Figure 1: SAP HANA System Architecture (PRD = production environment, QUA = Quality Environment, TST = Test Environment, DEV = Development Environment)
Figure 2: SAP Architecture
The project life cycle took 12 months for implementation, including the unique release in all the sites in a unique solution.
Key success factors were the application of the concept of a Global Information System (see also GAMP5 Guideline: GPG Global information System Control and Compliance, see reference 1) and therefore the entire life cycle structure is based on a core level documentation that is used as leverage for the following roll outs:
Figure 3: Validation Life Cycles
The cornerstone of the entire validation life cycle is the Functional Risk Assessment that is intended to drive the OQ/PQ testing phase for each site in scope.
A risk based approach included in the validation life cycle includes the standard FMEA approach to the focus:
Table 1
|
Type of Transformation |
Rationale |
|
Standard to standard (without functional modification) |
To this category belongs all the transactions that were standard in the SAP ECC and have been kept as standard, including in the new SAP HANA. All the SAP objects linked to the function have also been maintained for the new ERP system environment. |
|
Standard to standard (with functional modification) |
To this category belongs all the transactions that were standard in the SAP ECC and have been replaced by another standard function in SAP HANA. The environment could be partially affected by this change, but the potential failures are still easily detectable. |
|
Back to standard |
To this category belongs all the transactions that were customized in the SAP ECC and that have been replaced by a new standard function of the SAP HANA system. The environment could be heavily affected by this change and the business process in which the function is involved may need a modification. The ability to detect potential failures is lower than the previous category. |
|
Custom to custom/New Custom |
This complex category encompasses all the transactions that were customized in the SAP ECC and that have been replaced by a new custom function or that were missing in SAP ECC and have been created from scratch. The environment is heavily affected by the new customization and related linked object. The ability to detect potential failures is very limited. |
As result of a combination of the three factors (criticality, occurrence, detectability), the analysis is allowed to focus on the activities of validation -- Risk Mitigation actions derived directly from risk strategy included in the Functional Risk Assessment and driving the OQ/PQ activities:
Table 2
(*) = note: the % the classification of the transactions is to be intended specifically for this case study and not as general assumption.
Conclusions
Validation is an exercise that constitutes a project unto itself in the overall implementation project, requiring dedicated timelines, resources and dependencies.
A cost effective implementation and validation was executed focusing the validation exercise on the most significant risks that were mitigated. Otherwise, the overall implementation plan would not have been achievable.
Future Improvements
The case study had a successful conclusion even though the company decided to plan, for the following years, some technological transformations on the S4HANA system and the Quality Management system in general:
These evolutions are included in the mainstream of the digital transformation. Current guidelines are already captured in the new edition of GAMP5 - A Risk-based Approach to Compliant GxP Computerized Systems (see reference 2).
References
