The data integrity principles of “ALCOA+,” Attributable, Legible, Contemporaneous, Original or “True Copy,” Accurate, Complete, Consistent, Enduring, and Available must all be met for FDA-regulated data. These must be tested and confirmed during validation of the FDA-regulated system.

We will discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately, in accordance with FDA’s guidance.

We’ll provide an easy way of determining data integrity and Part 11 compliance for systems during validation to ensure testing is sufficient.

We will explore the best practices and strategic approach for evaluating computer systems used in the conduct FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment, and provide insight as to the differences between traditional computer system validation (CSV) and the more recent approach from FDA in their draft guidance on Computer Software Assurance (CSA). In particular, we’ll focus on critical thinking, along with a risk-based approach to validation to remove aspects of work that do not add value.

With CSA, there’s opportunity to leverage cloud services, Software-as-a-Service (SaaS) solutions, and automated testing. These will be discussed to ensure the best approach is taken for validating these types of products.

Most software vendors follow an agile methodology for software development, testing, release, and maintenance. We’ll cover both the traditional waterfall  approach to software life cycle management, and the “agile” approach, where phases are known as “sprints” and testing is much more streamlined and cost-effective.

We will cover the essential policies and procedures, as well as other supporting documentation and activities that must be developed and followed to support maintenance of a system in a validated state.  We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.

Finally, we will provide an overview of industry best practices, including GAMP®5, 2nd Edition (2022), with a focus on data integrity and risk assessment that can be leveraged to assist in all your GxP work. Included in this will be a discussion of the 12 Theses of Pharma 4.0, a proposed operating model being discussed in industry.

Areas Covered

Who Should Attend

Why Should You Attend    

Validation of any GxP system may be costly if not managed appropriately. The attendee will learn about strategic ways to plan, execute, and document work from validation activities based on the System Development Life Cycle (SDLC) approach. You will understand the differences between CSV and CSA, and learn how to validate newer types of technology, including cloud services, SaaS, and understand how to apply automated testing to the process. We’ll provide insight as to how to reduce the cost of validation and maintaining a system in a validated state through its life.

The attendees will learn a simple way to address both data integrity and Part 11 aspects of the system, focusing on risk and critical thinking. We’ll also compare the traditional waterfall approach and more current agile approach to managing software through its life.

We will also discuss industry best practices, including GAMP®5, and how to apply them in a new and modern technological environment. Learn how to validate systems using cloud services, SaaS solutions, and automated testing.

Regardless of the models and methods applied for validation, we will provide some unique ways to reduce costs for the overall process without reducing compliance. Understand how Pharma 4.0 can benefit an organization through the 12 Theses.

Topic Background    

Computer system validation has been regulated by FDA for more than 30 years, as it relates to systems used in the manufacturing, testing and distribution of a product in the pharmaceutical, biotechnology, medical device or other FDA-regulated industries. The FDA requirements ensure thorough planning, implementation, integration, testing, and management of computer systems used to collect, analyze, and/or report data.

Electronic records and electronic signatures (ER/ES) came into play through guidelines established by the FDA in 1997, and disseminated through 21 CFR Part 11. This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

In the early 2000s, FDA recognized they could not inspect every computer system at every regulated company and placed the onus on industry to begin assessing all regulated computer systems based on risk. The level of potential risk, should the system fail to operate properly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process. System size, complexity, business criticality, GAMP®5 category and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety.

FDA’s recent focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries. These include all systems that “touch” the product, meaning they are used to create, collect, analyze, manage, transfer, and report data regulated by the FDA. All structured data, including databases, and unstructured data, including documents, spreadsheets, presentations, and image files, audio and video files, amongst others, must be managed and maintained with integrity throughout their entire life cycle.