CSV - Computer System Validation
4,162 views
46 slides
Jul 24, 2021
Slide 1 of 46
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
About This Presentation
This document covers most of the topics in the CSV like Importance of CVS, Why to perform CSV, Validation Deliverables, Part 11 and Annex 11 Diferences
Slide Content
COMPUTERIZED SYSTEM
VALIDATION
Prepared by: Jaya Krishna Gude
M.S. (Pharm.), NIPER.
+91-7981145133
1
VALIDATION
Prepared by: Jaya Krishna Gude
M.S. (Pharm.), NIPER.
+91-7981145133
1
Flow of Presentation
Importance of CSV
Introduction to CSV
GAMP5
Data Integrity
Part 11 and Annex 11
Prepared by: G. Jaya krishna 2
Importance of CSV
Introduction to CSV
GAMP5
Data Integrity
Part 11 and Annex 11
Prepared by: G. Jaya krishna 2
Why to focus more on CSV?
EverythingwasgoingwellbeforeFDAandotherregulatoryagency
startedfocusinginDataIntegrity
EverythinginHumanlifeandPharmaindustryisaboutIntegrity.
In2016,dataintegrityissuestriggeredmorethanonethirdofall
regulatoryactions
USFDAtookmaximumactionsagainstchina,Indialedthepackwhen
itcametonon-compliancereportsissuesbyEURegulators.
EuropeanOperationsofMajorDrugcompanieslikeGSK,Otuska,Teva
werefoundtohaveseriousNon-complianceconcerns.
Preparedby: G. Jaya krishna 3
EverythingwasgoingwellbeforeFDAandotherregulatoryagency
startedfocusinginDataIntegrity
EverythinginHumanlifeandPharmaindustryisaboutIntegrity.
In2016,dataintegrityissuestriggeredmorethanonethirdofall
regulatoryactions
USFDAtookmaximumactionsagainstchina,Indialedthepackwhen
itcametonon-compliancereportsissuesbyEURegulators.
EuropeanOperationsofMajorDrugcompanieslikeGSK,Otuska,Teva
werefoundtohaveseriousNon-complianceconcerns.
Preparedby: G. Jaya krishna 3
Cont..
EverythingwasgoingwellbeforeFDAandotherregulatoryagency
startedfocusinginDataIntegrity
EverythinginHumanlifeandPharmaindustryisaboutIntegrity.
In2016,dataintegrityissuestriggeredmorethanonethirdofall
regulatoryactions
USFDAtookmaximumactionsagainstchina,Indialedthepackwhen
itcametonon-compliancereportsissuesbyEURegulators.
EuropeanOperationsofMajorDrugcompanieslikeGSK,Otuska,Teva
werefoundtohaveseriousNon-complianceconcerns.
Prepared by: G. Jaya krishna 4
EverythingwasgoingwellbeforeFDAandotherregulatoryagency
startedfocusinginDataIntegrity
EverythinginHumanlifeandPharmaindustryisaboutIntegrity.
In2016,dataintegrityissuestriggeredmorethanonethirdofall
regulatoryactions
USFDAtookmaximumactionsagainstchina,Indialedthepackwhen
itcametonon-compliancereportsissuesbyEURegulators.
EuropeanOperationsofMajorDrugcompanieslikeGSK,Otuska,Teva
werefoundtohaveseriousNon-complianceconcerns.
Prepared by: G. Jaya krishna 4
Cont..
InTeva’sHungaryPlant,USFDAAuditorsfoundQualityRelated
documentsinawastebinandalsofoundthatlackofcontrolstoprevent
analystsfromdeletingdataforthestandalonesystems.
IntheUK,GSKsAPIplantrecalledmorethan425,000Bacroban
antibioticproductsafterreceivingasternwarningletterfromFDA
Regulatorsinjuly2016forCrossContamination.
Failuretotakecorrectiveactioninatimelymannercanresultinshutting
downmanufacturingfacilities,consentdecrees,andstifffinancial
penalties.
Theultimateresultcouldbelossofjobsandcompaniessuffering
economicinstabilitiesresultingindownsizingandpossiblyeventual
bankruptcy.
Prepared by: G. Jaya krishna 5
InTeva’sHungaryPlant,USFDAAuditorsfoundQualityRelated
documentsinawastebinandalsofoundthatlackofcontrolstoprevent
analystsfromdeletingdataforthestandalonesystems.
IntheUK,GSKsAPIplantrecalledmorethan425,000Bacroban
antibioticproductsafterreceivingasternwarningletterfromFDA
Regulatorsinjuly2016forCrossContamination.
Failuretotakecorrectiveactioninatimelymannercanresultinshutting
downmanufacturingfacilities,consentdecrees,andstifffinancial
penalties.
Theultimateresultcouldbelossofjobsandcompaniessuffering
economicinstabilitiesresultingindownsizingandpossiblyeventual
bankruptcy.
Prepared by: G. Jaya krishna 5
Cost of Non-Compliance
Cost of Non-compliance is 1000 times higher then the cost of compliance
Poor Record Integrity/ GxPNon-compliance will result in
FDA –483 Observation (WL)
Import Alert
Consent Decrease
Criminal Prosecution
In the case of Serious Deficiencies/Critical Findings actions may need to be
taken by inspectorate and EU authorities:
Prohibition of Supply
Batches withdrawn from the EU Market
Refusal of the granting of a marketing Authorization
Prepared by: G. Jaya krishna 6
Cost of Non-compliance is 1000 times higher then the cost of compliance
Poor Record Integrity/ GxPNon-compliance will result in
FDA –483 Observation (WL)
Import Alert
Consent Decrease
Criminal Prosecution
In the case of Serious Deficiencies/Critical Findings actions may need to be
taken by inspectorate and EU authorities:
Prohibition of Supply
Batches withdrawn from the EU Market
Refusal of the granting of a marketing Authorization
Prepared by: G. Jaya krishna 6
What is Validation ??
