Posted on Lab Compliance. 5 December, 2017
Computer systems have produced significant changes to business processes in every industry by facilitating workflow automation and information management. These technologies are used to transform internal business processes, as well as enhance how businesses interface with customers and other businesses.
Computer system validation (CSV) is a documented process which assures that a computerized system does exactly what it is designed to do in a consistent and reproducible manner. Validation of computer systems is required by most regulatory agencies around the world in order to confirm data accuracy and integrity in systems so that product safety and effectiveness is ensured. The FDA, for example, requires pharmaceutical companies to perform CSV for systems that support the production of the following products:
Computer system validation is required when either making a change in a validated system (upgrades, patches, extensions, etc.), or configuring a new system.
In today’s challenging economic environment, companies are seeking to improve operational efficiencies while keeping pace with the ever-evolving regulatory landscape. Toward this end, computer systems that streamline compliance and provide efficiencies over paper-based processes are deemed essential. Too often, however, companies get locked into the initial version of their software due to the cumbersome impact and cost CSV has on the upgrade process. In this article, we will give a basic overview of validation best practices, and discuss how BIOVIA applications are designed to avoid the version lock scenario and significantly reduce the amount of work required to complete necessary CSV processes.
Computer System Validation Basics
An effective CSV process helps to assure that both new and existing computer systems consistently fulfill their intended purpose by producing results which facilitate data accuracy and reliability, regulatory compliance, consistent intended performance, fulfillment of user requirements, and the ability to discern invalid and/or altered records. CSV requires the use of both static and dynamic testing activities that are conducted throughout the software development lifecycle (SDLC).
A “Computer System” in an FDA regulated laboratory is more than just computer hardware and software – it also includes any equipment and instruments connected to the system, as well as users that operate the system and/or equipment using Standard Operating Procedures (SOPs) and manuals. The FDA defines software validation as “Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled.” In other words, the software must be examined to confirm that it functions as defined in the requirements and is suitable for its intended use. The examination also needs to confirm that the software will work in all situations. Finally, all validation activities and test results need to be documented.
It is critical that companies perform risk-based CSV. It never makes sense to try to validate every aspect of every system. CSV takes a lot of time and IT resources to accomplish, so it is wise to do a thorough risk assessment to determine what is practical and achievable. CSV efforts should concentrate on the critical elements of the system that affect quality assurance and regulatory compliance.
The first step in this process is to determine user requirements and functional specifications for the system in question. Once this is accomplished, a Validation Plan is developed that outlines the following:
Once the Validation Plan is complete, CSV testing is performed:
The CSV process concludes with a Validation Report that documents the results of the testing:
In addition to performing CSV on internal systems, an FDA-regulated company needs to be prepared to audit third-party service providers (e.g., CROs), along with vendors of critical applications and cloud-based services (SaaS). The manufacturer of an FDA-regulated product is ultimately responsible for the integrity of the data that supports the product’s efficacy and safety, so if third-party vendors or service providers are used, the manufacturer needs to take appropriate steps to ensure that they are operating under standards that would hold up under an FDA inspection.
A risk-based assessment should be conducted to determine if an audit is necessary. At the minimum, formal agreements that clearly detail responsibilities must exist between the manufacturer and any third parties that are used to provide, install, configure, integrate, validate, maintain or modify a computerized system.
Validation for BIOVIA Applications
BIOVIA applications can be utilized to establish a digital thread over the full product lifecycle – from early materials discovery all the way through to product use and the customer experience. The integrated digital environment that is enabled with BIOVIA software provides numerous important benefits such as enhanced innovation, accelerated product development, improved process efficiency, and reduced cost and compliance risk.
In recognition of the challenges that CSV presents to companies in regulated industries, BIOVIA has designed automated validation tools that work with their software applications. A generic validation package is available containing testing scripts that help validate core functionality. Every time a piece of BIOVIA software gets updated or has new features added, the validation package is updated accordingly so it remains up to date.
The BIOVIA validation package comes with test scripts to follow, along with the set of requirements they are based on. This allows the customer to have a better understanding of what is being tested. The validation package contains:
When the system is configured or customized in ways that deviate from core functionality, the cross referencing of test scrips with requirements allows the customer to easily identify which testing scripts need to be modified from what is provided in the validation package.
With BIOVIA applications, a lot of the OQ testing is already done for you. The ability to easily validate common workflows with this package removes much of the burden of CSV for users of BIOVIA applications, since customers will only need to develop validation scripts for unique configurations or customization work that is done.
The ease of validation for BIOVIA applications helps facilitate regular upgrades. The user community benefits from enhancements in subsequent releases of the software in addition to more up to date support and training. In addition, once the system configuration has been validated, BIOVIA software allows layered permissions to prevent lab technicians from changing the system configuration. This ensures that technicians perform all work on a validated system.
When performing CSV, it is important to work with a quality consultant who understands FDA regulations (or the regulations for your specific industry) and can perform a risk-based assessment. This will help you identify critical validation processes that have a big impact on quality assurance and regulatory compliance, and ensure that you develop the proper scope for your validation efforts. A good CSV consultant can save you significant amounts of time and money in this area.
At Astrix, we are experts in IT risk identification and management including decades of regulatory compliance expertise. As such, we understand that computer system validation is not a “one size fits all” process. With over 20 years of validation experience, we work to create CSV processes that are based on applicable regulations and guidance, best practices for the domain, and the characteristics of the system being validated. Our validation professionals constantly update their knowledge of industry “best practices,” and stay abreast of regulations so we can help you comply with complex and ever-changing global compliance requirements.
Our CSV deliverables typically include:
With a thorough understanding of the SDLC, complemented by our experience with and knowledge of business processes in numerous sectors, Astrix can offer CSV support for all BIOVIA applications in any industry. Our computer system validation professionals provide you with a best practice CSV methodology, along with the peace of mind that comes from knowing your CSV documentation has been produced by experts. Additionally, we staff projects based on required expertise and scope, and provide nearshoring options in order to offer the most efficient and cost-effective CSV services possible.
Finally, our experienced professionals can provide support for all aspects of your BIOVIA informatics projects, from system architecture and design to implementation and integration. As the premier BIOVIA services partner, Astrix offers increased value to customers through specific design, implementation and/or integration services leveraging BIOVIA applications and software. Utilizing BIOVIA applications, Astrix helps enterprises build a scalable, integrated, and supported laboratory informatics application landscape.
Effective, risk-based validation of computerized systems is becoming more and more critical in light of new rules effected by international regulatory agencies. In addition to version lock, poor product quality and excessive consumption of IT resources, the cost of inefficient or ineffective CSV processes can include regulatory action. With regards to the FDA, for example, the consequences of failing to do adequate CSV may include one or more of the following:
These actions can be costly and even potentially devastating to an organization. In order to avoid them, it is wise to work with a quality informatics consultant who understands the regulations in your industry and can perform efficient and effective risk-based CSV assessment and testing.
About the Author
|Rob Knippenberg is a Managing Director for Astrix Technology Group in the Informatics Professional Services Practice. He is focused on customer informatics solutions delivery through strategic partnerships with many of the top scientific software and services providers. Mr. Knippenberg brings to the role over 25 years of experience in scientific software project and program management, directing widely distributed global teams. During his career, Mr. Knippenberg has worked with hundreds of commercial, academic, and government institutions delivering scientific informatics solutions to many thousands of scientists|
Copyright (C) 2020