Presentation is loading. Please wait.

Presentation is loading. Please wait.

Validation of Computerized Laboratory Systems

Published byBarrie Allan Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "Validation of Computerized Laboratory Systems"— Presentation transcript:

1 Validation of Computerized Laboratory Systems
4/20/2017 Validation of Computerized Laboratory Systems   RACI Conference - Chemical Analyses Dr. Ludwig Huber

2 Overview FDA/EMA GxP and ISO 17025 requirements
4/20/2017 Overview FDA/EMA GxP and ISO requirements Recommendations from industry task forces Validation steps with examples for all validation phases from setting specifications to reporting Leveraging supplier support for highest efficiency Validation and use of Cloud Computing in regulated areas?

3 Calibration, inspection, routine checks
FDA GMP (211.68) (a) Automatic, mechanical, or electronic equipment or other types of equipment, including computers, or related systems that will perform a function satisfactorily, may be used in the manufacture, processing, packing, and holding of a drug product. If such equipment is so used, it shall be routinely calibrated, inspected, or checked according to a written program designed to assure proper performance. Written records of those calibration checks and inspections shall be maintained Calibration, inspection, routine checks Calibration records Written program

4 US FDA 21 CFR Part 11 - Electronic Records, Electronic Signatures -
Computer systems should be validated to ensure accuracy, reliability and consistent intended performance Guidance: Scope and Applications We recommend that you base your approach for validation on a justified and documented risk assessment and a determination of the potential of the system to affect product quality and safety, and record integrity. For instance, validation would not be important for a word processor used only to generate SOPs

5 FDA Warning Letter/483/EIR
During the inspection, I asked if the computer software has been validated. I was told that the software was validated by the manufacturer. The managing director provided me a copy of the letter the received from (the vendor). The letter indicated that the software was validated. I told the managing director I still need to see what they have done to validate the system since the computer was making a decision to accept or reject potential donors. ( W-191) No validation at user's site Validate computer systems at the user’s site

6 FDA Warning Letter/483/EIR
 Failure to adequately validate computer software used in an automated process for its intended use according to an established protocol, as required by 21 CFR (i).  For example, no person from your firm reviewed or approved the third party approval test results for the original "[redacted] Complaint System Validation" used in your firm's quality system. ( W-210) 3rd party validation results not reviewed User firm should always review validation results

7 FDA Warning Letter/483/EIR
No IQ, OQ or PQ has been performed throughout the life of the system. No validation reports have been generated historically (for the legacy system). The (system) has not been maintained under established procedures for change control. This is true throughout the life of this software application. (W-190) Legacy System not validated and controlled Develop a procedure for validation and change control of legacy system.

8 FDA Warning Letter/483/EIR (2012)
There are several instances of incomplete qualification of equipment and incomplete laboratory data We recommend that you seek the advice of a third-party consultant for assistance with a complete evaluation (W-276) Laboratory Equipment Qualification incomplete FDA Recommends 3rd Party Consultant for Lab Equipment Qualification Reference:

9 FDA Warning Letter/483/EIR
User access levels for the [redacted] software were not established and documented. Currently, laboratory personnel use a common password to gain access to the system and there are no user access level restrictions for deleting or modifying data. (W-198) Group Rather than individual passwords Assign unique user ID for each person Reference:

10 FDA Warning Letter/483/EIR
Data security protocols are not established that describe the user's roles and responsibilities in terms of privileges to access, change, modify, create, and delete projects and data (242) Roles and Responsibilities not Established Develop a list with roles and responsibilities for functions Implement and validate the procedures Reference: (242)

11 FDA Warning Letter/483/EIR
Your firm's review of laboratory data does not include a review of an audit trail or revision history to determine if unapproved changes have been made.. (229) Deviation: Missing Review of Audit Trail Root cause (assumed for the purpose of this case study): No procedure for formally review electronic audit trail Corrective action to correct the existing violation Develop and implement procedure for reviewing e-audit trail by QA Preventive actions Apply procedure to other computer systems that record e-audit trail. Electronic audit trail not reviewed Reference: (229)

12 4/20/2017 Data Checks Built-in checks for correct and secure entry and processing of data Additional check on accuracy for critical data entry By second operator By validated electronic means Criticality and potential consequences of erroneous or incorrectly entered data covered by risk management

