In this webinar, we will explore the best practices and strategic approach for evaluating computer systems used in the conduct of FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety.

We will discuss traditional CSV vs. CSA, the draft guidance issued in September 2022 by FDA, indicating the differences and similarities, and how they align.

We will explore validation following the traditional waterfall, phased approach, and following an agile methodology, with 2–3-week sprints for completing work products.

We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment.

We will also cover validation using Computer Off-the-Shelf (COTS), Cloud, and Software-as-a-Service (SaaS).

We will discuss the GAMP®5 guidance from ISPE and how to categorize software and test it thoroughly based on potential risk.

We will discuss the application of 21 CFR Part 11, FDA’s guidance for electronic records/signatures from 1997, and Annex 11, a similar guidance from the European Union (EU).

We’ll also cover data integrity requirements from FDA’s December 2018 guidance document, including how to leverage the ALCOA+ principals (attributable, legible, contemporaneous, original or true copy, accurate, complete, consistent, enduring, and available) for FDA-regulated systems.

We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.

Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment that can be leveraged to assist in all your GxP work

Areas Covered

Who Should Attend

Why Should You Attend    

This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.).  Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

The attendee will learn how to manage data from various sources, including those from locations governed by General Data Protection Regulation (GDPR; European Union), Health Information Portability and Accountability Act (HIPAA; US), and California Privacy Rights Act (CPRA).

The attendee will understand the importance of meeting the requirements for each regulation and will also learn about FDA compliance for computer systems regulated by the Agency. We will cover 21 CFR Part 11, the FDA guidance for electronic records/signatures, the FDA guidance for Data Integrity, and the FDA guidance for Computer System Validation (CSV; traditional approach from 1983) and FDA guidance for Computer Software Assurance (CSA; draft issued September 2022).
We will also discuss how to align work with GAMP®5, Second Edition (Issued July 2022).

Topic Background   

In today's ever-changing landscape of technology, there are many new considerations for computer system validation (CSV) to ensure the nuances of each innovative component. For example, we now have more FDA-regulated companies starting to use cloud services and Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Medical-Device (SaaMD), and the use of mobile devices.

We're seeing companies starting to move, as well, to an agile vs. waterfall approach for development and testing, and in some cases they are using automated testing.

In addition, the FDA is encouraging companies to follow the principles of Computer Software Assurance (CSA) vs. the traditional CSV. There is a need to apply critical thinking and a discovery mindset as we do the validation activities. This means treating each requirement based on potential risk if it were to fail, and doing testing for it accordingly.

In this webinar, we will review the current trends, including in technology and in FDA compliance and enforcement. We'll look at Data Integrity, 21 CFR Part 11 (Electronic Records/Electronic Signatures), European Union (EU) Annex 11, General Data Protection Regulation (GDPR), and other regulatory requirements.

We'll walk through the validation process and provide a review of the potential pitfalls as well as best industry practices. This class will also cover the requirements for maintaining a computer system regulated by FDA in a validated state throughout its life cycle.