100% verification of special processes & risk based process validation?

[jakeinquality]

I know that regulations require process validation when the output of a process can not be verified.

We manufacture a class III high risk device that has many low risk components that are manufactured through special processes, e.g., injection molded handle halves, extruded tygon tubing that has no risk to patient, etc.

We do AQL sampling inspection of these received components, and downstream 100% verification is performed for the actual function of these parts, e.g., components/handles fit together, tubing is 100% leak tested after assembly, etc. Additionally, a 100% functional test is performed at the finished device level.

At this moment we are prioritizing process validations for all components manufactured through special processes that could cause harm to the patient or user. For the low risk components, the operations team is proposing we document the risk assessment and 100% downstream inspections to justify not requiring validation for the low risk parts. I agree with the logic, but I feel it leaves us at risk for any inspector or auditor who may not agree with our rationale and simply point out that molding and extrusion are special processes which by definition require validation.

Does anyone have experience successfully defending 100% verification of special processes or justifying no validation based on risk and verification? Any feedback is greatly appreciated!

 

[indubioush]

I guess the question is, what is the process output that cannot be verified? molded components can undergo dimensional inspection. The ID and OD of tubing can be verified. What am I missing? Also, if this is being done at a supplier, I would expect them to be verifying the output of their processes or doing process validation where applicable. What am I missing here? What is the output that is unable to be verified?

 

[Tidge]

I wouldn't think of injection molding as a "special process that cannot be verified". As noted above, dimensional inspections can take place and these are the sorts of things that can feed a sampling plan and tooling qualification/validation. For off-the-shelf tubing I have to believe that there is some sort of ASTM standard that the manufacturer is meeting, and the manufacturer probably has some sort of NRTL that is regularly testing that the tubing is meeting those requirements (and is allowing their mark to be added to the tubing).

 

[NotMe]

For some processes (e.g. sterilisation) there exists a regulatory requirement for validation. For all other processes you are required to demonstrate that you (a) evaluated the patient risks, and then (b) to use a "risk based approach". Hence, there exists two validation-loop-holes:
1) if you perform 100% verification,
2a) if your evaluation (e.g. FMEA) states that the patient risk is "small enough" (e.g. RPN<15), AND
2b) if you possess a document which states that a "small enough" patient risk does not need to be validated.

PS: I believe that the RPN approach is flawed. Nevertheless, we use the RPN method to define the minimal (reliability, confidence) pair for the OQ and PQ. Not once has an auditor address this in a report. The way I see it: In an audit you need to demonstrate that you possess a procedure and that you apply it correctly. Hence, if your procedure does not require process validation if RPN<15, you don't need to validate the process.

 

[Bev D]

Does anyone have experience successfully defending 100% verification of special processes or justifying no validation based on risk and verification? Any feedback is greatly appreciated!

As the other two responders have posted if you can 100% verify teh results of a process (such as injection molding) then you have no need to validate the process. In fact by definition a process whose output can be 100% verified - without scrapping all parts - is NOT a special process.

…so I wonder what your real issue is?

 

[Tidge]

I don't want to get completely sidetracked about risk management in medical devices (or pharma) but with this...

PS: I believe that the RPN approach is flawed. Nevertheless, we use the RPN method to define the minimal (reliability, confidence) pair for the OQ and PQ. Not once has an auditor address this in a report. The way I see it: In an audit you need to demonstrate that you possess a procedure and that you apply it correctly. Hence, if your procedure does not require process validation if RPN<15, you don't need to validate the process.

... the important letter in a FMEA's RPN is "P", for prioritization. An FMEA can't reveal anything about absolute risks, it can only reveal some thinking about failure modes and how need for the control mechanisms (or not) was decided... and I suppose if there is some consensus around how much the established controls are doing (with respect to any particular failure mode). Confusing FMEA with a method of reducing overall risk is pretty much the "obvious" mistake a regulator/accrediting agent (for medical devices certainly, perhaps other regulated industries as well) would identify, it's not like they would pick apart specific numeric reductions or even examine statistical methods used to justify them (if such things exist).

In my own experience: very few people look at an FMEA with much rigor beyond

• Do we have or need a risk control at all (for this failure mode)?
• Do we think the identified risk control is working (or stopped working)?

I certainly believe that an FMEA can be used in a smarter way to motivate marginal improvements for a well-controlled whatever (process, design), but my typical experience is that even if a line in an FMEA falls below some magic number chances are good that there is some control (or reference to a control somewhere) for that failure mode, mostly because effective employees don't populate FMEAs with nonsensical failure modes. That is, at base-level, the FMEA reveals an essentially a sort of binary thinking about possible failure modes and controls for them. After that, it is mostly Numberwang.