EstablishingDocumentedEvidencethataprovidesahighdegreeof
assurancethataspecificprocesswillconsistentlyproduceaproduct
meetingitspredeterminedspecificationsandqualityattributes
Qualificationisanactorprocesstoassuresomethingcomplieswith
somecondition,standardorspecificrequirements
“Wequalifyasystemand/orequipmentandwevalidatea
process”
Ex:“Youwillqualifyanautoclave,whereasyouvalidatethesterilization
process”
Thetermqualificationisnormallyusedforequipment,utilitiesand
systems,andvalidationforprocess
Prepared by: G. Jaya krishna 7
EstablishingDocumentedEvidencethataprovidesahighdegreeof
assurancethataspecificprocesswillconsistentlyproduceaproduct
meetingitspredeterminedspecificationsandqualityattributes
Qualificationisanactorprocesstoassuresomethingcomplieswith
somecondition,standardorspecificrequirements
“Wequalifyasystemand/orequipmentandwevalidatea
process”
Ex:“Youwillqualifyanautoclave,whereasyouvalidatethesterilization
process”
Thetermqualificationisnormallyusedforequipment,utilitiesand
systems,andvalidationforprocess
Prepared by: G. Jaya krishna 7
Why to perform Validation ??
Validationispredicaterule,henceitismandatorytoperform
Computerizedsystemvalidation
Accordingto21CFRPart820.70(i)–Whencomputersorautomated
dataprocessingsystemsareusedaspartofproductionorthequality
systems,themanufacturershallvalidatecomputersoftwareforits
intendeduseaccordingtoanestablishedprotocol.Allsoftwarechanges
shallbevalidatedbeforeapprovalandissuance.Thesevalidation
activitiesandresultsshallbedocumented
Prepared by: G. Jaya krishna 8
Validationispredicaterule,henceitismandatorytoperform
Computerizedsystemvalidation
Accordingto21CFRPart820.70(i)–Whencomputersorautomated
dataprocessingsystemsareusedaspartofproductionorthequality
systems,themanufacturershallvalidatecomputersoftwareforits
intendeduseaccordingtoanestablishedprotocol.Allsoftwarechanges
shallbevalidatedbeforeapprovalandissuance.Thesevalidation
activitiesandresultsshallbedocumented
Prepared by: G. Jaya krishna 8
Purpose of Validation
To prove that we did validation right and system works as intended, identify any
bugs by challenging the system. It increases the confidence level
The personnel involved in the validation are may no longer with the company to
explain to the auditors. Proof of good validation should be maintained till
retention (Documentation is most critical and has to be self explanatory)
Which Systems needs Validation:
All Automated Systems, Computer System which is used to Store, Monitor or
Control GXP Operation and Data needs validation. If system is controlled by the
computer –PLC and it is storing electronic data and electronic signature more
detailed validation needed.
Reduces risk and legal liability, Having the evidence that computer systems are
correct for their purpose and operating properly represents a good business
practice.
Prepared by: G. Jaya krishna 9
To prove that we did validation right and system works as intended, identify any
bugs by challenging the system. It increases the confidence level
The personnel involved in the validation are may no longer with the company to
explain to the auditors. Proof of good validation should be maintained till
retention (Documentation is most critical and has to be self explanatory)
Which Systems needs Validation:
All Automated Systems, Computer System which is used to Store, Monitor or
Control GXP Operation and Data needs validation. If system is controlled by the
computer –PLC and it is storing electronic data and electronic signature more
detailed validation needed.
Reduces risk and legal liability, Having the evidence that computer systems are
correct for their purpose and operating properly represents a good business
practice.
Prepared by: G. Jaya krishna 9
Computerized System Validation
AComputerizedsystemconsistsoftheSoftware,Hardwareandthenetworking
components,Personneltogetherwiththecontrolledfunctionsandthe
associateddocumentation
According to the Regulatory guidelines Computerized system validation is
stated as “ESTABLISHING DOCUMENT EVIDENCE .”
Ex: Automated manufacturing equipment, Quality control systems , equipment,
laboratory, clinical (or) manufacturing data base systems.
Prepared by: G. Jaya krishna 10
AComputerizedsystemconsistsoftheSoftware,Hardwareandthenetworking
components,Personneltogetherwiththecontrolledfunctionsandthe
associateddocumentation
According to the Regulatory guidelines Computerized system validation is
stated as “ESTABLISHING DOCUMENT EVIDENCE .”
Ex: Automated manufacturing equipment, Quality control systems , equipment,
laboratory, clinical (or) manufacturing data base systems.
Prepared by: G. Jaya krishna 10
In general , a combination of hardware,
software , people , documents, inputs,
processing and outputs working together
software Hardware
Controlling process
Equipment
Operating Procedures and
Documentation
People and Training
COMPUTER SYSTEM
Prepared by: G. Jaya krishna 11
software , people , documents, inputs,
processing and outputs working together
software Hardware
Controlling process
Equipment
Operating Procedures and
Documentation
People and Training
COMPUTER SYSTEM
Prepared by: G. Jaya krishna 11
Computerized System Vs Computer System
ComputerizedSystem:Anyprogrammabledevicehavinghardware,
peripherals,software,procedures,users,interconnectionsandinputsfor
electronicprocessing&outputofinformationUsedforreportingorcontrol
ComputerSystem:Acomputersystemisasetofintegrateddevicesthatinput,
output,process,andstoredataandinformation.Computersystemsare
currentlybuiltaroundatleastonedigitalprocessingdevice.Therearefivemain
hardwarecomponentsinacomputersystem:Input,Processing,Storage,
OutputandCommunicationdevices.
Prepared by: G. Jaya krishna 12
ComputerizedSystem:Anyprogrammabledevicehavinghardware,
peripherals,software,procedures,users,interconnectionsandinputsfor
electronicprocessing&outputofinformationUsedforreportingorcontrol
ComputerSystem:Acomputersystemisasetofintegrateddevicesthatinput,
output,process,andstoredataandinformation.Computersystemsare
currentlybuiltaroundatleastonedigitalprocessingdevice.Therearefivemain
hardwarecomponentsinacomputersystem:Input,Processing,Storage,
OutputandCommunicationdevices.
Prepared by: G. Jaya krishna 12
Types of Validation:
If data are transferred to another data format or system , validation should
include checks that data are not altered in value and / or meaning during this
migration process. E.g. Paper based reports, Screen shots, Video etc….
