cGMP comes into play. What does this mean in the context of a plant access control solution?

If it is assessed as a non-direct impact system, then the supporting specifications, installation and commissioning specifications need not stand up to the stringent criteria for validation documentation. Should, in time, it become GMP classified, say as a result of integration with another direct impact computer system, a retrospective validation might be appropriate. This would provide the necessary data and information needed to support system documentation and the requisite validation. As more regulatory bodies come to regard access controls as a system within the pharma manufacturing environment with the potential to impact drug quality, so validated evidence of compliance will be required. But beware, retrospective validation is no small task.

Experience shows that many companies chose to upgrade – even replace – their existing computerised system rather than backtrack. Mandatory or not, early adopters of best practice are staying ahead of the game and driving performance gain by validating their automated access control systems. Indeed, putting a GAMP-conforming validation process in place not only ensures that your access controls are working as intended, it delivers a measurable return on investment. It proves regulatory compliance and, over time, it significantly cuts costs. Most important, it protects product integrity and mitigates risk of business disruption.

A proactive stance also gives regulated manufacturers the opportunity to implement electronic records and signature, and lift productivity improvement still further. There are access control solutions available today that can do this; that are ready to meet the requirements for 21 CFR Pt 11 compliance. Not only do they give pharmaceutical manufacturers clarity of understanding – and a record – of their access control processes, they bring about reduced risk of business disruption. They enable pharmaceutical companies to stay on the right side of the regulators and guarantee product quality and regulatory compliance – and with this, strengthen competitive advantage.

 

Walfried Laibacher

Walfried Laibacher

Walfried Laibacher holds a diploma of applied sciences for electrical engineering. Based in Germany, he oversees Honeywell’s specialist validation sales and engineering teams, ensuring that they apply common validation practices for environmental conditions to the company’s growing pharmaceutical customer base. This includes on-site project support, recently as the validation consultant in a multimillion Euro process control project for a major European biotech company.

Since joining Honeywell in 1988, Walfried has held several positions in software development from software engineer to project leader for HVAC and Building Management Solutions in an SEI CMM Level 3 certified organisation. As member of the GAMP D-A-CH Community of Practice he contributes to its Special Interest Group (SIG) on “Co-operation Models between Users and Suppliers”. He is a regular on the European lecture circuit, his speciality being new-generation validation solutions and integrated building automation systems, and how they satisfy pharmaceutical customer needs for compliant environmental control. For more info please contact Walfried at: walfried.laibacher@honeywell.com

 

back