Monitoring System Integration: Q&A

In our webinar "A Future-Proof Monitoring System: Ensuring Your System can Adapt to the Future of GxP" we answered several questions on how the viewLinc continuous monitoring system can adapt to future needs and regulations by communicating with external systems, including: document historians, enterprise resource planning systems, and control systems.

Question: Can you explain more about (MMI)?

MMI stands for Machine-to-Machine Interface.  It's a generic term for an interface between two machines. In a monitoring system, the Enterprise Resource Planning System or Data Historian will be the first Machine. This first machine will query a second machine, for instance, a monitoring system, for information. The term MMI does not indicate the form or language of the interface, it indicates automated interactions between two systems.

An example is Open Platform Communications (OPC), which is a common protocol for an MMI in industrial environments.  OPC is a standard set of specifications that act as an interface between servers, or clients and servers. Vaisala’s OPC UA Server allows viewLinc to communicate with existing OPC-compatible systems like data historians, manufacturing execution systems, building automation systems, etc.

Another example is an API.  This is an Application Programming Interface (API). The viewLinc API allows viewLinc to integrate with the system of your choice — such as a Manufacturing Execution System or Data Historian. This is more efficient than a system that requires users to manually combine and manage data from separate systems.

What do you mean by private cloud and public cloud?  Why do you think private cloud is safe for GxP, but public is not?

In function a cloud is a means of outsourcing information exchange and storage through virtualization of data.  By that definition a private cloud is a virtualized network that you own and control.  If all the hardware used for information virtualization is located on your corporate site, it’s a private cloud and you manage all its elements. This is why it’s more secure for GxP applications.  With a private cloud you see which servers store GxP-related data.  A public cloud is information virtualization using someone else’s server. You control none of the hardware. While you might know that your vendor uses Google cloud or Amazon AWS, you actually have no idea where your data is, nor any control over the update cycle of the software, hardware, or any other elements. 

Isn’t a cloud-based SAAS Monitoring System the most adaptable and future-proof monitoring system?

Software as a Service (SAAS) for a monitoring system means that it uses a public cloud.  I agree that one day, SAAS will be the most adaptable system. In this case, you could rent data loggers, pay as you go, and automatically upgrade monitoring software to the latest version.  But I do not think we are there yet for regulated applications (except maybe for the simplest of non-GxP monitoring applications) because you should not offload responsibility for your data. 

In future, we may have regulatory frameworks to support this inevitable transition.  Currently, a cloud-based SAAS won’t be able to serve your low-tech sites with manual, paper-based processes.  Currently SAAS falls short of the adaptability requirement to be future proof.  With that said, Vaisala is developing a cloud-based monitoring application for non-GxP purposes, so we are prepared for the day when it becomes the right choice for GxP. 

What do you mean by "lightweight" Category 4 System?

The Category 4 classification is from “Good Automated Manufacturing Practice (GAMP) Guide for Validation of Automated Systems in Pharmaceutical Manufacture” published by the International Society of Pharmaceutical Engineers (ISPE). In GAMP methodology, a category number describes the level of complexity in a system or software. 

Category 5 is the most complicated system, meaning that it's highly customized and bespoke applications.  Category 3 is the most common type of system, referring to systems that operate off-the-shelf, with no real configuration.  Category 4 is everything else between, usually called a Configured Application.  In terms of validation effort, Category 5 systems will be the most labor intensive.  Meanwhile, a Category 3 system, because it is simple, is literally too simple to provide a rich enough feature set to be adaptable.  That leaves us with Category 4 systems our most adaptable monitoring option.

I said “lightweight” Category 4 meaning that although the system is configured by the user, the software doesn’t allow any changes to its underlying processes.  Each user of the system gets exactly the same application and executable file, much like a Category 3 system.  Because the customer is in control of the limited configuration process, which is transparent and easily documented, a lightweight category 4 system requires less validation.  This type of system achieves an acceptable trade-off: high in adaptability, with a reasonable validation load.

Why are we still using PDFs?  Isn’t there something better yet? 

The Portable Document Format have been around since 1993. Because of all the technology changes since then, it does seem like PDF should have been replaced by now.  But PDFs have evolved. They were originally developed to make graphics files smaller. Rather than a file containing the picture, a PDF contains instructions that allow applications to build the picture. The ability to lock these files down made them the standard format for secure data transfer.  The data layers that made the PDF secure also turned out to be ideal for encryption and digital signatures.  PDFs are a perfect example of a future-proof technology; they are adaptable. If they were not, they wouldn’t still be in use.

GxP Documentation Support

To support the viewLinc Continuous Monitoring System, Vaisala offers several documents that can simplify compliance with GxP regulations and guidance.

IQOQ:

Based on viewLinc’s architecture, features, and functions the viewLinc IQOQ is based on risk assessment appropriate to GxP processes.

The Installation Qualification details the steps necessary to install the software, and documents installation parameters and variables. This protocol provides you with full documentation of the hardware baseline of the system including: server, sensors, and connectivity devices. It also verifies the presence of the necessary documentation to support ongoing operation of the system throughout its lifecycle, such as relevant SOPs, calibration certificates, and user manuals.

The Operation Qualification provides evidence that the system is functioning as it was designed to, meeting the needs outlined in your User Requirements Specification (URS) and encompassing all GxP-related capabilities of the system, including: secure audit trails, requirements of 21 CFR Part 11, Annex 11 and PFSB 040122.

Sample of viewLinc's IQOQ

The GxP Documentation Package: URS, FS, TM, RA

• URS -The User Requirements Specification defines the capabilities of viewLinc to fulfill its intended role in your process. This document is a list of requirements for continuous monitoring and includes options to add new requirements unique to your processes.
   
• FS - The Functional Specification outlines all functions of the viewLinc system and can be used by stakeholders to evaluate the CMS as a candidate system by comparison to a User Requirements Specification. Every requirement in the URS is fulfilled by a function in the FS.
   
• TM - The Traceability Matrix ensures traceability of the requirements through the assessment and testing processes. It verifies that requirements defined in the URS are fulfilled by a corresponding function in the viewLinc system. It verifies that requirements and corresponding functions have been fully evaluated through Risk Assessment, IQOQ, and a Risk Assessment.
   
• RA - The Risk Assessment outlines viewLinc’s functions that are critical to preserving the safety and efficacy of GxP products. This Risk Assessment provides justification for the items in the system that will be tested. This analysis serves as a guide for your testing efforts. A central tenet of GAMP philosophy is to leverage supplier involvement. Items identified as not requiring testing in the CMS IQOQ have either been tested thoroughly by Vaisala during system development, or are tested elsewhere during the implementation process.

Read more about Vaisala's GxP Support Documentation...