Prospective Validation –The validation of a new system as it is developed or
The Validation conducted prior to the distribution of either a new product or
product made under a revised manufacturing process
RetrospectiveValidation–Theprocessofevaluatingacomputersystem
currentlyinoperationagainststandardvalidationpracticesandprocedures.The
evaluationdeterminesthereliability,accuracy,andcompletenessofasystem
(existingsystem)
Concurrent Validation –Validation Simultaneously with Production
Prepared by: G. Jaya krishna 13
If data are transferred to another data format or system , validation should
include checks that data are not altered in value and / or meaning during this
migration process. E.g. Paper based reports, Screen shots, Video etc….
Prospective Validation –The validation of a new system as it is developed or
The Validation conducted prior to the distribution of either a new product or
product made under a revised manufacturing process
RetrospectiveValidation–Theprocessofevaluatingacomputersystem
currentlyinoperationagainststandardvalidationpracticesandprocedures.The
evaluationdeterminesthereliability,accuracy,andcompletenessofasystem
(existingsystem)
Concurrent Validation –Validation Simultaneously with Production
Prepared by: G. Jaya krishna 13
4Q Validation Overview (Traditional Method)
DesignQualification(DQ)–Documentedevidencethatthedesignofthe
systemmeetsrequirements
InstallationQualification(IQ)–Systemhasbeeninstalledcorrectly
OperationalQualification(OQ)–SystemOperatesaccordingtothedesign
PerformanceQualification(PQ)–Systemmeetsdesigncriteriaandoperates
accordingtorequirement
Prepared by: G. Jaya krishna 14
DesignQualification(DQ)–Documentedevidencethatthedesignofthe
systemmeetsrequirements
InstallationQualification(IQ)–Systemhasbeeninstalledcorrectly
OperationalQualification(OQ)–SystemOperatesaccordingtothedesign
PerformanceQualification(PQ)–Systemmeetsdesigncriteriaandoperates
accordingtorequirement
Prepared by: G. Jaya krishna 14
GAMP5
GoodAutomatedManufacturingPractice,Foundedin1991.
InternationalSocietyforPharmaceuticalEngineering(ISPE)setsthe
guidelinesformanufacturersandthecurrentVersionisGAMP5.
GAMPdescribesasetofprinciplesandproceduresthathelpensure
thatpharmaceuticalSoftwarehaverequiredquality.
Computersystemvalidation(CSV)followingGAMPguidelinesrequire
usersandsupplierstoworktogethersothatresponsibilitiesregarding
thevalidationprocessareunderstood.
Prepared by: G. Jaya krishna 15
GoodAutomatedManufacturingPractice,Foundedin1991.
InternationalSocietyforPharmaceuticalEngineering(ISPE)setsthe
guidelinesformanufacturersandthecurrentVersionisGAMP5.
GAMPdescribesasetofprinciplesandproceduresthathelpensure
thatpharmaceuticalSoftwarehaverequiredquality.
Computersystemvalidation(CSV)followingGAMPguidelinesrequire
usersandsupplierstoworktogethersothatresponsibilitiesregarding
thevalidationprocessareunderstood.
Prepared by: G. Jaya krishna 15
WhyGAMP5?
•Facilitates the interpretation of regulatory requirements.
•Establishes a common language and terminology.
•Promotes a system life cycle approach based on good practice.
•Clarifies roles and responsibilities.
•Focus attention on those computerized systems with most impact on patient
safety, product quality, and data integrity
•Avoid duplication of activities.
Prepared by: G. Jaya krishna 16
•Facilitates the interpretation of regulatory requirements.
•Establishes a common language and terminology.
•Promotes a system life cycle approach based on good practice.
•Clarifies roles and responsibilities.
•Focus attention on those computerized systems with most impact on patient
safety, product quality, and data integrity
•Avoid duplication of activities.
Prepared by: G. Jaya krishna 16
GAMP5 Key Concepts:
ProductandProcessunderstanding
LifecycleapproachwithinaQMS
ScalableLifeCycleActivities
Science-basedQualityRiskManagement
LeveragingSupplierInvolvement
Prepared by: G. Jaya krishna 17
ProductandProcessunderstanding
LifecycleapproachwithinaQMS
ScalableLifeCycleActivities
Science-basedQualityRiskManagement
LeveragingSupplierInvolvement
Prepared by: G. Jaya krishna 17
Who plays validation role?
QA and Validation:
Author some major documents
Provide advice , training , auditing
Senior management for each group decides :
Which systems to buy or build
How much resources to make available
What risks are acceptable
Support groups (IT Infrastructures):
Maintain proper network environment
Troubleshooting and maintenance
Desktop and infrastructure control
Prepared by: G. Jaya krishna 18
QA and Validation:
Author some major documents
Provide advice , training , auditing
Senior management for each group decides :
Which systems to buy or build
How much resources to make available
What risks are acceptable
Support groups (IT Infrastructures):
Maintain proper network environment
Troubleshooting and maintenance
Desktop and infrastructure control
Prepared by: G. Jaya krishna 18
Validation overview / Computerized system life
cycle:
Concept-Duringtheconceptphasetheregulatedcompanyconsidersopportunitiesto
automateoneormorebusinessprocessesbaseduponbusinessandbenefits.Atthis
phase,initialrequirementswillbedevelopedandpotentialsolutionsconsidered.Froman
initialunderstandingofscope,costsandbenefitsadecisionismadeonwhetherto
proceedtotheprojectphase.
Project-Theprojectphaseinvolvesplanning,supplierassessmentandselection,
variouslevelsofspecification,configurationandverificationleadingtoacceptanceand
releaseforoperation.Riskmanagementisappliedtoidentifyrisksandtoremoveor
reducethemtoanacceptablelevel.
Operation-Thisphaseisthelongestphaseandismanagedbytheuseofdefined,up
todate,operationalproceduresappliedbypersonnelwhohaveappropriatetraining,
education,andexperience.Maintainingcontrol(IncludingSecurity),fitnessforintended
useandcompliancearekeyaspects.Themanagementofchangesofdifferentimpact,
scopeandcomplexityisanimportantactivityduringthisphase.
Retirement-Thefinalphaseistheultimateretirementofthesystem.Itinvolves
decisionsaboutdataretention,migrationordestructionandthemanagementofthese
processes.
