This Computer Qualification Annex 11,
document applies to all forms of computerization used in connection
with regulated activities, including process control, documentation
control and data-processing systems. Computer Qualification Annex 11
also covers development, selection, validation and use of systems. For
documentation, the requirements of GMP Chapter 4 shall also be
The introduction of computer systems into systems of manufacturing, (including
storage, distribution, quality control) and other regulated GMP activities, does not alter
the need to observe the relevant principles in Computer Qualification Annex 11 given elsewhere in the Guide.
Where a computer system replaces a manual operation, there should be no
resultant decrease in product quality, process control or quality
assurance. There should be no increase in the overall risk of product
The validation of computer systems should enable both the manufacturing authorization holder, and competent authority, to have a high level of confidence in the integrity of both the processes executed within the controlling computer system(s) and in those processes controlled by and/or linked to the computer system(s).
For proprietary systems, where the supplier will have completed the development life-cycle independently then, depending on the nature of the intended application, the manufacturing authorization holder/ purchaser may need to assess the development/ validation evidence for the product at the supplier. (See also clauses 1, 2 and 6 below.)(Computer Validation)
Decisions on the extent of validation and data integrity controls should be based on a justified and documented risk assessment of the computerized system in respect to its impact on product quality and safety as well as data security and integrity as detailed in Computer Qualification Annex 11. (9).
2.1 It is essential that there is the closest co-operation between key personnel, such as users, system administrators, quality assurance and technical staff (both in-house and outsourced) involved with the development, validation, management and use of computer systems. Persons performing such roles should have appropriate and documented qualifications, training, technical expertise, responsibilities and experience to carry out their assigned duties. Computer Validation templates. (27).
3.1 The manufacturing authorization holder's quality management system will need to include policies and plans for the computer validation of systems, together with up to date listings of systems and their GxP functionality. The validation status of each system should be clear from the Validation Schedule. The extent of validation necessary will depend on the type and complexity of the computerized systems and the manufacturing authorization holder's documented risk assessments. Computer Qualification Annex 11.(19)
3.2 For the validation of bespoke or significantly customized computerized systems there should be a process in place that assures the formal assessment and reporting of quality and performance measures for all the life-cycle stages of software and system development, its implementation, qualification and acceptance, operation, modification, re-qualification, maintenance, on-going support and retirement. (With regards to customized systems, the above described controls are required for customization aspects and their impacts on the whole system)(Computer Validation). Computer Qualification Annex 11. (18)
3.3 The computer validation documentation should cover all the relevant steps of the specific project life cycle with appropriate methods for measurement and reporting, (e.g. assessment reports and details of quality and test measures), as required. User requirements should be traceable throughout the validation process/ life cycle. Manufacturing authorization holders should be able to justify and defend their standards, protocols, acceptance criteria, procedures and records in the light of their own documented risk and complexity assessments, aimed at ensuring fitness for purpose and regulatory compliance. Computer Qualification Annex 11. (30).
3.4 Computer validation documentation should include change control and error log records generated during the validation process.
3.5 With regard to the testing phase of the validation process:
3.6 In fitting with best practices for risk assessment and change management, the manufacturing authorization holder should carry out periodic reviews of computerised systems to determine whether incremental change, system performance issues, or regulatory developments prompt further work to reconfirm computer validation or data integrity. Such reviews should include the current range of functionality, error logs, upgrade history, performance, reliability, security and validation status reports. Computer Validation 20.
3.7 Validation of database based/inclusive systems should include the following:
3.8 Spreadsheets should be suitably checked for accuracy and reliability and stored in a manner which ensures the appropriate version control. The calculations should be secured in such a way that formulations are not intentionally or accidentally overwritten. The calculations should be executed with precision displayed on the screen or in reports. Formulations should also be protected from accidental input of in appropriate data type (e.g. text in a numeric field and or a decimal format into integer field). Computer Qualification Annex 11.
4.1 An inventory, or listing, of all computerized systems is essential. The inventory should mention the site and purpose of the computerized system. This list should indicate the risk assessed category of each system. Systems that have an influence on regulated activities need to be identified... Manufacturing authorization holders will need to maintain records detailing the physical and logical arrangements and the infrastructure for controlled, secure environments, together with up to date written detailed descriptions of each system, data flows and interactions with other systems or processes. These should be treated as controlled documents. Computer Qualification Annex 11. (31).
