COMPUTER VALIDATION (CSV).

Validation Online's GMP compliant computer validation (CSV) documentation and protocols start with our unique three level User Requirements Specification document (URS). Since most documents, post the URS, will either fully, or partially, base their contents on the URS, it is essential that this document clearly, concisely and in a manner that is testable, specifies the exact requirements of the end user. It is also essential that these exact testable requirements remain attributable through the development of the Functional Specification (FS) Design Specification (DS) to the actual lines or groups of lines of code that enable them.

SOP for Computer Equipment Validation.
The SOP for Computer Equipment Validation continues to be an extremely popular document. This document leads you through the validation process, from the URS to the final P2Q.

The guide-lines laid out in Good Automated Manufacturing Practices GAMP, GAMP 5, for the computer validation of automated systems including automatic computerized manufacturing equipment, control systems, automated laboratory systems, manufacturing execution systems and computers running laboratory or database systems. The automatic computerized system generally consists of the hardware, software and network components, together with the controlled functions and associated documentation. The recent release of GAMP 5 Procedures   does not really over turn the previous release GAMP 4.  Allthough GAMP 5 is definitely a handy guide, it does try to be all things to all people.

Which at times means certain sections can appear to contradict others.<br>On a recent project when a group was set up to develop a Risk Assessment (RA) document from GAMP 4, after four weeks they were still divided and unable to reconcile the requirements.  It bodes well to always remember that GAMP 5 is a guide from the end users point of view.  The actual legal requirements come&nbsp;from the regulators, and obviously takes precedence. <br>Validation Online's computer validation (CSV) protocols start with the development of a detailed three layer URS and progress through the VMP - IQ - OQ - PQ.  Each of these documents are interactive and simple to use.  Each are preceded with an SOP which guides the user through all phases of protocol generation.
The verification that the end users requirements as detailed in the URS have been fully satisfied, is paramount to the equipment being correctly qualified.  Often this is hard to verify since the traceability from URS functionality to the actual hardware or software utilized is lost in the code generation stage.

However unless the effort is made to maintain this traceability, validation is flawed and future modifications can become problematic.

The Validation Master Plan -  VMP, must be specific about this requirement and instruct all personnel involved in the qualification program, of the importance of maintaining this traceability.

VIEW COMPUTERIZED SYSTEM VALIDATION DOCUMENTS AVAILABLE.

COMPUTER VALIDATION USER REQUIREMENTS.

1. All software system inputs;
2. All software system outputs;
3. All functions that the software system will perform;
4. All performance requirements that the software will meet, (e.g., data throughput,
   reliability, and timing);
5. The definition of all external and user interfaces, as well as any internal software-
   to-system interfaces;
6. How users will interact with the system;
7. What constitutes an error and how errors should be handled;
8. Required response times;
9. The intended operating environment for the software, if this is a design
   constraint (e.g., hardware platform, operating system);
10. All ranges, limits, defaults, and specific values that the software will accept;
11. All safety related requirements, specifications, features, or functions that will be
    implemented in software.

---

CONTENTIOUS POINTS IN VALIDIZATION

REVALIDATION SCHEDULED

As long as the process operates in a state of GMP control and no changes have been made to the process or output product, the process does not have to be revalidated. Whether the process is operating in a state of control is determined by analyzing day-to-day process control data and any finished device testing data for conformance with specifications and for variability.

REVALIDATION on RELOCATION

When equipment is moved to a new location, installation and operation should be requalified. By comparing data from the original installation and operation qualification (IQ and OQ) and the requalification, the manufacturer can determine whether there have been any changes in equipment performance as a result of the move. Changes in equipment performance should be evaluated to determine whether it is necessary to revalidate the process.

 

REVALIDATION JUSTIFICATION

Part 820.75 of the QS regulation requires that validated processes be monitored and controlled so that when changes or process deviations occur, a manufacturer will know to review and evaluate the process and perform revalidation when appropriate.   21 CFR 820.75(c ) requires you to have documented procedures in place for evaluating; when revalidation is required.




PROCUREMENT AND VALIDATION.

Recent research has highlighted that in the pharmaceutical and bio-medical industry, thirty two percent of all equipment procurements are unsatisfactory.  The major problem has been identified as companies not specifying in sufficient detail and or accuracy, what their actual needs are.  The lack of a quality company approved User Requirements Specification (URS), leads to many companies having to resort to otherwise un-necessary and costly retrospective actions in modifying the equipment or producing unspecified documentation or engineering drawings, post procurement.  These extraneous GMP requirements often cost more than the equipment.

