PVT 6004 – Computer System Validation
Session-1 Software Categories, Life Cycle Phases and Operational Activities (8 topics)
- 1.1 Drivers for GAMP® 5
In this lesson, we learn about the primary drivers behind the issuing of the GAMP®5 guidance document and its focus.
- 1.2 Life Cycle Phases of Computerized Systems
In this lesson, we explore the lifecycle of a computerized system from its early specification to its retirement and upgrade.
- 1.3 Computerized Systems in Regulated GxP Environments
The objective of this lesson is to be able to describe a computerized system to a regulatory inspector to demonstrate the system is in control and fit for use.
- 1.4 GAMP ®5 Software Categories
In this lesson, we look at ways to categorize computerized system from infrastructural and off-the-shelf software to configurable and bespoke applications.
- 1.5 Operational Activities
In this lesson, we take a look at how to maintain a critical computerized system in a state of operational control using standard procedures.
- 1.6 Handover
This lesson looks at ways to ensure that the environment into which the computerized system is to be received is prepared, to make sure that the system can be used and supported in a controlled manner.
- 1.7 Product and Process Understanding
This lesson makes recommendations about the application of subject matter expertise when supporting lifecycle activities for a computerized system amongst the end-user and the supplier.
- 1.8 End-User Activities
This lesson explains the responsibilities of the end-user when it comes to supporting the lifecycle activities for a computerized system.
Session-2 Record Anatomy and Data Flow Analysis – (6 topics)
- 2.1 Record Anatomy
In this lesson, we will describe the structure of a record in terms of the arrangement of data elements, and we will also discuss the ‘electronic record lifecycle.
- 2.2 Records and Signatures required by 21 CFR Part 211 – no video
- 2.3 PLC Controlled Packaging Equipment – no video
- 2.4 SupervisoryControlandDataAcquisition(SCADA)–no video
- 2.5 DataFlowAnalysis
In this lesson, we look at data flow analysis across systems to reveal where integrity could be compromised as the record lives in various computing environments associated with its creation, use and retention.
- 2.6 Example Records and Signatures Required by ICH Q7 – no video
Session-3 Science Based Quality Risk Management, Validation Planning and Categorization of Laboratory Computerized Systems (7 topics)
- 3.1 Supplier Activities
This lesson explains the responsibilities of the supplier when it comes to supporting the lifecycle activities for a computerized system.
- 3.2 Validation Planning
In this lesson, we look at corporate and site level policy documents that define a regulated company’s overall approach to computerized system quality and compliance.
- 3.3 Science-Based Quality Risk Management
In this lesson, we look at suggestions about where to apply risk management throughout the lifecycle of a computerized system and how to manage the process for various categories of systems.
- 3.4 Risk Management Considerations – Generic Hazards
In this lesson, we look at an approach to conducting risk assessments on computerized systems based on their impact on product quality, patient safety and data integrity. We also list generic hazards for a computerized system associated with physical/environmental conditions, hardware and software, and human-related.
- 3.5 Requirements Traceability Matrix (RTM)
In this lesson, we introduce the Requirements Traceability Matrix (RTM); an important project document for tracing all user requirements to design specifications and appropriate verification tests.
- 3.6 Efficiency Improvements (Continuous Improvements)
In this lesson, we look at suggestions on ways to improve efficiencies throughout the lifecycle of a computerized system.
- 3.7 Categorization of Laboratory Computerized Systems
This lesson explains the GAMP® system for categorizing Laboratory Computerized Systems.
Session-4 Specification & Verification, Scalable Validation Deliverables and Configuration
( 9 topics)
- 4.1 HPLC Systems – No video
- 4.2 Chromatography Data Systems (CDS) – No video
- 4.3 GxP Records and Signatures Required by 11 CFR Part 820 – No video
- 4.4 Prerequisites for GERM
- 4.5 Laboratory Information Management System (LIMS) – No video
- 4.6 Identify Regulated Records and Signatures
In this lesson, we describe why only those records required to meet GxP regulations, or submitted to regulators, should be identified as regulated electronic records.
- 4.7 Electronic Production Records (EPR) – No video
- 4.8 Impact Assessment of Electronic Records
This lesson classifies regulated electronic records as High, Medium, or Low based on an assessment of the potential impact of the record on patient safety or product quality.
- 4.9 Spreadsheets – No video
Session-5 Identify Regulated Records and Signatures and the Impact Assessment of Electronic Records (12 topics)
- 5.1 Organizational Change – Impact During Project Lifecycle
This lesson looks at various ways to manage projects during episodes of major organizational changes.
- 5.2 Outsourced IS/IT Environment
Here we look at the contract considerations when we choose to outsource control of our IS/IT systems to a third-party vendor.
- 5.3 I T Compliance – Key Concepts, and Infrastructure Elements
In this lesson, we look at ways to standardize our IT Infrastructure Elements to facilitate and somewhat ‘modularize’ our compliance strategy.
- 5.4 Development versus Implementation Life Cycle
In this lesson, we describe how to implement various computerized systems based on their software category; where from a user’s perspective the lower categories require less vendor input and where the higher categories require more.