13 * Printouts Clear printed copies of electronically stored data
4/20/2017 Printouts Clear printed copies of electronically stored data For records supporting batch release Print-outs should indicate if any of the data has been changed since the original entry (audit trail) Abs * reprocessed time

14 Announce random audit trail review
4/20/2017 Audit Trails System audit trail should be considered for Creation Change Deletion or records Reason for change Audi trail records should be convertible to a generally intelligible form Audit trail records should be regularly reviewed Include this as checklist item in batch record review Risk Based Announce random audit trail review

15 Computer System Validation: Official Guidelines
USP <1058> Analytical Instrument Qualification (Category C) (2008) PIC/S Good Practice Guide Using computers in GxP environments (2003) Japan MHLW : Guideline on Management of Computerized Systems for Marketing Authorization Holders and Manufacturers of Drugs and Quasi-drugs GAMP 5 (2008) A Risk based approach to Compliant GxP Computerized Systems GAMP Good Practices Guide (2012) A Risk based approach to GxP Compliant Laboratory Computerized Systems PIC/S: Pharmaceutical Inspection Cooperation Scheme

16 GAMP® 5 A Risk Based Approach to Compliant GxP Computerized Systems
Reference document for computer system validation Referenced in FDA and PIC/S Guides Uses V-lifecycle model, risk based approaches Defines four software categories (down from 5) Supplemented by Good Practices Guides for specific applications (lab systems, testing, data archiving) GAMP ® : Good Automated Manufacturing Practice Order from

17 GAMP® : A Risk based approach to GxP Compliant Laboratory Computerized Systems
Key concepts Product and process understanding Draw process and data flow Lifecycle approach within a quality management system From system conception to retirement Scalable system lifecycle Based on complexity, novelty, system impact on patients Science based quality risk assessment Focus on critical aspects of system Leveraging supplier involvement E.g., through documentation (specs), testing, consulting Calibration of laboratory systems ’

18 Comparison – GAMP Guide vs. USP 1058
Software GAMP Lab Guide Flexible and scalable lifecycle approach Describes 3 systems with different complexity, mainly with computers connected to equipment in one or the other way, Focus on risk assessment for all validation phases Uses the term verification Very detailed for system validation USP <1058> Fixed lifecycle approach, with flexibility in each phase Describes 3 instrument categories, ranging from simple equipment such as mixers to complex computer systems Uses the term qualification More like a frame work than details for AIQ Hardware

19 Instrument&System Categories
4/20/2017 Instrument&System Categories GAMP Lab Guide Simple Systems Computerized HPLC - Mass spectrometers Standalone Balances pH meters Standalone Balances Magnetic Stirrers Vortex Mixers Medium Systems Computerized LC-MS Complex Systems Visual inspection May not require formal qualification Verification with specifications Full qualification Networked Systems USP <1058>

20 Computer System Validation – GAMP ® Cat 4
4/20/2017 Computer System Validation – GAMP ® Cat 4 User requirement specifications Functional/config. specifications Vendor qualification Design Qualification Configuration Configuration design Configuration implementation Validation Plan Installation Qualification Check arrival as purchased Check proper installation of hardware and software Validation Report Test of configuration specifications Test of functional specifications Test of security functions Operational Qualification Performance Qualification Test for user requirement specifications Preventive maintenance

21 Recommendations for Implementation
Start with a concept: e.g., define business needs, processes, potential solutions Make a plan with time table, owners and deliverables Write specifications and compare with vendor specifications, design review for configurable systems Conduct risk assessment Select and qualify the supplier Verify and document installation Test for suitable operation Check and document ongoing performance Write a summary report Formally release Keep changes under control Available through

22 Step 1: Make a Plan Attachments
4/20/2017 Step 1: Make a Plan Background, why will there be a new system System description References, responsibilities Steps/approaches for validation Vendor assessment IQ, OQ, PQ ( Change control and revalidation Training Schedule Contents of validation report and other documents Attachments

23 Validation Plan Template
Cost effective Validation Plan Template Purpose of the Plan Product Description Validation Strategy Responsibilities (position) Supplier Assessment Risk assessment Testing Strategies and reporting DQ IQ OQ PQ Traceability matrix Procedures Approval Documents and control

24 Step 2: Define Requirements
Intended application Intended environment Computer environment Laboratory User requirements Operating systems Networks Compatibility with other systems Functions to perform applications Functions to comply with regulations (Annex 11, Part11) Verify with the vendor if requirements are met

