This document discusses the validation of legacy systems. It begins by defining a legacy system as one that is currently in use but no longer satisfies regulatory expectations. It then outlines common issues with legacy systems and relevant regulatory standards. The objectives of validating a legacy system are to ensure it properly supports processes and remains compliant. The benefits include assurance that the system is fit for purpose and enhances regulatory compliance. Finally, it presents a typical remediation process flow that includes scoping the system, gap and risk analyses, planning, specification, qualification, reporting, and maintaining the validated state.

1. Legacy Systems
Validation Strategy
18th Annual Validation Week
Philadelphia, October 2012
Yau Kai Wong
AD, QA Compliance & Validation
Novartis Pharma Corp.

2. Agenda
v What is Legacy System
v Issues with Legacy System
v Regulatory Standards
v Objective Benefits of Legacy
System Validation
v Remediation Process Flow
2

3. What is a legacy system?
v There is no formally accepted definition of
“Legacy System”
v GAMP Good Practice Guide (GPG) –
a Legacy System should be
considered to be an GxP relevant
system that is in place and in use,
and which is deemed not to satisfy
current regulatory expectations.
3

4. Issues Encountered with Legacy
System
v Ownership of system
v Validation package
v Security
v System functionality
v Data integrity
v Archiving of data
4

5. Regulatory Standard
v CFR – 21 CFR
v ICH – GMP
v Industry – ISPE, ASTM
v Corporate – Quality Manual, Policies,
SOPs,
5

6. Objective of Legacy System
Validation
v To ensure that the legacy system properly
supports the process
v To ensure that the legacy system has
been properly installed, is operated
correctly, and that procedures and
practices are in place to allow it to be
maintained in a state of control
throughout its useful life
v To provide a framework to
demonstrate regulatory
compliance
6

7. Objective of Legacy System
Validation
v To establish a complete set of system
documentation providing a precise definition of
the operating environment, functionality,
hardware and software, procedures and reference
manuals associated with the legacy system
v To provide indexes to the
documentation set (i.e. by the use
of traceability matrices for
documents and user
requirements)
7

8. Benefits of Legacy System
Validation
v Assurance that the system is fit for purpose
and relevant to the process that it supports,
from both a business perspective and a GxP
perspective
v Understand of the actions required
to achieve compliance with evolving
regulations, e.g. 21 CFR Part 11
v Enhance confidence in the
engineering of the legacy
system
8

9. Benefits of Legacy System
Validation
v Demonstration that users are
competent to operate the legacy
system to an appropriate level and are
provided with approval procedures
v Provision of a baseline from
which to manage change
control
v Potential to reduce system
maintenance costs
9

10. Remediation Process Flow
10

11. Typical Legacy System
Remediation Process
v Scope
v Gap analysis & risk Assessment
v Planning
v Specification
² Design
² Configuration Management
v Qualification
v Reporting
v Maintaining the
Validated State
11

12. Scope Phase
v A Master Plan, or equivalent document,
formally identifies the Legacy System
under review
² Reviewed and updated to ensure
that it includes all legacy systems
and references all legacy system
qualification activities
12

13. Gap Analysis & Risk Assessment
v Conduct gap analysis against industry
standard, ”V-model”, change control history
v Determine the difference between what is in
place and what is required to demonstrate the
system is in control
v Perform risk assessment to determine the
criticality of the system to the process
v Gap analysis and risk
assessment together will help
determine the qualification
strategy and remediation
priority
13

14. Planning Phase
v Established a Plan (e.g. RMP,
QMP, etc.)
² responsibilities
² priorities
² what activities will be undertaken to
qualify the system
14

15. Specification Phase
v User requirement - need to understand
in detail the business process or
production process the legacy system
supports
v Contains the up-to-date system
description covering hardware,
software, and the system environment
15

16. Qualification Phase
v Using the “V-model” as the framework
v Installation qualification
² Confirm compliance with the controlling
specifications and create new baseline
against which to manage ongoing change
control
v Operational qualification
² Demonstrate that the system works
across its expected operating ranges, and
challenge the critical areas
v Performance qualification
² May or may not needed
16

17. Reporting Phase
v Review the results and draw a
conclusion on the continued use of the
system
17

18. Operational Phase
v Ensure that the operational part of the
legacy system’s lifecycle is maintained in
its validated state
² Roles and responsibilities
² SOPs up-to-date
² Change control management
² Incident management
² Performance monitoring
² Configuration management
² Periodic review
² Record retention, archiving, and
retrieval
² Retirement
18