SlideShare a Scribd company logo

CSV - Computer System Validation

J
JayaKrishna161

This document covers most of the topics in the CSV like Importance of CVS, Why to perform CSV, Validation Deliverables, Part 11 and Annex 11 Diferences

Software
1 of 46
Download to read offline
COMPUTERIZED SYSTEM VALIDATION Prepared by: Jaya Krishna Gude M.S. (Pharm.), NIPER. +91-7981145133 1
Flow of Presentation  Importance of CSV  Introduction to CSV  GAMP5  Data Integrity  Part 11 and Annex 11 Prepared by: G. Jaya krishna 2
Why to focus more on CSV?  Everything was going well before FDA and other regulatory agency started focusing in Data Integrity  Everything in Human life and Pharma industry is about Integrity.  In 2016, data integrity issues triggered more than one third of all regulatory actions  US FDA took maximum actions against china, India led the pack when it came to non-compliance reports issues by EU Regulators.  European Operations of Major Drug companies like GSK, Otuska, Teva were found to have serious Non-compliance concerns. Prepared by: G. Jaya krishna 3
Cont..  Everything was going well before FDA and other regulatory agency started focusing in Data Integrity  Everything in Human life and Pharma industry is about Integrity.  In 2016, data integrity issues triggered more than one third of all regulatory actions  US FDA took maximum actions against china, India led the pack when it came to non-compliance reports issues by EU Regulators.  European Operations of Major Drug companies like GSK, Otuska, Teva were found to have serious Non-compliance concerns. Prepared by: G. Jaya krishna 4
Cont..  In Teva’s Hungary Plant, US FDA Auditors found Quality Related documents in a waste bin and also found that lack of controls to prevent analysts from deleting data for the stand alone systems.  In the UK, GSKs API plant recalled more than 425,000 Bacroban antibiotic products after receiving a stern warning letter from FDA Regulators in july 2016 for Cross Contamination.  Failure to take corrective action in a timely manner can result in shutting down manufacturing facilities , consent decrees, and stiff financial penalties.  The ultimate result could be loss of jobs and companies suffering economic instabilities resulting in downsizing and possibly eventual bankruptcy. Prepared by: G. Jaya krishna 5
Cost of Non-Compliance  Cost of Non-compliance is 1000 times higher then the cost of compliance  Poor Record Integrity/ GxP Non-compliance will result in  FDA – 483 Observation (WL)  Import Alert  Consent Decrease  Criminal Prosecution  In the case of Serious Deficiencies/Critical Findings actions may need to be taken by inspectorate and EU authorities:  Prohibition of Supply  Batches withdrawn from the EU Market  Refusal of the granting of a marketing Authorization Prepared by: G. Jaya krishna 6
What is Validation ??  Establishing Documented Evidence that a provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications and quality attributes  Qualification is an act or process to assure something complies with some condition, standard or specific requirements  “We qualify a system and/or equipment and we validate a process”  Ex: “You will qualify an autoclave, where as you validate the sterilization process”  The term qualification is normally used for equipment, utilities and systems, and validation for process Prepared by: G. Jaya krishna 7
Why to perform Validation ??  Validation is predicate rule, hence it is mandatory to perform Computerized system validation  According to 21 CFR Part 820.70 (i) – When computers or automated data processing systems are used as part of production or the quality systems, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities and results shall be documented Prepared by: G. Jaya krishna 8
Purpose of Validation  To prove that we did validation right and system works as intended, identify any bugs by challenging the system. It increases the confidence level  The personnel involved in the validation are may no longer with the company to explain to the auditors. Proof of good validation should be maintained till retention (Documentation is most critical and has to be self explanatory) Which Systems needs Validation:  All Automated Systems, Computer System which is used to Store, Monitor or Control GXP Operation and Data needs validation. If system is controlled by the computer – PLC and it is storing electronic data and electronic signature more detailed validation needed.  Reduces risk and legal liability, Having the evidence that computer systems are correct for their purpose and operating properly represents a good business practice. Prepared by: G. Jaya krishna 9
Computerized System Validation  A Computerized system consists of the Software, Hardware and the networking components, Personnel together with the controlled functions and the associated documentation  According to the Regulatory guidelines Computerized system validation is stated as “ESTABLISHING DOCUMENT EVIDENCE.”  Ex: Automated manufacturing equipment, Quality control systems , equipment, laboratory, clinical (or) manufacturing data base systems. Prepared by: G. Jaya krishna 10
In general , a combination of hardware, software , people , documents, inputs, processing and outputs working together software Hardware Controlling process Equipment Operating Procedures and Documentation People and Training COMPUTER SYSTEM Prepared by: G. Jaya krishna 11
Computerized System Vs Computer System  Computerized System: Any programmable device having hardware, peripherals, software, procedures, users, interconnections and inputs for electronic processing & output of information Used for reporting or control  Computer System: A computer system is a set of integrated devices that input, output, process, and store data and information. Computer systems are currently built around at least one digital processing device. There are five main hardware components in a computer system: Input, Processing, Storage, Output and Communication devices. Prepared by: G. Jaya krishna 12
Types of Validation:  If data are transferred to another data format or system , validation should include checks that data are not altered in value and / or meaning during this migration process. E.g. Paper based reports, Screen shots, Video etc….  Prospective Validation – The validation of a new system as it is developed or The Validation conducted prior to the distribution of either a new product or product made under a revised manufacturing process  Retrospective Validation – The process of evaluating a computer system currently in operation against standard validation practices and procedures. The evaluation determines the reliability, accuracy, and completeness of a system (existing system)  Concurrent Validation – Validation Simultaneously with Production Prepared by: G. Jaya krishna 13
4Q Validation Overview (Traditional Method)  Design Qualification (DQ) – Documented evidence that the design of the system meets requirements  Installation Qualification (IQ) – System has been installed correctly  Operational Qualification (OQ) – System Operates according to the design  Performance Qualification (PQ) – System meets design criteria and operates according to requirement Prepared by: G. Jaya krishna 14
GAMP5  Good Automated Manufacturing Practice, Founded in 1991. International Society for Pharmaceutical Engineering (ISPE) sets the guidelines for manufacturers and the current Version is GAMP 5.  GAMP describes a set of principles and procedures that help ensure that pharmaceutical Software have required quality.  Computer system validation (CSV) following GAMP guidelines require users and suppliers to work together so that responsibilities regarding the validation process are understood. Prepared by: G. Jaya krishna 15
Why GAMP 5? •Facilitates the interpretation of regulatory requirements. •Establishes a common language and terminology. •Promotes a system life cycle approach based on good practice. •Clarifies roles and responsibilities. •Focus attention on those computerized systems with most impact on patient safety, product quality, and data integrity •Avoid duplication of activities. Prepared by: G. Jaya krishna 16