25 Example: RS for e-Audit Trail
Req. ID Requirement Critical Test Priority Test ID 12.01 Data system should have computer generated, time-stamped audit trail to record the date and time of operator entries and actions that create, modify, or delete electronic record high T24 12.02 The system should allow optional entry of the reason for a change T25

26 Step 3: Qualify the Suppler
Cost effective Step 3: Qualify the Suppler Purpose: determine the adequacy of the suppliers quality system Types of assessment - Preliminary assessment (questionnaire, postal audit) - Detailed on-site audit (quality system, process, product) Extent of the assessment depends on - criticality of the system, complexity - risk to data integrity associated with use of the system - ability to verify system functionality in the lab Can reduce in-house testing through tests done by the supplier Leverage supplier tests

27 Document Vendor Selection
Requirements Results Passed 1) Company â–¡ yes â–¡ no Experience with the vendor Recognition in the market place 2) Quality Assurance ISO Certification Documented software development 3) Product functions (provide detailed list) 4) Services and Support Provide specifications list Installation service IQ/OQ services Phone and onsite support Cost effective Slide 27

28 Supplier Contributions for Validation
4/20/2017 Supplier Contributions for Validation Operate product development, manufacturing and support in a documented quality management system Document software development and validation activities Summarize testing activities for hardware and software Provide conformity declarations and/or validation certificates for equipment and software Respond to supplier assessment requirements in timely manner Allow and be cooperative with vendor audits Allow access to test conditions and results Offer IQ/OQ services Provide software for system suitability testing

29 Documents that Should be Provided by Software Suppliers
4/20/2017 Documents that Should be Provided by Software Suppliers Functional specifications Documented evidence of working under a recognized quality system (ISO 9001 or equivalent) Validation certificate or declaration of system validation Description of software development and validation process Environmental specifications for facilities Site preparation checklist Documented evidence of qualifications for personnel that develop and support computer systems Declaration of conformity to specifications for equipment hardware

30 Step 4: Perform and Document Installation Qualification
Collect supplier’s environmental conditions, operating and working instructions and maintenance requirements Compare systems, as received, with purchase order Install of systems according to vendor specifications Make system drawings (e.g., data flow) Check documentation for accuracy and completeness Document all components with asset and serial numbers Assistance from Vendor

31 Installation Testing - Examples
System ID ____________ Date installed ___________ Test Objective: Verify acceptable installation Installer Name ________________ Installer Signature ______________ Start: Log on as system administrator Test Test Procedure Pass Fail 1 System log-on 2 Load test method and instrument parameters 3 Run well characterized test sample 4 Compare with reference plot 5 Document and sign results 6 Access help file Tester: I confirm that I have all tests executed as described Name: ___________ Signature__________ Date_________ Tests passed: yes no Comment: ___________________________ Slide 31

32 Conduct Risk Management
4/20/2017 Conduct Risk Management Should be applied throughout the lifecycle of a computerized system Decisions on extent of validation and data integrity controls should be based on a justified and documented risk assessment Impact on product quality and patient safety Impact on data integrity Comment from Labcompliance: Example for high risk: Systems & records supporting batch release, e.g., QC equipment and data systems, electronic batch record system Example for low risk: Word processing system to write a validation report

33 Document the System in the Computer System Inventory
ID/ Asset Number Description Location Application GxP Risk h,m,l Contact Time Frame for Validation RV3212 Chromatogr. Data System G4 West1 Instrument control, data acquisition Yes m Bill Hinch TN Jun-Jul 2011 PIC/S For GxP regulated applications it is essential for the regulated user to carry out a properly documented ... risk analysis for the various system options The inspector will consider the potential risks, .., as identified and documented by the regulated user, in order to assess the fitness for purpose of the particular system(s).

