Without question, the impact of GxP processes such as product quality and patient health are at the top of the list when it comes to assessing the risks of a computer system. These are crucial in deciding whether to validate a computerized system. Therefore, experience and end user knowledge are of great value when weighting the impacts.
At first glance, business processes are not important from a regulatory point of view. However, it is necessary to assess them if the company wishes to continue to generate value from the processes. A strategy, for example, in which the costs do not cover the maintenance of the system or the required validation, may result in significant risks that jeopardise the future of the company.
Another example: a distributor of medicines does not manufacture the products and does not perform analysis to determine the purity and identity of the products. The main activity of the distributor is to store and to deliver. This system does not directly affect patient safety. However, it may affect product quality if the distribution is not performed according to the manufacturer’s instructions. As a consequence, patient safety may also be at risk. This could result in a violation of GxP and business requirements. Many (in)direct factors can impact the quality of a product and thus patient health.
The internal policy has a great influence on the product quality via the quality management system (QMS). The entire staff should be aware of or be involved in the QMS. The more impact on the product quality the more they should be involved. Think of IT, management, human resources, QA department, production, suppliers, distributors, etc. Not applying GxP practices can result in a loss of credibility towards customers, demands, plant closure, fines, or worse: in a negative impact on patient health.
When a company is not in control of the training and qualification of personnel, this means unqualified personnel is operating the system. This increases the uncertainty of the system and thus leads to greater risks.
When a company lacks controls and procedures for the use, archiving, backup, restoring, transmission, and modification of data, it is likely that the process is missing data integrity. For instance, an employee is faced with an error in a system while processing a medicine. The employee does not follow the standard procedure and asks an IT employee to resolve the problem quickly. The data is modified on request without adhering to the procedures. The result? The risk of lack of data integrity is significant.
In conclusion, validating a computer system involves many layers of processes. It is inseparably intertwined with the QMS. Data is a big deal.
You can read more about data integrity in a previous blogpost and we’ll handle the topic again in one of our next blogs.
How can QbD help you?
QbD has different experts in computer system validation in its team. If you have any questions concerning the topics mentioned above, don’t hesitate to contact us!