
The production team has developed a new AI agent that automatically reviews batch manufacturing records to identify potential GMP deviations. They would like to deploy the agent within the next month and believe this will significantly improve productivity and reduce review backlog.
They claim the system will:
By 70% through automated review of batch manufacturing records
Missing entries, calculation errors, and out-of-range results
A summary of potential compliance issues for QA review
During the meeting they explain:
They ask QA to approve rollout.
This scenario contains a number of subtle compliance traps designed to trigger the right discussions. Below are the first four issues mapped to their relevant QxAIOps principles.
Examples include: Draft SOP · Superseded SOP · Uncontrolled training document
Relevant Principle — Controlled Inputs: AI must only operate on controlled, approved documents. AI cannot determine document validity, and an incorrect SOP leads to incorrect reasoning.
Secondary Principle — Quality System Governance: Controlled document management must remain inside the QMS.
Examples include: Exported PDF instead of system-of-record · Potential loss of metadata
Relevant Principle — Controlled Inputs: Inputs must originate from a trusted system of record. QA should ask: Are PDFs complete? Is the export validated? Can records be altered?
Secondary Principle — Transparent Outputs and Traceability: Traceability requires knowing exactly what data was analysed.
Examples include: Limited testing · No performance metrics
Relevant Principle — Quality System Governance: AI-assisted processes must be risk-assessed and justified. QA should ask: What was the evaluation method? Were known deviations included? What was the miss rate?
Examples include: Agent interprets GMP compliance · May infer regulatory conclusions
Relevant Principle — Contextual Reasoning Task Alignment: AI is suitable for pattern recognition, comparison, and anomaly detection. AI is not appropriate for making compliance decisions. This is where scope must be clearly defined.
The following four issues address the organisational and procedural gaps that arise when AI agents are deployed without adequate governance structures in place.
Examples include: Developed by operations team · QA asked to approve after development
Relevant Principle — AI is a Worker to be Governed: Every agent must have an owner, defined responsibilities, and controlled deployment. QA governance must exist before operational use.
Examples include: Prompt references SOP text · SOP changes without agent update
Relevant Principle — Quality System Governance: Prompt logic tied to SOPs must be subject to change control. QA must ask: What happens when the SOP changes?
Example: "QA will still make the final decision" — this is a common but vague reassurance.
Relevant Principle — Human Verification is Mandatory: Verification must be explicit, documented, and meaningful. Humans must review the reasoning, not just the summary.
Examples include: Is it checking calculations? Detecting missing data? Interpreting GMP compliance?
Relevant Principle — Define Intended Use and Scope: The agent must have clearly defined tasks, boundaries, and known limitations.
This is a very good scenario starter. It creates the right psychological setup: excitement from the business vs caution from QA. What will make the workshop effective is giving participants just enough detail to analyse, without telling them the answer.
The scenario includes a number of subtle compliance traps mapped across eight issues and their corresponding QxAIOps principles:
Uncontrolled SOP versions and PDF exports instead of system-of-record data
Insufficient testing on only 10 records, no performance metrics, and SOP change control gaps
Agent summarising compliance issues — a task beyond appropriate AI scope
Production-built agent with no defined owner, responsibilities, or controlled deployment
Vague reassurance that "QA will still make the final decision" without explicit, documented, meaningful review
No clear definition of whether the agent checks calculations, detects missing data, or interprets GMP compliance
Scenario 1: The New "Game Changer" Agent