SlideShare uma empresa Scribd logo

IT Validation Training

Robert Sturm
Robert Sturm

Presentation describes the importance of IT validation from the perspectives of the FDA and our company. It explains GAMP 5, the Validation Life Cycle, good documentation practices, document naming conventions, Change Control, Problem Management, Periodic Evaluation, FDA 483 Warning Letters and 21 CFR Part 11 and a unique Validation Life Cycle.

Tecnologia
1 de 35
Baixar para ler offline
IT Validation Who cares? Why is it so important? Bob Sturm Director, IT Validation
IT Validation - Agenda • What is validation? • Why validate software? • What does our company want? • What is the GAMP 5/Validation Life Cycle? • What does the FDA want? • What are good documentation practices? • What is our document naming convention? • What about Change Control for GxP systems? • Any Questions? • Check the IT Validation site on SharePoint for the latest validation templates as well as training, reference and administrative documentation for validation
Questions For You • How many here use validated computer systems? • How many here have been actively involved in a computer system validation (CSV) project? • How many here have used software, at work or at home, that doesn’t quite do what it’s supposed to?
What is validation? • FDA definition Establishing documented evidence that provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications (requirements) and quality attributes
What Does That Mean? • If it’s a critical GMP, GLP, or GCP process: • You have to know what it’s supposed to do • It has to work when it’s rolled out • It has to work over its expected lifetime • You have to be able to PROVE IT!
So What Is Computer Validation? • FDA definition: “Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled."
Okay… What Does That Mean? • We document what the user needs and what the system must do • This establishes intended use and predetermined specifications • We document testing of the system’s function and performance • This establishes that the system fulfills the requirements • We document proper engineering and quality assurance practices in the design, build, and installation of computer hardware and software • This establishes that the system should consistently work right • FIT FOR IT’S INTENDED USE!  Key
Why validate software?
How Do We Decide Whether To Validate? • If the system automates a process or manages records regulated by the GMPs, GCPs, or GLPs, we validate • Validation isn’t a fixed concept… • The amount of work, documentation, and $$ involved depends on: • The level of risk assigned to the system • The complexity of the system • Whether we write the software ourselves, or purchase it and install it ourselves, or use a system that’s hosted by a partner • Contact me or QA Systems
WAN Infrastructure (Qualified) • Validation layer CSCR GxP software applications Oracle (GxP) • Qualification layers: GLOBAL | LOCAL GMGT008 General IT Services Core IT Infrastructure Software and Network LAN Operating Systems Hardware Desktop Computers Data Centers ITMS processes – ISO certifications
The Difference between Validation and Qualification
Computer Validation Process • SOP for Validation of GxP Computer Systems • QA Systems does a GxP Risk Assessment • Complete a CSCR • Form a validation team • System owner • QA Systems • IT: Applications, Infrastructure, Validation • Decide what activities and deliverables are appropriate • Start the system implementation • Do formal validation testing and documentation • Use and maintain the system under procedural controls
Potential Validation Documents (GAMP 5) Validation Plan Validation Summary Data Migration (DM) User Risk Analysis Requirements PQ Protocol/ Scripts Functional Specs OQ Protocol/ Scripts Design specs IQ Protocol/ Scripts Trace Matrix
Even More Possible CSV Deliverables • Migration Qualification: assure that data from the old system makes it to the new system okay • Configuration Baseline Document • Training materials • SOPs/ WIs for system use, security, administration, etc. • All of these CSV documents have two purposes: • Prove to ourselves that it works and we did the validation right • Prove the same thing to an inspector, maybe years later, maybe when everyone who was involved is gone • One size does not fit all validations!
Policies vs. SOPs vs. Work Instructions • “Policies generally set the overall tone and are high- level requirements for the organization. • SOPs then add the "how to implement" back-bone to your policies. • Some companies then use Work Instructions as step- by-step procedures for doing a particular operation. • From an auditing perspective, whatever a person needs to do his or her job is a procedure. • The FDA considers policies, SOPs, procedures, work instructions, and your other internal guidance ALL as "procedures" under its regulations.” - Janis Olson, 22 years as an FDA field investigator and regional manager; May 2011
