Hello Everyone, Welcome to PharmaGrip
Today we will discuss some common errors related to computerized systems made by the pharmaceutical industries.
Top 5 Common cGXP Error related to Validation activity of GXP computerized systems in Pharma Industries
Due to these errors, even after performing the validation activity of cGXP computerized systems, many organizations are still prone to noncompliance or inspectional observations.
We have listed some of the common problems below.
1. Incorrect Evaluation of cGXP computerized systems.
In many organizations, some systems are not considered under GXP category.
For example “Systems used for access control, systems used for daily attendance, etc.
These systems are supporting to ensure the data generated is attributable to the employee.
Hence, evaluation of the cGXP criticality of the computerized systems should be based on risk assessment.
2. The second problem is related to validation activity.
The validation exercise is done by a team of experts and the same validation team is involved in the evaluation of compliance with respect to:-
Here the point is the team responsible for validation, same team is responsible for ensuring or claiming compliance with respect to regulatory requirements.
The point lacking is, compliance should be evaluated by an independent party, and then only we will come to know whether all requirements are under control or any loose threads or weakness about the computerized system.
Additionally, data integrity checks also should be evaluated during the evaluation of the computerized systems.
3. Subject matter expert to validation activity.
The subject matter expert cannot able to present the computerized system to the inspector For example The general organization of the computerized systems of the site
The main computerized systems in use the site infrastructure the validation process used.
Technical expertise for Extraction of data from the system Access to subject matter expert or concerned identified persons for viewing or printing of audit trails.
Failure to prove the traceability between user requirements, functions, and testing
The very important point with respect to subject matter experts is, many organizations hire an external agency for validation activity.
The site persons are not actively involved in the validation.
Hence could not able to answer the queries raised by inspectors about the rationale for performing specific tests,
The procedure followed for performing or running specific test scripts or the reason for not performing negative testing etc.
4. Failure to develop the validation plan, validation master plan, and validation master report.
This is specifically important if the computerized system is used for multiple sites.
Many companies are preparing the validation master plan or validation plan but fail to prepare the final validation master report.
Another error with respect to the computerized system is – Failure to develop an effective business continuity plan.
As a normal practice, only a backup and retrieval plan is followed which is a disaster recovery plan and it is just a small part of a business continuity plan.
The effectiveness of the business continuity plan is also not evaluated during the validation study.
Further, the software vendor is not considered during the evaluation and effectiveness study of the business continuity plan.
One very important point is failure to follow the lifecycle approach in the existing computerized systems.
For example – Decommissioning plan or system retirement plan is not available.
The last but not the least common problem with respect to the computerized system is,
5. The addressing the weakness of the computerized systems and communication strategy of the identified risks.
The computerized system may have some loose threads or weakness which may be identified during the risk assessment and validation activity.
Due to these weaknesses, there may be risks associated with the computerized systems with respect to data integrity requirements.
such weakness of the system needs to be evaluated and as an immediate action plan, Alternate procedural controls should be put so as to minimize the data integrity risk.
However, as a long term action plan, the existing system should be upgraded so as to put automated controls instead of procedural controls.
Just a quick recap, the common errors made by firms with respect to the computerized system are,
Incorrect Evaluation of cGXP computerized systems, errors during validation activity,
errors by the subject matter expert, no procedure-related to validation master report preparation,
Failure to develop an effective business continuity plan, failure to follow the lifecycle approach and addressing the weakness of the computerized systems, etc.
Hope you understood some common errors related to computerized systems in this article “Top 5 Common cGXP Error related to Validation activity of GXP computerized systems in Pharma Industries”