- 5.5 Specification, Design and Verification
In this lesson, we review the ASTM International standard E 2500 – 07 ‘Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment’.
- 5.6 Testing Documentation Structure & Verification Terminology
In this lesson, we look at good practices regarding the organization of testing documentation on a project and we also examine legacy and modern terms for testing documentation used in the medicinal products’ industries.
- 5.7 Scalable Validation Deliverables
This lesson recommends a range of scaleable validation deliverables over the range of software categories where we see increasing intricacy with increasing category designation.
- 5.8 Patch and Update Management
In this lesson, we consider suitable management strategies for the implementation of software patches and upgrades to an existing computerized system operating in a regulated environment.
- 5.9 Operational Change and Configuration Management
This lesson describes how to manage the configuration of a computerized system in a regulated environment during the operation and maintenance phase and keep it current and relevant where we’re in a period of continuous change and upgrading.
- 5.10 Repair Activity
In this lesson, we discuss a process by which non-functional systems are returned to a functional state under the control of a repair activity procedure.
- 5.11 Periodic Review
In this lesson we’re going to look at a method to ensure a computerized system remains compliant with regulatory requirements throughout its operational life, remains fit for intended use, and continually satisfies company policies and procedures.
- 5.12 Backup and Restore
In this lesson, we describe a mechanism to protect electronic information assets against loss of original data and subsequent accurate restoration of assets when required.
Session-6 Good Electronic Records Management Transactions and Audit Trails (5 topics)
- 6.1 Good Electronic Records Management Transactions
In this lesson, we look at current good practices associated with good electronic records management including transactions, audit trails, sequence checks, electronic signatures, and continuous session system access.
- 6.2 Audit Trails
In this lesson, we explore how the application of audit trails improve information quality and reduce information loss from activities such as overwriting of data attributes.
- 6.3 AutoCAD Used for Managing Pack Drawings
- 6.4 Building Management Systems (BMS) – No video
- 6.5 21 CFR Part 211 – Subparts D and J
In this lesson we look at the FDA’s predicate GMP rule 21 CFR Part 211 specifically Subparts D and J. Subpart D relates to ‘Equipment’ and how subpart J relates to ‘Records and Reports’.
- 6.6 FDA 21 CFR Part 11 – ‘Electronic Records; Electronic Signatures (ERES)’ – No video
Session-7 Electronic Data Archiving, Business Continuity Management and Systems Back-up, Archival & Disaster Recovery (7 topics)
- 7.1 Electronic Data Archiving
In this lesson, we describe a suitable data archiving strategy for moving data that is no longer actively used in the active environment where it was created to a separate data storage area for long-term retention.
- 7.2 Typical Tasks Supporting Validation
Here we look at recommendations from the FDA regarding tasks that may support the validation of a computerized system in a regulated environment.
- 7.3 Security Management
In this lesson, we define the controls required for securing a computerized system in an operational environment.
- 7.4 Business Continuity Management
In this lesson, we discuss how to regain access to an IT system and its data following a disaster, and how to restore critical business processes following a disruption while continuing to provide products or services.
- 7.5 Relationship Between System Backup, Archival, and Disaster Recovery
In this lesson we look at the inter-relationship amongst the accurate and reproducible backing up of digital assets (data and software), the archiving of closed business transactions and master data relocation to an external system, and the regaining of access to an IT system (including software, hardware and data) following a disaster.
- 7.6 System Retirement, Decommissioning and Disposal
This lesson describes appropriate controls that need to be in place when removing a computerized system from day to day use through obsolescence or replacement.
- 7.7 Copies of Records
This lesson considers methods on how to preserve the content and meaning of an electronic record when making a copy.
Session-8 Controls to Maintain Electronic Records Integrity and Risk Controls for Electronic Signatures (9 topics)
- 8.1 Complying with 21 CFR Part 11 ERES – Types of Controls Required – No video
- 8.2 ERES – Key Areas for Guidance – Where to Apply Electronic Signatures
This video explores examples of where to apply electronic signatures required by predicate rules and required by internal procedures.
- 8.3 Batch Record Systems – No video
- 8.4 Enterprise Resource Planning (ERP) Systems – No video
- 8.5 Controls to Maintain Electronic Record Integrity
In this lesson, we examine controls to maintain electronic record integrity when creating and
storing records, transmitting records, and archiving records, and also controls for signature certification/ authentication and signature link integrity.
- 8.6 Risk Controls for Electronic Records – No video
- 8.7 Risk Controls for Electronic Signatures
In this lesson, we look at risk controls for electronic signatures in terms of instruction for the information associated with a signed electronic record, e-signatures security certificates, and signature controls.
- 8.8 User ERES Responsibilities
In this lesson, we look at the end-user’s responsibilities associated with electronic records and electronic signatures.
- 8.9 Supplier ERES Responsibilities
In this lesson, we look at the supplier’s/vendor’s responsibilities associated with electronic records and electronic signatures.