Computerised digital information and document handling systems are at the heart of almost all life science and pharmaceutical industry operations. From the earliest phases of development to the last post-approval study, the data and technical documentation these systems manage are essential to the safe, effective creation of medicines and therapeutics for patients. Every passing year the life sciences industry’s approach to continuous improvement has seen the increasing application of computerised systems to deliver better results, ranging from lower-cost manufacturing and faster development timelines to breakthrough drugs and better patient health outcomes. But the industry’s increasing dependence on computer-based digital systems is not without its own capital investment and operational expense, and that includes the cost of computer system validation (CSV) and compliance.
At the heart of almost all life science and pharmaceutical industry operations are digital information and document handling systems. From the earliest clinical phases to the last post-approval study, the data and technical documentation these systems manage are essential to the safe, effective creation of medicines and therapeutics for all patients.
Every passing year, the life sciences industry’s approach to continuous improvement has seen the increasing application of computerised systems to deliver better results. Pharmaceutical Manufacturing’s fifth annual Smart Pharma survey found just over 88% of pharma manufacturers believe their company will choose to automate processes if given the option and approximately 90% of those responding had begun their digital transformation efforts1. It is a competitive imperative the life sciences industry can’t ignore as it seeks lower-cost manufacturing and faster development timelines to more breakthrough drugs and better patient health outcomes. The industry’s increasing dependence on computer-based digital systems requires capital investment and comes with an operational expense that includes the cost of computer system validation (CSV) and compliance—typically estimated to be 25% of overall project costs.
The life sciences industry’s ‘test everything approach’ has become outdated, leaving GMP manufacturing facility operators spending more time documenting than testing. In this article CSV consultant Brendan Walshe, from Zenith Technologies, a Cognizant Company, frames his perspective on the industry’s appetite for change and outlines how best-practice risk-based approaches can help shift CSV quality systems management into a more efficient and compliant gear.
Virtually every business and operational aspect involved in making pharmaceuticals, including each link in the global supply chain, is regulated for quality and safety. This includes validating computer system capabilities and demonstrating to regulators that system performance and data integrity support current Good Manufacturing Practice (cGMP). This creates the requirement for every FDA or EMA-regulated life science and pharmaceutical manufacturing organisation to validate all computerised systems that can influence the quality of its drug products.
Falling under quality systems management (QSM), CSV has had a place in quality and safety compliance for decades. However, because of the pervasiveness of computer systems across the complete spectrum of operations, CSV compliance has grown to be more time-consuming and costly. According to the FDA, Traditional CSV methodologies can see manufacturers spending as much as 80% of the time documenting processes, and only 20% of time testing the efficacy of the solutions2.
For many life sciences companies, the expense and resources associated with traditional CSV methodologies are becoming increasingly unsustainable. This has become especially apparent considering the kinds of QSM approaches and higher standards regulators are looking for in support of better cGMP compliance from the industry.
Besides economic arguments, there is growing interest among life science leaders and business developers to introduce ‘true’ risk-based validation. And for good reason — it is a high-value business strategy and relevant to the performance and costs associated with quality compliance and patient safety. The FDA and other regulatory agencies are now strongly encouraging pharmaceutical manufacturers to accelerate their adoption of risk-based CSV approaches in QSM operations.
Adopting a risk-based approach provides companies with continuous QSM improvement and a financially sustainable way to optimise system performance and cost-efficiency. A risk-based CSV strategy allows companies to consistently scale and add new features. However, implementing such an approach does not come without its own challenges. It is important for the industry to note that when integrating risk-based CSV concepts into QSM, they should fully encompass existing processes, practices and services.
Historically, risk-based CSV approaches have focused on functional risk assessments. In the past, countless hours and significant resources were leveraged to assess each function the computerised system provided, but then testing everything in an examinable way anyway. Instead, operations managers should focus QSM validations more closely on relative risk and apply the fundamentals of validation to obtain better a compliance stance in the eyes of regulators.
Quality and validation processes are important aspects of demonstrating control to regulators and assuring safe and effective products are manufactured and marketed. As mentioned, the extent of validation and the level of documentation detail should be based on risk to support product quality and patient safety. The aim should be to have the critical quality attributes (CQAs) satisfied by the design, with the actual or determined risk to quality and patient safety establishing the additional need for validation.
Currently, the focus has been on producing documentation and testing for the sake of testing. Instead, QSM managers should focus on their standard operating practices (SOPs), as well as how they interact with suppliers and how well they are validating their systems for better CSV quality and performance.
Implementing a true risk-based validation approach can be challenging and intensive. That’s why more pharma and life sciences companies are turning to CSV service providers to support their compliance efforts more effectively and cost-efficiently.
