PHARMA QUALITY EUROPE / www.pqe.it / [email protected]Quality Information Technology Pharmaceuticals PQE A Road Map to COTS CSV, HPLC 1 A Road Map to SARQ, 3rd of October, 2002 Ulf Segerstéen Pharma Quality Europe AB COTS Computer System Validation based on a HPLC, as example
29
Embed
PHARMA QUALITY EUROPE / / [email protected] Quality Information Technology Pharmaceuticals PQE A Road Map to COTS CSV, HPLC 1 A Road Map to.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Guidance Content:Guidance Content:Guidance Content:Guidance Content: GUIDANCE KEY ELEMENTS
System Requirements Specifications (5.1)Documentation of Validation Activity (5.2)Equipment Installation (5.3)Dynamic Testing (5.4)Static Verification Techniques (5.5)Extent of Validation (5.6)Independence of Review (5.7)Change Control (5.8)
SPECIAL CONSIDERATIONS: COTS products and Internet
CF
R 2
1 P
11
GU
IDA
NC
E
CF
R 2
1 P
11
GU
IDA
NC
E
Computer system validation should be performed by persons other than those responsible for building the system.Two approaches to ensuring an objective review are: (1) Engaging a third party(2) dividing the work within an organization such that people who review the system (or a portion of the system) are not the same people who built it.
Computer system validation should be performed by persons other than those responsible for building the system.Two approaches to ensuring an objective review are: (1) Engaging a third party(2) dividing the work within an organization such that people who review the system (or a portion of the system) are not the same people who built it.
Example of Guidance: Independence of ReviewExample of Guidance: Independence of ReviewExample of Guidance: Independence of ReviewExample of Guidance: Independence of Review
ECommercial software used in electronic record keeping system subject to part 11 needs to be validated, just as programs written by end users need to validated(…)We do not consider commercial marketing alone to be sufficient proof of a program’s performance suitability(…)See 62 Federal Register 13430 at 1344-13445 March 20,1997
Commercial software used in electronic record keeping system subject to part 11 needs to be validated, just as programs written by end users need to validated(…)We do not consider commercial marketing alone to be sufficient proof of a program’s performance suitability(…)See 62 Federal Register 13430 at 1344-13445 March 20,1997
New Trend - Partnership by-Outsourcing Validation Activities What’s in it for the Customer ?•Staying focused on his business - be more cost-effective.•Staying on top of the requirements - stay compliant rather than spending time solving regulatory issues.•Sharing the latest knowledge - don’t be active in all fields and save time for the core business.•Being prepared for what’s to come - get resources when needed, don’t let them be an added cost to the Products.•Being part of the solution NOT part of the problem - give theorganization confidence to handle changes and challenges.•Always having access to a Partner to discuss and solve issues with.
What’s in it for the Partner ?•Client staying focused on his business makes easier for the Partner to support him.•Client staying updated on the requirements gives the Partner flexibility to act more proactively.•Sharing the latest knowledge makes the Client and the Partner understand each other, reducing misunderstandings and increasing efficiency.•Being prepared for what is to come helps the Partner to keep prices down and gives the Client more accurate budget control.•Being part of the solution, NOT part of the problem, helps both parties in solving and anticipating potential problems.
User Requirement Specification based on:• the lab Process including the HPLC-equipment, HW-platform, SW-application, printer, expected filestorage and user interactions.
• requirements for compliance to CFR 21 Part 11 (ER & ES) and other applicable GxP regulations
• testable requirements URS (PROCESS)
EVALUATION
VALIDATION PLAN
MASTER INDEX(MI)
The Lifecycle Activities for a COTS, cont.
It is important that your end user requirements specifications take into account •predicate rules•part 11•and other needs unique to your system that relate to ensuring•record authenticity•integrity•signer non-repudiation•and, when appropriate, confidentiality.
It is important that your end user requirements specifications take into account •predicate rules•part 11•and other needs unique to your system that relate to ensuring•record authenticity•integrity•signer non-repudiation•and, when appropriate, confidentiality.C
End users should document their requirements specifications relative to part 11 requirements and other factors, as discussed above.End users should document their requirements specifications relative to part 11 requirements and other factors, as discussed above.
Pharma Industry
UserRequirementsSpecifications
Quality Assurance ______System Owner _________
March, 2002
Define what
predicate rule needs
Define what you
need(all factors) Define
what Part 11
needs
COTS COTS End User Requirements SpecificationsEnd User Requirements Specifications
COTS COTS End User Requirements SpecificationsEnd User Requirements Specifications
SPECIFYEvaluation based on:• the CS fulfilling the Process that it is to be used within.