What does the FDA want? • www.fda.gov • Four key things: Validation Project Plan, Requirements, Test documents and a Validation Summary Report • Focus: Patient safety, Product quality and Data integrity • Complete, accurate, reliable and consistent • Audit trial, system security, access controls and data backup • “IF IT ISN’T DOCUMENTED, IT DIDN’T HAPPEN” (FDA and IT Industry Mantra)
What about 21 CFR Part 11? • As we started using computers more, inspectors found it hard to audit records required by the regulations • We also started using electronic signatures • 21 CFR Part 11 is intended to assure two things: • Electronic records required by regulations are as trustworthy and inspectable as paper records • Electronic signatures required by regulations are as valid and legally binding as wet ink signatures • If Part 11 applies to the records in your system, the required Part 11 controls simply become part of your validation requirements
Industry Mistakes and Misconceptions - From FDA field investigators • Focusing on a software package rather than the system as a whole • Failure to plan for and address configuration • Treating Part 11 as a quality issue • Part 11 is focused on electronic signatures • Audit trials can be manual • If I print and sign, I can delete the electronic record • Vendor certification is all that is needed for COTS software
FDA Warning Letters - 483 • Purpose • First warning of an issue from the FDA • Gets the attention of senior company management • Initiation of administrative enforcement • Impact • Corrective actions • Company’s reputation with the FDA
FDA 483 Warning Letters • FDA concludes that the…systems lack adequate validation and therefore are unacceptable for use in the production of drug products Trends • As many as half of all inspections are now focusing on some aspect of computerized system quality and compliance
SOP for Good Documentation Practices - Use MS Word’s Spell & Grammar Checker Initial & date cross outs. Only one line. Always use Validation Templates: a Blue or Black Always use the ballpoint pen latest version from SharePoint. Documentation Good Practices Complete all fields in forms, don’t leave any Use the correct date fields blank and write format: legibly 03-Nov-10 03Nov10 Keep it current. Store and retain it properly.
Neatness Counts!
Once Our System Is Validated • Validation shows that our system works… on the day that validation is complete • During the (hopefully) years the system is in operation, we need ongoing procedural controls, especially: • System use • Change control • Problem management • Periodic evaluation • Training for new users • Ongoing system administration and security administration
Change Control - CSCR • Uncontrolled changes to a validated system will make people question whether it’s really still validated • SOP for Computerized System Change Control • All changes to a validated system must be documented, justified, tested, and approved • Changes might be as simple as a software patch from the vendor, or as complex as installing a new version of the application • Each change includes a mini validation effort… or maybe not so mini, to assure and document that the system still works right
Problem Management - CSPR • When things aren’t working right, people may question whether the system is really still validated SOP for Computerized System Problem Reporting • Problems using or administering a validated GxP computer system must be reported, tracked, resolved, and approved • System users should report each issue to IT and the system owner • IT and system owners should consult with QA Systems to determine whether the issue rises to the level of a “formal problem” per the SOP • The fix for a problem may be quick, or it may turn into a change control
Periodic Evaluation • Every once in a while, we need to step back and take a look at our validated computer systems • SOP for Validation of GxP Computer Systems • Requires a periodic evaluation at least every three years (and an annual security check) • Evaluation includes original validation work, all change controls, all problem reports, discussions with system owner/users • Does the original validation work meet current standards? • Have planned or unplanned system changes caused issues? • Have changes outside the system caused issues? • End result: either we declare the system to still be validated, or we decide we need to perform some remedial activities
