Riunione Gruppo GCP
Qual è il Processo della
Computer System Validation?
Dr. D. Marcozzi
Head of Clinical and CSV QA dept. of SIGMA-TAU
Milano, 31 marzo, 2005
Parleremo di:

CONVALIDA

FORNITORI


Analisi e Gestione del RISCHIO
Nuova visione delle CONVALIDE
Cos’è la CONVALIDA?
Si si …un bel vestito….
Cos’è la CONVALIDA?
Cos’è la CONVALIDA?
Mi dicono che
avrei fatto
una
CONVALIDA??
Cos’è la CONVALIDA?
O meglio………….
Che cos’è la Computerized System
Validation (CSV)
Primo: cos’è un Computerized
System?
Personnel
Software
Hardware
Documentation
Instrument
Documentation
Control System
Procedures
Infrastructure
Operating Environment
Validation is….
“Establishing documented evidence which provides a
high degree of assurance that a specific process
will consistently produce a product
meeting its pre-determined specifications
and quality attributes”
Current
Validation is the entire procedure of gathering
documented evidence that a computer-related process or
a system performs
according to its intended function
reliably and consistently throughout its life.
Le parole “CHIAVE”

Documented

Process/system

Pre-Determined

Quality Attributes

Entire Procedure

Reliably and consistently

Life
The life cycle concept of
Computer Validation
Validation is a PROCESS, not an event
Validation activities span the entire System Life Cycle:
 Planning







Requirements Analysis
Design
Implementation
Testing
Acceptance
On going
Retirement
Planning and Implementation
A Life cycle approach
Requirements
Maintenance
System
Selection
User
Documentation
Operation
Specify
&
Design
Qualification
Supplier
Testing
Build
Planning and Implementation
A Life cycle approach
URS
PQ
FS
OQ
DS
IQ
System
Build
Planning and Implementation
A Life cycle approach
Planning
Validation Plan
Specifications
URS, FS, DS (required)
Test Planning
(IQ,OQ,PQ)
Doc. come testare il
sistema
Testing
Test e risultati
Review
Validation Report
Validation activity and “life cycle”
PROJECT ACTIVITY
LIFE CYCLE PHASE
VALIDATION ACTIVITY
USER REQUIREMENTS
FUNCTIONAL SPEC.
PLANNING &
SPECIFICATION
VALIDATION PLAN
SUPPLIER AUDITS
SPEC. REVIEW
HW E SW DES. SPEC.
SW MODULE DES. SPEC.
MECH. & ELECTRIC SPEC.
DESIGN
DESIGN REVIEW
HW MANUF. & ASSEMBLY
CODE SW MODULES
EQUIP. MANUF. & ASSEMBLY
CONSTRUCTION
COSTRUCTION & CODE
REVIEW
HW TESTING
SW MOD.& INTEGR. TESTING
EQUIP TESTING
TESTING
MONITOR SUPPLIER
HW, SW, EQUIP. INSTALL.
HW ACCEPTANCE TESTING
INSTALLATION
IQ
SYSTEM ACCEPTANCE TEST.
ACCEPTANCE TESTING
OQ
PQ
VALIDATION REPORT
MAINTENANCE
CHANGE CONTROL
OPERATION
ONGOING OPERATION
Validation Scope and Effort
Validation Scope and Effort
should be commensurate with impact and value
of data, process, results. . .
size and complexity of the system and
how critical it is in
your routine and non-routine operations
Tanto più un sistema è critico e complesso
tanto maggiore
sarà lo “sforzo” di convalida…quindi…
Sistemi Be-spoke
Sistemi Customizzati
Sistemi Standard
Basic Approach to Validation
 Validation is a process, not an event
 Planning activity should be performed as a Team
 Keep the validation process under control
Le finalità….da GCP
Qualora si avvalga di sistemi elettronici di elaborazione
dei dati e/o sistemi di inserimento a distanza per la
gestione dei dati relativi alla sperimentazione, lo
Sponsor….
Garantire e documentare che il sistema elettronico per
l’elaborazione dei dati sia conforme ai requisiti di
completezza, precisione, affidabilità stabiliti dallo
Sponsor e che questi siano conformi alle caratteristiche
prefissate (cioè Validazione)
Le finalità

