PVT 6004 – Computer System Validation

Session-1 Software Categories, Life Cycle Phases and Operational Activities (8 topics)

  • 1.1 Drivers for GAMP® 5
    In this lesson, we learn about the primary drivers behind the issuing of the GAMP®5 guidance document and its focus.
  • 1.2 Life Cycle Phases of Computerized Systems
    In this lesson, we explore the lifecycle of a computerized system from its early specification to its retirement and upgrade.
  • 1.3 Computerized Systems in Regulated GxP Environments
    The objective of this lesson is to be able to describe a computerized system to a regulatory inspector to demonstrate the system is in control and fit for use.
  • 1.4 GAMP ®5 Software Categories
    In this lesson, we look at ways to categorize computerized system from infrastructural and off-the-shelf software to configurable and bespoke applications.
  • 1.5 Operational Activities
    In this lesson, we take a look at how to maintain a critical computerized system in a state of operational control using standard procedures.
  • 1.6 Handover
    This lesson looks at ways to ensure that the environment into which the computerized system is to be received is prepared, to make sure that the system can be used and supported in a controlled manner.
  • 1.7 Product and Process Understanding
    This lesson makes recommendations about the application of subject matter expertise when supporting lifecycle activities for a computerized system amongst the end-user and the supplier.
  • 1.8 End-User Activities
    This lesson explains the responsibilities of the end-user when it comes to supporting the lifecycle activities for a computerized system.

Session-2 Record Anatomy and Data Flow Analysis – (6 topics)

  • 2.1 Record Anatomy
    In this lesson, we will describe the structure of a record in terms of the arrangement of data elements, and we will also discuss the ‘electronic record lifecycle.
  • 2.2 Records and Signatures required by 21 CFR Part 211 – no video
  • 2.3 PLC Controlled Packaging Equipment – no video
  • 2.4 SupervisoryControlandDataAcquisition(SCADA)–no video
  • 2.5 DataFlowAnalysis
    In this lesson, we look at data flow analysis across systems to reveal where integrity could be compromised as the record lives in various computing environments associated with its creation, use and retention.
  • 2.6 Example Records and Signatures Required by ICH Q7 – no video

Session-3 Science Based Quality Risk Management, Validation Planning and Categorization of Laboratory Computerized Systems (7 topics)

  • 3.1 Supplier Activities
    This lesson explains the responsibilities of the supplier when it comes to supporting the lifecycle activities for a computerized system.
  • 3.2 Validation Planning
    In this lesson, we look at corporate and site level policy documents that define a regulated company’s overall approach to computerized system quality and compliance.
  • 3.3 Science-Based Quality Risk Management
    In this lesson, we look at suggestions about where to apply risk management throughout the lifecycle of a computerized system and how to manage the process for various categories of systems.
  • 3.4 Risk Management Considerations – Generic Hazards
    In this lesson, we look at an approach to conducting risk assessments on computerized systems based on their impact on product quality, patient safety and data integrity. We also list generic hazards for a computerized system associated with physical/environmental conditions, hardware and software, and human-related.
  • 3.5 Requirements Traceability Matrix (RTM)
    In this lesson, we introduce the Requirements Traceability Matrix (RTM); an important project document for tracing all user requirements to design specifications and appropriate verification tests.
  • 3.6 Efficiency Improvements (Continuous Improvements)
    In this lesson, we look at suggestions on ways to improve efficiencies throughout the lifecycle of a computerized system.
  • 3.7 Categorization of Laboratory Computerized Systems
    This lesson explains the GAMP® system for categorizing Laboratory Computerized Systems.

Session-4 Specification & Verification, Scalable Validation Deliverables and Configuration
( 9 topics)

  • 4.1 HPLC Systems – No video
  • 4.2 Chromatography Data Systems (CDS) – No video
  • 4.3 GxP Records and Signatures Required by 11 CFR Part 820 – No video
  • 4.4 Prerequisites for GERM
  • 4.5 Laboratory Information Management System (LIMS) – No video
  • 4.6 Identify Regulated Records and Signatures
    In this lesson, we describe why only those records required to meet GxP regulations, or submitted to regulators, should be identified as regulated electronic records.
  • 4.7 Electronic Production Records (EPR) – No video
  • 4.8 Impact Assessment of Electronic Records
    This lesson classifies regulated electronic records as High, Medium, or Low based on an assessment of the potential impact of the record on patient safety or product quality.
  • 4.9 Spreadsheets – No video

Session-5 Identify Regulated Records and Signatures and the Impact Assessment of Electronic Records (12 topics)

