In the mid-1980’s, the Federal Food and Drug Administration (FDA) published its first guidelines for computer software validat

COMPUTER SYSTEM VALIDATION

Rashmin B. Patel^1* and Mrunali R. Patel²

ABSTRACT

FDA guidelines apply to all software and hardware used to automate device design, testing, component acceptance, manufacturing, labeling, packaging, distribution, complaint handling, or to automate any other aspect of the quality systems used in an environment where decisions produced by those systems can affect a product safety, purity or efficacy. Validation is the process of compiling written verification of all system functions and the performance of those functions to system specifications, as well as data integrity and system maintenance. That written documentation must be in alignment with the industry standards and regulatory laws that guide the FDA in their evaluation and enforcement of regulatory compliance. The ultimate goal of any computer system validation project is to realize and sustain compliance, while ensuring the peak performance and functionality of those systems.

INTRODUCTION

In the mid-1980’s, the Federal Food and Drug Administration (FDA) published its first guidelines for computer software validation for the pharmaceutical and biological industries. Since that time, regulations have become much more specific and formalized. Validation is the process of compiling written verification of all system functions and the performance of those functions to system specifications, as well as data integrity and system maintenance. That written documentation must be in alignment with the industry standards and regulatory laws that guide the FDA in their evaluation and enforcement of regulatory compliance.

To successfully manage compliance, each regulated system must be proven to operate in accordance with its intended use and design, and all documentation supporting that evidence - including the validation approach, Installation, Operational, Performance Qualification Protocols and Summaries - must culminate in FDA acceptable documentation.

The ultimate goal of any computer system validation project is to realize and sustain compliance, while ensuring the peak performance and functionality of those systems. Validation is a sound business practice that supports quality assurance, minimizes liability and promotes responsible and profitable operations.

WHAT SYSTEMS MUST BE VALIDATED?

FDA guidelines apply to all software and hardware used to automate device design, testing, component acceptance, manufacturing, labeling, packaging, distribution, complaint handling, or to automate any other aspect of the quality systems used in an environment where decisions produced by those systems can affect a product safety, purity or efficacy. In addition, all record keeping related to raw materials, product and sample distribution, test sample management and clinical trial data, including web-enabled interfaces, are subject to FDA inspection. Systems that maintain certain employee training records may even be subject to validation.

Validation requirements are typically categorized by the verification of systems dealing with Good Manufacturing Practices (GMPs), Good Laboratory Practices (GLPs), and Good Clinical Practices (GCPs.) But as the use of technology expands, more and more systems fall under the auspices of validation requirements. The list below identifies some of the systems that must follow FDA guidelines for validation.

ŽThe use of wireless technology to improve sales productivity is fast becoming the norm. If those wireless systems are used to control distribution of products or samples, such as electronic signature capture, the system must be validated to ensure compliance.

ŽSystems used to manage clinical trial data, whether provided internally or outsourced to a third party vendor, require validation.

ŽSystems that manage GMP training for employees also fall within FDA regulations for record keeping and reporting.

ŽBecause facility plans are required in an NDA submission and must meet specific facility requirements for manufacturing drugs, CAD systems or any system that maintains engineering plans and drawings of afacility might also require validation.

ŽThe integration of computer systems has greatly improved productivity and visibility within operations.

Each computer system has its own unique set of requirements. Most Life Science organizations have defined Standard Operating Procedures for computer system validation. To effectively deliver a compliant implementation, upgrade or integration, a consulting partner must provide a validation approach that is both comprehensive and flexible to accommodate the complexities of each system and organization, and meet the business needs of the client.

The most important steps in validation include:

ŽDefining the system and its functional requirements

ŽEstablishing software quality, both functional and structural

ŽMaintaining appropriate change control

ŽCreating comprehensive documentation and retrieval procedures

The solution is a methodology that aligns Standard Operating Procedures for system validation to the project plan used in the execution of the system, be it a stand-alone implementation or web-enabled integration.

LIFE CYCLE METHODOLOGY

The Life Cycle methodology is designed to incorporate validation activities with the phases of the system implementation to identify and document the following compliance requirements:

ŽDefinitions of hardware, software, system, and validation.

ŽSystems are designed, installed, tested and maintained to ensure their capability to perform proposed functions

ŽVerification of accurate data input/output

ŽVerification of data migration from existing systems

ŽRevalidation for system modifications, alterations or failure

ŽCreating and retaining records concerning electronic systems

Validation depend upon a stable system environment, any significant modifications to the system or its documentation must be acknowledged and addressed. Since the operating environment always includes variables that can influence the performance of the system, effective Change Control practices must be documented throughout. System failure, which could affect the products’ fitness-for-use or cause a product to be shipped incorrectly, must be also validated.

