Metal Detector Reject

A metal detector reject is the controlled diversion of suspect product automatically triggered by an in-line metal detector on a conveyor, pipeline, or gravity chute. The term encompasses the mechanical reject device (e.g., air blast, pusher, drop-flap, retracting belt), the logic that directs only the suspect product to a segregated bin or lane, and the procedural and data controls that ensure detection, rejection, and evaluation are traceable and effective. It is distinct from the detector itself; the reject function is the engineered response and its governance.

In regulated manufacturing, the reject step is risk-based. In food, dietary supplements, and pet food, it is often a CCP or preventive control under 21 CFR 117.135, with defined critical limits (test sphere sizes), monitoring frequency, verification, and corrective actions. In pharmaceuticals and certain consumer products, it is an in-process control under 21 CFR 211.110 to protect against foreign-material contamination, integrated with batch records (21 CFR 211.188) and subject to data integrity expectations (21 CFR Part 11) when electronic systems are used.

Metal detection and the associated reject are not mandated as a specific technology in most regulations; rather, they are risk controls justified by hazard analysis or process understanding. Under 21 CFR 117, many food and supplement manufacturers treat metal detection as a preventive control/CCP, specifying detection sensitivities (ferrous, non-ferrous, 316 stainless), monitoring intervals, verification activities (pre-, mid-, post‑shift challenge tests), corrective actions for failure, and record review. Pharma manufacturers position the step as an in-process control to remove foreign bodies introduced by upstream equipment wear or packaging, documented in the master batch record with specifications, sampling/verification plans, and deviation/CAPA triggers if verification fails.

• Risk assessment drives whether the control is a CCP (with critical limits) or a monitored in-process check.
• Written procedures define who tests, what test pieces are used, challenge paths, frequency, and actions on failure.
• Records include challenge outcomes, detector settings, reject counts, bin clearance checks, and product disposition.
• Quality review of records is required prior to release (21 CFR 211.188; analogous record review for food under 21 CFR 117 Subpart F).
• Electronic implementations must meet Part 11 requirements for audit trails, security, and e-signatures when used.

Most in-line systems are multi-frequency balanced-coil detectors that sense disturbances caused by metallic objects passing through an electromagnetic field. Sensitivity depends on aperture size, product effect (moisture, salt, temperature), orientation, and speed. Non-ferrous and 316 stainless are typically harder to detect than ferrous. To protect system performance, engineering controls include product effect compensation, auto-learn recipes, environmental shielding, and stable mounting to minimize vibration and electrical noise.

Effective rejection relies on mechanical timing and separation. Critical parameters include reject timing offset (conveyor speed and product length), reject window (duration), and physical separation (gap) to ensure only the suspect unit is removed. Fail-safe design typically includes: reject confirmation sensors, bin-present and bin-full interlocks, locked or sealed reject bins, and line stops triggered by verification failures or detected system faults. All setpoints and interlocks should be under change control and versioned within the master recipe or line configuration.

Commissioning and qualification follow IQ/OQ/PQ practices. OQ challenges the detector with certified test spheres across three metal types (ferrous, non‑ferrous, 316 stainless) at target sensitivities, across belt positions (left/center/right), orientations, speeds, and at worst-case product effect (e.g., warm, high-salt, high-moisture). PQ demonstrates consistent performance under normal operations with routine product. SOPs define challenge frequencies (e.g., before start, at defined intervals, after breaks, at lot change, and at end), acceptance criteria (detect-and-reject with confirmation), and response to failures (stop, segregate product since last good check, investigate, corrective action).

Monitoring data should capture detector sensitivity settings, auto-learn parameters, challenge lot/ID, outcomes and time stamps, reject counts, bin-clearance checks, and any bypass or override. Verification includes supervisory review of records, trending of false-reject rates (to detect drift or mis-tuning), and periodic re-verification after maintenance or software updates. Where risk justifies it, manufacturers perform upstream equipment inspection (e.g., magnets, screens, machine wear points) and incorporate challenge materials reconciliation to prevent mix-ups with authentic product.

Integrating the metal detector reject with MES aligns to ISA‑95: the detector/reject PLC resides at Level 1/2; the line SCADA or machine HMI at Level 2; MES at Level 3 orchestrates procedures, collects events, enforces checks, and generates eBMR/eDHR; ERP at Level 4 manages orders/specifications. Robust integrations use secure, time‑synchronized interfaces (e.g., OPC UA, edge historians with store-and-forward) to capture challenge-test events, reject events, bin interlocks, alarms, and state changes with contextual genealogy (order, batch, lot, operation step).

