Position Paper: Are We Abandoning IQ and OQ?4

Science-based approach
Both documents stress good science. The ASTM standard discusses science and risk-based decisions in the same sentence. We are to apply science to risk-based decision making. xactly what this means is not readily evident. The ASTM standard also gives a reference to ICH Q8 as a definition and understanding of the science-based approach (6).
The FDA guideline discusses sound scientific methods and principles with the PQ based on sound science. Both documents do acknowledge the application and support of process analytical technology (PAT).
Between these two documents it is clear that rationalizations and decisions are to be made with good understanding of science. Other than the ASTM standard emphasizing risk, they both acknowledge the need for good science. Current role of the quality control unit or quality unit
This term quality unit (QU) is used in both documents. The words or group known as quality assurance is lacking in both. It is commonly understood that the QU is the sum total of all quality inclusive of QA and quality control (QC). The FDA validation guidance document gives more overall responsibility to the quality unit than the ASTM standard. The QU is to approve the qualification plan, PQ protocols, and reports. The FDA guidance document does address QU approving individual equipment and system qualifications. It stipulates that the qualification plan and the summarizing report must be reviewed and approved by the quality unit.
The ASTM standard has no formal mention of the QU other than to have them approve the verification plan, verification review documents, and the decision to use vendor documents as they apply to criticality. The QU does not participate in the review or approval of the verification documents, but just the final review documents.
A question to be raised is what happens if the quality unit disapproves of the verification review documents? Does it imply that the entire verification needs to be repeated? By not involving QA at the onset and throughout the process, how is it expected for them to defend the verification activities without an intimate knowledge of these activities?
In addition, the QA group has typically been responsible for ensuring that vendors and suppliers are savvy and compliant with current good manufacturing practices. Does the decision to use vendor documents without approving them affect this particular responsibility of the QU as well? The ASTM standard does not give this responsibility to QA and it is also not implied. FDA in other documentation does give QA the responsibility for overall vendor certification.
FDA initiatives
FDA independently has rewritten the original process validation guide that was issued in 1987. Among the reasons for the rewrite were that FDA has gained additional experience through its regulatory oversight, and the rewrite reflects the agency's current thinking on process validation. In reviewing this revised process validation guide, it is apparent that the FDA has maintained their stance on the words qualification and validation, but they appear to be backing away from the practices of IQ and OQ. The new FDA guidance on the surface appears to be more aligned with the current ISPE C&Q guide Volume 5 than the ASTM E2500 standard.
Due to internal budgets and resource constraints, FDA introduced other concepts. Among these was risk assessment. In an effort to harmonize, the FDA adopted, at least in name, the ISO (International Standards Organization) standards and ICH guidance documents such as Q9. These documents are available on the FDA website and mentioned in the risk-based approach document for pharmaceutical CGMPs for the 21st century. Though the risk was couched and stressed patient safety, those in the industry were to apply it to their daily operations. In effect, what has happened is that FDA has placed upon industry the need to proceduralize and defend the management of risk. It has never been clear how the industry were to evaluate this risk. When people in industry asked, they were referred to ICH Q9. The problem is that ICH Q9 is a descriptive document and not a how-to document. It also leaves it to us to develop our own method or tools if appropriate. These of course would then have to be justified and defended should they scrutinized during a regulatory audit.
A lot of time is spent analyzing and evaluating risk. This is really done to save money and time for product manufacture and sale. If certain testing or documentation can be avoided because it is considered low risk then all the better is the thinking. On the other hand, a lot of man hours are spent justifying this risk evaluation. There are many hidden costs and it is not clear that they all have been captured in the overall evaluation.