PharmaState Blog

SOP for Computer System Validation in Pharmaceutical Industry

PharmaState Blog 1 year ago

FacebookTwitterLinkedInWhatsApp

1. Objective:

To lay down a procedure for computer system validation.

2. Scope:

This procedure is applicable for all computerized system used in GxP regulated activities.
This SOP is applicable for presently installed / available / planned computerized systems.
This practices and approaches can be also used for new such systems which may be brought
by the company in future.
3. Responsibility:

IT, production, quality assurance, engineering, quality control department

4. Procedure:

4.1 This procedure shall include validation of below computer system/software:

Manufacturing automation computer system/software: PLCs (Programmable logical

controllers), MMI (Man Machine Interphase), BMS (Building Management System) etc.

Production monitoring computer system/software: Material management software, Material

requisition and issuance software, work order management software, stock management
software.    Laboratory computer system/software: Laboratory management software,
computer system associated with HPLC, GC, LCMS/MS, UV-VIS spectrophotometry etc.,
laboratory calculations related software.

Batch release and other QMS system related computer system/software: Batch release
software, QMS recording software, labelling software.

4.2 List of computerized system shall be maintained and shall be updated in case of new
inventory.

4.3 Validation/qualification step shall include user requirement specification (URS), design
specification (DS), functional specification (FS), installation qualification (IQ), operational
qualification (OQ) and performance qualification (PQ) for new inventories.

4.4 Revalidation shall be performed in case of any major change. Periodic validation
(revalidation) shall be performed routinely as per validation policy mentioned in validation
master plan.

4.5 Below flow chart depicts the formal validation strategy:

4.6 User requirement specification (URS): URS shall be prepared and shall be evaluated. URS
shall contain requirement and specification e.g. security, access, storage, back-up, audit trail
etc.

4.7 Design specification:

4.7.1 Based on URS, design and configuration specification shall be prepared.

4.7.2 Design specification shall be preferably provided by vendor.

4.7.3 Configuration specification shall cover the appropriate configuration of computerized

system. This will include definition of all settings and parameters.

4.7.4 Hardware design shall define hardware components i.e. system, interface, component
architecture.

4.7.5 Network design specification shall include network diagram, security consideration
and performance requirement.

4.7.6 Risk associated with complex and major computer system/software (HPLC, GC etc.)
shall be assessed.

4.8 Qualification/validation protocols:

4.8.1 Validation protocol shall be prepared for computerized system and supporting IT
infrastructure.

4.8.2 Based on complexity of the system, protocols can be prepared for specific         
component/function separately.

4.8.3 Each protocol shall identify following:

– The specific task to be completed.

– The methodology to be used.

– The critical criteria.

– The acceptance criteria.

4.8.4 Protocols can be either prepared by vendor or by the user.

4.8.5 Separate protocols or combined protocol can be prepared for IQ, OQ and PQ depending
upon type of computer system, usage and its complexity.

4.8.6 All protocols shall be approved by QA head.

4.8.7 Qualification/validation protocol shall contain following non-exhaustive content-

– Objective

– Scope

– Roles and responsibilities

– Tools required

– Procedure

– Acceptance criteria

– Test data sheet

– Reference

4.8.8 Computer system validation shall be executed as per pre-approved protocols. Any
change from the approved protocol shall be agreed by all concern department and deviation
shall be logged if required.

4.9 Below checks shall be performed during operational phase of validation. Additional
checks can be included wherever applicable.

– Data: Computer system exchanging data electronically with other system shall

include built in checks for the correct and secure entry and processing of data.

– Accuracy checks: Any critical data entered manually should be verified by either

second operator or by validated electronic system.

– Data storage: Data stored should be secured and its accessibility, readability and

accuracy should be checked. Integrity of back up data and ability to restore the data

should be checked.

– Printouts: Clear printed copies of data should be obtained wherever applicable and

wherever required.

– Audit trail: Any change or deletion/addition in any GMP data should be traceable.

– Security: Computer system should be accessed by authorized person only. Extent

of security shall depend on criticality of computerized system. Suitable method like

passwords, keys, biometrics, restricted access to the area should be in place.

– Electronic signature: Electronic signature should be secure and should represent

the person who processed the data.

4.10 Test (during OQ, PQ) shall be executed by designated person and result shall be verified.

4.11 SOP for calibration, operation, preventive maintenance shall be finalised at the time of
OQ.

4.12 Users/operator shall be imparted training at the time of OQ.

4.13 Actual test result shall be recorded using evidence e.g. attached screen print and
reports, printout etc. wherever applicable.

4.14 Any non-conformance/discrepancy during validation activity shall be recorded in

      appropriate section of report.

4.15 Discrepancy observed during validation shall be classified as critical, major and minor
and shall be evaluated. Before completion of validation activity all discrepancy shall be
corrected and closed.

4.16 Below guideline shall be utilized to classify the discrepancy:

Critical: Those discrepancies which have major impact on the desired

performance/outcome. Such discrepancies shall be rectified and closed before proceeding
further.

Major: Those discrepancies which has minor impact on the desired performance/outcome.
Such discrepancies can be conditionally accepted but must be corrected and closed within
stipulated period.

Minor: Those discrepancies which has no impact on the desired performance/outcome. Such
discrepancies can be accepted and closed with justification.

4.17 Test equipment used for validation should be calibrated.

4.18 Validation report shall be prepared. The document shall summarise the activity
performed, any deviation/discrepancy observed during the activity, any outstanding plan
and corrective actions and statement.

4.19 Validation report shall be approved by QA head.

4.20 Following consolidated document shall be available after completion of validation

activity:

– Inventory list

– Validation plan

– URS and design specification

– Validation/qualification protocol
– Validation/qualification summary report

4.21 Annual review shall be performed for validated computer system/software and shall
assess if revalidation is required. Review shall consider below non-exhaustive aspects:

– Any regulatory update

– Change or update in SOPs

– Status of qualification

– Any changes in computer system/software

– Deviation/OOS log review

4.22 Periodic revalidation shall be performed as per policy.

5. Abbreviations:

SOP: Standard operating procedure

OOS: Out of specification

QA: Quality assurance

HPLC: High performance liquid chromatography

GC: Gas chromatography

GxP: Good anything practices

UV-VIS spectrophotometry: Ultraviolet- Visible spectrophotometry

LCMS: Liquid chromatography: Mass spectroscopy

MS: Mass spectroscopy

QMS: Quality management system

References:

Eudralex Volume 4 GMP, Annexure-11: Computerized Systems

Good Practices for computerised systems in regulated “GXP”

Environments- PIC/S guidance

Copyright Notice: This Article/SOP/Compilation/Published Content is protected by Indian &

International Copyright Laws. Reproduction and Distribution of the same without written
permission is prohibited. Mail us at: info@pharmastate.com

For any Feedback or suggestion mail at: info@pharmastate.com

Weblink – https://pharmastate.com/

Applink- https://goo.gl/mS8Lr7

Share this:

Related

Validation Master Plan for Important SOPs for Quality SOP-Responsibility of

Pharmaceutical Industry Assurance in Quality Unit
23/10/2018 Pharmaceutical Industry 05/03/2019
28/08/2018
In "GMP & Guidelines" In "Pharma Industry
In "Pharma Industry
Guidelines"
Guidelines"

Categories: Pharma Industry Guidelines, Quality Assurance, Quality Control, SOPs

Tags: SOP Computer System Validation

Leave a Comment

PharmaState Blog Back to top