What Is Computer System Validation?

Computer system validation (CSV) is the process of providing a high degree of assurance through documented evidence that a computer system consistently meets its pre-determined or intended use or quality attributes such as accuracy, security, reliability, and functionality.

A computerized system can include hardware, software, its peripherals, interfaces, equipment, users and operating procedures. Today, in the health products industry that encompasses pharmaceuticals, biologics, vaccines, biotechnology, natural health products, medical device, cosmetic and allied industries, software and hardware components are used for the purposes of data processing, data storage, process control, medical device or as an accessory thereof. Examples include Laboratory Information Management Systems (LIMS), Enterprise Resource Planning (ERP) systems for drug production and distribution and device software used in imaging devices such as CT, MRI, Ultrasound and X-ray equipment.

Due to their impact on health product quality compliance, regulatory agencies such as the US Food and Drug Administration (FDA), Health Canada and the European Commission (EC) to mention a few, require that computerized systems be validated by manufacturers, importers, distributors, packagers, labelers, testers, contract research organizations (CROs) and animal testing laboratories under Good Laboratory Practices Guidance (GLP).

Computer system validation (CSV) is the process of providing a high degree of assurance through documented evidence that a computer system consistently meets its pre-determined or intended use or quality attributes such as accuracy, security, reliability, and functionality.

Computer system validation is documented in FDA’s guidance on general principles of software validation (Jan 11, 2002)1, FDA’s Draft Guidance on 21 CFR Part 11 (Aug 2001)2. Health Canada has adopted Pharmaceutical Inspection Cooperation Scheme’s (PIC/S) good guidance for computerized systems in regulated GXP environments3 while the European Commission details computerized system validation requirements in EudraLex Volume 4, Annex 11, revision 14.

AXSource Regulatory and Quality Services is able to assess and ascertain for a health products client, the systems, equipment, and devices that require validation in order to fulfill global compliance requirements. It is an essential part of our exercise to involve the client, their IT, Regulatory and Quality departments to identify and scope the entire validation effort.

When is a system or device validation required?

To what extent is the validation necessary? When is the right time to validate the system? These are common questions from clients.

In general, computerized systems used for the purposes above require validation. The extent of validation is commensurate to the risk posed by the system in terms of patient safety, the accuracy and security of the data involved. At AXSource, we evaluate the purpose and risks associated with each system prior to designing a validation strategy with our clients. Validation is usually perspective, being required at the onset or introduction of a computerized system, that is, during computer system installation (called Installation Qualification or IQ), prior to use in a simulated test environment or in unit phase (called Operational Qualification or OQ) and in a live user environment (called Performance Qualification or PQ).

Re-validation may be required after a change to the system. AXSource Regulatory Affairs consultants evaluate all system changes throughout the system life cycle to identify the need and scope of any re-validation, and help clients address system limitations and resolve deviations. AXSource has also performed numerous retrospective validations of old existing computerized systems, called legacy systems.

Cost Savings

There are tremendous cost savings to be gained when conducting a CSV during the development stage of any software or system implementation – System Development Life Cycle Approach as unnecessary regulatory risks to product launches, facility licensing/registration are avoided. Cost savings can also come from the validation strategies implemented. AXSource consultants coordinate extensively with clients on validation strategy, execution methods and results in order to produce the validation documentation auditable by regulatory agencies. Where results reveal limitations or deviations in the system, CSV experts may suggest and document the development of suitable, compliant workarounds.

Validation documentation produced during the IQ, OQ and PQ phases for regulatory agency audits (e.g. FDA, Health Canada) and client self-inspection audits; that form part of the client’s quality system; can be diverse. Typical validation documentation that is part of AXSource services include:

1)  the master validation plan – identifies the validation objective, responsibilities, validation protocols or procedures, procedures for change control, configuration management, training and master schedule

2) validation protocols (IQ, OQ, PQ)

3) specifications – requirements that function as design outputs for verification through confirmatory checks or tests. There are different types of specifications produced. These include user (URS), security, software, system (SRS), design(DS), function (FRS/FS) and integration specifications.

4) system related standard operating procedures e.g. back up & restore, archiving, training, security

5) supplier audit report of computerized systems, test plans and results

6) task reports of walkthroughs, inspections, and reviews of design specifications

7) test scripts and results associated with each phase of qualification (IQ, OQ, PQ); User Acceptance Testing, Factory Acceptance Testing

8) traceability matrix – an analytic map between the user, design and function specifications and all test scripts

9) risk assessments/failure mode and effects analysis (FMEA)

10) validation report that addresses validation results from the master validation plan and resolution of deviations, if any

AXSource’s expertise in validation services encompasses a broad range of computerized systems as outlined above as well as other commercial off-the-shelf software used to create, modify, maintain, archive, retrieve or transmit electronic records and/or electronic signatures. Validation of such systems is required by FDA’s Title 21 of the Code of Federal Regulations Part 11 (21 CFR 11) to ensure the authenticity, security, integrity, and performance per intended use of electronic records and signatures.

In conclusion, the computerized systems and the scope of their validation are extensive and specific to each entity in the health products industry. AXSource has the expertise to guide this industry in the entire area of computerized system validation and provides its clients with the individual attention they need.

 

References:

US FDA

  1. General Principles of Software Validation; Final Guidance for Industry and FDA Staff. Document Issued: Jan 11, 2002. URL:

http://www.fda.gov/downloads/RegulatoryInformation/Guidances/ucm126955.pdf

  1. FDA Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Validation. August 2001. URL:

http://www.fda.gov/downloads/regulatoryinformation/guidances/ucm124946.pdf

Health Canada

  1. PIC/S Guidance – Good Practices for Computerised Systems in Regulated GXP Environments. Sep 25, 2007. URL:

http://www.picscheme.org/pdf/27_pi-011-3-recommendation-on-computerised-systems.pdf

European Commission

  1. European Commission’s EudraLex The Rules Governing Medicinal Products in the European Union, Volume 4 Good Manufacturing Practice Medicinal Products for Human and Veterinary Use, Annex 11: Computerised Systems, revision 1. URL:

http://ec.europa.eu/health/files/eudralex/vol-4/annex11_01-2011_en.pdf