Both documents stress good science. The ASTM standard discusses science and risk-based decisions in the same sentence. We
are to apply science to risk-based decision making. xactly what this means is not readily evident. The ASTM standard also
gives a reference to ICH Q8 as a definition and understanding of the science-based approach (6).
The FDA guideline discusses sound scientific methods and principles with the PQ based on sound science. Both documents do
acknowledge the application and support of process analytical technology (PAT).
Between these two documents it is clear that rationalizations and decisions are to be made with good understanding of science.
Other than the ASTM standard emphasizing risk, they both acknowledge the need for good science.
Current role of the quality control unit or quality unit
This term quality unit (QU) is used in both documents. The words or group known as quality assurance is lacking in both. It
is commonly understood that the QU is the sum total of all quality inclusive of QA and quality control (QC). The FDA validation
guidance document gives more overall responsibility to the quality unit than the ASTM standard. The QU is to approve the qualification
plan, PQ protocols, and reports. The FDA guidance document does address QU approving individual equipment and system qualifications.
It stipulates that the qualification plan and the summarizing report must be reviewed and approved by the quality unit.
The ASTM standard has no formal mention of the QU other than to have them approve the verification plan, verification review
documents, and the decision to use vendor documents as they apply to criticality. The QU does not participate in the review
or approval of the verification documents, but just the final review documents.
A question to be raised is what happens if the quality unit disapproves of the verification review documents? Does it imply
that the entire verification needs to be repeated? By not involving QA at the onset and throughout the process, how is it
expected for them to defend the verification activities without an intimate knowledge of these activities?
In addition, the QA group has typically been responsible for ensuring that vendors and suppliers are savvy and compliant with
current good manufacturing practices. Does the decision to use vendor documents without approving them affect this particular
responsibility of the QU as well? The ASTM standard does not give this responsibility to QA and it is also not implied. FDA
in other documentation does give QA the responsibility for overall vendor certification.
FDA independently has rewritten the original process validation guide that was issued in 1987. Among the reasons for the rewrite
were that FDA has gained additional experience through its regulatory oversight, and the rewrite reflects the agency's current
thinking on process validation. In reviewing this revised process validation guide, it is apparent that the FDA has maintained
their stance on the words qualification and validation, but they appear to be backing away from the practices of IQ and OQ.
The new FDA guidance on the surface appears to be more aligned with the current ISPE C&Q guide Volume 5 than the ASTM E2500
Due to internal budgets and resource constraints, FDA introduced other concepts. Among these was risk assessment. In an effort
to harmonize, the FDA adopted, at least in name, the ISO (International Standards Organization) standards and ICH guidance
documents such as Q9. These documents are available on the FDA website and mentioned in the risk-based approach document for
pharmaceutical CGMPs for the 21st century. Though the risk was couched and stressed patient safety, those in the industry
were to apply it to their daily operations. In effect, what has happened is that FDA has placed upon industry the need to
proceduralize and defend the management of risk. It has never been clear how the industry were to evaluate this risk. When
people in industry asked, they were referred to ICH Q9. The problem is that ICH Q9 is a descriptive document and not a how-to
document. It also leaves it to us to develop our own method or tools if appropriate. These of course would then have to be
justified and defended should they scrutinized during a regulatory audit.
A lot of time is spent analyzing and evaluating risk. This is really done to save money and time for product manufacture and
sale. If certain testing or documentation can be avoided because it is considered low risk then all the better is the thinking.
On the other hand, a lot of man hours are spent justifying this risk evaluation. There are many hidden costs and it is not
clear that they all have been captured in the overall evaluation.