 

[Ronen E]

So much confusion above, in my opinion... and mixing of unrelated concepts. Risk management (or as popularly misused, "risk based approach") is NOT the cure for everything. More often than not, it is (mis)used to justify dodgy, economically-biased (greed-based?) practices, or poor/lazy engineering / science, or both.

Time to go back to basics.

When the design effort is successfully complete, there should be a component specification for each and every component that needs to be made (or sourced, which simply means someone else makes it; but it still needs to be made). It can be elaborate, or very simple/basic. What it includes is a question of design. In determining that, risk analysis may be applied; but more importantly, it should be the result of good, thorough design/engineering practices.

Next, the question is: How do we know we make acceptable components?

An acceptable component is one that meets the component specification. Certainly no less, but also no more. All the properties and characteristics that can be assessed for a component, but are not a part of the specification at hand, are not relevant. One might argue that a specification is lacking (= that something that IS relevant is in fact not included), but that's a matter of engineering quality. For discussion sake, I'll relate to a "perfectly" (as in "fit for purpose") specified component.

Next question is not whether all those characteristics CAN be verified; but whether they are IN FACT verified. The case where one CAN'T be verified is just a private case of "it's not verified". It may well be the case it's not verified because it's not economical to do so. Fair enough. All that matters at this point is that it's not verified.

If a characteristic is not IN FACT verified, it has to be validated. This is the requirement. There is no allowance (that I know of) in mainstream developed-world regulation for AQL-style sampling as a routine substitute to 100% verification or process validation. If it's not 100% verified, of validated upfront, confidence that it will comply with its specification is insufficient. We can argue about the wisdom in this thinking, but this is currently how it's regulated.

One might argue at this point that there is room to consider criticality (or the risk) of a given component. Makes sense; but the way it plays in is not via compromising 100% verification / process validation. The way to account for criticality is via the component specification - the design & development engineer needs to consider the component's role and its criticality, and let that guide/drive the determination of what characteristics are actually specified. Another way to differentiate critical from non-critical is via tolerances. If it's not important, it doesn't need to be in the specification (and then there is nothing to verify/validate). If it's only important to an extent, tolerances can be opened up. If the tolerance is so wide that the process can't practically breach it, the characteristic can be removed from the specification and the rationale should be documented in the DHF.

When the design goes through design transfer and makes it to manufacturing, it needs to already be lean and well rationalized. This includes what needs to be verified/validated. This is not the stage to apply risk management. If anything in the component specification is considered superfluous at this stage, it needs to go through a modification round where this can be re-examined and properly established.
The above is solely my unsubstantiated opinion

Added in edit: The question of whether or not injection moulding is a special process depends on what outcomes (characteristics) need to be assessed in the finished part. If it's a simple part dimension, it's usually not too difficult to measure, and hence it's verifiable. It may well be the case that, due to whatever reason, it is not IN FACT measured/verified 100%. In that case it should render the process a special one (= one that needs to be validated). But this is no different to any other "mainstream" process. The tricky part with injection moulding is where the performance characteristics of the component matter (common example: mechanical properties). How do we assess the average molecular weight of the polymer in the finished part, without destroying it? How do we verify 100% its elongation at failure? Etc. These might be strongly affected by process characteristics and there's a big risk of variability, for example across time of day, weather conditions (if the environment is not controlled), between cavities, and in extreme cases even between shots. So, where these (or similar) matter, validation is the answer. Again, it's a question of what is in the specification.

Further added in edit: Risk is normally also factored in in the process validation process itself. It is very structured and the methodology makes all the necessary allowances for it. So in my opinion it's more appropriate to validate (unless 100% verifying) rather than to risk-manage around validation.

 

[Bev D]

@Ronen E - can you quote the applicable section in the medical device and pharma standards where it says “is not 100% verified”? I am more familiar with the “cannot be 100% verified” requirement…

 

[Ronen E]

@Ronen E - can you quote the applicable section in the medical device and pharma standards where it says “is not 100% verified”? I am more familiar with the “cannot be 100% verified” requirement…

This is from ISO 13485:2016.

 

[Tidge]

A subtle point (w.r.t. purchased parts) is that 13485 has a different section on Purchasing (7.4) as opposed to Production and Service provision (7.5). In that section (and as described in the guidance) the intent is that the requirements for purchased product have been met and that the control the organization has put in place are proportionate to the risk associated with the purchased product.

"Skip lot testing" and "certificates of conformance" are just a couple of examples that might be chosen (by the receiver's QMS), per the ISO/TC 210 guidance. I see a LOT of opportunity for different approaches to satisfy this.

I only write the ^ above ^ because I have known people that interpreted 7.5.6 for molded parts as "if a part is supposed to be made to the print, we have to check every (special, critical, starred, whatever) dimension on every part that comes through the door". Those people didn't even allow for sampling, even if the tools had been qualified and parts included features that would indicate it the molding process was non-conforming in some way that affected any other dimension.