2nd Edition

Pharmaceutical Computer Systems Validation Quality Assurance, Risk Management and Regulatory Compliance

Edited By Guy Wingate Copyright 2010
    798 Pages 320 B/W Illustrations
    by CRC Press

    Thoroughly revised to include the latest industry developments, the Second Edition presents a comprehensive overview of computer validation and verification principles and how to put them into practice. To provide the current best practice and guidance on identifying and implementing improvements for computer systems, the text extensively reviews regulations of pharmaceuticals, healthcare products, blood processing, medical devices, clinical systems, and biotechnology. Ensuring that organizations transition smoothly to the new system, this guide explains how to implement the new GMP paradigm while maintaining continuity with current practices. In addition, all 24 case studies from the previous edition have been revised to reflect the new system.

    Key topics in Pharmaceutical Computer Systems Validation, Second Edition include:

    • GAMP5, ASTM 2500, EU GMP (Annex 11), and US GMP revisions to regulatory requirements for electronic records and signatures that should be published in 2008
    • ICH Guidance Q8, Q9, and Q10 expectations
    • FDA cGMPs for the 21st Century Initiative and associated guidance
    • PIC/S Guidance on Good Practice for Computerized Systems in GxP Environments
    • WK9864 Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment
    • the indirect developments from FDA/EU/Japan regulators and industry
    • the role of QA department, and internal and external suppliers
    • the integration of computer systems validation into single overall approach for wider system
    • practical guidance on handling common high, medium, and low risk issues that can occur during the life cycle of a computer system
    • managing outsource partners and handling legacy systems
    • topical issues uncovered by regulatory authorities including US FDA