VALIDATION MASTER PLAN

The Validation Master Plan is the first step in identifying the validation approach, including necessary validation tasks, procedures for reporting and resolution, the validation responsibilities, and document deliverables for the project. Proper software validation is not an activity that occurs at the end of the project. Validation should begin when system requirements are being gathered. Typically, testing alone cannot verify that software is complete and correct. In addition to testing, other verification techniques and a structured and documented development process should be combined to ensure a comprehensive validation approach. Common pitfalls to be avoided include excessive paperwork (usually from poorly designed policies or forms) and inadequate change control practices.

DESIGN AND DEVELOPMENT

Computer system validation is a requirements verification process conducted throughout the project life cycle. To validate a computerized system, there must be predetermined and documented software specifications and requirements.

Defining the functional requirements for a system is the most important, and historically most neglected, area in system design. Developers tend to identify a major use or function for a new system and direct activities toward achieving that objective. To effectively validate a system design, all functions must be identified at this preliminary stage and activities established to verify the performance of each function throughout the project life cycle. It is at this stage that the hardware is usually installed and an Installation Qualification (IQ) is performed.

Size and complexity of the project is an important factor in establishing the appropriate level of effort and associated documentation in support of the validation of software and hardware. The larger the project and staff involved, the greater the need for formal communication, more extensive written procedures and management control of the process.

TESTING

Testing is a normal sequence in a system implementation to verify performance of the software and hardware to its specifications. Validation activities during testing further supplement those quality assurance practices. Testing also acts as a check and balance for errors or omissions inherent in the design.

Operational Qualification (OQ) and Performance Qualification (PQ) are documented during the Testing phase. OQ tests system at unit and integrated levels. PQ tests system in production-like environment and includes Stress Testing and Disaster Recovery testing.

Test plans, test procedures and test cases should be developed as early in the development lifecycle as possible. Such discipline helps to assure testability of requirement specifications and design specifications, and provides useful feedback regarding those specifications at a time when modifications can be most easily and cost effectively implemented.

IMPLEMENTATION

During the actual implementation, validation resources document project activities as the system is installed. Verification of performance and operational quality is validated. Documentation for system function and performance has been completed and installation procedures are verified. A Validation Summary Report serves as the final approval for rollout of a properly validated system. This summary verifies that all critical procedures have been executed and the functions of the system are in accordance with specifications.

SUPPORT

The proposed maintenance for the computer system also requires proper documentation. Data storage, archiving or backup procedures must be in place to ensure proper maintenance of records. In addition, specific procedures for data recovery in the event of a system failure must be validated.

CHANGE CONTROL

A validated system provides written verification of performance within a specific set of parameters, defined during the design process. Logically, any changes to those parameters will impact the integrity of the validation. It is therefore critical to deploy change controls within the validation process to accommodate future alterations and additions to the system or its functions once the system has been “frozen” prior to the beginning of formal testing. Change control procedures must be written and well understood through training, to ensure compliance. Unauthorized changes to a validated system, even during the implementation process, can have a detrimental affect on the system integrity.

FQuality assurance is the shared goal of pharmaceutical firms and the FDA. Computer system validation is the verification of performance quality and data integrity within any system that falls under regulatory requirements .

The following list summarizes key points in establishing and sustaining FDA compliance through proper computer system validation procedures:

ŽValidation is a quality assurance tool and a sound business practice that minimizes potential liabilities or delays resulting from non-compliance with FDA regulations, and expedites response should a public safety concern arise.

ŽThe validation approach must encompass the entire Life Cycle of a system implementation from the initial planning and design to implementation and support.

ŽValidation planning is a critical component of achieving compliance. Documented SOPs, as well as written verification of the validation approach, activities and reports is needed.

ŽAll functions to be performed by the system must be defined and documented in the validation process in accordance with FDA guidelines. For off the shelf software, functions that will not be used must also be defined.

Ž Though the software has the capability to meet compliance guidelines, it still must be validated and the use of audit trails, encryption protocols and security properly configured during installation.

ŽTesting alone is not sufficient for validation purposes, nor should it be considered the project point of entry for validation resources.

ŽEffective change control procedures must be developed and understood during the Life Cycle to support procedures for modifications and/or system re-validation.

ŽAny changes to the baseline parameters of a validated system, including additional functions or interfaces, require additional validation.

ŽAll documentation for properly validated systems must be in alignment with industry standards.

ŽThe expanded use of technology has increased the scope of validation requirements. Systems utilized by Sales, Marketing, Customer Service, HR, Finance, Engineering and Maintenance often fall under FDA regulation organization should establish firm controls on the implementation or integration of all systems to ensure the proper validation procedures are followed.

