Computer system validation has been regulated by the FDA for more than 30 years, as it relates to systems used in the manufacturing, testing, and distribution of a product in the pharmaceutical, biotechnology, medical device, or other FDA-regulated industries. The FDA requirements ensure thorough planning, implementation, integration, testing, and management of computer systems used to collect, analyze, and/or report data. Electronic records and electronic signatures (ER/ES) came into play through guidelines established by the FDA in 1997 and disseminated through 21 CFR Part 11. This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.
In the early 2000s, FDA recognized they could not inspect every computer system at every regulated company and placed the onus on the industry to begin assessing all regulated computer systems based on risk. The level of potential risk, should the system fail to operate properly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process. System size, complexity, business criticality, GAMP 5 category, and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety.
FDA’s recent focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries. These include all systems that “touch” products, meaning they are used to create, collect, analyze, manage, transfer, and report data regulated by the FDA. All structured data, including databases, and unstructured data, including documents, spreadsheets, presentations, images, audio and video files, amongst others, must be managed and maintained with integrity throughout their entire life cycle.
We will explore the best practices and a strategic approach for evaluating computer systems used in the conduct FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment, and will also discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately.
We will also walk through the entire set of essential policies and procedures, as well as other supporting documentation and activities that must be developed and followed to ensure compliance. We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools, and utilities, and services. Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment, that can be leveraged to assist in all your GxP work.
This webinar will help you understand in detail Computer System Validation (CSV) and how to apply the System Development Life Cycle (SDLC) Methodology when validating computer systems subject to FDA regulations. This is critical in order to develop the appropriate validation strategy and achieve the thoroughness required to prove that a system does what it purports to do, and a key element is a thorough risk assessment. It also ensures that a system is maintained in a validated state throughout its entire life cycle, from conception through retirement, making it critical to continue assessing risk as changes are made. We will discuss the phases within the SDLC, and how these form the basis for any CSV project. The importance of the sequence of steps will also be covered.
Carolyn Troiano has more than 30 years of experience in computer system validation in the pharmaceutical, medical device, animal health and other FDA-regulated industries. She is currently managing a large, complex data migration, analytics and reporting program at a major financial institution.
During her career, Carolyn worked directly, or as a consultant, for many top-tier pharmaceutical companies in the US and Europe. She was responsible for computer system validation across all GxP functions at a major pharmaceutical company. Carolyn developed validation programs and strategies back in the mid-1980s, when FDA guidelines were first issued. She was an industry reviewer for 21 CFR Part 11, the FDA's electronic record/electronic signature (ER/ES) regulation. She has taught ER/ES compliance, along with computer system validation and risk management/compliance at a number of Fortune 100 firms. Her experience includes work with FDA-regulated systems used in all areas of research, development, manufacturing, quality testing and distribution.
Carolyn has participated in industry conferences, providing very creative and interactive presentations. She is currently active in the Association of Information Technology Professionals (AITP), and Project Management Institute (PMI) chapters in the Richmond, VA area. Carolyn also volunteers for the PMI's Educational Fund as a project management instructor for non-profit organizations.