Regulatory Requirements
Validation
What is the regulatory requirement for life sciences companies that use 3rd parties for hosting their IT infrastructure?
Life science companies are responsible to ensure their IT infrastructure operates under the appropriate operational and procedural controls that will ensure data security and integrity. Proper control of 3rd party providers can be accomplished by the use of a Supplier Quality Agreement that is supplemented by periodic audits.
Is there a regulatory requirement to validate Microsoft Excel spreadsheets or Microsoft Access databases?
Excel spreadsheets and Access databases are in wide use throughout life sciences companies. Spreadsheets and databases should be validated if they contain information that is used in any manner to make quality decisions.
What are the key requirements of FDA 21 CFR Part 11?
The key elements of FDA 21 CFR Part 11 are:
- Establishes a requirement that electronic records & signatures are to be trustworthy, reliable and generally equivalent to paper records and handwritten signatures executed on paper
- Computer systems (including hardware and software), controls and documentation must be readily available for and subject to FDA inspection
- Predicate rules apply, i.e., GMP, GCP, GLP
- Validation of systems to ensure accuracy, reliability, consistent intended performance and the ability to discern invalid or altered records
- Ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review and copying
- Protection of records to enable accurate and ready retrieval throughout the record retention period
- Limiting access to authorized individuals
- The use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries
- Record changes shall not obscure previously recorded information and audit trails are to be maintained as long as the associated electronic record
- Use operational system checks to enforce permitted sequencing of steps and events, as appropriate
- Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation, alter a record or perform the operation at hand
- Use of device checks to determine the validity of the source of data input
- Determination that persons who develop, maintain or use electronic records/electronic signatures have the education, training and experience to perform the assigned tasks
- The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signature so as to deter signature falsification
- Adequate control over the distribution of, access to and use of documentation for system operation and maintenance
- Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of system documentation
Are Standard Operating Procedures (SOPs) an important part of compliance?
SOPs allow for the consistent deployment of software and serve as the basis for training. The consistent use of software and procedural controls also ensures product quality and reduces defects.
What is a Risk Assessment as it relates to applications software?
A Risk Assessment is the identification of potential hazards and their associated risk consequences as it relates to patient and/or product safety. Potential risks can be mitigated by more stringent testing and/or imposition of procedural controls.
What is GAMP 5?
GAMP 5 specifies the deliverables as the following:
- Validation Plan
- Risk Assessment
- Specifications Development
- User (Business) Requirements
- Test Protocols
- Platform
- Operational (funcational)
- System (end to end)
- Requirements Trace Matrix
- Test Summary
- Validation Summary Report
Does software deployed in the cloud have to be validated?
Software used in a regulatory environment has to be validated for its intended uses regardless of the deployment model.
Does virtual software have to be validated?
Virtual software solutions such as VMware have to be validated since they control the operation of platform components.
What is an SAP DaRT Validation?
The tool is an SAP Data Retention Tool (DaRT) that is used to manage large quantities of data for archiving and retention. As with other tools, validation is required since regulatory data is maintained.
What are the deliverables for software validation as specified by GAMP 5?
GAMP 5 specifies the deliverables as the following:
- Validation Plan
- Risk Assessment
- Specifications Development
- User (Business) Requirements
- Functional Specifications
- Test Protocols
- Platform
- Operational (functional)
- System (end to end)
- Requirements Trace Matrix
- Test Summary
- Validation Summary Report
What is the definition of computer software validation (CSV)?
Computer software validation includes the testing of a solution for its specific GxP (Good Manufacturing, Laboratory, Clinical, etc.) intended uses, ensuring appropriate procedural controls are in place and completion of training for system users on the system and applicable procedures.
How can a Compliance Package, i.e., predefined templates and test scripts accelerate the software validation process?
Compliance Packages contain templates that guide the validation effort in terms of scope, risk, interfaces, methodology, etc. so that a comprehensive outcome can be achieved. Test scripts significantly reduce the test writing effort since they can be used "as is" or modified rather than written from scratch.