Carolyn Troiano has more than 35 years of experience in the tobacco, pharmaceutical, medical device, and other FDA-regulated industries. She has worked directly, or on a consulting basis, for many of the larger pharmaceutical and tobacco companies in the US and Europe, developing and executing compliance strategies and programs.
This webinar will help you understand in detail Computer System Validation (CSV) and how to apply the System Development Life Cycle (SDLC) Methodology when validating computer systems subject to FDA regulations. This is critical in order to develop the appropriate validation strategy and achieve the thoroughness required to prove that a system does what it purports to do. It also ensures that a system is maintained in a validated state throughout its entire life cycle, from conception through retirement.
We will discuss the phases within the SDLC, and how these form the basis for any CSV project. The importance of the sequence of steps will also be covered.
The webinar will focus on the importance of ensuring that the validation of an FDA-regulated computer system will meet compliance guidelines. This includes the development of a company philosophy and approach and incorporating it into an overall computer system validation program and plans for individual systems that are regulated by the FDA. It also requires a recognition that data integrity issues continue to be a strong area of focus by the FDA during the inspection, and there are many examples and best practices that will be covered in this seminar to address them.
FDA’s guidelines for computerized systems were enacted in 1983, and very little has changed, other than technology, since that time, as it relates to validation. The premise for compliance is demonstrating clearly and completely that a computer system does what it purports to do. This means developing a very detailed set of unique and testable functional requirements and creating a set of test scripts that will prove each requirement is met.
This webinar will describe the approach to determining the level and robustness of testing required, based on a thorough risk assessment of the system, which includes the likelihood, severity, and detectability of potential failures of the system to work as expected, and the mitigation to be applied, should the system fail. Along with system categorization, in accordance with GAMP 5 principles, and an evaluation of the complexity and application of the software, the attendee will understand how to develop the rationale they will include in the validation plan for the level of testing executed.
A company must have specific policies and procedures in place that explicitly state responsibilities and provide guidance for validation, which will be discussed. We will also delve into the training requirements for users, testers, and those who will be the stewards of the system. All must be carefully documented. Disaster recovery and Business Continuity Planning will also be touched upon as key aspects of supporting the system in a validated state. Change control and periodic review will address the challenges of making certain that the system remains in control and is tested further according to any needs that arise from changes.
As FDA continues to evolve and change due to the many factors that influence the regulatory environment, companies must be able to adapt. New technologies will continue to emerge that will change the way companies do business. While many of these are intended to streamline operations, reducing time and resources, some unintentionally result in added layers of oversight that encumber a computer system validation program and require more time and resources, making the technology unattractive from a cost-benefit perspective.
FDA guidelines are very specific in terms of how computer systems are to be managed, and each company should have a specific strategy and methodology, along with a set of rigorous tactical processes and procedures that prescribe how organizational change should be managed.
There is an enormous body of documentation and information available that can be overwhelming. This course will provide a condensed overview of the practices that deliver the best results by directing the attendees to the most critical and cost-effective techniques and tools available to assure compliance.
Upon completion of this training program, attendees will have an understanding of laboratory system computer validation planning, execution and management concepts, based on the System Development Life Cycle (SDLC) framework. They will have received the guidance on industry best practices necessary to develop a compliant and cost-effective validation program. They will understand the steps for validating laboratory systems, along with the key documentation associated with maintaining the systems in a validated state, while minimizing costs. Attendees will gain a good grasp of how to leverage these practices across all systems by creating a standardized program.
In this webinar attendees will learn about FDA’s regulatory expectations for classifying, assessing the risk, testing, and validating a computer system used in FDA-regulated work. Also attendees will learn in detail about the System Development Life Cycle (SDLC) methodology used to approach Computer System Validation (CSV), including all of the phases, sequencing of events, deliverables, and documentation requirements.
FDA requires that all computer systems that handle data regulated by the Agency to be validated in accordance with their guidance on computerized systems. In 1997, 21 CFR Part 11 was issued to address electronic records and signatures, as many laboratories and other FDA-regulated organizations began seeking ways to move into a paperless environment.
There are very specific limitations that arise when using ER/ES capability, such as the elimination of print capability to prevent users from making decisions based on a paper record as opposed to the electronic record. It also requires very specific identification of users that ensures the person signing the record is the same person whose credentials are being entered and verified by the system. Rule for changing passwords must be rigorously adhered to and the passwords must be kept secure.
It is critical that the system specify the exact meaning of the signature. It may be that the person conducted the work, recorded the result, reviewed the result, or approved the result. A person may simply be attesting to the fact that they reviewed the work and the signatures, and there was appropriate segregation of duties (i.e., the person recording the result is not the same as either the person reviewing or the person giving final approval).
A company must have specific policies and procedures in place that explicitly state responsibilities and provide guidance for implementing and using ER/ES capability. These must clarify the 21 CFR Part 11 regulation and provide insight as to the way the company interprets their responsibility for meeting it. As FDA continues to evolve and change due to the many factors that influence the regulatory environment, companies must be able to adapt. New technologies will continue to emerge that will change the way companies do business. While many of these are intended to streamline operations, reducing time and resources, some unintentionally result in added layers of oversight that encumber a computer system validation program and require more time and resources, making the technology unattractive from a cost-benefit perspective.
This webinar will cover the key aspects of complying with 21 CFR Part 11 in both validating systems and maintaining them in a validated state throughout their entire life cycle.
Effective and compliant computer system data management is critical to organizations in the pharmaceutical, biologics, vaccines, tobacco, animal health, medical device, or other FDA-regulated industry. During the past 30 years, best practices have been developed to ensure computer systems used in these environments can be cost-effectively managed while meeting all aspects of FDA compliance. To take this a step further, we are now looking at ways to ensure the data that resides on these systems is also managed in a compliant manner and one that will provide the best results for operations at the lowest cost.
After attending this course, you will understand data governance as a quality control discipline for assessing, managing, using, improving, monitoring, maintaining, and protecting organizational information. It is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, and, finally, using what methods.