In pharmaceutical manufacturing, change is unavoidable. As part of continuous improvement, we change equipment, suppliers, procedures, disinfectants, software systems, and even cleanroom layouts.
But we cannot implement changes randomly in a GMP environment.
For example, if you want to replace a disinfectant used in a Grade B cleanroom, you cannot simply purchase and start using it.
That is where Change Control plays a critical role.
What Is Change Control?
Change control is a formal, documented process that evaluates, approves, implements, and reviews any change that may affect product quality, safety, sterility assurance, regulatory compliance, or data integrity.
Change control is a structured system that ensures we:
- Clearly define the change
- Assess risks scientifically
- Involve all impacted departments
- Approve the change before implementation
- Implement it in a controlled manner
- Verify its effectiveness
- Document everything
In simple words:
No change should happen without proper evaluation, cross-functional review, and approval.
Events in the Change Control Process
1. Change Initiation
Someone from the user department identifies a need for a change request based on:
- Repeated deviation occurs
- Equipment becomes obsolete
- Regulatory update demands revision
- Process improvement opportunity appears
The initiator raises a Change Control Request (CCR) that clearly states:
- What is changing (from -> to)
- Why the change is needed
- Which systems are affected
- Proposed timeline
At this stage, the initiator must already consider which departments may be impacted.
Then, the concerned department initiates a Change Control Request (CCR).
The manager/in-charge of the user department reviews the change and approves the change request. He may also reject it if there are corrections.
If manager/in-charge of the user department approves the change request it will go to QA change control co-ordinator.
2. Initial QA Review and Cross-Functional Identification
Quality Assurance performs the first review.
QA:
- Checks justification
- Determines potential GMP impact
- Identifies affected departments
- Categorizes the change (Minor / Major / Critical)
This is where cross-functional involvement formally begins.
QA circulates the change request to impacted departments such as:
- Production
- Engineering
- QC
- Microbiology
- Validation
- Regulatory Affairs
- Supply Chain
- IT (if computerized systems are involved)
- EHS
No department should remain uninformed if the change affects their area.
3. Detailed Cross-Functional Impact Assessment
This is the most critical stage of the change control process because it determines whether the organization fully understands the consequences of the proposed change. At this point, all relevant departments conduct a structured and scientific evaluation based on their area of expertise.
The team identifies potential risks, worst-case scenarios, and required control measures. They may use risk management tools such as risk matrices or FMEA to ensure a systematic evaluation. The assessment must remain factual, detailed, and evidence-based rather than opinion-based.
4. Defining the Action Plan
Once the team understands the impact, they define how to control it.
If the change affects equipment, the team may plan requalification. If it affects sterility assurance, they may conduct media fill studies or environmental revalidation. If documentation changes, training becomes necessary. If regulatory filings are involved, the company may need prior approval or post-approval notification.
Each department accepts responsibility for its assigned actions.
Change Control Board (CCB) meeting
A Change Control Board (CCB) meeting does not happen for every small change. Companies usually conduct a formal board meeting when the change carries high risk, wide impact, or strategic importance.
In simple terms, a CCB meeting happens when a department alone cannot take the decision.
Here are the common situations:
- When the change has major or critical impact.
- When the change affects multiple departments.
- When change requires regulatory approval or notification.
- When the risk assessment shows high risk.
- When there is disagreement between departments.
- When the change affects business strategy or cost significantly.
5. Approval
Only after completing assessment and planning does the organization approve the change.
Senior management and QA review the complete evaluation. Approval means the organization understands the risk and agrees with the mitigation plan.
No implementation should begin before this formal authorization.
This step protects the validated state of the facility.
6. Implementation
After approval, departments execute the tasks related to the change according to the agreed plan.
Implementation requires coordination. Departments must communicate continuously to avoid deviations or unexpected outcomes.
Change control remains active until all defined actions are complete.
7. Effectiveness Verification
Implementation alone does not complete the process. The organization must verify that the change achieved its objective without introducing new risk.
Effectiveness verification ensures that the system still operates within a controlled and compliant state.
8. Formal Closure
QA performs the final review to confirm that:
- All actions are complete
- Documentation is updated
- Regulatory commitments are fulfilled
Only then does QA close the change control record.
Closure confirms that the change management system worked as intended.
