Risk-Based Approach to CSV, 21 CFR Part 11 and FDA Compliance

This webinar will help you understand in detail Computer System Validation (CSV) and how to apply the System Development Life Cycle (SDLC) Methodology when validating computer systems subject to FDA regulations. This is critical in order to develop the appropriate validation strategy and achieve the thoroughness required to prove that a system does what it purports to do, and a key element is a thorough risk assessment. It also ensures that a system is maintained in a validated state throughout its entire life cycle, from conception through retirement, making it critical to continue assessing risk as changes are made. We will discuss the phases within the SDLC, and how these form the basis for any CSV project. The importance of the sequence of steps will also be covered.

Computer system validation has been regulated by FDA for more than 30 years, as it relates to systems used in the manufacturing, testing and distribution of a product in the pharmaceutical, biotechnology, medical device or other FDA-regulated industries. The FDA requirements ensure thorough planning, implementation, integration, testing and management of computer systems used to collect, analyze and/or report data.

Electronic records and electronic signatures (ER/ES) came into play through guidelines established by FDA in 1997, and disseminated through 21 CFR Part 11. This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

In the early 2000s, FDA recognized they could not inspect every computer system at every regulated company and placed the onus on industry to begin assessing all regulated computer systems based on risk. The level of potential risk, should the system fail to operate properly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process. System size, complexity, business criticality, GAMP 5 category and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety.

We will explore the best practices and strategic approach for evaluating computer systems used in the conduct FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment, and will also discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately.

We will also walk through the entire set of essential policies and procedures, as well as other supporting documentation and activities that must be developed and followed to ensure compliance. We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.

Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment that can be leveraged to assist in all your GxP work.

• Learn how to identify “GxP” Systems
• Discuss the Computer System Validation (CSV) approach based on FDA requirements
• Learn about the System Development Life Cycle (SDLC) approach to validation
• Discuss the best practices for documenting computer system validation efforts, including requirements, design, development, testing and operational maintenance procedures
• Understand how to maintain a system in a validated state through the system’s entire life cycle
• Learn how to assure the integrity of data that supports GxP work
• Discuss the importance of “GxP” documentation that complies with FDA requirements
• Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
• Understand the key components of 21 CFR Part 11 compliance for electronic records and signatures
• Know the regulatory influences that lead to FDA’s current thinking at any given time
• Learn how to conduct a risk assessment on computer systems that will provide the basis for developing a validation rationale
• Understand the need to include an assessment of a computer system’s size, complexity, business criticality, GAMP 5 category and risk, should it fail, to develop a cohesive and comprehensive validation rationale
• Learn how to assess risk, based on probability of occurrence, severity of impact, detectability and mitigation, along with technical and procedural controls that can help minimize risk
• Learn how to best prepare for an FDA inspection or audit of a GxP computer system
• Understand the importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver
• Finally, understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure data integrity is maintained throughout the entire data life cycle
• Q&A

1. Any guidance for a Microsoft environment? Should it be in a domain, should it use Active Directory etc.?
2. What is the FDA's stance on the validation of Logs (e.g. MS Excel log sheet)?
3. Is there a specific checklist available that can prepare us for an FDA audit?
4. With respect to Monitoring Approach, What is the purpose of the risk assessment and should sponsors document their methodologies and activities for assessing risk?
5. How can a risk-based approach to monitoring that includes centralized monitoring help minimize missing data, protocol violations, or protocol deviations?

This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.). Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

Examples of who will benefit from this webinar include:

• Information Technology Analysts
• Information Technology Developers and Testers
• QC/QA Managers and Analysts
• Analytical Chemists
• Compliance and Audit Managers
• Laboratory Managers
• Automation Analysts
• Manufacturing Specialists and Managers
• Supply Chain Specialists and Managers
• Regulatory Affairs Specialists
• Regulatory Submissions Specialists
• Risk Management Professionals
• Clinical Data Analysts
• Clinical Data Managers
• Clinical Trial Sponsors
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders/Subject Matter Experts
• Business System/Application Testers

This webinar will also benefit any vendors and consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance.

Manufacturing, Testing, Packaging and Distribution companies in the following industries that are regulated by FDA are required to follow GxPs:

• Pharmaceutical
• Medical Device
• Biologicals
• Tobacco (based on the Tobacco Control Act of 2009)
• E-Liquid/Vapor (based on the “Deeming” Act of 2016)
• E-Cigarette (based on the “Deeming” Act of 2016)
• Cigar (based on the “Deeming” Act of 2016)
• Third-Party companies that support those in the above industries
• Medical Device software developers
• Software as a Medical Device (SaaMD) software developers

• During the webinar we will discuss FDA Guidance Documents and GAMP5, the Good Automated Manufacturing Practices
• We will discuss the method for assessing risk, based on probability, severity, detectability and mitigation
• There will also be an overview of Policies and Procedures, including a checklist of topics

Instructor Profile:

Carolyn Troiano

ERP Project Manager, City of Richmond

Carolyn Troiano has more than 35 years of experience in computer system validation and compliance in the pharmaceutical, medical device, tobacco and other FDA-regulated industries. She is currently an independent consultant, advising companies on computer system validation and large-scale IT system implementation projects.