4.2 Current specifications should be available (including diagrams as appropriate). They should describe the required functions of the system, any modularity and their relationships, its interfaces and external connections, system boundaries, main inputs and outputs, main data types stored, handled or processed, any hardware and software prerequisites, and security measures. Attention should be paid to the siting of computer hardware in suitable conditions where extraneous factors cannot interfere with the system operation. Computer Qualification Annex 11. (9)
5.1 The software is a critical component of a computerized system. The user of such software should take all reasonable steps, to ensure that it has been produced in accordance with an appropriate system of Quality Assurance. The supplier of software should be qualified appropriately; this may include assessment and/ or audit.
5.2 Computerized systems should be designed and developed in accordance with an appropriate quality management system. Documentation supplied with Commercial Off-The-Shelf products should be reviewed by manufacturing authorization holders to check that user requirements are fulfilled. Computer Qualification Annex 11. (33).
5.3 Quality system and audit information relating to suppliers or developers of software and systems implemented by the manufacturing authorization holder should be made available to inspectors on request, as supporting material intended to demonstrate the quality of the development processes. Computer Qualification Annex 11. (21).
co 6.1 The system should include, where appropriate, built-in checks for the correct, secure entry and processing of data, including data transcribed manually from other media, or systems e.g. laboratory notebooks, or reports from other systems or instruments, that are not directly interfaced with the computerized system. Data and document management control systems should be designed to ensure the integrity of data and irrefutable recording of the identity of operators (i.e. shared passwords are disallowed) entering or confirming data as well as the routing and source of data captured or received automatically. Critical systems should be designed and protected to ensure that data and files cannot be changed without appropriate authorizations and with immutable electronic logs recording changes made even at the highest level of access, such as System Administrator. Computer Qualification Annex 11.(23).o:p>
7.1 Before a new, replacement or upgraded computerized system is brought into use, it should have been thoroughly specified, documented, validated, tested and approved as per the foregoing sections of this EU Annex. User staff should also have received documented effective training in the use of such systems (EU Annex 15 also provides some advice on user acceptance testing). When manual or pre-existing computerized systems are being replaced, it may be appropriate to undertake comparative 'parallel', or 'in-series' testing. Computer Qualification Annex 11.
8.1 Physical and/or logical controls should be in place to restrict access to computerized systems to authorized persons. Suitable methods of preventing unauthorized entry to the system may include the use of keys, pass cards, personal codes with passwords, biometrics, restricted access to computer equipment and data storage areas.
8.2 Access to applications, folders, files and data should be controlled via the permissions detailed within the manufacturing authorization holder's Information Security Management System (ISMS) (See Chapter 4 in the GMP Guide and also current PI011 from PIC/S).
8.3 Suitable methods, commensurate to the criticality of data, should be in place to deter and record unauthorized entry and/or or modifications of data. These methods may include time limiting logging, encryption, and re-entry of unique identifier for critical data.
8.4 Within the ISMS there should be a defined procedure, that would enable tracking and where possible audit trailing for the issue/alteration, and cancellation of authorization to system/application/data access. Computer Validation 24.
8.5 Mechanisms for the detection of attempts of unauthorized access, to the system, files and data should be considered based on a risk assessment so that appropriate action may be taken.
9.1 For critical data entered manually or transferred from another system (for example the weight and batch number of an ingredient during dispensing, or the keying in of laboratory data), there should be an additional check on the accuracy of the record which is made prior to further processing of these data. This check may be done by a second operator or by computer validation of electronic means. The criticality and the potential consequences of erroneous or incorrectly entered data to a system should be evaluated in a risk assessment and as part of validation. (See also sections 7 to 9 above).
9.2 If a computerized system controls a critical process (where criticality determination is based on the risk assessment, as documented by a manufacturing authorization holder), an independent secondary check of critical parameters of such a process should be in place. Computer Qualification Annex 11. (25).
10.1 The system should enable the recording of the unique identity of operators entering or confirming critical data. Any entry or alteration of critical data should be authorized and recorded with the reason for the change. The aim is to know at any given time point what the information was.) Audit trails need to be available and convertible to human readable form. Computer Validation 13. CSV Annex 11.
11.1 Electronic records may be signed electronically or by applying a hand-written signature to a printed copy of the record. This is only acceptable if all relevant meta- data is included in the printout. Electronic signatures and identification by biometric means are expected to:
11.2 Country specific national legislation may apply to the requirements and controls for electronic records and linked electronic signatures, or identities. Printed copies of electronically compiled and electronically signed documents should be traceable via printed links to the original electronic transaction. Computer Qualification Annex 11.(20).