Prepared by: G. Jaya krishna
19
cycle:
Concept-Duringtheconceptphasetheregulatedcompanyconsidersopportunitiesto
automateoneormorebusinessprocessesbaseduponbusinessandbenefits.Atthis
phase,initialrequirementswillbedevelopedandpotentialsolutionsconsidered.Froman
initialunderstandingofscope,costsandbenefitsadecisionismadeonwhetherto
proceedtotheprojectphase.
Project-Theprojectphaseinvolvesplanning,supplierassessmentandselection,
variouslevelsofspecification,configurationandverificationleadingtoacceptanceand
releaseforoperation.Riskmanagementisappliedtoidentifyrisksandtoremoveor
reducethemtoanacceptablelevel.
Operation-Thisphaseisthelongestphaseandismanagedbytheuseofdefined,up
todate,operationalproceduresappliedbypersonnelwhohaveappropriatetraining,
education,andexperience.Maintainingcontrol(IncludingSecurity),fitnessforintended
useandcompliancearekeyaspects.Themanagementofchangesofdifferentimpact,
scopeandcomplexityisanimportantactivityduringthisphase.
Retirement-Thefinalphaseistheultimateretirementofthesystem.Itinvolves
decisionsaboutdataretention,migrationordestructionandthemanagementofthese
processes.
Prepared by: G. Jaya krishna
19
ValidationApproach
1.PLAN
Validation Activities
2.DEFINE
Requirements
3. SELECT
Vendors
4.DESIGN AND REVIEW
5. CONSTRUCT AND TEST
6.INSTALL
7.QUALIFY
8.EVALUATE
Computerized System
Prepared by: G. Jaya krishna 20
1.PLAN
Validation Activities
2.DEFINE
Requirements
3. SELECT
Vendors
4.DESIGN AND REVIEW
5. CONSTRUCT AND TEST
6.INSTALL
7.QUALIFY
8.EVALUATE
Computerized System
Prepared by: G. Jaya krishna 20
GAMP CATEGORY
Prepared by: G. Jaya krishna
21
Prepared by: G. Jaya krishna
21
GAMP Categories
The GAMP categories were originally introduced to provide an initial
assessment as to the validation requirements / deliverables, In GAMP 4 there
were five software categories. These have been revised in GAMP5 to four
categories as detailed below:
Category 1–Infrastructure software including operating systems, Database
Managers, etc.
Category 3–Non configurable software including, commercial off the shelf
software (COTS), Laboratory Instruments / Software.
Category 4–Configured software including, LIMS, SCADA, DCS, CDS, etc.
Category 5–Bespoke/Tailor-made software
Prepared by: G. Jaya krishna 22
The GAMP categories were originally introduced to provide an initial
assessment as to the validation requirements / deliverables, In GAMP 4 there
were five software categories. These have been revised in GAMP5 to four
categories as detailed below:
Category 1–Infrastructure software including operating systems, Database
Managers, etc.
Category 3–Non configurable software including, commercial off the shelf
software (COTS), Laboratory Instruments / Software.
Category 4–Configured software including, LIMS, SCADA, DCS, CDS, etc.
Category 5–Bespoke/Tailor-made software
Prepared by: G. Jaya krishna 22
Validation Deliverables based on GAMP Categories
Prepared by: G. Jaya krishna
23
Software
Category
Validation Deliverables
IRA URS SA VP FS/FRS FRA CS/DS IQ OQ PQ RTM VSR
Category 1 - - - - - --- -
Category 3 - - - -
Category 4
Category 5
Prepared by: G. Jaya krishna
23
Software
Category
Validation Deliverables
IRA URS SA VP FS/FRS FRA CS/DS IQ OQ PQ RTM VSR
Category 1 - - - - - --- -
Category 3 - - - -
Category 4
Category 5
Validationdeliverables:
1. Initial Risk Assessment (IRA) or GxPDocument
2. User Requirement Specification (URS)
3. Vendor Assessment / Supplier Assessment (VA / SA)
4. Functional Requirement Specification (FRS/FS)
5. Configuration / Design Specification (CS / DS) / Design
Qualification (DQ) –( Hard ware, Server, Infra Structure details)
6. Validation Plan (VP)
7. Factory Acceptance Test (FAT)
8. Site Acceptance Test (SAT)
9. Functional Risk Assessment (FRA)
Prepared by: G. Jaya krishna
24
1. Initial Risk Assessment (IRA) or GxPDocument
2. User Requirement Specification (URS)
3. Vendor Assessment / Supplier Assessment (VA / SA)
4. Functional Requirement Specification (FRS/FS)
5. Configuration / Design Specification (CS / DS) / Design
Qualification (DQ) –( Hard ware, Server, Infra Structure details)
6. Validation Plan (VP)
7. Factory Acceptance Test (FAT)
8. Site Acceptance Test (SAT)
9. Functional Risk Assessment (FRA)
Prepared by: G. Jaya krishna
24
10. Installation Qualification (IQ)
11. Operational Qualification (OQ)
12. Performance Qualification (PQ)
13. Traceability Matrix (TM)
14. Validation Summary Report (VSR)
15. System Release Certificate or Software Release Note
Prepared by: G. Jaya krishna 25
11. Operational Qualification (OQ)
12. Performance Qualification (PQ)
13. Traceability Matrix (TM)
14. Validation Summary Report (VSR)
15. System Release Certificate or Software Release Note
Prepared by: G. Jaya krishna 25
Specification and Qualification Relationships
V-Life Cycle Model
URS
FRS
DS
VP
System Build
VSR
PQ
OQ
IQ
Verifies
Verifies
Verifies
IRA /GxP
Prepared by: G. Jaya krishna 26
V-Life Cycle Model
URS
FRS
DS
VP
System Build
VSR
PQ
OQ
IQ
Verifies
Verifies
Verifies
IRA /GxP
Prepared by: G. Jaya krishna 26
THE VALIDATION PROCESS
Consists of five specific processes
Validation Master Plan
Project Plan
Installation Qualification
Operational Qualification
Performance Qualification
Prepared by: G. Jaya krishna 27
Consists of five specific processes
Validation Master Plan
Project Plan
Installation Qualification
Operational Qualification
Performance Qualification
Prepared by: G. Jaya krishna 27
DataIntegrity:
Def: The Extent to which the data is complete, correct and accurate is
Called Data Integrity . (First used by Stan Woollen)
Acronym: ALCOA ++
A –Attributable
L –Legible
C –Contemporaneous
O –Original
A –Accurate
Complete
Correct
Enduring
Available
Prepared by: G. Jaya krishna
28
Def: The Extent to which the data is complete, correct and accurate is
Called Data Integrity . (First used by Stan Woollen)
Acronym: ALCOA ++
A –Attributable
L –Legible
C –Contemporaneous
O –Original
A –Accurate
Complete
Correct
Enduring
Available
Prepared by: G. Jaya krishna
28
DataIntegrity:
Attributable The Identity of the person completing a record (Who, When, Why)
Legible
The data is readable, Understandable, Traceable, Permanent
allowing for a clear picture of the activities that occurred
Contemporaneous
The data is recorded at the time it is generated or observed (No
Back dating)
Original
Original Records must preserve data accuracy, completeness,
content and meaning. Data as the file or format in which it was
initially generated
Accurate
The data record must be accurate whether paper or electronic, it
must be exact, true and free from error (this might require a
second verification if necessary)
Prepared by: G. Jaya krishna
29
Attributable The Identity of the person completing a record (Who, When, Why)
Legible
The data is readable, Understandable, Traceable, Permanent
allowing for a clear picture of the activities that occurred
Contemporaneous
The data is recorded at the time it is generated or observed (No
Back dating)
Original
Original Records must preserve data accuracy, completeness,
content and meaning. Data as the file or format in which it was
initially generated
Accurate
The data record must be accurate whether paper or electronic, it
must be exact, true and free from error (this might require a
second verification if necessary)
Prepared by: G. Jaya krishna
29
Cont..