GAMP5 Key Concepts:  Product and Process understanding  Life cycle approach with in a QMS  Scalable Life Cycle Activities  Science-based Quality Risk Management  Leveraging Supplier Involvement Prepared by: G. Jaya krishna 17
Who plays validation role?  QA and Validation:  Author some major documents  Provide advice , training , auditing  Senior management for each group decides :  Which systems to buy or build  How much resources to make available  What risks are acceptable  Support groups (IT Infrastructures):  Maintain proper network environment  Troubleshooting and maintenance  Desktop and infrastructure control Prepared by: G. Jaya krishna 18
Validation overview / Computerized system life cycle:  Concept - During the concept phase the regulated company considers opportunities to automate one or more business processes based upon business and benefits. At this phase, initial requirements will be developed and potential solutions considered. From an initial understanding of scope, costs and benefits a decision is made on whether to proceed to the project phase.  Project - The project phase involves planning, supplier assessment and selection, various levels of specification, configuration and verification leading to acceptance and release for operation. Risk management is applied to identify risks and to remove or reduce them to an acceptable level.  Operation - This phase is the longest phase and is managed by the use of defined, up to date, operational procedures applied by personnel who have appropriate training, education, and experience. Maintaining control (Including Security), fitness for intended use and compliance are key aspects. The management of changes of different impact, scope and complexity is an important activity during this phase.  Retirement - The final phase is the ultimate retirement of the system. It involves decisions about data retention, migration or destruction and the management of these processes. Prepared by: G. Jaya krishna 19
Validation Approach 1.PLAN Validation Activities 2.DEFINE Requirements 3. SELECT Vendors 4.DESIGN AND REVIEW 5. CONSTRUCT AND TEST 6.INSTALL 7.QUALIFY 8.EVALUATE Computerized System Prepared by: G. Jaya krishna 20
GAMP CATEGORY Prepared by: G. Jaya krishna 21
GAMP Categories  The GAMP categories were originally introduced to provide an initial assessment as to the validation requirements / deliverables, In GAMP 4 there were five software categories. These have been revised in GAMP5 to four categories as detailed below:  Category 1 – Infrastructure software including operating systems, Database Managers, etc.  Category 3 – Non configurable software including, commercial off the shelf software (COTS), Laboratory Instruments / Software.  Category 4 – Configured software including, LIMS, SCADA, DCS, CDS, etc.  Category 5 – Bespoke/Tailor-made software Prepared by: G. Jaya krishna 22
Validation Deliverables based on GAMP Categories Prepared by: G. Jaya krishna 23 Software Category Validation Deliverables IRA URS SA VP FS/FRS FRA CS/DS IQ OQ PQ RTM VSR Category 1   - - - - -  - - - - Category 3   -  - - -      Category 4             Category 5            
Validation deliverables : 1. Initial Risk Assessment (IRA) or GxP Document 2. User Requirement Specification (URS) 3. Vendor Assessment / Supplier Assessment (VA / SA) 4. Functional Requirement Specification (FRS/FS) 5. Configuration / Design Specification (CS / DS) / Design Qualification (DQ) – ( Hard ware, Server, Infra Structure details) 6. Validation Plan (VP) 7. Factory Acceptance Test (FAT) 8. Site Acceptance Test (SAT) 9. Functional Risk Assessment (FRA) Prepared by: G. Jaya krishna 24
10. Installation Qualification (IQ) 11. Operational Qualification (OQ) 12. Performance Qualification (PQ) 13. Traceability Matrix (TM) 14. Validation Summary Report (VSR) 15. System Release Certificate or Software Release Note Prepared by: G. Jaya krishna 25
Specification and Qualification Relationships V- Life Cycle Model URS FRS DS VP System Build VSR PQ OQ IQ Verifies Verifies Verifies IRA /GxP Prepared by: G. Jaya krishna 26
THE VALIDATION PROCESS Consists of five specific processes Validation Master Plan Project Plan Installation Qualification Operational Qualification Performance Qualification Prepared by: G. Jaya krishna 27
Data Integrity: Def: The Extent to which the data is complete, correct and accurate is Called Data Integrity . (First used by Stan Woollen) Acronym: ALCOA ++ A – Attributable L – Legible C – Contemporaneous O – Original A – Accurate Complete Correct Enduring Available Prepared by: G. Jaya krishna 28
Data Integrity: Attributable The Identity of the person completing a record (Who, When, Why) Legible The data is readable, Understandable, Traceable, Permanent allowing for a clear picture of the activities that occurred Contemporaneous The data is recorded at the time it is generated or observed (No Back dating) Original Original Records must preserve data accuracy, completeness, content and meaning. Data as the file or format in which it was initially generated Accurate The data record must be accurate whether paper or electronic, it must be exact, true and free from error (this might require a second verification if necessary) Prepared by: G. Jaya krishna 29
Cont.. Consistent Consistent application of date and time stamps in the expected sequence. Complete All Information needs to be maintained. Batch pass-fail, Re- analyses carried out. (OOS, OOT) Enduring Medium used to record data should be permanent and not temporary memory RAM. Available Available/Accessible for review / audit for the life time of the record. Prepared by: G. Jaya krishna 30
Common ALCOA ++ Issues  Common Passwords / Passwords sharing  Authority Control  User Privileges – Lack of role based access control  Laboratories have failed to implement to controls over data and unauthorized access  Data Backup and Restoration  Audit Trail – No audit trail function or Disabled audit trail function  Manipulation of Date/Time stamps & Backdating Prepared by: G. Jaya krishna 31
Data Integrity: Violation of 21 CRR Part 211 is also termed as Data Integrity  Part 211.68 (C) states that the automated equipment used for performance must satisfy the requirements of an operation by one person & checking by another person. (Two level check should be there)  Part 211.100 and 211.160 require that certain activities be documented at the time of performance & that laboratory controls be scientifically sound (Contemporaneous)  Part 211.188, 211.194 require complete information-data-records derived from all tests performed. (Complete)  Part 211.180 requires true copies or other accurate reproductions of the original records. (Accurate) Prepared by: G. Jaya krishna 32
EU Annex-11  Annex 11 is part of the European GMP Guidelines and defines the terms of reference for computerized systems used by organizations in the pharmaceutical industry.  Applies to all forms of computerized systems used as part of a GMP regulated activities.  A computerized system is a set of software and hardware components which together fulfil certain functionalities.  The application should be validated.  IT infrastructure should be qualified.  Where a computerized system replaces a manual operations, there should be to resultant decrease in product quality assurance.  There should be no increases in the overall risk of the process. Prepared by: G. Jaya krishna 33
EU Annex-11 1 Risk Management 2 Personnel 3 Suppliers and Service Providers 4 Validation 5 Data 6 Accuracy Checks 7 Data Storage 8 Printouts 9 Audit Trails 10 Change and Configuration Management 11 Periodic Evaluation 12 Security 13 Incident Management 14 Electronic Signatures 15 Batch Release 16 Business Continuity 17 Archiving Prepared by: G. Jaya krishna 34
