Implementing CSA for GxP Systems - Transition, Documentation, and Post-Transition Challenges and Opportunities

Overview

Computer system validation has been regulated by FDA for more than 30 years, as it relates to systems used in the manufacturing, testing and distribution of a product in the pharmaceutical, biotechnology, medical device or other FDA-regulated industries. The FDA requirements ensure thorough planning, implementation, integration, testing and management of computer systems used to collect, analyze and/or report data.

Electronic records and electronic signatures (ER/ES) came into play through guidelines established by FDA in 1997, and disseminated through 21 CFR Part 11. This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

In the early 2000s, FDA recognized they could not inspect every computer system at every regulated company and placed the onus on industry to begin assessing all regulated computer systems based on risk. The level of potential risk, should the system fail to operate properly, needed to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process. System size, complexity, business criticality, GAMP®5 category and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety.

Until recently, the traditional approach to Computer System Validation (CSV) was believed to be required by FDA. It was also believed that following GAMP®5 practices was also a requirement. While FDA will tell industry WHAT is required, they have never dictated HOW those requirements should be met. Each company that is FDA-regulated must use critical thinking, as described in the CSA approach to come up with the most practical and innovative way to adhere to the regulations. They still must meet WHAT FDA requires, but HOW must be evaluated and determined in order to comply.

GAMP®5, Second Edition aligns well with CSA, and the two used in concert can provide a more effective and efficient means of reaching compliance for computer systems used in regulated processes.

Why Should You Attend

This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.).

Attendees will learn how to adapt their current method of validating FDA-regulated computer systems to align with both GAMP®5, Second Edition, published in July 2022, and CSA, a new approach that is subject of a Draft guidance from FDA that was issued in September 2022. These two guidances will reshape the way companies handle validation of computer systems that are based on newer and more innovative technologies.

Rather than avoiding these modern breakthroughs in technology and continuing to rely on older ways of conducting business, attendees will learn how to adapt their current practices and thinking about validation to leverage these innovative tools and advance their ability to bring their companies to a new level of success. Newer technologies will help them bring more advanced products to the marketplace and this can be achieved by learning how to approach validation to continue meeting FDA compliance. These include cloud-based services, Software-as-a-Service (SaaS) solutions, and software that incorporates Artificial Intelligence (AI), Machine Learning (ML) and Large Language Models (LLMs), such as ChatGPT.

Agenda

• Learn how to identify “GxP” Systems

• Discuss the traditional Computer System Validation (CSV) approach based on FDA requirements

• Learn about the System Development Life Cycle (SDLC) approach to validation

• Understand how the FDA draft guidance on Computer Software Assurance (CSA) differs from traditional CSV, and how it supports GAMP®5, 2nd Edition

• Understand how GAMP®5 2nd Edition differs from the original GAMP®5, how it aligns with CSA and the best practices that will impact your validation work

• Understand the need to include an assessment of a computer system’s size, complexity, business criticality, GAMP®5 category and risk, should it fail, to develop a cohesive and comprehensive validation rationale

• Learn how to conduct a risk assessment on computer systems that will provide the basis for developing a validation rationale

• Understand how to ensure testing of requirements is based on risk

• Understand the importance of preparing a Requirements Traceability Matrix (RTM) as evidence that every requirement is supported by one or more test scripts

• Understand how to maintain a system in a validated state through the system’s entire life cycle

• Learn how to assure the integrity of data that supports GxP work by meeting the “ALCOA+” principles: Attributable, Legible, Contemporaneous, Original or “True” Copy, Accurate, Complete, Consistent, Enduring and Available

• Understand the key components of 21 CFR Part 11 compliance for electronic records and signatures: Accurate, Secure, Authentic, Trustworthy, Reliable & Confidential (in the case of privacy data)

• Understand how to validate systems that are Commercial-Off-the-Shelf (COTS), cloud-based and Software-as-a-Service (SaaS) solutions

• Discuss the importance of “GxP” documentation that complies with FDA requirements

