The focus is on patient safety, product quality, and data integrity, as well as operational efficiency and regulatory compliance.
GAMP5 (Good Automated Manufacturing Practice, Version 5, 2nd Edition) defines validation as a risk-based process to ensure that computer-based systems in the pharmaceutical and healthcare industries:
- Are suitable for their intended purpose
- Comply with applicable regulations
- Operate consistently and reliably
This article provides – as a guideline – an overview of some reasons, benefits, and important measures of CSV.
In every case, a qualified person must decide individually how to proceed and what measures to apply.
Why Perform Computer System Validation?
Protection of Patient Safety
CSV increases the likelihood of systems to operate correctly and reduces the risk of producing defective products, thus focusing on the most important: patient safety.
Regulatory Compliance
Legal requirements have to be met and fulfilled, such as:
- 21 CFR Part 11 (FDA) – Requirements for electronic records and signatures.
- EudraLex Vol. 4 Annex 11 (EU) – Requirements for computerized systems.
Aim is to demonstrate compliance through complete validation documentation and to avoid consequences of non-compliance.
Data Integrity and Security
The threats to critical infrastructure are ever-increasing, with cyber attacks becoming more frequent, sophisticated, and devastating. Ensuring the accuracy, reliability, and authenticity of data is key to patient safety. Guidance by applying principles of CSV like proper risk management and quality management strengthens vigilance and drives adaptive measures to protect vital systems.
Verify appropriate protecting against data loss, manipulation, and unauthorized access.
Enable data availability and traceability throughout the system lifecycle by evaluating risks and implementing measures.
Quality Assurance – Safety and Trust
QA is the core of CSV and the basis for building trust. Following a risk based approach, threats to quality and measures need to be identified and appropriate measures have to be implemented. Aim is to Identify and correct potential errors before system deployment.
In the operational phase risks need to be identified and mitigated before they become issues. Any issues have to be addressed and measures have to be implemented based. QA provides guidance and what to measure and observe:
- Ensure systems deliver consistent, accurate, and reproducible results.
- Minimize errors that could affect product quality or patient safety.
Business Process Efficiency
Ever changing customer requirements, Business process efficiency focuses on: optimizing processes through reliable systems, reducing downtime and error costs.
Goal is optimizing workflows, reducing waste, and maximizing productivity to transform inputs into valuable outputs efficiently.
Key Components of Business Process Efficiency
- Process Optimization: Streamline workflows to eliminate redundancies and unnecessary steps.
- Resource Allocation: Ensure effective use of human, financial, and material resources.
- Technology Integration: Leverage appropriate tools and software to automate and enhance processes.
- Continuous Improvement: Regularly review and refine processes to adapt to changing business needs.
Risk Management
Identify and minimize risks to patient safety, product quality, and data integrity. Risk management enables a high impact culture by identifying high risks.
Understand potential trigger and when collecting risks, focus on occurrence, likelihood of detection and impact to perform qualitative and if required quantitative risk analysis to define appropriate measures and to avoid risks becoming issues.
Key Parameters of Computer System Validation
System Lifecycle (SLC)
This includes planning, implementation, validation, operation, and decommissioning of a system.
Best practices include the usage of frameworks like ITIL for system operations and asset management.
Risk-Based Approach
A Risk-Based Approach (RBA) is a fundamental concept in Good X Practice (GxP) systems, including Good Manufacturing Practice (GMP), that focuses on identifying, assessing, and mitigating risks that could impact product quality and patient safety.
Key Principles of Risk-Based Approach in GxP
- Product and Process Understanding: Thorough knowledge of processes and products is essential for effective risk assessment.
- Quality Risk Management: Systematic evaluation of potential risks to product quality, using tools like Failure Mode and Effects Analysis (FMEA) and Hazard Analysis and Critical Control Points (HACCP).
- Resource Prioritization: Focusing efforts and resources on areas with the highest potential impact on product quality and patient safety.
- Continuous Improvement: Regular review and update of risk assessments to adapt to changes in processes or new information.
User Requirements (URS)
Clear and complete documentation of system requirements is essential for any further steps or activities. Only measurable user requirements enable proper implementation verification during testing.
During user requirement collection principles like SMART or SIPOC should be followed. SIPOC (Suppliers, Inputs, Process, Outputs, Customers) and SMART (Specific, Measurable, Achievable, Relevant, Time-bound) are two powerful frameworks that can be combined to create comprehensive and effective user requirements in software development and project management.
SIPOC Framework
The SIPOC framework provides a high-level view of a process or system:
- Suppliers: Who provides inputs to the process?
- Inputs: What resources are needed?
- Process: What are the main steps?
- Outputs: What are the results?
- Customers: Who receives the outputs?
SMART Criteria
SMART criteria ensure that requirements are well-defined and actionable:
- Specific: Clear and unambiguous
- Measurable: Quantifiable and verifiable
- Achievable: Realistic within project constraints
- Relevant: Aligned with project goals
- Time-bound: Has a defined timeline
Documentation
The GAMP Guide recommends a set of documents, depending on given criteria for proper capturing and documentation of a strategy, decisions, requirements, risks, measures and activities. The documents include – non exhaustive: Validation plan, test protocols (IQ, OQ, PQ), reports, and change control.
All activities and results must be traceably documented.
Data Integrity
Data Integrity is essential for data storage and all processes around data handling. Ensuring ALCOA+ principles triggers measures for data integrity risk assessments and measures to be implemented:
A: Attributable
L: Legible
C: Contemporaneous
O: Original
A: Accurate
Test Management
Structured and comprehensive testing verifies the successful implementation of user requirements (e.g., Installation Qualification, Operational Qualification, Performance Qualification).
Change Control
Change control is required for every successful project. Particularly when CSV is involved, changes have to be properly prepared, approved before execution, verified and closed. Best practice are documented change processes with defined roles and quality gates. Monitoring and documenting system changes to maintain validation has to be a given.
Supplier Selection:
When working with external suppliers, you have to get evidence of the suppliers quality standards to meet requirements as outlined by your QA. Ensuring the supplier is qualified and provides documentation and support is a critical element of your vendor management.
Summary:
Each subtitle is essential for successful CSV. The abstracts only scratch the surface of each topic and give food for thought.
Computer System Validation (CSV) ensures patient safety, product quality, and data integrity by ensuring a system operates reliably, safely, and compliantly. It enhances the quality, efficiency, and safety of business processes. CSV protects the manufacturer from regulatory and financial risks. Various parameters – from risk assessment to supplier selection – ensure the system meets requirements throughout its lifecycle.
How to implement CSV in you project – especially if your project is agile? The following article will delve into how you can leverage Agile methodologies while maintaining robust CSV practices, overcoming common challenges to achieve manufacturing excellence.
