Principles of Computer Systems Validation

Roberto Bertini, Executive Consultant & Operations Manager, PQE Group

 What is Computer System Validation?

The most quoted definitions of process validation come from the FDA:

“The collection and evaluation of data, from the process design state through
commercial production, which establishes scientific evidence that a process is
capable of consistently delivering quality product.”
“Guidance for Industry, Process Validation: General Principles and Practices”, January 2011.

“Establishing documented evidence which provides a high degree of

assurance that a specific process will consistently produce a product meeting its
pre-determined specifications and quality attributes.”
FDA “Guideline on general principles of process validation, May, 1987”

Computerized Systems Validation is the documented proof enabling to conclude

with a high degree of assurance that a computerized system operates as defined in
its specifications, as well as according to quality and regulatory requirements, in a
constant and reproducible manner.
In addition, the Validation process shall provide documented evidence that the
system includes the automated functionalities oriented to ensure that the GMP
critical Electronic Records meet the ALCOA+ requirements.
GAMP 5 Guideline

ISPE GAMP FORUM

GAMP 5
A Risk-Based Approach to Compliant GxP
Computerized Systems
Life Cycle Phases
Validation: A PROCESS NOT AN EVENT
 SW GAMP5 Categories (1/2)

APPENDIX M4: Categories Of Software And Hardware

SW Category Description Examples
1 - Infrastructure  Layered software (i.e., upon which  Operating Systems
Software applications are built)  Database Engines
 Software used to manage the  Middleware
operating environment  Programming languages
 Statistical packages
 Spreadsheet
 Network monitoring tools
 Scheduling tools
 Version control tools
2 - Firmware THIS CATEGORY IS NO LONGER USED
3 - Non-Configured Run-time parameters may be entered Firmware-based applications
and stored, but the software cannot COTS software
be configured to suit the business
Instruments
process
 SW GAMP5 Categories (2/2)
APPENDIX M4: Categories Of Software And Hardware
SW Category Description
4 - Configured Software, often very complex, that
can be configured by the user to
meet the specific needs of the user’s
business process.
Software code is not altered
5 - Custom Software custom designed and
coded to suit the business process
Examples
LIMS, Data Acquisition
Systems, SCADA, ERP,
Clinical Trial Monitoring,
DCS, Building Managements
Systems, CRM,
Spreadsheets, Simple
Human Machine Interface
Internally and externally
developed IT applications
Internally and externally
developed process control
applications
Custom firmware
Spreadsheets (macro)
 Approach for Infrastructure Software (Cat.1)

▪ Documentation should be commensurate with the complexity / criticality

of the system
▪ Documentation for any system should contain all the required elements to
demonstrate that it has been validated and is in a state of Control
▪ How many documents is unimportant provided all required elements are
present

SW Category Typical Approach

1 Record version number, verify correct installation by following
approved installation procedures
See the GAMP Good Practice Guide: IT Infrastructure Control and
Compliance
 GAMP 5 Approach

GAMP 5
A Risk-Based Approach to
Compliant GxP Computerized
Systems

SYSTEM RISK FUNCTIONAL

ASSESSMENT RISK ANALYSIS

VALIDATION TESTING
EFFORT EFFORT
 Approach for non-configured Product

▪ Non-Configured Product (Category 3)

 Approach for Configured Product

▪ Configured Product (category 4)

 Approach for Custom Product

▪ Custom Application (Category 4)

Qualification vs. Validation
 www.pqegroup.com
[email protected]

Acknowledgements

References
• ISPE GAMP Forum - GAMP 5 - A Risk-Based Approach to Compliant GxP Computerized Systems