EU Annex-11- Overview  All the personnel should have appropriate qualifications, level of access and defined responsibilities to carry out their assigned duties and there should be close cooperation among the individuals  Risk management should be applied through out the life lifecycle of the computerized by considering patient safety, data integrity and product quality  For critical data entered manually, there should be an additional check on the accuracy of the data.  Consideration should be given based on risk assessment, to building into the creation of a record of all GMP relevant changes and deletions and reason for change shall be captured  Integrity and accuracy of backup data and the ability to restore the data should be checked during the validation and monitored periodically Prepared by: G. Jaya krishna 35
EU Annex-11- Overview  The extent of security controls depends on the criticality of the computerized system  Physical or logical controls should restrict access to computerized system to authorized persons  When a computerized system is used for recording certification and batch release, the system should allow only authorized persons to certify the release of batches  All incidents, not only system failures and data errors should be reported and assessed  The root cause of a critical incident should be identified and should form the basis of corrective and preventive actions Prepared by: G. Jaya krishna 36
EU Annex-11- Overview  Any changes to a computerized system, including system configurations should only be made in a controlled manner in accordance with a defined procedure  For the availability of computerized systems supporting critical processes, provisions should be made to ensure continuity of support for those processes in the event of a system breakdown  Computerized systems should be periodically evaluated to confirm that they remain in a valid state and are compliant with GMP and such evolutions include Deviation, Upgrade, Security and Validation status reports  When third parties are used, formal agreements must exist between the parties and these agreements should include clear statements of the responsibilities of the third party Prepared by: G. Jaya krishna 37
EU Annex-11- Overview  The Validation documentation and reports should cover the relevant steps of the life cycle.  Should be able to justify standards, protocols, acceptance criteria, procedures and records based on the risk assessment.  User Requirements Specifications should describe the required functions of the computerized system and be based on documented risk assessment and GMP impact.  User requirements should be traceable throughout the life-cycle.  For critical systems an up-to-date system description detailing the physical and logical arrangements, data flow and interfaces with other systems or processes, any hardware and software pre-requisites and security measures should be available.  The regulated user should take all reasonable steps to ensure that the system has been developed in accordance with an appropriate Quality Management System. Prepared by: G. Jaya krishna 38
EU Annex-11- Overview  Documentation supplied with Commercial-off-the-shelf products should be reviewed by regulated users to check that user requirements are fulfilled.  Evidence of appropriate test methods and test scenarios should be demonstrated. Particularly, system parameter limits, data limits and error handling should be considered.  Validation documentation should include Change Control records and reports on any deviations observed during the validation process.  If data are transferred to another data format or system, validation should include checks that data are not altered in value and/or meaning during this migration process.  Computerized systems exchange data electronically with other systems should include appropriate built-in checks for the correct and secure entry and processing of data, in order to minimize the risks. Prepared by: G. Jaya krishna 39
21 CFR Part 11-Background  21 CFR Part 11 is a law that ensures companies implement good business practices.  21 CFR (Code of Federal Regulations) Part 11 has defined by the US FDA regulations that set forth the criteria applies to electronic records and electronic signatures that persons create, modify, maintain, archive, retrieve, or transmit under any records or signature requirement set forth in the Federal Food, Drug, and Cosmetic Act, the Public Health Service Act, or any FDA regulation  Part 11 allows a company to implement computer systems that will greatly increase the efficiency of individuals, reduce errors by identifying risks, and increase overall productivity of the company.  In March 1997, FDA issued final Part 11 regulations that provide criteria for acceptance by FDA, under certain circumstances, of electronic records, electronic signatures, and handwritten signatures executed to electronic records as equivalent to paper records and handwritten signatures executed on paper. Prepared by: G. Jaya krishna 40
21 CFR Part 11-Background  Electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules.  These regulations, which apply to all FDA program areas, were intended to permit the widest possible use of electronic technology, compatible with FDA's responsibility to protect the public health.  Part 11 signatures include electronic signatures that are used, for example, to document the fact that certain events or actions occurred in accordance with the predicate rule (e.g. approved, reviewed, and verified). Prepared by: G. Jaya krishna 41
21 CFR Part 11-ERES Contents  Subpart A: General Provisions • 11.1 Scope • 11.2 Implementation • 11.3 Definitions  Subpart B. Electronic Records • 11.10 Controls for Closed Systems • 11.30 Controls for Open Systems • 11.50 Signature Manifestations • 11.70 Signature/Record Linking  Subpart C: Electronic Signatures • 11.100 General Requirements • 11.200 (a) Controls and Components for Non-Biometrics • 11.200 (b) Controls and Components for Biometrics • 11.300 Identification of Codes and Passwords Prepared by: G. Jaya krishna 42
21 CFR Part 11-Overview  Validation of systems to ensure accuracy, reliability, consistent, intended performance and the ability to discern invalid or altered records  The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for review, inspection  Protection of records to enable their accurate and ready retrieval throughout the records retention period  Limiting system access to authorized individuals. Unique combination of user name and password  Use of secure, computer-generated, time-stamped audit trails to independently record the date & time of operator entries and actions that create, modify or delete electronic records  Use of operational system checks to enforce permitted sequencing of steps & events as appropriate Prepared by: G. Jaya krishna 43
21 CFR Part 11-Overview  Authorized individuals can only use the system and can electronically sign a record  The persons who develop. Maintain, use ER/ES systems shall have the Education, Training and Experience to perform their assigned tasks  The individuals are accountable and responsible for the actions initiated under their electronic signatures  Signature Manifestation it must have Date and time, complete name of signer and Meaning of signature  Each Electronic signature shall be unique to one individual and shall not be reused, reassigned to anyone other than the original user  Should verify the identity of an individual before assigning Electronic signature Prepared by: G. Jaya krishna 44
21 CFR Part 11-Overview  The electronic signatures are intended to be the legally binding equivalent of traditional handwritten signatures  Electronic signature not based on biometrics shall have two distinguished components such as Identification code (user name) and password and their combination should be unique (No two individuals can have the same combination)  Procedures shall be in place for Password periodic checking, De-authorization of passwords, invalid attempts.  System shall lockout on consecutive unsuccessful attempts (Invalid attempts)  System shall have auto logout provision Prepared by: G. Jaya krishna 45
G. Jaya Krishna 46

