Risk Based Approach CSV Training_Katalyst HLS

Computerized System Validation –
Risk Based Approach
Katalyst Healthcares & Life Sciences
www.KatalystHLS.com
1

Regulatory Imperative of Data Integrity
The extent to which all data are complete, consistent and accurate
throughout the data lifecycle.
–
The completeness, consistency, and accuracy of data.
Why do they care DI ?
For electronic records to be trustworthy and reliable, the links
between raw data, metadata, and results must not be
compromised or broken. Without data integrity, it is not possible to
regenerate a previous result reliably
Control and Validation of Computerized Systems is Central
Katalyst HealthCares & Life Sciences
www.KatalystHLS.com

Audit approach to DI on Computerized Systems
Regulatory expectations are
set by:
1. Knowledge of Regulations
2. Guidance Documents
3. Experience (483, WL)
What are the GxP
Requirements?
(P11, A11 etc.)
What are the
Experiences?
What Guidance
is there?
Categorize regulations and Guidance into
ALCOA+ elements
Determine what Controls are necessary to
Establish / Demonstrate Data Integrity
www.KatalystHLS.com
3

What does the Guidance Say?
UK, US, WHO guidance is broadly equivalent, some
variations of coverage and terminology
Topic
• Definitions √ √ √
• Data Governance Strategy, Training, Whistle-Blower Policy/Practice √ √ √
• Design of Processes and Systems (locations/scribes) X √ √
• Raw Data, Meta Data, Original Records and True Copies Control √ √ √
• Control of QC Testing and Results √ X X
• Primary Records Control X √ X
• Control of Blank Forms (Paper records) √ X √
• Data Review (including Exclusion of Data and Audit Trail Review) √ √ √
• Data Retention – Archival, Backup Copies √ √ √
• Computerized System Validation and Electronic Record, Signatures √ √ √
• Audit Trail Requirements √ √ √
• Access Control √ √ √
• Data Integrity Issue Remediation Approach √ X √
www.KatalystHLS.com
4

Key Definitions
Term Regulatory Definitions
Data Information derived or obtained from raw data
Static Data Fixed-data document such as a paper record or an electronic image
Dynamic Data
Data with format that allows interaction between the user and the record
content
Raw Data
Original records and documentation, retained in the format in which they
were originally generated, or as a true copy
Metadata
The contextual information required to understand data. It is the data that
describe the attributes of other data, and provide context and meaning
Original record
Data as the file or format in which it was originally generated, preserving the
integrity (accuracy, completeness, content and meaning) of the record
True Copy
An exact verified copy of an original record
Electronic Data
Data recorded by direct entry into a Computerized System either by a digital
device or operator entry
Electronic Record Electronic Data that is used in lieu of paper cGxP records
Electronic
Signature
A system of operator authentication, adopted or authorized by an individual,
which is the legal equivalent of the individual’s handwritten signature for a
cGxP action or approval
www.KatalystHLS.com
5

FDA Warning Letters
Trends for Computerized System Warning Letters
Area 2012-2017 %
Validation 40 29
System Documentation 26 19
Data-related 21 15
Procedures 20 14
Lack of Controls 16 12
Access/Security 9 7
Incident/Change Mgmt. 3 2
Testing 2 1
Interface 1 1
Total 138 Letters 100%
www.KatalystHLS.com
6

1980 19901983 1986 1995 1997 2000 2003
Time
Computer
Validation
Directives
Device
2005 2006 2007 2011 2013
Time
Source
RBM
Use of Computerized Systems in the R&D & Manufacture of Drug Product
Impact of
Computerized
Systems
- GXP Operations: GMP,GLP,GCP,ES...
- Computerized Systems Component of Operations
FDA
Data &
EU
GMP
Annex
11
OECD
GLP
Archive
FDA
CSUCI
5/07
FDA
cGMP
9/06
FDA
PRO
Guide
Sarbanes
Oxley
(SOX)
HIPAA
Security
2005
GAMP5
Guide
FDA
SW Val.
Part
820
QMS
HIPAA
2003
PIC/S
Guide
Part 11
Scope
FDA
CSUCT
1999/2004
FDA
SW
Guide
Japan
&
UK
GLP
EU
GMP
Ax. 11
&GCP
Japan
GMP
OECD
GLP
ICH
GCP
FDA
Part
11
EC
94/95
Pvcy
FDA
Blue
Book
30 Years of CSV Guidelines & Regulations
www.KatalystHLS.com
7