9 Most Common Validation Errors Validation Documents • Missing Information – All • Inconsistency – All • Lack of Needed Detail – URS and FS • Traceability – TM • Vague Wording – All • Unverifiable Test Results – Test scripts • GDP – Test scripts • Incomplete Testing – Test scripts • Ambiguity – URS and FS
Questions?? • The only dumb question is the one you don’t ask. * * * Complete your training record!
BONUS SECTION • Additional information
FDA 483 Inspectional Observations • “Validation…is inadequate in that there is no documentation of: validation plan, test plan, training plan or validation report • “Original specifications are not complete • “Validation…is inadequate in that there was no clear correlation and comparison between expected and actual test results • “Documentation of the validation…is inadequate in that observed test results are recorded only as a check mark. Actual observed results are not recorded. • “All functions of the software were not tested • “Testing was performed before test plans were approved
FDA Warning Letters – Computer Systems • Computer software • Lacks security to prevent unauthorized access • Has no audit trial capability • Lacks data security • Lacks documentation of changes • No documented software training • Changes obscure original data • Changes not restricted to authorized persons • Original records can be deleted from the computerized system without documentation • Inadequate system validation
Possible Computer Validation Deliverables • Validation Plan: what we want to accomplish • User Requirements: intended use and security • Functional Specification: what the system must do • Design Specification: how the system will do it • Installation Qualification: tests to show we put it together right • Operational Qualification: tests to show it functions correctly • Performance Qualification: tests to show it meets users’ needs • Trace Matrix: shows that all requirements were tested • Validation Report: summarizes what we did and how it went
21 CFR Part 11 • What is a Part 11 record? • Data is submitted to FDA in electronic format • Electronic signatures intended to be the equivalent of a handwritten signature • Things to consider: from the 21 CFR Part 11 document • Validation of systems • Audit trails – secure, computer-generated and time stamped • Ensure that only authorized individuals can access system • Persons associated with system have training, education and experience to perform their tasks • Written policies: SOPs and Work Instructions
21 CFR Part 11 – More items • More things: from the 21CFRPart11 document • Use of device checks to determine, as appropriate, the validity of the source data input • Use of operational system checks to enforce appropriate permitted sequencing of steps and events • Appropriate controls over system documentation • Electronic Signature (e-sig) • An e-sig is unique to one person, shall not be reused nor reassigned to anyone else • Person using an e-sig must certify to the FDA that their e-sig is equivalent to their handwritten signature • An e-sig is either biometric based or it consists of an identification code and a password
GAMP 5: IT Computer System Validation and Document Flow: Key Validation Documents ** EVALUATE ** ** PLAN ** - Major release A B K Validation/ - Added functionality Qualification Project Supplier Audit Plan ** REQUIREMENT ANALYSIS ** ** BUILD / TESTING ** ** BUILD / TESTING ** ** DEPLOYMENT ** IDENTIFY REQUIREMENTS WRITE PROTOCOL & EXECUTE TESTS SUMMARIZE TEST RESULTS TEST SCRIPTS WRITE FINAL REPORTS Installation Qualification Installation IQ Installation Qualification Validation/ User Protocol & Test Scripts Qualification Test Qualification D (Val Env) Summary Report Requirement Execution (Val Env.) Summary Report C Specifications (Val Env.) Functional F E F G G Specifications Design Operational Specifications Qualification Training Records Summary Report Operational Operational Qualification Protocol Qualification Test & Test Scripts Execution Performance Qualification Support Model Performance Summary Report Requirements Trace H I Matrix Qualification Test Execution Performance Qualification Protocol J & Test Scripts ** MAINTENANCE ** J Pre Post Implementation IQ IQ Summary Report Final WIs/ SOPs IQ Protocol & IQ Execution Test Scripts (Prod. Env.) (Prod Env.) Optional: C-Risk Analysis, D-Training Plan, D-Training Plan, (Production Env.) E-Detailed Design Specs., F-Configuration Spec., F-Configuration Spec., F J Post J CHANGE F G-Training & Manuals, H-Migration Qualification Protocol, G-Training & Manuals, H-Migration Qualification Protocol, CONTROL I-Draft WIs/ SOPs, J-Migration Qualification Report J-Migration Qualification Report Regression Test Protocol Regression Test Regression Test Administrative: A-GxP Assessment, B-IT Project Charter & CSCR, & Test Scripts Execution Summary Report K-MS Project Plan ** RETIREMENT **