Best practice binds every detector event to the active operation step, product code, and lot ID. When a challenge fails, MES should automatically place an electronic hold on all product since last acceptable check, prompt a guided investigation, require dual e-signature for any release decision if risk warrants, and open a deviation with optional CAPA linkage. Audit trails must record original and changed values, user, timestamp, and reason in accordance with 21 CFR Part 11 and GXP data integrity guidance.

Rejected units must be secured against reintroduction. Bins should be physically locked or sealed, present/closed sensed, and bin-full interlocked to stop the line before unsafe accumulation. Labels or electronic prints should identify lot/order, reason for reject, and time. Disposition options include re-inspection (e.g., pass through a secondary detector), rework (if validated and allowed), or destruction, each under SOP with QA approval. When rejects are frequent, a structured investigation should address machine wear, upstream sieves/magnets, supplier foreign-material risk, and detector tuning.

• Quarantine location management: WMS location status and access control for reject bins.
• Chain-of-custody: documented handover from production to QA or destruction team.
• Sampling to LIMS: retain sample from reject lot for forensic analysis (type/size of metal, source).
• Documentation: link reject lots to deviations/CAPA; include photographic evidence where relevant.

Electronic implementations must embody ALCOA+ principles. Roles and permissions should segregate operator actions (e.g., running challenge tests) from administrative actions (changing sensitivity, enabling bypass). Bypass and parameter changes require reason codes and e-signatures; dual-signature can be enforced for high-risk changes. System clocks must be synchronized; event logs must be secure, computer-generated, time-stamped, and retained. When records are relied on for release, Part 11 applies to electronic records/e-signatures; audit trail review must be built into batch record or lot release workflows.

Cybersecurity matters because detector PLCs are operational technology assets. Follow basic hardening: network segmentation between Levels 1–2 and Level 3, least-privilege access, vendor account control, secure protocols, change management on logic versions, and documented recovery procedures. Ensure backup/restore of detector configurations and periodic verification after firmware or software updates, paired with requalification of detection performance.

Key metrics help separate genuine contamination issues from process noise and tuning problems. Trend challenge-test pass rate, time-to-detect (signal to reject actuation), false-reject rate (% rejects without found metal on re-inspection), reject rate per 10,000 units, and mean time between false rejects. Analyze by product, line, supplier lot, shift, and equipment state (post-cleaning, post-maintenance) to identify patterns. SPC charts (e.g., p‑charts on reject rate) with rational subgroups can distinguish special causes (loose fastener upstream) from common-cause variation (product effect drift).

• Set alert/action limits on false-reject rate to trigger tuning reviews or product effect re‑learn.
• Correlate reject spikes with upstream events (new knife, changeover, vibration alarms).
• Use periodic capability checks against target test sizes to confirm practical sensitivity margin.
• Include detector downtime due to bin-full or fault in OEE loss analysis to prioritize maintenance.

Failures cluster into three areas: detection (missing or spurious signals), rejection (mis-timed, wrong unit removed, no confirmation), and governance (bypass without authorization, missed tests, incomplete records). A disciplined combination of engineering controls, procedural rigor, and MES enforcement prevents recurrence. The table summarizes frequent issues and proven mitigations.

V5 Ultimate treats the metal detector reject as a governed operation step with equipment context, limits, and verification logic. Edge connectors capture detector events (challenge pass/fail, rejects, bin interlocks, bypass toggles) with time sync. Procedure enforcement ensures pre/mid/post challenge tests, prevents continuation on failed checks, and automatically holds product since last known good. Batch/eBMR or eDHR entries are generated with linked audit trails and electronic signatures. Disposition workflows route rejects to WMS quarantine, open QMS deviations and optional CAPA, and launch LIMS testing tasks when forensic analysis is planned. Maintenance is notified via CMMS work orders on repeated false rejects or sensitivity drift.

Validation follows a risk-based approach consistent with ISPE GAMP 5. The detector is a GxP‑relevant instrument; embedded firmware and HMI are typically Category 3/4 depending on configurability; the MES integration and electronic records/e‑signatures are computerized systems subject to Part 11. Define intended use (reject as CCP or in‑process control), verify that configuration and interfaces meet requirements, and qualify performance with OQ/PQ including worst‑case conditions. Verification evidence should be traceable to URS and risk controls; include interface failure tests (lost comms, time drift), security tests (role segregation), and audit trail checks.

Maintain the state of control with scheduled recalibration/verification, preventive maintenance (belts, actuators, sensors), and periodic review of trends (false‑reject rate, sensitivity margins). Manage changes through formal change control and requalification triggers (e.g., firmware updates, moving detector location, new product matrices). Train operators on challenge techniques and handling of test pieces to avoid product contamination. Finally, incorporate detector health into reliability-centered maintenance plans and tie repeated issues to problem-solving (5‑Whys/Fishbone) and CAPA where appropriate.