Computer System Validation: Resolutions for the New Year

February 20, 2014

How are you doing with those New Years’ resolutions? Whether or not you’re a resolution maker (or breaker), you can use this time of year to take stock of where things stand, including your validated systems. Following are a few suggestions for system validation resolutions.

1. Return to Basics

Take some time to review regulatory guidance documentation, and not just those that focus on computer system validation (CSV) such as 21 CFR Part 11 and Eudralex 4 Annex 11. Spend time looking at the GCP, GLP, and cGMP predicate rules (21 CFR Parts 58, 211, 820, 600, etc.) for pharmaceutical, biotechnology , and medical device development and manufacture.

Specifically look for references to documentation required to support regulated business processes. These form the basis for determining what computerized systems and associated electronic records are subject to regulatory requirements, and their relative patient, quality, and regulatory risk.

2. Review Current Status

Review your internal policies and procedures related to Computer System Validation. Are they consistent with requirements from the previously referenced regulatory guidance? Have you incorporated risk assessment and management as an integral part of your CSV and system development processes, as outlined in industry best practice such as GAMP©5 and ASTM E2500?

Having spent some time re-familiarizing yourself with the regulatory basis for CSV requirements, and your internal CSV framework, turn your attention to your existing portfolio of regulated computerized systems. Do you have an up-to-date inventory of systems that are subject to validation requirements?

Do you have a schedule for periodic review of your validated systems in the inventory to ensure incremental changes have not altered the validated status of each system? Does your periodic review include potential impacts from changes in regulatory guidance documents?

If you can answer yes to these questions, you can have some confidence in the validated state of your current systems portfolio. If not, this might be a good time to address policy and procedural gaps and move forward with assessing overall compliance of at least your most critical systems.

3. Look Ahead

When reviewing regulatory guidance, don’t overlook recent updates to existing or newly issued regulations and related guidance documents. A couple of examples include the non-binding Guidance for Industry and Food and Drug Administration Staff on Mobile Medical Applications issued on September 25, 2013, and the amendment to the Federal Food, Drug, and Cosmetic Act incorporating the Drug Quality and Security Act signed into law on November 27, 2013.

While neither of these actions directly impact existing regulations specifically dealing with computer system validation, they may extend the scope of regulatory oversight for systems used in these areas to deliver safe and reliable products to patients. It will be worth watching specific enforcement activities in the industry segments impacted by such emerging legislation and guidance to see how CSV requirements may be extended.

Likewise the increased use of emerging computerized technologies in supporting regulated business processes (mobile devices, cloud computing, big data, etc.) needs to be evaluated for its impact on current internal validation policies and procedures. In looking at your upcoming major computer system projects, incorporating good system and CSV quality practices early on will save time and effort later in implementation and deployment.

Learn more about ProPharma's Computer System Validation services.
Contact us to get in touch with subject matter experts for a customized presentation


April 9, 2014

GAMP® 5 Basis for Quality System Compliance

Next week I’ll be in San Francisco conducting an ISPE training class on Risk Based Approach to GxP Process Control Systems. Attendees will include employees from a variety of regulated life cycle...

Risk-Based Computer System Validation and Rational Testing

Introduction Risk based approaches to validation of computerized systems have been heavily promoted since the publication of GAMP 5 and ASTM E2500. Yet we continue to see examples of validation...

Looking to the Cloud for your Business

computer susteIt’s a Friday afternoon. Quarter’s end. Your V.P. of Regulatory Affairs calls your office bellowing something about not being able to process the latest submission data- can’t access...