Validation is a life sciences necessity – having the documented evidence that a procedure, process or technology solution will consistently meet predetermined specifications and quality attributes. But for many life sciences companies it’s difficult to be certain just how thorough and reliable the validation process is.
By Wendy Gilhooley, Cloud Solutions Specialist, CSC
In order to meet regulatory requirements, all life sciences solutions, systems and applications must comply with current regulatory compliance and Industry Guidance’s, such as (GAMP4, GAMP5), FDA 21 CFR part 11, 210 and 211, Annex 11.
There are several challenges companies must overcome with regulatory validation. The first is that when you’re handling your own systems validation, you will need to have a dedicated validation team. That team must work with IT on the implementation of a piece of software, the setup of servers and the development of processes to run the technology.
There’s an enormous amount of work involved in validating even a simple piece of software or application. You’ll need to write the installation qualification (IQ) scripts, run and test those scripts, and document everything to demonstrate services and products meet regulatory requirements. Those activities bring together subject matter experts on the products, IT specialists and validation experts to ensure everything has been documented in a master validation plan.
Related to the work involved is the cost. In fact, the validation team alone can account for between 5% and 7% of the total cost of infrastructure. Having your IT and validation experts focused on time-consuming validation projects can delay other projects, since those resources won’t be available to focus on implementing core business capabilities.
Avoiding Common Mistakes
The validation process must be very carefully and meticulously managed, and all those steps need to be documented to prove to the regulatory authorities that the implementation has been successful. Often, though, missteps can catch companies out.
For example, in the rush to get the system in, the team managing the implementation might start operating the system before getting sign off from the project lead. If the process is subsequently rejected during the review, the work must be repeated, adding more cost and more risk.
Once a system has been implemented, regulatory authorities are looking for proof (by way of documented evidence) to show the implementation was successful. But often poor documentation processes and procedures and insufficient or ineffective training of team members on what is required can result in much of the needed detail being omitted or incorrect.
Recommended best practice is that the documented evidence be kept in an organized location (either electronically or in hard copy) that can be easily located and updated. Auditable evidence should include the Master Validation Plan, Validation Protocols, validation documentation (IQs, OQs, PQs) and a Validation Summary report showing what was planned, executed, and the results of the effort. But a common mistake is not organizing the documentation in a way it can easily be retrieved and viewed by external authorities and not following standard Good Documentation Practices.
Companies may take a risk-based approach to checking that the functionality of the solution meets business needs. GAMP5 provides a framework for the risk-based approach to computer system validation where a system is evaluated and assigned to a predefined category based on its intended use and complexity (see diagram).
But understanding GAMP5 requires specific expertise and experience across the industry with validation.
Even with an internal dedicated validation team, the pressure is on to deliver and implement software and solutions on time and on budget. The team must keep all training records up to date – and stay up to date with the changing regulations, new ways of working and changing the SOPs around how they work and operate. All these activities are complex and time-consuming and typically it makes more sense to work with an experienced partner to help with the validation process.
To mitigate problems around validation and meet regulatory requirements, companies must leverage the expertise available to them, whether internally or through trusted and experienced partners.
Learn more about CSC’s regulatory cloud validation services and what approach makes most sense for your organization.