Computer System Validation

computer-systems-validation

We have Computer System Validation consultants, engineers and specialists who can assess your computer systems compliance assessment or validation against regulatory and industry standards:

  • GAMP5 software life cycle development model (V model) and/or
  • FDA 21 CFR Part 11 on electronic records, electronic signatures and/or
  • PIC/S annex 11 on validated computer systems

We recommend that any new computer system validation effort or remediation complies with the above requirements.

A Risk-based approach to Compliant GxP Computerised Systems

After extensive consultation with industry and regulators (FDA and MHRA), the ISPE published GAMP 5 in February 2008 (The Good Automated Manufacturing Practice (GAMP) Guide – A Risk-Based Approach to Compliant GxP Computerized Systems).  The ISPE published GAMP 5 Second Edition in July 2022. The updates were largely related to the introduction of critical thinking, guidance on software tools and agile software development. GAMP 5 is commonly used at all stages of development in most industries and describes a set of principles that ensure that products manufactured using computerised systems meet their prescribed quality attributes. One of the core principles of GAMP 5 is the use of the risk assessments to focus scarce resources on Critical Quality Attributes and maximising the use of vendor quality systems and documents.

Assessing the Business Risk and Risk to Patient of Computer Systems

This is an area many of our clients struggle with and, from experience, they often get it very wrong and waste money in the process.

Our validation professionals can offer training and coaching: provide pro forma procedures and forms, lead risk assessments and most importantly, offer a pragmatic methodology and an independent sanity check. Our advice is tempered with our experience across industries and we have come into contact with many different validation approaches.

PharmOut’s approach to risk assessment is guided by the Quality Risk Management methodology found in GAMP 5, ASTM 2500E, ICH Q9 and Annex 11 and 20 of the PIC/S code for Good Manufacturing Practice.

Our personal recommendation is to use a multidisciplinary team and assess the risk at multiple layers – system, module, component and finally elemental functionality. This, combined with a simple scoring system, (i.e. a maximum scoring of 1 to 3; Low, Medium and High) means we are able to judge the Severity of the risk, the likelihood of Occurrence and the probability of Detection and document it all in a matrix which recommends the appropriate level of qualification or validation. The matrix also provides a measurable risk score that could be used in multiple situations to display the reduction of risk as part of a risk management strategy.

Here’s an example of a risk assessment for a function of a computerised system.

Assessing the FDA CFR Part 11 Requirements

Practically speaking, the Part 11 regulations require drug makers, medical device manufacturers, biotech companies, biologics developers, etc, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data.

The data is specifically (i) required to be maintained by the FDA predicate rules or (ii) used to demonstrate compliance to a predicate rule.

This is an area many of our clients struggle with, our validation professionals can assist with these assessments.

Developing User Requirements Specifications

When considering a new computer system, or modifications to an existing one, you need to start with a User Requirements Specification (URS). A URS describes the functional and non-functional requirements of the software and hardware in order to meet the users needs.

PharmOut consultants can help you develop a URS that forms the basis for the design and development (if any) of the computer system. They will ensure that your URS is complete, realistic, definitive and testable.

By using Quality by Design principles, PharmOut consultants can perform design reviews to determine the optimal design of the computer system, ensuring quality, safety and effectiveness are designed and built into the
software.

Qualification/Testing Protocols

Testing a computer system is the part that every Life Science professional dreads – mainly because it can be monotonous and time consuming. PharmOut’s validation contractors are experts in developing and implementing testing protocols.

You can choose to have us provide templates and do the testing on a fixed price basis, or we can provide contractors on an hourly basis to perform the testing & documentation, under your supervision.

If you haven’t read up on CSV for awhile, it’s important to note that installation qualification (IQ), operation qualification (OQ) and performance qualification (PQ) are less favoured now. These have been replaced with “verification”, where the emphasis is now on the activity verification, not on the piece of paper that “qualification” implies.

Get in Touch

If you would like to learn more about our services, request a quote or ask any questions please fill out our enquiry form here.