• What to include in your validation plan and why it is important
• Common challenges found during planning and execution
• Challenges to keep the validated status on a SaaS solution

The post On Demand Webinar – Computer System Validation Best Practices and Navigating Challenges appeared first on Astrix.

Regulatory agencies like the FDA, in fact, require CSV to verify and document that a computerized system does exactly what it is designed to do in a consistent and reproducible manner. CSV is required by the FDA when implementing a new system or when making a change to an existing system (upgrades, patches, extensions, etc.) that has been previously validated. Some examples of computerized systems that are required to be validated by the FDA include:

• Laboratory data capture devices
• Automated laboratory equipment
• Manufacturing execution systems
• Laboratory, clinical or manufacturing database systems

When done properly, computer system validation can be a smooth and efficient process. There are, however, several common mistakes that companies make when undertaking CSV that can result in a stalled or failed process. Let’s examine some of these mistakes in more detail.

Common Computer System Validation Mistakes

The goal of computer system validation is to document that computerized systems will work properly in all situations, consistently producing accurate results that enable regulatory compliance and the fulfillment of user requirements. CSV testing activities are conducted throughout the software development lifecycle (SDLC) – from system implementation to retirement.

There are many reasons why CSV activities can fail. Some of the more common ones that we see include:

Poor Planning. As with any project that involves technology, it is important to create a good plan. As such, a Validation Plan should be created prior to the start of any validation activities. This plan should detail the approach for maintaining validated status of the system over the full software development lifecycle (SDLC) and satisfy all regulatory policies and industry best practices (e.g., GAMP 5). The plan should also document the scope of validation activities, the testing approach, the testing team and their responsibilities, and the system acceptance criteria. The plan should also include site specific information if the system being tested is being used at multiple sites.

Poorly Defined Requirements. Any system implementation, upgrade, extension, etc. should be preceded by a thorough workflow analysis to develop a clear set of system requirements. Without clear and precise requirements, CSV will not be able to adequately verify that the system is functioning as intended. Well-designed functional and/or user requirements should be numbered and listed in a matrix that is traceable to other validation documents (e.g., Test Scripts, Design Specifications, Validation Summary Report, etc.).

Ambiguous Test Scripts. Poorly defined requirements lead to ambiguous test scripts. Without precise requirements, its hard to know exactly what you are testing for, and therefore difficult to confirm through CSV that the system in question is fulfilling its intended use or purpose.

Inadequate Definition of Expected Results. The expected results or acceptance criteria for CSV testing should be clearly and precisely defined in the Validation Plan.

Using Vendor Test Scripts. Vendor test scripts typically only validate the base system requirements and will thus not be sufficient to ensure regulatory compliance.

Inexperienced Project Team. The CSV project team should have experience with CSV and knowledge of regulatory guidelines/compliance, laboratory processes, and the technology being validated. In addition, outsourcing to a third party to augment the validation team with subject matter expertise may be necessary in some cases.

Inadequate Attention on the Project. Many times, a project will fall behind schedule simply because team members have to devote too much time to their day jobs. Members of the project team should be expected to have CSV as their main responsibility during the course of the project. An adequate project team, along with individual responsibilities, should be clearly laid out in the Validation Plan.

Wasting Time on Low Value Testing Activities. CSV activities can be time-consuming and costly. In order to avoid cost and time overruns, a risk-based assessment should be performed on the system to determine required test cases and the optimal level of testing for each. The project team should focus on what is practical and achievable for those aspects of the system that affect quality assurance and regulatory compliance.

Inadequate Documentation. Comprehensive documentation over the full SDLC needs to be created for all CSV processes and results in order to satisfy regulatory agencies. Not doing so can cause you to fail an FDA audit.

Conclusion

Computer system validation is an important part of confirming the accuracy and integrity of your data, along with ensuring product safety and effectiveness. Effective, risk-based validation of computerized systems is also an important part of maintaining regulatory compliance. Inefficient or ineffective CSV processes prevents projects from being delivered on time and within budget and may also result in regulatory action that can be legally and financially devastating to an organization.

Astrix Technology Group has over 20 years’ experience helping scientific organizations conduct effective CSV processes to reduce compliance risk and mitigate data integrity concerns and business liability issues. Our computer system validation professionals provide you with a best practice CSV methodology, along with the peace of mind that comes from knowing your CSV documentation has been produced by experts.