Validating Data

Validating the System
handling the Data
Nel 1999… l’FDA
Pubblica una nuova Guidance for Industry
“Computerized System Used in Clinical Trials”
Per essere accettabili, i dati debbono soddisfare certi
elementi fondamentali di qualità se raccolti e registrati
elettronicamente o su carta
I dati debbono essere:
A ttribuibili (Source & Recorder are Known)
L eggibili (Human readable)
C ontemporanei (Recorded when observed)
O riginali (Honest data/not fraud)
A ccurati (Correct, repeatable results)
ALCOA
Ed ora… gli attori…
FORNITORE
CLIENTE
CLIENTE
FORNITORE
CLIENTE
IT
USER
QA
FORNITORE
COMMERCIALE
e……
QA
According to specific rules or guidelines
defined for each environment
Il peso del QA….
QA
IT
Il peso del QA….
Requisiti Regolatori
Requisiti di Processo
Requisiti Tecnici
IT
Pianificazione e Testing
Qualifica dei fornitori
Qualità della documentazione
QA
Il QA… ovunque nella CSV
Valutazione Fornitori
Risk Assessment
Definizione Requisiti Utente
Definizione delle politiche di convalida
Piani e test di convalida
Revisione ed Approvazione dei
documenti di convalida
Il QA… ovunque nella CSV
Approvazione dei cambiamenti
Revisione ed Approvazione delle SOPs
di convalida e CSV generali
Audit periodici
Punto di riferimento normative CSV
E le SOPs?













Training
Vendor Evaluation
Gestione Documentazione di Convalida
Change Control
Configuration Management
Problem Reporting
Security
QA
Back-up
Restore
Archiving Clinical Data
Maintenance
Disaster Recovery/Business Continuity
Periodic Review
FORNITORE
COMMERCIALE
e……
Planning and Implementation
A Life cycle approach
URS
PQ
FS
OQ
DS
IQ
System
Build
Evaluation should preferably be derived from a
reliable audit of the software developer (supplier),
performed by the end user’s organization or a
trusted and competent third part.
Da GMP…..
...Validation should be considered as part of the complete
life cycle of a computer system. This cycle includes the stages
of planning, specification, programming, testing,
commissioning, documentation, operation, monitoring and
modifying… (by supplier!).
The software is a critical component of a computerized
system. The user of such software should take all reasonable
steps to ensure that it has been produced in accordance with
a System of Quality Assurance.
CS Validation Documents
GAMP
Client responsibility
Supplier responsibility
Audit Report
Validation Plans
Planning
Test Plan
Validation
Master Plan
Design Spec.
Functional Spec.
User Requirement
Specifications
Specifications
Quality and
Project Plan
Testing
Factory/Site
Acceptance Test
SOPs
Protocolli
DQ, IQ, OQ, PQ
Master Index
Validation Report.
Report
IQR, OQR, PQR
SOPs
Validation
Summary
On-Going
User Manuals
Why do we have to audit the
Suppliers?

