Computer System Validation

Computer System Validation (CSV) is the process of establishing documented evidence, which provides a high degree of assurance that a specific process will consistently deliver a computer system as its predetermined specifications and quality attributes [25].

The necessity of performing validation of IT systems, personnel training and maintaining proper documentation is a normal business strategy today and not just a regulatory requirement. The cost of non-compliance is huge and it is always beneficial to follow CSV on a day to day basis.

The pharmaceutical IT is different from the regular IT because of the regulatory complexities. This increases documentation, reviews and approval processes and increases both time and cost. However, this process rigor helps getting the product right the first time which in turn ensures faster speed to market and reduction in re-work cost. The CSV follows a 4-tier functional architecture which is in line with the USFDA guidelines (see Figure 3.8). These layers are: (1) Compliance policy understanding and application, (2) Process documentation—development, package implementation, maintenance, etc., (3) Process aids—SOP, checklist, guideline and deliverables, and (4) Maintenance of project records.

The validation process ensures the right solution is built and delivered to the users. This process answers several critical questions around five areas—planning, risk management, qualification, documentation and traceability.

Validation planning:
• What are the critical business and quality aspects of the system?

• What will be the validation approach and scope of validation activities?

• What will be the validation deliverables, who will be responsible for them, and what will be the acceptance criteria for the validated system?

• What processes will be followed to ensure high quality?

System risk assessment:
• Are the user requirements captured accurately?

• Are the URS (User Requirement Specification) and FS (Functional Specification) documents complete with all details?

• What will be the PQ (Performance Qualfication) test environment and what will be the critical test cases?

• Are functional requirements mapping to URS?

• What will be the IQ (Installation Qualification) and OQ (Operational Qualification) test environment and critical test cases?

• Do the detailed design specifications cover all the functionalities?

System qualification:
• How will the IQ, OQ and PQ plans be evaluated and approved?

• Are DQ (Design Qualification) components installed properly?

• Are the IQ, OQ and PQ protocols complete and reviewed?

• Do the IQ and OQ results establish with documented evidence that the design and functionality of the system are as desired?

• Has the UAT environment been set up adequately to mimic the actual production environment?

Documentation:
• Has the validation plan been prepared, reviewed and agreed by all stakeholders?

• Is the validation report updated at each stage?

• Is the validation documentation complete?

Traceability:
• Can the detailed design be traced to the functional and user specifications?

• Can the test cases for IQ be mapped to the detailed design?

• Can the test cases for OQ be traced to the functional specification (FS)?

• Can the test cases for PQ be mapped to the User Requirement Specifications (URS)?

The CSV process starts with the validation master plan which addresses validation-specific activities to be performed at each of the validation life cycle stages, identifies roles and responsibilities and defines validation deliverables. The compliance process consists of four main stages and several sub-categories.

1. Validation Strategy

2. Validation execution and verification: user requirements, functional requirements, design, IQ/OQ/PQ

3. Validation summary report and recommendation for release

4. Validation evaluation and recommendation for ongoing activities.

Validation Strategy
This is the first stage of the validation process. This can be broken into two phases for a large program or all-encompassing single phase. The purpose of the phase is to create a master validation strategy or a master validation plan for the entire program which might have several projects under the same program. This is a strategy or master plan as it may consist of several sub-plans. If there is a multi-country ERP roll-out over a couple of years, the master plan describes the validation strategy for all the countries and a validation plan gets created to execute validation activities in each country. So the master plan is the overall validation strategy with several validation plans within. This is the approach I have taken when consulting with several large pharmaceutical companies but a company may have a specific approach in their quality management system which needs to be followed. This company-specific alignment of the process is one of the key activities in this stage.

I recommend using the V-Model of validation for CSV compliance (see Figure 3.9). This is aligned with the FDA CSV guidelines and ensures validation work throughout the entire SDLC (Software Development Life Cycle) process stages.

Share This Post

Related Articles

© 2025 Pharmaceuticals Index. All rights reserved.