To accomplish CSV, companies have traditionally used GAMP (Good Automated Manufacturing Practice) guidance to shape compliance efforts. Designed to aid suppliers and users in the pharmaceutical industry, GAMP 5 describes the set of principles and procedures that help ensure that platforms and applications possess the required quality using the concept of prospective validation following a life-cycle model.
The System Development Life Cycle (SDLC) is a conceptual model used in project management that describes the stages involved in an information system development project, from initial feasibility through to maintenance of the completed application. SDLC can apply to technical and non-technical systems.
Other organisations are moving to adopt the approach outlined in American Society for Testing and Materials (ASTM) guideline ASTM2500. The ASTM2500 guidance describes a riskbased and science-based approach to the specification, design and verification of manufacturing systems and equipment that have the potential to affect product quality and patient safety.
To a certain degree, elements of ASTM look similar to the GAMP 5 guidelines as requirements and design are defined and detailed through User Requirements Specifications (URS), Functional Requirement Specifications (FRS), and Design Specification (DS) type documents. The approach described in the ASTM2500 guideline applies concepts and principles introduced by the FDA’s seminal initiative, “Pharmaceutical cGMPs for the 21st Century—A Risk-Based Approach.” The ASTM2500 guidance supports, and is consistent with, the framework described in:
The FDA guidelines have created the framework for effective CSV efforts and will continue to define the way compliance is shaped and remodelled over time. The ASTM2500 approach distributes the responsibilities of validation to earlier in the system’s development process.
A risk assessment can also help highlight where data integrity vulnerabilities are, such as those associated with human or machine interfaces where data manipulation occurs. The risk-based approach shifts focus toward assuring the identified risks to the process are mitigated and the executed process meets the target outputs.
Inefficient CSV programmes can be costly and can generate more work and complexity than is necessary to achieve QSM goals and compliance. Without adequate planning and preparation, it’s not will the computer system validation process fail, but when.
When a pharmaceutical company is audited, the focus usually is on their QSM strategies and approaches as opposed to auditing to gain confidence that the system can compliantly meet all critical requirements. Without an effective strategy, computer system validation can encounter several problems, eventually leading to failure of the process.
The FDA is expected to release a new guidance document, “Computer Software Assurance (CSA) for Manufacturing, Operations and Quality System Software,” in the near future.
This new guidance is highly anticipated because it will outline the streamlining of computer software systems and validation compliance. The FDA is leaning towards a Case for Quality (CfQ) approach, allowing device manufacturers to focus on enhancing device quality and patient safety. With CSA, the FDA is placing the emphasis on what directly impacts patients or product quality and businesses will be able to define how much testing is required and only test based on risks and CQAs.
The three main macro trends driving CSV presently are the desire to go paperless, to employ the agile development model and scalable elastic cloud technology adoption.
1. Going paperless
Current CSV manual practices are typically slow, cumbersome, and unreliable. Companies are starting to move to digital validation lifecycle management solutions (Automated Validation). As the digital world evolves, new technologies including automation are hitting the marketplace and focusing on quality through automated testing and smart applications.
The FDA encourages the use of automation, their tools, and underlying IT solutions as they reduce errors in testing, optimise the usage of resources, and ultimately reduce patient risk.
2. Agile development
The Agile SDLC model provides an opportunity for innovating new procedures, methodologies, and approaches. The agile approach of continually validating individual features lets you move through development faster with fewer revisions and bottlenecks. Agile development makes quality part of the process from the beginning and facilitates the use of automated testing for regression tests.
3. Cloud technology adoption
Adopting cloud technology can help information technology organisations reduce operational costs, be more flexible, agile, scalable and quickly meet ever-changing business needs. Cloud deployment models such as IaaS, PaaS, SaaS require different CSV strategy and levels of documentation based on the model adopted by the organisation.
Various Cloud deployment model-based lab IT systems require different CSV strategy:
1. Infrastructure as a service (IaaS) lab IT systems would require qualification of the servers and applications, plus data validation on these servers.
2. Platform as a service (PaaS) lab IT systems would require organisations to qualify the application data depending on the extent of customisation/configuration specific to their need, leaving server components qualification with the cloud vendor.
3. Software as a service (SaaS) based IT systems would be managed/qualified by the software vendor, leaving the organisation’s IT system process validation with their IT teams.
Given the imperatives of drug product quality and patient safety, there is no time like the present to engage a proactive risk-based CSV strategy. It’s good for operations, it’s good for business continuity and great for patients.
However, not all pharma organisations have the internal resources to successfully develop an effective CSV protocol. To that end, more of pharma is turning to external information and systems technology vendors that have dedicated teams and technologies to craft a more practical, affordable approach to CSV compliance.
It remains best practice in QSM development to engage the best resources and partners available. This allows manufacturers to then leverage their expertise and experience to develop a clear strategy that can transition current CSV methodology so they can focus more comprehensively on data integrity, quality assurance and patient safety.