BMS & CMS: Simplifying validation efforts and controlling costs

In a recent webinar, “How Continuous Monitoring & Building Management Systems Support Monitoring, Compliance, & Control” we received several questions on validating systems – both Building Automation/Management systems and the monitoring systems that run in parallel to them.  In this blog, Senior Application Engineer John Coen and Senior GxP Regulatory Expert Paul Daniel answer the questions they did not have time to answer during their presentation.


Question: Do you see similar cost increases associated with a custom CMS compared to Vaisala standard validated CMS?

Answer: Yes. The additional validation requirements that would be needed for the Building Management System with all its custom programming, would also be needed for a customized Continuous Monitoring System.  Although, a custom CMS would still be easier to validate than a BMS.  While BMS are by their nature customized systems, but there are many CMS options available that are not custom.  

In fact, with so many great non-custom CMS options, I can’t imagine a reason to have a custom CMS.  It would cost more to validate a custom CMS, than to purchase, install, and validate a non-customized CMS.  Unless it provides some core strategic advantage to your company, a custom CMS is always cost prohibitive in a GxP application.

 

Question: Can you elaborate the stage when we can validate /qualify EMS or BMS systems for the new facility? For example, during a given stage of HVAC system implementation or after successful completion of facility a utility performance qualification.

Answer: The Continuous Monitoring System should be validated after the Building Management System is fully installed.  For BMS, I would validate what I could as the system was implemented as some items may be hard to see or verify after implementation is complete.

 

Question: Do you really need to validate your entire BMS, or can you have validated BMS controllers dedicated to those functions?  My experience has been yes…

Answer: Yes, there are instances where a portion of the Building Management System is validated.  However, you may be drawing the system boundaries incorrectly.  There cannot be a few validated BMS controllers on an otherwise unvalidated BMS system, because the BMS servers will need to be qualified as well.  The only way you can do what you are proposing, is to have a validated BMS, but then have unvalidated controllers on the areas that don’t need GxP control, like the lunchroom.  

What you propose provides only a minimal savings and still requires that the BMS be treated, as a whole, as a GxP system integrated with your Quality Management System, which will require an expensive and complicated validation. 

Another pathway that might work better is to have two building management systems, one GxP and one non-GxP, side by side.  This at least will shrink the scope of the validated system.  But this is still nowhere as easy or efficient as getting a purpose built GxP monitoring system that is your system of record.

 

Question: Can you explain more detail why CMS is GxP-ready or why it is a validated system out of box?

Answer: No on-premise GxP Continuous Monitoring System is validated out of the box.  However, a system can be GxP-ready by being much easier to validate.  When all the system components are made by the same manufacturer, the devices are designed to communicate already (eliminating the need for custom programming).  No custom programming means easier validation.  

Most monitoring systems won’t be plug-and-play off-the-shelf but will require some configuration.  In the case of viewLinc, this configuration does not require any custom programming, or any vendor supplier modules, so the effect on the validation is small.  This allows Vaisala to offer template qualification protocols (and the related template GAMP specifications) that can allow validation efforts to be completed in under 1 week by 1 person.  Often, more time is spent circulating documents for signatures than you will spend executing them.  

To summarize, the single supplier and simple configuration allows for vendor supplied protocols, which simplify validation.  For a system to be considered GxP ready, it needs all the GxP and Part 11 features (audit trail, security, etc.) already built into the system.