About Astrix Technology Group

Astrix Technology Group is an informatics consulting, professional services and staffing company dedicated to servicing the scientific community for over 20 years.  We shape our clients’ future, combining deep scientific insight with the understanding of how technology and people will impact the scientific industries. Our focus on issues related to value engineered solutions, on demand resource and domain requirements, flexible and scalable operating and business models helps our clients find future value and growth in scientific domains. Whether focused on strategies for Laboratories, IT or Staffing, Astrix has the people, skills and experience to effectively shape client value. We offer highly objective points of view on Enterprise Informatics, Laboratory Operations, Healthcare IT and Scientific Staffing with an emphasis on business and technology, leveraging our deep industry experience.

The post Common Mistakes in Computer System Validation appeared first on Astrix.

Challenges Impacting the Implementation of Pharma 4.0 and Validation 4.0

People, Culture, and Skillset Challenges

Manufacturers and regulators will need to make cultural adjustments and innovate to manage the myriad of data, computing, and automation hazards on the way to full adoption of Pharma 4.0 and Validation 4.0 guidelines and the technologies required to get there. In order to achieve optimization, knowledge and training gaps will have to be addressed in the adoption of a new paradigm and industry infrastructure based on digitized and interconnected enterprise systems that rely on computational power, communications technologies, cybersecurity, and advanced controls.

For example, to implement AI and other advanced technologies in pharmaceutical manufacturing, a variety of expertise beyond traditional biology, chemistry, and process engineering will be required. Data scientists, computational and systems engineers, IT specialists, and AI experts, for example, will most likely be needed. At least initially, regulators and business may be fighting for the same tiny pool of talent in these areas. New labor force training standards are undoubtedly on the way, and comprehensive training programs will be required.

There will also be a need to understand the operation of smart devices that will enable monitoring and operating from a distance by operators and supervisors. These technologies will simplify the changeover, setup, and maintenance and the life cycle management. There will also be a need for the workforce to operate cross functionally, integrating several disciplines.

Incorporating best practices and new technologies into the business is required. The difficult part is changing the culture and persuading individuals to accept a new way of doing business after having done things a certain way for many years. Organizational Change Management will be necessary (OCM). OCM is the “application of a systematic process and set of tools for driving the people side of change to accomplish a desired outcome,” according to Prosci, the global leader in change management best practices research. Additionally, strong communications, with a leadership team eager to drive positive experiences through technology, will be required.

Planning and Process Challenges

Because the potential for Pharma 4.0 is so great and so wide-ranging, many pharmaceutical companies are racing to implement the technology and haven’t defined their primary goals and what problems they’re seeking to solve.

If these two important questions are not answered before starting down the path to Pharma 4.0, the direction will be unclear, and many firms will lose sight of their objectives and goals. The organization’s business processes will undergo significant changes as a result of the major technologies required for digital transformation, and those changes must be acknowledged and understood before they are implemented. The company needs to have a strategy and a plan to get there.

Pharma 4.0 and Validation 4.0 require an holistic control strategy. A strategy that follows the product from research to development, to tech transfer, and then through to commercial manufacturing. With this strategy there also needs to be a synergy between digital automation and guidelines and an enhancement of the quality manufacturing focus, where Quality Target Product Profiles are required for all products. With this control strategy, the data from machines and components is immediately available without traversing various systems . The operators’ remarks can be automatically recorded making the continuous improvement process easy to implement.

Technology Challenges

Transitioning to Pharma 4.0 and leveraging Validation 4.0 guidelines requires incorporating new technologies and ensuring that everything works together to produce reliable data across the value chain. The technology needs to provide a means to integrate data and eliminate the silos that may exist throughout the organization today. These data silos can exist across process areas, applications being used, and organizational groups. A few examples are business quality data, IT quality data, product quality data, and supplier quality data. In many situations, the data is not being collected using the same method and this incongruent data has a negative impact on the decision process. Many times, this leads to inefficiencies and sometimes costly inaccuracies.

Organizations need to look at technology solutions across the value chain. From the company’s business partners and the customer perspective, the organization needs to be able to make informed decisions based on data compiled from various sources and to communicate specific aspects of that data accurately to suppliers, vendors, and customers.

Innovative technologies also necessitate new processes and more regulatory scrutiny. Manufacturers must remain nimble and able to adopt new skills in order to improve manufacturing and provide high-quality products.

