Deleting Electronic Data

Hybrid Systems (Deleting Electronic Data)
In Hybrid systems the computerised system is used to generate a record which is printed and hand signatures applied. The decision for the regulated company is whether the electronic record (or raw data) should be kept or deleted from the system.

In the FDA Guidance “Part 11, Electronic Records; Electronic Signatures — Scope and Application” under

Read More

CSV Periodic Review

Regulatory requirement
Both the FDA and EU GMP’s detail the requirement for demonstrating that a computer system remains in a validated state throughout its operating history.

FDA 21 CFR 211.68(b) States:
“Input to and output from the computer or related system of formulas or other records or data shall be checked for accuracy. The degree and frequency of input/output verification shall be based

Read More

Spreadsheet Validation

Spreadsheets have become commonly used within a wide range of applications within the pharmaceutical and biotechnology industries. These range from the management of documentation lists through to complex algorithms used to support batch release.

This post provides a description of a risk based approach to the validation of spreadsheets. As with all posts comments are welcome.
The approach to

Read More

FDA Announce Part 21 CFR 11 Inspections

Image via WikipediaAs detailed within the post 21 CFR Part 11 Warning Letters the FDA are planning to start conducting part 11 inspections soon.

Published on the FDA website the agency states:

The Agency (FDA) will be conducting a series of inspections in an effort to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the August 2003

Read More

Software Validation

The validation of computer software within the Pharmaceutical Industry is providing documented evidence that the software and computer system is fit for its intended purpose.

Quality can not be tested in to the system it must be designed. This is why developing a lifecycle approach to software validation should be taken, to design in quality from concept, through the requirements, design and

Read More

Auditing Software Suppliers (Part 1)

Introduction to Software Supplier AuditsThis blog is the first of a series of planned articles on the process for quality system auditing suppliers of software and computerised systems. This blog concentrates on the GMP and Regulatory requirements for performing supplier audits, future posts are planned for discussing the auditing process.

A supplier quality audit can be a critical phase of any

Read More

CSV FDA Warning Letters : Security / Audit Trail

Date: 12 August 2008
Link: FDA Warning Letter (New Window)

Observation6. Failure to establish appropriate controls over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel as required by 21 CFR 211.68 (b).
For example, the [redacted] data acquisition system for the [redacted] UV/Visible

Read More

CSV FDA Warning Letter : Periodic Review

Date: 21 May 2010
Link: FDA Warning Letter (New Window)

Observation6. Your firm failed to check the accuracy of the input to and output from the computer or related systems of formulas or other records or data and establish the degree and frequency of input/output verifications [21 CFR § 211.68(b)].

For example, the performance qualification of your (b)(4) system software (Validation No.

Read More

21 CFR Part 11 Warning Letters

From the review of the FDA Warning Letters I could not find any observations for pharmaceutical or biotechnology companies directly citing non compliance against 21 CFR Part 11.

21 CFR Part 11 - The next stepFrom the review of the published FDA Warning letters the observations relating to the security and electronic records have not been cited against 21 CFR part 11 however the agency selected

Read More

CSV FDA Warning Letter : Security Controls

Date: 14 Jan 2008
Link: FDA Warning Letter (New Window)

Observation3. Failure to have a validated and secure computerized system. Additionally, there were no written protocols to assign levels of responsibilities for the system.

It was noted that the [redacted] instrument model [redacted] used for the analysis of [redacted] failed to have password control for the analysts and the supervisor.

Read More

FMEA for Computer Systems

I have published an article on the Computer Systems Validation web site (www.csv-qa.com) for performing Failure Mode Effect Analysis (FMEA) for automation and process control equipment.

This article provides an introduction to performing a FMEA risk assessment for computer system validation as part of a quality risk management process.

The process details application of the approach included

Read More

CSV FDA Warning Letters : Security

Date: 16 April 2007
Link: FDA Warning Letter (New Window)

Observation
6. Appropriate controls are not exercised over computers or related systems to assure that changes in analytical methods or other control records are instituted only by authorized personnel [21 CFR 211.68(b)]. Specifically,
a) There was a failure to validate the [redacted] software to assure that all data generated by the

Read More

What is a risk based approach?

As discussed in a previous article (Changes in Validation) a risk based approach to computer systems validation has change the way validation is performed.

Spend LessMany in the pharmaceutical and biotech industries miss understood the message of a Risk Based Approach as an opportunity to take quality risk and spend less on the introduction of new equipment; that is to take a risk.

However this

Read More

CSV FDA Warning Letters : Audit Trail

Date: 14 January 2010
Link: FDA Warning Letter (New Window)

Observation6. Your firm has not exercised appropriate controls over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel [21 CFR 211.68(b)].

