Criteria for validating software requirements

Computer systems must comply with c GMP requirements, when used in these regulated environments.As continuous technology advancements, cloud computing, virtualized process control systems and manufacturing networks, including security, converge into a technology-driven, ever-adapting industry, so does the potential risk of non-compliance with both internal instructions as well as regulatory governance.This rather simple notion proves useful as it simplifies an initial complex and, for some users, volatile concept.From an internal-external perspective, verification practices (e.g., validation strategy, proper risk assessment, establishment of design, user requirements, and subsequent verification of requirements) must be processed and reported internally to verify the intended use of the software.

Users of computer systems can use the same term for computer systems.In contrast, several risk-averse pharmaceutical companies choose to validate, in-depth, vendor-supplied pre-validated “standard” software.Intended use Intended use is defined as, “…facilitate operations for its intended use and for its cleaning and maintenance…” (1).Figure 2 illustrates software category and validation/verification activities depicted using the traditional validation-model.Summary From a strategic point of view, validating computer systems is an ever-increasing activity in the pharmaceutical industry as technology continuously automates former manual and paper-based processes.This strict consensus is vital to avoid non-compliance with the intended use going from software requirement and designed functionality to operation.Validation strategy The validation strategy, and thus the extent of the validation activities, depends ultimately on the maturity and complexity of the computer software component(s) implied in ISPE GAMP5 and partly FDA 21 211.68(b) (6, 1).The pharmaceutical company is obliged to identify all raw data associated with GMP decisions (e.g., batch release) and determine which format (paper or electronic) to maintain data in.The integrity of the electronic record must be assured if raw data are to be maintained in electronic format. About the Author Henrik Johanning is CEO and senior partner, Genau & More; John Lee is executive director, Pharma Net Inc., former FDA Investigator; Christian Hemming is QA Manager, QAtor A/S; Lise Christensen is QA Director, CMC Biologics A/S.From an external perspective respectively, the proper level of regulatory compliance of the intended use and the continuous quality control of the computer system has to be ensured and maintained.Figure 1 illustrates the typical lifecycle of computer systems, with intended use as a pivot point.