GAMP’s Definition of a Computerized System
Computerized System
Operating Environment
(including other networks or standalone computerized systems,
other systems, media, people, equipment and procedures)
Computer System
(Controlling System)
(Controlled functions
or processes)
Software
Hardware
(Including firmware)
Operating
procedures
and people
Equipment
Pharmacovigilance
Breadth of Applicability of computerized Systems Validation
www.KatalystHLS.com
8

CSV - What are we trying to achieve?
“Establishing documented evidence which provides
a high degree of assurance that a computerized
system consistently performs according to
predetermined specifications and quality attributes”
Fit for intended function
Itistested-
rigorously
The testing is documented
The validation is maintained
throughout the system’s life cycle
Thesystem
isspecified
Testing verifies quality
acceptance criteria
www.KatalystHLS.com
9

Design - Processes and Systems
Systems / processes should be designed to
encourage / enforce ALCOA+
Physical
Arrangements
Computerized
Systems
Controls
•Access to clocks for recording timed events
•Accessibility of the records
•Control over blank paper templates for data recording
•Access to sampling points (e.g. water systems)
•Access to raw data for staff performing data checking
• User Account Management
•Automated data capture
•Proximity of printers to relevant activities
•Metadata as part of GxP Data
www.KatalystHLS.com
10

CSV – Life Cycle Approach
Category 5 Custom
Category 4
Configurable
Standard
Products
Category 3
Non-
Configurable
Standard
Product
Category 1
Standard
Infrastructure
Increasing
complexity
Increasing
likelihood
of failure
Increasing
rigor of
validation
activity
www.KatalystHLS.com
11

Risk Assessment within the System Life Cycle
www.KatalystHLS.com
12

Validation - Scaling Rigour : Category 5
www.KatalystHLS.com
24

www.KatalystHLS.com
25

www.KatalystHLS.com
33

www.KatalystHLS.com
34

Validation Process Flow
Identify: Opportunities to Automate Business Process
Develop: Initial User Requirements
Identify Key Personnel
(System Owner, Process Owner, SME)
Identify Suppliers
Develop URS IRA
Identify Potential
Supplier
System
Assessment
Supplier
Assessment
Validation
Plan
Specification
Documents
Configuration and
coding
Normal
Operations
Reporting &
Release
Decommissioning
(System Retirement)
Verification
ConceptProjectOperationRetire
ment
www.KatalystHLS.com
35

Incidents
What is and what is not a Computerized System Incident
Case Study-5
“I could log in yesterday, I
know my password, but I
can’t get in today”
“I lost my laptop. It has
critical GxP data on it”
“I pressed the button for
the report 3 hours ago, it
normally takes seconds”
“I get a strange error
message in browser –
something about java
versions”
“Yesterday the system
would let me use that
function – today it
won’t”
“Oh no! the disc
crashed!”
Is an Incident Is Not an Incident
“the battery in my
mouse is dead” “printer
cartridge is empty”
“I don’t know which
button to press to
do…”
“I forgot my password”
“I have found a minor
good documentation
practice problem to the
system’s validation
documentation”
Service Request
Help requests are
Service requests
Access Request
Minor Document
Change
www.KatalystHLS.com
36

Change Control
What is a Change to a Computerized System?
Computerized Systems Change Electronic Data Change
•Change to CS Hardware,
software or system parameters
•Changes that have potential to
impact (intentionally or
unintentionally) the functionality
of a Computerized System
•Changes to the Electronic Data
created, held, processes and
transmitted by a Computerized
System
•Electronic Data Changes have
no impact on CS Functionality
Computerized Systems Changes
are governed by specific Change
Control Procedure
Business Process specific SOPs
that govern the process to which
the electronic data pertain
www.KatalystHLS.com
37

Regulations requiring CSV
21 CFR Parts 210, 211 - Good Manufacturing Practices
21 CFR Part 820 - Quality Management Requirements for Medical Devices
21 CFR Parts 50, 56, 312 – Good Clinical Practices
21 CFR Part 58 – Good Laboratory Practice
21 CFR Part 11 – Electronic Record; Electronic Signature
Directive 2003/94/EC – Requirements for Good Manufacturing Practice
- Annex 11: computerized systems
Directive 2005/28/EC - Requirement for Good Clinical Practice (GCP)
Directive 2004/9/EC - Inspection and Verification of GLP
MHRA GMP Data Integrity Definitions and Guidance to Industry
PIC/S PI 011 – 3 – Good Practices for computerized Systems in
Regulated “GXP” environments
www.KatalystHLS.com
38