To connect the essential instruments and equipment, the technology including tools, devices, and IT systems must be on an open platform with common data standards and, most likely, be cloud-based to enable data sharing. Integration and traceability, as well as automation, rely on information systems that eliminate needless manual or human interaction while also lowering regulatory scrutiny. Leveraging the right technology across the organization that is integrated and provides consistent and accurate information is imperative.

Operating within existing regulatory frameworks can be considered another challenge for Pharma 4.0 and technical innovation when it comes to regulatory restrictions. Due to a lack of regulatory precedent, the industry may continue to use old practices even though new processes will lower overall regulatory burden and improve quality in the long run.

Summary

Moving to Pharma 4.0 and incorporating Validation 4.0 guidelines impacts the entire organization. There are challenges that influence the success of an organization meeting its objectives with Pharma 4.0. These challenges are in the areas of people, processes, and technology. To move to this new approach, it will require training of the people and a cultural shift to be successful. It will also involve an understanding of the objectives of the move to Pharma 4.0 and the processes involved and an holistic control strategy. Additionally, with Pharma 4.0, there is also the technology aspect. This requires an understanding of the new technologies so that everything works together to produce reliable data across the value chain.

Why it Matters to You

Before an organization embarks on an initiative to implement Pharma 4.0 and Validation 4.0 guidelines into the business, there needs to be an understanding of the areas that could provide challenges. These challenges impact the success of the organization. In this blog, we discuss:

• The key challenges faced by organizations looking to implement this new approach.
• The impact of training and cultural on the move.
• What a Holistic Control Strategy role is in the implementation.
• Technology consideration when implementing this new approach.

About Astrix

For over 25 years, Astrix has been a market-leader in dedicated digital transformation &  staffing services for science-based businesses.  Through our proven laboratory informatics, digital quality & compliance, and scientific staffing services we deliver the highly specialized people, processes, and technology to fundamentally transform how science-based businesses operate.  Astrix was founded by scientists to solve the unique challenges which science-based businesses face in the laboratory and beyond.  We’re dedicated to helping our clients speed & improve scientific outcomes to help people everywhere.

The post Pharma 4.0 and Validation 4.0 – The Challenges of Implementing appeared first on Astrix.

The Benefits of Validation 4.0

Validation 4.0 ensures new technologies are adopted and validated to meet patient safety and product quality criteria and follow the Pharma 4.0 operating model. Given that Validation 4.0 enables Pharma 4.0, there are a number of benefits that Life Sciences organization will see including:

• Improved Quality – By focusing on the critical thinking and the risk management required to validate the various technologies like smart devices within the ecosystem, it assists in ensuring optimal quality is met. The validation includes visibility into the data exchanged through support networks of suppliers, CDMOs, CMOs, and other external organizations that are part of the value chain.  By incorporating the guidelines of Validation 4.0 organizations can ensure a high level of data integration across the organization as well as with suppliers. It can also enhance visibility and resiliency of the value chain.

• Lowers the Cost of Operations –  In leveraging new technologies as part of the Pharma 4.0 framework and incorporating the guidelines of Validation 4.0, the organization can lower the overall cost of Quality across the organization.

• Lowers the Risk By leveraging Validation 4.0 strategies, the organization can also lower the overall risk. By incorporating the new technologies of Pharma 4.0 and leveraging Validation 4.0 guidelines the organization can better mitigate risk. This requires an approach that focuses on incorporating design aspects and controls into the value chain at various phases and continuously rather than a holistic check towards the end of the process, thus attempting to control and mitigate risks throughout the process.

• Provides a Faster Time to Market Validation 4.0 also assists in helping the organization to get products out to market faster. By leveraging technologies of Pharma 4.0 and the Validation 4.0 guidelines, the organization can better control the quality and safety in real-time and manage any deviation, thereby augmenting a faster time to market of products.

• Better Visibility Across Value Chain By incorporating the new technologies of Pharma 4.0  along with the guidelines of Validation 4.0, the organization will have a complete and concise view across the value chain in order to ensure better control of the various internal and external processes.

Summary

By leveraging the guidelines of Validation 4.0 the Life Sciences organization can receive significant benefits. It can improve quality of the products along with  lowering the cost of operations. There will also be a lower risk given the focus on controls throughout the value chain and at various phases to continuously check for issues. Additionally, the organization will have a quicker time to market by leveraging new technologies and Validation 4.0. Another significant benefit, will be the visibility across the value chain to ensure things are running smoothly from both an  internal and external perspective.

