Computerized Systems Validation

Gai Anbar, CEOMarch 2013

About Comply

Comply provides consulting services in the area of Computerized Systems Validation and IT QA

as well as development and implementation of

Generica Quality Management System, Skyline Scientific & Process Data Management

Supporting Life Science companies to meet the highest quality and operational standards

Software Solutions by Comply

• Generica Quality Management: change management, controlled documents, employee training, audits, deviations and CAPA tracking.

• Skyline: Scientific Data Management, R&D, QC and manufacturing data management and analysis.

• Mobideo Guide: Mobile workflows and validated data capture.

Value proposition

One of the most prominent differentiators between providers in the Life

Science industry is quality.

This industry is highly regulated and is regularly audited, making compliance a major risk for all operations. The industry, in turn, expects its vendors to demonstrate the same and many times higher, level of compliance.

Comply brings extensive, proven, Life-Science compliance expertise. Reducing risks. Giving our customers an edge over their competitors.

Why do we need validation ?

Vetmarket: Scope & Methodology

• Audit and Gap Analysis

• Risk analysis

• Define policies and procedures

• Complete engineering & technical files

• Infrastructure validation

• Shipping validation

• Computerized systems validation

• GDP preparation

The purpose of Validation

FDA: General Principles of Validation:

Establishing documented evidence which provides a high degree of assurance that a specific process will consistently produce a product meeting its predetermined specification and quality attributes

General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002)

confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled

8

משרד הבריאות

הוכחה סיסטמתית מתועדת -( תיקוף)=ולידציה : 135לפי תקן •כך לגבי GMPהמבוססת על ניהול סיכונים ועומדת בדרישות

.שתהליך מוגדר מוביל באופן הדיר לתוצאה הנדרשת

Regulations

• FDA 21 CFR PART 11: Electronic records; Electronic signatures (1997)

• FDA General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002)

• FDA Guidance for Industry: Part 11, Electronic Records: Electronic Signatures – Scope and Application (2003)

• FDA Guidance for Industry: Computerized Systems Used in Clinical Investigations (2008)

• EC (including Israel): Volume 4 Annex 11: Computerized Systems (2011)

• ISPE GAMP5: A Risked based approach to Compliant GxP Computerized Systems (2008)

10

Europe & UK

• UK’s MHRA in December 2013 gave notice to regulated users to begin conducting data integrity audits of their own systems and those of their suppliers from the beginning of 2014.

• The UK has also gone further by writing to the major suppliers of chromatography data system software requesting copies of the application and documentation to that the MHRA can understand how they operate and how falsification could occur.

• In March 2015, MHRA issued an updated Data Integrity Guidance containing an expansion of the expectations of data integrity governance together with a list of 19 definitions and expectations for each one.

11

Vendor vs. Customer (the lab) validation

• According to the intended use

• In a specific environment

Customer Validation

• Instruments

• Software

• Generic functional testing

Vendor Testing &

Qualification

12

Annex 11 – Principle

• Applies to all forms of computerized systems used as part of a GMP regulated activities

• The application should be validated; IT infrastructure should be qualified

• Where a computerized system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance.

• There should be no increase in the overall risk of the process

13

Part 11: key requirements

Validation: “Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.”

Obtain records: Ability to view records for inspection

Security: Access, password, authorizations, logical and physical

Record retention : Backup & restore, DR procedures.

Audit trail: What data changed, time stamp, identity of action performer.

Training: Qualification evidence

14

Part 11: electronic signatures

• An electronic signature is built from• Identification

• Authentication

• Electronic signature: • Unique and not re-used

• Contain information: name of signer, date and time, meaning (Reviewer, Approver etc.)

• Linked to their respective electronic record

15

Key Principles in CS Validation

1) Life cycle approach• Implementation including validation

• Operation and change management

• Retirement

2) Risk based• Risk management throughout the life cycle

• Focuses the validation effort

16

Life cycle approach

Project initiation

Requirements gathering

(URS)

Vendor assessment &

solution selection

Implementation

DRP

Change Control

Period Reviews

Continuous reviewand evaluation

Risk assessments should be performed in all the steps

17

Data integrity

Data integrity is the assurance that data records are

accurate, complete, intact and maintained within

their original context, including their relationship to

other data records

18

Validation and Data Integrity

• Part 11 / Annex 11 requirements

• Logical tests: dates, data length, verification of entered data

• User management: • No “general” user. • Password complexity, renewal

• Permissions, segregation of duties

• Mandatory fields

• Verification of Workflows, statuses, e-signatures

• Verification of interfaces

• Supporting procedures

• User training

Positive and

Negative tests

19

The launch of this new IT system has resulted in operational

disruptions and some incorrect product deliveries.

2 December 2015

7 December 2015

arising from certain technical problems encountered following the launch of its

new IT system in August 2015. Production is expected to resume when the

Stallergenes’ IT system issues have been resolved and all observations made by

the ANSM have been satisfactorily addressed.

1 February 2016

“We are pleased with the resumption of ORALAIR®, ACTAIR® and

ALYOSTAL® Venom production. These products will be available again to our

patients as soon as possible and in a sequential manner,” said Fereydoun Firouz,

Chairman and Chief Executive Officer of Stallergenes Greer.

Stallergenes Greer continues to work with the ANSM to promptly resume

distribution of its Named Patient Products (NPP), including STALORAL®,

PHOSTAL®, and ALUSTAL®.

Thank You

Gai.Anbar@comply.co.il

www.comply.co.il