News and Views

Overview of the Documentation Required to Validate Computer Systems in the Pharmaceutical Industry

by | 12 Sep, 2023

The validation of computer systems in the pharmaceutical industry is crucial to ensure product consistency, reliability, and quality, with the ultimate aim of ensuring patient safety. Creating and maintaining documentation is an essential part of the validation process. Regulators reviewing a computer system’s documentation want to see with a high degree of assurance that the system will produce results that meet predetermined criteria.

Under pharmaceutical regulations, the definition of a computer system is quite extensive. It can be as simple as a PC with standard software that you would find in any office environment, as specialised as Laboratory Information Management Systems (LIMS), or as complex as a production process control system.

As a result, the term computer system covers standalone hardware, networks, and software. Importantly, it applies to all systems that manage records in electronic form, whether the records are created manually or through an automated process.


The Influence of CSA on Validation Processes


Before giving an overview of the main documentation that is typically required to validate computer systems in the pharmaceutical industry, it is important to highlight the influence of CSA – Computer Software Assurance. The U.S. Food and Drug Administration (FDA) released its CSA draft guidance in September 2022. as a more modern approach to the process of validating computer systems in the pharmaceutical industry. The role of documentation is one of the main differences between traditional Computer System Validation (CSV) and CSA.

With traditional CSV, the process of validating computer systems was very documentation heavy. As a result, most of the validation effort was focused on creating documentation. Furthermore, the same level of documentation was created regardless of the type of computer system being validated.

The CSA approach to validating computer systems aims to move the focus away from creating documentation. In its place comes a risk-based approach to validation with critical thinking and structured testing at its core.

Where does this leave the requirement to produce and maintain documentation? Documentation is still essential, but there is no need to create more than is necessary and duplication of effort can be eliminated. For example, when using commercial off-the-shelf (COTS) software, the CSA approach means you don’t need to recreate a full set of documentation. You can instead use the documentation that has already been created by the software vendor.

The list of required documentation below remains valid, but it doesn’t all have to be created from scratch.


Documentation Required to Validate Computer Systems


Specific documentation requirements can vary depending on the type of system, as well as its complexity and the regulatory body that is involved. That said, in most situations, the following key documents are typically required to validate computer systems:


Validation Master Plan


A Validation Master Plan describes the approach to validating the computer system, including the objectives, scope, responsibilities, methodologies, and deliverables.


Risk Assessment


As CSA is a risk-based approach to validation, it is important to identify and document the potential risks associated with the system. The extent of the validation effort should then be based on this risk assessment, i.e., systems assessed to be high risk will generally require more rigorous validation.


Vendor Assessment


Vendor assessment is the process of evaluating and assessing the suitability of computer system vendors. The aim is to ensure the solution is suitable and that the vendor complies with regulations, standards, and best practices. Assessing the vendor’s documentation is typically an important part of this process, especially if that documentation is going to be reused.


User Requirement Specification


The user requirements specification lists the user requirements and provides a foundation for design/configuration specification, system testing, and validation.


Functional Requirement Specification (or System Requirement Specification)


The functional requirement specification (FRS) details the functionality the system is expected to achieve.


Functional/Design Specification


The functional/design specification describes the functionality of the system and how the system will fulfil the requirements documented in the FRS.


Installation Qualification


The installation qualification process verifies and documents the following:

  • The system was received as designed and specified.
  • The system is installed and configured correctly.
  • The system interacts appropriately with other systems.


Operational Qualification


The operational qualification process verifies and documents that the system operates as intended. For example:

  • The system functions properly.
  • Essential features perform as expected.
  • Modules and capabilities can be accessed.
  • Data can be accessed, uploaded, and exported.


Performance Qualification


The performance qualification process verifies the system consistently performs as intended in real-world conditions. This is typically based on tests.


Standard Operating Procedures


Standard operating procedures, or SOPs, detail how the computer system will be operated, maintained, backed up, and archived.


Change Control Documentation


Once a computer system is validated, any changes should go through a change control process. This ensures the validated status is maintained and, if re-validation is required, there is a structured process to do so.


Periodic Review


Periodic reviews are typically undertaken annually, although this depends on the computer system and the level of risk it poses. The aim of a periodic review is to confirm the system continues to operate in a validated state and is still fit for its intended use.


Training Records


Finally, it is also important to document that the users using, supporting, and/or maintaining the system have been properly trained.


Expert Computer System Validation Support


While the FDA and other regulators want a focus on risk and critical thinking rather than documentation creation, documentation is still a crucial part of validating computer systems in pharmaceutical operations. Therefore, it’s important you get the right support. That’s where we can help at Westbourne IT. We have extensive computer system validation experience and in-depth knowledge of the new CSA approach to validation. Get in touch today to discuss your requirements.