Pharmaceutical and Medical Devices Manufacturing Computer Systems Validation
eBook - ePub

Pharmaceutical and Medical Devices Manufacturing Computer Systems Validation

  1. 326 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Pharmaceutical and Medical Devices Manufacturing Computer Systems Validation

Book details
Book preview
Table of contents
Citations

About This Book

Validation of computer systems is the process that assures the formal assessment and report of quality and performance measures for all the life-cycle stages of software and system development, its implementation, qualification and acceptance, operation, modification, requalification, maintenance and retirement (PICS CSV PI 011-3). It is a process that demonstrates the compliance of computer systems functional and non-functional requirements, data integrity, regulated company procedures and safety requirements, industry standards, and applicable regulatory authority's requirements. Compliance is a state of being in adherence to application-related standards or conventions or regulations in laws and similar prescriptions.

This book, which is relevant to the pharmaceutical and medical devices regulated operations, provides practical information to assist in the computer validation to production systems, while highlighting and efficiently integrating worldwide regulation into the subject. A practical approach is presented to increase efficiency and to ensure that the validation of computer systems is correctly achieved.

Frequently asked questions

Simply head over to the account section in settings and click on ā€œCancel Subscriptionā€ - itā€™s as simple as that. After you cancel, your membership will stay active for the remainder of the time youā€™ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoā€™s features. The only differences are the price and subscription period: With the annual plan youā€™ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Pharmaceutical and Medical Devices Manufacturing Computer Systems Validation by Orlando Lopez in PDF and/or ePUB format, as well as other popular books in Business & Operations. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Productivity Press
Year
2018
ISBN
9781351704342
Edition
1
Topic
Business
Subtopic
Operations
Index
Business
Chapter 1
Introduction
Regulatory authorities acknowledge the use of computer systems* performing operations covered by the medicinesā€™ manufacturing practices regulation, and the applicable controls that must be in place to ensure that such computer systems are trustworthy. The essentials of complying with these regulations are outlined in Chapter 14.
To demonstrate that a computer system is trustworthy, the Development Period needs to follow a documented system life cycle (SLC) (Chapters 6 and 7) and, during the operational life period the system needs to be subjected to the Current Good Manufacturing Practice (CGMP) controls associated with the Operational Life (Chapter 12).
This book complements the basic features referenced above. A computer system performing operations covered by the medicinesā€™ manufacturing practices regulation and the applicable controls must be developed following software engineering and operational current practices. The output of these two key processes will provide a trustworthy system.
Chapter 2 contains a high-level description of the validation process applicable to computer systems to achieve and maintain proper performance, correct operation, system integrity and product quality by computer systems in a manufacturing environment.
The key required expectation of regulatory authorities and competent authorities covering medicine manufacturing practices are discussed in Chapter 3. This chapter considers expectations by regulatory authorities from the US, Australia, Brazil, Canada, China, United Kingdom, and Japan. In addition, it covers expectations by worldwide healthcare-related entities such as the Pharmaceutical Inspection Cooperation/Scheme (PIC/S), the World Health Organization (WHO) and the International Conference on Harmonization (ICH).
Chapters 4 and 5 cover common factors and e-compliance practices followed in computer systems validation (CSV). In case of new technologies, these common practices can be used during implementation and operation.
A typical SLC is described in Chapter 6. The SLC comprises the framework and activities to develop a system and operate a computer system.
Chapter 7 discusses the SLC documentation and its relationship with CSV and e-compliance.
The management of requirements is discussed in Chapter 8. This is an important element in the CSV. The success or failure of a project is based on the correct definition and the attributes of requirements. Key issues in the implementation and maintenance of the requirements are discussed as well.
The concept of risk based validation was introduced in the regulated industry back in the early 2000s. The extent of the software validation effort should be commensurate with the associated risk. This practice is introduced in Chapter 9.
For complex systems, the validation plan should be developed after establishing the validation approach. The approach should be based on a risk assessment. validation plans are discussed in Chapter 10.
The integration of project management, SLC and production CSV processes managing the validation of a computer system is discussed in Chapter 11. The focus is on production systems.
After the deployment of computer systems, the validation activities are not over. Chapter 12 gives details of the procedural control during the Operational Life.
Since I wrote the first revision of this book in 2004, one big shift in the information technology (IT) sector is the use of service providers (including Software as a Service [SaaS], Infrastructure as a Service [IaaS] and/or Platform as a Service [PaaS]) by regulated entities. This shift reduces the regulated entity IT budget. The IT Department should be considered a service provider. Suppliers and service providers are discussed in Chapter 13. A key instrument to establish the roles and responsibilities of the suppliers and service providers is the service level agreement (SLA). This tool is discussed in Chapter 22.
A key chapter in this book is Chapter 14, Trustworthy Computer Systems. Trustworthy computer systems consist of computer infrastructure, applications, and procedures that:
ā–  Are reasonably suited to performing their intended functions
ā–  ā–  Provide a reasonably reliable level of availability, reliability and correct operation
ā–  ā–  Are reasonably secure from intrusion and misuse
ā–  Adhere to generally accepted security principles
The above key items are summarized in the quality-related attributes at the end of the development and during the operational processes of computer systems.
In computer systems, electronic recordsā€™ integrity is a critical element of an organizationā€™s quality program, and recently oversights have been brought to the forefront by regulatory agencies citing violations and inadequacies in findings from inspections, audits, and warning letters. Based on ISO/IEC 17025, the integrity requirements for electronic records are reviewed in Chapter 15. In addition, Chapter 16 compliments Chapter 15 by providing cryptographic-based technologies supporting the integrity of electronic records.
CGMP applications in the manufacturing operating environment must run in qualified infrastructure. The infrastructure is basically a transport means that is used to move information from one location to another. This information may establish the quality of a product. Chapter 17 provides the concepts for the qualification of infrastructure.
As a result of not following good configuration management practices, new expectations from the regulatory agency/competent authority, outdated technologies, and so on, computer systems fall out of CGMP compliance. For reasons explained before, systems need from time to time be remediated. Chapter 18 is dedicated to remediation related activities.
Chapter 19 suggests an organization structure supporting CSV programs.
Chapter 20 recommends an approach to the correlation between the system life cycle (SLC) and e-records life cycle using the EU Annex 11 SLC.
One of the most important services in e-records integrity and e-signatures ā€“ digital date and time stamps ā€“ is described in Chapter 21.
Access Management, Big Data, Clouds Environments, Internet of Things (IoT), SLAs, and Wireless are areas in e-compliance that are, at present, under regulated user and regulatory agencies attention. Chapter 22 reviews these technologies and critical processes.
Based on the earlier revision of the ISO 12207 (1995), Chapter 23 guides the reader on how to put together all the elements discussed in this book.
As stated in the first edition of this book (2004), quality is built into a computer system during its conceptualization, development, and operational life periods. The validation of computer systems cannot be tested into the system. The validation of computer systems is an ongoing process that it is integrated into the entire SLC. The intention of this book is to provide the key processes to build quality into computer systems performing operations covered by medicine manufacturing practices regulation.
The recommendations of the controls, as described in this book, are purely from the standpoint and opinion of the author, and should serve as a suggestion only. They are not intended to serve as the regulatorsā€™ official implementation process.
Notes
* System: A group of related objects designed to perform or control a set of specified actions.
Chapter 2
What Is a Computer Systems Validation (CSV)?
In the context of the regulated users* and Regulatory Authorities, computer systems used in the manufacturing of regulated products should be developed and operated to assure proper performance, correct operation, system integrity, and product quality.
Computer systems provide an effective method to perform routine and repetitive tasks. Although generally more reliable than manual equivalents, such systems demand adequate controls for equipment setup and programming/configuration.
All regulatory authorities call for manufacturersā€  to implement quality systems to ensure the correctness and appropriateness of the computer systems functionality based on the intended use, changes, interfaces, data inputs/outputs, and data processing, as applicable. This ā€œensures accurate results and reduces the risk of failure of the system.ā€ā€” The validation process is ensured by following ā€œappropriate development methodology using a quality system approach.ā€Ā¶
Specifically to ensure accurate functionality and the protection of e-records, certain controls must be in place* :
ā–  Access to the system by authorized personnel only
ā–  Use of passwords
ā–  Creation of backup copies
ā–  Independent checking of critical e-records
ā–  Safe storage of e-records for the required time
ā–  The systematic use of an accurate, secure, audit trail (where appropriate)
The controls referenced above are specified, implemented, tested, and maintained during the SLC.
The SLC is based upon good engineering practices that have been in existence for many years. In addition, it is expected that documented evidence will be produced and maintained during the SLC.
The deliverables that are natural byproducts of the SLC are very closely aligned with the ā€œdocumented evidenceā€ that is required in the CSV to ensure a high degree of assurance that the computer system will consistently meet its predetermined specifications and quality attributesā€  .
CORE PRINCIPLE
The computer systems validation process incorporates ā€œplanning, verification, testing, traceability, configuration management, and many other aspects of good software engineering that together help to support a final conclusion that software is validated.ā€
ā€“ PIC/S CSV PI 011-3,
September 2007
PI 011-3ā€” defines CSV as the
ā€œformal assessment and reporting of quality and performance measu...