Recommended

Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
Eric Silva
 
computer system validation
computer system validationcomputer system validation
computer system validation
Gopal Patel
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 new
Kalpeshkumar Vaghela
 
Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics
Anand Pandya
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_final
Duy Tan Geek
 
Computer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanComputer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master Plan
Wolfgang Kuchinke
 
Gamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash raGamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash ra
JAYA PRAKASH VELUCHURI
 
21 cfr part 11 basic
21 cfr part 11 basic21 cfr part 11 basic
21 cfr part 11 basic
Bhagwatsonwane
 

Recommended

Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
Eric Silva
 
computer system validation
computer system validationcomputer system validation
computer system validation
Gopal Patel
 
Gamp5 new
Gamp5 newGamp5 new
Gamp5 new
Kalpeshkumar Vaghela
 
Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics Computerized System Validation : Understanding basics
Computerized System Validation : Understanding basics
Anand Pandya
 
Computerized system validation_final
Computerized system validation_finalComputerized system validation_final
Computerized system validation_final
Duy Tan Geek
 
Computer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master PlanComputer System Validation - The Validation Master Plan
Computer System Validation - The Validation Master Plan
Wolfgang Kuchinke
 
Gamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash raGamp 5 overview by jaya prakash ra
Gamp 5 overview by jaya prakash ra
JAYA PRAKASH VELUCHURI
 
21 cfr part 11 basic
21 cfr part 11 basic21 cfr part 11 basic
21 cfr part 11 basic
Bhagwatsonwane
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
chitralekha48
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSV
Anil Sharma
 
Computer system validations
Computer system validations Computer system validations
Computer system validations
Saikiran Koyalkar
 
Computerized System Validation-basics
Computerized System Validation-basicsComputerized System Validation-basics
Computerized System Validation-basics
JayaKrishna161
 
Computer system validations
Computer system validationsComputer system validations
Computer system validations
Amruta Balekundri
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validation
Nilesh Damale
 
Cfr 21 part 11
Cfr 21 part 11 Cfr 21 part 11
Cfr 21 part 11
Ashish Chaudhari
 
Computerized system validation
Computerized system validationComputerized system validation
Computerized system validation
Devipriya Viswambharan
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
GMP EDUCATION : Not for Profit Organization
 
Annual product reviews
Annual product reviewsAnnual product reviews
Annual product reviews
Syed Shakeeb
 
21 cfr part 11
21 cfr part 1121 cfr part 11
21 cfr part 11
Rohit K.
 
Good Automated Manufacturing Practices
Good Automated Manufacturing PracticesGood Automated Manufacturing Practices
Good Automated Manufacturing Practices
Prashant Tomar
 
Computer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazadeComputer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazade
Mahesh B. Wazade
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence Solutions
Digital-360
 
Audits in pharma industries
Audits in pharma industriesAudits in pharma industries
Audits in pharma industries
Nikita Amane
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To Validation
Rajendra Sadare
 
Computer system validation
Computer system validation Computer system validation
Computer system validation
ShameerAbid
 
Cleaning validation
Cleaning validationCleaning validation
Cleaning validation
RavichandraNadagouda
 
Csv concepts
Csv conceptsCsv concepts
Csv concepts
Alok Khuntia
 
21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliance21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliance
deepak mishra
 
Computerized systems-validation-csv-in-biopharmaceutical-industries
Computerized systems-validation-csv-in-biopharmaceutical-industriesComputerized systems-validation-csv-in-biopharmaceutical-industries
Computerized systems-validation-csv-in-biopharmaceutical-industries
Ahmed Hasham
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Greenlight Guru
 

More Related Content

What's hot

Cleaning validation
Cleaning validationCleaning validation
Cleaning validation
RavichandraNadagouda
 

What's hot (20)

Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
 
Overview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSVOverview on “Computer System Validation” CSV
Overview on “Computer System Validation” CSV
 
Computer system validations
Computer system validations Computer system validations
Computer system validations
 
Computerized System Validation-basics
Computerized System Validation-basicsComputerized System Validation-basics
Computerized System Validation-basics
 
Computer system validations
Computer system validationsComputer system validations
Computer system validations
 
Overview of computer system validation
Overview of computer system validationOverview of computer system validation
Overview of computer system validation
 
Cfr 21 part 11
Cfr 21 part 11 Cfr 21 part 11
Cfr 21 part 11
 
Computerized system validation
Computerized system validationComputerized system validation
Computerized system validation
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
 
Annual product reviews
Annual product reviewsAnnual product reviews
Annual product reviews
 
