Search

Life Sciences Insights

Sharing expert knowledge via our latest blog posts

Back to Blog

10 things you should know before validating Computerized Systems

  • Software Services & Solutions
  • Biotech
Not sure where to start when validating your computerized systems? Follow these 10 steps as a guideline.
Computer System Validation

10 Steps to validate your computerized systems

Define the CSV Team

This is one of the first activities that shall be defined before starting the validation of the computerized system(s). The Validation Team oversees all the computerized system validation (CSV) projects at a site, or within a department. These validation projects will be defined in the Validation Master Plan.

Whether the team is already formed, it is recommended to identify the people who will be part of the Computerized Systems Validation team (CSV Team), since this team will be responsible for the creation and maintenance of the Validation Methodology of Computerized Systems, such as the Validation Master Plan for Computerized Systems (CS), CS Inventory, CSV procedures, formats, and for carrying out the CSV activities, documentation, executions, and reports.

Define CSV Team Members

Whether you contract a third party for the validation of the computerized systems, or it is company personnel, the CSV team must be defined.  

The CSV team members should be representatives from the following functional areas as appropriate to the site or department: Users, Quality Assurance, Validation Engineering, IT Department, and other relevant parties. 

The CSV team members should be sponsored by one of the most senior managers within the site or department. 

Define CSV Team Responsibilities

CSV Team will be responsible for creating and maintaining the Computerized Systems Validation Methodology. Responsibilities include, but are not necessarily limited to:  

  • Identifying Computerized systems or applications requiring validation 
  • Prioritizing and justifying the validations to be performed 
  • Developing the initial Validation Master Plan and producing subsequent revisions as required,   
  • Directing the project team on adapting the Validation methodology to their project  
  • Developing solutions to quality and compliance issues 
  • Coordinating validation projects, resourcing validation projects, including approving the use of consultants 
  • Creating and reviewing validation documentation. 

Review Validation Master Plan

Each site should establish a Validation Master Plan (VMP), which describes all the required validation activities and assigned responsibilities, priorities, and timings for actions. The CSV Team should review and approve this site plan.  

All CSV projects should either be included in this Validation Master Plan, or the CSV team shall create a separate Computer Systems Validation Master Plan.  

The Validation Master Plan should be a dynamic document which at any point in time will represent:  

  • which systems exist on site 
  • which systems require validation 
  • who is responsible for each validation project 
  • the status of the individual validation projects 
  • the date for completion of each validation project

All upgrades and periodic reviews should also be added to this plan. 

Create a CSV SOP

The CSV Team shall create the CSV SOP. This SOP aims to describe the CSV methodology for GxP regulated computerized systems installed at the site. This methodology ensures that computerized systems will reproducibly perform the functions they are designed to do and are suited for their intended use. 

The CSV procedure shall apply to all computerized systems owned by the site that create, modify, maintain, archive, retrieve or transmit information in support of GxP activities or to all those systems that need to be validated for any regulatory or compliance purpose. The templates for all validation documents shall be included in the SOP. 

Create a Computerized Systems Inventory

CSV Team shall create an inventory of all computerized systems in use within a given site or department. Creating an inventory is the first step in identifying systems that require validation. The information of the CS Inventory shall include, but it is not limited to:  

  • System reference number or ID 
  • System Name 
  • Supplier 
  • Use 
  • System Owner 
  • Business Areas Impacted 
  • Location 
  • Qualification Status 
  • Operating System 
  • Operation System Version 

This inventory can be added if the system generates electronic records, uses electronic signatures, and has an Audit Trail. 

Identify Systems that require Validation

The System Owner and CSV Team are responsible for identifying systems that require validation. Each system that has been identified must be assessed to see whether it performs quality or business-critical functions, whether there are sufficient controls to ensure its performance, and whether it should be validated or not.  

The system owner is responsible for completing the assessment of each system and updating that assessment whenever there are changes to the system.  

A quick evaluation can be performed to discern whether the system requires validation or not, for example: 

  • GxP Impact Evaluation, the system have a direct impact on the product quality, patient safety or data integrity? 
  • CFR 21 part 11 Evaluation, the system handled electronic records? Electronic signatures? 

This evaluation shall be strengthened when the validation plan will be created for each system. 

Determine Validation Priority

Once the systems that require validation had been identified, it will be necessary to determine the priority of each system validation (or validation project) within a site or department. To determine the priority of each validation, a risk assessment of all the validation projects shall be performed.  

Validation Priority should be given to those systems that pose a greater risk to product quality, patient safety, and business. 

Understand the Computerized System

An understanding of the supported process by the computerized system is fundamental to determining system requirements, the basis of the validation effort. In this stage, it is suggested to do a mapping of the process flows performed in the system. 

Efforts to ensure fitness for intended use should focus on those aspects that are critical to patient safety, product quality, and data integrity. These critical aspects should be identified, specified, and verified. 

Identify CSV roles

It is important to identify the Business Owner, System Owner, and Subject Matter Experts since they are the ones who support the activities of the validation of the system. In some cases, the process owner also maybe the system owner. 

  • Process Owner: The person ultimately responsible for the business process or processes being managed. This person is usually the head of the functional unit or department using the system. However, the role should be based on specific knowledge of the process rather than position in the organization. The process owner is responsible for ensuring that the computerized system and its operation are in compliance and fit for intended use according to applicable Standard Operating Procedures (SOPs) throughout its useful life. Responsibility for control of system access should be agreed upon between process and system owner. 

     

  • System Owner: The person ultimately responsible for the availability, support, and maintenance of a system and the security of the data residing on that system. This person is usually the head of the department responsible for system support and maintenance. However, the role should be based on specific knowledge of the system rather than position in the organization. The system owner is responsible for ensuring that the computerized system is supported and maintained by applicable SOPs. Responsibility for system access control should be agreed upon between the process and system owner. 

     

  • Subject Matter Expert (SME): Those individuals with specific expertise in a particular area or field. SMEs should take the lead role in the verification of computerized systems. SME responsibilities include planning and defining verification strategies, defining acceptance criteria, selecting appropriate test methods, execution of verification tests, and reviewing results.  

Expert knowledge in Computer Systems Validation

Our validation solution guarantees maximum return on investment. Check our off-the-shelf validation solution for you.
Read more

Related articles

Did you find this article interesting? Thanks for sharing it with your network:

Subscribe to the Blog
Here you will find interesting articles and news related to your industry.
Sign up here

Read more experts content

Subscribe now

Table of Contents

Stay up to date with life sciences insights

monthly newsletter
  • October 24-26
  • Barcelona, Spain

Come visit our booth at CPHI Barcelona 2023

Come to see the QbD Group at stand #3G73 at CPHI Conference in Barcelona. And after the conference…Eat & Connect with lifescience professionals at our QbD’s CPHI Networking Drink.

More Info