Guidance for Industry: Computerid System Validation
Version 1.0
Drug Office
Department of Health
Contents
1.Introduction (3)
2.Purpo of this document (3)
3.Scope (3)
4.Definitions (3)
5.Overview of Computerid System Validation (3)
6.The Computerid System Life Cycle (5)
7.Planning Pha (8)pn
8.Specifications Pha (10)
9.Implementation & Verification Pha (10)
10.Reporting & Handover (System Relea) Pha (12)
11.Operations Management (12)
12.System Retirement (15)
1.Introduction
The purpo of this guideline is to provide guidance to industry for risk-bad compliance and life-cycle management of computerid systems as required by the PIC/S Guide to Good Manufacturing Practice for Medicinal Products PE 009-10 - Annex 11 (Computerid Systems).
There may be other acceptable approaches that provide an equivalent level of quality assurance.
This guideline is not intended to create additional requirements and is not intended to form the basis
for GMP inspections.
teo2.Purpo of this document
To provide guidance to industry on risk-bad compliance and life-cycle management of computerid systems.
3.Scope
3.1In Scope
This guideline applies to all computerid systems ud as a part of GMP regulated activities (as covered in PIC/S, Part I and II) including IT infrastructure that supports GMP regulated systems.
It outlines the scope and compliance requirements and provides a general approach for the validation of computerid systems.
3.2Out of Scope
Computerid Systems and IT infrastructure that are not related to GMP regulated activities.ngk火花塞
4.Definitions
Process Owner The person responsible for the business process.1
Raw Data Any work-sheets, records, memoranda, notes, or exact copies thereof, that are the result of original obrvations and activities and which are necessary
for the reconstruction and evaluation of a work project, process or study
report, etc. Raw data may be hard/paper copy or electronic but must be
known and defined in system procedures.2
System Owner The person responsible for the availability, and maintenance of a computerid system and for the curity of the data residing on that system.3
5.Overview of Computerid System Validation
Validation is an esntial part of GMP. It is an ongoing t of activities which continues from the initiation of the project until system retirement. Computerid System Validation (CSV) is performed
bad on activities that occur throughout the entire life cycle.4 Therefore, validation activities must be planned, specified, built/configured, verified against the specification, and ultimately reported.
pomelo
casu marzuWhere a computerid system replaces a manual operation, there should be no resultant decrea in product quality, process control or quality assurance. Computerid systems ud in the manufacture of pharmaceutical products should be properly designed, validated and
1PIC/S Guide to GMP for Medicinal Products (PE 009-10) – Annexes, 1 January 2013, Annex 11, Glossary
2PI 011-3 PIC/S Guidance Good Practices for Computerid System s in Regulated “G X P” Environments, 25 September 2007, Glossary我们撞到外星人
3PIC/S Guide to GMP for Medicinal Products (PE 009-10) – Annexes, 1 January 2013, Annex 11, Glossary
4PIC/S Guide to GMP for Medicinal Products (PE 009-10) – Annex 11, Glossary
maintained to ensure that the system rves its intended purpo and meets its quality attributes in a consistent manner.
The applications should be validated and it is expected that the infrastructure on which the validated applications are dependent, is compliant and controlled. Therefore, the IT infrastructure which supports the GMP regulated activities should be qualified.
5.1Risk-Bad Approach to Computerid System Validation
Risk management should be applied throughout the lifecycle of the computerid system taking into account patient safety, data integrity and product quality. Several risk asssments may need to be performed at various stages of a computeris ed system‟s life cycle. The objective of quality risk management is to identify, analy and categori GMP risks and determine the appropriate controls required to manage the risks.
The risk-bad approach will be further discusd in Section 7 “Planning Pha”.
5.2Roles and Responsibilities
In accordance with PIC/S Guide to Good Manufacturing Practice for Medicinal Products PE 009-10 - Annex 11 (Computerid Systems), roles and responsibilities (e.g. Business Process Owner, System Owner, Supplier, IT, etc.) must be clearly defined and documented for the life cycle of a computerid system.
多多马
The Process Owner is responsible for ensuring the compliance of the computerid system and has the end-to-end responsibility of the business process, whereas the System Owner is responsible for ensuring the system is supported, maintained and is available for u throughout the lifecycle. In some instances, the Process Owner may take over the role of the System Owner and vice versa.
Furthermore, responsibilities for writing, approving and authorising documents should also be defined. Activities and responsibilities can be assigned by using a matrix to list the responsible and deliverables for each task.
5.3Prospective and Legacy Systems Validation
It is expected for validation to be conducted prospectively for all new systems and where possible, for existing systems (legacy systems). However, in the event where legacy systems validation is required, it may be supported by a comprehensive review of historical data in addition to re-defining, documenting, re-qualifying, prospectively validating applications and introducing GMP related life-cycle controls to assure that existing systems are operating correctly. Good historical data may be ud instead of testing. Lack of adequate evidence to support the validation process will make it difficult to perform a meaningful validation and thus can lead to suspension or shut-down of systems if imposing life-cycle controls and testing also cannot be performed.
Retrospective validation is not equivalent to prospective validation and it is not a preferred method for computerid systems; it is ud in exceptional cas (continued u is necessary, good data are available and re-testing is not feasible) only and it is not an option for new systems.
5.4Personnel & Training
Persons involved with computerid systems validation activities should be appropriately qualified in order to carry out their assigned duties.5
brunei
Personnel and contractors who are responsible for the development, operation, maintenance and administration of the computerid systems must have relevant training, education and experience for the particular system and role.
6Training measures and qualifications should be documented and stored as part of the Quality Management System (QMS).
5.5ERES (Electronic Records; Electronic Signatures)
Electronic records and electronic signatures are regarded as equivalent to paper records and hand-written signatures.6Systems that generate, store or process electronic records or u electronic sign
atures must be validated.
Electronic records
It must be possible for electronic records to be printed in a readable format.
For batch relea related records, it should be possible to generate and print out the changes made to the original data.
Electronic signatures
Electronic signatures should be unique to one individual and there must be procedures to ensure that the owners of the electronic signatures are aware of their responsibilities for their actions, i.e. Urs must be aware that electronic signatures have the same impact as hand-written signatures. Electronic signatures must be permanently linked to their respective electronic records to ensure that the signatures cannot be edited, duplicated or removed in anyway.6
Electronic signatures must clearly indicate:
∙The displayed/printed name of the signer;
∙The date and time when the signature was executed; and
∙The reason for signing (such as review, approval, responsibility, or authorship) associated with the signature.
sliced
5.6Documentation Standards and Good Documentation Practices
In a GMP environment, documentation needs to meet certain requirements to ensure product quality and product safety. Therefore, Documentation Standards and Good Documentation Practices are expected to be enforced in the computerid systems validation activities. The following is expected:
∙Documents are prepared, reviewed, distributed and stored with care;
∙Formal documentation standards are in place to ensure traceability;
∙Documents are approved, signed and dated by the appropriate responsible persons;
∙Changes to documentation are controlled by versioning and a record of modifications is prent;
∙Only approved copies of the master protocol, or appropriately identified record books should be ud for recording written data;
∙All entries are recorded in a clear, legible and indelible way with the minimum possible delay after the event by personnel who witnesd the event;
jabil
∙Writing errors is corrected with a single strike-out line, initialled, dated and reason explained.
.The Computerid System Life Cycle
A systematic approach to computerid system validation, which begins with initial risk
asssment and continues throughout the life of the system, must be defined to ensure quality is built into the computerid systems.