21 cfr part 11
21 cfr part 1121 cfr part 11
21 cfr part 11
 
Good Automated Manufacturing Practices
Good Automated Manufacturing PracticesGood Automated Manufacturing Practices
Good Automated Manufacturing Practices
 
Computer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazadeComputer system validation review article by-mahesh b wazade
Computer system validation review article by-mahesh b wazade
 
Computerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence SolutionsComputerized System Validation Business Intelligence Solutions
Computerized System Validation Business Intelligence Solutions
 
Audits in pharma industries
Audits in pharma industriesAudits in pharma industries
Audits in pharma industries
 
Gamp Riskbased Approch To Validation
Gamp Riskbased Approch To ValidationGamp Riskbased Approch To Validation
Gamp Riskbased Approch To Validation
 
Computer system validation
Computer system validation Computer system validation
Computer system validation
 
Cleaning validation
Cleaning validationCleaning validation
Cleaning validation
 
Csv concepts
Csv conceptsCsv concepts
Csv concepts
 
21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliance21 cfr part 11 an approach towards compliance
21 cfr part 11 an approach towards compliance
 

Similar to CSV - Computer System Validation

Computerized systems-validation-csv-in-biopharmaceutical-industries
Computerized systems-validation-csv-in-biopharmaceutical-industriesComputerized systems-validation-csv-in-biopharmaceutical-industries
Computerized systems-validation-csv-in-biopharmaceutical-industries
Ahmed Hasham
 
FDA software compliance 2016
FDA software compliance 2016FDA software compliance 2016
FDA software compliance 2016
Engineering Software Lab
 

Similar to CSV - Computer System Validation (20)

Computerized systems-validation-csv-in-biopharmaceutical-industries
Computerized systems-validation-csv-in-biopharmaceutical-industriesComputerized systems-validation-csv-in-biopharmaceutical-industries
Computerized systems-validation-csv-in-biopharmaceutical-industries
 
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft GuidanceComputer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
Computer Software Assurance (CSA): Understanding the FDA’s New Draft Guidance
 
Risk assessment for computer system validation
Risk assessment for computer system validationRisk assessment for computer system validation
Risk assessment for computer system validation
 
RSPL Brochure
RSPL BrochureRSPL Brochure
RSPL Brochure
 
Computerized system validation
Computerized system validationComputerized system validation
Computerized system validation
 
A GAMP Approach to Data Integrity, Electronic Records & Signatures & Operati...
A GAMP Approach to Data Integrity, Electronic Records & Signatures & Operati...A GAMP Approach to Data Integrity, Electronic Records & Signatures & Operati...
A GAMP Approach to Data Integrity, Electronic Records & Signatures & Operati...
 
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROsWebinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
Webinar: How to Ace Your SaaS-based EDC System Validation for Sponsors and CROs
 
Computerized system validation (CSV) as a requirement for good manufacturing ...
Computerized system validation (CSV) as a requirement for good manufacturing ...Computerized system validation (CSV) as a requirement for good manufacturing ...
Computerized system validation (CSV) as a requirement for good manufacturing ...
 
Capa ‘Bellwether’
Capa ‘Bellwether’Capa ‘Bellwether’
Capa ‘Bellwether’
 
Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_study
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
 
Risk Based Approach CSV Training_Katalyst HLS
Risk Based Approach CSV Training_Katalyst HLSRisk Based Approach CSV Training_Katalyst HLS
Risk Based Approach CSV Training_Katalyst HLS
 
FDA software compliance 2016
FDA software compliance 2016FDA software compliance 2016
FDA software compliance 2016
 
Introduction to validation
Introduction to validationIntroduction to validation
Introduction to validation
 
Epitome Corporate PPT
Epitome Corporate PPTEpitome Corporate PPT
Epitome Corporate PPT
 
Validation and part 11 compliance of computer systems and data
Validation and part 11 compliance of computer systems and dataValidation and part 11 compliance of computer systems and data
Validation and part 11 compliance of computer systems and data
 
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validationXybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
 
Ingenico Technologies _ppt
Ingenico Technologies _pptIngenico Technologies _ppt
Ingenico Technologies _ppt
 
Validation
ValidationValidation
Validation
 
Maintrack Sales Sheet
Maintrack Sales SheetMaintrack Sales Sheet
Maintrack Sales Sheet
 

Recently uploaded

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 

Recently uploaded (20)