Table of contents

  1. Cover
  2. Half-Title
  3. Title
  4. Copyright
  5. Dedication
  6. Contents
  7. Preface
  8. 1 Introduction
  9. 2 What Is a Computer Systems Validation (CSV)?
  10. 3 CGMP Regulatory Requirements for Production Computer Systems
  11. 4 Maxims in CSV
  12. 5 General CSV Principles
  13. 6 System Life Cycle
  14. 7 SLC Documentation
  15. 8 Management of the Computer System Requirements
  16. 9 Risk Based Validation
  17. 10 CSV Plans and Schedules
  18. 11 Project Management, SLC, Production CSV, ITIL
  19. 12 Computer Systems Operational Life
  20. 13 Suppliers and Service Providers
  21. 14 Trustworthy Computer Systems
  22. 15 Control of Data and Records
  23. 16 Technologies Supporting Integrity of E-Records
  24. 17 Infrastructure Qualification Overview
  25. 18 Remediation Projects
  26. 19 Production CSV Program Organization
  27. 20 Integration Between Computer System and E-Records Life Cycles
  28. 21 Digital Date and Time Stamps
  29. 22 New Technologies and Critical Processes
  30. 23 All Together
  31. Appendix I: Glossary of Terms
  32. Appendix II: Abbreviations and/or Acronyms
  33. Appendix III: Regulatory Cross Match
  34. Appendix IV: Additional Readings
  35. Appendix V: Reference Papers on E-Records Integrity
  36. Appendix VI: Case Study ā€“ Cloudā€‘Based SCADA
  37. Index