Why it Matters to You

When implementing any new technology or guidelines, it is critical to understand the benefits you will receive by doing so. Validation 4.0 is a key component of Pharma 4.0 and will provide significant benefits to any Life Sciences organization. In this blog we discuss:

• The key benefits of Validation 4.0 to the Life Sciences organization.
• How the organization’s product quality and product safety are impacted.
• How it lowers the cost of operations and the risk level.
• How it improves the time to market and visibility across the value chain.

About Astrix

For over 25 years, Astrix has been a market-leader in dedicated digital transformation &  staffing services for science-based businesses. Through our proven laboratory informatics, digital quality & compliance, and scientific staffing services we deliver the highly specialized people, processes, and technology to fundamentally transform how science-based businesses operate.  Astrix was founded by scientists to solve the unique challenges which science-based businesses face in the laboratory and beyond.  We’re dedicated to helping our clients speed & improve scientific outcomes to help people everywhere.

The post Validation 4.0 – The Benefits to the Life Sciences Industry appeared first on Astrix.

Computer system validation (CSV) is a documented process which assures that a computerized system does exactly what it is designed to do in a consistent and reproducible manner. Validation of computer systems is required by most regulatory agencies around the world in order to confirm data accuracy and integrity in systems so that product safety and effectiveness is ensured. The FDA, for example, requires pharmaceutical companies to perform CSV for systems that support the production of the following products:

• Pharmaceuticals
• Biologicals
• Medical Devices
• Blood and blood components
• Human cell and tissue products
• Infant Formulas

Computer system validation is required when either making a change in a validated system (upgrades, patches, extensions, etc.), or configuring a new system.

In today’s challenging economic environment, companies are seeking to improve operational efficiencies while keeping pace with the ever-evolving regulatory landscape. Toward this end, computer systems that streamline compliance and provide efficiencies over paper-based processes are deemed essential. Too often, however, companies get locked into the initial version of their software due to the cumbersome impact and cost CSV has on the upgrade process. In this article, we will give a basic overview of validation best practices, and discuss how BIOVIA applications are designed to avoid the version lock scenario and significantly reduce the amount of work required to complete necessary CSV processes.

Computer System Validation Basics

An effective CSV process helps to assure that both new and existing computer systems consistently fulfill their intended purpose by producing results which facilitate data accuracy and reliability, regulatory compliance, consistent intended performance, fulfillment of user requirements, and the ability to discern invalid and/or altered records. CSV requires the use of both static and dynamic testing activities that are conducted throughout the software development lifecycle (SDLC).

A “Computer System” in an FDA regulated laboratory is more than just computer hardware and software – it also includes any equipment and instruments connected to the system, as well as users that operate the system and/or equipment using Standard Operating Procedures (SOPs) and manuals. The FDA defines software validation as “Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.” In other words, the software must be examined to confirm that it functions as defined in the requirements and is suitable for its intended use. The examination also needs to confirm that the software will work in all situations. Finally, all validation activities and test results need to be documented.

It is critical that companies perform risk-based CSV. It never makes sense to try to validate every aspect of every system. CSV takes a lot of time and IT resources to accomplish, so it is wise to do a thorough risk assessment to determine what is practical and achievable. CSV efforts should concentrate on the critical elements of the system that affect quality assurance and regulatory compliance.

The first step in this process is to determine user requirements and functional specifications for the system in question. Once this is accomplished, a Validation Plan is developed that outlines the following:

• Scope – defines parts of system to be validated and deliverables. Scope is limited to the features of the software that will be utilized by the regulated company.
• Testing Approach – types of data you are going to use, types of scenarios you are going to test
• Roles and responsibilities – the roles and responsibilities of the different people involved in the validation process
• Acceptance criteria – defines conditions that need to be fulfilled before this system is considered suitable for use in the regulated activity

Once the Validation Plan is complete, CSV testing is performed:

• Network and Infrastructure Qualification – demonstrates that the network and infrastructure hardware/software supporting the application system being validated has been installed correctly and is functioning as intended
• Installation Qualification (IQ) – demonstrates that system has been installed correctly in user environment
• Operational Qualification (OQ) – demonstrates that system does what it is intended to do in user environment
• Performance Qualification (PQ) – demonstrates that system does what it is intended to do with trained people following SOPs in the production environment even under worst case conditions