%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 

CSV - Computer System Validation

  • 1. COMPUTERIZED SYSTEM VALIDATION Prepared by: Jaya Krishna Gude M.S. (Pharm.), NIPER. +91-7981145133 1
  • 2. Flow of Presentation  Importance of CSV  Introduction to CSV  GAMP5  Data Integrity  Part 11 and Annex 11 Prepared by: G. Jaya krishna 2
  • 3. Why to focus more on CSV?  Everything was going well before FDA and other regulatory agency started focusing in Data Integrity  Everything in Human life and Pharma industry is about Integrity.  In 2016, data integrity issues triggered more than one third of all regulatory actions  US FDA took maximum actions against china, India led the pack when it came to non-compliance reports issues by EU Regulators.  European Operations of Major Drug companies like GSK, Otuska, Teva were found to have serious Non-compliance concerns. Prepared by: G. Jaya krishna 3
  • 4. Cont..  Everything was going well before FDA and other regulatory agency started focusing in Data Integrity  Everything in Human life and Pharma industry is about Integrity.  In 2016, data integrity issues triggered more than one third of all regulatory actions  US FDA took maximum actions against china, India led the pack when it came to non-compliance reports issues by EU Regulators.  European Operations of Major Drug companies like GSK, Otuska, Teva were found to have serious Non-compliance concerns. Prepared by: G. Jaya krishna 4
  • 5. Cont..  In Teva’s Hungary Plant, US FDA Auditors found Quality Related documents in a waste bin and also found that lack of controls to prevent analysts from deleting data for the stand alone systems.  In the UK, GSKs API plant recalled more than 425,000 Bacroban antibiotic products after receiving a stern warning letter from FDA Regulators in july 2016 for Cross Contamination.  Failure to take corrective action in a timely manner can result in shutting down manufacturing facilities , consent decrees, and stiff financial penalties.  The ultimate result could be loss of jobs and companies suffering economic instabilities resulting in downsizing and possibly eventual bankruptcy. Prepared by: G. Jaya krishna 5
  • 6. Cost of Non-Compliance  Cost of Non-compliance is 1000 times higher then the cost of compliance  Poor Record Integrity/ GxP Non-compliance will result in  FDA – 483 Observation (WL)  Import Alert  Consent Decrease  Criminal Prosecution  In the case of Serious Deficiencies/Critical Findings actions may need to be taken by inspectorate and EU authorities:  Prohibition of Supply  Batches withdrawn from the EU Market  Refusal of the granting of a marketing Authorization Prepared by: G. Jaya krishna 6
  • 7. What is Validation ??  Establishing Documented Evidence that a provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specifications and quality attributes  Qualification is an act or process to assure something complies with some condition, standard or specific requirements  “We qualify a system and/or equipment and we validate a process”  Ex: “You will qualify an autoclave, where as you validate the sterilization process”  The term qualification is normally used for equipment, utilities and systems, and validation for process Prepared by: G. Jaya krishna 7
  • 8. Why to perform Validation ??  Validation is predicate rule, hence it is mandatory to perform Computerized system validation  According to 21 CFR Part 820.70 (i) – When computers or automated data processing systems are used as part of production or the quality systems, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities and results shall be documented Prepared by: G. Jaya krishna 8
  • 9. Purpose of Validation  To prove that we did validation right and system works as intended, identify any bugs by challenging the system. It increases the confidence level  The personnel involved in the validation are may no longer with the company to explain to the auditors. Proof of good validation should be maintained till retention (Documentation is most critical and has to be self explanatory) Which Systems needs Validation:  All Automated Systems, Computer System which is used to Store, Monitor or Control GXP Operation and Data needs validation. If system is controlled by the computer – PLC and it is storing electronic data and electronic signature more detailed validation needed.  Reduces risk and legal liability, Having the evidence that computer systems are correct for their purpose and operating properly represents a good business practice. Prepared by: G. Jaya krishna 9
  • 10. Computerized System Validation  A Computerized system consists of the Software, Hardware and the networking components, Personnel together with the controlled functions and the associated documentation  According to the Regulatory guidelines Computerized system validation is stated as “ESTABLISHING DOCUMENT EVIDENCE.”  Ex: Automated manufacturing equipment, Quality control systems , equipment, laboratory, clinical (or) manufacturing data base systems. Prepared by: G. Jaya krishna 10
  • 11. In general , a combination of hardware, software , people , documents, inputs, processing and outputs working together software Hardware Controlling process Equipment Operating Procedures and Documentation People and Training COMPUTER SYSTEM Prepared by: G. Jaya krishna 11
  • 12. Computerized System Vs Computer System  Computerized System: Any programmable device having hardware, peripherals, software, procedures, users, interconnections and inputs for electronic processing & output of information Used for reporting or control  Computer System: A computer system is a set of integrated devices that input, output, process, and store data and information. Computer systems are currently built around at least one digital processing device. There are five main hardware components in a computer system: Input, Processing, Storage, Output and Communication devices. Prepared by: G. Jaya krishna 12
  • 13. Types of Validation:  If data are transferred to another data format or system , validation should include checks that data are not altered in value and / or meaning during this migration process. E.g. Paper based reports, Screen shots, Video etc….  Prospective Validation – The validation of a new system as it is developed or The Validation conducted prior to the distribution of either a new product or product made under a revised manufacturing process  Retrospective Validation – The process of evaluating a computer system currently in operation against standard validation practices and procedures. The evaluation determines the reliability, accuracy, and completeness of a system (existing system)  Concurrent Validation – Validation Simultaneously with Production Prepared by: G. Jaya krishna 13
  • 14. 4Q Validation Overview (Traditional Method)  Design Qualification (DQ) – Documented evidence that the design of the system meets requirements  Installation Qualification (IQ) – System has been installed correctly  Operational Qualification (OQ) – System Operates according to the design  Performance Qualification (PQ) – System meets design criteria and operates according to requirement Prepared by: G. Jaya krishna 14
  • 15. GAMP5  Good Automated Manufacturing Practice, Founded in 1991. International Society for Pharmaceutical Engineering (ISPE) sets the guidelines for manufacturers and the current Version is GAMP 5.  GAMP describes a set of principles and procedures that help ensure that pharmaceutical Software have required quality.  Computer system validation (CSV) following GAMP guidelines require users and suppliers to work together so that responsibilities regarding the validation process are understood. Prepared by: G. Jaya krishna 15
  • 16. Why GAMP 5? •Facilitates the interpretation of regulatory requirements. •Establishes a common language and terminology. •Promotes a system life cycle approach based on good practice. •Clarifies roles and responsibilities. •Focus attention on those computerized systems with most impact on patient safety, product quality, and data integrity •Avoid duplication of activities. Prepared by: G. Jaya krishna 16