---

Any software used to automate any part of the device production process or any part of the quality system must be validated for its intended use, as required by 21 21 CFR §820.70(i). This requirement applies to any software used to automate device design, testing, component acceptance, manufacturing, labelling, packaging, distribution, complaint handling, or to automate any other aspect of the quality system.

 

In addition, computer systems used to create, modify, and maintain electronic records and to manage electronic signatures are also subject to the validation requirements. (See 21 CFR §11.10(a).) Such computer systems must be validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

 

Software for the above applications may be developed in-house or under contract. However, software is frequently purchased off-the-shelf for a particular intended use. All production and/or quality system software, even if purchased off-the-shelf, should have documented requirements that fully define its intended use, and information against which testing results and other evidence can be compared, to show that the software is validated for its intended use.

 

---

GAMP 5 SOFTWARE CATEGORIES.

Gamp Class	Category	Validation Scope
1	Operating Systems	Record Version
2	Measuring Devices (Embedded Software).	Record Configuration & calibration
3	Configurable Packages	Review supplier & validate functionality and any bespoke code.
4	Large Configurable Systems	Audit supplier, validate system functionality and review code IAW full life cycle requirements.
5	Systems Specifically written for Owner.	Audit supplier, validate all code IAW full life-cycle requirements.

---

COMPUTER VALIDATION SCOPE (CSV).



Computer Validation (CSV), must include the under listed tests / inspections, but is not limited to them alone. The inclusion of the 21 CFR Part 11, Applicability is deliberate. This allows the executor of the computer validation (CSV) protocols to clear this requirement by cross referencing the risk assessment reference number and stating Yes or No, to the applicability question. The regulator now does not have to search further, he can see that requirements for 21 CFR Part 11 have been considered and judged.

• Introduction.
• Scope.
• Software Verification.
• Hardware Verification.
• Testing Personnel CV & Details Sheet.
• 21 21 CFR Applicability.
• Backup Software Storage Security.
• Menu Navigation.
• Operating Environment.
• System Security (physical/access to data).
• Power Failure Recovery.
• Test Alarms.
• System Stress Testing / Boundary Test.
• Interface Signals.
• Menu Navigation.
• 21 21 CFR Part 11 Conformance.
• Functionality tests.
There is a degree of flexibility in deciding precisely at what stage in the validation process some of these test and inspections are executed. Where this flexibility exists the choice between the IQ or OQ or PQ, must be rationalized and documented in the validation master plan (VMP) or the validation plan (VP).

---

21 CFR Part 820.70(i)........Automated processes..........When computers or automated computerized data processing systems are used as part of production or the quality system, the manufacturer shall carryout computer validation (CSV) for software in use, for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These computer validation (CSV) activities shall be documented.

---

COMPUTERIZED SYSTEM DESIGN & TESTING

In the diagram below it can readily be seen that the URS, along with the regulatory requirements as detailed in GAMP 5, and the details of computer validation (CSV) requirements as given in the VMP, come together to form a document package consisting of the DQ, IQ, OQ and PQ from which the vendor can develop a fully legal and compliant product.
Computer validation (CSV) activities are grouped in two colours (orange and blue).  The blue colour is the requirement for standard computer validation (CSV).

 

The regulators have decreed that software used in a manner that can affect the quality of the product, without leaving visible evidence, that damaged has occurred, must be deemed as critical to the quality of that product.

 

The regulators have further mandated that all such software be identified as such - and subjected from concept to actual use, to Full Life Cycle Validation (FLCV) requirements.  This additional validation is represent in the diagram in orange.

 

The vendor therefore (be they in, or out, of house), must produce a Quality Plan that ensures the software development will follow a validation evolution similar to that shown in the diagram.  Your actual diagram must be planned and justified for the software system that you are proposing.

 

It is of paramount importance that your decision on software criticality is documented, and that your QP is reviewed and approved by QA, and the client or their  representative, prior to initiation of the design process.  Since these documents all form part of the computer validation (CSV) process, you must expect the regulators to want to review them. 



---

Documentation Requirements for standard Computer Validation.

VMP - VP – FMEA - DQ – VRA – IQ – OQ - PQ

---

Computerized Systems Acronyms - Click to Define.
Manufacturing information systems, MIS / SPC / OEE ....................Laboratory Information Management Systems (LIMS)……….…..Process control and automation (SCADA)….………Machine vision, automated inspection and OCV / OCR solutions. ………….Line Optimisation Systems (LOS)……………Programmable Logic Computer (PLC)…………….Distributive Computer System (DCS)………….

---

CLICK HERE FOR DETAILS OF THE WORLDS FIRST
PROGRAMMABLE DIGITAL COMPUTER.

---

Site Problem Reporting

---

COMPUTER VALIDATION (CSV)

---