For example, your firm lacks systems to ensure that all electronic data generated in your

Read More

CSV FDA Warning Letters : Operational Compliance

Date: 21 December 2009
Link: FDA Warning Letter (New Window)

Observation19. Automatic, mechanical, or electronic equipment is not routinely calibrated, inspected, or checked according to a written program designed to assure proper performance [21 CFR 211.68(a)]. For instance, the mixer, scales, filling/dispensing machine, water distiller, foil heat sealing machine, drying chamber, and tablet

Read More

CSV FDA Warning Letters : Qualification

Date: 27 April 2009
Link: FDA Warning Letter (New Window)

Observation8. Failure to maintain a written record and appropriate validation data of computer or other automated processes used to perform calculations in connection with laboratory analysis [21 CFR 211.68(b)]. Refer to FDA 483, Observation 12. For example, the accuracy of calculations performed by the [(b)(4)] Spectrophotometer has not

Read More

CSV FDA Warning Letters : Security

Date: 07 May 2009
Link: FDA Warning Letter (New Window)

Observation5. Your firm has not exercised appropriate controls over computer or related systems to assure that changes in control records or other records are instituted only by authorized personnel [21 CFR 211.68(b)J. For example, one user account is established for two analysts to access the laboratory instrument's software on the

Read More

CSV FDA Warning Letters : ERP and Calibration

Date: 07 May 2009
Link: FDA Warning Letter (New Window)

Observation4. Failure to routinely calibrate, inspect, or check according to a written program designed to assure proper performance of automatic, mechanical, or electronic equipment, including computers, used in the manufacture, processing, packing and holding of a drug product. [21 CFR 211.68]

Part A
A. The Enterprise Resource Planning

Read More

CSV FDA Warning Letters : Qualification

Date: 08 April 2010
Link: FDA Warning Letter (New Window)

Observation7. Your firm failed to routinely calibrate, inspect, or check automatic, mechanical, or electronic equipment according to a written program designed to assure proper performance [21 C.F.R. § 211.68(a)].
For example, your firm has not conducted performance qualification for the (b)(4) unit-dose packaging machine (b)(4)™ to

Read More

Computer System Impact / Risk Assessment

Purpose of Risk AssessmentThe purpose of the risk assessment process is to ensure that the validation (quality) effort is directed at the systems that have the potential to impact product quality, efficacy and data integrity (throughout this article referred to as Product Quality).
Initial Risk AssessmentsIn the ISPE Commissioning and Qualification Guide the approach to an initial impact

Read More

FDA to Increase Inspections in 2010

The US Food and Drugs Administration (FDA) have been given a significant budget increase for 2010 as reported on Congresswoman Rosa DeLauro web site.


Introduced by Rep. Rosa DeLauro (D-CT), the bill (H.R. 2997) provides the amount that President Obama requested for the agency, which is roughly $373 million more than the FDA’s budget for fiscal 2009 (15% increase).

The funds will help the FDA

Read More

MHRA Inspection Trends

Unlike the US Food and Drugs Administration (FDA) the Medicines and Healthcare products Regulatory Agency (MHRA) do not publish individual findings however they have published inspection trends.

The result of the trends shows that Computer Systems Validation has a number of Major Observations. Comments or observations from the trended data are welcome.

Link to MHRA Inspection Trends

Read More

Efficient Software Testing

Testing, as with all validation activities, is not only performed to demonstrate regulatory compliance but to ensure that the system operates correctly.

The level of testing performed should be dependant on the complexity, maturity and criticality of the system.

A standard laboratory instrument should not need the same level of testing as a bespoke automated control system. This is where the

Read More

ISPE GAMP5

GAMP 5 was released in 2008 detailing “Risk Based Approach to Compliant GxP Computerised Systems” with the tag line “Enabling Innovation” and was hailed as a major advancement in the industry.

This article provides a short review of the GAMP guide and the benefits to the industry.

ASTM StandardThe publishing of the ASTM Standard E2500-07 in June 2007 set the scene for

Read More

GAMP5 Software Categories

As discussed in ISPE GAMP 5 the GAMP Categories for hardware and software have been retained in GAMP 5, all be it in a modified format from GAMP4.

The software categories identified in GAMP 5 do not fit with determining the risk to product quality, efficacy or data integrity and no longer plays an integral part to determining that a computer system is fit for purpose.

The complexity and the

Read More

Changes in validation

There have been many changes to the approach to validation of equipment, including computerised systems over the last few years. This has culminated in the release of GAMP 5 in 2008.

The changes in approach started with the publication of the ICH Q9 (Quality Risk Management) in 2005 and adopted by the major agencies. This presented a risk based approach to quality management including validation

Read More