Computer Validation from the Business Management Perspective
Proposals that include new automation or substantial computerized applications in GXP areas without including a specific schedule, cost, and personnel estimate for validation should not be approved until those factors are added for consideration. If the figure for validation is less than 40-50% of the purchase price of the computer hardware and software, it should be questioned closely. (34)
One of my pet peeves is computer validation getting a bad rap for delayed implementations and budget overruns when it is usually the last item considered, seldom budgeted with appropriate people and time resources, and often not invoked until the last few weeks of the system project. As Go-Live approaches, suddenly someone remembers, “oh yeah this system needs to be validated” and decides to call in QA and QC. This is the usual recipe for validation disasters.
Validation for a GXP computer system should begin on “Day Zero”, the day that management decides to have such a system. For GXP systems computer validation is a non-negotiable business requirement. The manager who “owns” the regulated business process using the GXP system will be held responsible by authorities for its reliable performance in regulated tasks and for the integrity of its processing of regulated data from those work tasks. All data submitted to or inspected by authorities to prove the safety, efficacy, and other quality attributes of regulated product for market approval or production purposes must be handled by validated systems when in electronic form.
The process manager is responsible for having the GXP status of the proposed system identified so that relevant laws and guidance can be considered in the User Requirements Specification (URS). No one knows the work process better than the end users, and it is the process manager’s role to identify a User Team to examine the work tasks and identify where, when, and how the system will be used to control the regulated process and/or handle data from the process. Writing the URS is NOT an IT role and it should not have an IT technology focus. The focus for the URS is a close view of work process needs for automated control and electronic data handling.
In parallel with developing the user requirements, the process owner should sponsor the writing of a Validation Plan (VP) to identify the tasks, timeline, and resources needed for computer validation. Since every item in the URS must be documented and tested during validation, it takes both a URS and a Validation Plan to properly scope, budget, and project manage the implementation of a GXP system. There have been some sad examples in industry where elaborate computerized facilities have been constructed and then were unable to be used due to the lack of adequate planning for computer validation and consequent failure of inspection by authorities. Don’t let this happen to you.
Next Month: Computer Validation from the Regulatory Perspective
Today computers are everywhere in our lives and we are well aware that mistakes and disruptions do occur with computer systems and their databases. (2)… All computer system regulations and guidance have four themes in common. These four themes form the essential components of computer validation policy and practices for any regulated environment. (12)
Dr. Teri Stokes has been an Author, Consultant, and Industry Speaker on the topic of computer systems validation for more than 20 years. Her practice includes FDA-regulated industries and their software systems suppliers in Europe, North America, and Asia.