The CSV process concludes with a Validation Report that documents the results of the testing:

• Confirms that everything you set out to do in validation plan has been accomplished
• Testing summary and list of open defects (along with justification for why the system can be used with these defects)
• Confirms that user acceptance criteria have been met
• Authorizes deployment of the system

In addition to performing CSV on internal systems, an FDA-regulated company needs to be prepared to audit third-party service providers (e.g., CROs), along with vendors of critical applications and cloud-based services (SaaS). The manufacturer of an FDA-regulated product is ultimately responsible for the integrity of the data that supports the product’s efficacy and safety, so if third-party vendors or service providers are used, the manufacturer needs to take appropriate steps to ensure that they are operating under standards that would hold up under an FDA inspection.

A risk-based assessment should be conducted to determine if an audit is necessary. At the minimum, formal agreements that clearly detail responsibilities must exist between the manufacturer and any third parties that are used to provide, install, configure, integrate, validate, maintain or modify a computerized system.

Validation for BIOVIA Applications

BIOVIA applications can be utilized to establish a digital thread over the full product lifecycle – from early materials discovery all the way through to product use and the customer experience. The integrated digital environment that is enabled with BIOVIA software provides numerous important benefits such as enhanced innovation, accelerated product development, improved process efficiency, and reduced cost and compliance risk.

In recognition of the challenges that CSV presents to companies in regulated industries, BIOVIA has designed automated validation tools that work with their software applications. A generic validation package is available containing testing scripts that help validate core functionality. Every time a piece of BIOVIA software gets updated or has new features added, the validation package is updated accordingly so it remains up to date.

The BIOVIA validation package comes with test scripts to follow, along with the set of requirements they are based on. This allows the customer to have a better understanding of what is being tested. The validation package contains:

• Software requirements
• Test scripts that are cross referenced with requirements
• Evidence of test execution at Biovia before release

When the system is configured or customized in ways that deviate from core functionality, the cross referencing of test scrips with requirements allows the customer to easily identify which testing scripts need to be modified from what is provided in the validation package.

With BIOVIA applications, a lot of the OQ testing is already done for you. The ability to easily validate common workflows with this package removes much of the burden of CSV for users of BIOVIA applications, since customers will only need to develop validation scripts for unique configurations or customization work that is done.

The ease of validation for BIOVIA applications helps facilitate regular upgrades. The user community benefits from enhancements in subsequent releases of the software in addition to more up to date support and training. In addition, once the system configuration has been validated, BIOVIA software allows layered permissions to prevent lab technicians from changing the system configuration. This ensures that technicians perform all work on a validated system.

Why Astrix

When performing CSV, it is important to work with a quality consultant who understands FDA regulations (or the regulations for your specific industry) and can perform a risk-based assessment. This will help you identify critical validation processes that have a big impact on quality assurance and regulatory compliance, and ensure that you develop the proper scope for your validation efforts. A good CSV consultant can save you significant amounts of time and money in this area.

At Astrix, we are experts in IT risk identification and management including decades of regulatory compliance expertise. As such, we understand that computer system validation is not a “one size fits all” process. With over 20 years of validation experience, we work to create CSV processes that are based on applicable regulations and guidance, best practices for the domain, and the characteristics of the system being validated. Our validation professionals constantly update their knowledge of industry “best practices,” and stay abreast of regulations so we can help you comply with complex and ever-changing global compliance requirements.

Our CSV deliverables typically include:

• System inventory and assessment – determination of which systems need to be validated
• User requirement specifications – clearly defines what the system should do, along with operational (regulatory) constraints
• Validation Plan – defines objectives of the validation and approach for maintaining validation status
• Validation Risk assessments – analysis of failure scenarios to determine scope of validation efforts
• Functional requirement specifications – clearly defines how the system will look and function for the user to be able to achieve the user requirements.
• Validation Traceability Matrix – cross reference between user and functional requirements and verification that everything has been tested
• Network and Infrastructure Qualification – documentation showing that the network and infrastructure hardware/software supporting the application system being validated has been installed correctly and is functioning as intended
• Installation Qualification (IQ) Scripts and Results – test cases for checking that system has been installed correctly in user environment
• Operational Qualification (OQ) Scripts and Results – test cases for checking that system does what it is intended to do in user environment
• Performance Qualification (PQ) Scripts and Results – test cases for checking that System does what it is intended to do with trained people following SOPs in the production environment even under worst case conditions
• Validation Report – a review of all activities and documents against the Validation Plan
• System Release Documentation – documents that validation activities are complete and the system is available for intended use.