• Risk Assessment Index, based on complexity of the CS and on the criticality for failure during the process.RISK MANAGEMENT=RISK APPROACH+RISK ACTIVITIES
• the Suppliers expected role, process and responsibilities during the Project for developing + testing (FAT), installing and testing at the customers site (SAT), supporting the CS over time and license agreements.
• fulfillment of compliance to CFR 21 Part 11 (ER & ES) and other valid GxP regulations
• referenced other Pharmaceutical customers using the system.
• HighSoftware application whose features and functions have a direct impact on the quality, performance and efficacy of drug products
• MediumSoftware used for business process analysis, information and documentation systems that poses some business risk, or can have an indirect impact on drug products
• LowPackaged Software used for business purposes that poses no business risk
The Risk Assessment Index (RAI) is a rationale to evaluate the criticality and complexity of computerized systems.
• System Complexity is higher when system: Performs detailed algorithm or calculations Interfaces with other computerized systems performs extensive data input checking processes numerous types of transactions requires extensive support to be maintained involves a large number of users
• GxP Criticality is an index of the impact of the system on pharmaceutical product or on raw data safety and traceability
COTS Functional Testing of SW dependent on COTS Functional Testing of SW dependent on Supplier Documentation availableSupplier Documentation available
COTS Functional Testing of SW dependent on COTS Functional Testing of SW dependent on Supplier Documentation availableSupplier Documentation available
CF
R 2
1 P
11
GU
IDA
NC
EC
FR
21
P 1
1 G
UID
AN
CE
When the end user cannot directly review the program source code or development documentation more extensive functional testing might be warranted than when such documentation is available to the user.
When the end user cannot directly review the program source code or development documentation more extensive functional testing might be warranted than when such documentation is available to the user.
SPECIFYValidation Plan based on:• Validation Strategy which is based on the Evaluation.
• available Validation Methods, Tools and knowledge
• a Validation Process that are documented as a matrix of all Validation Activities (VA), based on RAI that are expected to be executed for a HPLC (COTS). Rational given for VA’s that are not to be performed. Correspondent User roles in the Project and Supplier roles to these activities in the project are used in the same matrix.
• statement for compliance to CFR 21 Part 11 (ER & ES) and other valid GxP regulations
• required Supplier-, System Documentation and User Organization and SOPs for supporting and maintaining the CS.
Tests should include not only “normal or “expected” values, but also stress conditions.Test conditions should extend to •boundary values, •unexpected data entries, •error conditions, •reasonable challenges, •branches, •and combinations of inputs.
Tests should include not only “normal or “expected” values, but also stress conditions.Test conditions should extend to •boundary values, •unexpected data entries, •error conditions, •reasonable challenges, •branches, •and combinations of inputs.
STRUCTURAL TESTINGThis testing takes into account the internal mechanism of a system or component (white box testing). Structural testing should show that the software creator followed contemporary quality standards.This testing usually includes inspections of the program code and development documents.
STRUCTURAL TESTINGThis testing takes into account the internal mechanism of a system or component (white box testing). Structural testing should show that the software creator followed contemporary quality standards.This testing usually includes inspections of the program code and development documents.
FUNCTIONAL TESTINGThis testing involves running the program under known conditions with defined inputs and documented outcome that can be compared to pre-defined expectations (“black box” testing)
FUNCTIONAL TESTINGThis testing involves running the program under known conditions with defined inputs and documented outcome that can be compared to pre-defined expectations (“black box” testing)
PROGRAM BUILD TESTINGThis testing is performed on units of modules, integrated units of code and the program as a whole.
PROGRAM BUILD TESTINGThis testing is performed on units of modules, integrated units of code and the program as a whole.
TESTTest Plan based on:• Validation Plan and RAI of the CS.
• FAT, which would include review of Supplier Evaluation, Test, System & User documentation from the Supplier
• SAT, which would include witness during IQ and OQ on site together with Supplier. These tests should normally include test for compliance to CFR 21 Part 11.
• PROCESS QUALIFICATION, which would include performing the complete lab process as required by URS and User Guide, should also include CS Administration tests. • DRAFT SOPs could be in one document for this type of systems and should be available at PQ.
1-CS Req. & SOP:•URS/FS/DS and user guide•Training•CS Security and authorization (incl. Backup and Contingency)•Maintenance •Change Control•Periodic Review
VALIDATION TOOL1-CS Req. & SOP2-Validation Plan & Report3-Test Plan & Report4-Validation Plan & Report
Finally:To be in Compliance means:Coordination (Policy & Standards) Cooperation (sharing knowledge & support) Capacity (make realistic Plans for big changes) Competence (get trained to gain competence)