Consistent
Consistent application of date and time stamps in the expected
sequence.
Complete
All Information needs to be maintained. Batch pass-fail, Re-
analyses carried out. (OOS, OOT)
Enduring
Medium used to record data should be permanent and not
temporary memory RAM.
Available
Available/Accessible for review / audit for the life time of the
record.
Prepared by: G. Jaya krishna 30
Consistent
Consistent application of date and time stamps in the expected
sequence.
Complete
All Information needs to be maintained. Batch pass-fail, Re-
analyses carried out. (OOS, OOT)
Enduring
Medium used to record data should be permanent and not
temporary memory RAM.
Available
Available/Accessible for review / audit for the life time of the
record.
Prepared by: G. Jaya krishna 30
Common ALCOA ++ Issues
CommonPasswords/Passwordssharing
AuthorityControl
UserPrivileges–Lackofrolebasedaccesscontrol
Laboratorieshavefailedtoimplementtocontrolsoverdataand
unauthorizedaccess
DataBackupandRestoration
AuditTrail–NoaudittrailfunctionorDisabledaudittrailfunction
ManipulationofDate/Timestamps&Backdating
Prepared by: G. Jaya krishna 31
CommonPasswords/Passwordssharing
AuthorityControl
UserPrivileges–Lackofrolebasedaccesscontrol
Laboratorieshavefailedtoimplementtocontrolsoverdataand
unauthorizedaccess
DataBackupandRestoration
AuditTrail–NoaudittrailfunctionorDisabledaudittrailfunction
ManipulationofDate/Timestamps&Backdating
Prepared by: G. Jaya krishna 31
Data Integrity: Violation of 21 CRR Part
211 is also termed as Data Integrity
Part211.68(C)statesthattheautomatedequipmentusedfor
performancemustsatisfytherequirementsofanoperationbyone
person&checkingbyanotherperson.(Twolevelcheckshouldbe
there)
Part211.100and211.160requirethatcertainactivitiesbedocumented
atthetimeofperformance&thatlaboratorycontrolsbescientifically
sound(Contemporaneous)
Part211.188,211.194requirecompleteinformation-data-records
derivedfromalltestsperformed.(Complete)
Part211.180requirestruecopiesorotheraccuratereproductionsofthe
originalrecords.(Accurate)
Prepared by: G. Jaya krishna 32
211 is also termed as Data Integrity
Part211.68(C)statesthattheautomatedequipmentusedfor
performancemustsatisfytherequirementsofanoperationbyone
person&checkingbyanotherperson.(Twolevelcheckshouldbe
there)
Part211.100and211.160requirethatcertainactivitiesbedocumented
atthetimeofperformance&thatlaboratorycontrolsbescientifically
sound(Contemporaneous)
Part211.188,211.194requirecompleteinformation-data-records
derivedfromalltestsperformed.(Complete)
Part211.180requirestruecopiesorotheraccuratereproductionsofthe
originalrecords.(Accurate)
Prepared by: G. Jaya krishna 32
EU Annex-11
Annex11ispartoftheEuropeanGMPGuidelinesanddefinesthetermsof
referenceforcomputerizedsystemsusedbyorganizationsinthe
pharmaceuticalindustry.
AppliestoallformsofcomputerizedsystemsusedaspartofaGMPregulated
activities.
Acomputerizedsystemisasetofsoftwareandhardwarecomponentswhich
togetherfulfilcertainfunctionalities.
Theapplicationshouldbevalidated.
ITinfrastructureshouldbequalified.
Whereacomputerizedsystemreplacesamanualoperations,thereshouldbe
toresultantdecreaseinproductqualityassurance.
Thereshouldbenoincreasesintheoverallriskoftheprocess.
Prepared by: G. Jaya krishna 33
Annex11ispartoftheEuropeanGMPGuidelinesanddefinesthetermsof
referenceforcomputerizedsystemsusedbyorganizationsinthe
pharmaceuticalindustry.
AppliestoallformsofcomputerizedsystemsusedaspartofaGMPregulated
activities.
Acomputerizedsystemisasetofsoftwareandhardwarecomponentswhich
togetherfulfilcertainfunctionalities.
Theapplicationshouldbevalidated.
ITinfrastructureshouldbequalified.
Whereacomputerizedsystemreplacesamanualoperations,thereshouldbe
toresultantdecreaseinproductqualityassurance.
Thereshouldbenoincreasesintheoverallriskoftheprocess.
