Computerized system validation
Computerized system. A computerized system collectively controls the performance of one or more automated processes and/or functions. It includes computer hardware, software, peripheral devices, networks and documentation, e.g. manuals and standard operating procedures, as well as the personnel interfacing with the hardware and software, e.g. users and information technology support personnel.
Computerised systems should comply with the requirements of EU GMP Annex 11 and be validated for their intended purpose. This requires an understanding of the computerized system’s function within a process. For this reason, the acceptance of vendor-supplied validation data in isolation of system configuration and intended use is not acceptable. In isolation from the intended process or end-user IT infrastructure, vendor testing is likely to be limited to functional verification only, and may not fulfill the requirements for performance qualification.
For example, validation of computerized system audit trail:
• a custom report generated from a relational database may be used as a GMP system audit trail
• SOPs should be drafted during OQ to describe the process for audit trail verification, including definition of the data to be reviewed
• validation for intended use would include testing during PQ to confirm that the required data is correctly extracted by the custom report, and presented in a manner which is aligned with the data review process described in the SOP
Computerized systems should be validated at the level appropriate for their intended use and in accordance with quality risk management principles.
The purpose of validation of a computerized system is to ensure an acceptable degree of documented evidence that establishes confidence in the accuracy, reliability, and consistency in performance of the system in accordance with predetermined specifications. The validation data should meet the principles of being attributable, legible, contemporaneous, original and accurate (ALCOA) throughout the data lifecycle.
Computerized system validation should ensure that all necessary technical and procedural controls are implemented ensuring compliance with good documentation practices for electronic data generated by the system.
System elements that need to be considered in computerized system validation include:
- computer hardware and software
- related equipment and network components
- operating system environment
- procedures and systems documentation including user manuals
- data reviewers
- system application administrators
- network engineers
- database administrators
- people involved in archiving
Computerized system validation activities should address both system configuration as well as any custom-developed elements.
Computerized systems should be maintained in the validated state with risk-based controls appropriate to the different stages of the system lifecycle include:
- system planning
- system testing
- preparation and verification of standard operating procedures (SOPs) and training programmes
- system operation
- maintenance including:
- handling of software and hardware updates
- review, followed by system retirement
Computerized systems, including equipment with software components, require:
- user requirements specification
- functional requirements specifications
- design specifications
- configuration specifications
- development of SOPs
- training programmes for system use and administration
- IQ, OQ and PQ validation testing
Computerized system validation includes tests such as stress, load, volume and other performance verification tests that mimic the live production environment. It also includes user acceptance testing according to draft SOPs and training as well as end-to-end business processes for intended use.
We provide validation services of the following computerized systems:
- automated process control systems
- building management system (BMS)
- laboratory instrument control systems
- laboratory information management systems (LIMS)
- business systems (enterprise resource planning (ERP), manufacturing resource planning (MRP II))
- Software with statistical and mathematical calculations (Excel)
For each system, we provide the following consulting and validation services:
- validation master plan development
- risk management plan
- system acceptance criteria
- vendor selection and assessment
- computerized system validation (IQ, OQ, PQ)
- configuration management and change control procedures
- back-up and recovery procedure
- error handling and corrective action procedure
- contingency planning and disaster recovery (Business continuity plan)
- maintenance and support procedures
- system requirement verification