Recomendados

Risk assessment for computer system validation
Risk assessment for computer system validationRisk assessment for computer system validation
Risk assessment for computer system validationBangaluru
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceGreenlight Guru
 
Gamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash raGamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash raJAYA PRAKASH VELUCHURI
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationRajendra Sadare
 
Using Risk Management for Validation
Using Risk Management for ValidationUsing Risk Management for Validation
Using Risk Management for ValidationRobert Sturm
 
GxP Assessment.docx
GxP Assessment.docxGxP Assessment.docx
GxP Assessment.docxWisdo2
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 newKalpeshkumar Vaghela
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationEric Silva
 

Recomendados

Risk assessment for computer system validation
Risk assessment for computer system validationRisk assessment for computer system validation
Risk assessment for computer system validationBangaluru
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceGreenlight Guru
 
Gamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash raGamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash raJAYA PRAKASH VELUCHURI
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationRajendra Sadare
 
Using Risk Management for Validation
Using Risk Management for ValidationUsing Risk Management for Validation
Using Risk Management for ValidationRobert Sturm
 
GxP Assessment.docx
GxP Assessment.docxGxP Assessment.docx
GxP Assessment.docxWisdo2
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 newKalpeshkumar Vaghela
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationEric Silva
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationGMP EDUCATION : Not for Profit Organization
 
Deviation management
Deviation managementDeviation management
Deviation managementwashington dengu
 
Change control,SOP,PHARMA,R&D,QC,QA
Change control,SOP,PHARMA,R&D,QC,QAChange control,SOP,PHARMA,R&D,QC,QA
Change control,SOP,PHARMA,R&D,QC,QANarasimha Sharma
 
Computer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanComputer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanWolfgang Kuchinke
 
CAPA Decision
CAPA DecisionCAPA Decision
CAPA DecisionTarek Elneil
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideProPharma Group
 
statistical process control
statistical process control statistical process control
statistical process controlAnkitaGorhe
 
Presentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical IndustryPresentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical IndustrySathish Vemula
 
computer system validation
computer system validationcomputer system validation
computer system validationGopal Patel
 
Auditing Manufacturing Process and Product and Process Information.pdf
Auditing Manufacturing Process and Product and Process Information.pdfAuditing Manufacturing Process and Product and Process Information.pdf
Auditing Manufacturing Process and Product and Process Information.pdfDr. Dinesh Mehta
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVAnil Sharma
 
21 cfr part 11 basic
21 cfr part 11 basic21 cfr part 11 basic
21 cfr part 11 basicBhagwatsonwane
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001Global Manager Group
 
The Ideal Salesforce Development Lifecycle
The Ideal Salesforce Development LifecycleThe Ideal Salesforce Development Lifecycle
The Ideal Salesforce Development LifecycleJoshua Hoskins
 
Risk Assessment for CAPA Determoination (decision)
Risk Assessment for CAPA Determoination (decision)Risk Assessment for CAPA Determoination (decision)
Risk Assessment for CAPA Determoination (decision)Tarek Elneil
 
principle of six sigma
principle of six sigmaprinciple of six sigma
principle of six sigmaLyceum of The Philippines University
 
ManageArtworks
ManageArtworksManageArtworks
ManageArtworksVilva Natarajan
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validationNilesh Damale
 
Understanding 21 cfr part 11
Understanding 21 cfr part 11Understanding 21 cfr part 11
Understanding 21 cfr part 11complianceonline123
 
Computer system validations
Computer system validations Computer system validations
Computer system validations Saikiran Koyalkar
 
Epitome Corporate PPT
Epitome Corporate PPTEpitome Corporate PPT
Epitome Corporate PPTEpitome Technologies Training
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 

Mais conteúdo relacionado

Mais procurados

Change control,SOP,PHARMA,R&D,QC,QA
Change control,SOP,PHARMA,R&D,QC,QAChange control,SOP,PHARMA,R&D,QC,QA
Change control,SOP,PHARMA,R&D,QC,QANarasimha Sharma
 
Computer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanComputer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanWolfgang Kuchinke
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideProPharma Group
 
statistical process control
statistical process control statistical process control
statistical process controlAnkitaGorhe
 
Presentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical IndustryPresentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical IndustrySathish Vemula
 
computer system validation
computer system validationcomputer system validation
computer system validationGopal Patel
 
Auditing Manufacturing Process and Product and Process Information.pdf
Auditing Manufacturing Process and Product and Process Information.pdfAuditing Manufacturing Process and Product and Process Information.pdf
Auditing Manufacturing Process and Product and Process Information.pdfDr. Dinesh Mehta
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVAnil Sharma
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001Global Manager Group
 
The Ideal Salesforce Development Lifecycle
The Ideal Salesforce Development LifecycleThe Ideal Salesforce Development Lifecycle
The Ideal Salesforce Development LifecycleJoshua Hoskins
 
Risk Assessment for CAPA Determoination (decision)
Risk Assessment for CAPA Determoination (decision)Risk Assessment for CAPA Determoination (decision)
Risk Assessment for CAPA Determoination (decision)Tarek Elneil
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validationNilesh Damale
 
Computer system validations
Computer system validations Computer system validations
Computer system validations Saikiran Koyalkar
 

Mais procurados (20)

Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
 
Deviation management
Deviation managementDeviation management
Deviation management
 
Change control,SOP,PHARMA,R&D,QC,QA
Change control,SOP,PHARMA,R&D,QC,QAChange control,SOP,PHARMA,R&D,QC,QA
Change control,SOP,PHARMA,R&D,QC,QA
 
Computer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanComputer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master Plan
 
CAPA Decision
CAPA DecisionCAPA Decision
CAPA Decision
 
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 GuideOverview of Computerized Systems Compliance Using the GAMP® 5 Guide
Overview of Computerized Systems Compliance Using the GAMP® 5 Guide
 
statistical process control
statistical process control statistical process control
statistical process control
 
Presentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical IndustryPresentation on data integrity in Pharmaceutical Industry
Presentation on data integrity in Pharmaceutical Industry
 
computer system validation
computer system validationcomputer system validation
computer system validation
 
Auditing Manufacturing Process and Product and Process Information.pdf
Auditing Manufacturing Process and Product and Process Information.pdfAuditing Manufacturing Process and Product and Process Information.pdf
Auditing Manufacturing Process and Product and Process Information.pdf
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSV
 
21 cfr part 11 basic
21 cfr part 11 basic21 cfr part 11 basic
21 cfr part 11 basic
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
 
The Ideal Salesforce Development Lifecycle
The Ideal Salesforce Development LifecycleThe Ideal Salesforce Development Lifecycle
The Ideal Salesforce Development Lifecycle
 
Risk Assessment for CAPA Determoination (decision)
Risk Assessment for CAPA Determoination (decision)Risk Assessment for CAPA Determoination (decision)
Risk Assessment for CAPA Determoination (decision)
 
principle of six sigma
principle of six sigmaprinciple of six sigma
principle of six sigma
 
ManageArtworks
ManageArtworksManageArtworks
ManageArtworks
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validation
 
Understanding 21 cfr part 11
Understanding 21 cfr part 11Understanding 21 cfr part 11
Understanding 21 cfr part 11
 
Computer system validations
Computer system validations Computer system validations
Computer system validations
 

Semelhante a IT Validation Training

SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...Sterling Medical Devices
 
SQA_Lec#01-1.ppt
SQA_Lec#01-1.pptSQA_Lec#01-1.ppt
SQA_Lec#01-1.pptAhmad Abbas
 
Continuous validation of office 365
Continuous validation of office 365Continuous validation of office 365
Continuous validation of office 365Montrium
 
jimmy vale csv ln
jimmy vale csv lnjimmy vale csv ln
jimmy vale csv lnjimmy vale
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsDigital-360
 
Validating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences ApplicationsValidating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences ApplicationsMontrium
 
Document Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateDocument Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateJeff Thomas
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_finalDuy Tan Geek
 
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...Perficient
 
Agile testing for embedded software development
Agile testing for embedded software developmentAgile testing for embedded software development
Agile testing for embedded software developmentTom Stiehm
 
05_SQA_Overview.ppt
05_SQA_Overview.ppt05_SQA_Overview.ppt
05_SQA_Overview.pptSaqibHabib11
 
Software UAT Case study - Finserv
Software UAT Case study - FinservSoftware UAT Case study - Finserv
Software UAT Case study - FinservOAK Systems Pvt Ltd
 
Software development life cycle
Software development life cycleSoftware development life cycle
Software development life cycleManindra Simhadri
 
How to improve your system monitoring
How to improve your system monitoringHow to improve your system monitoring
How to improve your system monitoringAndrew White
 

Semelhante a IT Validation Training (20)

Epitome Corporate PPT
Epitome Corporate PPTEpitome Corporate PPT
Epitome Corporate PPT
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...
 
When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...When Medical Device Software Fails Due to Improper Verification & Validation ...
When Medical Device Software Fails Due to Improper Verification & Validation ...
 
SQA_Lec#01-1.ppt
SQA_Lec#01-1.pptSQA_Lec#01-1.ppt
SQA_Lec#01-1.ppt
 
MES systems
MES systemsMES systems
MES systems
 
Continuous validation of office 365
Continuous validation of office 365Continuous validation of office 365
Continuous validation of office 365
 
jimmy vale csv ln
jimmy vale csv lnjimmy vale csv ln
jimmy vale csv ln
 
QA Basics and PM Overview
QA Basics and PM OverviewQA Basics and PM Overview
QA Basics and PM Overview
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence Solutions
 
Validating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences ApplicationsValidating SharePoint for Regulated Life Sciences Applications
Validating SharePoint for Regulated Life Sciences Applications
 
Document Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateDocument Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automate
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_final
 
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
How to Migrate Drug Safety and Pharmacovigilance Data Cost-Effectively and wi...
 