Prepared by: G. Jaya krishna 33
EU Annex-11
1
RiskManagement
2
Personnel
3
SuppliersandServiceProviders
4
Validation
5
Data
6
AccuracyChecks
7
DataStorage
8
Printouts
9
AuditTrails
10
ChangeandConfigurationManagement
11
PeriodicEvaluation
12
Security
13
IncidentManagement
14
ElectronicSignatures
15
BatchRelease
16
BusinessContinuity
17
Archiving Prepared by: G. Jaya krishna
34
1
RiskManagement
2
Personnel
3
SuppliersandServiceProviders
4
Validation
5
Data
6
AccuracyChecks
7
DataStorage
8
Printouts
9
AuditTrails
10
ChangeandConfigurationManagement
11
PeriodicEvaluation
12
Security
13
IncidentManagement
14
ElectronicSignatures
15
BatchRelease
16
BusinessContinuity
17
Archiving Prepared by: G. Jaya krishna
34
EU Annex-11-Overview
Allthepersonnelshouldhaveappropriatequalifications,levelof
accessanddefinedresponsibilitiestocarryouttheirassignedduties
andthereshouldbeclosecooperationamongtheindividuals
Riskmanagementshouldbeappliedthroughoutthelifelifecycleofthe
computerizedbyconsideringpatientsafety,dataintegrityandproduct
quality
Forcriticaldataenteredmanually,thereshouldbeanadditionalcheck
ontheaccuracyofthedata.
Considerationshouldbegivenbasedonriskassessment,tobuilding
intothecreationofarecordofallGMPrelevantchangesanddeletions
andreasonforchangeshallbecaptured
Integrityandaccuracyofbackupdataandtheabilitytorestorethedata
shouldbecheckedduringthevalidationandmonitoredperiodically
Prepared by: G. Jaya krishna
35
Allthepersonnelshouldhaveappropriatequalifications,levelof
accessanddefinedresponsibilitiestocarryouttheirassignedduties
andthereshouldbeclosecooperationamongtheindividuals
Riskmanagementshouldbeappliedthroughoutthelifelifecycleofthe
computerizedbyconsideringpatientsafety,dataintegrityandproduct
quality
Forcriticaldataenteredmanually,thereshouldbeanadditionalcheck
ontheaccuracyofthedata.
Considerationshouldbegivenbasedonriskassessment,tobuilding
intothecreationofarecordofallGMPrelevantchangesanddeletions
andreasonforchangeshallbecaptured
Integrityandaccuracyofbackupdataandtheabilitytorestorethedata
shouldbecheckedduringthevalidationandmonitoredperiodically
Prepared by: G. Jaya krishna
35
EU Annex-11-Overview
Theextentofsecuritycontrolsdependsonthecriticalityofthe
computerizedsystem
Physicalorlogicalcontrolsshouldrestrictaccesstocomputerized
systemtoauthorizedpersons
Whenacomputerizedsystemisusedforrecordingcertificationand
batchrelease,thesystemshouldallowonlyauthorizedpersonsto
certifythereleaseofbatches
Allincidents,notonlysystemfailuresanddataerrorsshouldbe
reportedandassessed
Therootcauseofacriticalincidentshouldbeidentifiedandshouldform
thebasisofcorrectiveandpreventiveactions
Prepared by: G. Jaya krishna 36
Theextentofsecuritycontrolsdependsonthecriticalityofthe
computerizedsystem
Physicalorlogicalcontrolsshouldrestrictaccesstocomputerized
systemtoauthorizedpersons
Whenacomputerizedsystemisusedforrecordingcertificationand
batchrelease,thesystemshouldallowonlyauthorizedpersonsto
certifythereleaseofbatches
Allincidents,notonlysystemfailuresanddataerrorsshouldbe
reportedandassessed
Therootcauseofacriticalincidentshouldbeidentifiedandshouldform
thebasisofcorrectiveandpreventiveactions
Prepared by: G. Jaya krishna 36
EU Annex-11-Overview
Anychangestoacomputerizedsystem,includingsystem
configurationsshouldonlybemadeinacontrolledmannerin
accordancewithadefinedprocedure
Fortheavailabilityofcomputerizedsystemssupportingcritical
processes,provisionsshouldbemadetoensurecontinuityofsupport
forthoseprocessesintheeventofasystembreakdown
Computerizedsystemsshouldbeperiodicallyevaluatedtoconfirmthat
theyremaininavalidstateandarecompliantwithGMPandsuch
evolutionsincludeDeviation,Upgrade,SecurityandValidationstatus
reports
Whenthirdpartiesareused,formalagreementsmustexistbetweenthe
partiesandtheseagreementsshouldincludeclearstatementsofthe
responsibilitiesofthethirdparty
Prepared by: G. Jaya krishna 37
Anychangestoacomputerizedsystem,includingsystem
configurationsshouldonlybemadeinacontrolledmannerin
accordancewithadefinedprocedure
Fortheavailabilityofcomputerizedsystemssupportingcritical
processes,provisionsshouldbemadetoensurecontinuityofsupport
forthoseprocessesintheeventofasystembreakdown
Computerizedsystemsshouldbeperiodicallyevaluatedtoconfirmthat
theyremaininavalidstateandarecompliantwithGMPandsuch
evolutionsincludeDeviation,Upgrade,SecurityandValidationstatus
reports
Whenthirdpartiesareused,formalagreementsmustexistbetweenthe
partiesandtheseagreementsshouldincludeclearstatementsofthe
responsibilitiesofthethirdparty
Prepared by: G. Jaya krishna 37
EU Annex-11-Overview
TheValidationdocumentationandreportsshouldcovertherelevantsteps
ofthelifecycle.
Shouldbeabletojustifystandards,protocols,acceptancecriteria,
proceduresandrecordsbasedontheriskassessment.
UserRequirementsSpecificationsshoulddescribetherequiredfunctions
ofthecomputerizedsystemandbebasedondocumentedriskassessment
andGMPimpact.
Userrequirementsshouldbetraceablethroughoutthelife-cycle.
Forcriticalsystemsanup-to-datesystemdescriptiondetailingthephysical
andlogicalarrangements,dataflowandinterfaceswithothersystemsor
processes,anyhardwareandsoftwarepre-requisitesandsecurity
measuresshouldbeavailable.
Theregulatedusershouldtakeallreasonablestepstoensurethatthe
systemhasbeendevelopedinaccordancewithanappropriateQuality
ManagementSystem.
