The current era of digitalization has certainly made our working lives easier. Gone are the days when everything needed to be filed by hand and finding records was a day’s worth job. Currently, almost every process that can be computerized is being computerized.
However, computerized systems also come with their own set of challenges. A computerized system needs to be reliable, consistent, and correct. In the life sciences industry, these standards need to be checked and maintained periodically as part of regulatory compliance.
A Computer System Validation (CSV) is part of keeping a computer system up and running, as well as meeting regulatory requirements.
What is a computerized or computer system?
A computerized system, according to the FDA, is a unit of one or several computers or devices, that also runs a program and stores important data. It can be anywhere from a single personal computer to a huge network of devices and sensors.
In the pharmaceutical and medical device industries, computerized systems are commonly used. The delicate nature of the industry requires precise running of these systems every time. As a result, CSV is high up on a manufacturer's priority list.
Validation of computer systems and why we do it
'Validation' refers to checking something for accuracy. For any operation to go error-free, routine inspection and validation processes are crucial. For computer systems, that process is CSV.
This methodical process ensures that computer systems will always get the same results, no matter what. At the end of the validation process, the efficacy and accuracy of the computer system are verified and then it can be used for handling delicate data. This practice ensures accuracy, safety, and product quality.
Regulatory authorities worldwide require CSV validation before they allow products on the market. Failing to provide proof of CSV could lead to fines, lawsuits, and even product recalls.
Regulatory compliance aside, CSV is extremely important for any manufacturer wanting to avoid massive losses. As computer systems manage almost all data including development, production, marketing, supply chain, etc., any irregularity in the system affects data integrity and essentially renders months of work unusable. If undetected, it can severely affect the product quality as well.
Not to mention, patient and clinical trial data breaches can turn into lawsuits, putting at risk the entire operation.
How to do CSV validation?
Here are some key CSV tools and operations:
- User Requirement Specification (USR): CSV checks whether the system has a URS. The URS works as a guideline during the CSV, making the job much easier. The URS is based on the “end-users” and other stakeholders to make sure every requirement aspect of the computer system is covered. It gives exact criteria and requirements that the computer system should reflect.
- Traceability Matrix: This tool ensures that all system requirements and functions outlined in the URS are thoroughly verified using the appropriate validation tools. It works as a checklist for a thorough and proper CS validation.
- SOP: A Standard Operating Procedure is the step-by-step outline that is followed during the CSV process. This involves keeping detailed instruction on each step of the validation process and updating as needed. It comes in handy for regulatory purposes and risk management.
- VMP: A Validation Master plan is drawn up before the process starts. It outlines the scope, methods, resources, processes, objectives, assigned roles and expected time of the validation. It provides an organized roadmap to the validation process.
- Risk Management: Risk management is an integral part of any process associated with pharmaceutical and medical device industry. Identifying and eliminating potential risks in computerized system, hence, is a high priority during CSV.
- Change control: Any and all updates and changes to the system must be recorded and managed.
What are the regulatory expectations regarding CSV?
The process of CSV differs based on the system and the regulatory authority. For example, the EU and the US have different sets of requirements. However, the CSV process throughout the world have a lot in common.
The FDA requirements are in line with the ideal CSV process. A few key requirements are:
- Documentation is crucial for any regulatory or validation process. The FDA requires companies to submit detailed reports of the validation process and any updates or changes to the system. They also want reports of plans, processes and tests required for the validation.
- The FDA also requires all software and hardware used as a part or any stage of designing, production, packaging, labelling, updating of the computer system to comply with FDA regulations.
- A key factor of sound computer system is data integrity. The FDA requires the CSV to maintain it.
- It also focuses on change control, training, and timely reviews.
The EU also focuses on documentation, having protocols, data integrity like FDA. Some highlights from the EU requirements that you might miss are:
- An inventory regarding GMP functionality is required.
- The URS should be based on assessed risks and GMP.
- The EU focuses heavily on quality management. Hence, the CSV should also reflect the QMS policy of the company. The Validation report should include quality and performance assessments.
- All steps taken should be based on appropriate evidence.
All in all, the CSV processes worldwide are pretty standard. Following a standardizes process should be enough to defend the process to most regulatory authorities.