Regulatory Audits – Focus Areas
S.No Audit focus FDA MHRA WHO EDQM TGA AGES ANVISA
1. CSV √ √ √ √ √ √ √
2. CSVMP √ √ √ √ √ √ √
3. CS Inventory √ √ √ √ √ √ √
4.
Gap Analysis &
Remediation-
Legacy applications
√ √ √ √ √ √ √
5.
System Landscape
& Architecture
√ √ √ X X X X
6. PLC Capability √ √ √ X X X X
7.
SAP Business
Process
√ √ √ √ √ √ √
8. SAP Configuration X √ X X X X X
9. SAP - UAM √ √ √ √ √ √ √
10. SAP - MDM √ √ √ √ √ √ √
11. CDS √ √ √ √ √ √ √
12.
Empower Message
Center
√ X X X X X X
13. CDS - UAM √ √ √ √ √ √ √
www.KatalystHLS.com
39

S.No Audit focus FDA MHRA WHO EDQM TGA AGES ANVISA
14. LIMS √ √ √ √ √ √ √
15. LIMS - CDS √ √ √ √ √ √ √
16. LIMS - UAM √ √ √ √ √ √ √
17. LIMS MDM √ √ √ √ √ √ √
18. QMS √ √ √ √ √ √ √
19. DMS √ √ √ √ √ √ √
20. Challenge Tests √ √ √ √ √ √ √
21. Testing Strategy √ √ √ √ √ X X
22.
IT
Incident/Change
Management
√ √ √ √ √ X X
23. Training √ √ √ √ √ √ √
24.
Backup &
Restoration
√ √ √ √ √ √ √
25. Disaster Recovery √ √ √ √ √ √ √
26.
Network
Validation
√ X X X X X X
Regulatory Audits – Focus Areas
www.KatalystHLS.com
40

Forecasting
and Demand
Management
MRP Run
Procurement
Based on MRP
Run
Goods Receipt
Process
Goods Issue to
MFG
Production
Planning /
Scheduling
Quality
Analysis /
Process Order
Execution
(Batch
Charging)
Intermediate /
Finished
Goods Receipt Usage
Decision
Sales Order
Processing
Delivery and
Billing of Sales
Order
Finished
Product Label
and QA
Release
Usage
Decision
Dispatch
Process Order-
API Execution
and GR
Usage
Decision
Dispatch
Process Order-
FDF Execution
and GR
WARE HOUSE
PROCESS AREA
CDS
LES
SDMS
Raw Material
Indent to WH
-
Quality
Analysis /
High Level Business Process & IT Alignment
SDMS
Process Order
Release
Electronic
BPR
LEGEND
LIMS Serialization EMS
SAP
DMS MES QMS (NOR)
www.KatalystHLS.com
41

Forecasting
and Demand
Management
MRP Run
Procurement
Based on MRP
Run
Goods Receipt
Process
Production
Planning /
Scheduling
Quality
Analysis /
Process Order
Execution
(Batch
Charging)
Intermediate /
Finished
Goods Receipt
Usage
Decision
Sales Order
Processing
Delivery and
Billing of Sales
Order
Finished
Product Label
and QA
Release
Usage
Decision
Dispatch
Process Order-
Execution
and GR
Usage
Decision
WARE HOUSE
PROCESS AREA
CDS
Raw Material
Indent to WH
- Goods Issue
to MFG
Quality
Analysis /
Here we are….Lets Pace up
Process Order
Release
BPR Issuance
LEGEND
LIMS CDS
WMPS/SAP
BIMS Manual
www.KatalystHLS.com
42

Questions
Questions?
Contact:
Katalyst HealthCares & Life Sciences
Website: www.KatalystHLS.com
e-mail: info@KatalystHLS.com
Phone: 908-967-5588
Fax: 908-967-5589
www.KatalystHLS.com
43

Risk Based Approach CSV Training_Katalyst HLS

More Related Content

What's hot

Similar to Risk Based Approach CSV Training_Katalyst HLS

More from Katalyst HLS

Recently uploaded

Risk Based Approach CSV Training_Katalyst HLS