GxP Systems Validation: Not A One-Time Occurrence

An organization’s good “x-variable” practice (GxP) system is only as reliable as its validated state. Once a system is identified as a GxP system, the validation work has only just begun. Ongoing software updates and changes for manufacturing, clinical, or laboratory systems within a life sciences organization could be required at any time, depending on the needs of business. As such, subsequent assessment of any changes or updates becomes necessary, which introduces the need to conduct periodic review and subsequent revalidation activities if required.

The current best practices recommend regular GxP system periodic reviews to make sure the system is operating as intended. The U.S. Food & Drug Administration (FDA) emphasizes GxP systems validation, whether computer system validation (CSV) or computer software assurance (CSA). To ensure that the system remains in its validated state, any validation regular maintenance should also involve a periodic review of the documentation provided during the initial validation. It can be a cumbersome process that requires comprehensive guidance, step-by-step planning, and appropriate execution and reporting of validation activities. Establishing and executing a periodic review checklist for validation stream can ensure the intended functioning of GxP systems.

Validation and purpose defined

At its core, validation is the establishment of documented evidence that provides a high degree of assurance that a specific process will consistently produce a product that can meet its predetermined specifications and quality attributes. Validation can apply to any process, including those that are managed and/or controlled by computerized systems. The minimum requirements to ensure a GxP system for patient safety, product quality and data integrity are:

• Ensure that the GxP system is installed and operating for its intended purpose.
• Verify that processes, procedures, and personnel are collaborating to provide a reproducible process.
• Confirm that the data generated by the system meets all requirements for data integrity.

In addition to CSV, there are various types of validation that cover a range of needs, including:

• Process/equipment validation: Covers three domains for equipment—installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ).
• Cleaning validation: Procedures that prove validated equipment can be cleaned reliably and reproducibly to predetermined and acceptable limits.
• Method validation: Establishes documented evidence that a method or procedure is suitable for its intended purpose.

Why validation is necessary today

GxP systems must remain in a validated state for the lifetime of the system for many reasons. If regular reviews are not conducted to ensure a validated state of a system, any gaps present will negatively affect the system and its intended purpose. There is a possibility that these gaps might directly or indirectly impact patient safety, product quality, and/or data integrity. Periodic review for validation should preferably occur every three years, with any high-risk systems receiving review every two years. It is recommended for the initial validation to follow these seven phases of the software development lifecycle:

1. Concept and planning
2. Requirements
3. Design
4. Build
5. Test
6. Deployment and maintenance (initiation of periodic reviews)
7. Retirement.

Comprehensive documentation should be created as part of the initial validation. Once the system is validated, a regular review of existing documentation verifies and ensures the system remains in a validated state. Maintaining a validated state also satisfies global validation guidelines and regulations.

Making the validation decision

Experts recommend that any GxP system’s first review covers the period from the completion of the system’s most recent full validation up to the first review date. It is important to document this initial review, as should all subsequent reviews, to assess the period since the completion of each most recent review.

Consider evaluating the following items during the periodic review:

• Description of system, critical subsystems, equipment, hardware, software
• Effects of all initiated changes to date
• All deviations and incidents
• Maintenance and calibration records
• System logs and/or any other performance trending
• Regulatory requirements that existed at the time of the previous validation/periodic review and those that are new.

During the process of periodic review, decisions will have to be made as to whether full revalidation of systems will be required, or if partial revalidation, or no additional validation at all, would be necessary. The outcome is based on recurring periodic assessments of the respective systems in comparison to their initial validation documentation.

Creating a periodic review checklist

Devising a comprehensive checklist is the most efficient and effective way to ensure that GxP validation remains the desired standard and that product quality is upheld. The list should be modified continuously based on the current industry ideal. Used this list of suggested categories and tasks/items as part of a system’s overall review:

1. Official validation documents. Organize and file critical documentation including specifications, plans, change logs, reports and operations manual as well as details about data retention and other related protocols.
2. Regulatory and company requirements. Ensure that all external and internal policies are written, reviewed, updated as needed, approved by management, and disseminated to all stakeholders.
3. Assessment and resolution of validation issues. Identify problems from previous validation reports. Discuss, address, and resolve.
4. Make sure documentation is readily available for internal and external audits.
5. Updates and modifications. Create a log for the tracking of updates and modifications required and completed for the system.
6. Incident tracking. Create and use a log to make sure nothing falls between the cracks.
7. Operation and maintenance procedures. Ensure tasks and work completed by vendors are identified. Implement user training and make sure standard operating procedures are in place.
8. Risk assessment and security. It is important to write policies for all internal and external systems and related components and disseminate them to all stakeholders. This includes comprehensive risk and disaster recovery protocols.

Maintaining validated state

It is important for organizations to understand how to maintain a validated state for their GxP systems. One solution is to develop a well-guided plan that supports the initial documentation. Validation should be accomplished using checklists during the lifecycle of a system. When any issues are identified, assess the gaps, create a remediation plan, and expedite any required validation measures efficiently to ensure the system or equipment remains up to date with its intended purpose. Appropriate guidance can help to accomplish these tasks without risk to data integrity, quality assurance, and patient’s quality of care.

About the Author: