🇮🇪 Ireland
--°C Loading… Dublin
AQI: --
--:--:-- IST
Writer Login
Latest
The GLP-1 Dilemma: Ireland’s Battle Over Blockbuster Weight-Loss Drugs A Tale of Two Systems: Why US Healthcare Costs are Skyrocketing and What it Means for Ireland The Ultimate Guide to Startup Funding in Ireland (2026) Emerging Pharma Companies in Ireland to Watch in 2026 Ireland Unveils €460m Investment in Seven New "Rinn" Research Centres FDA 21 CFR Part 211 vs. EU GMP Annex 1: Key Differences The GLP-1 Dilemma: Ireland’s Battle Over Blockbuster Weight-Loss Drugs A Tale of Two Systems: Why US Healthcare Costs are Skyrocketing and What it Means for Ireland The Ultimate Guide to Startup Funding in Ireland (2026) Emerging Pharma Companies in Ireland to Watch in 2026 Ireland Unveils €460m Investment in Seven New "Rinn" Research Centres FDA 21 CFR Part 211 vs. EU GMP Annex 1: Key Differences
← Back to Knowledge Hub
ISO

ISO 15378 Complete

Document ID: ISO-15378-Complete Share on LinkedIn

ISO 15378:2017: Primary Packaging Materials for Medicinal Products — Particular Requirements for the Application of ISO 9001:2015, with Reference to Good Manufacturing Practice (GMP)

ISO 15378 INTERNATIONAL STANDARD Fourth edition 2017-09 Primary packaging materials for medicinal products — Particular requirements for the application of ISO 9001:2015, with reference to good manufacturing practice (GMP) Articles d'emballage primaire pour médicaments — Exigences particulières pour l'application de l'ISO 9001:2015 prenant en considération les bonnes pratiques de fabrication (BPF) Reference number --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 ISO 15378:2017(E) COPYRIGHT PROTECTED DOCUMENT © ISO 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 • CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyright@iso.org www.iso.org --,,,,,,,,,,,,,,,,,`-`-`,,`,,`,`,,`--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reprodu i ct i ion or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) Contents Page Foreword v Introduction vi .......................................................................................................................................................................................................................................... 1 Scope 1 ................................................................................................................................................................................................................................ 2 Normative references 1 ................................................................................................................................................................................................................................. 3 Terms and definitions 2 ...................................................................................................................................................................................... ..................................................................................................................................................................................... 3.1 Terms related to organization....................................................................................................................................................2 3.2 Terms related to activity .................................................................................................................................................................3 3.3 Terms related to system ..................................................................................................................................................................4 3.4 Terms related to requirement ....................................................................................................................................................5 3.5 Terms related to process ................................................................................................................................................................6 3.6 Terms related to results ..................................................................................................................................................................7 3.7 Terms related to data, information and document ..................................................................................................8 3.8 Terms related to action ....................................................................................................................................................................9 3.9 Terms related to characteristic ..............................................................................................................................................10 3.10 Terms related to determination ............................................................................................................................................10 4 Context of the organization 12 3.11 Terms relating to risk management ...................................................................................................................................11 .................................................................................................................................................................... 4.1 Understanding the organization and its context ....................................................................................................12 4.2 Understanding the needs and expectations of interested parties ...........................................................12 4.3 Determining the scope of the quality management system ..........................................................................13 5 L eadership 14 4.4 Quality management system and its processes .......................................................................................................13 ............................................................................................................................................................................................................... 5.1 L eadership and commitment ..................................................................................................................................................14 5.1.1 General...................................................................................................................................................................................14 5.1.2 Customer focus ...............................................................................................................................................................15 5.1.3 Customer audits.............................................................................................................................................................15 5.2 P olicy ............................................................................................................................................................................................................15 6 P lanning 17 5.3 Organizational roles, responsibilities and authorities.......................................................................................16 ...................................................................................................................................................................................................................... 6.1 Actions to address risks and opportunities ................................................................................................................17 6.2 Quality objectives and planning to achieve them ...................................................................................................18 7 Support 19 6.3 P lanning of changes .........................................................................................................................................................................19 ........................................................................................................................................................................................................................ 7.1 Resources ..................................................................................................................................................................................................19 7.1.1 General...................................................................................................................................................................................19 7.1.2 People .....................................................................................................................................................................................19 7.1.3 Infrastructure ..................................................................................................................................................................20 7.1.4 Environment for the operation of processes ........................................................................................21 7.1.5 Monitoring and measuring resources ........................................................................................................23 7.1.6 Organizational knowledge ....................................................................................................................................24 7.2 Competence ............................................................................................................................................................................................24 7.2.1 General...................................................................................................................................................................................24 7.2.2 GMP-training ....................................................................................................................................................................24 7.3 Awareness ................................................................................................................................................................................................25 7.4 Communication ...................................................................................................................................................................................25 7.5 Documented information ............................................................................................................................................................26 7.5.1 General...................................................................................................................................................................................26 7.5.2 Creating and updating ..............................................................................................................................................26 7.5.3 Control of documented information ............................................................................................................27 8 Operation 29 7.5.4 Administration of IT systems and data......................................................................................................28 --``,,,,`,,,,,`,`,`,,,,,,--,,,,,,,--- .................................................................................................................................................................................................................. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT iii ISO 15378:2017(E) 8.1 Operational planning and control .......................................................................................................................................29 8.2 Requirements for products and services ......................................................................................................................30 8.2.1 Customer communication .....................................................................................................................................30 8.2.2 Determining the requirements for products and services .......................................................31 8.2.3 Review of the requirements for products and services ..............................................................31 8.2.4 Changes to requirements for products and services .....................................................................32 8.3 Design and development of products and services ..............................................................................................32 8.3.1 General...................................................................................................................................................................................32 8.3.2 Design and development planning ................................................................................................................32 8.3.3 Design and development inputs ......................................................................................................................33 8.3.4 Design and development controls .................................................................................................................33 8.3.5 Design and development outputs ..................................................................................................................34 8.3.6 Design and development changes ..................................................................................................................34 8.4 Control of externally provided processes, products and services ...........................................................35 8.4.1 General...................................................................................................................................................................................35 8.4.2 Type and extent of control ....................................................................................................................................36 8.4.3 Information for external providers ...............................................................................................................37 8.5 Production and service provision ........................................................................................................................................38 8.5.1 Control of production and service provision ........................................................................................38 8.5.2 Identification and traceability ...........................................................................................................................41 8.5.3 Property belonging to customers or external providers ............................................................42 8.5.4 Preservation ......................................................................................................................................................................42 8.5.5 Post-delivery activities ............................................................................................................................................43 8.5.6 Control of changes .......................................................................................................................................................43 8.6 Release of products and services .........................................................................................................................................44 9 P erformance evaluation 45 8.7 Control of nonconforming outputs .....................................................................................................................................44 ............................................................................................................................................................................ 9.1 M onitoring, measurement, analysis and evaluation ............................................................................................45 9.1.1 General...................................................................................................................................................................................45 9.1.2 Customer satisfaction ...............................................................................................................................................45 9.1.3 Analysis and evaluation ..........................................................................................................................................46 9.2 I nternal audit .........................................................................................................................................................................................48 9.3 M anagement review ........................................................................................................................................................................48 9.3.1 General...................................................................................................................................................................................48 9.3.2 Management review inputs .................................................................................................................................49 10 Improvement 50 9.3.3 Management review outputs .............................................................................................................................49 ......................................................................................................................................................................................................... 10.1 General ........................................................................................................................................................................................................50 10.2 Nonconformity and corrective action ..............................................................................................................................50 Annex A Clarification of new structure, terminology and concepts 52 10.3 C ontinual improvement ...............................................................................................................................................................51 Annex B Other International Standards on quality management and quality (informative) ............................................ management systems developed by ISO/TC 176 56 (informative) Annex C GMP requirements for printed primary packaging materials 60 ............................................................................................................. Annex D Guidance on verification, qualification and validation requirements (normative) ...................................... for primary packaging materials 64 (informative) Bibliography 75 ..................................................................................................................................................... Alphabetical index of defined terms used in this document 78 ............................................................................................................................................................................................................................. .................................................................................................. --``,,,,,,,,,,,,,, ,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reprodu i ct v ion or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html. Transfusion, infusion and injection, and blood processing equipment for medical and pharmaceutical use This document was prepared by ISO/TC 76, . This fourth edition cancels and replaces the third edition (ISO 15378:2015), which has been technically revised. The main technical and editorial changes comprise: — the integration of the sector-specific requirements on quality management systems for medicinal products into ISO 9001:2015; — the deletion of the requirements on quality manual; — the inclusion of all annexes of ISO 9001:2015 into this document; — adjustments to the terminology of ISO 9000:2015, where relevant; — the inclusion of an alphabetical index of defined terms used in this document. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT v --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) Introduction 0.1 General This document identifies Good Manufacturing Practice (GMP) principles and specifies requirements for a quality management system applicable to primary packaging materials for medicinal products. The realization of GMP principles in production and control of primary packaging materials within organizations is of great importance for the safety of a patient using the medicinal product, because of their direct product contact. The application of GMP for pharmaceutical packaging materials helps ensure that these materials meet the needs and requirements of the pharmaceutical industry. This document is an application standard for primary packaging materials, which contains the text of ISO 9001:2015. The conventions for the layout of this document are the following. — Those clauses, subclauses or annexes that are quoted directly and unchanged from ISO 9001:2015 and ISO 9000:2015 (under Clause 3) are in boxes. — Additional GMP related requirements and recommendations as well as terms and definitions relevant to the manufacture of primary packaging materials are outside boxes. ISO 9001:2015, Quality management systems — Requirements 0.1 General The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives. The potential benefits to an organization of implementing a quality management system based on this International Standard are: a) the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements; b) facilitating opportunities to enhance customer satisfaction; c) addressing risks and opportunities associated with its context and objectives; d) the ability to demonstrate conformity to specified quality management system requirements. This International Standard can be used by internal and external parties. It is not the intent of this International Standard to imply the need for: — uniformity in the structure of different quality management systems; — alignment of documentation to the clause structure of this International Standard; — the use of the specific terminology of this International Standard within the organization. The quality management system requirements specified in this International Standard are complementary to requirements for products and services. This International Standard employs the process approach, which incorporates the Plan-Do-Check- Act (PDCA) cycle and risk-based thinking. --,,,,,,,,,,,,,,,,,`-`-`,,`,,` ,`,,`--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reprodu v ctio i n or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) The process approach enables an organization to plan its processes and their interactions. The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed, and that opportunities for improvement are determined and acted on. Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise (see Clause A.4). Consistently meeting requirements and addressing future needs and expectations poses a challenge for organizations in an increasingly dynamic and complex environment. To achieve this objective, the organization might find it necessary to adopt various forms of improvement in addition to correction and continual improvement, such as breakthrough change, innovation and re-organization. In this International Standard, the following verbal forms are used: — “shall” indicates a requirement; — “should” indicates a recommendation; — “may” indicates a permission; — “can” indicates a possibility or a capability. Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement. A0. k2e y Q oubajelicttyi vme aonf tahgiesm doecnutm pernint cisip tloe sspecify GMP for primary packaging materials. ISO 9001:2015, Quality management systems — Requirements 0.2 Quality management principles This International Standard is based on the quality management principles described in ISO 9000. The descriptions include a statement of each principle, a rationale of why the principle is important for the organization, some examples of benefits associated with the principle and examples of typical actions to improve the organization's performance when applying the principle. The quality management principles are: — customer focus; — leadership; — engagement of people; — process approach; — improvement; — evidence-based decision making; — relationship management. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT vii --``,,,,`,,,,,`,`,`,,,,,,--,,,,,,,`--- ISO 15378:2017(E) 0.3 Process approach 0.3.1 General ISO 9001:2015, Quality management systems — Requirements 0.3 Process approach 0.3.1 General This International Standard promotes the adoption of a process approach when developing, imple- menting and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. Specific requirements considered essential to the adoption of a process approach are included in 4.4. Understanding and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its intended results. This approach enables the organization to control the interrelationships and interdependencies among the processes of the system, so that the overall performance of the organization can be enhanced. The process approach involves the systematic definition and management of processes, and their in- teractions, so as to achieve the intended results in accordance with the quality policy and strategic di- rection of the organization. Management of the processes and the system as a whole can be achieved using the PDCA cycle (see 0.3.2) with an overall focus on risk-based thinking (see 0.3.3) aimed at taking advantage of opportunities and preventing undesirable results. The application of the process approach in a quality management system enables: a) understanding and consistency in meeting requirements; b) the consideration of processes in terms of added value; c) the achievement of effective process performance; d) improvement of processes based on evaluation of data and information.

[Figure 1 gives a schematic representation of any process and shows the interaction of its elements.]

The monitoring and measuring check points, which are necessary for control, are specific to each process and will vary depending on the related risks.

[Figure 1 — Schematic representation of the elements of a single process]

Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reprodu v ctio i n i i or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) 0.3.2 Plan-Do-Check-Act cycle ISO 9001:2015, Quality management systems — Requirements 0.3.2 Plan-Do-Check-Act cycle The PDCA cycle can be applied to all processes and to the quality management system as a whole.

[Figure 2 illustrates how Clauses 4 to 10 can be grouped in relation to the PDCA cycle.]

[Figure 2 — Representation of the structure of this International Standard in the PDCA cycle]

NOTE Numbers in brackets refer to the clauses in this International Standard. Plan The PDCA cycle can be briefly described as follows: — : establish the objectives of the system and its processes, and the resources needed to deliver results in accordance with customers' requirements and the organization's policies, and identify Do and address risks and opportunities; Check — : implement what was planned; — : monitor and (where applicable) measure processes and the resulting products and Act services against policies, objectives, requirements and planned activities, and report the results; — : take actions to improve performance, as necessary. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ix --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) 0.3.3 Risk-based thinking ISO 9001:2015, Quality management systems — Requirements 0.3.3 Risk-based thinking Risk-based thinking (see Clause A.4) is essential for achieving an effective quality management system. The concept of risk-based thinking has been implicit in previous editions of this International Standard including, for example, carrying out preventive action to eliminate potential nonconformities, analysing any nonconformities that do occur, and taking action to prevent recurrence that is appropriate for the effects of the nonconformity. To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects. Opportunities can arise as a result of a situation favourable to achieving an intended result, for example, a set of circumstances that allow the organization to attract customers, develop new products and services, reduce waste or improve productivity. Actions to address opportunities can also include consideration of associated risks. Risk is the effect of uncertainty and any such uncertainty can have positive or negative effects. A positive deviation arising from a risk can provide an opportunity, but not all positive effects of risk result in opportunities. Because of the nature of primary packaging materials the risk-based approach is applied throughout all processes of the organization. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reprodu x ction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---`,,`,`,,`,,`-`-`,```,,,,,`,`,`,,,,,`,,,,-- ISO 15378:2017(E) 0.4 Relationship with other management system standards This document incorporates the requirements of ISO 9001:2015 and, additionally, particular requirements for primary packaging materials, which are derived and adapted, as appropriate, from GMP for the production and control of medicinal products. ISO 9001:2015, Quality management systems — Requirements 0.4 Relationship with other management system standards This International Standard applies the framework developed by ISO to improve alignment among its International Standards for management systems (see Clause A.1). This International Standard enables an organization to use the process approach, coupled with the PDCA cycle and risk-based thinking, to align or integrate its quality management system with the requirements of other management system standards. This InternationQaula Slittayn dmaarnda rgeelmateenst t os yISstOe m90s 0—0 a nFdu nISdOam 9e0n0t4a lass afonldlo wvosc:abulary — ISO 9000 provides essential backgrounMda fnoarg tihnge fporro tpheer s uunstdaeirnsetda nsudcicnegs sa nodf a inm oprlgeamneiznatatitoionn — o fA t hquisa Ilnittye mrnaantaiogneaml eSntta anpdparroda;ch — ISO 9004 provides guidance for organizations that choose to progress beyond the requirements of this International Standard. Annex B provides details of other International Standards on quality management and quality management systems that have been developed by ISO/TC 176. This International Standard does not include requirements specific to other management systems, such as those for environmental management, occupational health and safety management, or financial management. Sector-specific quality management system standards based on the requirements of this International Standard have been developed for a number of sectors. Some of these standards specify additional quality management system requirements, while others are limited to providing guidance to the application of this International Standard within the particular sector. A matrix showing the correlation between the clauses of this edition of this International Standard and the previous edition (ISO 9001:2008) can be found on the ISO/TC 176/SC 2 open access website at: www.iso.org/tc176/sc02/public. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT xi --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- --,,,,,,,,,,,,,,,,,`-`-`,,`,,`,`,,`--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT INTERNATIONAL STANDARD ISO 15378:2017(E) Primary packaging materials for medicinal products — Particular requirements for the application of ISO 9001:2015, with reference to good manufacturing practice (GMP) 1 Scope ISO 9001:2015, Quality management systems — Requirements 1 Scope This International Standard specifies requirements for a quality management system when an organization: a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. All the requirements of this International Standard are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides. NOTE 1 In this International Standard, the terms “product” or “service” only apply to products and services intended for, or required by, a customer. NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements. In addition to ISO 9001, this document specifies Good Manufacturing Practice (GMP) requirements applicable to primary packaging materials for a quality management system where an organization needs to demonstrate its ability to provide primary packaging materials for medicinal products, which consistently meet customer requirements, including regulatory requirements and International Standards. In this document the term “if appropriate” is used several times. When a requirement is qualified by this phrase, it is deemed to be “appropriate” unless the organization can document a justification otherwise. This document is an application standard for the design, manufacture and supply of primary packaging materials for medicinal products. 2 Normative references ISO 9001:2015, Quality management systems — Requirements 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the lQatueasltit eyd mitaionna goef mtheen tr esfyesrteemncse —d d Foucnudmaemnetn (tianlcsl uadndin vgo acnayb ualmareyndments) applies. ISO 9000:2015, Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---`,,`,`,,`,,`-`-`,,,,,,,,,,,,,,,,,``-- ISO 15378:2017(E) The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated referCelnecaensr,o tohme sla atnedst a esdsiotcioiant eodf tchoen trreofellreedn ecnevdi rdooncmuemnetsn t— (i nBciloucdoinntga maninya atmioenn cdomnternotls —) a pPpalrite s1.: General principles and methods ISO 14698-1, Cleanrooms and associated controlled environments — Biocontamination control — Part 2: Evaluation and interpretation of biocontamination data ISO 14698-2, 3 Terms and definitions ISO 9001:2015, Quality management systems — Requirements 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 9000:2015 apply. For the purposes of this document, the terms and definitions given in ISO 9000:2015 and the following apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: — ISO Online browsing platform: available at http://www.iso.org/obp — IEC Electropedia: available at http://www.electropedia.org/ NOTE 1 This document only duplicates terms and definitions of ISO 9000:2015 when they have been amended in order to address the specific needs of this document. NOTE 2 The structure of terms and definitions in this document corresponds to that used in ISO 9000:2015, as far as applicable. An additional heading “Terms related to risk management” has been added in this document. NOTE 3 An index of defined terms is found at the end of this document.

3.1 Terms related to organization

3.1.1 organization person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, association, charity or institution, or part or combination thereof, whether incorporated or not, public or private. primary packaging material Note 2 to entry: In this document the organization is the company manufacturing the (3.6.4). [3S.1O.U2RCE: ISO 9000:2015, 3.2.1, modified by deleting Note 2 to entry and adding a new Note 2 to entry] quality unit organizational unit which fulfils both quality assurance (QA) and quality control (QC) responsibilities organization Note 1 to entry: The quality unit(s) can consist of separate QA and QC units or of a single individual (or group), depending upon the size and structure of the (3.1.1). 2 --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E)

3.2 Terms related to activity

3.2.1 assembly primary packaging materials fitting together of (3.6.4) and/or components Note 1 to entry: Examples can include pipette assemblies for filling, prepared components of injection systems or p3o.2si.t2ioning of needle shields on prefillable syringes. change control risk management documented control of changes with an appropriate (3.11.6) Note 1 to entry: Changes can include, for example, changes in raw materials, specifications, facilities, equipment, 3pr.2od.3uction processes and test methods. Good Manufacturing Practice GMP manufacturing quality control and quality assuranceq uaapliptlyi ecdon itnr ol (3.5.5) Note 1 to entry: For the definitions of (3.2.9) and quality assurance, see ISO 9000:2015, (3.3.6 and 3.3.7). Note 2 to entry: Requirements for Good Manufacturing Practice in the pharmaceutical industry are specified in a quality assurance standard, see Reference [50]. primary packaging materials Note 3 to entrys:t aGrotoindg M manautefraicatlusring Practice (GMP) for (3.6.4) requires, in addition to suitable provision of personnel, premises and equipment, a quality management system that includes controls for incoming (3.5.13), manufacture, corresponding documentation, factory hygiene, final inspection, records of distribution, processing of complaints and self-inspection. Note 4 to entry: GMP and current Good Manufacturing Practice (cGMP)o argrea neiqzautiivoanlsent. GMP guidelines are continually updated to the ever-changing requirements of the state-of-the-art. This has resulted in the term cGMP sometimes being used. The pharmaceutical industry expects that (3.1.1) take account of 3cu.2rr.4ent GMP within their continual improvement programmes. installational qualification IQ process of obtaining and documenting evidence that equipment has been provided and installed in accordance with its specification [3S.O2.U5RCE: ISO/TS 11139:2006, 2.22] operational qualification OQ process of obtaining and documenting evidence that installed equipment operates within predetermined limits when used in accordance with its operational procedures [3S.O2.U6RCE: ISO/TS 11139:2006, 2.27] origination artwork all preparative activities prior to print Note 1 to entry: These include concept, design, graphics, reprographics, film, plate making, silk screens and digital files and masters. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E) 3.2.7 performance qualification PQ verification (3.7.13) that the proposed specification for the facility, equipment or system is suitable for the intended use 3[S.O2.U8RCE: ISO/TS 11139:2006, 2.30] qualification process to demonstrate the ability to fulfil specified requirements Note 1 to entry: The term “qualified” can be used to designate the correspoinnsdtianlgla stitoantu sq.ualification (IQ) operational qualification (OQ) performance qualification (PQ) Note 2 to entry: Qualification comprises design qualification (DQ), (3.2.4), (3.2.5) and could include (3.2.7) as well as re- qualification. 3N.o2te.9 3 to entry: Qualification can be applied to facilities, equipment and utilities. quality control part of quality management focused on fulfilling quality requirements Note 1 to entry: Quality control includes checking or testing that specifications are met. [SOURCE: ISO 9000:2015, 3.3.7, modified by adding Note 1 to entry]

3.3 Terms related to system

3.3.1 airlock enclosed space to control air-flow Note 1 to entry: The space typically has at least two interlocked doors between two or more rooms, used either 3by.3 p.e2ople or for goods, to control for different conditions, e.g. cleanliness, air-flow upon entering. calibration process of checking or adjusting (by comparison with a reference standard) the accuracy of a measuring instrument Note 1 to entry: Calibration can also be described as the set of operations which establish, under specified conditions, the relationship between values indicated by a measuring instrument or values represented by a 3m.a3t.e3rial measure, and the corresponding known values of a reference standard. cleanroom room within which the number concentration of airborne particles is controlled and classified, and which is designed, constructed and operated in a manner to control the introduction, generation and retention of particles inside the room Note 1 to entry: The class of airborne particle concentration is specified. Note 2 to entry: Levels of other cleanliness attributes such as chemical, viable or nanoscale concentrations in the air, and also surface cleanliness in terms of particle, nanoscale, chemical and viable concentrations might also be specified and controlled. Note 3 to entry: Other relevant physical parameters might also be controlled as required, e.g. temperature, humidity, pressure, vibration and electrostatic. [SOURCE: ISO 14644-1:2015, 3.1.1] Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) 3.3.4 clean zone defined space within which the number concentration of airborne particles is controlled and classified, and which is constructed and operated in a manner to control the introduction, generation, and retention of contaminants inside the space Note 1 to entry: This class of airborne particle concentration is specified. Note 2 to entry: Levels of other cleanliness attributes such as chemical, viable or nanoscale concentrations in the air, and also surface cleanliness in terms of particle, nanoscale, chemical and viable concentrations might also be specified and controlled. Note 3 to entry: A clean zone(s) can be a defined space within a cleanroom or might be achieved by a separative device. Such a device can be located inside or outside a cleanroom. Note 4 to entry: Other relevant physical parameters might also be controlled as required, e.g. temperature, humidity, pressure, vibration and electrostatic. [3S.O3.U5RCE: ISO 14644-1:2015, 3.1.2] controlled area controlled environment area or environment constructed and operated to control the possible introduction of potential c3o.3n.t6aminants working area origination production line clearance defined area where (3.2.6), (3.5.7), packaging, test or inspection operations are carried out and where such activity will usually be subject to a (3.5.4) Note 1 to entry: These areas are physically defined by the use of barriers, floor marking or similar means of definition, and can contain equipment, e.g. production machinery, test equipment, computers, work benches, proofing equipment.

3.4 Terms related to requirement

3.4.1 expiration date expected suitable use limit shelf-life Note 1 to entry: See also definition (3.4.2). primary packaging material Note 2 to entry: This is typically the period during which a (3.6.4) is expected to 3re.4m.a2in suitable for use if stored under defined conditions and after which it should not be used. shelf-life primary packaging material period during which a (3.6.4) is expected to comply with the requirements (specifications) expiration date Note 1 to entry: See also (3.4.1) Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

3.5 Terms related to process

3.5.1 batch primary packaging material lot defined quantity of (3.6.4) manufactured in one process or series of processes intended to have uniform characteristics with consistent, homogeneous quality Note 1 to entry: To meet production requirements or customer needs, a batch can be divided up into a number of sub-batches that are later combined to form a single, consistent batch. Note 2 to entry: In the case of continuous production, the batch is a fraction of the production defined either as a f3i.x5e.d2 quantity or as the amount produced in a fixed time interval. contamination primary packaging material introduction of anfiyn iushnewda pnrtoeddu cmtaterial into the (3.6.4) Note 1 to entry: A (3.6.1) can be contaminated by physical (particulate), chemical or biological (bioburden and endotoxin) action. production Note 2 to entry: Contamination can occur for e.g. during (3.5.7), packaging, storage and/or distribution f3r.o5m.3 contaminated air systems, personnel, sampling equipment, materials, premises or containers. cross-contamination contamination (3.5.2) of a material or of a product with another material or product Note 1 to entry: Cross-contamination can also be referred to as mix-up or admixture. 3N.o5te.4 2 to entry: See Reference [50]. line clearance removal (line purge) of everything associated with the prior production run cross- contamination working area Note 1 to entry: Typically, line clearance is done prior to a production run to prevent any error and (3.5.3). Typically, it is required that a production facility (line) and its associated (3.3.6) are completely clear of all materials, waste, products, samples, documents, etc. used in the previous production run before the introduction of materials, product samples, documents, etc. needed for the c3o.5m.m5encement of the next production run. manufacturing production quality control all operations including purchasing and receipt of materials to (3.5.7), packaging, labelling, 3.5.6 (3.2.9), release, storage, distribution of products and the related controls process aids material used to facilitate process realization Note 1 to entry: The material is not included in the product specification and can be removed at or before the final processing stage. 3EX.5A.7MPLE Mould release agents, compressed air, rolling lubricants. production primary packaging material processes resulting in (3.6.4) starting materials finished product Note 1 to entry: The processes form the full production cycle, from receipt of (3.5.13) through processing and packaging, to completion as a (3.6.1). Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) 3.5.8 quarantine status of materials or products isolated pending a decision on their subsequent approval or rejection N3.o5te.9 1 to entry: Quarantined material is typically isolated by physical or other effective means. realization r3e.5su.1lt0 of applying all processes required to achieve the desired output from design to product delivery reconditioning primary packaging material p3r.5o.c1e1ssing or reprocessing (3.6.4) to meet specification requirements reprocessing repeating part of a production process Note 1 to entry: Continuation of part of a process after an in-process control test has shown that the part is 3in.c5o.1m2plete, is considered to be part of the normal process, and is not considered reprocessing. retained samples finished products materials or (3.6.1) stored for future reference Note 1 to entry: These samples are generally taken in a sufficient amount and stored under recommended 3co.5nd.1it3ions for reference during a defined period of time. starting material primary packaging materials 3ra.5w.1 m4aterial, components and substances used to produce (3.6.4) surface treatment primary packaging material process to improve (3.6.4) surface EXAMPLE Siliconization or other treatment of internal glass surfaces, coating of internal or external surfaces of glass containers or rubber parts.

3.6 Terms related to results

3.6.1 finished product primary packaging material production 3.6.2 (3.6.4) which has completed all stages of (3.5.7) intermediate product primary packaging material (3.6.4) which has completed some but not all producftiinoisnh sedta pgreosduct N3.o6te.3 1 to entry: An intermediate product needs further processing before it becomes a (3.6.1). medicinal product substance or combination of substances presented for treating or preventing disease in human beings or animals Note 1 to entry: Any substance or combination of substances that can be administrated to human beings or animals with a view to making a medical diagnosis or to restoring, correcting or modifying physiological functions in human beings or in animals is likewise considered a medicinal product. Note 2 to entry: See Reference [50]. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E) Medicinal products Note 3 to entry: (3.6.3) can also be referred to as pharmaceutical or drug products, including c3l.i6n.i4cal trial products. primary packaging material medicinal product material used in pharmaceutical packaging which will contain, seal or be used for dose application of a 3m.e6d.5icinal product and which will have direct contact with the (3.6.3) secondary packaging materials non-contact packaging materials EXAMPLE Printed or unprinted cartons, labels, leaflets or inserts (or outserts), over-wraps, and transit containers such as folding boxes.

3.7 Terms related to data, information and document

3.7.1 approved confirmed conformity status starting materials process aids finished product Note 1 to entry: Conformity can be confirmed for any stage of the process [ (3.5.13), 3.7. 2(3.5.6), packaging material or (3.6.1)]. batch document batch pbraotcdhu crteicoonrd documents and records that provide a history of the (3.5.1), including information relating to its 3.7.3 (3.5.7) and control, and which facilitate its traceability batch number batch lot lot number unique identifier to identify a (3.5.1) or (3.5.1) batch lot production Note 1 to entry: A batch number can be a combination of numbers, letters and/or symbols which identifies a 3.7.4 (3.5.1) [(or (3.5.1)] and from which the (3.5.7) and distribution history can be determined. date of manufacture primary packaging material date on which one of the first stages in the process of manufacture of the (33.7.6.5.4), or the packaging, or the final release, occurs, and which can be subject to customer agreement deviation approved standard operating procedure (SOP) d3e.7p.6arture from an (3.7.1) (3.7.10) or established standard documented procedure procedure that is established, documented, authorized, implemented and maintained Note 1 to entry: The SdOoPcumentation can be in any form or type of medium. 3N.o7t.e7 2 to entry: See (3.7.10). double-check verification documented (3.7.13) of an activity, result or repcroorddu cbtyio an second person or system batch Note 1 to entry: A second in-process control check signature, (3.5.7) and quality records for a (3.5.1) signed by a second person or electronic checks can be part of this verification process. Typically, double- checks are signed by a second person. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E) 3.7.8 out of specification OOS t3e.7s.t9 results that do not comply with the specification rejected starting materials process aids intermediate products finished products status of (3.5.13), quality (u3n.5it.(6s)), (3.6.2) or (3.6.1) whose test results do not comply with one or more of the requirements of the specification, and w3.h7.i1c0h have been deemed, usually by the (3.1.2), as not suitable for use standard operating procedure SOP documented procedure a3u.7t.h1o1rized, (3.7.6), or set of procedures, work instructions and test instructions user requirement specification URS approved (3.7.1) document that states the product specifications of the material produced on this equipment as well as functional, operational and/or technical aspects of the equipment or process r3e.7q.u1i2red to produce the desired product validation confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled Note 1 to entry: The objective evidence needed for a validation is the result of a test or other form of determination such as performing alternative calculations or reviewing documents. Note 2 to entry: The word “validated” is used to designate the corresponding status. Note 3 to entry: The use conditions for validation can be real or simulated. Note 4 to entry: Validation can be applied to processes, products and software. [3S.7O.U13RCE: ISO 9000:2015, 3.8.13, modified by adding Note 4 to entry] verification confirmation, through the provision of objective evidence, that specified requirements have been fulfilled Note 1 to entry: The objective evidence needed for a verification can be the result of an inspection or of other forms of determination such as performing alternative calculations or reviewing documents. Note 2 to entry: The activities carried out for verification are sometimes called a qualification process. Note 3 to entry: The word “verified” is used to designate the corresponding status. IQ OQ Note 4 to entry: In this document the term verification is used to ensure manufacturing systems are properly installed and operating correctly; alternatively this could be done by (3.2.4) and (3.2.5). [SOURCE: ISO 9000:2015, 3.8.12, modified by adding Note 4 to entry]

3.8 Terms related to action

3.8.1 batch release batch batch document quality unit quality unit(s) decision to release the (3.5.1) for sale or supply, following a formal review of the (3.7.2) performed by the (3.1.2) or a person authorized by the (3.1.2) Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) 3.8.2 rejection starting materials process aids intermediate products finished products quality unit(s) process whereby (3.5.13), (3.5.6), (3.6.2) or 3.8.3 (3.6.1) which have been deemed, usually by the (3.1.2), as not suitable for use return primary packaging material (s) organization p3r.8o.c4ess for sending back (3.6.4) to the (3.1.1) rework action on a nonconforming product, or service to make it conform to the requirements Note 1 to entry: Rework can affect or change parts of the nonconforming product or service. Note 2 to entry: to entry:Sorting can be considered to be rework. [SOURCE: ISO 9000:2015, 3.12.8, modified by adding Note 2 to entry]

3.9 Terms related to characteristic

3.9.1 homogeneity uniformity of characteristics and their values throughout a defined quantity of material Note 1 to entry: Homogeneity can include uniformity of materials or certain characteristics of materials of s3p.9e.c2ial significance. sterile free from viable microorganisms [SOURCE: ISO/TS 11139:2006, 2.43]

3.10 Terms related to determination

3.10.1 automated inspection conformity evaluation performed by inspection equipment without manual intervention Note 1 to entry: The inspection equipment can include optoelectronics (cameras), laser systems, ultrasonics and 3th.1ei0r .a2ssociated data processing functions or others. final inspection finished product 3te.1st0s. 3carried out on the (3.6.1) to determine compliance with the specification in-process control actions taken during the production process to test product copnrfoodrumctiitoyn to its specification Note 1 to entry: Monitoring processes and adjusting the means of (3.5.7) can be necessary to meet product requirements. N3.o1t0e .24 to entry: The control of the environment or equipment can also be regarded as a part of in-process control. reconciliation finished product comparison between the amount of (3.6.1) theoretically and actually produced or used, making allowance for normal variation Note 1 to entry: The comparison considers waste, samples or other losses inherent in the process. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

3.11 Terms relating to risk management

3.11.1 quality critical primary packaging material parameter affecting (3.6.4) quality Note 1 to entry: A material, process step or process condition, test requirement or any other relevant parameter can be considered to be quality critical if nonconformity to its requirements could have significant detrimental c3o.1n1se.2quences. risk analysis process to comprehend the nature of risk and tor disekt eevramluianteio tnhe level of risk Note 1 to entry: Risk analysis provides the basis for (3.11.4) and decisions about risk treatment. Note 2 to entry: Risk analysis includes risk estimation. 3[S.1O1U.R3CE: ISO Guide 73:2009, 3.6.1] risk assessment risk identification risk analysis risk evaluation overall process of (3.11.5), (3.11.2) and (3.11.4) [3S.1O1U.R4CE: ISO Guide 73:2009, 3.4.1] risk evaluation risk analysis process of comparing the results of (3.11.2) with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable Note 1 to entry: Risk evaluation assists in the decision about risk treatment. 3[S.1O1U.R5CE: ISO Guide 73:2009, 3.7.1] risk identification process of finding, recognizing and describing risks Note 1 to entry: Risk identification involves the identification of risk sources, events, their causes and their potential consequences. Note 2 to entry: Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholder's needs. 3[S.1O1U.R6CE: ISO Guide 73:2009, 3.5.1] risk management coordinated activities to direct and control an organization with regard to risk [SOURCE: ISO Guide 73:2009, 2.1] Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E) 4 Context of the organization

4.1 Understanding the organization and its context

ISO 9001:2015, Quality management systems — Requirements

4.1 Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system. The organization shall monitor and review information about these external and internal issues. NOTE 1 Issues can include positive and negative factors or conditions for consideration. NOTE 2 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local. NOTE 3 Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge and performance of the organization. The organization's overall policy, intentions and approach to risk management, validation and change control shall be documented in order to fulfil the GMP requirements.

4.2 Understanding the needs and expectations of interested parties

ISO 9001:2015, Quality management systems — Requirements

4.2 Understanding the needs and expectations of interested parties

Due to their effect or potential effect on the organization's ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine: a) the interested parties that are relevant to the quality management system; b) the requirements of these interested parties that are relevant to the quality management system. The organization shall monitor and review information about these interested parties and their relevant requirements. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

4.3 Determining the scope of the quality management system

ISO 9001:2015, Quality management systems — Requirements

4.3 Determining the scope of the quality management system

The organization shall determine the boundaries and applicability of the quality management system to establish its scope. When determining this scope, the organization shall consider: a) the external and internal issues referred to in 4.1; b) the requirements of relevant interested parties referred to in 4.2; c) the products and services of the organization. The organization shall apply all the requirements of this International Standard if they are applicable within the determined scope of its quality management system. The scope of the organization's quality management system shall be available and be maintained as documented information. The scope shall state the types of products and services covered, and provide justification for any requirement of this International Standard that the organization determines is not applicable to the scope of its quality management system. Conformity to this International Standard may only be claimed if the requirements determined as not being applicable do not affect the organization's ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction.

4.4 Quality management system and its processes

ISO 9001:2015, Quality management systems — Requirements

4.4 Quality management system and its processes

4.4.1 The organization shall establish, implement, maintain and continually improve a quality

management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard. The organization shall determine the processes needed for the quality management system and their application throughout the organization, and shall: a) determine the inputs required and the outputs expected from these processes; b) determine the sequence and interaction of these processes; c) determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes; d) determine the resources needed for these processes and ensure their availability; e) assign the responsibilities and authorities for these processes; f) address the risks and opportunities as determined in accordance with the requirements of 6.1; g) evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results; h) improve the processes and the quality management system. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E) i) describe how the quality policy and objectives are implemented, cascaded and monitored in order to provide assurance of product quality and to meet the agreed customer requirements (agreed specifications); j) document the structure of the quality management system. NOTE This can be done as documented information, e.g. a quality manual, master SOP or SOP.

4.4.2 To the extent necessary, the organization shall:

a) maintain documented information to support the operation of its processes; b) retain documented information to have confidence that the processes are being carried out as planned. 5 Leadership 5.1 L eadership and commitment

5.1.1 General

ISO 9001:2015, Quality management systems — Requirements

5.1 Leadership and commitment

5.1.1 General

Top management shall demonstrate leadership and commitment with respect to the quality management system by: a) taking accountability for the effectiveness of the quality management system; b) ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organization; c) ensuring the integration of the quality management system requirements into the organization's business processes; d) promoting the use of the process approach and risk-based thinking; e) ensuring that the resources needed for the quality management system are available; f) communicating the importance of effective quality management and of conforming to the quality management system requirements; g) ensuring that the quality management system achieves its intended results; h) engaging, directing and supporting persons to contribute to the effectiveness of the quality management system; i) promoting improvement; j) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization's existence, whether the organization is public, private, for profit or not for profit. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

5.1.2 Customer focus

ISO 9001:2015, Quality management systems — Requirements

5.1.2 Customer focus

Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that: a) customer and applicable statutory and regulatory requirements are determined, understood and consistently met; b) the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed; c) the focus on enhancing customer satisfaction is maintained. NOTE Key customer requirements for organizations are suitable facilities, competent and trained personnel, processes designed to ensure product security and avoidance of cross-contamination and the ability to consistently produce product conforming to the customer specifications.

5.1.3 Customer audits

Top management shall approve access by mutual agreement for existing/prospective customers or their nominated representatives to conduct audits to review and to assess the organization's quality management system.

5.2 Policy

ISO 9001:2015, Quality management systems — Requirements

5.2 Policy

5.2.1 Establishing the quality policy

Top management shall establish, implement and maintain a quality policy that: a) is appropriate to the purpose and context of the organization and supports its strategic direction; b) provides a framework for setting quality objectives; c) includes a commitment to satisfy applicable requirements; d5).2 .2in c Cluodmesm au cnoimcamtiintmg ethnte tqou caolnittyin puoall iicmyprovement of the quality management system. The quality policy shall: a) be available and be maintained as documented information; b) be communicated, understood and applied within the organization; c) be available to relevant interested parties, as appropriate. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

5.3 Organizational roles, responsibilities and authorities

ISO 9001:2015, Quality management systems — Requirements

5.3 Organizational roles, responsibilities and authorities

Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization. Top management shall assign the responsibility and authority for: a) ensuring that the quality management system conforms to the requirements of this International Standard; b) ensuring that the processes are delivering their intended outputs; c) reporting on the performance of the quality management system and on opportunities for improvement (see 10.1), in particular to top management; d) ensuring the promotion of customer focus throughout the organization; e) ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented. The organization shall maintain a current record (see 7.5.3.4) of signatures of responsible persons. Signature and/or user identification lists of all personnel checking or double-checking process steps, in-process controls, etc. are recommended. The quality unit(s) with responsibility for quality critical decisions shall have the authority to make those decisions independently. --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) 6 Planning

6.1 Actions to address risks and opportunities

ISO 9001:2015, Quality management systems — Requirements 6 Planning

6.1 Actions to address risks and opportunities

6.1.1 When planning for the quality management system, the organization shall consider the issues

referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to: a) give assurance that the quality management system can achieve its intended result(s); b) enhance desirable effects; c) prevent, or reduce, undesired effects; d) achieve improvement.

6.1.2 The organization shall plan:

a) actions to address these risks and opportunities; b) how to:

  1. integrate and implement the actions into its quality management system processes (see 4.4);
  2. evaluate the effectiveness of these actions. Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services. NOTE 1 Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision. NOTE 2 Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using new technology and other desirable and viable possibilities to address the organization's or its customers' needs. 6.1.3 The organization shall ensure that risk management is included in all processes, e.g. associated with the design/development, manufacturing and delivery of primary packaging materials with regard to the primary packaging material quality; records shall be maintained (see 7.5.3.4). EXAMPLES — Change control, — cleaning, — complaints, — contamination, — design control (new products/new processes), — health and hygiene, — labelling, --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- 17 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E) — maintenance, — manufacturing planning, — materials management, — nonconformities, quality defects, — pest control, — purchasing and supply chain, — rework, — traceability, — validation, verification and qualification. NOTE Principles and guidelines on risk management can be found, e.g. in ISO 31000, ISO 14971, or ICH Q9, GAMP5. For guidance on the various methods for the identification, assessment of risk and severity, and control of hazards associated with particular processes or practices see IEC 31010.

6.2 Quality objectives and planning to achieve them

ISO 9001:2015, Quality management systems — Requirements

6.2 Quality objectives and planning to achieve them

6.2.1 The organization shall establish quality objectives at relevant functions, levels and processes

needed for the quality management system. The quality objectives shall: a) be consistent with the quality policy; b) be measurable; c) take into account applicable requirements; d) be relevant to conformity of products and services and to enhancement of customer satisfaction; e) be monitored; f) be communicated; g) be updated as appropriate. The organization shall maintain documented information on the quality objectives.

6.2.2 When planning how to achieve its quality objectives, the organization shall determine:

a) what will be done; b) what resources will be required; c) who will be responsible; d) when it will be completed; e) how the results will be evaluated. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

6.3 P lanning of changes

ISO 9001:2015, Quality management systems — Requirements

6.3 Planning of changes

When the organization determines the need for changes to the quality management system, the changes shall be carried out in a planned manner (see 4.4). The organization shall consider: a) the purpose of the changes and their potential consequences; b) the integrity of the quality management system; c) the availability of resources; d) the allocation or reallocation of responsibilities and authorities. For change control, see 8.5.6.2. 7 Support

7.1 Resources

7.1.1 General

ISO 9001:2015, Quality management systems — Requirements 7 Support

7.1 Resources

7.1.1 General

The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the quality management system. The organization shall consider: a) the capabilities of, and constraints on, existing internal resources; b) what needs to be obtained from external providers.

7.1.2 People

ISO 9001:2015, Quality management systems — Requirements

7.1.2 People

The organization shall determine and provide the persons necessary for the effective implementation of its quality management system and for the operation and control of its processes. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

7.1.3 Infrastructure

7.1.3.1 General

ISO 9001:2015, Quality management systems — Requirements

7.1.3 Infrastructure

The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services. NOTE Infrastructure can include: a) buildings and associated utilities; b) equipment, including hardware and software; c) transportation resources; d) information and communication technology.

7.1.3.2 Additional GMP-related requirements on infrastructure
7.1.3.2.1 The infrastructure shall be managed, operated and maintained to avoid product

contamination, including but not limited to the following: — facilities shall be protected against entry of unauthorized personnel; — personnel entering defined areas in production, storage or quality control/quality assurance shall only access these areas wearing appropriate clothing; — layout, design and operation shall minimize the risk of errors and permit effective cleaning and maintenance to avoid cross-contamination and any adverse effect on the quality of products, based on a risk assessment; — changing facilities, toilet and hand-washing facilities shall be provided for areas where products are processed and handled; where product quality is affected, these facilities shall be separated from manufacturing areas and not ventilated directly to them.

7.1.3.2.2 Storage areas shall be:

— of adequate capacity to allow orderly storage of starting materials and products; — appropriate with regard to material and product quality. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

7.1.4 Environment for the operation of processes

7.1.4.1 General

ISO 9001:2015, Quality management systems — Requirements

7.1.4 Environment for the operation of processes

The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services. NOTE A suitable environment can be a combination of human and physical factors, such as: a) social (e.g. non-discriminatory, calm, non-confrontational); b) psychological (e.g. stress-reducing, burnout prevention, emotionally protective); c) physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise). These factors can differ substantially depending on the products and services provided.

7.1.4.2 Work environment
7.1.4.2.1 The organization shall establish documented requirements for health, cleanliness, clothing

and access control of personnel, if contact between such personnel and the primary packaging material or work environment could adversely affect the quality of the primary packaging material.

7.1.4.2.2 If work environment conditions can have an adverse effect on primary packaging material

quality, the organization shall define the appropriate work environment conditions and establish a system for their effective monitoring and control.

7.1.4.2.3 If appropriate, special conditions shall be established and documented for the control of

contaminated or potentially contaminated primary packaging material to prevent contamination of other primary packaging material, the work environment or personnel.

7.1.4.2.4 Where primary packaging materials are exposed, covers shall be used unless justified

otherwise through a documented risk assessment.

7.1.4.3 Classification of clean zones/cleanrooms

Clean zones/cleanrooms shall be classified and monitored/operated. See ISO 14644-1, ISO 14644-2, ISO 14644-3, ISO 14644-5. For cleanroom design, construction and start-up, see ISO 14644-2 and ISO 14644-4. If appropriate, biocontamination monitoring shall be conducted in accordance with ISO 14698-1 and ISO 14698-2.

7.1.4.4 Risk control of contamination

The organization shall determine and control the risks that can result in contamination of primary packaging materials, for example: a) personal hygiene and health; b) personal clothing, jewellery including piercings, and make-up; Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E) c) smoking, eating, chewing, drinking, and personal medication; d) handling and disposal of waste; e) microbiological contamination; f) protective clothing appropriate to the classification of the process area. NOTE Automatic door closers, protective air curtains or plastic curtains can be used, to reduce the risk of contamination.

7.1.4.5 Pest control

An effective, documented pest control programme shall be implemented and maintained. 7.1.4.6 Materials and utilities (ancillary services) 7.1.4.6.1 All utilities (e.g. air, gases, steam, water) shall be assessed for their potential impact on the quality of the primary packaging materials and any associated risks. Records of the assessment shall be maintained (see 7.5.3). The assessment should include other fluids (e.g. lubrication fluids, cooling fluids, hydraulic oils), which can accidentally come into contact with the primary packaging material. Dependent on the risks, the use of food-grade fluids should be considered.

7.1.4.6.2 Appropriate ventilation and exhaust systems shall be provided, where necessary, to minimize

contamination. Particular attention shall be given to recirculation systems.

7.1.4.6.3 If water comes into direct contact with the primary packaging material, or its starting

material, or is used for cleaning the equipment in contact with the product, its quality shall be determined and controlled.

7.1.4.6.4 Processing aids shall be defined and be subject to a documented risk assessment for their

potential impact on the quality of the primary packaging materials and used in a controlled manner.

7.1.4.7 Maintenance and cleaning activities

7.1.4.7.1 The organization shall establish documented requirements for maintenance activities (e.g. production processes, systems and equipment), when such activities or lack thereof can affect product quality. 7.1.4.7.2 Records of such maintenance shall be maintained (see 7.5.3). 7.1.4.7.3 Repair and maintenance operations shall not present any hazard to the quality of products. Maintenance operations shall not introduce contamination and, on completion, shall include a documented cleanliness check.

7.1.4.7.4 The organization shall ensure that the infrastructure is managed, operated, cleaned and,

where appropriate, maintained in accordance with GMP and so as to avoid product contamination (including control of particulate matter and microbiological control where applicable).

7.1.4.7.5 The organization shall define and document a cleaning schedule that takes into account the

contamination risk. NOTE Documented procedures and schedules for cleaning can contain where applicable: 22 -- `,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) — cleaning methods; — materials used, e.g. detergents/disinfectants; — areas/equipment to be cleaned; — precautions and cleaning routines for spillage; — records required. Following cleaning, it is good practice to store the equipment in a clean and dry condition and separately from soiled equipment.

7.1.4.7.6 A set of technical documentation for quality critical equipment and installations shall be

maintained.

7.1.4.7.7 Defective quality critical equipment shall be removed from service and/or clearly labelled

and product produced evaluated (see 9.1.3). Prior to reintroduction it shall be verified as suitable for use.

7.1.5 Monitoring and measuring resources

ISO 9001:2015, Quality management systems — Requirements

7.1.5 Monitoring and measuring resources

7.1.5.1 General

The organization shall determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements. The organization shall ensure that the resources provided: a) are suitable for the specific type of monitoring and measurement activities being undertaken; b) are maintained to ensure their continuing fitness for their purpose. The organization shall retain appropriate documented information as evidence of fitness for purpose o7.f1 t.h5e.2 m oMneitaosruinrge manedn mt teraascueraebmileintyt resources. When measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in the validity of measurement results, measuring equipment shall be: a) calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; when no such standards exist, the basis used for calibration or verification shall be retained as documented information; b) identified in order to determine their status; c) safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results. The organization shall determine if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose, and shall take appropriate action as necessary. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

7.1.6 Organizational knowledge

ISO 9001:2015, Quality management systems — Requirements

7.1.6 Organizational knowledge

The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. This knowledge shall be maintained and be made available to the extent necessary. When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates. NOTE 1 Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization's objectives. NOTE 2 Organizational knowledge can be based on: a) internal sources (e.g. intellectual property; knowledge gained from experience; lessons learned from failures and successful projects; capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products and services); b) external sources (e.g. standards; academia; conferences; gathering knowledge from customers or external providers).

7.2 Competence

7.2.1 General

ISO 9001:2015, Quality management systems — Requirements

7.2 Competence

The organization shall: a) determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the quality management system; b) ensure that these persons are competent on the basis of appropriate education, training, or experience; c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; d) retain appropriate documented information as evidence of competence. NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the re- assignment of currently employed persons; or the hiring or contracting of competent persons.

7.2.2 GMP-training

7.2.2.1 Additional training shall be conducted regularly and include awareness of applicable GMP and

all procedures and policies that affect product quality and the quality management system. This training shall include: a) the risk of contamination and cross-contamination, b) the potential hazard to end user/patient if product is contaminated, and --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) c) the impact of any deviations from specified procedures, processes or specifications on customer's product quality or on the end user.

7.2.2.2 Particular attention shall be given to the training of the personnel involved with the manufacture

of sterile components or components to be subsequently sterilized.

7.2.2.3 Specific training on microbiological and particulate contamination and the potential risk to the

patient of such contamination shall be provided. 7.2.2.4 Additional refresher training shall be carried out at defined intervals. 7.2.2.5 Temporary personnel shall be trained or be under the supervision of a trained person.

7.2.2.6 Where consultants are employed to advise on quality matters, records of their qualifications

and type of service(s) provided shall be maintained.

7.2.2.7 Contractors and visitors shall receive appropriate instructions prior to entering the

manufacturing /production facilities.

7.3 Awareness

ISO 9001:2015, Quality management systems — Requirements

7.3 Awareness

The organization shall ensure that persons doing work under the organization's control are aware of: a) the quality policy; b) relevant quality objectives; c) their contribution to the effectiveness of the quality management system, including the benefits of improved performance; d) the implications of not conforming with the quality management system requirements.

7.4 Communication

ISO 9001:2015, Quality management systems — Requirements

7.4 Communication

The organization shall determine the internal and external communications relevant to the quality management system, including: a) on what it will communicate; b) when to communicate; c) with whom to communicate; d) how to communicate; e) who communicates. GMP in this document and regulatory requirements shall be communicated, as appropriate, to each level of the organization. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) Top management shall be notified of quality critical situations, in a timely manner. NOTE Examples of communication processes include those related to the communication of the quality policy, management review, internal quality audit results, and corrective and preventive actions.

7.5 Documented information

7.5.1 General

ISO 9001:2015, Quality management systems — Requirements

7.5 Documented information

7.5.1 General

The organization's quality management system shall include: a) documented information required by this International Standard; b) documented information determined by the organization as being necessary for the effectiveness of the quality management system. NOTE The extent of documented information for a quality management system can differ from one organization to another due to: — the size of organization and its type of activities, processes, products and services; — the complexity of processes and their interactions; — the competence of persons.

7.5.2 Creating and updating

ISO 9001:2015, Quality management systems — Requirements

7.5.2 Creating and updating

When creating and updating documented information, the organization shall ensure appropriate: a) identification and description (e.g. a title, date, author, or reference number); b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic); c) review and approval for suitability and adequacy. The organization shall ensure that changes to documents are reviewed and approved either by the original approving function or another designated function which has access to pertinent background information upon which to base its decisions. If electronic signatures are used on documents, they shall be controlled to provide equivalent security to that given by a hand-written signature. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

7.5.3 Control of documented information

ISO 9001:2015, Quality management systems — Requirements

7.5.3 Control of documented information

7.5.3.1 Documented information required by the quality management system and by this

International Standard shall be controlled to ensure: a) it is available and suitable for use, where and when it is needed; b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following

activities, as applicable: a) distribution, access, retrieval and use; b) storage and preservation, including preservation of legibility; c) control of changes (e.g. version control); d) retention and disposition. Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and be controlled. Documented information retained as evidence of conformity shall be protected from unintended alterations. NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

7.5.3.3 The organization shall define the period for which at least one copy of obsolete, controlled

documents shall be retained (see also 7.5.3.11). Obsolete documents shall be stored and marked to prevent unintended use.

7.5.3.4 Records established to provide evidence of conformity to requirements and of the effective

operation of the quality management system shall be controlled. The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records. Records shall remain legible, readily identifiable and retrievable. NOTE Records comprise batch-related manufacturing data as well as other quality records such as deviation and investigation reports.

7.5.3.5 Electronic records shall be subject to the same controls as those required for other records (see

7.5.3.4 and 8.5.1.2.6).

7.5.3.6 Entries in records shall be clear, indelible, made directly after performing the activity (in the

order performed), dated, and initialled or signed by the person making the entry. Corrections for entries shall be dated, initialled or signed and, where appropriate, explained, leaving the original entry still legible. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

7.5.3.7 The organization shall define the quality critical processes and parameters where a double-

check is necessary for the release of a batch. Records shall clearly demonstrate the identified check and stages. If either check is carried out electronically this shall be clearly defined.

7.5.3.8 For each batch of primary packaging material the organization shall establish and maintain

a record that provides traceability (see 8.5.2) and identifies the quantity manufactured and quantity approved for distribution.

7.5.3.9 The organization shall define those parameters of the batch documentation that need to be

verified. 7.5.3.10 The batch documentation shall be verified and approved.

7.5.3.11 All manufacturing, control, testing, distribution and investigation records shall be retained for

at least five years after the date of manufacture of the primary packaging material or as agreed with the customer. NOTE The records of the primary packaging material might need to be retained until the end of the shelf-life of the medicinal product as specified by the customer.

7.5.4 Administration of IT systems and data

There shall be a documented procedure: a) for the assignment of responsibility to ensure that information technology and the data themselves are secure and maintained; b) to ensure that network and files are secure and that only authorized personnel have access to systems and files; c) to ensure file integrity, when files are stored in a shared area, such as a file server, accessed by several workstations; d) covering password management and security routines including ‘sleep mode’, which shall exist to cover periods of personnel absence from the computer; e) for the back-up and recovery of electronic product related data, which defines the frequency of back-up, the method and media to be used, and the physical process for safe storage of the data files; the back-up media shall be identified and traceable. The organization shall have a documented information technology (IT) recovery plan which details the system for partial and total recovery of data in the event of a failure of the IT system. At defined intervals the system shall be verified to ensure the data can be restored. If IT systems are changed, access to legacy systems and data shall be defined as part of change control (see 8.5.6). --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) 8 Operation

8.1 Operational planning and control

ISO 9001:2015, Quality management systems — Requirements 8 Operation

8.1 Operational planning and control

The organization shall plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6, by: a) determining the requirements for the products and services; b) establishing criteria for:

  1. the processes;
  2. the acceptance of products and services; c) determining the resources needed to achieve conformity to the product and service requirements; d) implementing control of the processes in accordance with the criteria; e) determining, maintaining and retaining documented information to the extent necessary:
  3. to have confidence that the processes have been carried out as planned;
  4. to demonstrate the conformity of products and services to their requirements. The output of this planning shall be suitable for the organization's operations. The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. The organization shall ensure that outsourced processes are controlled (see 8.4). Product realization planning shall consider the requirement for consistent processing of primary packaging materials. Planning shall also take account of the need for taking and retaining samples in appropriate conditions. The organization shall ensure that risk management processes are included in the planning and implemented throughout product realization; records shall be maintained (see 7.5.3.4). --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E)

8.2 Requirements for products and services

8.2.1 Customer communication

8.2.1.1 General

ISO 9001:2015, Quality management systems — Requirements

8.2 Requirements for products and services

8.2.1 Customer communication

Communication with customers shall include: a) providing information relating to products and services; b) handling enquiries, contracts or orders, including changes; c) obtaining customer feedback relating to products and services, including customer complaints; d) handling or controlling customer property; e) establishing specific requirements for contingency actions, when relevant.

8.2.1.2 Additional GMP-related requirements
8.2.1.2.1 The organization shall establish and maintain a documented feedback system to provide early

warning of potential and actual quality problems and to facilitate customer input into the corrective and preventive action system.

8.2.1.2.2 When required by the customer, the organization shall agree with the customer which

changes require written confirmation prior to approval and which changes require notification only. Proposed changes shall be communicated in a timely manner and the process for introducing changes agreed (see 8.2.2). It is recommended that, between the organization and the customer, there is a documented technical/quality assurance agreement that includes the action to be taken for nonconformities (see 8.3).

8.2.1.2.3 If specified by the customer, samples and certification documents provided for evaluation,

stability testing or clinical trials for marketing authorization applications, shall be compliant with the appropriate GMP procedures and controls. As part of a marketing authorization application, the customer can require the organization to provide specified information. An appropriately qualified individual within the organization shall approve such information. EXAMPLE Such information are composition, test data, specifications, control methods and processing conditions. Changes that affect any of the data supplied by the organization should be communicated to the customer or the regulatory authority, as appropriate (see 8.2.2 and 8.5.6). NOTE To facilitate organization confidentiality, scientific and technical information can be supplied as a dossier directly to the global authorities, for example in the form of a Drug Master File (DMF), or European Pharmacopoeia Certificate of Suitability, in connection with the application for a marketing authorization and records maintained. 8.2.1.2.4 For GMP requirements for printed primary packaging materials, Annex C shall apply. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

8.2.2 Determining the requirements for products and services

ISO 9001:2015, Quality management systems — Requirements

8.2.2 Determining the requirements related to products and services

When determining the requirements for the products and services to be offered to customers, the organization shall ensure that: a) the requirements for the products and services are defined, including:

  1. any applicable statutory and regulatory requirements;
  2. those considered necessary by the organization; b) the organization can meet the claims for the products and services it offers. Requirements related to the product, including changes requiring notification, shall be determined and documented. Customer requirements to avoid unauthorized use of waste primary packaging material (including samples, print media, labels) shall be determined and documented.

8.2.3 Review of the requirements for products and services

ISO 9001:2015, Quality management systems — Requirements

8.2.3.1 The organization shall ensure that it has the ability to meet the requirements for products

and services to be offered to customers. The organization shall conduct a review before committing to supply products and services to a customer, to include: a) requirements specified by the customer, including the requirements for delivery and post- delivery activities; b) requirements not stated by the customer, but necessary for the specified or intended use, when known; c) requirements specified by the organization; d) statutory and regulatory requirements applicable to the products and services; e) contract or order requirements differing from those previously expressed. The organization shall ensure that contract or order requirements differing from those previously defined are resolved. The customer's requirements shall be confirmed by the organization before acceptance, when the customer does not provide a documented statement of their requirements. NOTE In some situations, such as internet sales, a formal review is impractical for each order. Instead, the 8re.v2i.e3w.2 can cover relevant product information, such as catalogues. The organization shall retain documented information, as applicable: a) on the results of the review; b) on any new requirements for the products and services. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

8.2.4 Changes to requirements for products and services

ISO 9001:2015, Quality management systems — Requirements

8.2.4 Changes to requirements for products and services

The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.

8.3 Design and development of products and services

8.3.1 General

ISO 9001:2015, Quality management systems — Requirements

8.3 Design and development of products and services

8.3.1 General

The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.

8.3.2 Design and development planning

ISO 9001:2015, Quality management systems — Requirements

8.3.2 Design and development planning

In determining the stages and controls for design and development, the organization shall consider: a) the nature, duration and complexity of the design and development activities; b) the required process stages, including applicable design and development reviews; c) the required design and development verification and validation activities; d) the responsibilities and authorities involved in the design and development process; e) the internal and external resource needs for the design and development of products and services; f) the need to control interfaces between persons involved in the design and development process; g) the need for involvement of customers and users in the design and development process; h) the requirements for subsequent provision of products and services; i) the level of control expected for the design and development process by customers and other relevant interested parties; j) the documented information needed to demonstrate that design and development requirements have been met. The organization shall implement documented procedures for design and development. These procedures shall include risk assessment, determination of relevant aspects of GMP and any potential impact on the customer and ultimately the patient. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) The responsibility for design and risk assessment should be agreed between the customer and the organization.

8.3.3 Design and development inputs

ISO 9001:2015, Quality management systems — Requirements

8.3.3 Design and development inputs

The organization shall determine the requirements essential for the specific types of products and services to be designed and developed. The organization shall consider: a) functional and performance requirements; b) information derived from previous similar design and development activities; c) statutory and regulatory requirements; d) standards or codes of practice that the organization has committed to implement; e) potential consequences of failure due to the nature of the products and services. Inputs shall be adequate for design and development purposes, complete and unambiguous. Conflicting design and development inputs shall be resolved. The organization shall retain documented information on design and development inputs.

8.3.4 Design and development controls

ISO 9001:2015, Quality management systems — Requirements

8.3.4 Design and development controls

The organization shall apply controls to the design and development process to ensure that: a) the results to be achieved are defined; b) reviews are conducted to evaluate the ability of the results of design and development to meet requirements; c) verification activities are conducted to ensure that the design and development outputs meet the input requirements; d) validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use; e) any necessary actions are taken on problems determined during the reviews, or verification and validation activities; f) documented information of these activities is retained. NOTE Design and development reviews, verification and validation have distinct purposes. They can be conducted separately or in any combination, as is suitable for the products and services of the organization. Verification and validation in this context is limited to design and development. For verification and validation of production and service provision, see 8.5. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

8.3.5 Design and development outputs

ISO 9001:2015, Quality management systems — Requirements

8.3.5 Design and development outputs

The organization shall ensure that design and development outputs: a) meet the input requirements; b) are adequate for the subsequent processes for the provision of products and services; c) include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria; d) specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision. e) are verified as suitable before finalizing product specifications. The organization shall retain documented information on design and development outputs. NOTE 1 The organization and customer are encouraged to work together to verify the appropriateness of the primary packaging materials for their intended use. NOTE 2 Design and development outputs can include records (specifications, manufacturing procedures, engineering drawings, engineering or research logbooks) and samples.

8.3.6 Design and development changes

ISO 9001:2015, Quality management systems — Requirements

8.3.6 Design and development changes

The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements. The organization shall retain documented information on: a) design and development changes; b) the results of reviews; c) the authorization of the changes; d) the actions taken to prevent adverse impacts. Changes that affect any of the data supplied shall be reported to the customer and, if a technical dossier/master file has been supplied by the organization, directly to the regulatory authorities. When implementing change, the existing validation and documents affected by the change shall be reviewed and revised; personnel shall be retrained as appropriate. NOTE Confidential scientific and technical information (of the organization) can be supplied as a dossier directly to the regulatory authorities (e.g. technical dossier and/or master file). Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

8.4 Control of externally provided processes, products and services

8.4.1 General

ISO 9001:2015, Quality management systems — Requirements

8.4 Control of externally provided processes, products and services

8.4.1 General

The organization shall ensure that externally provided processes, products and services conform to requirements. The organization shall determine the controls to be applied to externally provided processes, products and services when: a) products and services from external providers are intended for incorporation into the organization's own products and services; b) products and services are provided directly to the customer(s) by external providers on behalf of the organization; c) a process, or part of a process, is provided by an external provider as a result of a decision by the organization. The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements. The organization shall retain documented information of these activities and any necessary actions arising from the evaluations. The organization shall maintain relevant purchasing information, i.e. documents (see 7.5.2 and 7.5.3.3) and records (see 7.5.3.4), to the extent required for traceability as given in 8.5.2.2. If any quality critical process is outsourced, the organization shall ensure that the process complies with the requirements of this document. --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- 35 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E)

8.4.2 Type and extent of control

8.4.2.1 General

ISO 9001:2015, Quality management systems — Requirements

8.4.2 Type and extent of control

The organization shall ensure that externally provided processes, products and services do not adversely affect the organization's ability to consistently deliver conforming products and services to its customers. The organization shall: a) ensure that externally provided processes remain within the control of its quality management system; b) define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output; c) take into consideration:

  1. the potential impact of the externally provided processes, products and services on the organization's ability to consistently meet customer and applicable statutory and regulatory requirements;
  2. the effectiveness of the controls applied by the external provider; d) determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements.
8.4.2.2 Additional GMP-related requirements on type and extent of control
8.4.2.2.1 The organization shall approve suppliers of

a) starting materials, b) quality critical process aids, and c) packaging materials for use in cleanrooms.

8.4.2.2.2 The organization shall notify the customer prior to outsourcing any part of the production

process.

8.4.2.2.3 All outsourced services that can affect product quality shall be controlled, including

origination (artwork), laboratory services, sterilization, calibration services and qualification services, maintenance, cleaning, haulage, pest control and waste contractors, depending on the risks involved.

8.4.2.2.4 Consultants advising on the production and control of primary packaging materials shall be

considered as suppliers.

8.4.2.2.5 Suppliers of quality critical materials and services shall be approved by the quality unit(s) or

a person assigned by the quality unit(s).

8.4.2.2.6 The organization shall evaluate and record the competence of laboratories to perform quality

critical activities. The organization shall only use laboratories that it has accepted as being competent to perform quality critical activities. 36 --`,,,,,,,,,,,,,,,,``` ,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E)

8.4.2.2.7 If the sterilization process is outsourced, the organization shall ensure that the process

complies with the requirements of 8.5.1.2, 8.5.1.3 and 8.5.1.4. 8.4.2.2.8 Changing the source of quality critical raw materials shall be subject to change control.

8.4.2.2.9 Incoming materials shall be physically or administratively quarantined until they have been

approved and released for use. NOTE In exceptional circumstances, material under test can be used, provided there are fail-safe procedures in place to prevent the release of primary packaging material, until the status of those materials has been confirmed.

8.4.2.2.10 For quality critical materials, the organization shall periodically verify the relevant

and/or critical information received from their suppliers on a certificate of analysis (CoA), certificate of conformity (CoC), or certificate of testing (CoT). NOTE 1 This can mean performing similar testing on site, by an independent contractor, or routine audit of the facilities to ensure that there is a high level of confidence in the supplier information. Alternatively, an audit can be replaced by a certified management system if justified. NOTE 2 In lieu of such testing by the organization, a report of analysis, e.g. CoA, CoC, or CoT, can be accepted from the supplier, provided that at least one specific identity test is conducted on the material or sub-component by the organization. 8.4.2.2.11 Records of the verification shall be maintained (see 7.5.3).

8.4.2.2.12 Sampling activities shall be conducted in accordance with a sampling method, using

procedures, facilities and equipment designed to avoid contamination.

8.4.3 Information for external providers

ISO 9001:2015, Quality management systems — Requirements

8.4.3 Information for external providers

The organization shall ensure the adequacy of requirements prior to their communication to the external provider. The organization shall communicate to external providers its requirements for: a) the processes, products and services to be provided; b) the approval of:

  1. products and services;
  2. methods, processes and equipment;
  3. the release of products and services; c) competence, including any required qualification of persons; d) the external providers' interactions with the organization; e) control and monitoring of the external providers' performance to be applied by the organization; f) verification or validation activities that the organization, or its customer, intends to perform at the external providers' premises. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

8.5 Production and service provision

8.5.1 Control of production and service provision

8.5.1.1 General

ISO 9001:2015, Quality management systems — Requirements

8.5 Production and service provision

8.5.1 Control of production and service provision

The organization shall implement production and service provision under controlled conditions. Controlled conditions shall include, as applicable: a) the availability of documented information that defines:

  1. the characteristics of the products to be produced, the services to be provided, or the activities to be performed;
  2. the results to be achieved; b) the availability and use of suitable monitoring and measuring resources; c) the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met; d) the use of suitable infrastructure and environment for the operation of processes; e) the appointment of competent persons, including any required qualification; f) the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement; g) the implementation of actions to prevent human error; h) the implementation of release, delivery and post-delivery activities. i) the definition of the date of manufacture, taking into account the processes involved; j) special attention to marking, labelling and packaging operations to provide effective control and to prevent errors; k) a documented procedure defining the management of process deviations [the quality critical deviations shall be investigated and the outcome recorded (see 7.5.3)].
8.5.1.2 Additional GMP-related requirements on verification, qualification and validation
8.5.1.2.1 Verification and/or qualification or validation shall be performed when significant changes

to the facilities, equipment and process occur which can affect the quality of the product. NOTE 1 Change control of the validation process is part of the organization's change control policy. NOTE 2 Guidance on verification, qualification and validation requirements for primary packaging materials is given in Annex D. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

8.5.1.2.2 Where appropriate, validation of the individual product shall be carried out as agreed with

the customer.

8.5.1.2.3 The results of validation shall be recorded (see 7.5.3). Validation records shall be maintained

throughout the life of the equipment and process and for a period of two years beyond retirement or as agreed with the customer.

8.5.1.2.4 For software used in quality critical processes, functional tests to verify the traceability,

transfer accuracy and retention of data shall be performed in sufficient number and under appropriate conditions. The system shall be checked, e.g. by entering correct and incorrect data in order to detect the traceability, transfer accuracy and retention of data or records. 8.5.1.2.5 The results of these tests and checks shall be recorded (see 7.5.3).

8.5.1.2.6 Electronic records shall be secured and protected against loss and accidental corruption and

in a form that will permit regeneration; if this is not possible, hard copy prints shall be retained for a period of two years beyond equipment retirement or as agreed with the customer (see 7.5.3.5). NOTE For further details on data security, management and software validation, see IEC 60601–1, the GAMP (Good Automated Manufacturing Practice) Guide, and US/FDA Code of Federal Regulations 21, part 11.

8.5.1.2.7 The organization shall identify the quality critical processes within its operations, namely

those that influence the quality of the primary packaging material. Control over any of these processes where the resulting output cannot be verified by subsequent monitoring or measurement shall be demonstrated through validation and documented.

8.5.1.2.8 Risk assessment shall be used to determine which processes are quality critical, and to

determine the extent of the validation work necessary to demonstrate control of these processes. Risk analysis shall be related to product quality related attributes.

8.5.1.2.9 Equipment, utilities and facilities used for manufacturing primary packaging materials shall

be verified or qualified /validated, in accordance with a documented risk assessment. 8.5.1.2.10 There shall be regular, recorded challenge tests of automatic inspection equipment (e.g. 100 % camera inspection systems and code system readers) to verify the continued functionality.

8.5.1.2.11 Test equipment used in determining the acceptance of quality critical starting materials,

intermediate/in-process or finished product shall be calibrated and additional qualification tests performed if appropriate.

8.5.1.3 Cleanliness of product and contamination control
8.5.1.3.1 The organization shall establish and maintain documented requirements for cleanliness of

primary packaging materials and procedures to prevent contamination of equipment or product. The potential risks associated with any materials or process aids which can carry a risk to patient safety, e.g. transmissible spongiform encephalopathies (TSE), should be evaluated.

8.5.1.3.2 All production processes in clean zones or in controlled areas, including environmental

controls, production, in-process controls and packaging of primary packaging materials shall comply with the specified area conditions and operating criteria. Cleanrooms shall have airlocks.

8.5.1.3.3 Production processes in controlled environmental conditions shall be agreed between the

customer and organization. (See also 9.1.2.) Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

8.5.1.3.4 The organization shall also establish documented cleanliness requirements for primary

packaging materials when a) primary packaging material is cleaned by the organization prior to sterilization by the organization and/or its use, or b) primary packaging material is to be supplied non-sterile and its cleanliness is of significance in use, or c) process agents are to be removed from product during manufacture.

8.5.1.3.5 Storage containers and their attendant manifolds, and filling and discharge lines shall be

identified. 8.5.1.3.6 Special attention (e.g. identification, security, cleanliness) shall be given prior to discharge in and out of bulk containers/silos. 8.5.1.3.7 Handling/transfer containers shall be clean and not contribute to particulate contamination. For product contact packaging materials they shall be covered or appropriately sealed.

8.5.1.3.8 Written procedures shall be established for the cleaning of equipment used in the production

of primary packaging materials. Records of cleaning equipment that are critical to the quality of primary packaging materials shall be maintained (see 7.5.3). 8.5.1.3.9 Production equipment/areas shall be identified as to content and cleaning status.

8.5.1.3.10 The incorporation of reprocessed materials is inherent in the manufacture of some materials

(e.g. glass, aluminium, paper, thermoplastics). Reprocessing parameters shall be defined and agreed with the customer. (See also 9.1.2.)

8.5.1.3.11 Unless agreed with the customer, thermoplastic materials shall not be reground and reused

in primary packaging materials. (See also 9.1.2.)

8.5.1.3.12 There shall be a line clearance inspection between different batches to remove all materials and

documentation not required for the next operation. Line clearance activities shall be recorded (see 7.5.3). NOTE As an example, reusable handling/transfer containers used to hold starting materials during processing are subject to a documented cleanliness check before being loaded with a different material to avoid cross-contamination.

8.5.1.3.13 Partially reduced line clearances or automated changeover systems that are designed to

reduce make-ready time and do not permit a total line clearance shall be subject to a documented risk assessment and operated with controls to ensure product quality.

8.5.1.3.14 Pallets shall be constructed of materials appropriate to the product being handled, sourced

and controlled to reduce the risk of contamination. NOTE Wooden pallets could be contaminated through migration of any chemicals used in other pallet treatments.

8.5.1.4 Particular requirements for sterile primary packaging materials
8.5.1.4.1 The organization shall maintain records (see 7.5.3) of the process parameters for the

sterilization process, which was used for each sterilization batch. Sterilization records shall be traceable to each batch of primary packaging material. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E)

8.5.1.4.2 If sterilization is a requirement, the organization shall establish documented procedures for

the validation of sterilization processes. Sterilization processes shall be validated prior to initial use and revalidated periodically. Records of the results of sterilization process validation shall be maintained (see 7.5.3). See ISO 11135, ISO 11137-1 or ISO 11137-2.

8.5.1.4.3 Where sterilization is a requirement, the organization shall subject the primary packaging

materials to a validated sterilization process and record all the control parameters of the sterilization process. If the sterilization process is outsourced, the organization shall ensure that the process complies with the appropriate requirements of this document. See ISO 14937.

8.5.2 Identification and traceability

8.5.2.1 General

ISO 9001:2015, Quality management systems — Requirements

8.5.2 Identification and traceability

The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services. The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision. The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability.

8.5.2.2 Additional GMP-related requirements
8.5.2.2.1 The organization shall establish and maintain a system to trace all production materials from

source to product realization, defining the extent and the records required based on risk assessment (see 7.5.3, 10.2.3 and 10.3). 8.5.2.2.2 Batch production records shall be identified with a unique batch or identification reference.

8.5.2.2.3 Records of the use of quality critical equipment shall be retained (see 7.5.3). These records

shall also include cleaning and maintenance activities in sequence with the manufacturing operations. Maintenance activities shall be documented and traceable to a particular manufacturing operation or piece of equipment.

8.5.2.2.4 The organization shall establish and maintain documented procedures to ensure that

primary packaging materials returned to the organization for e.g. reprocessing to specified requirements are identified and distinguished from normal production at all times.

8.5.2.2.5 In order to reduce the risk of cross-contamination of materials, intermediates and finished

products, they shall be segregated by suitable means based on a risk assessment e.g. physical segregation, labelling, barcoding, electronic locations. --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E)

8.5.3 Property belonging to customers or external providers

ISO 9001:2015, Quality management systems — Requirements

8.5.3 Property belonging to customers or external providers

The organization shall exercise care with property belonging to customers or external providers while it is under the organization's control or being used by the organization. The organization shall identify, verify, protect and safeguard customers' or external providers' property provided for use or incorporation into the products and services. When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred. NOTE A customer's or external provider's property can include materials, components, tools and equipment, premises, intellectual property and personal data.

8.5.4 Preservation

8.5.4.1 General

ISO 9001:2015, Quality management systems — Requirements

8.5.4 Preservation

The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements. NOTE Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.

8.5.4.2 Additional GMP-related requirements
8.5.4.2.1 The organization shall establish and maintain a system for the control of product with

a limited shelf-life or requiring special storage conditions. Such special storage conditions shall be controlled and recorded (see 7.5.3). Shelf-lives shall be justified.

8.5.4.2.2 The product shall be clearly identified, segregated and securely stored, and protected from

extraneous matter or contamination. Packaging used to produce and contain the product shall be clean and suitable. Deliveries shall be accompanied by appropriate documentation. The delivery documentation shall be batch-specific.

8.5.4.2.3 If packaging containers are reused, previous labels shall be removed or defaced. The

containers shall be cleaned or verified as clean, in accordance with a documented procedure.

8.5.4.2.4 If required, any special transport or storage conditions for primary packaging materials shall

be stated on the label and complied with. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

8.5.5 Post-delivery activities

ISO 9001:2015, Quality management systems — Requirements

8.5.5 Post-delivery activities

The organization shall meet requirements for post-delivery activities associated with the products and services. In determining the extent of post-delivery activities that are required, the organization shall consider: a) statutory and regulatory requirements; b) the potential undesired consequences associated with its products and services; c) the nature, use and intended lifetime of its products and services; d) customer requirements; e) customer feedback. NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.

8.5.6 Control of changes

8.5.6.1 General

ISO 9001:2015, Quality management systems — Requirements

8.5.6 Control of changes

The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements. The organization shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

8.5.6.2 Additional GMP-related requirements
8.5.6.2.1 The organization shall establish and operate a documented procedure for an effective change

control system, incorporating the evaluation of risk(s) associated with all proposed changes that can have potential impact on the quality of supplied product.

8.5.6.2.2 The evaluation of the change on the quality of the product shall determine if validation or

revalidation is required.

8.5.6.2.3 The organization’s change control procedure shall ensure supporting data are generated to

demonstrate that the change will result in a product of desired quality and safety, consistent with the approved specifications. 8.5.6.2.4 Defined functions shall have the responsibility and authority for approval of changes. Approved changes shall be implemented in a controlled manner. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

8.6 Release of products and services

ISO 9001:2015, Quality management systems — Requirements

8.6 Release of products and services

The organization shall implement planned arrangements, at appropriate stages, to verify that the product and service requirements have been met. The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer. The organization shall retain documented information on the release of products and services. The documented information shall include: a) evidence of conformity with the acceptance criteria; b) traceability to the person(s) authorizing the release.

8.7 Control of nonconforming outputs

ISO 9001:2015, Quality management systems — Requirements

8.7.1 The organization shall ensure that outputs that do not conform to their requirements are

identified and controlled to prevent their unintended use or delivery. The organization shall take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services. This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services. The organization shall deal with nonconforming outputs in one or more of the following ways: a) correction; b) segregation, containment, return or suspension of provision of products and services; c) informing the customer; d) obtaining authorization for acceptance under concession. Conformity to the requirements shall be verified when nonconforming outputs are corrected.

8.7.2 The organization shall retain documented information that:

a) describes the nonconformity; b) describes the actions taken; c) describes any concessions obtained; d) identifies the authority deciding the action in respect of the nonconformity. --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) 9 Performance evaluation

9.1 M onitoring, measurement, analysis and evaluation

9.1.1 General

ISO 9001:2015, Quality management systems — Requirements 9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.1.1 General

The organization shall determine: a) what needs to be monitored and measured; b) the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results; c) when the monitoring and measuring shall be performed; d) when the results from monitoring and measurement shall be analysed and evaluated. The organization shall evaluate the performance and the effectiveness of the quality management system. The organization shall retain appropriate documented information as evidence of the results.

9.1.2 Customer satisfaction

ISO 9001:2015, Quality management systems — Requirements

9.1.2 Customer satisfaction

The organization shall monitor customers' perceptions of the degree to which their needs and expectations have been fulfilled. The organization shall determine the methods for obtaining, monitoring and reviewing this information. NOTE Examples of monitoring customer perceptions can include customer surveys, customer feedback on delivered products and services, meetings with customers, market-share analysis, compliments, warranty claims and dealer reports. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

9.1.3 Analysis and evaluation

9.1.3.1 General

ISO 9001:2015, Quality management systems — Requirements

9.1.3 Analysis and evaluation

The organization shall analyse and evaluate appropriate data and information arising from monitoring and measurement. The results of analysis shall be used to evaluate: a) conformity of products and services; b) the degree of customer satisfaction; c) the performance and effectiveness of the quality management system; d) if planning has been implemented effectively; e) the effectiveness of actions taken to address risks and opportunities; f) the performance of external providers; g) the need for improvements to the quality management system. NOTE Methods to analyse data can include statistical techniques. The quality unit(s) shall ensure that quality critical deviations are investigated, resolved and documented. The organization shall establish and maintain documented procedures, including requirements for the analysis of data, to identify existing or potential causes of nonconforming product or other quality problems.

9.1.3.2 Investigation of OOS results

Any out-of-specification (OOS) result shall be investigated according to a documented procedure and the outcome recorded (see 7.5.3).

9.1.3.3 Incoming inspection and testing

Requirements shall be established and maintained for all materials used. Incoming materials shall be inspected or otherwise verified as conforming to specified requirements.

9.1.3.4 In-process controls
9.1.3.4.1 The organization shall, as required by documented procedures, inspect and test the product

during processing.

9.1.3.4.2 Sampling procedures shall be defined to ensure that samples are representative of the

process being assessed. Samples shall not be returned to the production area if removed to a separate testing location.

9.1.3.4.3 Additional in-process controls shall be carried out after an equipment breakdown or an

unscheduled interruption which stops the process. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

9.1.3.5 Batch release

The organization shall implement an approval process for the batch release of products from the organization. NOTE 1 Shipment prior to batch release can occur in accordance with a customer agreement. If final inspection is a requirement, it shall be completed prior to batch release. Sampling procedures shall be defined to ensure that samples are representative of the batch being assessed. Samples shall not be returned to the production area if removed to a separate testing location. A review of batch documentation shall be performed in order to release the batch. NOTE 2 Final inspection might not include all specification parameters on basis of the control system and control strategy.

9.1.3.6 Retained samples

Retained samples shall be taken in accordance with the organization's and/or customer’s requirements.

9.1.3.7 Process data

When required by the customer or their representative, production and control data related to the product (excluding the organization's confidential intellectual property) shall be made available for verification that the production process, in-process and final control and test equipment meet the requirements. --`,,,,,,,, ,,,,,,,,```,--,,,,,,,--- 47 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E)

9.2 I nternal audit

ISO 9001:2015, Quality management systems — Requirements

9.2 Internal audit

9.2.1 The organization shall conduct internal audits at planned intervals to provide information on

whether the quality management system: a) conforms to:

  1. the organization's own requirements for its quality management system;
  2. the requirements of this International Standard; b) is effectively implemented and maintained.

9.2.2 The organization shall:

a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits; b) define the audit criteria and scope for each audit; c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process; d) ensure that the results of the audits are reported to relevant management; e) take appropriate correction and corrective actions without undue delay; f) retain documented information as evidence of the implementation of the audit programme and the audit results. NOTE See ISO 19011 for guidance.

9.3 Management review

9.3.1 General

ISO 9001:2015, Quality management systems — Requirements

9.3 Management review

9.3.1 General

Top management shall review the organization's quality management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,```,,,,,,,,,,,,`,,,,``-- ISO 15378:2017(E)

9.3.2 Management review inputs

ISO 9001:2015, Quality management systems — Requirements

9.3.2 Management review inputs

The management review shall be planned and carried out taking into consideration: a) the status of actions from previous management reviews; b) changes in external and internal issues that are relevant to the quality management system; c) information on the performance and effectiveness of the quality management system, including trends in:

  1. customer satisfaction and feedback from relevant interested parties;
  2. the extent to which quality objectives have been met;
  3. process performance and conformity of products and services;
  4. nonconformities and corrective actions;
  5. monitoring and measurement results;
  6. audit results;
  7. the performance of external providers; d) the adequacy of resources; e) the effectiveness of actions taken to address risks and opportunities (see 6.1); f) opportunities for improvement. g) effectiveness of training.

9.3.3 Management review outputs

ISO 9001:2015, Quality management systems — Requirements

9.3.3 Management review outputs

The outputs of the management review shall include decisions and actions related to: a) opportunities for improvement; b) any need for changes to the quality management system; c) resource needs; d) training needs. The organization shall retain documented information as evidence of the results of management reviews. --`,,,,,,,,,,,,,,,,```,--, ,,,,,,--- 49 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E) 10 Improvement

10.1 General

ISO 9001:2015, Quality management systems — Requirements 10 Improvement

10.1 General

The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction. These shall include: a) improving products and services to meet requirements as well as to address future needs and expectations; b) correcting, preventing or reducing undesired effects; c) improving the performance and effectiveness of the quality management system. NOTE Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.

10.2 Nonconformity and corrective action

ISO 9001:2015, Quality management systems — Requirements

10.2 Nonconformity and corrective action

10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall:

a) react to the nonconformity and, as applicable:

  1. take action to control and correct it;
  2. deal with the consequences; b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
  3. reviewing and analysing the nonconformity;
  4. determining the causes of the nonconformity;
  5. determining if similar nonconformities exist, or could potentially occur; c) implement any action needed; d) review the effectiveness of any corrective action taken; e) update risks and opportunities determined during planning, if necessary; f) make changes to the quality management system, if necessary. Corrective actions shall be appropriate to the effects of the nonconformities encountered. NOTE For additional GMP requirements, see 10.2.3. --`,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E)

10.2.2 The organization shall retain documented information as evidence of:

a) the nature of the nonconformities and any subsequent actions taken; b) the results of any corrective action. 10.2.3 The following additional GMP-related requirements apply to nonconformity and corrective action. a) Nonconforming material or products shall be quarantined pending determination of corrective or other actions. When considering correction via rework or reconditioning, a risk assessment of any adverse effect of the reworking on the products shall be performed and recorded (see 7.5.3 and 8.5.1). b) Rework and/or reconditioning shall be in accordance with a documented procedure that has been approved by the quality unit(s). The rework procedure shall be agreed with the customer, where this is a specified requirement. c) If primary packaging material has been produced under cleanroom conditions, any rework shall be carried out under the same conditions. d) Any proposal to release nonconforming product shall be via a documented concession, authorized by the customer. e) Following rejection, primary packaging materials shall be disposed of or destroyed in accordance with a documented procedure. f) The organization shall establish and maintain documented procedures for the analysis of data, to identify existing or potential causes of nonconforming product or other quality problems. g) The organization shall investigate all customer complaints in a timely manner and communicate identified corrective action to all production and production-related sites. Action(s) shall be implemented as soon as practical and to an agreed timetable; records of investigation shall be maintained (see 7.5.3). h) Customer complaints not followed by corrective and/or preventive action shall be justified and also recorded (see 7.5.3).

10.3 Continual improvement

ISO 9001:2015, Quality management systems — Requirements

10.3 Continual improvement

The organization shall continually improve the suitability, adequacy and effectiveness of the quality management system. The organization shall consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement. Changes proposed as part of continual improvement shall be subject to risk management. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,,,,,``-- ISO 15378:2017(E) Annex A Clarification of new str(iuncftourmrea, ttievrem) inology and concepts ISO 9001:2015, Quality management systems — Requirements Annex A (informative) Clarification of new structure, terminology and concepts A.1 Structure and terminology The clause structure (i.e. clause sequence) and some of the terminology of this edition of this International Standard, in comparison with the previous edition (ISO 9001:2008), have been changed to improve alignment with other management systems standards. There is no requirement in this International Standard for its structure and terminology to be applied to the documented information of an organization's quality management system. The structure of clauses is intended to provide a coherent presentation of requirements, rather than a model for documenting an organization's policies, objectives and processes. The structure and content of documented information related to a quality management system can often be more relevant to its users if it relates to both the processes operated by the organization and information maintained for other purposes. There is no requirement for the terms used by an organization to be replaced by the terms used in this International Standard to specify quality management system requirements. Organizations can choose to use terms which suit their operations (e.g. using “records”, “documentation” or “protocols” rather than “documented information”; or “supplier”, “partner” or “vendor” rather than “external provider”). Table A.1 shows the major differences in terminology between this edition of this International Standard and the previous edition. Table A.1 — Major differences in terminology between ISO 9001:2008 and ISO 9001:2015 ISO 9001:2008 ISO 9001:2015 Products Products and services Exclusions Not used (See Clause A.5 for clarification of applicability) Management representative Not used (Similar responsibilities and authorities are assigned but no requirement for a single management representative) Documentation, quality manual, documented proce- Documented information dures, records Work environment Environment for the operation of processes Monitoring and measuring equipment Monitoring and measuring resources Purchased product Externally provided products and services Supplier External provider Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,,,,,,`,`,`,,,,,`,,,,``-- ISO 15378:2017(E) A.2 Products and services ISO 9001:2008 used the term “product” to include all output categories. This edition of this International Standard uses “products and services”. “Products and services” include all output categories (hardware, services, software and processed materials). The specific inclusion of “services” is intended to highlight the differences between products and services in the application of some requirements. The characteristic of services is that at least part of the output is realized at the interface with the customer. This means, for example, that conformity to requirements cannot necessarily be confirmed before service delivery. In most cases, products and services are used together. Most outputs that organizations provide to customers, or are supplied to them by external providers, include both products and services. For example, a tangible or intangible product can have some associated service or a service can have some associated tangible or intangible product. A.3 Understanding the needs and expectations of interested parties Subclause 4.2 specifies requirements for the organization to determine the interested parties that are relevant to the quality management system and the requirements of those interested parties. However, 4.2 does not imply extension of quality management system requirements beyond the scope of this International Standard. As stated in the scope, this International Standard is applicable where an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction. There is no requirement in this International Standard for the organization to consider interested parties where it has decided that those parties are not relevant to its quality management system. It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its quality management system. A.4 Risk-based thinking The concept of risk-based thinking has been implicit in previous editions of this International Standard, e.g. through requirements for planning, review and improvement. This International Standard specifies requirements for the organization to understand its context (see 4.1) and determine risks as a basis for planning (see 6.1). This represents the application of risk-based thinking to planning and implementing quality management system processes (see 4.4) and will assist in determining the extent of documented information. One of the key purposes of a quality management system is to act as a preventive tool. Consequently, this International Standard does not have a separate clause or subclause on preventive action. The concept of preventive action is expressed through the use of risk-based thinking in formulating quality management system requirements. The risk-based thinking applied in this International Standard has enabled some reduction in prescriptive requirements and their replacement by performance-based requirements. There is greater flexibility than in ISO 9001:2008 in the requirements for processes, documented information and organizational responsibilities. Although 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process. Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard, e.g. through the application of other guidance or standards. Not all the processes of a quality management system represent the same level of risk in terms of the organization's ability to meet its objectives, and the effects of uncertainty are not the same for all organizations. Under the requirements of 6.1, the--` `o,,,r,`,g,,,a,`,n`,`,i,,z,,at,-io-,,n,, i,s,,-r--esponsible for its application of risk- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E) based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks. A.5 Applicability This International Standard does not refer to “exclusions” in relation to the applicability of its requirements to the organization's quality management system. However, an organization can review the applicability of requirements due to the size or complexity of the organization, the management model it adopts, the range of the organization's activities and the nature of the risks and opportunities it encounters. The requirements for applicability are addressed in 4.3, which defines conditions under which an organization can decide that a requirement cannot be applied to any of the processes within the scope of its quality management system. The organization can only decide that a requirement is not applicable if its decision will not result in failure to achieve conformity of products and services. A.6 Documented information As part of the alignment with other management system standards, a common clause on “documented information” has been adopted without significant change or addition (see 7.5). Where appropriate, text elsewhere in this International Standard has been aligned with its requirements. Consequently, “documented information” is used for all document requirements. Where ISO 9001:2008 used specific terminology such as “document” or “documented procedures”, “quality manual” or “quality plan”, this edition of this International Standard defines requirements to “maintain documented information”. Where ISO 9001:2008 used the term “records” to denote documents needed to provide evidence of conformity with requirements, this is now expressed as a requirement to “retain documented information”. The organization is responsible for determining what documented information needs to be retained, the period of time for which it is to be retained and the media to be used for its retention. A requirement to “maintain” documented information does not exclude the possibility that the organization might also need to “retain” that same documented information for a particular purpose, e.g. to retain previous versions of it. Where this International Standard refers to “information” rather than “documented information” (e.g. in 4.1: “The organization shall monitor and review the information about these external and internal issues”), there is no requirement that this information is to be documented. In such situations, the organization can decide whether or not it is necessary or appropriate to maintain documented information. A.7 Organizational knowledge In 7.1.6, this International Standard addresses the need to determine and manage the knowledge maintained by the organization, to ensure the operation of its processes and that it can achieve conformity of products and services. Requirements regarding organizational knowledge were introduced for the purpose of: a) safeguarding the organization from loss of knowledge, e.g. — through staff turnover; — failure to capture and share information; b) encouraging the organization to acquire knowledge, e.g. — learning from experience; Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --``,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) — mentoring; — benchmarking. A.8 Control of externally provided processes, products and services All forms of externally provided processes, products and services are addressed in 8.4, e.g. whether through: a) purchasing from a supplier; b) an arrangement with an associate company; c) outsourcing processes to an external provider. Outsourcing always has the essential characteristic of a service, since it will have at least one activity necessarily performed at the interface between the provider and the organization. The controls required for external provision can vary widely depending on the nature of the processes, products and services. The organization can apply risk-based thinking to determine the type and extent of controls appropriate to particular external providers and externally provided processes, products and services. --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- 55 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E) Annex B Other International Standa(ridnsfo ornm qautiaveli)t y management and quality management systems developed by ISO/TC 176 ISO 9001:2015, Quality management systems — Requirements Annex B (informative) Other International Standards on quality management and quality management systems developed by ISO/TC 176 The International Standards described in this annex have been developed by ISO/TC 176 to provide supporting information for organizations that apply this International Standard, and to provide guidance for organizations that choose to progress beyond its requirements. Guidance or requirements contained in the documents listed in this annex do not add to, or modify, the requirements of this International Standard. Table B.1 shows the relationship between these standards and the relevant clauses of this International Standard. This annex does not include reference to the sector-specific quality management system standards developed by ISO/TC 176. This InternatioQnaula Slittayn dmaarnda igse omneen ot f styhset etmhrse e— c oFreu nsdtaanmdeanrtdasls d eavnedl ovpoecda bbuyl aISrOy/TC 176. — ISO 9000 provides an essential background for the proper understanding and implementation of this International Standard. The quality management principles are described in detail in ISO 9000 and have been taken into consideration during the development of this International Standard. These principles are not requirements in themselves, but they form the foundation of the requirements specified by this International Standard. ISO 9000 also defines the terms, definitions and concepts used in this International Standard. — ISO 9001 (this International Standard) specifies requirements aimed primarily at giving confidence in the products and services provided by an organization and thereby enhancing customer satisfaction. Its proper implementation can also be expected to bring other organizational benefits, such as improved internal communication, better understanding and control of the organization's processes.Managing for the sustained success of an organization — A quality management approach — ISO 9004 provides guidance for organizations that choose to progress beyond the requirements of this International Standard, to address a broader range of topics that can lead to improvement of the organization's overall performance. ISO 9004 includes guidance on a self-assessment methodology for an organization to be able to evaluate the level of maturity of its quality management system. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---`,,`,`,,`,,`-`-`,```,,,,,`,`,`,,,,,`,,,,-- ISO 15378:2017(E) The International Standards outlined below can provide assistance to organizations when they are establishing or sQeeukailnitgy tom iamnpargoevmee tnhte i—r q uCaulsittoym mearn saagteimsfaecntti osnys t—em Gsu, tidheeliirn pers ofcoers sceosd oers tohfe icro ancdtuivcitt ifeosr. organizations — ISO 10001 provides guidance to an organization in determining that its customer satisfaction provisions meet customer needs and expectations. Its use can enhance customer confidence in an organization and improve customer understanding of what to expect from an organization, thereby reducing theQ luikaeliltiyh omodan oaf gmemiseunntd e—rs tCaunsdtionmges ra nsdat cisofmacptliaoinn t—s. Guidelines for complaints handling in organizations — ISO 10002 provides guidance on the process of handling complaints by recognizing and addressing the needs and expectations of complainants and resolving any complaints received. ISO 10002 provides an open, effective and easy-to-use complaints process, including training of people. It aQlsuoa plirtoyv midaensa ggueimdeanntc e— f oCru ssmtoamlle br ussaitnisefsascetsio.n — Guidelines for dispute resolution external to organizations — ISO 10003 provides guidance for effective and efficient external dispute resolution for product-related complaints. Dispute resolution gives an avenue of redress when organizations do not remedy a complaint internally. Most complaints can be resolved successfully within the organizatioQnu, awliittyh omuatn aadgveemrseanrt i—al pCruoscteodmuerre ssa.tisfaction — Guidelines for monitoring and measuring — ISO 10004 provides guidelines for actions to enhance customer satisfaction and to determine opportunities for improvement of products, processes and attributes that are valued by customers. Such actions can strengthen cQuusatolimtye rm loaynaalgteym aenndt hseylpst eremtsa in— c uGsutoidmeleinrse.s for quality plans — ISO 10005 provides guidance on establishing and using quality plans as a means of relating requirements of the process, product, project or contract, to work methods and practices that support product realization. Benefits of establishing a quality plan are increased confidence that requirements will be met, that processes are in contrQoula alintdy mthaen magoetmiveantito sny sttheamt st h—is Gcuaind egliivnee st ofo trh qousael iitnyv molavneadg.ement in projects — ISO 10006 is applicable to projects from the small to large, from simple to complex, from an individual project to being part of a portfolio of projects. ISO 10006 is to be used by personnel managing projects and who need to ensure that their organization is applying the practices contained in the ISO quality management system stanQduaardlitsy. management systems — Guidelines for configuration management — ISO 10007 is to assist organizations applying configuration management for the technical and administrative direction over the life cycle of a product. Configuration management can be used to meet the product identificatioQnu aanlidt yt rmacaenaabgileimtye rnetq —uir eCmusetnotms esrp escaitfiisefda citni otnh is— In Gteurindaetliinoensa lf oSrt abnudsainrdes.s-to-consumer electronic commerce transactions — ISO 10008 gives guidance on how organizations can implement an effective and efficient business-to-consumer electronic commerce transaction (B2C ECT) system, and thereby provide a basis for consumers to have increased confidence in B2C ECTs, enhance the ability of organizatMioenass tuor esmateisnfty mcoannsaugmemeresn at nsdy shteelmp sr e—du cRee cqoumirepmlaeinnttss afonrd dmiespasuutreesm. ent processes and measuring equipment — ISO 10012 provides guidance for the management of measurement processes and metrological confirmation of measuring equipment used to support and demonstrate compliance with metrological requirements. ISO 10012 provides quality management criteria for a measurement management syGsutiedmel itnoe es nfosru rqeu amliettyr molaongaicgaelm reeqnut isryesmteemn tdso acruem menetta.tion — ISO/TR 10013 provides guidelines for the development and maintenance of the documentation necessary for a quality management system. ISO/TR 10013 can be used to document management systems other than those of the ISO quality management system standards, e.g. environmental management systems and safety management systems. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---,,,,,,,--,```,,,,,,,,,,,,,,,,``-- ISO 15378:2017(E) Quality management — Guidelines for realizing financial and economic benefits — ISO 10014 is addressed to top management. It provides guidelines for realizing financial and economic benefits through the application of quality management principles. It facilitates application of management principles and selectiQonu aolfi tmy emtahnoadgse amnedn tto —ol sG tuhidate leinneasb floer t htrea sinuisntgainable success of an organization. — ISO 10015 provides guidelines to assist organizations in addressing issues related to training. ISO 10015 can be applied whenever guidance is required to interpret references to “education” and “training” within the ISO quality management system standards. AnyG rueifdearnecnec eo nto s “ttartaisintiicnagl ”t eincchlnuidqeuse sa lflo trypes of education and training. — ISO/TR 10017 ISO 9001:2000 explains statistical techniques which follow from the variability that can be observed in the behaviour and results of processes, even under conditions of apparent stability. Statistical techniques allow better use of available data to assist in decision making, and thereby help to continually improve the quality of products and processes toQ aucahliietyv em cuanstaogmemere nsat ti—sf aGctuiiodne.lines on people involvement and competence — ISO 10018 provides guidelines which influence people involvement and competence. A quality management system depends on the involvement of competent people and the way that they are introduced and integrated into the organization. It is critical to determine, develop and evaluate the knowledge, skills, behaGvuiioduerli naensd f owro trhke seenlvecirtoionnm oef nqut areliqtyu miraedna. gement system consultants and use of their services — ISO 10019 provides guidance for the selection of quality management system consultants and the use of their services. It gives guidance on the process for evaluating the competence of a quality management system consultant and provides confidence that the organization's needs and expectations for the consultantG'su siedrevliinceess fwori lal ubdei tminegt .management systems — ISO 19011 provides guidance on the management of an audit programme, on the planning and conducting of an audit of a management system, as well as on the competence and evaluation of an auditor and an audit team. ISO 19011 is intended to apply to auditors, organizations implementing management systems, and organizations needing to conduct audits of management systems. Table B.1 — Relationship between other International Standards on quality management and quality management systems and the clauses of this International Standard Other Clause in this International Standard International 4 5 6 7 8 9 10 Standar d ISO 9000 All All All All All All All ISO 9004 All All All All All All All ISO 10001 8.2.2, 8.5.1 9.1.2 ISO 10002 8.2.1 9.1.2 10.2.1 ISO 10003 9.1.2 ISO 10004 9.1.2, 9.1.3 ISO 10005 5.3 6.1, 6.2 All All 9.1 10.2 ISO 10006 All All All All All All All ISO 10007 8.5.2 ISO 10008 All All All All All All All ISO 10012 7.1.5 ISO/TR 10013 7.5 ISO 10014 All All All All All All All ISO 10015 7.2 ISO/TR 10017 6.1 7.1.5 9.1 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --``,,,,,,,,,,,,,,,,```,--,,,,,,,--- ISO 15378:2017(E) Table B.1 (continued) Other Clause in this International Standard International 4 5 6 7 8 9 10 Standar d ISO 10018 All All All All All All All ISO 10019 8.4 ISO 19011 9.2 NOTE “All” indicates that all the subclauses in the specific clause of this International Standard are related to the other International Standard. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) Annex C GMP requirements for pr(innotremda ptirviem) ary packaging materials C.1 Artwork/origination and print impression media C.1.1 General C.1.1.1 Artwork/origination files shall be named and stored according to a documented procedure that enables them to be readily identified, issue controlled and traceable. C.1.1.2 All print impression media shall be a) clearly and uniquely identified such that it is traceable to the origination material, b) produced from, and traceable to, the master origination material held by the customer, c) verified against the customer approved hard copy or electronic data and recorded (see 7.5.3), and dC).1 .2st orMeda itnc hae sdec pulraet aerse/ac wyliitnh dae dresfined system for authorized issue and return to store. Where more than one printing plate/cylinder is required, there shall be a documented system for ensuring that all plates/cylinders within the set are used. Where a set of plates/cylinders contains the generic design for several jobs, each individual plate/cylinder within the set shall be clearly, uniquely iCd.e1n.3ti fieCdo apnyd/ ddoecsuimgne ncthead.nge Where a design requires several plates/cylinders and some of them are to be replaced because of a copy/design change, there shall be a documented procedure to allow for the replacement of the affected plate(s)/cylinder(s) and the retention of the other media within the set. The original plates/cylinders sCh.1al.4l b e Vseubrijeficcta ttoi oa nprocedure that allows re-identification. C.1.4.1 General Verification of the design on print impression media shall be carried out during the printing machine make-ready and before the approval to run the product is given. C.1.4.2 Quarantine and destruction The organization shall have a) a documented procedure which ensures that origination and print media, for a design undergoing revision, are subject to formal quarantine, and b) a documented system detailing the method for disposal of the unwanted origination and print impression media; such items shall be rendered unusable and disposed of in a controlled and secure manner. 60 --,,,,,,,,,,,,,,,,,`-`-`,,`,,`,`,,`--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) C.2 Print and conversion processes C.2.1 Print machine set-up (make-ready) C.2.1.1 Initial print make-ready shall be performed using unprinted components or material. C.2.1.2 Make-ready for subsequent processes may use material from the initial print process of the same batch. C.2.1.3 Initial make-ready material may be reused during the make-ready process in order to achieve correct colour. C.2.1.4 C.2.2 ChMaantegreiaolv uesre ds yfosrt emmakse-ready shall be segregated and then disposed of as production waste. Changeover systems that are designed to reduce make-ready time (e.g. automated plate changing), and which do not permit a total line clearance, shall be subject to a documented risk assessment and operated with controls to ensure product security. All print media from the previous job shall be removed from the line prior to formal approval of the print run being given. All controls shall be rCe.2co.3rd eRd e(steaei n7.e5d.3 s).amples C.2.3.1 All in-process printed samples which are to be retained shall be clearly identified and securely stored. C.2.3.2 Samples used for other purposes (e.g. administration/sales) shall be voided if they leave the cCo.2n.t4ro l oRfe tphela ocregmaneiznatt iponri.nt media C.2.4.1 During a production run, if replacement plates are made from an existing fixed approved source (e.g. negatives, or using computer-to-plate technology from an existing stepped image), the job may be continued after a new “first off” check has been carried out. C.2.4.2 During a production run, if plates are created from a new source (e.g. re-stepping a “one- up” image), the existing job shall be lifted; the replacement plates shall be treated as new origination. Subsequent production shall be treated as a new batch. The introduction of all replacement print media sCh.2al.l5 b e Greacnogrd perdi (nsteien 7g.5.3). Gang printing (the process of printing more than one design on a substrate at one production run) is recognized and classified as an acute contributory risk relating to admixtures. Therefore this shall only be permitted in agreement with the customer and on completion of a documented risk assessment to eCv.2al.6ua teB aantdc hmeidti gpartoe dthuec rtiisokn o af ncrdo ssst-occoknt hamolidniantigon (see 8.2.1). C.2.6.1 Batched production and holding of product in stock shall only be practised if contractually agreed. C.2.6.2 The organization shall control the storage to ensure security and integrity of the product and maintain its traceability back to manufacture and the materials used. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --``,,,,`,,,,,`,`,`,,,,,,--,,,,,,,--- ISO 15378:2017(E) C.2.7 Digital printing C.2.7.1 The flexible capabilities of digital printing introduce new activities, which shall be controlled and documented to ensure the accuracy and security of the printed products. C.2.7.2 The use of digital printing and any special requirements for the product shall be agreed with the customer. C.2.7.3 The organization shall establish a secure file access system, which is designed to prevent unintentional use of incorrect origination files. C.2.7.4 Unless alternative security is designed, the controlling computer within the digital printing machine shall have only the specific origination file in its memory for the current print run; removal of this file shall form part of documented line clearance. C.2.7.5 Operational settings to achieve acceptable colours shall be established through a formal process and recorded (see 7.5.3). C.2.7.6 For reel-fed production on a continuous basis there shall be a suitable method to ensure product separation; the subsequent processes shall be verified to ensure correct separation of products and removal of defined gap material. EXAMPLES Defined change-over or gap between each printed job e.g. printed dummy text or blank material, code reading and code verification C.3 Security code systems C.3.1 General To ensure the security of the product and prevent cross-contamination, security code systems may be included in the design of printed packaging materials for verification either by the organization during manufacture and/or by the customer during the packaging operation. NOTE Common security code systems are e.g. barcode system, data matrix code, tag technology. Where agreed as part of the contract, the organization may add its own identification codes to the product design. Where the organization is responsible for specifying the security code system, each colour of the design should be included in the code. For all code systems, if a colour is not compatible with the requirements oCf. 3th.2e sc Vaenrniifnigc aetqiuoinp mmeentth, tohde sc/uesqtoumiperm sheanltl be notified of this. C.3.2.1 Where practical, every security coded item shall be verified by online scanning equipment to ensure that the codes are readable and that the correct product is being produced. Scanning of security codes should be carried out during the last feasible production process. C.3.2.2 The scanning equipment software/control configuration shall be controlled to prevent unauthorized tampering. Where feasible, codes shall be loaded from an independent source, e.g. specification or approved proof. C.3.2.3 There shall be an effective system for rejecting any product that fails the scanning process. Any product rejected by the online scanning system shall be inspected to determine the cause of rejection and the rejected components subsequently scrapped. These findings shall be recorded and reviewed prior to --``,,,,,,,,,,,,,,,,```,--,,,,,,,--- p6r2o duct release. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) C.3.2.4 The online scanning equipment and its associated reject mechanism shall be subjected to a challenge test during production to verify whether its operation is effective in detecting and removing incorrectly coded material. Such monitoring shall take place at the start of the process, at regular intervals, and be recorded (see 7.5.3). C.3.2.5 Any product produced where electronic scanning is specified, but has not been performed, shall be properly authorized and recorded in the quality records. The customer shall be notified and documented approval obtained before product release. C.3.2.6 For reel-fed multi-lane production, all lanes should be subject to security code verification. Where this cannot be performed, and in agreement with the customer, one lane only may be verified. C.3.2.7 C.3.3 “POofif-nlitn oef m seaalesu”r ceomdeensts and/or verification of sample codes from all lanes shall be carried out. Where “point of sale” codes (GS 1/EAN, Code 39, PZN, etc.) are incorporated into the design, a dCo.3c.u4m eRnteeedl smamatpeler ivaelrsi faicnadti opnr ochdeucckt sshall be carried out during the production process. C.3.4.1 Unless otherwise specified by the customer, splices shall be a) made using a brightly coloured adhesive tape on both sides of the web, and b) checked either side of the splice to ensure that identical materials are joined and in register. A limit on the maximum number of splices may be specified. C.3.4.2 The quantity of material (length, weight or numerical) produced on each reel shall be determined within accuracy limits agreed with the customer and recorded on the reel. C.3.4.3 The batch identity, reel number and production date shall be recorded on the inner face of the core for each individual reel. C.3.4.4 To prevent cross-contamination, the web shall be run to plain material at the end of the run to ensure that no printed material remains in the printing equipment. C.3.4.5 Where it is necessary to leave printed material in the converting equipment due to the difficulty in carrying out re-webbing (e.g. slitters), there shall be a formal documented procedure for removal and disposal of the material used to pull the new design through the machine. C.3.4.6 If material with missing print can be produced as a consequence of the design or operation of the printing equipment, the organization shall have a secure system for the detection, removal and segregation of product produced with missing colours or text. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) Annex D Guidance on verifica(tiinofno,r qmuaatlivifeic) ation and validation requirements for primary packaging materials D.1 General This annex describes the approach when verification or qualification and validation are required. The guidance relates to the requirements given in 8.5.1.2 (additional GMP-related requirements on verification, qualification and validation). It does not apply to 8.3.2 (design and development planning), 8.3.3 (design and development inputs), 8.3.4 (design and development controls) and 8.3.5 (design and development outputs). Throughout this annex only equipment verification/qualification and process/product validation will be mentioned. When design and development is related to equipment, design and development verification is equal to equipment verification/qualification. When design and development is related to processes or products, design and development validation is equal to process/product validation. Items which can require verification/qualification include: — equipment used for production of primary packaging materials, utilities and facilities, and — test equipment used for determining the acceptance of quality critical starting materials, intermediate/in-process or finished product. Items which can require validation include: — validation of processes, and — validation of individual product, where appropriate or as agreed with the customer. The aim of verification/qualification/validation is to confirm through documented evidence that pre- determined specifications are consistently fulfilled. D.2 Guidance considerations D.2.1 General A documented risk assessment is used to determine which equipment and processes need to be verified/qualified/validated. Product validation is optional, either after an internal decision of the organization or at the request of the customer. Verification/qualification of equipment and validation of processes/product can be performed independently of each other, e.g. validation of a new process/product does not require re-verification/re- qualification of existing equipment. --,,,,,,,,,,,,,,,,,`-`-`,,`,,`,`,,`--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) D.2.2 Considerations prior to verification/qualification/validation Prerequisites to verification/qualification of the equipment are: — approved/agreed upon requirement specifications, — identification of roles and agreed responsibilities (organization and supplier), — definition of critical process parameters, — training such as GMP and verification/qualification. Prerequisites to validation of the process/product are: — approved/agreed upon process/product specifications, — verified/qualified equipment, — identification of roles and agreed responsibilities (organization and customer), — definition of critical process parameters, — training (operators, quality personnel, engineers, etc.), — standard operating procedures to provide detail on how to produce/operate and clean the D.2.e3q uSipomftewnta.re validation Software can be validated/verified (see 8.5.1.2.4 and 8.5.1.2.5) by functional tests. Software which is part of the equipment can be included in the equipment verification/qualification. NOTE The GAMP guideline might give guidance on how the functional test can be executed. D.3 Validation master plan (VMP) D.3.1 General The validation master plan (VMP) describes the validation (includes in this case also verification/qualification) activities and the order of execution in accordance with the overall validation approach. It is recommended to revise the plan on a regular basis, for example yearly. It should usually include the following elements: — validation planning (see D.3.2) and scheduling; — organizational structure of validation activities — roles and responsibilities (see D.3.3); — summary of quality critical equipment, process (see D.3.4 and D.3.5) and product (only in case of customer related validations); — references to existing documents (e.g. reference to an existing validation report), if applicable; — references to applicable procedures (e.g. overall validation approach, documentation format). In case of large projects (different verifications/qualifications/validations are combined in one project), it can be advisable to create separate validation master plans. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --``,,,,`,,,,,`,`,`,,,,,,--,,,,,,,--- ISO 15378:2017(E) D.3.2 Validation planning D.3.2.1 General Prospective validation is recommended as the preferred approach but under certain circumstances a concurrent or retrospective validation can be accepted (this statement is not valid for sterilization processes, see 8.5.1.4.2 and 8.5.1.2.5). D.3.2.2 Prospective validation Prospective validation occurs prior to commercial production. D.3.2.3 Concurrent validation Concurrent validation should only apply to performance qualification and process validation. Concurrent validation consists of activities conducted in parallel with the manufacture of commercial product where the commercial product is released before the conclusion of validation activities. Concurrent validation should follow the principles and procedures associated with prospective validation. Validation that takes place in campaigns represents a speciality in the manufacture of primary packaging material. In several cases, machines/lines are used for campaign production. In these cases, concurrent validations may be interrupted, also for longer periods of time, and resumed with the next production campaign. D.3.2.4 Retrospective validation Retrospective validation implies that commercial product has been released prior to the conclusion of validation activities. This approach includes establishing documented evidence that installed and operating equipment produces a consistent product by performing a historic review of data generated over the range of operating parameters and raw materials. This review can include maintenance and engineering records, quality records, and customer complaints. D.3.2.5 Bracketing/matrix approach In general a bracketing/matrix approach can be appropriate based on risk analysis. Where the equivalence of equipment has been proven, a bracketing/matrix approach can be used to: — reduce the number of installation and operational testing during equipment verification/qualification, — reduce the number of PQ batches during equipment qualification, — reduce the number of PV (process validation) batches during product or process validation, and — increase the re-validation period for individual equipment and performing the re-validation on equivalent equipment alternately. The following overview demonstrates how this can be used. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,,,,,,`,`,`,,,,,`,,,,``-- ISO 15378:2017(E) Table D.1 — Example on use of matrix approach Type of validation Machine 1 Machine 2 Machine 3 (equivalent to 2 and 3) (equivalent to 1 and 3) (equivalent to 1 and 2) Initial validation 3 batches 1 batch 1 batch Re-validation: 1st year 1 batch Not done Not done Re-validation: 2nd year Not done 1 batch Not done Re-validation: 3rd year Not done Not done 1 batch Re-validation: 4th year 1 batch Not done Not done Where a range of products are produced in accordance with a same process, an experimental design to test only the extremes of, for example, smallest and largest product may be used to reduce the number of validation batches. The design assumes the extremes will be representative of all the samples between the extremes. In case a worst case can be defined, it is sufficient to test the worst case only instead of the extremes. In all cases, there should be sufficient process and product knowledge on which to base a sound rationale. The equivalence of equipment, the technical rationale and justification for decision have to be dDo.3cu.3m eRntoelde.s and responsibilities Detailed information concerning roles and responsibilities (naming the individuals with responsibility for conducting the validation steps and authorizing the results) should be part of the respective validation documents and should be specified prior to the commencement of work unless it is defined in oDt.h3e.4r doQcuumaleintyts c orri tpircoacle edquureisp.ment Risk assessment is an inherent part of the decision-making process and can be used to determine whether verification or qualification of equipment is required, therefore all equipment should be assessed for their potential impact on the quality of the product. Equipment is critical in case one of the following questions is answered with “yes”: — Would malfunction of the equipment impact directly on product quality as defined for the type of products it is producing? — Is the equipment used to guarantee sterility of the products? — Does the equipment control or measure quality critical processing steps or parameters? — Does the equipment produce data/records for acceptance or rejection? — Is equipment in direct contact with the product? — Is the equipment used to prevent contamination, to remove contamination or to clean? When equipment is considered critical, verification or qualification should be performed and it is included in the validation master plan. When equipment is not critical, good engineering practices apply and it is not included in the validation master plan. --``,,,,`,,,,,`,`,`,,,,,,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E) D.3.5 Quality critical processes Process validation is performed where the resulting output cannot be verified by subsequent monitoring or measurement. This includes processes where deficiencies become apparent only after the product is in use (see 8.5.1.2.7). The following decision model can be used to determine whether the process is critical or not, based on the risk that products will be released, which are not within the predetermined specifications. Figure D.1 — Decision tree for process validation/quality critical process D.4 Verification/qualification/validation implementation D.4.1 Verification or qualification stages D.4.1.1 General The verification or qualification should be based on a risk assessment. Equipment verification/qualification consists of the following stages: risk assessment, requirement specification setting and verification/qualification. A decision on the type of documentation required should be taken at the start of the process and documented unless it is defined in validation procedures. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---,,,,,,,--,,,,,,`,`,`,,,,,`,,,,``-- ISO 15378:2017(E) Figure D.2 — Verification/qualification stages D.4.1.2 Risk assessment The risk assessment should underpin the specification and verification/qualification process, and be appropriately applied at each stage. Documentation should be based on the risk to product quality. D.4.1.3 Requirement specification D.4.1.3.1 General The requirement specifications can be combined in one or more specification documents depending on the criticality of the equipment whether it concerns standardized or customized equipment or depending on the responsibilities (organization or supplier). Every specification should contain well defined, specific, testable, achievable acceptance criteria. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --``,,,,`,,,,,`,`,`,,,,,,--,,,,,,,--- ISO 15378:2017(E) D.4.1.3.2 User requirement specification A URS as defined in 3.7.11 is an approved document that states the product specifications of the material produced on this equipment as well as functional, operational and/or technical aspects of the equipment or process required to produce the desired product. The URS can include the consideration for equipment lay-out with sufficient space for material flow and operators, availability of spare parts, and ease of access for cleaning and line clearance. Alternatively, this information can be provided in other documentation. D.4.1.3.3 Equipment specification It is important that all critical aspects are included in the specifications. Critical aspects of manufacturing systems are typically functions, features, abilities and performance or characteristics necessary for the manufacturing process and system to ensure consistent product quality. D.4.1.3.4 Equipment verification/qualification A systematic approach should be defined to verify that the equipment is fit for intended use, has been properly installed and is operating correctly as defined in the requirement specifications. The extent of verification/qualification and the level of detail of documentation should be based on risk, including those associated with product quality, and the complexity and novelty of the equipment. Verification/qualification can be split in two sub-stages: installation qualification and operational qualification, but it is also possible to combine the installation and operational testing in one stage as it is typically done during testing at the supplier and testing on site. Leveraging of data are allowed e.g. data obtained during testing at the supplier does not have to be obtained again on site unless the transfer of the equipment influences the testing. Installation testing should include verification if equipment is installed as per the specifications and is calibrated, where appropriate. Operational testing should include verification of operation of the equipment at upper and lower ends of the required operating limits. D.4.1.4 Performance qualification PQ testing uses production materials to verify that the equipment is robust and the primary packaging material can be consistently produced under routine operating conditions. PQ challenges the overall line performance to ensure that it can produce consistently at the quality standard required. The test process and results of an appropriate number of consecutive production batches (typically three) are formally documented and approved. Based on risk management (e.g. testing of standard equipment and all product specifications on every batch before release), performance qualification can be skipped or can also be combined with process or product validation. An exception to using three subsequent batches may be made where the production process is lengthy, for example a single batch of material may require several weeks of continuous production. In this case PDQ.4 m.2a y Pbreo ccoensdsu catnedd opnr othdrueec ts uvba-lbidatacthioesn of a minimum of one day’s duration each. D.4.2.1 Process validation A process validation consists of a number of consecutive production batches (typically three) produced under normal conditions with a higher level of sampling and additional testing compared to routine --``,,,,,,,,,,,,,,,,```,--,,,,,,,--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) production. Process validation can be combined with PQ. In case of lengthy production processes the same exception is valid for PV batches (see D.4.1.5). Process validation has to be based on a firm base of knowledge of the process and its variables/variations. Process validation is independent of the product. Bracketing or matrix approach may be used (see D.3.2.5). D.4.2.2 Product validation The approach is in line with process validation; however specific customer requirements can be added. D.5 Documentation for the verification, qualification and validation D.5.1 General All documents should be reviewed and approved prior to the commencement of verification/qualification/ validation/release. Any release decisions should be the responsibility of the quality unit. Any revision of a document should be tracked by version control. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) Figure D.3 — Example of documentation structure D.5.2 Plan (optional) One or more plans can be created to detail the steps to be taken in the different stages of the verification/qualification/validation of a project unless detailed in validation procedures. These plans can include: — description of the project/scope; — roles and responsibilities; — planning; — risk analysis; — overall acceptance criteria; Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---`,,`,`,,`,,`-`-`,```,,,,,`,`,`,,,,,`,,,,-- ISO 15378:2017(E) — validation approach; — documents to be created; — reference to procedures and change control; — definition of conditions for quarantine status of batches subject to PQ or validation. DPl.a5n.3 a ndP prroottooccooll may be combined in one document. A written protocol should be established that specifies how verification/qualification/validation will be conducted. The protocol can include: — description of the project/scope; — roles and responsibilities; — justification of the approach taken; — tests, to be performed with test methods and test conditions; — detailed acceptance criteria for each test; — sampling plan; — critical process parameters; — reference to procedures, change control and requirement specifications; —D.5 .p4r erReeqpuoisrittes. A report that cross-references the verification/qualification/validation protocol should be prepared. The report can in include: — summary of test results; — raw data; — deviations observed and corrective actions taken or to be taken; — conclusion; — changes to the plan as defined in the protocol with appropriate justification. After completion of a satisfactory testing, a formal release for the next step in verification/qualification/ vDa.5lid.5a tioVna lsihdoautlido bne smuamdem aasr ay w rreipttoernt a -u VthSoRr i(zoatpiotino.nal) The VSR follows the completion of all stages of verification/qualification/validation, which concludes the project. The VSR can include: — cross-reference to protocols and reports; --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- — changes to plans and justification for any change; Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ISO 15378:2017(E) —D.5 .f6o rmAarlc ahpipvrionvgal and closure of the project. Verification or qualification and validation records should be maintained according to 7.5.3.11. D.6 Validation maintenance D.6.1 General The verification/qualification of equipment and validation of process(es)/product should be maintained. Any changes should be risk assessed for their impact on the validation status. If necessary, appropriate verification/qualification/validation or re-qualification/re-validation should be performed. Changes/improvements to validation procedures should also be risk assessed to determine if re- vDa.6lid.2a tioCnh iasn rgeequ ciorendt.rol Specific controls should be implemented to cover changes during verification/qualification/validation. Formal, documented change control should be implemented after release of the equipment/process/ pDr.o6d.3u ctF aonldlo kwep-ut tphroughout the lifetime of the equipment/process/product. Action should be taken to complete any outstanding actions, e.g. deficiencies following verification/qualification/validation. ADl.l6 a.4ct ioPnrse tvaekennt isvheo mulda ibnet deoncaunmceented. After release of equipment a preventive maintenance plan (including calibration) should be established tDo. 6gu.5a raRnete-qe ueqauliifpimcaetnito pne/rrfoer-mvaalnidcea.tion As long as the equipment/process operates in a state of control and no changes have been made to the equipment/process or output product, the equipment need not be re-qualified and process need not be re-validated. Whether the equipment/process is operating in a state of control is determined by analysing day-to-day process control data and any product testing data for conformance with specifications and for variability. When changes or deviations occur, the equipment/process should be reviewed and evaluated, and re-qualification/re-validation should be performed where appropriate. Periodic qualifications/validations can be required e.g. clean rooms, sterilization processes. --,,,,,,,,,,,,,,,,,`-`-`,,`,,`,`,,`--- Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ISO 15378:2017(E) Bibliography Quality management systems — Requirements [1] ISO 9001:2M0a1n5a, ging for the sustained success of an organization — A quality management approach [2] ISO 9004, Quality management — Customer satisfaction — Guidelines for codes of conduct for organizations [3] ISO 10001, Quality management — Customer satisfaction — Guidelines for complaints handling in organizations [4] ISO 10002, Quality management — Customer satisfaction — Guidelines for dispute resolution external to organizations [5] ISO 10003, Quality management — Customer satisfaction — Guidelines for monitoring and measuring [6] ISO 10004, Quality management systems — Guidelines for quality plans [7] ISO 10005, Quality management systems — Guidelines for quality management in projects [8] ISO 10006, Quality management — Guidelines for configuration management [9] ISO 10007, Quality management — Customer satisfaction — Guidelines for business-to-consumer electronic commerce transactions [10] ISO 10008, Measurement management systems — Requirements for measurement processes and measuring equipment [11] ISO 10012, Guidelines for quality management system documentation [12] ISO/TR 100Q1u3a, lity management — Guidelines for realizing financial and economic benefits [13] ISO 10014, Quality management — Guidelines for training [14] ISO 10015, Guidance on statistical techniques for ISO 9001:2000 [15] ISO/TR 100Q1u7,a lity management — Guidelines on people involvement and competence [16] ISO 10018, Guidelines for the selection of quality management system consultants and use of their services [17] ISO 10019, Sterilization of health-care products — Ethylene oxide — Requirements for the development, validation and routine control of a sterilization process for medical devices [18] ISO 11135, Sterilization of health care products — Radiation — Part 1: Requirements for development, validation and routine control of a sterilization process for medical devices [19] ISO 11137-1, Sterilization of health care products — Radiation — Part 2: Establishing the sterilization dose [20] ISO 11137-2, Sterilization of health care products — Vocabulary [21] ISO/TS 11139M, edical devices — Quality management systems — Requirements for regulatory purposes [22] ISO 13485, Environmental management systems — Requirements with guidance for use [23] ISO 14001, Cleanrooms and associated controlled environments — Part 1: Classification of air cleanliness by particle concentration [24] ISO 14644-1, Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT ---`,,`,`,,`,,`-`-`,,,,,,,,,,,,,,,,,``-- ISO 15378:2017(E) Cleanrooms and associated controlled environments — Part 2: Monitoring to provide evidence of cleanroom performance related to air cleanliness by particle concentration [25] ISO 14644-2, Cleanrooms and associated controlled environments — Part 3: Test methods [26] ISO 14644-3, Cleanrooms and associated controlled environments — Part 4: Design, construction and start-up [27] ISO 14644-4, Cleanrooms and associated controlled environments — Part 5: Operations [28] ISO 14644-5, Cleanrooms and associated controlled environments — Part 7: Separative devices (clean air hoods, gloveboxes, isolators and mini-environments) [29] ISO 14644-7, Cleanrooms and associated controlled environments — Part 8: Classification of air cleanliness by chemical concentration (ACC) [30] ISO 14644-8, Sterilization of health care products — General requirements for characterization of a sterilizing agent and the development, validation and routine control of a sterilization process [31] fIoSrO m 14ed9i3c7a:l2 d0e0v9ic, es Medical devices — Application of risk management to medical devices [32] ISO 14971:2G0u0id7e, lines for auditing management systems [33] ISO 19011, Risk management — Principles and guidelines [34] ISO 31000, Risk management — Risk assessment techniques [35] ISO 31010:2G0u0id9a, nce on outsourcing [36] ISO 37500, Software engineering — Guidelines for the application of ISO 9001:2008 to computer software [37] ISO/IEC 90003, Dependability management — Part 1: Guidance for management and application [38] IEC 60300-1, Medical electrical equipment — Part 1General requirements for basic safety and essential performance [39] IEC 60601-1, Analysis techniques for system reliability — Procedure for failure mode and effects analysis (FMEA) [40] IEC 60812, Fault tree analysis (FTA) [41] IEC 61025, Design review [42] IEC 61160, Hazard and operability studies (HAZOP studies) — Application guide [43] IEC 61882, Standardization and related activities — General vocabulary [44] ISO/IEC Guide 2, Risk management — Vocabulary [45] ISO/IEC Guide 73, International vocabulary of metrology — Basic and general concepts and associated terms (VIM) [46] ISO/IEC Guide 99:2007,

