PLC validation

How do you go about validating a PLC system in the pharmaceutical industry? When a pharmaceutical manufacturer realizes that validation of either an existing or new computer system is required, and enters into a contract with a supplier, it's important that a working relationship is established. This has to be more than a mere purchase order supply agreement, and has to account for the needs and responsibilities of both parties.

Validation is the documented evidence that a process or system does what it's supposed to do. In the pharmaceutical industry, this means that a process must manufacture the final product within established limits and specifications and that each step of the process be recorded. A computer system which controls the process must operate in a manner that will maintain these product specifications.

This is often thought to extend from the generation of the functional design specification (FDS) through to what is often called a site acceptance test (SAT) of hardware and software (provided by the supplier, based on the functions in the FDS). The requirements to withstand a regulatory body (FDA/MCA) inspection do, however, go much deeper than this.

For pre-qualification, the specification and design criteria for the system must include: a description of the purpose of the system; a list of the functional requirements; normal operating parameters; operational limits; back-up procedures; report formats; security provision; MMI; hardware; PSU specs; and operational environment.

The system description must refer to the final version to be installed (new systems) or to that which is currently being used (existing). All the hardware and peripherals should be listed, together with their equipment numbers and, for software, the data storage requirements and back-up procedures defined. The applicable version of the operating system and application programs must be stated by name and programming language. A schematic of the system should also be included.

An installation qualification verities that hardware, and its installation, meet the specification and design. It should include: hardware installation; power supply; integrity of communications; environmental conditions; security; maintenance; and installation drawings.

Get the evidence meanwhile, the operational qualification provides evidence that the system performs as designed. It includes: test equipment; standard operating procedures (SOPs); product application; software identification; software functions; and SOP verification and compliance. There's also: start-up, shut-down and menu selection test; interlocks; testing the computer with normal and abnormal demands and worst-case conditions (at the data handling limits); environmental conditions; and back-up procedures.

The system should be subjected to a series of tests designed to confirm that it will reliably and reproducibly carry out the tasks for which it was designed. These should include: software control routines; data integrity; system capacity (that it's able to operate under worst-case situations); and power failure (effects and action). Any audit by regulatory bodies, for example the FDA, would begin with a systems overview, a look at environmental factors (physical location, EMC, shielding) before moving on to the major areas of validation. This is where records and documentation are critical to achieve a successful audit.

Many companies use third party consultants for validation. This need not be necessary if a user chooses a systems provider that understands the concepts of validation and has a quality plan (evidenced by ISO9001).