Agile testing for embedded software development
Agile testing for embedded software developmentAgile testing for embedded software development
Agile testing for embedded software development
 
Software Development
Software DevelopmentSoftware Development
Software Development
 
Software Quality
Software Quality Software Quality
Software Quality
 
05_SQA_Overview.ppt
05_SQA_Overview.ppt05_SQA_Overview.ppt
05_SQA_Overview.ppt
 
Software UAT Case study - Finserv
Software UAT Case study - FinservSoftware UAT Case study - Finserv
Software UAT Case study - Finserv
 
Software development life cycle
Software development life cycleSoftware development life cycle
Software development life cycle
 
How to improve your system monitoring
How to improve your system monitoringHow to improve your system monitoring
How to improve your system monitoring
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

IT Validation Training

  • 1. IT Validation Who cares? Why is it so important? Bob Sturm Director, IT Validation
  • 2. IT Validation - Agenda • What is validation? • Why validate software? • What does our company want? • What is the GAMP 5/Validation Life Cycle? • What does the FDA want? • What are good documentation practices? • What is our document naming convention? • What about Change Control for GxP systems? • Any Questions? • Check the IT Validation site on SharePoint for the latest validation templates as well as training, reference and administrative documentation for validation
  • 3. Questions For You • How many here use validated computer systems? • How many here have been actively involved in a computer system validation (CSV) project? • How many here have used software, at work or at home, that doesn’t quite do what it’s supposed to?
  • 4. What is validation? • FDA definition Establishing documented evidence that provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications (requirements) and quality attributes
  • 5. What Does That Mean? • If it’s a critical GMP, GLP, or GCP process: • You have to know what it’s supposed to do • It has to work when it’s rolled out • It has to work over its expected lifetime • You have to be able to PROVE IT!
  • 6. So What Is Computer Validation? • FDA definition: “Confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled."
  • 7. Okay… What Does That Mean? • We document what the user needs and what the system must do • This establishes intended use and predetermined specifications • We document testing of the system’s function and performance • This establishes that the system fulfills the requirements • We document proper engineering and quality assurance practices in the design, build, and installation of computer hardware and software • This establishes that the system should consistently work right • FIT FOR IT’S INTENDED USE!  Key
  • 9. How Do We Decide Whether To Validate? • If the system automates a process or manages records regulated by the GMPs, GCPs, or GLPs, we validate • Validation isn’t a fixed concept… • The amount of work, documentation, and $$ involved depends on: • The level of risk assigned to the system • The complexity of the system • Whether we write the software ourselves, or purchase it and install it ourselves, or use a system that’s hosted by a partner • Contact me or QA Systems
  • 10. WAN Infrastructure (Qualified) • Validation layer CSCR GxP software applications Oracle (GxP) • Qualification layers: GLOBAL | LOCAL GMGT008 General IT Services Core IT Infrastructure Software and Network LAN Operating Systems Hardware Desktop Computers Data Centers ITMS processes – ISO certifications
  • 11. The Difference between Validation and Qualification
  • 12. Computer Validation Process • SOP for Validation of GxP Computer Systems • QA Systems does a GxP Risk Assessment • Complete a CSCR • Form a validation team • System owner • QA Systems • IT: Applications, Infrastructure, Validation • Decide what activities and deliverables are appropriate • Start the system implementation • Do formal validation testing and documentation • Use and maintain the system under procedural controls
  • 13. Potential Validation Documents (GAMP 5) Validation Plan Validation Summary Data Migration (DM) User Risk Analysis Requirements PQ Protocol/ Scripts Functional Specs OQ Protocol/ Scripts Design specs IQ Protocol/ Scripts Trace Matrix
  • 14. Even More Possible CSV Deliverables • Migration Qualification: assure that data from the old system makes it to the new system okay • Configuration Baseline Document • Training materials • SOPs/ WIs for system use, security, administration, etc. • All of these CSV documents have two purposes: • Prove to ourselves that it works and we did the validation right • Prove the same thing to an inspector, maybe years later, maybe when everyone who was involved is gone • One size does not fit all validations!
