Computerized System Validation

Computerized System Validation

Questions on mind………

 What it is
 Why it required?
 When it will do?
 Who has to do?
 How to do?
Computerized System Validation

 What it is
Computer system validation is the documented process assuring that
computer based system will produce information or data that meets a set  Why it required?
of predefined requirement.
 When it will do?
Validating computerized systems that help to improve handling
complications and system performance in pharmaceutical companies and  Who has to do?
medical devices.
 How to do?
Computerized System Validation

 What it is
It enhances the reliability of system, resulting in fewer errors and less risk
to process and data integrity. It also reduces long term system and project  Why it required?
cost by minimizing the cost of maintenance and rework. Ability to provide
 When it will do?
all required documents readily by FDA, other regulatory agencies and your
customers when ever required.  Who has to do?
 How to do?
Performance of software and computer systems play a major
role in obtaining consistency and accuracy of data.
Computerized System Validation
Computer System Validation is require for companies that …

Product
Design
Develop Pharmaceuticals
Activiti

Conduct clinical trials Biologicals

Manufacture Medical Devices
Package Blood and Blood
es

Label Components

s
Store Human Cell and Tissue
Distribute Products
Install
Service
Computerized System Validation

 What it is
 Why it required?
 When it will do?
Introduction of new system/software which comes under computerized
data generation and reporting in GxP environment.
 Who has to do?
Egs: LIMS, QMS, DMS and LMS etc.,  How to do?
Computerized System Validation

 What it is
 Why it required?
 When it will do?
The following are responsible to perform validation.
• System Administrator/Technical team.  Who has to do?
• Vendor
 How to do?
• User representative.
Computerized System Validation Approach
Following activities covered during CSV execution;
 User Requirement Specifications (URS)
 Initial Risk Assessment
 Vendor Assessment/Audit
 Functional Risk Assessment (FRA)
 Functional Specifications(FS)
 Configuration Specifications(CS)/Design Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
URS shall consist of written specifications that describe the
 Initial Risk Assessment
user-required system attributes to ensure suitability for use in
 Vendor Assessment/Audit
the intended environment.
 Functional Risk Assessment (FRA)
 Functional Specifications(FS)
URS should cover but not limited too..
 Configuration Specifications(CS)/ Design
Functional/Operational, Environment, Data, Report, User role
Specifications(DS)
and privileges, Interface, Backup, archival, retrieval, regulatory
 Validation Plan
requirement details.
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
Initial Risk Assessment should be performed whether the  Vendor Assessment/Audit
required system meets the GxP applicability, 21 CFR part 11  Functional Risk Assessment (FRA)
(Electronic signatures & Electronic records) and GAMP  Functional Specifications(FS)
categorization.  Configuration Specifications(CS)/ Design
Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
Computerized System Validation
GAMP Categorization
Category Description

Platforms on which computer applications or elements are necessary to operate and

GAMP Category 1:
manage information technology environments run.
Infrastructure
Eg: Operating systems, firewall and antivirus.
Software without configurable functions, they are marketed freely or are integrated
GAMP Category 3: Non-
into hardware to allow their operation.
Configurable software
Eg: SAP, Empower.
They allow you to run a specific business process. These configurations include, but
GAMP Category 4: are not limited to, operating, measurement, control parameters, and may use other
Configurable software external interfaces to complete the function.
Eg: LIMS, QMS, DMS, LMS
They are tailored software's to meet specific needs of the organization that optimize
GAMP Category 5: Custom
its processes.
or bespoke software
Examples include software add-ons for categories 3 and 4.
Category 2 has been removed from GAMP Categorization and merged in Category 1.
 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
Compliance Verification for who providing the required  Vendor Assessment/Audit
Software by performing audit.  Functional Risk Assessment (FRA)
 Functional Specifications(FS)
 Configuration Specifications(CS)/ Design
Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
FRA shall be performed to identify, evaluate, mitigate and  Vendor Assessment/Audit
control the functionality risk to acceptable level. Mitigation  Functional Risk Assessment (FRA)
approach shall be ensuring through appropriate verification  Functional Specifications(FS)
(i.e., IQ/OQ/PQ).  Configuration Specifications(CS)/ Design
Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report

Functional Risk Assessment is required for Category 4 & Category 5 systems.

