In our industry, Computer system validation is the process of ensuring that a computer system is fit for use and is functioning according to user requirements. The FDA defines computer software validation as “confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled” (FDA, 2002). To be compliant with 21 CFR Part 11, companies must demonstrate that their computer systems are secure, accurate, and reliable.
Blue Mountain Regulatory Asset Manager (RAM) is a 21 CFR Part 11 compliant intelligent asset management software, designed exclusively for the life sciences. Blue Mountain RAM features built-in best practices and combines the capabilities of an Enterprise Asset Manager (EAM), a Computerized Maintenance Management System (CMMS), and a Computerized Calibration Management System (CCMS) all while ensuring GMP compliance.
Let’s Get Started
If you use computers or automated data processing systems for manufacturing or quality assurance purposes, the FDA requires that you validate the computer’s intended use by following a specific protocol. Below we will go through the steps required to conduct your own computer systems validation. We’re going to Discover, Plan then Execute everything you need to be up-to-date and compliant with all the policies and procedures we’ve discussed.
- Discover – Define the Scope of the Validation
First, we need to identify the specific system(s) that need to be validated and define their intended use. In order to discover all the systems and functions that will need to be included in your scope, you may need to familiarize yourself with other stakeholders and end users in your organization. From this list, you must now identify all the testing methods and their deployments in order to meet all the potential requirements of the systems themselves and the software running on them.
Software requirements are typically given by vendors. Special consideration should be taken when formulating end-user processes. Documented requirements and risk analysis of the system help to define the scope of the evidence needed to show that the software is validated for its intended use.
Once you have all the systems, their functionality, and the tests needed to satisfy the accurate operation of you’re ready to create your validation plan.
- Plan – Create a Validation Plan
Your plan should include a detailed description of the validation process, including the testing methods that will be used to ensure the system’s accuracy and reliability. During this step, we would use our user requirements and system specifications to write our qualification protocol documents. Keep your Quality team involved in validating our plan-making to ensure the process is thoroughly developed.
Installation Qualification (IQ)
The IQ captures software/system installation requirements. The document outlines testing to ensure it is compliant with appropriate codes and design intentions.
Operational Qualification (OQ)
The OQ document captures system performance expectations. It serves as a detailed review of the software startup and base operation. Tests outlined in the OQ are executed to ensure the system is accurate, reliable, and secure.
Performance Qualification (PQ)
The PQ document captures the end-user requirements of the system. Tests outlined in the PQ should reflect processes that end users will encounter, establishing them as effective and reproducible
21 CFR Part 11 Controls to include:
- Data should be stored in an electronic format that is as trustworthy as paper records (and is archivable).
- The system must ensure the trustworthiness of electronic signatures
- The system must have access controls to ensure only authorized users have access.
- Password controls (including complexity and expiry) must be available in the system
- The system must be able to generate an audit trail of every activity performed in the system.
- Execute – Perform the Validation
The Validation will be performed in the new system’s environment. First, we execute the IQ, which tests that the system has been installed and set up according to the design specification. Then We execute the OQ to ensure all functionality specified is present and working properly.
Finally, we execute the PQ to ensure the system is fit for end users. Our last task is to create a summary document signing off that those specifications are met and the system is ready to go live.
At Blue Mountain, we offer plans to help along the way. Our teams of QA and Software analysts work together to ensure your system is fully validated. Our IQs, OQs, and PQs are written to ensure all controls of the software are captured. We even write custom PQs to your specification.
Computer systems validation concepts are an ever-evolving component of running an FDA 21 CFR Part 11 compliant computer system. As more features are identified and added to a system, the process will become cyclical. With each upgrade to a system, Blue Mountain repeats the IQ, OQ, and PQ processes. We identify the components to be installed, we validate that the new feature is working as intended, then we perform tests for its intended use.
Your first validation of a new system will be far from its last.
Importance of Computer Systems Validation
Software validation can increase the usability and reliability of the device, resulting in decreased failure rates, fewer recalls and corrective actions, less risk to patients and users, and reduced liability to device manufacturers. Testing software through validation can help to cut down expenses in the future as it makes it more efficient and inexpensive to make modifications and test them for accuracy.