  • 15. Policies vs. SOPs vs. Work Instructions • “Policies generally set the overall tone and are high- level requirements for the organization. • SOPs then add the "how to implement" back-bone to your policies. • Some companies then use Work Instructions as step- by-step procedures for doing a particular operation. • From an auditing perspective, whatever a person needs to do his or her job is a procedure. • The FDA considers policies, SOPs, procedures, work instructions, and your other internal guidance ALL as "procedures" under its regulations.” - Janis Olson, 22 years as an FDA field investigator and regional manager; May 2011
  • 16. What does the FDA want? • www.fda.gov • Four key things: Validation Project Plan, Requirements, Test documents and a Validation Summary Report • Focus: Patient safety, Product quality and Data integrity • Complete, accurate, reliable and consistent • Audit trial, system security, access controls and data backup • “IF IT ISN’T DOCUMENTED, IT DIDN’T HAPPEN” (FDA and IT Industry Mantra)
  • 17. What about 21 CFR Part 11? • As we started using computers more, inspectors found it hard to audit records required by the regulations • We also started using electronic signatures • 21 CFR Part 11 is intended to assure two things: • Electronic records required by regulations are as trustworthy and inspectable as paper records • Electronic signatures required by regulations are as valid and legally binding as wet ink signatures • If Part 11 applies to the records in your system, the required Part 11 controls simply become part of your validation requirements
  • 18. Industry Mistakes and Misconceptions - From FDA field investigators • Focusing on a software package rather than the system as a whole • Failure to plan for and address configuration • Treating Part 11 as a quality issue • Part 11 is focused on electronic signatures • Audit trials can be manual • If I print and sign, I can delete the electronic record • Vendor certification is all that is needed for COTS software
  • 19. FDA Warning Letters - 483 • Purpose • First warning of an issue from the FDA • Gets the attention of senior company management • Initiation of administrative enforcement • Impact • Corrective actions • Company’s reputation with the FDA
  • 20. FDA 483 Warning Letters • FDA concludes that the…systems lack adequate validation and therefore are unacceptable for use in the production of drug products Trends • As many as half of all inspections are now focusing on some aspect of computerized system quality and compliance
  • 21. SOP for Good Documentation Practices - Use MS Word’s Spell & Grammar Checker Initial & date cross outs. Only one line. Always use Validation Templates: a Blue or Black Always use the ballpoint pen latest version from SharePoint. Documentation Good Practices Complete all fields in forms, don’t leave any Use the correct date fields blank and write format: legibly 03-Nov-10 03Nov10 Keep it current. Store and retain it properly.
  • 23. Once Our System Is Validated • Validation shows that our system works… on the day that validation is complete • During the (hopefully) years the system is in operation, we need ongoing procedural controls, especially: • System use • Change control • Problem management • Periodic evaluation • Training for new users • Ongoing system administration and security administration
  • 24. Change Control - CSCR • Uncontrolled changes to a validated system will make people question whether it’s really still validated • SOP for Computerized System Change Control • All changes to a validated system must be documented, justified, tested, and approved • Changes might be as simple as a software patch from the vendor, or as complex as installing a new version of the application • Each change includes a mini validation effort… or maybe not so mini, to assure and document that the system still works right
  • 25. Problem Management - CSPR • When things aren’t working right, people may question whether the system is really still validated SOP for Computerized System Problem Reporting • Problems using or administering a validated GxP computer system must be reported, tracked, resolved, and approved • System users should report each issue to IT and the system owner • IT and system owners should consult with QA Systems to determine whether the issue rises to the level of a “formal problem” per the SOP • The fix for a problem may be quick, or it may turn into a change control
  • 26. Periodic Evaluation • Every once in a while, we need to step back and take a look at our validated computer systems • SOP for Validation of GxP Computer Systems • Requires a periodic evaluation at least every three years (and an annual security check) • Evaluation includes original validation work, all change controls, all problem reports, discussions with system owner/users • Does the original validation work meet current standards? • Have planned or unplanned system changes caused issues? • Have changes outside the system caused issues? • End result: either we declare the system to still be validated, or we decide we need to perform some remedial activities
