Software validation processes have always been important; yet, they acquired a special sense of urgency and added importance following the announcement in August 2010 by the FDA in this regard, in which it stated that it “…will be conducting a series of inspections in an effort to evaluate industry’s compliance and understanding of Part 11 in light of the enforcement discretion described in the August 2003 ‘Part 11, Electronic Records; Electronic Signatures – Scope and Application’ guidance (Guidance).” Why this added emphasis on action?
The FDA accentuated its action on software validation processes for two important reasons:
1) in the industry, there were diffuse and subjective interpretations about the understanding and application of Part 11
2) perceptions that this statute could have the effect of restricting the use of electronic signatures and discouraging innovation.
Following this action from the FDA; a series of problems that the software validation processes had, are coming to light of late.
So, which are the most common problems of software validation processes?
The following common problems are being observed in the industry:
• Information gone missing:
• Incomplete details in the requirements documents: This has been true especially in relation to data, key processes that go into the internal software, as well as the interactions of the software with the user
• Necessary detail not found
• Traceability: This was the most important problem found in Part 11. The traceability matrix either did not account for a traceable specification or an observation step in a test script, or was incomplete, or the trace was broken.
• Incomprehensible wording in the documentation
• Several GDP-related bungling
• Difficulty in identifying the impugned documents and records
The FDA has enacted several pharmaceutical cGMP regulations. These are key concepts that are critical to quality systems. Some of the concepts by which the FDA and other regulatory bodies ensure cGMP regulations are Quality, Quality by Design (QbD) and product development, Quality Risk Management, Corrective and Preventive Action (CAPA), Change Control, and the Six Systems Approach.
Of these, the six-system inspection approach is a systems-based approach to cGMP and is aimed at ensuring a robust quality system model for pharmaceutical products.
It consists of the following:
Packaging & Labeling System
Quality system is the fulcrum
It needs to be borne in mind that the whole system centers round the organization’s quality system. The quality system is the pivot around which the systems approach revolves. It is the core and the very foundation for the manufacturing systems that are linked and function within it.
The FDA does not consider the quality system as different or separate from the five elements. In this sense, it the quality system model may be considered the root from which the five elements branch out.
In other words, the five manufacturing systems integrate themselves them into the respective and appropriate sections of the model. The order of interplay and interdependence may vary slightly from one organization to another, but to those in the knowhow of the six-system inspection approach; the rationale by which the inter-relationship plays out is quite readily apparent.
State of control –the crux of the matter
The criticality of auditing to the field of medical devices can never be understated, because medical devices play a direct role in human safety. Supplier and internal auditing are separate, but related aspects of the supply chain and quality aspects of medical devices. It is a common practice in the industry to have medical devices from other companies, or what are called suppliers, by agreeing to the required specification and other terms. It is also common to use already manufactured devices from other companies. Sometimes, pharmaceutical and life sciences industries use their own devices. In all these scenarios, auditing is the key, because whichever of these pathways an organization may choose; it is bound by the same rules of compliance as set out by the regulatory authorities.
Need to keep up to prescribed standards
In order to meet regulatory requirements; medical device and related businesses need to keep a few important parameters in mind in order to ensure that supplier and internal auditing are up to prescribed standards.
The following are the important factors for carrying out internal auditing:
• To assess the current and potential risks in any process being undertaken by the organization;
• To bring about improvement in the business processes and practices;
• To help meet regulatory demands;
• To help them understand the changes in the marketplace and other external factors that affect the business.
Benefits of a supplier auditing program
Somewhat allied to this is the supplier auditing program. This is a means for ensuring that devices from external vendors or suppliers meet set standards and specifications.
These may be considered the important benefits of a good supplier audit program:
• It helps to implement an overall quality system in the organization
• It helps establish documentation and business record control
• Helps in the control of the company or its business operations
• Paves the way for business management review
• Helps identify non-conforming product control
• Calibration control and contract review can be achieved.
Hazard Analysis Critical Control Point (HACCP) is a mechanism meant for ensuring food safety. It is a comprehensive set of guidelines that straddles across the food supply chain, right from harvest till the time it is consumed.Being such a systematic and total approach; HACCP attaches utmost importance to prevention of problems arising at any point in the food chain. The established method by which HACCP seeks to accomplish this is what is called verification and validation.
Let us get to a verbatim understanding of what these mean in HACCP lingo. Based on the definition of the word “verify” as meaning a way of establishing the truth or accuracy of something; HACCP defines “verification” in this context as “…those activities other than monitoring, that determine the monitoring, that determine the validity of and compliance with the HACCP Plan”.