With a thorough understanding of the SDLC, complemented by our experience with and knowledge of business processes in numerous sectors, Astrix can offer CSV support for all BIOVIA applications in any industry. Our computer system validation professionals provide you with a best practice CSV methodology, along with the peace of mind that comes from knowing your CSV documentation has been produced by experts. Additionally, we staff projects based on required expertise and scope, and provide nearshoring options in order to offer the most efficient and cost-effective CSV services possible.

Finally, our experienced professionals can provide support for all aspects of your BIOVIA informatics projects, from system architecture and design to implementation and integration. As the premier BIOVIA services partner, Astrix offers increased value to customers through specific design, implementation and/or integration services leveraging BIOVIA applications and software. Utilizing BIOVIA applications, Astrix helps enterprises build a scalable, integrated, and supported laboratory informatics application landscape.

Conclusion

Effective, risk-based validation of computerized systems is becoming more and more critical in light of new rules effected by international regulatory agencies. In addition to version lock, poor product quality and excessive consumption of IT resources, the cost of inefficient or ineffective CSV processes can include regulatory action. With regards to the FDA, for example, the consequences of failing to do adequate CSV may include one or more of the following:

• Warning Letters
• Product seizures
• Import restrictions
• Clinical hold
• Rejection of application data
• Delay in approval of new products or facilities
• Consent decree
• Injunction
• Disqualification of clinical investigators
• Debarment
• Criminal prosecution

These actions can be costly and even potentially devastating to an organization. In order to avoid them, it is wise to work with a quality informatics consultant who understands the regulations in your industry and can perform efficient and effective risk-based CSV assessment and testing.

About Astrix

Astrix is the unrivaled market-leader in creating & delivering innovative strategies, solutions, and people to the life science community.  Through world class people, process, and technology, Astrix works with clients to fundamentally improve business & scientific outcomes and the quality of life everywhere. Founded by scientists to solve the unique challenges of the life science community, Astrix offers a growing array of strategic, technical, and staffing services designed to deliver value to clients across their organizations.

The post Creating Validation Documentation for BIOVIA Applications appeared first on Astrix.

• Pharmaceuticals
• Biologicals
• Medical Devices
• Blood and blood components
• Human cell and tissue products
• Infant Formulas

Computer system validation is required when configuring a new system or making a change in a validated system (upgrades, patches, extensions, etc.).

CSV processes should be based on applicable regulations and guidance, best practices for the domain, and the characteristics of the system being validated. In this blog, we will discuss best practice recommendations for efficient and effective risk-based CSV assessment and testing.

Computer System Validation 101

With regards to Computer system validation, a “computer system” in an FDA regulated laboratory is not just computer hardware and software. A computer system can also include any equipment and/or instruments connected to the system, as well as users that operate the system and/or equipment using Standard Operating Procedures (SOPs) and manuals.

Computer system validation helps to ensure that both new and existing computer systems consistently fulfill their intended purpose and produce accurate and reliable results that enable regulatory compliance, fulfillment of user requirements, and the ability to discern invalid and/or altered records. CSV utilizes both static and dynamic testing activities that are conducted throughout the software development lifecycle (SDLC) – from system implementation to retirement.

The FDA defines software validation as “Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.” Computer systems need to be examined to confirm that the system will work in all situations. Additionally, all validation activities and test results need to be documented.

All CSV activities should be documented with the following:

• System inventory and assessment – determination of which systems need to be validated
• User requirement specifications – clearly defines what the system should do, along with operational (regulatory) constraints
• Functional requirement specifications – clearly defines how the system will look and function for the user to be able to achieve the user requirements.
• Validation Plan (VP) – defines objectives of the validation and approach for maintaining validation status
• Validation Risk assessments – analysis of failure scenarios to determine scope of validation efforts
• Validation Traceability Matrix – cross reference between user and functional requirements and verification that everything has been tested
• Network and Infrastructure Qualification – documentation showing that the network and infrastructure hardware/software supporting the application system being validated has been installed correctly and is functioning as intended
• Installation Qualification (IQ) Scripts and Results – test cases for checking that system has been installed correctly in user environment
• Operational Qualification (OQ) Scripts and Results – test cases for checking that system does what it is intended to do in user environment
• Performance Qualification (PQ) Scripts and Results – test cases for checking that System does what it is intended to do with trained people following SOPs in the production environment even under worst case conditions
• Validation Report – a review of all activities and documents against the Validation Plan
• System Release Documentation – documents that validation activities are complete and the system is available for intended use.

Best Practices for Computer System Validation

Develop Clear and Precise Functional and User Requirements. One of the biggest mistakes companies make when starting an informatics project is to not do the strategic planning necessary to ensure success. The first step in any laboratory informatics project should always be a thorough workflow and business analysis. This process allows the development of clear and precise functional and user requirements that are tailored to your unique operating environment to a high degree of specificity and defined at a level that can be addressed through the new software. Without clear and precise requirements, CSV will not be able to adequately verify that the system is functioning as intended.

Perform risk-based CSV. CSV takes a lot of time and IT resources to accomplish, so it is wise to follow a flexible GAMP 5 approach that utilizes a risk-based assessment on the system to determine required test cases and the optimal level of testing for each. CSV efforts should concentrate on what is practical and achievable for the critical elements of the system that affect quality assurance and regulatory compliance. Benefits of this risk-based approach to CSV include reduced cost, business risk, duration of the validation efforts.

Create a Good Validation Plan. Like any technical endeavor, CSV processes should be guided by a good plan that is created before the project starts. This plan will define the objectives of the validation, the approach for maintaining validation status over the full SDLC, and satisfy all regulatory policies and industry best practices (e.g., GAMP 5). The validation plan will be created by people who have a good knowledge of the technology involved (i.e., informatics systems, instruments, devices, etc.) and serve to minimize the impact of the project on day-to-day lab processes.

The validation plan should detail the following:

• Project Scope – outlines the parts of the system that will be validated, along with deliverables/documentation for the project. Validation activities are only applied to aspects of the system that will be utilized by the company.
• Testing Approach – Defines the types of data that will be used for testing, along with the kind of scenarios that will be tested.
• Testing Team and Responsibilities – Lists the members of the validation team, along with their roles and responsibilities in the validation process.
• Acceptance Criteria – Defines the requirements that need to be satisfied before the system is considered suitable for use in regulated activities.

Create a Good Team. The project team should have CSV experience and knowledge of regulatory guidelines/compliance, validation procedures, laboratory processes, and the technology (e.g., informatics software, laboratory devices and instruments, etc.) being validated. It is important that the team is big enough so that members are not stretched too thin during the project. Outsourcing to a third party to augment the validation team with subject matter expertise may be appropriate in some instances.

Avoid Ambiguous Test Scripts. This mistake is related to the importance of developing clear and precise functional and user requirements for the system in question, as described above. Precise requirements lead to precise validation testing that confirms the system is fulfilling its intended use. Additionally, vendor test scripts typically only validate the base system requirements and will not be sufficient to ensure regulatory compliance.

Create Good Documentation. CSV processes and results need to be clearly documented over the full SDLC to the extent that the documents are sufficient to pass an audit by regulatory agencies. Having project team members with good understanding of regulatory guidelines is an important part of creating the necessary documentation.

Audit third-party Providers. In addition to performing CSV on internal systems, an FDA-regulated company needs to be prepared to audit third-party service providers (e.g., CROs), along with vendors of critical applications and cloud-based services (SaaS). The manufacturer of an FDA-regulated product is ultimately responsible for the integrity of the data that supports the product’s efficacy and safety, so if third-party vendors or service providers are used, the manufacturer needs to take appropriate steps to ensure that they are operating under standards that would hold up under an FDA inspection.

A risk-based assessment should be conducted to determine if an audit is necessary. At the minimum, formal agreements that clearly detail responsibilities must exist between the manufacturer and any third parties that are used to provide, install, configure, integrate, validate, maintain or modify a computerized system.

Conclusion

Effective, risk-based validation of computerized systems is an important part of maintaining regulatory compliance and product quality in modern laboratories. Inefficient or ineffective CSV processes prevents projects from being delivered on time and within budget and can also result in regulatory action. With regards to the FDA, for example, regulatory action due to failure to perform adequate CSV can be legally and financially devastating to an organization.

If you have additional questions about computer system validation, or would like to have an initial, no obligations consultation with an Astrix informatics expert to discuss your validation project, please feel free to contact us.

The post Best Practices for Computer System Validation appeared first on Astrix.