Computer systems can help reduce human error in GxP-relevant processes, but they must still be validated. To minimize validation effort and ensure compliance with regulatory requirements, avoid these four common mistakes in computer system validation: Before the process starts, it is important to identify the process scope and what the computerized system will use data. It will allow the GAMP category and validation strategy to be determined.
Not Defined Requirements
First and foremost, what is computer system validation? Computerized systems validation is a process that requires the input of many different areas of the company. The areas that should participate in this process must understand the responsibilities and activities they need to complete and support their part in the overall project. The first step in the computer system validation process is identifying the scope and establishing an appropriate strategy for the system based on the complexity and risks inherent in the category of hardware or software that it falls under. A risk analysis determines it. It should also include an assessment of the business impact of the system. While not required by GxP, evaluating the effect on the business can help ensure that the system is maintained for its intended use and will be supported to continue functioning properly.
In addition, it is necessary to determine which components of the computer system require validation and which do not. It is determined by the category into which the system has been classified and the other factors mentioned in this article. For example, office or complementary software such as Microsoft Word, Excel, Adobe Reader and Teamviewer are not subject to validation because they are not directly used to produce drug products. However, they are important for maintaining quality systems and ensuring data integrity is not compromised.
Inadequate Attention on the Project
Computer system validation (CSV) is typically a project that requires the attention of various individuals from within the company. The work must be prioritized and managed properly. The responsibilities of all personnel involved in CSV should be clearly defined and communicated. Often, this means identifying the person responsible for coordinating the project. It may also mean preparing descriptions and job profiles for those participating in the validation process. When people are occupied with their day-to-day jobs, they may not give the CSV project the attention it needs. It can result in delays and lost productivity. Additionally, the lack of awareness can cause inefficiencies and miscommunications that lead to additional errors.
Similarly, mapping out infrastructures to determine their scope for qualification/validation can be difficult when the necessary staff are not dedicated to the task. It can lead to a breakdown in internal quality management systems policies, impacting business and regulatory compliance. For example, a missing hyphen destroyed NASA’s Mariner 1 probe in space. It may seem like a trivial error to some, but it cost the agency $80 million. It is a clear example of how even small mistakes can have catastrophic consequences. By dedicating adequate time to the CSV project, you can help ensure these errors do not occur.
Not Performing Risk Assessments
The computer system validation team must assess risk before validating a computerized system. This step helps to ensure that the system will be able to meet user requirements. The evaluation includes identifying the probability that the system will fail, determining how severe the failure would be and determining the impact of the system’s failure. It is important to record the risk assessment outcomes in a traceability matrix. It will help in keeping track of the risks identified during the assessment. It will allow the validation team to track the system’s progress through the qualification and validation processes. It will also help identify and correct potential issues before they become more severe.
Another critical component of the risk assessment is identifying which components or features of the computer system need to be validated. The obvious examples are infrastructure systems such as a network or a server. The companies that provide these are typically tested from a design standpoint. Then there are office or complementary approaches such as word processing software, Adobe Reader, antivirus and firewall. These generally are validated only indirectly by ensuring they work well with the application under test. Finally, the people involved in the computer system validation process must understand their responsibilities and duties. It will help prevent the system from being broken by unauthorized personnel who must thoroughly understand Good Practices or validation terminology.
Ambiguous Test Scripts
Poorly defined requirements lead to ambiguous test scripts. It makes it difficult for the computer system validation (CSV) process to confirm that a system functions as intended. CSV should always include a thorough workflow analysis that provides clear functional and user requirements for the system under test. Structural ambiguity arises when test scripts contain conditional phrases such as “if, then,” and “in case.” These statements introduce multiple paths the tester can follow when executing the manual system testing procedure. If the tester follows one approach, the test may pass, but another way will likely be uncovered that could cause a failure of the entire system under test.
Ambiguous recognition happens when it can’t distinguish between an instance of the application-under-test started by the script playback and a duplicate model inadvertently left open in the system-under-test previously. If this occurs, the script playback fails, and an Ambiguous Recognition window is displayed in which you can close the duplicate application instance to resume script playback.