34 Step 5: Test for Operational Qualification
Identify critical functions for the computer systems as defined in functional and user requirement specifications Develop test cases for the functions and define acceptance criteria Perform the tests Evaluate results and compare with acceptance criteria Document results Assistance from Vendor for OQ services Hardware and software

35 Cost What to Test effective
Functions that can be impacted by the user’s environment User configurations User customizations Hardware configurations, cabling (communication between computer and equipment) Real critical system functions Run well characterized test sample Compare test results with acceptance criteria

36 4/20/2017 Why Companies in EU/US Choose Manufacturers Operational Qualification Services Tools for equipment hardware qualification Some tests require traceable test tools The tools typically need to be calibrated yearly Qualification of test engineers Test engineers must be formally qualified Training must be regularly updated and thoroughly documented Manufacturer engineer bring qualification certificates along Manufacturer engineers can fix problems if OQ does not pass Documentation Vendors provide inspection ready documentation Compliance There are many FDA warning letters based on user’s OQ I am not aware of a vendor’s OQ based warning letter

37 Step 6: Ensure Ongoing Performance (PQ)
System Testing Regular system performance tests System suitability testing, QC Samples Development, review, approval of SOPs Maintenance Regular disk maintenance Regular virus checks Environmental control Regular data back-up Change control procedures and logs

38 Step 7: Implement Change Control System
Main reasons for changes: hardware maintenance and repair and software upgrades Changes must follow a documented change procedure Procedure should require risk analysis and evaluation if the change may affect the computerized system's validation status Document changes; what, why, who, how tested?

39 Step 8: Write the Validation Report
Should include brief description of each major project activity Used to review all preceding validation activities and indicate status of the system prior to implementation into a production environment Deviations from the project plan should be documented and risk assessment should be performed Approval of the validation report pre-requisite for release Risk assessment for deviations

40 Validation Phases – 4Q Model APPROACH FOR EXISTING EQUIPMENT
4/20/2017 Validation Phases – 4Q Model APPROACH FOR EXISTING EQUIPMENT Document equipment use Document applications Document used functions Define System Use Installation Qualification Operational Qualification Performance Qualification Enter all modules and systems in a database Hardware, Firmware, Software Validation Report Validation Plan Document past tests Test of functional specifications Test of performance functions System test (system suitability testing) Preventive maintenance + Change Control

41 Thank You I would like to thank All attendees for your attention
Agilent Technologies for invitation and organizatopn Give feedback and choose any two from over 150 documents (value: $138) for free: SOPS and/or Validation examples. GOTO: Offer expires on March 10, 2014 For links to Computer System Validation references, please check (Available until March 10, 2014)

Download ppt "Validation of Computerized Laboratory Systems"

Similar presentations

Compliance From The Ground Up September 18, 2013 Earlene Gibbons Director, Operational Technology.

Compliance From The Ground Up September 18, 2013 Earlene Gibbons Director, Operational Technology.
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Radiopharmaceutical Production

Radiopharmaceutical Production
Radiopharmaceutical Production

Radiopharmaceutical Production
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
Software Quality Assurance Plan

Software Quality Assurance Plan
EQUIPMENT VALIDATION.

EQUIPMENT VALIDATION.
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
Regulatory Compliant Performance Improvement for Pharmaceutical Plants AIChE New Jersey Section 01/13/2004 Murugan Govindasamy Pfizer Inc.

Regulatory Compliant Performance Improvement for Pharmaceutical Plants AIChE New Jersey Section 01/13/2004 Murugan Govindasamy Pfizer Inc.
Establish Verification Procedures (Task 11 / Principle 6)

Establish Verification Procedures (Task 11 / Principle 6)
World Health Organization

World Health Organization
SAE AS9100 Quality Systems - Aerospace Model for Quality Assurance

SAE AS9100 Quality Systems - Aerospace Model for Quality Assurance
Corrective & Preventive Action Programme l Corrective and preventive action managed by one programme l Closely linked to the internal audit programme l.

Corrective & Preventive Action Programme l Corrective and preventive action managed by one programme l Closely linked to the internal audit programme l.
Lecture 8. Quality Assurance/Quality Control The Islamic University of Gaza- Environmental Engineering Department Environmental Measurements (EENV 4244)

Lecture 8. Quality Assurance/Quality Control The Islamic University of Gaza- Environmental Engineering Department Environmental Measurements (EENV 4244)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Supplementary Training Modules on Good Manufacturing Practice

Supplementary Training Modules on Good Manufacturing Practice
Quality Assurance/Quality Control Policy

Quality Assurance/Quality Control Policy
INTERNAL AUDITS OF LABORATORIES Sanjay S Shetgar 1.

INTERNAL AUDITS OF LABORATORIES Sanjay S Shetgar 1.
Inter-Laboratory Method Transfer

Inter-Laboratory Method Transfer

Similar presentations

Ads by Google