 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
 Vendor Assessment/Audit
 Functional Risk Assessment (FRA)
 Functional Specifications(FS)
 Configuration Specifications(CS)/ Design
How the software should look
Specifications(DS)
What data the software should capture and Logic, calculations
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
 Vendor Assessment/Audit
Database Design, Process Design, Security Design, Interface
 Functional Risk Assessment (FRA)
Design, Architecture Design and Network requirements.
 Functional Specifications(FS)
 Configuration Specifications(CS)/ Design
Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
An approach of validation which involves responsibilities,
 Vendor Assessment/Audit
validation deliverables, requirement of SOPs/Training, testing
 Functional Risk Assessment (FRA)
and release of system for commercial use.
 Functional Specifications(FS)
 Configuration Specifications(CS)/ Design
Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)

Confirmation of system is assembled, installed and configured  Initial Risk Assessment

by manufacturer as per in-house requirements.  Vendor Assessment/Audit

 Functional Risk Assessment (FRA)

Testing includes but not limited too…..  Functional Specifications(FS)

• Connectivity  Configuration Specifications(CS)/ Design

• Physical security Specifications(DS)

• Access controls  Validation Plan

• Installation of software & hardware  Installation Qualification (IQ)

 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
 Confirmation that all functionality is present against to
 Initial Risk Assessment
functional specification.
 Vendor Assessment/Audit
 Confirmation that all features are working as specified.
 Functional Risk Assessment (FRA)
 Verification covers but not limited too…
 Functional Specifications(FS)
• Privileges matrix verification.
 Configuration Specifications(CS)/ Design
• Functionality verification and its accuracy.
Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
 Vendor Assessment/Audit
 Functional Risk Assessment (FRA)
 Functional Specifications(FS)
 Configuration Specifications(CS)/ Design
Specifications(DS)
Verification of system whether system can operate the process  Validation Plan
as specified in the URS under production environment/server.  Installation Qualification (IQ)
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
 Vendor Assessment/Audit
 Functional Risk Assessment (FRA)
 Functional Specifications(FS)
 Configuration Specifications(CS)/ Design
Specifications(DS)
 Validation Plan
Verification of system whether meets the requirements against
 Installation Qualification (IQ)
to URS, IQ, OQ and PQ.
 Operational Qualification (OQ)
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
 Computerized System Validation
 User Requirement Specifications (URS)
 Initial Risk Assessment
 Vendor Assessment/Audit
 Functional Risk Assessment (FRA)
 Functional Specifications(FS)
 Configuration Specifications(CS)/ Design
Specifications(DS)
 Validation Plan
 Installation Qualification (IQ)
Confirmation of validation plan, testing summary, acceptance
 Operational Qualification (OQ)
criteria and authorization of entire validation outcome.
 Performance Qualification (PQ)
 Traceability Matrix (TM)
 Validation Summary Report
Computerized System Validation
Regulatory Requirement about Computerized System Validation

FDA 21 CFR 11 Electronic Record; Electronic Signatures

Subpart B‐‐Electronic Records, Sec. 11.10 Controls for closed systems.
Such procedures and controls shall include the following: (a) Validation of systems to ensure accuracy,
reliability, consistent intended performance, and the ability to invalid or altered records.

21 CFR 820 Quality System Regulation

Subpart C Design Controls, Sec. 820.30(g)
Design validation shall include software validation and risk analysis, where appropriate.
Subpart G Production and Process Controls, Sec. 820.70(i)
When computers or automated data processing systems are used as part of production or the quality system,
the manufacturer shall validate computer software for its intended use according to an established protocol.
All software changes shall be validated before approval and issuance. These validation activities and results
shall be documented.
Regulatory Requirement about Computerized System Validation

EudraLex Volume 4

Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use
Annex 11 Computerized Systems
The application should be validated; IT infrastructure should be qualified.

ICH Q7A, Good Manufacturing Practice for Active Pharmaceutical Ingredients

GMP related computerized systems should be validated. The depth and scope of validation depends on the
diversity, complexity, and criticality of the computerized application.
Regulatory Requirement about Computerized System Validation

PIC/S PI 011 Good Practices for Computerised Systems Used in Regulated “GXP” Environments

• Section 4.9 The regulated user should be able to demonstrate through the validation evidence that they have a
high level of confidence in the integrity of both the processes executed within the controlling computer system
and in those processes controlled by the computer system.
• Section 14.1 Regulated users need to be able to provide evidence for their computerised systems to
demonstrate their range, complexity, functionality, control and validation status.
• 16.1 Retrospective validation is not equivalent to prospective validation and is not an option for new systems.
Thank you