Prepared by: G. Jaya krishna
38
TheValidationdocumentationandreportsshouldcovertherelevantsteps
ofthelifecycle.
Shouldbeabletojustifystandards,protocols,acceptancecriteria,
proceduresandrecordsbasedontheriskassessment.
UserRequirementsSpecificationsshoulddescribetherequiredfunctions
ofthecomputerizedsystemandbebasedondocumentedriskassessment
andGMPimpact.
Userrequirementsshouldbetraceablethroughoutthelife-cycle.
Forcriticalsystemsanup-to-datesystemdescriptiondetailingthephysical
andlogicalarrangements,dataflowandinterfaceswithothersystemsor
processes,anyhardwareandsoftwarepre-requisitesandsecurity
measuresshouldbeavailable.
Theregulatedusershouldtakeallreasonablestepstoensurethatthe
systemhasbeendevelopedinaccordancewithanappropriateQuality
ManagementSystem.
Prepared by: G. Jaya krishna
38
EU Annex-11-Overview
DocumentationsuppliedwithCommercial-off-the-shelfproductsshouldbe
reviewedbyregulateduserstocheckthatuserrequirementsarefulfilled.
Evidenceofappropriatetestmethodsandtestscenariosshouldbe
demonstrated.Particularly,systemparameterlimits,datalimitsanderror
handlingshouldbeconsidered.
ValidationdocumentationshouldincludeChangeControlrecordsandreports
onanydeviationsobservedduringthevalidationprocess.
Ifdataaretransferredtoanotherdataformatorsystem,validationshould
includechecksthatdataarenotalteredinvalueand/ormeaningduringthis
migrationprocess.
Computerizedsystemsexchangedataelectronicallywithothersystemsshould
includeappropriatebuilt-inchecksforthecorrectandsecureentryand
processingofdata,inordertominimizetherisks.
Prepared by: G. Jaya krishna 39
DocumentationsuppliedwithCommercial-off-the-shelfproductsshouldbe
reviewedbyregulateduserstocheckthatuserrequirementsarefulfilled.
Evidenceofappropriatetestmethodsandtestscenariosshouldbe
demonstrated.Particularly,systemparameterlimits,datalimitsanderror
handlingshouldbeconsidered.
ValidationdocumentationshouldincludeChangeControlrecordsandreports
onanydeviationsobservedduringthevalidationprocess.
Ifdataaretransferredtoanotherdataformatorsystem,validationshould
includechecksthatdataarenotalteredinvalueand/ormeaningduringthis
migrationprocess.
Computerizedsystemsexchangedataelectronicallywithothersystemsshould
includeappropriatebuilt-inchecksforthecorrectandsecureentryand
processingofdata,inordertominimizetherisks.
Prepared by: G. Jaya krishna 39
21 CFR Part 11-Background
21CFRPart11isalawthatensurescompaniesimplementgoodbusiness
practices.
21CFR(CodeofFederalRegulations)Part11hasdefinedbytheUSFDA
regulationsthatsetforththecriteriaappliestoelectronicrecordsandelectronic
signaturesthatpersonscreate,modify,maintain,archive,retrieve,ortransmit
underanyrecordsorsignaturerequirementsetforthintheFederalFood,Drug,
andCosmeticAct,thePublicHealthServiceAct,oranyFDAregulation
Part11allowsacompanytoimplementcomputersystemsthatwillgreatly
increasetheefficiencyofindividuals,reduceerrorsbyidentifyingrisks,and
increaseoverallproductivityofthecompany.
InMarch1997,FDAissuedfinalPart11regulationsthatprovidecriteriafor
acceptancebyFDA,undercertaincircumstances,ofelectronicrecords,
electronicsignatures,andhandwrittensignaturesexecutedtoelectronic
recordsasequivalenttopaperrecordsandhandwrittensignaturesexecutedon
paper.
Prepared by: G. Jaya krishna 40
21CFRPart11isalawthatensurescompaniesimplementgoodbusiness
practices.
21CFR(CodeofFederalRegulations)Part11hasdefinedbytheUSFDA
regulationsthatsetforththecriteriaappliestoelectronicrecordsandelectronic
signaturesthatpersonscreate,modify,maintain,archive,retrieve,ortransmit
underanyrecordsorsignaturerequirementsetforthintheFederalFood,Drug,
andCosmeticAct,thePublicHealthServiceAct,oranyFDAregulation
Part11allowsacompanytoimplementcomputersystemsthatwillgreatly
increasetheefficiencyofindividuals,reduceerrorsbyidentifyingrisks,and
increaseoverallproductivityofthecompany.
InMarch1997,FDAissuedfinalPart11regulationsthatprovidecriteriafor
acceptancebyFDA,undercertaincircumstances,ofelectronicrecords,
electronicsignatures,andhandwrittensignaturesexecutedtoelectronic
recordsasequivalenttopaperrecordsandhandwrittensignaturesexecutedon
paper.
Prepared by: G. Jaya krishna 40
21 CFR Part 11-Background
Electronicsignaturesthatareintendedtobetheequivalentof
handwrittensignatures,initials,andothergeneralsigningsrequiredby
predicaterules.
Theseregulations,whichapplytoallFDAprogramareas,were
intendedtopermitthewidestpossibleuseofelectronictechnology,
compatiblewithFDA'sresponsibilitytoprotectthepublichealth.
Part11signaturesincludeelectronicsignaturesthatareused,for
example,todocumentthefactthatcertaineventsoractionsoccurredin
accordance withthepredicaterule(e.g.approved,
reviewed,andverified).
Prepared by: G. Jaya krishna 41
Electronicsignaturesthatareintendedtobetheequivalentof
handwrittensignatures,initials,andothergeneralsigningsrequiredby
predicaterules.
Theseregulations,whichapplytoallFDAprogramareas,were
intendedtopermitthewidestpossibleuseofelectronictechnology,
compatiblewithFDA'sresponsibilitytoprotectthepublichealth.
Part11signaturesincludeelectronicsignaturesthatareused,for
example,todocumentthefactthatcertaineventsoractionsoccurredin
accordance withthepredicaterule(e.g.approved,
reviewed,andverified).