  • 5.1 Organizational Change – Impact During Project Lifecycle
    This lesson looks at various ways to manage projects during episodes of major organizational changes.
  • 5.2 Outsourced IS/IT Environment
    Here we look at the contract considerations when we choose to outsource control of our IS/IT systems to a third-party vendor.
  • 5.3 I T Compliance – Key Concepts, and Infrastructure Elements
    In this lesson, we look at ways to standardize our IT Infrastructure Elements to facilitate and somewhat ‘modularize’ our compliance strategy.
  • 5.4 Development versus Implementation Life Cycle
    In this lesson, we describe how to implement various computerized systems based on their software category; where from a user’s perspective the lower categories require less vendor input and where the higher categories require more.
  • 5.5 Specification, Design and Verification
    In this lesson, we review the ASTM International standard E 2500 – 07 ‘Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment’.
  • 5.6 Testing Documentation Structure & Verification Terminology
    In this lesson, we look at good practices regarding the organization of testing documentation on a project and we also examine legacy and modern terms for testing documentation used in the medicinal products’ industries.
  • 5.7 Scalable Validation Deliverables
    This lesson recommends a range of scaleable validation deliverables over the range of software categories where we see increasing intricacy with increasing category designation.
  • 5.8 Patch and Update Management
    In this lesson, we consider suitable management strategies for the implementation of software patches and upgrades to an existing computerized system operating in a regulated environment.
  • 5.9 Operational Change and Configuration Management
    This lesson describes how to manage the configuration of a computerized system in a regulated environment during the operation and maintenance phase and keep it current and relevant where we’re in a period of continuous change and upgrading.
  • 5.10 Repair Activity
    In this lesson, we discuss a process by which non-functional systems are returned to a functional state under the control of a repair activity procedure.
  • 5.11 Periodic Review
    In this lesson we’re going to look at a method to ensure a computerized system remains compliant with regulatory requirements throughout its operational life, remains fit for intended use, and continually satisfies company policies and procedures.
  • 5.12 Backup and Restore
    In this lesson, we describe a mechanism to protect electronic information assets against loss of original data and subsequent accurate restoration of assets when required.

Session-6 Good Electronic Records Management Transactions and Audit Trails (5 topics)

  • 6.1 Good Electronic Records Management Transactions
    In this lesson, we look at current good practices associated with good electronic records management including transactions, audit trails, sequence checks, electronic signatures, and continuous session system access.
  • 6.2 Audit Trails
    In this lesson, we explore how the application of audit trails improve information quality and reduce information loss from activities such as overwriting of data attributes.
  • 6.3 AutoCAD Used for Managing Pack Drawings
  • 6.4 Building Management Systems (BMS) – No video
  • 6.5 21 CFR Part 211 – Subparts D and J
    In this lesson we look at the FDA’s predicate GMP rule 21 CFR Part 211 specifically Subparts D and J. Subpart D relates to ‘Equipment’ and how subpart J relates to ‘Records and Reports’.
  • 6.6 FDA 21 CFR Part 11 – ‘Electronic Records; Electronic Signatures (ERES)’ – No video

Session-7 Electronic Data Archiving, Business Continuity Management and Systems Back-up, Archival & Disaster Recovery (7 topics)

  • 7.1 Electronic Data Archiving
    In this lesson, we describe a suitable data archiving strategy for moving data that is no longer actively used in the active environment where it was created to a separate data storage area for long-term retention.
  • 7.2 Typical Tasks Supporting Validation
    Here we look at recommendations from the FDA regarding tasks that may support the validation of a computerized system in a regulated environment.
  • 7.3 Security Management
    In this lesson, we define the controls required for securing a computerized system in an operational environment.
  • 7.4 Business Continuity Management
    In this lesson, we discuss how to regain access to an IT system and its data following a disaster, and how to restore critical business processes following a disruption while continuing to provide products or services.
  • 7.5 Relationship Between System Backup, Archival, and Disaster Recovery
    In this lesson we look at the inter-relationship amongst the accurate and reproducible backing up of digital assets (data and software), the archiving of closed business transactions and master data relocation to an external system, and the regaining of access to an IT system (including software, hardware and data) following a disaster.
  • 7.6 System Retirement, Decommissioning and Disposal
    This lesson describes appropriate controls that need to be in place when removing a computerized system from day to day use through obsolescence or replacement.
  • 7.7 Copies of Records
    This lesson considers methods on how to preserve the content and meaning of an electronic record when making a copy.

Session-8 Controls to Maintain Electronic Records Integrity and Risk Controls for Electronic Signatures (9 topics)

  • 8.1 Complying with 21 CFR Part 11 ERES – Types of Controls Required – No video
  • 8.2 ERES – Key Areas for Guidance – Where to Apply Electronic Signatures
    This video explores examples of where to apply electronic signatures required by predicate rules and required by internal procedures.
  • 8.3 Batch Record Systems – No video
  • 8.4 Enterprise Resource Planning (ERP) Systems – No video
  • 8.5 Controls to Maintain Electronic Record Integrity
    In this lesson, we examine controls to maintain electronic record integrity when creating and
    storing records, transmitting records, and archiving records, and also controls for signature certification/ authentication and signature link integrity.
  • 8.6 Risk Controls for Electronic Records – No video
  • 8.7 Risk Controls for Electronic Signatures
    In this lesson, we look at risk controls for electronic signatures in terms of instruction for the information associated with a signed electronic record, e-signatures security certificates, and signature controls.
  • 8.8 User ERES Responsibilities
    In this lesson, we look at the end-user’s responsibilities associated with electronic records and electronic signatures.
  • 8.9 Supplier ERES Responsibilities
    In this lesson, we look at the supplier’s/vendor’s responsibilities associated with electronic records and electronic signatures.