12.1 Alterations to any component of a computerized system should only be made in accordance with a defined procedure within the manufacturing authorisation holder's Change and Risk Management policies/procedures. These should include provision for the evaluation of the impact of the change on product quality and data and system integrity, scoping any necessary computer validation work, reporting, reviewing approving and implementing the change. Computer Validation 14.
13.1 Printouts of records must indicate if any of the data has been changed since the original entry. For complex systems it may also be necessary for inspectors to be able to access and study electronic systems records on-line (e.g. databases, chromatography, process control, etc.) Computer Qualification Annex 11. (17).
14.1 Data should be secured by both physical and electronic means against wilful or accidental damage, in accordance with item '4.9' of the Guide and the manufacturing authorization holder's information security management requirements. The storage media used should have been subjected to evaluation for quality, reliability and durability by or on behalf of the manufacturing authorization holder. Stored data should be checked for accessibility, durability, readability and accuracy. The mechanism of checking should not present a risk to the current data on the system. If changes are proposed to the computer equipment or its programs, the above mentioned checks should be performed at a frequency appropriate to the storage medium being used. Access to data must be ensured throughout the retention period. Computer Qualification Annex 11. (31).
Migration; Archiving; Retrieval 15.1 Regular backups of all relevant data should be one. Back-up data should be stored at a separate and secure location. Integrity and accuracy of back-up data should be checked during or on completion of the back-up process.
15.2 If the system does not have a capacity to retain records for the period specified in chapter 4, then the data must be suitably archived. The archived data should be secured by physical and/or electronic means against wilful and/or accidental damage. This data should be checked for accessibility, durability, readability and integrity. If changes are made to the computer equipment or its programs, then the ability to restore the data should be checked. Computer Qualification Annex 11.(18).
15.3 Backup, archiving, retrieval and restoration (recovery) practices need to be defined, tested and established in accordance with the manufacturing authorization holder's QMS, ISMS and risk management requirements. Computer Qualification Annex 11. (16).
16.1 For the availability of computerized systems supporting critical regulatory or lifesaving processes, provisions should be made to ensure continuity of support for those processes in the event of a system breakdown (e.g. a manual or alternative system). The time required to bring the alternative arrangements into use should be minimal and appropriate for a particular system. These arrangements should be adequately documented and tested. CSV Annex 11.
17.1 System failures and data errors should be tracked, recorded, analyzed and corrective actions should be implemented as appropriate. Any procedures to be followed if the system fails or breaks down should be defined and verified. Computer Qualification Annex 11. (15).
18.1 When outside agencies, suppliers, or other parties are used to provide, install, configure, integrate, validate, maintain or modify a computerized system or related service or for data processing, there should be a formal agreement including a clear statement of the responsibilities of that outside body.
18.2 As the holder of the Manufacturing Authorization must ensure that the medicinal product(s) is fit for its intended use, the competence and reliability of a supplier are key factors when selecting a product or service provider. The need for a supporting audit should be based on a risk assessment (in respect to the system's impact on product quality and safety, as well as data security and integrity) to determine whether the computerized system has been designed and developed, and is maintained, in accordance with an appropriate quality management system. Ongoing technical support from suppliers should be documented in a written contract. Computer Qualification Annex 11. (17).
19.1 When the release of batches for sale or supply is carried out using a computerized system, the system should allow for only a Qualified Person to certify the release of the batches and it should clearly identify and record the person releasing the batches. Any certification produced by computerized systems should be clearly cross-linked to the identity of the certifying person. Names should be clearly stated and transactions traceable for verification or audit purposes from both the electronic records and paper printouts- to time, date, context and identities (human or electronic source) for all GMP related transactions. Computer Qualification Annex 11. (11).
Further guidance on security considerations and risk management in regulated applications will be found in PIC/S publication PI011-1 (August 2003) 'Good practices for computerized systems in 'GxP' regulated environments' and in ISO 17799 'A code of practice for information security management'. Industry best practice publications are available from ISPE (International Society of Pharmaceutical Engineers), PDA (Parental Drug Association),and other sources. PIC/S guidance on the validation of these systems and other matters will be found in PI011-1 'Good Practices for Computerised Systems in Regulated 'GxP' Environments' In the context or electronic records the term 'written' means 'recorded, or documented on media, paper, electronic or other substrate'.