  • 17. GAMP5 Key Concepts:  Product and Process understanding  Life cycle approach with in a QMS  Scalable Life Cycle Activities  Science-based Quality Risk Management  Leveraging Supplier Involvement Prepared by: G. Jaya krishna 17
  • 18. Who plays validation role?  QA and Validation:  Author some major documents  Provide advice , training , auditing  Senior management for each group decides :  Which systems to buy or build  How much resources to make available  What risks are acceptable  Support groups (IT Infrastructures):  Maintain proper network environment  Troubleshooting and maintenance  Desktop and infrastructure control Prepared by: G. Jaya krishna 18
  • 19. Validation overview / Computerized system life cycle:  Concept - During the concept phase the regulated company considers opportunities to automate one or more business processes based upon business and benefits. At this phase, initial requirements will be developed and potential solutions considered. From an initial understanding of scope, costs and benefits a decision is made on whether to proceed to the project phase.  Project - The project phase involves planning, supplier assessment and selection, various levels of specification, configuration and verification leading to acceptance and release for operation. Risk management is applied to identify risks and to remove or reduce them to an acceptable level.  Operation - This phase is the longest phase and is managed by the use of defined, up to date, operational procedures applied by personnel who have appropriate training, education, and experience. Maintaining control (Including Security), fitness for intended use and compliance are key aspects. The management of changes of different impact, scope and complexity is an important activity during this phase.  Retirement - The final phase is the ultimate retirement of the system. It involves decisions about data retention, migration or destruction and the management of these processes. Prepared by: G. Jaya krishna 19
  • 20. Validation Approach 1.PLAN Validation Activities 2.DEFINE Requirements 3. SELECT Vendors 4.DESIGN AND REVIEW 5. CONSTRUCT AND TEST 6.INSTALL 7.QUALIFY 8.EVALUATE Computerized System Prepared by: G. Jaya krishna 20
  • 21. GAMP CATEGORY Prepared by: G. Jaya krishna 21
  • 22. GAMP Categories  The GAMP categories were originally introduced to provide an initial assessment as to the validation requirements / deliverables, In GAMP 4 there were five software categories. These have been revised in GAMP5 to four categories as detailed below:  Category 1 – Infrastructure software including operating systems, Database Managers, etc.  Category 3 – Non configurable software including, commercial off the shelf software (COTS), Laboratory Instruments / Software.  Category 4 – Configured software including, LIMS, SCADA, DCS, CDS, etc.  Category 5 – Bespoke/Tailor-made software Prepared by: G. Jaya krishna 22
  • 23. Validation Deliverables based on GAMP Categories Prepared by: G. Jaya krishna 23 Software Category Validation Deliverables IRA URS SA VP FS/FRS FRA CS/DS IQ OQ PQ RTM VSR Category 1   - - - - -  - - - - Category 3   -  - - -      Category 4             Category 5            
  • 24. Validation deliverables : 1. Initial Risk Assessment (IRA) or GxP Document 2. User Requirement Specification (URS) 3. Vendor Assessment / Supplier Assessment (VA / SA) 4. Functional Requirement Specification (FRS/FS) 5. Configuration / Design Specification (CS / DS) / Design Qualification (DQ) – ( Hard ware, Server, Infra Structure details) 6. Validation Plan (VP) 7. Factory Acceptance Test (FAT) 8. Site Acceptance Test (SAT) 9. Functional Risk Assessment (FRA) Prepared by: G. Jaya krishna 24
  • 25. 10. Installation Qualification (IQ) 11. Operational Qualification (OQ) 12. Performance Qualification (PQ) 13. Traceability Matrix (TM) 14. Validation Summary Report (VSR) 15. System Release Certificate or Software Release Note Prepared by: G. Jaya krishna 25
  • 26. Specification and Qualification Relationships V- Life Cycle Model URS FRS DS VP System Build VSR PQ OQ IQ Verifies Verifies Verifies IRA /GxP Prepared by: G. Jaya krishna 26
  • 27. THE VALIDATION PROCESS Consists of five specific processes Validation Master Plan Project Plan Installation Qualification Operational Qualification Performance Qualification Prepared by: G. Jaya krishna 27
  • 28. Data Integrity: Def: The Extent to which the data is complete, correct and accurate is Called Data Integrity . (First used by Stan Woollen) Acronym: ALCOA ++ A – Attributable L – Legible C – Contemporaneous O – Original A – Accurate Complete Correct Enduring Available Prepared by: G. Jaya krishna 28
  • 29. Data Integrity: Attributable The Identity of the person completing a record (Who, When, Why) Legible The data is readable, Understandable, Traceable, Permanent allowing for a clear picture of the activities that occurred Contemporaneous The data is recorded at the time it is generated or observed (No Back dating) Original Original Records must preserve data accuracy, completeness, content and meaning. Data as the file or format in which it was initially generated Accurate The data record must be accurate whether paper or electronic, it must be exact, true and free from error (this might require a second verification if necessary) Prepared by: G. Jaya krishna 29
  • 30. Cont.. Consistent Consistent application of date and time stamps in the expected sequence. Complete All Information needs to be maintained. Batch pass-fail, Re- analyses carried out. (OOS, OOT) Enduring Medium used to record data should be permanent and not temporary memory RAM. Available Available/Accessible for review / audit for the life time of the record. Prepared by: G. Jaya krishna 30
  • 31. Common ALCOA ++ Issues  Common Passwords / Passwords sharing  Authority Control  User Privileges – Lack of role based access control  Laboratories have failed to implement to controls over data and unauthorized access  Data Backup and Restoration  Audit Trail – No audit trail function or Disabled audit trail function  Manipulation of Date/Time stamps & Backdating Prepared by: G. Jaya krishna 31
  • 32. Data Integrity: Violation of 21 CRR Part 211 is also termed as Data Integrity  Part 211.68 (C) states that the automated equipment used for performance must satisfy the requirements of an operation by one person & checking by another person. (Two level check should be there)  Part 211.100 and 211.160 require that certain activities be documented at the time of performance & that laboratory controls be scientifically sound (Contemporaneous)  Part 211.188, 211.194 require complete information-data-records derived from all tests performed. (Complete)  Part 211.180 requires true copies or other accurate reproductions of the original records. (Accurate) Prepared by: G. Jaya krishna 32
  • 33. EU Annex-11  Annex 11 is part of the European GMP Guidelines and defines the terms of reference for computerized systems used by organizations in the pharmaceutical industry.  Applies to all forms of computerized systems used as part of a GMP regulated activities.  A computerized system is a set of software and hardware components which together fulfil certain functionalities.  The application should be validated.  IT infrastructure should be qualified.  Where a computerized system replaces a manual operations, there should be to resultant decrease in product quality assurance.  There should be no increases in the overall risk of the process. Prepared by: G. Jaya krishna 33
  • 34. EU Annex-11 1 Risk Management 2 Personnel 3 Suppliers and Service Providers 4 Validation 5 Data 6 Accuracy Checks 7 Data Storage 8 Printouts 9 Audit Trails 10 Change and Configuration Management 11 Periodic Evaluation 12 Security 13 Incident Management 14 Electronic Signatures 15 Batch Release 16 Business Continuity 17 Archiving Prepared by: G. Jaya krishna 34