Logically following on this, since to validate is to corroborate or substantiate or confirm something, HACCP seeks to establish the validity of the HACCP plan by requiring participants to provide actual, factual proof of compliance to HACCP guidelines.
Armed with a strong set of actions, HACCP seeks to strengthen the food supply chain with its set of safeguards.
Purposes of verification and validation
The HACCP has clear-cut expectations in mind about the purposes of these twin mechanisms. The purpose of verification is defined in the following:
Components of the food chain need to determine if HACCP Plan is working. They need to check periodically if hazards are being reduced by the HACCP Plan. They also need to ensure that operations are in compliance with the HACCP Plan, and make sure HACCP is being implemented properly.
On the validation aspect, HACCP seeks to ensure that all the scientific and technical information is collected and evaluated to make sure that the HACCP Plan is working effectively, and when done so, is effective in controlling the hazards.
What needs to be evaluated?
HACCP attaches importance to what needs to be evaluated for Verification and Validation. Primarily, lethality and stabilization factors, referred to as “cook and chill”, and processing room temperatures that may be above 50° F need to be evaluated.
Asking why Computer System Validation (CSV) is important in FDA-regulated industries is like asking why an engine is important to a vehicle.
Before going on to get an understanding of this issue, let us understand that there is a difference between the ways in which the term “validation” is used in the general area of computers and that used in FDA-related circles. In the field of computer science, the term means the ability of software to meet its stated requirements. For the FDA, validation of a computer system incorporates all activities that go into a computer system and these should be documented and made available to the FDA. We could use the word “verification” to associate the same meaning and understanding of what “validation” means to the FDA.
The critical importance of computer system validation in FDA regulated industries can be learned from at least two perspectives:
1. When a company is carrying out systematic CSV; it nips potential serious problems in the bud by preventing software problems from reaching production stages and environments. When a problem in a Life Science software application reaches the production environment, this can lead to serious adverse consequences. On the one side, there is the human element of getting the CSV validation wrong, which can result in serious product consequences, which can be disastrous to the patient’s health; on the other, businesses that get their CSV wrong can also face anything from lawsuits and heavy penalties to having to shut shop permanently. Long drawn out court cases can result in serious problems including bankruptcy.
2. FDA’s regulations requiring companies to carry out systematic CSV have the effect of law, which means that companies that come under the ambit of the FDA are legally bound to follow the guidelines set out by FDA’s regulations. When companies fail during an FDA audit; it can invite inspectional observations (“483s”) and warning letters.
The most important element of CSV that companies need to bear in mind is that they need to get their validation right alright; they also need to get it right stage by stage. Some companies have tried the short cut method of overlooking or circumventing a step or two. While this may give them short term savings; their long term costs are far higher than these savings.
The ISO 13485:2003 Standard relates to quality management systems in the field of Medical Devices. Its requirements ISO 13485:2003 specifically relate to organizations that are in the business of medical devices, no matter what its size or type. At its core, ISO 13485:2003 is all about quality management systems in medical devices.
This standard specifies requirements for a quality management system. Accordingly, it requires an organization to demonstrate the ability to produce medical devices and related services that have to consistently meet both –a) customer requirements and b) regulatory requirements –that are applicable to the file of medical devices and related services.
Harmonization at the core
It thus becomes clear that quality management systems, which are the means to ensuring these requirements, constitute the heart of ISO 13485:2003. This Standard’s essential objective is to foster and bring about harmonization among medical device regulatory requirements for meeting quality management systems. This Standard superseded the earlier version, the ISO 9001. It did away with some of the requirements of that Standard.
When a medical device company deals with medical devices it may not manufacture; it is its responsibility to ensure that processes applicable to the medical device(s) required by ISO 13485:2003, are accounted for in the organization’s quality management system.
In a nutshell, these are some of the requirements set out from Part 4 of ISO 13485:2003 onwards, the Part at which quality requirements begin:
4.1: Establish a quality system for medical devices;
4.2: Document your medical device quality system;
5.1: Support Quality;
5.2: Focus on customers;
5.3: Establish a Quality Policy;
5.4: Perform Quality Planning;
5.5: Control your Quality Management System;
5.6: Carry out management reviews;
6.1: Provide quality resources;
6.2: Provide Quality personnel;
6.3: Provide quality infrastructure;
6.4: Provide quality environment
8.2: Monitor and measure quality;
8.3: Control your nonconforming products;
8.5: Take required remedial actions
Thanks & Best Regards,
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.