A Reader Writes:
The technicians and operators in our brewery sometimes change the PLC programs to accommodate maintenance and production requirements. We're concerned that the FDA would take issue with this practice. What should we do to be sure our PLC program management would be accepted by FDA inspectors?
-From November 2002 CONTROL
PLC and DCS control system configurations are a topic with many different opinions in the industry with regard to 21 CFR Part 11 compliance. Approximately half the companies we have spoken with believe the control configuration is an electronic record and requires the same level of revision control and change tracking as, for example, an electronic batch production record. The other half agree that modifications to the control configuration require change control, but do not believe the configuration falls under 21 CFR Part 11 jurisdiction.
...Certainly the PLC or DCS programs are not submitted to the FDA, but they do require validation to ensure proper functionality. One question to ask is, does the PLC or DCS configuration constitute an electronic record that satisfies any record or signature requirement set forth by the FDA? Many control companies, including Invensys, have taken the conservative approach and developed configuration change tracking applications that monitor the changes made to the control system configurations. In addition, there are third-party tools such as that provided by MDT Software.
...At a minimum, access to the PLC or DCS programming tools should be restricted by user ID, passwords, and/or physical barriers such as placing computers in rooms with locked doors to which access is controlled. Of course, the final decision comes from the FDA inspectors whose job it is to enforce the regulations. The FDA routinely updates its compliance guidelines. These guidelines, in conjunction with the ruling itself, should be used by the manufacturer to develop its own compliance opinion and implementation policy.
Daren Moffatt, Pharmaceutical Industry Business Manager
Invensys Process Systems, www.invensys.com/Archestra.html
There are multiple issues to consider when PLCs are included in the mix of process control strategy and design. One can think of validation of processes and hardware as a snapshot of the design of the plant or process, as opposed to compliance, which is actually a process that maintains the design and the equipment in a state that is consistent with cGMPs and with the CFRs that apply to the pharmaceutical industry.
...Initial design of the PLCs includes both a hardware and a software (ladder logic) design that is used to control the process. The initial validation of the design would have verified the PLC hardware installation and also should have verified that the ladder logic was installed and controlling the process as designed.
...Once the validation of the design is accomplished, the fundamental principles of design control and compliance should be in place to allow minor corrections to PLC ladder logic as sensors change or as the process is upgraded.
...The key element in maintaining the PLC and also maintaining the design baseline is a SOP to determine what constitutes a minor and a major change. Here's what the process should be:
- A work authorization to make minor corrections should be documented and reviewed by engineering and validation prior to implementation. Emergency changes can be accommodated by allowing minor changes within an SOP that is written specifically for that purpose.
- If a work authorization is reviewed and found to substantially change or modify process parameters, whether software, hardware, or firmware, a formal design change process is necessary to accomplish and document the change. This is outside of the control and authorization associated with the SOP.
- Completed work authorizations should be reviewed by both engineering and validation groups.
- If the design change is determined to be substantial and affects the process in a way that can affect product quality, then a validation study should be performed to verify that the design change and subsequent process changes are within acceptable limits. This study should include an engineering review that examines effects on adjacent processes.
- The design baseline is updated based on the implemented design, and appropriate quality and validation organizations review and sign off on the design change and the resultant testing from validation studies.
Michael Burgin, Senior Consultant
Energy Science Applications, Powder Springs, Ga.
Its All About Security
The situation described is a direct violation of 21 CFR Part 11 although probably not sufficient to warrant a warning by the FDA. The FDA has given opinions that PLC programs are considered electronic records and as such fall under the requirements of Regulation 21 CFR Part 11. The issue is that changes to electronic records (such as PLC programs) need to be controlled and tracked. A few key things to look for are:
- Security: Make sure that only authorized individuals can make modifications to control programs. This needs to be user ID and password-based or biometric.
- Version control and history: Be able to go back and see what the record or program looked like in the past. Changes to version should also be approved by individuals other than the person changing it.
- Audit trails: A detailed log of all changes to the records and the system itself. If someone changes a program, it needs to log the date, time, user name, event, and any other details. The audit trail system needs to be secure to ensure that records cannot be falsified.