Industry Guidelines for Computerized Systems Validation (GAMP, PDA Technical Reports)

Transcription

1 Training Course Computerized System Validation in the Pharmaceutical Industry Istanbul, January 2003 Industry Guidelines for Computerized Systems Validation (GAMP, PDA Technical Reports) Wolfgang Schumacher Roche Pharmaceuticals, Basel

2 Agenda New Trends GAMP Categorization Risk GAMP SIGs IT infrastructure PDA technical reports

3 2001 / Busy Years for Guidances PIC/S Draft Guidance - Good Practices in the GxP Regulated Environment Many FDA Guidances (21 CFR Part 11) GAMP 4 and other GAMP Guidances GERM documents (21 CFR Part 11)

4 FDA Guidances FDA - General Principles of Software Validation FDA - 21 CFR Part 11 Guidances Glossary Validation Time Stamps Maintenance Copies

5 Industry Guidance ISPE Calibration Management - practical approach to calibration management - regulatory, quality, safety and environmental issues - instrument criticality assessment - instrument lifecycle approach - examples as appendices GAMP Good Practice Guide Calibration Management

6 GAMP 4 Strategic Principles Structure Project Management Project Development Operational Support Good Practice Guidance

7 GAMP 4 Strategic Principles Scalability of GAMP approach Leverage of suppliers expertise Guidance on maintaining validated state Harmonisation of terminology Raise awareness internationally Collaboration with other industry groups

8 GAMP 4 Structure Strategic Framework Quality Management Procedures Good Practice Guidance Training and Education Materials

9 GAMP 4 Lifecycle Continuity User Requirements Specifications related to Performance Qualification Functional Specifications related to Operational Qualification Design Specifications related to Installation Qualification System Build

10 Customer - Supplier Relationship Primary Responsible for Specification Primary Responsible for Testing User User Requirements Specification Testing of the URS User User and Supplier Supplier Functional Specification Hardware Design Specification Software Software Design Design Specification Specification Software Software Module Module Specification Specification Testing of the Functional Specification Testing of the Hardware Specification Code Modules Code Modules System System Acceptance Acceptance Testing Testing (Operational (Operational Qualification Qualification of of Computer/PLC) Computer/PLC) Hardware Hardware Acceptance Acceptance Testing Testing (Installation (Installation Qualification Qualification of of Computer/PLC) Computer/PLC) Software Integration Software Integration Testing Testing Software Module Testing Software Module Testing Review and Test Modules User and Supplier Supplier

11 The GAMP 4 Software Categorization System Category Type of Software Validation Approach Operating Systems Firmware Standard Software Packages Configurable Software Packages Bespoke Systems Record version, check applications Record configuration, test functions Document requirements, Validate application Audit supplier, validate application and any bespoke code Audit supplier and validate complete system

12 What about Tools? Development tools Test tools Monitoring tools Question: Standard or Customised? Customised tools need validation Change control for upgrades

13 The GAMP 4 Hardware Categorization System Category Type of Software Validation Approach 1 Standard Hardware Components IQ, installation and connections 2 Custom-built Hardware IQ, design specification, acceptance testing Category 1 standard hardware Category 2 customised hardware

14 Project Development and Implementation - Risk Considerations 1 Risk Assessment much more significant each system function evaluated for risk (GxP and Business) for severity of impact for probability of detection before impact Guidance available (annex to GAMP 4)

15 Project Development and Implementation - Risk Considerations 2 Mitigation strategies discussed modification of process or design: avoidance, process design, system design, external process project strategy: Project structure, auditable built-in quality validation strategy: modify test strategy rigour

16 Benefits of Risk Assessment little or no validation for low risks more focus on higher risks communicating risks focussed training regulatory confidence

17 GAMP 4 - Quality Management Procedures The Management Appendices M 1 to M 10 Revised Quality Management Guidelines Project management and control Project development Operational support

18 GAMP 4 - Project Management and Control Validation Planning Quality and Project Planning Document Mangement Risk Management Design Review - including Traceability Analysis Project Change Control Configuration Management Validation Reporting

19 GAMP 4 - Good Practice Definitions (11.1( to 11.3) Revised good practices Good documentation practice Good testing practice Good engineering practice

20 GAMP 4 - Operational Support Guidelines Backup and Recovery Business Continuity Planning Operational Change Control Performance Monitoring Periodic Review Record Retention, Archive and Retrieval Security Service Level Agreements

21 GAMP Good Practice Guidance (Topics Under Consideration) Legacy Systems Infrastructure Process Systems Skid Mounted Equipment Calibration* Electronic Records and Signatures* Analytical Laboratory Equipment Global IT Systems Good Engineering Practice Web-based Applications * Published

22 IT Infrastructure - Important Aspects design specification layout and hierarchical drawings installation records change control

23 The IT Infrastructure elements 1 2 GxP-relevant business applications dealing with GxP-data 2 3 GxP-relevant infrastructure that delivers a qualified platform Network (WAN/LAN) Back-end (servers) Front-end (desktops) Platforms and middleware* Key processes 1 2 Frontend Backend Business Key Platforms Network Middleware Processes * also called enablers, core or base applications Applications

24 IT Infrastructure - the Qualification Lifecycle Qualification Certificate 1. Planning create Qualification Qualification Report Plan Qualification Qualification Report Report compile 5. Review & Report Change Control 2. Specification create Technical Design- Specification Functional Specification Requirement or Service Specification 4. Testing 3. Define test & acceptance criteria execute create OQ Report IQ Form IQ Report OQ Form

25 The APV interpretation of Annex 11 EU Guide to GMP Published already in 1994 Regulators contributed to interpretation Good document, easy to read Contains many useful information English translation in GAMP 4 Recommended reading for CSV beginners APV: Arbeitsgemeinschaft Pharmazeutische Verfahrenstechnik

26 PDA Technical Report No. 18 Validation of Computer Related Systems Published in 1994 Consultants contributed to guidance Contains advanced, but useful information Recommended reading for CSV beginners Can be ordered via PDA PDA: Parenteral Drug Association

27 PDA Technical Report No. 31 Validation and Qualification of Laboratory Data Acquisition Systems (LDAS) Published in 1999 Contains advanced information for LDAS system owners Recommended reading for LDAS experts Can be ordered via PDA PDA: Parenteral Drug Association

28 PDA Technical Report No. 32 Auditing of Suppliers providing computer products for regulated pharmaceutical operations Published in 1999 Contains advanced information for auditors of computerized system suppliers Recommended reading for Auditors Can be ordered via PDA PDA: Parenteral Drug Association