Computerized System Validation (CSV)
Computer systems facilitate tasks in offices as well as in laboratories or production facilities of all kinds. Software systems used in GMP-regulated environments must fulfill the requirements of Eudralex Volume 4, Annex 11 Computerised Systems or CFR 21 Part 11 and needs to be validated. Computerized system validation according to the GAMP 5 approach is well established in the industry and contains valuable tips for the practical implementation of the regulatory requirements.
Dephamon GmbH takes over the project management for the implementation and validation of your new computer system and/or prepares the necessary documents.
On this page you will find the following useful information on the subject of computerized system validation:
- CSV Best Practice
- Why do we need a CSV?
- When is a CSV used?
What is computerized system validation?
Computer systems are used in many areas of medical device manufacturing to automate standardised processes.
Typically, computer systems include, for example, a set of software and hardware components (Eudralex Annex 11) that perform specific functions as part of the automated process.
Validation of computerized systems is a documented process to demonstrate that the system performs the procedures in a standardised and reproducible manner.
Part of the validation is, among other things, the qualification of the individual hardware components as well as the documented execution of the individual functions of the computer system with various applications (input) and checking whether the expected result is achieved in each case (output).
Why do we need a CSV?
1. Compliance with regulatory requirements
- Requirements for computerized systems according to Eudralex Vol. 4, Annex 11
- Requirements for computerized systems according to FDA 21 CFR part 11
2. Assurance of product quality and safety
- Computerized system validation ensures that product quality or safety is not reduced by the use of the computerized system.
3. Risk reduction
- Computer system validation ensures that the overall risk is not increased by the automated process. This is documented and tracked in the form of a risk analysis, e.g. according to GAMP 5.
4. Protection of electronic data
- Within the framework of the CSV, the requirements for restricting access to the electronic data (user management) are defined and checked.
5. Data integrity
For computer systems, the ALCOA principle (FDA guide “Data Integrity and Compliance With cGMP”) can be applied analogously to paper-based systems. This means that the data must be attributable to a user at any time, be legible, documented in a timely manner, and be original and accurate.
During computerized system validation, for example, it is checked whether automatically imported/exported data into or out of the system are correct and a check of manual entries is in place.
For each entry or change to data, a time stamp must be available and the execution must be linked to a user name. In addition, it is checked whether GMP-relevant data is archived without gaps or whether a regular backup is created and whether this data can also be restored.
When is Computerized System Validation used?
The validation of computerized systems is to be applied to all systems that are related to the manufacture of medical products according to GMP. Typical systems are e.g. LIMS (Laboratory Information and Management System), DMS (Document Management System) for GMP-relevant documents, ERP (Enterprise Resource Planning) software used for GMP-relevant processes, electronic Batch Record software and, depending on the complexity, the software of test equipment.
In project planning, the framework data for the introduction and the most important milestones are defined. In addition, the responsibilities of the individual task areas for the project are assigned to the appropriate persons. Project planning begins with budget planning and ends only after the successful introduction of the software and implementation of all tasks.
The user requirements, collectively called user requirement specifications (URS), are recorded as a detailed list. This catalogue should include all the desired functions of the system (e.g. interfaces, formulas, input, output, etc.) and forms the basis of the validation of the computer system. Each of the items of the URS is evaluated, categorised and, if necessary, checked for functionality in a user-specific test during validation.
The specific process of the CSV is summarised in a validation plan. This plan should contain all details so that the reader can fully understand the concept and the specific procedure for validating the computer system.
The structure of the software, associated hardware and existing components such as existing IT structures etc. should be mentioned and interfaces between existing and new systems should be described.
In addition, the procedure for the individual steps of the validation, starting with the creation of the risk analysis, traceability matrix up to the user-specific test scripts, is presented here.
Training users on the software must take place before go-live and is based on a well thought-out training concept. Depending on the criticality of the user roles, a multi-stage training concept can be useful with theoretical and practical introduction to the software and, if necessary, a review of the learning objectives.
The date for going live with the new system is the most important date of the entire project planning. It must be defined in advance which tasks must be completed by this date and the corresponding documentation must be available.
The users must be trained, including documentation of the training. The documents describing the standard operating procedure (SOP) must be available and a user concept with different user roles must be implemented in the software.
After the introduction of the software and generation of GMP-relevant data, the data integrity must be guaranteed over the entire life cycle of the software and checked from time to time.
Consulting, project management or execution of the tasks. Contact me today.
Best practices for Computerized System Validation (CSV)
1. Clear and Precise User Requirements Development
The first and most important document is the User Requirements. Based on the outlined process that the computer system is to execute, the individual required functions and process steps are described clearly and precisely.
For each step, the requirements for input, output, display, etc. are set out and mapped in a table. Regulatory requirements should be included as well as requirements for interfaces to other systems or requirements for user roles.
2. Risk-Based Computerized System Validation
Usually a risk-based approach, e.g. according to the GAMP 5 concept, is used to identify and prioritise critical functions of the computer system. All items from the User Requirements are individually assessed for criticality. The assessment should identify potential risks to data integrity, product quality and patient safety. The validation effort for each process is then based on the defined criticality of that process.
3. Detailed Validation Plan Creation
The creation of a detailed validation plan is also an essential step in the CSV process.
The plan should provide an overview of the system to be validated, where it will be used and why it is needed.
It also describes the validation process, the scope of testing, the acceptance criteria and the responsibilities of all parties involved.
4. Validation Team
The composition of a team with members who are knowledgeable about computer systems, processes and technology, validation procedures and compliance requirements is critical for CSV and specifically for risk analysis.
When selecting a suitable computer system, the qualification of the supplier should be carefully checked and the support provided by the supplier during the life of the computer system should be contractually secured.
Computerized system validation is an essential process that ensures the accuracy, reliability and consistency of computer systems.
Performing a CSV for systems in GMP is necessary for regulatory compliance, to guarantee product quality, mitigating risks, ensuring data integrity and protecting electronic data.
Dephamon provides expert CSV services to help companies meet compliance standards and ensure the quality and safety of their products.
Contact me today if you would like to find out more about what I can offer you.