• Discuss the best practices for documenting computer system validation efforts, including requirements, design, development, testing and operational maintenance procedures

• Understand the training required to support validation efforts

• Learn how to incorporate an Organizational Change Management (OCM) component into a validation project to improve acceptance of newer technologies and ways of doing things

• Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state

• Understand the importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver

• Learn how to best prepare for an FDA inspection or audit of a GxP computer system

• Know the regulatory influences that lead to FDA’s current thinking

• Learn about the current FDA trends in compliance and enforcement

• Understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment, to ensure data integrity is maintained throughout the entire data life cycle

• Q&A

Who Will Benefit
• Information Technology Analysts

• Information Technology Developers and Testers

• Software Quality Assurance Professionals

• QC/QA Managers and Analysts

• Analytical Chemists

• Compliance and Audit Managers

• Laboratory Managers

• Automation Analysts

• Manufacturing Specialists and Managers

• Supply Chain Specialists and Managers

• Regulatory Affairs Specialists

• Regulatory Submissions Specialists

• Risk Management Professionals

• Clinical Data Analysts

• Clinical Data Managers

• Clinical Trial Sponsors

• Computer System Validation Specialists

• GMP Training Specialists

• Business Stakeholders/Subject Matter Experts

• Business System/Application Testers

• Vendors responsible for software development, testing and maintenance

• Vendors and consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance

Description

FDA’s recent focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries. These include all systems that “touch” product, meaning they are used to create, collect, analyze, manage, transfer and report data regulated by FDA. All structured data, including databases, and unstructured data, including documents, spreadsheets, presentations, images, audio and video files, amongst others, must be managed and maintained with integrity throughout their entire life cycle.

We will explore the latest best industry practices offered in GAMP®5 2nd Edition and FDA’s Draft Guidance for Computer Software Assurance (CSA) to understand what these both offer to those responsible for validation of computer systems in the FDA-regulated industries. The importance of applying critical thinking when carrying out FDA-regulated operations and activities. We will cover the changes and impact on validation as a result, and how these can benefit any team performing validation activities in terms of reducing both resources and costs while providing compliant systems.

We will explore the best practices and strategic approach for evaluating computer systems used in the conduct of FDA-regulated activities and determining the level of potential risk, should they fail, on data integrity, process and product quality, and consumer/patient safety. We will walk through the System Development Life Cycle (SDLC) approach to validation, based on risk assessment, and will also discuss 21 CFR Part 11 and the importance of managing electronic records and signatures appropriately.

In particular, we will discuss the rationale for following an SDLC methodology other than the traditional waterfall approach. Non-linear approaches to developing, testing and supporting systems, including agile, will be reviewed in terms of advantages and how to handle documentation. This will include discussion of using automated test tools. We will show how to adapt the traditional GAMP®5 “V” model, originally intended for use with a waterfall SDLC approach, to the more common agile methodology followed today.

We will discuss the use of Commercial-Off-the-Shelf (COTS), cloud-based and Software-as-a-Service (SaaS) solutions, and how to validate them for FDA compliance. The System and Organization Controls version 2 (SOC 2) certification is a key factor in compliance, and we will discuss the importance of knowing cloud-based environments that handle cybersecurity threats through their certification.

We will briefly discuss the use of more modern software programs, including those incorporating Artificial Intelligence (AI), Machine Learning (ML) and Large Language Models (LLMs), including ChatGPT.

We will also walk through the entire set of essential policies and procedures, as well as other supporting documentation and activities, including training, that must be developed and followed to ensure compliance. We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services used in FDA-regulated operations.

We will also stress the importance of incorporating an Organizational Change Management (OCM) component into your project plans. Many of the newer technologies and approaches we will discuss may pose a challenge when trying to adopt them in an organization rooted in past ways of doing things. Newer techniques are needed to bring them on board with the road ahead.

Finally, we will provide an overview of industry best practices, with a focus on critical thinking, data integrity and risk assessment, that can be leveraged to assist in all your GxP work. These will be presented in the context of applying GAMP®5, Second Edition and CSA.