ŽSystems used by third party vendors, such as in the case of Clinical Trial Management, must be properly validated, along with any system receiving that data via interface or transfer.

Computerized Pharmaceutical System validation

Test Functions

1. Perform Installation Qualification.

2. Confirm that hardware and software descriptions are available.

3. Confirm that the documentation is appropriate, up‑to‑date, relevant, and complete.

4. Verify the digital transmission inputs and outputs as appropriate.

5. Verify analog transmission inputs and outputs as appropriate.

6. Verify data entry and boundary testing as appropriate.

7. Verify access control testing as appropriate.

8. Verify SOPs for operation, maintenance, and change control.

9. Verify training records.

10. Verify system recovery procedure.

Acceptance Criteria

1. The system is installed in accordance with design specifications based on manufacturer recommendations and cGMP guidelines. Instruments are calibrated, identified, and entered into the calibration program.

2. Hardware and software systems are verified as per manual.

3. The documentation is appropriate, up‑to‑date, relevant, and complete as per protocol.

4. The digital transmission inputs and outputs are verified.

5. The analog transmission inputs and outputs are verified.

6. The data entry and boundary testing meets the specification design.

7. The access control testing meets the specification design.

8. SOPs are available for operation, maintenance, and change control.

9. Training records are available.

10. System recovery procedure is available.

Computer validation can performed on the following systems:

Control systems for sterile/biotech equipment/systems including lyophilizers, sterile/bioreactors, filter systems, filter integrity test systems, pressure/temperature controls, packaging systems and environmental controls.
Laboratory systems including ovens, coolers, freezers environmental controls, laboratory information systems (LIMS), chromatography data collection systems and instrumentation. Other instruments validated include: UV-Vis spectrometers, FT-IR spectrometers, high performance liquid chromatography (HPLCs), gas chromatographs (GCs), and capillary electrophoresis systems (CEs).
Information management systems including electronic documentation management systems, laboratory information management systems (LIMS), maintenance management systems (MMS), manufacturing resources planning system (MRP II, ERP), order management systems (OMS), supervisory, control and data acquisition systems and (SCADA) systems and manufacturing execution systems (MES).
Bulk pharmaceutical manufacturing processing trains including reactors, blenders, centrifuges, dryers, temperature controls, vacuum/pressure controls, dispensing controls, and automated sequences.
Distributed Control Systems (DCSs) used to control and monitor environmental, bulk, secondary and sterile processes.
Programmable Logic Controllers (PLCs) utilized to control pharmaceutical process equipment.
Computerized Clinical Data Acquisition and Management Systems.
Solid dosage, ointments, creams, liquids and sterile packaging lines including check weighers.
Pharmaceutical blenders, mixers, granulators, dryers tablet coating systems and tablet presses.

CONCLUSION

The pharmaceutical industry has traditionally been affected by stringent regulation of the processes and functions associated with the development, production and marketing of their products. These rules and regulations – which have been extended to include computer systems associated with the development, production and marketing of pharmaceutical and medical products have been shaped by industry regulatory bodies, such as the Food and Drug Administration (FDA), in an evolutionary fashion. In order to have a complete computer system validation capability, pharmaceutical companies need to develop computer system validation programs and a strategy for dealing with common challenges. These programs should originate from business management at a global or company level.

REFERENCES

J.E. Krueger, J. Krueger, Computer system validation, in: I.R. Berry, Nash R.A. (Eds.), Pharmaceutical Process Validation, Marcel Dekker Inc., New York, 2003, pp. 167-188.
Guideline on General Principles of Process Validation. Washington DC: Center for Drug Evaluation and Research, US Food and Drug Administration, May 1987, p 9.
FDA, [draft] Guidance for Industry: General Principles of Software Validation draft 1997.
www.iqpc.co.uk/binary-data/IQPC_CONFEVENT/ pdf_file/3294.pdf
www.ivthome.com/conferences/computer_val.html
www.fcg.com/ life-sciences/computer-systems-development-and-validation.asp
www.clarkstonconsulting.com/WhitePaper/ ComputerSystemsValidation.pdf
www.management-forum.co.uk/pdfs/6-6104_LW.pdf
www.smi-online.co.uk/event_media/ overview.asp?isr=0400739
www.library.abb.com
www.accenture.com/xdoc/en/industries/ hls/pharma/csv.pdf
http://portal.acm.org/citation.cfm?id=807283&dl=ACM&coll=portal
www.dai-group.com/Solutions/CSV_W.htm
www.iagim.org/conference/asiaconf.pdf