  • 35. EU Annex-11- Overview  All the personnel should have appropriate qualifications, level of access and defined responsibilities to carry out their assigned duties and there should be close cooperation among the individuals  Risk management should be applied through out the life lifecycle of the computerized by considering patient safety, data integrity and product quality  For critical data entered manually, there should be an additional check on the accuracy of the data.  Consideration should be given based on risk assessment, to building into the creation of a record of all GMP relevant changes and deletions and reason for change shall be captured  Integrity and accuracy of backup data and the ability to restore the data should be checked during the validation and monitored periodically Prepared by: G. Jaya krishna 35
  • 36. EU Annex-11- Overview  The extent of security controls depends on the criticality of the computerized system  Physical or logical controls should restrict access to computerized system to authorized persons  When a computerized system is used for recording certification and batch release, the system should allow only authorized persons to certify the release of batches  All incidents, not only system failures and data errors should be reported and assessed  The root cause of a critical incident should be identified and should form the basis of corrective and preventive actions Prepared by: G. Jaya krishna 36
  • 37. EU Annex-11- Overview  Any changes to a computerized system, including system configurations should only be made in a controlled manner in accordance with a defined procedure  For the availability of computerized systems supporting critical processes, provisions should be made to ensure continuity of support for those processes in the event of a system breakdown  Computerized systems should be periodically evaluated to confirm that they remain in a valid state and are compliant with GMP and such evolutions include Deviation, Upgrade, Security and Validation status reports  When third parties are used, formal agreements must exist between the parties and these agreements should include clear statements of the responsibilities of the third party Prepared by: G. Jaya krishna 37
  • 38. EU Annex-11- Overview  The Validation documentation and reports should cover the relevant steps of the life cycle.  Should be able to justify standards, protocols, acceptance criteria, procedures and records based on the risk assessment.  User Requirements Specifications should describe the required functions of the computerized system and be based on documented risk assessment and GMP impact.  User requirements should be traceable throughout the life-cycle.  For critical systems an up-to-date system description detailing the physical and logical arrangements, data flow and interfaces with other systems or processes, any hardware and software pre-requisites and security measures should be available.  The regulated user should take all reasonable steps to ensure that the system has been developed in accordance with an appropriate Quality Management System. Prepared by: G. Jaya krishna 38
  • 39. EU Annex-11- Overview  Documentation supplied with Commercial-off-the-shelf products should be reviewed by regulated users to check that user requirements are fulfilled.  Evidence of appropriate test methods and test scenarios should be demonstrated. Particularly, system parameter limits, data limits and error handling should be considered.  Validation documentation should include Change Control records and reports on any deviations observed during the validation process.  If data are transferred to another data format or system, validation should include checks that data are not altered in value and/or meaning during this migration process.  Computerized systems exchange data electronically with other systems should include appropriate built-in checks for the correct and secure entry and processing of data, in order to minimize the risks. Prepared by: G. Jaya krishna 39
  • 40. 21 CFR Part 11-Background  21 CFR Part 11 is a law that ensures companies implement good business practices.  21 CFR (Code of Federal Regulations) Part 11 has defined by the US FDA regulations that set forth the criteria applies to electronic records and electronic signatures that persons create, modify, maintain, archive, retrieve, or transmit under any records or signature requirement set forth in the Federal Food, Drug, and Cosmetic Act, the Public Health Service Act, or any FDA regulation  Part 11 allows a company to implement computer systems that will greatly increase the efficiency of individuals, reduce errors by identifying risks, and increase overall productivity of the company.  In March 1997, FDA issued final Part 11 regulations that provide criteria for acceptance by FDA, under certain circumstances, of electronic records, electronic signatures, and handwritten signatures executed to electronic records as equivalent to paper records and handwritten signatures executed on paper. Prepared by: G. Jaya krishna 40
  • 41. 21 CFR Part 11-Background  Electronic signatures that are intended to be the equivalent of handwritten signatures, initials, and other general signings required by predicate rules.  These regulations, which apply to all FDA program areas, were intended to permit the widest possible use of electronic technology, compatible with FDA's responsibility to protect the public health.  Part 11 signatures include electronic signatures that are used, for example, to document the fact that certain events or actions occurred in accordance with the predicate rule (e.g. approved, reviewed, and verified). Prepared by: G. Jaya krishna 41
  • 42. 21 CFR Part 11-ERES Contents  Subpart A: General Provisions • 11.1 Scope • 11.2 Implementation • 11.3 Definitions  Subpart B. Electronic Records • 11.10 Controls for Closed Systems • 11.30 Controls for Open Systems • 11.50 Signature Manifestations • 11.70 Signature/Record Linking  Subpart C: Electronic Signatures • 11.100 General Requirements • 11.200 (a) Controls and Components for Non-Biometrics • 11.200 (b) Controls and Components for Biometrics • 11.300 Identification of Codes and Passwords Prepared by: G. Jaya krishna 42
  • 43. 21 CFR Part 11-Overview  Validation of systems to ensure accuracy, reliability, consistent, intended performance and the ability to discern invalid or altered records  The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for review, inspection  Protection of records to enable their accurate and ready retrieval throughout the records retention period  Limiting system access to authorized individuals. Unique combination of user name and password  Use of secure, computer-generated, time-stamped audit trails to independently record the date & time of operator entries and actions that create, modify or delete electronic records  Use of operational system checks to enforce permitted sequencing of steps & events as appropriate Prepared by: G. Jaya krishna 43
  • 44. 21 CFR Part 11-Overview  Authorized individuals can only use the system and can electronically sign a record  The persons who develop. Maintain, use ER/ES systems shall have the Education, Training and Experience to perform their assigned tasks  The individuals are accountable and responsible for the actions initiated under their electronic signatures  Signature Manifestation it must have Date and time, complete name of signer and Meaning of signature  Each Electronic signature shall be unique to one individual and shall not be reused, reassigned to anyone other than the original user  Should verify the identity of an individual before assigning Electronic signature Prepared by: G. Jaya krishna 44
  • 45. 21 CFR Part 11-Overview  The electronic signatures are intended to be the legally binding equivalent of traditional handwritten signatures  Electronic signature not based on biometrics shall have two distinguished components such as Identification code (user name) and password and their combination should be unique (No two individuals can have the same combination)  Procedures shall be in place for Password periodic checking, De-authorization of passwords, invalid attempts.  System shall lockout on consecutive unsuccessful attempts (Invalid attempts)  System shall have auto logout provision Prepared by: G. Jaya krishna 45