Quality awareness in the regulated industries, above all in pharmaceuticals and medical technology, manifests itself in a large number of "good practices", where the letter replacing "x" in the formula "GxP" denotes the field of application. Three areas are particularly relevant here: firstly, GMP for "good manufacturing practice" in the production of pharmaceuticals and active ingredients, which also applies to medical devices in the US FDA environment; secondly, GCP, that is, "good clinical practice" for clinical studies; and, thirdly, GDP for distribution, that is, pharmaceutical storage and distribution. Since "good documentation practice" also calls for a "D", the term GDocP is commonly used here as well.

A look at the ongoing discussion around data integrity requirements shows that the continuation of GDocP in electronic systems coincides with advancing digitalisation. It quickly becomes clear that one important outlook is missing in the GxP environment: Good Digitalisation Practice (GDigiP)^*.

Digitalisation in the regulated environment

The "M" for "manufacturing" in GMP has long ceased to be understood in a purely mechanical sense. No modern pharmaceutical and medical technology company can manage without digitalisation, because competitive processes are automated and therefore digitalised – the more thoroughly, the better. But how do you manage efficient and compliant digitalisation in a regulated environment? Just as good engineering practice specifies guidelines for the implementation of mechanical processes, GDigiP can be an aid for compliant digitalisation in a regulated environment.

What's involved? First of all, as in all GxPs: monitoring. The monitored and orderly implementation of digitalisation will lead to compliant processes and products. The model is GMP, which specifies a quality management system and concept involving coordinated, documented processes, as described in SMFs, VMPs, document management SOPs and many others. GDigiP is based on five aspects of monitoring:

1. A clear strategy with an IT infrastructure plan/architecture
2. Technology scouting
3. Customised computer system validation
4. Optimised and harmonised business processes
5. Structured selection of applications and implementation with vertical and horizontal integration

Use your IT infrastructure plan and IT architecture for orientation

The starting point of GDigiP should always be a concept for digitalisation. An IT infrastructure plan or IT architecture ensures clarity, especially with regard to the following questions:

• Which processes should be digitalised?
• Are these already structured according to an organisation principle such as ISA 95 – or do they still need to be structured, optimised and harmonised?
• What physical structures and systems are planned within the organisation in order to achieve the digitalisation goals?
• What are the (existing) components and architectural building blocks? And how, where possible, will existing concepts be integrated into new ones?

Last but not least, it must be determined how this overall concept fits into the corporate strategy, vision and derived IT strategy. For example, the use of cloud applications, SaaS concepts and IIoT must be taken into account here. Structured procedures, or those based on templates or standards, such as VDI 5600, create control, efficiency and traceability. Iterative IT strategy workshops provide the framework. The OT/automation strategy should also be considered at this point.

Management tips: Achieve GDigiP via your IT development infrastructure plan

• Derive your IT strategy from your corporate strategy based on business cases.
• Use IT strategy workshops with experts and decision makers from IT/OT, manufacturing & technology and compliance/QA to generate concrete implementation options and bases for decision making.
• Unite your IT architecture with the architecture of your business processes.

View the use of technology as a compliance enabler

As part of the GDigiP strategy, general directions, lighthouse projects and future technologies that take account of both compliance and the efficiency and pervasiveness of digitalisation must be considered. Current examples of digital fields of application are augmented reality for machine set-up and maintenance, for microbiological/EM sampling or for cleaning/cleaning validation.

Other possibilities are the use of AI, machine learning and Industry 4.0/Pharma 4.0^TM technologies. Among other things, these can be used to better master ongoing process verification/validation, to monitor the deviation and CAPA system, and to efficiently plan predictive maintenance. In all these systems, GDigiP increases the benefit and the insights that can be gained from the GMP systems and thus leads to better product quality. Another exciting field of application is substitute scanning for the digitalisation of existing paper documents or those that still arise in hybrid systems.

Management tips: Improve compliance using GDigiP application for new technologies

• Find out about new solutions on the innovation market, including across sectors.
• Identify process and compliance weaknesses that could be resolved with digitalisation.
• Identify how you can better harness the potential of existing (GMP) processes through digitalisation.

*Good Digitalisation Practice is a registered trademark of msg industry advisors ag.

Carry out computer system validation based on the lifecycle approach

The projects for implementing the potential applications mentioned must be integrated into the company's planning systems and implemented in compliance with GMP. This is done using test systems and by switching to live pilot testing or GMP for the overall operation, analogous to GAMP procedures. Many projects can only be set up in collaboration with appropriate tool providers. They may also have to go through off-site feasibility studies, but also require (independent) expertise for decision making.

While the computer system validation (CSV) of most digital applications can still be carried out using classic means, the CSV for AI software requires new approaches with a high level of understanding of the algorithms, ontologies and matchings. The parameterisation, as well as the teaching and teaching data, must be checked and tested more intensively than just black box testing – for example, as GAMP category 4 or even 5. This kind of CSV is also subject to a real, relevant lifecycle approach, because since the dynamic algorithms learn and the parameters (ontology and matching content, etc.) thus change independently, these parameters must be tested periodically, including against predefined KPIs.

Improve and standardise business processes

Projects or processes of digitalisation must be based on stringent analysis and modelling of the business processes according to a suitable organisation principle. It is important here to have clearly defined, horizontal and vertical IT integration concepts across the ISA 95 levels, which allows successful assignment of IT system functions to process steps. Corresponding data integrity specifications must be taken into account in order to form the basis for efficient (and possibly agile) CSV of the tools and digitalised systems, in combination with solid master data and requirements management.

Here, GDigiP also enables the optimisation and harmonisation of the business processes under consideration by means of proven best practice approaches and empirical values as relate to compliance implications. This ought to lead to a higher and better controlled and documented process, and therefore product quality, which is the core and goal of all GxPs. Similar effects are also achieved by the GDigiP approaches of holistic data collection (with the help of, e.g., historians) and evaluation, which allow, e.g., error patterns or trends to be identified and thus facilitate process improvements. Robotic process automation ("RPA") can be a useful transitional technology in this regard.

Management tips: Achieve GDigiP via uniform processes

• Use standards such as ISA 95 or VDI 5600 to obtain a system landscape that is as standardised and integrated as possible.
• Structure your processes on the basis of a recognised organising principle, such as SCOR, and clear modelling conventions, as well as with the aid of tools that support modelling standards, such as BPMN.
• Derive a risk analysis and requirements from the business processes and their structure so as to enable a risk-based approach and "quality by design".

Select software tools in a structured manner

Lastly, GDigiP includes the systematic identification of the right tools and their suppliers. Following the classic GxP qualification approach, this must be based on a well-founded URS and DQ, as well as standardised selection processes. The implementation of digitalisation measures is rounded off by the systematic, supervised and documented introduction of software with controlled rollouts, including concepts for the hypercare and aftercare phases.

Management tips: Implement GDigiP when selecting tools and suppliers

• Even when creating the URS, make sure that you separate the requirements for the system from the requirements for the processes that are to be modelled with that system. This way, during validation, you have a clear separation from the process to be verified.
• During implementation, consider both a pilot phase and an MVP (minimal viable product) approach.
• Oversee the transition with professional (organisational) change management.

GDigiP is a modular toolbox of standardised, controlled procedures – taking into account the GxP requirements that are applicable to the results of digitalisation. When it is used, if the project management for the implementation and introduction (including of the above-mentioned CSV) is also subject to good practice, then nothing stands in the way anymore of efficient and compliant digitalised production of regulated products, or even regulated, purely digital products.