Prepared by: G. Jaya krishna 41
21 CFR Part 11-ERES Contents
Subpart A: General Provisions
•11.1 Scope
•11.2 Implementation
•11.3 Definitions
Subpart B. Electronic Records
•11.10 Controls for Closed Systems
•11.30 Controls for Open Systems
•11.50 Signature Manifestations
•11.70 Signature/Record Linking
Subpart C: Electronic Signatures
•11.100 General Requirements
•11.200 (a) Controls and Components for Non-Biometrics
•11.200 (b) Controls and Components for Biometrics
•11.300 Identification of Codes and Passwords
Prepared by: G. Jaya krishna
42
Subpart A: General Provisions
•11.1 Scope
•11.2 Implementation
•11.3 Definitions
Subpart B. Electronic Records
•11.10 Controls for Closed Systems
•11.30 Controls for Open Systems
•11.50 Signature Manifestations
•11.70 Signature/Record Linking
Subpart C: Electronic Signatures
•11.100 General Requirements
•11.200 (a) Controls and Components for Non-Biometrics
•11.200 (b) Controls and Components for Biometrics
•11.300 Identification of Codes and Passwords
Prepared by: G. Jaya krishna
42
21 CFR Part 11-Overview
Validationofsystemstoensureaccuracy,reliability,consistent,intended
performanceandtheabilitytodiscerninvalidoralteredrecords
Theabilitytogenerateaccurateandcompletecopiesofrecordsinbothhuman
readableandelectronicformsuitableforreview,inspection
Protectionofrecordstoenabletheiraccurateandreadyretrievalthroughoutthe
recordsretentionperiod
Limitingsystemaccesstoauthorizedindividuals.Uniquecombinationofuser
nameandpassword
Useofsecure,computer-generated,time-stampedaudittrailstoindependently
recordthedate&timeofoperatorentriesandactionsthatcreate,modifyor
deleteelectronicrecords
Useofoperationalsystemcheckstoenforcepermittedsequencingofsteps&
eventsasappropriate
Prepared by: G. Jaya krishna 43
Validationofsystemstoensureaccuracy,reliability,consistent,intended
performanceandtheabilitytodiscerninvalidoralteredrecords
Theabilitytogenerateaccurateandcompletecopiesofrecordsinbothhuman
readableandelectronicformsuitableforreview,inspection
Protectionofrecordstoenabletheiraccurateandreadyretrievalthroughoutthe
recordsretentionperiod
Limitingsystemaccesstoauthorizedindividuals.Uniquecombinationofuser
nameandpassword
Useofsecure,computer-generated,time-stampedaudittrailstoindependently
recordthedate&timeofoperatorentriesandactionsthatcreate,modifyor
deleteelectronicrecords
Useofoperationalsystemcheckstoenforcepermittedsequencingofsteps&
eventsasappropriate
Prepared by: G. Jaya krishna 43
21 CFR Part 11-Overview
Authorizedindividualscanonlyusethesystemandcanelectronicallysigna
record
Thepersonswhodevelop.Maintain,useER/ESsystemsshallhavethe
Education,TrainingandExperiencetoperformtheirassignedtasks
Theindividualsareaccountableandresponsiblefortheactionsinitiatedunder
theirelectronicsignatures
SignatureManifestationitmusthaveDateandtime,completenameofsigner
andMeaningofsignature
EachElectronicsignatureshallbeuniquetooneindividualandshallnotbe
reused,reassignedtoanyoneotherthantheoriginaluser
ShouldverifytheidentityofanindividualbeforeassigningElectronicsignature
Prepared by: G. Jaya krishna 44
Authorizedindividualscanonlyusethesystemandcanelectronicallysigna
record
Thepersonswhodevelop.Maintain,useER/ESsystemsshallhavethe
Education,TrainingandExperiencetoperformtheirassignedtasks
Theindividualsareaccountableandresponsiblefortheactionsinitiatedunder
theirelectronicsignatures
SignatureManifestationitmusthaveDateandtime,completenameofsigner
andMeaningofsignature
EachElectronicsignatureshallbeuniquetooneindividualandshallnotbe
reused,reassignedtoanyoneotherthantheoriginaluser
ShouldverifytheidentityofanindividualbeforeassigningElectronicsignature
Prepared by: G. Jaya krishna 44
21 CFR Part 11-Overview
Theelectronicsignaturesareintendedtobethelegallybindingequivalentof
traditionalhandwrittensignatures
Electronicsignaturenotbasedonbiometricsshallhavetwodistinguished
componentssuchasIdentificationcode(username)andpasswordandtheir
combinationshouldbeunique(Notwoindividualscanhavethesame
combination)
ProceduresshallbeinplaceforPasswordperiodicchecking,De-authorization
ofpasswords,invalidattempts.
Systemshalllockoutonconsecutiveunsuccessfulattempts(Invalidattempts)
Systemshallhaveautologoutprovision
Prepared by: G. Jaya krishna 45
Theelectronicsignaturesareintendedtobethelegallybindingequivalentof
traditionalhandwrittensignatures
Electronicsignaturenotbasedonbiometricsshallhavetwodistinguished
componentssuchasIdentificationcode(username)andpasswordandtheir
combinationshouldbeunique(Notwoindividualscanhavethesame
combination)
ProceduresshallbeinplaceforPasswordperiodicchecking,De-authorization
ofpasswords,invalidattempts.
Systemshalllockoutonconsecutiveunsuccessfulattempts(Invalidattempts)
Systemshallhaveautologoutprovision
Prepared by: G. Jaya krishna 45
G. Jaya Krishna
46
46
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 4,162
- Slides 46
- Favorites 4
- Age 1592 days
Related Slideshows
36
Clinical approach Dyspnoea A simple and practical approach.pptx
ShajahanPS
25 views
238
Cancer Awareness therapy for public by Dr Kanhu Charan Patro
kanhucpatro
24 views
41
Prof Satyadas Memorial oration Kozhikode.pptx
ShajahanPS
20 views
26
Viral Conjunctivitis and it;s managment.pptx
ZaidAzhar
34 views
30
Essential Thrombocythemia 15 Years of Experience at the Hematology Department, Algies, Algeria.pdf
sbelakehal
30 views
10
Hypertension sign symptoms cmdt style with regime
androiddabest
31 views