  1. [47] Quality management principles

  2. [48] Selection and use of the ISO 9000 family of standards

  3. [49] ISO 9001 for Small Businesses — What to do

  4. Available from http://www.iso.org.
  5. Available from http://www.iso.org. 37)6 Available from http://www.iso.org. Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved --,,,,`,,,,,`,`,`,,,,,```,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) [50] EU Guidelines to Good Manufacturing Practice for Medicinal Products for Human and VUeS/tFeDrAin Caordye Uosf eF.e hdtetrpa:l/ R/eecg.ueluartoiopnas.e, suo/uhrecaelth/documents [51] [52] GAMP 5, A Risk-Based Approach to Compliant GxP Computerized Systems, http://www.ispe.org [53] PIC/S Guide PE 008-3, Explanatory Notes for Industry on the Preparation of a Site Master File, http://www.picscheme.org/pics.php [54] ICH Q9. Quality risk management, http://www.ich.org [55] ICH Q10. Pharmaceutical quality system, http://www.ich.org [56] EU Guidelines to Good Manufacturing Practice for Medical Products for Human and Veterinary Use. Volume 4, Annex 15 Qualification and Validation and Annex 18 Good Manufacturing Practice for Active Pharmaceutical Ingredients Requirements, http://ec.europa. eu/health/documents/ [57] The PharmaceuStticaanld Qaurda lGituyi dGer ofuorp ,S hptetcpi:f/i/cwatwiown,. pDqegs.iogrng, /apnhda rVmerai/fication of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment [58] ASTM E 2500, Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --,,,,,,,,,,,,,,,,,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) Alphabetical index of defined terms used in this document airlock 3.3.1 intermediate product 3.6.2 approved 3.7.1 IQ 3.2.4 (ISO/TS 11139:2006, 2.22) artwork 3.2.6 line clearance 3.5.4 assembly 3.2.1 lot 3.5.1 automated inspection 3.10.1 lot number 3.7.3 batch 3.5.1 manufacturing 3.5.5 batch document 3.7.2 medicinal product 3.6.3 batch number 3.7.3 OOS 3.7.8 batch record 3.7.2 operational qualification 3.2.5 (ISO/TS 11139:2006, 2,27) batch release 3.8.1 OQ 3.2.5 (ISO/TS 11139:2006, 2.27) calibration 3.3.2 organization 3.1.1 (ISO 9000:2015, 3.2.1, change control 3.2.2 modified) cleanroom 3.3.3 (ISO 14644-1:2015, 3.1.1) origination 3.2.6 clean zone 3.3.4 (ISO 14644-1:2015, 3.1.2) out of specification 3.7.8 contamination 3.5.2 performance qualification 3.2.7 (ISO/TS 11139:2006, 2.30) controlled area 3.3.5 primary packaging materials 3.6.4 controlled environment 3.3.5 process aids 3.5.6 cross-contamination 3.5.3 production 3.5.7 date of manufacture 3.7.4 PQ 3.2.7 (ISO/TS 11139:2006, 2.30) deviation 3.7.5 qualification 3.2.8 documented procedure 3.7.6 quality control 3.2.9 double-check 3.7.7 quality critical 3.11.1 expiration date 3.4.1 quality unit 3.1.2 final inspection 3.10.2 quarantine 3.5.8 finished product 3.6.1 realization 3.5.9 Good Manufacturing Practice 3.2.3 reconciliation 3.10.4 GMP 3.2.3 reconditioning 3.5.10 homogeneity 3.9.1 rejected 3.7.9 in-process control 3.10.3 rejection 3.8.2 installational qualification 3.2.4 (ISO/TS 11139:2006, 2.22) reprocessing 3.5.11 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or networking permitted without license from IHS Not for Resale, 10/14/2019 19:27:17 MDT © ISO 2017 – All rights reserved ---`,,`,`,,`,,`-`-`,,,,,,,,,,,,,,,,,-- ISO 15378:2017(E) retained samples 3.5.12 standard operating procedure 3.7.10 return 3.8.3 starting material 3.5.13 rework 3.8.4 (ISO 9000:2015, 3.12.8, modified) shelf life 3.4.2 risk analysis 3.11.2 (ISO Guide 73:2009, 3.6.1) sterile 3.9.2 (ISO 14937:2009, 3.26) risk assessment 3.11.3 (ISO Guide 73:2009, surface treatment 3.5.14 3.4.1) URS 3.7.11 risk evaluation 3.11.4 (ISO Guide 73:2009, 3.7.1) user requirement specification 3.7.11 risk identification 3.11.5 (ISO Guide 73:2009, 3.5.1) validation 3.7.12 (ISO 9000:2015, 3.8.13, modified) risk management 3.11.6 (ISO Guide 73:2009, 2.1) verification 3.7.13 (ISO 9000:2015, 3.8.12, modified) secondary packaging materials 3.6.5 working area 3.3.6 SOP 3.7.10 Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reproduction or network©ing pIeSrmOit te2d0 w1ith7ou t– lic Aenlsle rfroimg hIHtSs reserved Not for Resale, 10/14/2019 19:27:17 MDT --,,,,,,,,,,,,,,,,,`-`-`,,`,,`,`,,`--- ISO 15378:2017(E) ICS 11.040.01; 03.100.70 Price based on 79 pages Copyright International Organization for Standardization Provided by IHS Markit under license with ANSI Licensee=Becton Dickinson - Loc 1 - 61, 64/5984713001, User=Chiu, Shelly No reprodu©ctio nI oSr One t2wo0rk1ing7 p e–rm Aittelld wriithgohutt lisce rnsees freomr vIHeSd Not for Resale, 10/14/2019 19:27:17 MDT ---`,,`,`,,`,,`-`-`,,,,,,,,,,,,,,,,,``--

🛠️ Related Compliance Tools

Applying these regulatory guidelines in practice? Use our free validated calculators for risk management, sampling, and environmental monitoring.

AQL Sample Size GMP Risk Register Cleanroom EM Limits View All 14+ Tools →