The primary purpose of an audit is to assess the
controls, procedures, and practices which are in
place for the development and maintenance of a
product

Is a form of review that provides confidence
concerning the validity and accuracy of a product or
process now and in the future

Audits should be viewed as a learning experience
and should be conducted as a cooperative effort
SW Supplier Evaluation
Intent
“To ensure that the supplier produces a quality
product, and to obtain information to plan
computer validation activities”
“Tools”




Collection of available information
Request for Information (questionnaire)
Audit
Follow up
Supplier Evaluation Tools
RISKS
EVALUATION
THROUGH
REFERENCES
EVALUATION
THROUGH
EXPERIENCES
REQUEST FOR
INFORMATION
3RD PARTY
AUDIT
SPECIFIC
FIRM AUDIT
COSTS
Supplier Qualification model
Telephone Audit
Request for Information (RFI)
Information from other companies or from market
EVALUATION COST
SYSTEM RISK CATEGORY
Site Audit
Check…Independence of SW Validation
Validation activities should be conducted
using the basic quality assurance precept
of “independence of review”.
Self-validation is extremely difficult; an
independent review is always better.
Check…Independence of SW Validation
Computer system validation should be
performed by persons other than those
responsible for building the system.
Validation: Client Responsibility !
PLANNING
Normative
Guidelines
Manufacturer has
flexibility in
choosing how to
apply the validation
principles, but
retains ultimate
responsibility for
demonstrating that
the software has
been validated.
Client Responsibility !
Client with regulatory responsibility needs
to assess the adequacy of the software
developer’s activities and determine what
additional efforts are needed to establish
that the software is validated.
Supplier selection (and supplier)
is important
...but
Validation Responsibility is always
on the Client’s side
Validated Packages don’t exist!!
Supplier may provide a “Validation
Package”, showing that the
standard version of the product
has been validated “in Factory”
Client has to perform an “on-Site”
Validation
Quindi….
La validazione è una nostra responsabilità
Si deve Validare nel nostro “ambiente”
Non è una responsabilità del Fornitore del
sistema
I sistemi forniti (anche quelli più standard)
sono validabili, da validare e non già validati
Quanto più il fornitore è
affidabile…di QUALITA’
Prima
DopoVerificare!!!
e sempre
Tanto menoValidare!!!
sforzo di convalida
dovremo pianificare
Ora parliamo di
RISK MANAGEMENT….
RISK ANALYSIS…..
Solo un accenno….
prendiamo spunto dalla
realtà!
Da FDA….
Pharmaceutical CGMPs for the 21st century
A Risk-Based Approach Final Report september 2004
In August 2002, FDA announced a significant new initiative,
Pharmaceutical Current Manufacturing Practices (CGMPs) for
the 21st Century, to enhance and modernize the regulation of
pharmaceutical manufacturing and product quality for
veterinary and human drugs….
Objective:
Encourage implementation of risk-based approaches that
focus both industry and Agency attention on critical areas
Da FDA….
21 CFR Part 11 Guidance…
Whit the issuance in 2003 of the guidance for industry
part11, Electronic Records, Electronic Signature- Scope and
Application, many barriers to scientific and technological
advances were removed, and the use of risk-based
approaches to managing computer systems is encouraged.
Risk Analysis
/
Computer Validation
 Protect against the risks to patient safety
 Maximize the business benefits
 Help to determine the extent of validation
 Give a rationale to justify Validation approach in case of Inspection
 Concentrate the validation effort
A Good Start
Perform Assessment
Dove siamo?
Da cosa cominciamo?
Dove vogliamo andare?
Risk Analysis: the Value
The more you know about your
computer system
The more you focus the
validation
Test
Better you will use your resources…. and money!
Nuovo approccio alle Convalide….
Nel 1990 GAMP…
Nasce
nell’ambiente
GMP
Good Automated
Manufacturing Practice
Scopo della linea-guida è quello di assistere le
aziende farmaceutiche, biotecnologiche,
medical devices nell’implementazione di sistemi
automatizati validati e compliant con i requisiti
normativi
…nuove GAMP… 2001
Le nuove GAMP coprono tutti i requirements GMP, GCP,
GLP e GDP
Si potrebbero chiamare GA
“M-C-L-D”
Più attenzione al Processo!
P
Nuovo approccio alle Convalide….
Da…
Performance
A…..
Process
QUALIFICATION !
FINE…..
Grazie per la
PAZIENZA!!