    1: Introduction. Strategic Advantage. Rudimentary Computer System Characteristics. Trends in Today’s Computing Environment. Problems implementing computer systems. Industry Observations. Regulatory Observations. New 21st century paradigm. Key Principles & Terminology. Life Cycle Approach within QMS. Scalable Life Cycle Activities. Process and Product Understanding. Science Based Quality Risk Management. Leveraging Supplier Involvement. Good practice. Quality Assurance. GxP Philosophy. Duty of Care. Buyer Beware. Business case. Benefits. Implementation Cost. Cost of Failure. Measuring Success. Misconceptions. Good business sense. Persistent regulatory non-compliance. Wider applicability. 2: History of computer validation. A regulatory perspective. Significant Regulatory Developments. Good Manufacturing Practice (GMP). Good Distribution Practice (GDP). Good Laboratory Practice (GLP). Good Clinical Practice (GCP). Medical Devices. Electronic Records and Electronic Signatures (ERES). Collective GxP Requirements. Developing industry guidance. PMA’s Concept Paper. Red Apple Consensus Report. GAMP Supplier Guide. PDA’s Technical Report on Computer Validation. PhRMA’s Computer Validation Key Practices. GAMP3. PDA/GAMP Harmonised Terminology. GAMP Infrastructure & PDA Network Guidance. PDA Technical Report on Laboratory Systems. GAMP4. PDA/ISPE Good Practice & Compliance for Part 11. GAMP Guide for Electronic Signatures & Records. PIC/S GxP Computerised System Guidance. GAMP5. Body of Knowledge. Pivotal inspection incidents. 3: Organisation & Management. Organisational Responsibilities. Quality & Compliance Roles. Concept of Internal Supplier. External Supplier Responsibilities. Recent Inspection Findings. Compliance Strategy. Organisation Considerations. Policy & Procedures. Recent Inspection Findings. Computer Systems Inventory. Project Delivery. Getting Started. Life Cycle Approach. Risk Management. Recent Inspection Findings. Management Review. Recent Inspection Findings. Resource Planning. Key Principles For Computer System Compliance. 4: Supporting Processes. Training. Organisational Roles. Qualifications. Training Plans & Records. Recent Inspection Findings. Document Management. Document Preparation. Document Review. Document Approval. Document Issue. Document Change. Document Withdrawal. Document Administration & Storage. Quality of Documentation. Recent Inspection Findings. Change Control. Request for Change. Change Evaluation (Impact Analysis) and Authorisation. Testing and Implementation of the Change. Change Completion and Approval. Emergency Changes. Recent Inspection Findings. Configuration Management. Configuration Identification. Configuration Control. Configuration Status Accounting. Configuration Evaluation. Recent Inspection Findings. Self-Inspections. Managing Deviations. Example Self-Inspection Checklist. Approach To Project Delivery. Approach To Validation. Standard Software. Commercial Off-The-Shelf (COTS) Products. Open Source Software Tools. Managing User Modifications. Software Reuse. Managing Change. Roles & Responsibilities. Choosing An Appropriate Life Cycle Methodology. Integrating Systems. Segregating Systems. Project Initiation & Compliance Determination. Project Scope (Outline Specification). Compliance Determination. Validation (Master) Planning. Project & Quality Plans. Requirements Capture & Supplier (Vendor) Selection. User Requirements Specification (URS). GxP Assessment. Request for, Receipt of, and Evaluation of Proposals. Supplier Selection. Purchase Orders and Contracts of Supply. Design & Development. Supplier Project & Quality Plan. System Overview. Functional Specification. Architectural Design. Hardware and Software Design. Data Definition (inc. Configuration). Operating Manuals. Design Review (inc. Hazard Study). Coding, Configuration & Build. Hardware Platform. Application Software. Source Code Review. Development Testing. Unit/Module Testing. System/Integration Testing. Pre-Delivery Inspection. User Qualification & Authorisation To Use. Pre-Qualification Activities (Commissioning & Calibration). Data Load (inc. Configuration). Installation Qualification (IQ). Operational Qualification (OQ). Performance Qualification (PQ). Operation and Maintenance Pre-requisites. Validation (Summary) Reports. 5. Project Delivery Supporting Processes. Training. Document Management. Change Management. Configuration Management. Requirements Traceability. Deviation Management. Validation Package. Reviews and Approvals. 6: Project Initiation & Compliance Determination. Project Scope. Understanding the Scope of the Computer System. Outline Specification. Project Risk Management. Project & Quality Plans. Glossary of Terms. Validation Determination. Early Indication of Validation Requirement. Compliance Determination Statement. Validation Master Plan. Hierarchy of Validation Master Plans. Contents of Validation Master Plans. Structure of Validation Master Plans. Preparation of a Validation Master Plans. Recent Inspection Findings. Validation Plan. Contents of Validation Plan. Preparation of a Validation Plan. Supplier Relationships. Magnitude of Validation Effort. Recent Inspection Findings. Validation Strategy. Approach to Hardware. Approach to Software. Criticality-Impact Analysis. Managing Compliance Issues. Example Validation Determination Statement. Example Contents For Validation Master Plan. Example Contents For Validation Plan. 7. Requirements Capture & Supplier (Vendor) Selection. User Requirements Specification. Contents. Electronic Record/Signature Requirements. Recent Inspection Findings. GxP Assessments. Identifying GxP Processes and Functions. Identifying Critical Components and Devices. Recent Inspection Findings. Supplier Selection. Regulatory Expectations. Invitation To Tender. Supplier Proposal. Proposal Evaluation. Contract of Supply. Recent Inspection Findings. Supplier Audits. Applicability. Audit Preparations. Conducting Audits. Audit Report & Follow-Up. Preferred Suppliers. User Groups. Recent Inspection Findings. Example Contents For URS. Supplier Checklist For Receiving Customer Audits. Example Postal Supplier Audit Questionnaire. Example Supplier Audit Checklist. Example Contents For Supplier Audit Report. 8: Design & Development. Supplier Project And Quality Plans. Functional Specification. Content. Dealing with COTS Products. Anticipating Testing. Recent Inspection Findings. Requirements Traceability. Contents. Maintenance. Recent Inspection Findings. Architectural Design. Content. Recent Inspection Findings. Software & Hardware Design. Software Design. Hardware Design. Dealing with COTS Hardware and Software. Recent Inspection Findings. Design Review (inc. Hazard Study). HACCP. CHAZOP. FMEA. Dealing with COTS Hardware and Software. Recent Inspection Findings. Accelerated Development. Prototyping. Rapid Application Development. Extreme Programming. Contents For Supplier Project/Quality Plan. Example Checklist For Functional Specification. Example Software Design Structure. Example Hardware Design Structure. Example Hazard Study Questions. 