The U.S. Food and Drug Administration (FDA) is in charge of policing the efficacy and safety of goods meant for both human and animal use in the country. The FDA inspects facilities that make, process, store, and distribute food and medications as part of its regulatory oversight. These inspections may turn up a number of problems, including as Part 11 and Computer Systems Validation (CSV) failures. This article includes recommended practices to assist organizations in achieving compliance and provides an outline of typical FDA inspection findings relating to Part 11 and CSV.
Insufficient Data Security with Ability to Overwrite Data
The 483 observation reads:
- Analysts have the ability to overwrite original data, and are not required to utilize the protection of individual passwords
- During discussions and lab demonstrations, it was determined that neither system prevents analysts from overwriting original raw data.
Computer Validation at the Vendor’s Site is not Enough
The 483 deviation stated
- The performance of the computer software has not been verified. I was told that the software was validated by the manufacturer. The managing director provided me a copy of the letter the received from (the vendor). The letter indicated that the software was validated. She also the gave me a copy of validation information that was obtained from (the vendor) during the inspection. I told the managing director I still need to see what they have done to validate the system since the computer was making a decision to accept or reject potential donors.
Legacy Computer Systems not Validated
Some of the 483 deviations include:
- No IQ, OQ or PQ has been performed throughout the life of the system.
- No validation reports have been generated historically.
- Current efforts to retrospectively validate the system have progressed through the approval of an IQ protocol, however, this protocol has not yet been executed. OQ and PQ efforts have not yet been developed as part of these current validation efforts.
- The (system) has not been maintained under established procedures for change control. This is true throughout the life of this software application.
- The firm has failed to generate or maintain design control documentation sufficient to define all customized elements making up the (system) configuration (i.e., functional or structural design documentation defining all program making up (the system)
- Electronic records generated during manufacture of APIs were not reviewed prior to release of validation lots or for any lots manufactured thereafter to include the most recently released API lot.
Off-the-shelf Software such as Microsoft Word and Microsoft Excel not Validated
Deviations are
- Failure to assure that when computers or automated data processing are used as part of the production or quality system the manufacturer shall validate computer software for its intended use according to an established protocol, as required by 21 CFR 820.70(i).
- For example, electronic records are used but there was no software validation.
- No procedures are established to validate for its intended purpose the Microsoft Word or Microsoft Excel software used in creating and maintaining nonconformance records, product return records, internal audit corrective records, or corrective action records.
After reading this blog, we hope you can understand the importance of computer system validation and properly use the proposed checklist and improve on it further.
Now that you know this:- hopefully you are in position to answer the Assignment(s)
- Please review the Computer system validation of recently installed equipment in your laboratory? Proper training given to employees before releasing the equipment for routine usage?
- In your lab, do computer system validation properly archived? Further easily retrievable at the time of requirement?
- Does your organization have the following SOP related to Computer system validation? Password policy? Data backup/Security/Archival/Disaster recovery and E-signs?
- Please review SOPs related to Computer system validation? Password policy? Data backup/Security/Archival/Disaster recovery and E-signs, do you find any gaps in the framing of these SOPs please highlight the same and bring them to the notice of QA department?
- Please note the audit points related to CSV practices/Password policy/E-signs and how they were rectified?/CAPA implemented?