Toward Better Sterilization Control System EDS Compliance

Aug. 7, 2013
Electronic Data Security assurance is required for sterilization and washing equipment; Steris builds in an integrated solution
STERIS Corp.’s Life Sciences division engineers technologies and systems that prevent contamination at virtually every critical point in the pharmaceutical manufacturing process. The company’s systems are designed to answer the contamination challenges associated with highly regulated pharmaceutical environments including research laboratories, aseptic processing and bulk biopharmaceutical manufacturing.
Products provided by the Life Sciences division include steam sterilizers, washers, vaporized hydrogen peroxide systems, distillation systems and steam generators. Most of these systems are sold in a skid-mounted configuration, and all require some degree of automated operation and connectivity to facility informatics and system data networks. 
Although Electronic Data Security (EDS) regulations are more than a decade old, only in the last few years has the FDA moved to boost compliance throughout the pharmaceutical industry. In 2009, STERIS began to understand from its pharma users that their organizations were looking for capital equipment to include EDS features enabling them to comply with Audit Trail, eSignature, Data Storage and other data security requirements. 
The company also realized there was confusion about 21CRF Part 11 and how it should be applied to GMP sterilization and washing equipment in particular. The company set out to define robust, standard Electronic Data Security options, which would address the relevant aspects of data security regulations and provide pharmaceutical manufacturers the features to automate and integrate compliance data reporting. 
To deliver this functionality, STERIS turned to automation and services supplier Siemens. Following Gamp 5 methodology, both companies’ managers collaborated during a week-long workshop, studying the details of European and U.S. EDS regulations as they applied to decontamination and washing equipment. The collective team produced a gap analysis, white paper and risk assessments that eventually fed the creation of functional and technical specifications. After carefully defining the functionality requirements, the teams began work on developing the hardware and software to support the solution. 
EDS Functionality 
The specific EDS functionality required by STERIS customers is in compliance with regulation 21 CFR Part 11 “Electronic Records; Electronic Signatures” of the U.S. regulatory agency Food and Drug Administration (FDA). 21 CFR Part 11 defines the FDA acceptance criteria for the use of electronic records and electronic signatures in place of records in paper form and handwritten signatures on paper. 
The European Commission defines requirements for the use of computerized systems in Annex 11 to the EU GMP Guideline. In contrast to 21 CFR Part 11 of FDA, the European guideline covers all topics related to computerized systems, but in some cases lacks the in-depth details with regard to electronic records and electronic signatures as provided in 21 CFR Part 11.
In addition to electronic signatures, users typically need electronic records that include production data and audit trails to track changes, along with extensive password protection features.
With the power and programming flexibility of most modern automation systems, it’s possible to develop almost any required functionality using products from any major supplier, including EDS. However, Siemens’ EDS solution is built into the automation systems via its Simatic WinCC Human Machine Interface (HMI) software product — with thorough documentation already developed, proven in use and accepted by customers and regulators.
Implementing EDS with built-in functionality, as opposed to an automation system that requires a great deal of custom programming and additional hardware, offers cost-efficient benefits. First, custom programming effort is minimized, and in many cases eliminated, and less complexity makes it easier to create standard systems. According to STERIS, its pharma customers prefer standard, as opposed to custom solutions, as it’s easier to maintain HMI programs with a minimal amount of complex custom code. By creating a well documented, well tested standard solution with features that enable their customers to comply with regulations, the company provides an effective means to assure data security reporting compliance.
EDS Implementations
For customers with centralized data archiving and reporting capability, STERIS provides an S7-315 PLC and an HMI MP OIT as depicted in Figure 1. The operator interface panel runs the software with audit trail capability including user identification, time and date for initiation of cycle, cycle abort, cycle parameter changes, alarm acknowledgements, unsuccessful login/access attempts, etc. All audit trail information is reviewable from the operator interface panel.
A local memory card installed in the operator interface panel provides temporary data storage of audit trail, batch cycle and other data. The panel’s Ethernet port allows export of all relevant information to the customer’s data system. 
Specifically, the Ethernet data export function is typically used to send data from the PLC data registers in real time to the customer’s database system. Batch cycle, audit trail and other data are exported in a user-specified format such as CSV or TXT. This data can then be used to generate and print reports using customer-supplied reporting tools.
The operator interface panel includes extensive password protection functionality including but not limited to unique access levels, aging, alpha numeric requirements and automatic log-out. E-signature is also provided, typically used for final batch acceptance and other instances where verification is required.
For system users that don’t have centralized data archiving and reporting capability, STERIS provides a complete, flexible PC-based EDS solution. 
The company also offers a higher-order solution that provides centralized data archiving and reporting capability in a self-contained package. This configuration provides all of the capabilities of the simpler solution but includes an upgraded operator interface.
The main difference is that local data storage is now provided via the PC’s hard drive. Batch reporting is also included, typically in a PDF format. Batch reports may be exported to a customer’s printer, or STERIS can provide an optional printer. As with the simpler system, an Ethernet port is included for connection to customer computing systems.
In today’s highly regulated Life Sciences environment, it’s critical to provide required EDS functionality and to document that this functionality complies with all existing codes and regulations. With built-in EDS functionality at the HMI level, STERIS is able configure two cost-effective, off-the-shelf EDS Option Packages and provide its pharmaceutical customers the ability to comply and integrate system data into an overall plant-wide compliance strategy.  
Published in the July 2013 edition of Pharmaceutical Manufacturing magazine
About the Author

Robert Ziemba | Siemens Industry Inc.