9: Coding, Configuration, And Build. Software Programming. Programming Approach. Redundant Code (‘Dead Code’). Compilers. Recent Inspection Findings. Source Code Review. Review Criteria. Reporting. Effectiveness. Access to Application Code. Recent Inspection Findings. System Assembly. Checklist For Software Production, Control & Issue. Example Programming Standards. Example Checklist For Software Code Reviews. 10: Development Testing. Testing Strategy. Test Plans. Test Specifications. Test Conditions. Test Traceability. Text Execution. Independent Checks. Test Outcome. Inconsequential Test Deviations. Test Failures. Issues Log. Test Reporting. Managing Changes During Testing. Test Environment. Inspection Findings. Unit & Integration Testing. Structural (White-Box) Testing. Acceptance Testing of COTS Software and Hardware. Inspection Findings. System Testing. Functional (Black-Box) Testing. Upgrade Compatibility. Inspection Findings. Pre-Delivery Inspection. 11: User Qualification & Authorisation To Use. Qualification. Test Documentation. Leverage Development Testing. Beta Testing. Stress Testing. Parallel Operation. Inspection Findings. Pre-Qualification. Site Preparations. Calibration. Data Load. Inspection Findings. Installation Qualification. Inventory Checks. Operating Environment Checks. Diagnostic Checks. Documentation. Inspection Findings. Operational Qualification. Scope of Testing. Test Reduction. Verifying SOPs. Test Environment. System Release. Inspection Findings. Performance Qualification. Product Performance Qualification. Process Performance Qualification. Inspection Findings. Authorisation To Use. Validation Report. Validation Summary Report. Validation Certificate. Inspection Findings. 12: Operation & Maintenance. Performance monitoring. Monitoring Plan. Status Notification. Recent Inspection Findings. Repair & preventative maintenance. Scheduling. Calibration. Documentation. Recent Inspection Findings. Upgrades, bug-fixes and patches. Why Upgrade?. Bug-Fixes & Patches. Installation & Validation. Upgrade Considerations. Beta Software. Quick Fix. Availability of Software & Reference Documentation. Prioritising Changes. Recent Inspection Findings. Data Maintenance. Data Life Cycle. Audit Trails. Retention of Raw Data. Recent Inspection Findings. Backup and retrieval. Scheduling. Media. Recent Inspection Findings. Archive and restoration. Archiving Requirements. Retrieving Archives. Storage Requirements. Recent Inspection Findings. Business continuity planning. Procedures & Plans. Redundant Systems & Commercial Hot Sites. Service Bureau. Backup Agreements. Cold Sites. Manual Ways of Working. Software Licenses. Recent Inspection Findings. Security. Management. Computer Viruses. Recent Inspection Findings. Contracts and Service Level Agreements (SLAs). Recent Inspection Findings. User procedures. Recent Inspection Findings. Periodic review. Recent Inspection Findings. revalidation. Recent Inspection Findings. 13: Phase-Out & Withdrawal. Site Closures, Divestments & Acquisitions. Site Closures. Site Divestments. Site Acquisitions. Retirement. Electronic Records Management. Preservation Of Archive Records. Duration Of Retention. Archiving Options. Replacement. Migration Strategy. Legacy Systems. Decommissioning. Example Retirement Checklist. 14: Electronic Records & Electronic Signatures. Electronic Records. Record Life Cycle. Audit Trail. Timestamps. Meta-Data. Record Maintenance. Software Programs & Configuration. Recent Inspection Findings. Electronic Signatures. Admissibility. Signature Attributes. Linking a Signature to an Electronic Record. Identification Codes and Passwords. Digital Signatures. Recent Inspection Findings. Operating Controls. Device Checks. Sequence Checks. Continuous Sessions System Access. Open And Closed Systems. Recent Inspection Findings. Expected Good Practice. Validation. Backups & Archive. Training. Security. Business Continuity Plans. Recent Inspection Findings. Implications For New Systems. Hazard Study. Common Practical Issues. Implications For Existing Systems. Regulatory Expectations. Management Approach. Master Plans. Recent Inspection Findings. Example Electronic Records. Example Electronic Signatures. Procedural And Technological Controls For 21 CFR Part 11. 15: Risk Management. Project Initiation & Compliance Determination. Compliance Determination. Requirements Capture & Supplier (Vendor) Selection. User Requirements Specification. Supplier Assessment. Design & Development. Design Specification (Inc. Functional Specification). Design Review. Coding, Configuration & Build. Programming Standards & Source Code Review. Development Testing. Supplier Testing. User Qualification & Authorisation To Use. Data Loading. Installation Qualification. Operational Qualification. Performance Qualification. System Release. Operation & Maintenance. Software Support. Service Level Agreements. Phase-Out & Replacement. Archiving. Data Migration. Decommissioning. 16: Outsourcing. Regulatory Requirements. Planning & Supervision. Organisational Capability. Dis-entanglement. Ongoing Oversight. Handling Legacy Systems. Setting Priorities. Hazard Control. Interim Measures. Validation Activities. Recent Inspection Findings. 18: Regulatory Inspections. Inspection Authority. Inspection Practice. Approach To Organisational Capability. Approach to Individual Computer Systems. Mutual Recognition Agreements. Inspection Process. Receiving an Inspection Request. Preparing for an Inspection. Hospitality. Arrival of the Inspector(s). Conducting the Inspection. Daily Wash-Up with Inspector. After the Inspection. Inspection Findings. Poor Excuses. ISO 9000 and Validation. Ensuring A State Of Inspection Readiness. Inventory of Systems. System/Project Overviews. Validation Plans/Reports and Reviews. Documentation. Presentations. Internal Audit Program. Mock Inspections. Trained Personnel. Knowledge Management. Providing Electronic Information During An Inspection. Provision of Electronic Documents and Reports. Provision of Electronic Copies of Desktop Applications. Provision of Electronic Records. Direct Access to Electronic Information by Regulators. Use of Computer Systems by Regulators. Copies of Electronic Information. Inspection Analysis. Pre-Inspection Questionnaire. GLP Inspection Checklist. GMP Inspection Checklist. Electronic Record/Signature Inspection Checklist. Recent FDA Warning Letters. 19. Capabilities & Performance. Capability Management. Capability Appraisal. Capability Characteristics. Capability Assessment Outcomes. Supplier Capability Assessments. Project Metrics. Design & Development Metrics. Testing Metrics. Understanding Contributory Factors. Operation & Maintenance Maxims. Dependable Operation. Change Management. Process Improvement. Lean. Six Sigma. Capability Questionnaire. Six Sigma Tool Kit. 20: Concluding Remarks. The Business Case for Validation. Industry Consensus. Golden Rules Remain Unchanged. Risk Management. Key Role Of Suppliers. Organisational Change. The Final Analysis.


    Guy Wingate