  • 27. 9 Most Common Validation Errors Validation Documents • Missing Information – All • Inconsistency – All • Lack of Needed Detail – URS and FS • Traceability – TM • Vague Wording – All • Unverifiable Test Results – Test scripts • GDP – Test scripts • Incomplete Testing – Test scripts • Ambiguity – URS and FS
  • 28. Questions?? • The only dumb question is the one you don’t ask. * * * Complete your training record!
  • 30. FDA 483 Inspectional Observations • “Validation…is inadequate in that there is no documentation of: validation plan, test plan, training plan or validation report • “Original specifications are not complete • “Validation…is inadequate in that there was no clear correlation and comparison between expected and actual test results • “Documentation of the validation…is inadequate in that observed test results are recorded only as a check mark. Actual observed results are not recorded. • “All functions of the software were not tested • “Testing was performed before test plans were approved
  • 31. FDA Warning Letters – Computer Systems • Computer software • Lacks security to prevent unauthorized access • Has no audit trial capability • Lacks data security • Lacks documentation of changes • No documented software training • Changes obscure original data • Changes not restricted to authorized persons • Original records can be deleted from the computerized system without documentation • Inadequate system validation
  • 32. Possible Computer Validation Deliverables • Validation Plan: what we want to accomplish • User Requirements: intended use and security • Functional Specification: what the system must do • Design Specification: how the system will do it • Installation Qualification: tests to show we put it together right • Operational Qualification: tests to show it functions correctly • Performance Qualification: tests to show it meets users’ needs • Trace Matrix: shows that all requirements were tested • Validation Report: summarizes what we did and how it went
  • 33. 21 CFR Part 11 • What is a Part 11 record? • Data is submitted to FDA in electronic format • Electronic signatures intended to be the equivalent of a handwritten signature • Things to consider: from the 21 CFR Part 11 document • Validation of systems • Audit trails – secure, computer-generated and time stamped • Ensure that only authorized individuals can access system • Persons associated with system have training, education and experience to perform their tasks • Written policies: SOPs and Work Instructions
  • 34. 21 CFR Part 11 – More items • More things: from the 21CFRPart11 document • Use of device checks to determine, as appropriate, the validity of the source data input • Use of operational system checks to enforce appropriate permitted sequencing of steps and events • Appropriate controls over system documentation • Electronic Signature (e-sig) • An e-sig is unique to one person, shall not be reused nor reassigned to anyone else • Person using an e-sig must certify to the FDA that their e-sig is equivalent to their handwritten signature • An e-sig is either biometric based or it consists of an identification code and a password
  • 35. GAMP 5: IT Computer System Validation and Document Flow: Key Validation Documents ** EVALUATE ** ** PLAN ** - Major release A B K Validation/ - Added functionality Qualification Project Supplier Audit Plan ** REQUIREMENT ANALYSIS ** ** BUILD / TESTING ** ** BUILD / TESTING ** ** DEPLOYMENT ** IDENTIFY REQUIREMENTS WRITE PROTOCOL & EXECUTE TESTS SUMMARIZE TEST RESULTS TEST SCRIPTS WRITE FINAL REPORTS Installation Qualification Installation IQ Installation Qualification Validation/ User Protocol & Test Scripts Qualification Test Qualification D (Val Env) Summary Report Requirement Execution (Val Env.) Summary Report C Specifications (Val Env.) Functional F E F G G Specifications Design Operational Specifications Qualification Training Records Summary Report Operational Operational Qualification Protocol Qualification Test & Test Scripts Execution Performance Qualification Support Model Performance Summary Report Requirements Trace H I Matrix Qualification Test Execution Performance Qualification Protocol J & Test Scripts ** MAINTENANCE ** J Pre Post Implementation IQ IQ Summary Report Final WIs/ SOPs IQ Protocol & IQ Execution Test Scripts (Prod. Env.) (Prod Env.) Optional: C-Risk Analysis, D-Training Plan, D-Training Plan, (Production Env.) E-Detailed Design Specs., F-Configuration Spec., F-Configuration Spec., F J Post J CHANGE F G-Training & Manuals, H-Migration Qualification Protocol, G-Training & Manuals, H-Migration Qualification Protocol, CONTROL I-Draft WIs/ SOPs, J-Migration Qualification Report J-Migration Qualification Report Regression Test Protocol Regression Test Regression Test Administrative: A-GxP Assessment, B-IT Project Charter & CSCR, & Test Scripts Execution Summary Report K-MS Project Plan ** RETIREMENT **