Computer validation

Computerised system validation is also known as CSV. Computerised systems must be qualified in order to address specific security and data integrity risks, besides the operational risks. Compliance with 21CFR Part 11 (FDA) and EU cGMP part IV Annex 11 must be demonstrated. Typical keywords are data integrity, security, audit trail, electronic signatures.

Nowadays, computerised systems are touching more and more of the regular validation fields. To prevent the various layers of a project becoming tangled, different steps need to be established to create a clear scope and framed overview.

Within CSV there are many topics to touch on, each with its own characteristics and risks:

• Information systems (IT, enterprise systems): e.g. document management systems, quality management systems, ERP systems, electronic batch record systems and data historian systems.
• Automated systems: e.g. all automated systems used in production, utilities, small automated equipment containing computerised hardware and software
• Laboratory systems: e.g. COTS (commercial off the shelf) automated laboratory systems (hardware and software)
• Datasheets used in production and laboratories (Excel sheets and information systems which do not include any hardware)
According to the ISPE GAMP 5 guideline, a more precise distinction can then be created by filtering the system by the following categories:

1. Standard systems (category 3)
2. Configurable systems (category 4)
3. Custom (bespoke) systems (category 5).

The risk, and therefore qualification effort, increases as the category increases. A tailor-made approach is necessary to perform a spot-on qualification: addressing applicable risks and avoiding excessive qualification.

According to the USP (United States Pharmacopeia), lab systems also have three classifications:

• Type A: (no data, no settings, no calibration)
• Type B: (no data storage on the system itself, calibration/equipment qualification only)
• Type C: (data storage, CSV is applicable).

To create a clear overview of all stages of validation, an overall lifecycle model is used. This risk-based approach life cycle is given by ISPE GAMP 5, and consists of four stages: Concept, Project, Operation and Retirement. Read more in our blog about this software development life cycle.

What we offer

Adryan’s philosophy is that, to achieve a robust computerised system validation, a steady and clear approach is needed; creating an overview, containing all facets of the entire validation procedure within the previously agreed framework. With this, scoping is key. Our experts use this approach in their computer validation activities.

Frederik de Jong

Do you want to know more about
Computer validation

Please contact