Risk-Based Validation of Commercial Off-the-Shelf Computer Systems - Pharmaceutical Technology

Latest Issue

Latest Issue
PharmTech Europe

Risk-Based Validation of Commercial Off-the-Shelf Computer Systems

Pharmaceutical Technology

Figure 3: Validation tasks for system risks and GMP categories, showing only validation phases.
The principle is shown for early validation phases in Figure 3. Of course, to generate such information is more time consuming and only makes sense if several systems in GAMP category three or five should be validated.


Risk analysis and evaluation of software and computer systems is a good tool to optimize validation costs by focusing on systems with high impact on both the business and compliance. Substantial cost savings are possible for medium and low-risk systems. Validation activities of a low-risk system can be limited to documenting which systems have been used. The risk is less dependent on the type of system than on the type of records generated by the system. For example, a LIMS system used in a research environment has a lower compliance risk than the same system used in pharmaceutical quality control.

Regulatory agencies require companies to base the extent of validation they complete on a justified and documented risk assessment. To do this efficiently, we recommend the following steps:

1. Develop a risk management master plan. This describes the company's approach to risk assessment and has templates and examples for easy and consistent implementation. This plan should also include validation tasks for each risk category.

2. Develop a risk management project plan for each computer system validation project. Use the risk management master plan approach as a source to define steps, owners, and deliverables.

3. Identify risks, possible hazards and harms and define the risk category, for example: high, medium, and low. This should be based on likelihood and severity. To estimate the severity, look at the records handled by the system and at their impact on product quality and consumer safety.

4. Determine validation tasks for each lifecycle phase. Use the approach, templates, and examples from the risk management master plan

5. Develop a risk management plan with a sound justification and the documentation of your results.

For the long term, we recommend that risk assessment be extended to full risk management with an action plan for risk mitigation and on-going review and control.

Ludwig Huber, PhD, is a compliance program manager at Agilent Technologies, tel. 1 49 7243 602 209,


1. "GAMP Good Automated Manufacturing Practice, Guide for Validation of Automated Systems in Pharmaceutical Manufacture," Version 3, March 1998, Version 4, December 2001.

2. US Food and Drug Administration,"Pharmaceutical CGMPs for the Twenty-First Century: A Risk-Based Approach," http://www.fda.gov/oc/guidance/gmp.html and "FDA Issues Final Report on its '21st Century' Initiative on the Regulation of Pharmaceutical Manufacturing," http://www.fda.gov/bbs/topics/news/2004/NEW01120.html (Rockville, MD, Sept. 2004).

3. US FDA, General Principles of Software Validation: Final Guidance for Industry and FDA Staff, (FDA, Rockville, MD, Jan. 2002).

4. US FDA, Guidance for Industry. Part 11, Electronic Records; Electronic Signatures—Scope and Application (FDA, Rockville, MD, Aug. 2003).

5. Pharmaceutical Inspection Convention, Good Practices for Computerized Systems Used in Regulated Environments (PIC/S, Geneva, Switzerland, Jan. 2002).

6. US FDA, Code of Federal Regulations, Title 21, Food and Drugs, Part 11 "Electronic Records; Electronic Signatures; Final Rule; Federal Register 62 (54), 13429-13466.


blog comments powered by Disqus
LCGC E-mail Newsletters

Subscribe: Click to learn more about the newsletter
| Weekly
| Monthly
| Weekly

Which of the following business challenge poses the greatest threat to your company?
Building a sustainable pipeline of products
Attracting a skilled workforce
Obtaining/maintaining adequate financing
Regulatory compliance
Building a sustainable pipeline of products
Attracting a skilled workforce
Obtaining/maintaining adequate financing
Regulatory compliance
View Results
Eric Langer Outsourcing Outlook Eric LangerBiopharma Outsourcing Activities Update
Cynthia Challener, PhD Ingredients Insider Cynthia Challener, PhDAppropriate Process Design Critical for Commercial Manufacture of Highly Potent APIs
Jill Wechsler Regulatory Watch Jill Wechsler FDA and Manufacturers Seek a More Secure Drug Supply Chain
Sean Milmo European Regulatory WatchSean MilmoQuality by Design?Bridging the Gap between Concept and Implementation
Report: Pfizer Makes $101 Billion Offer to AstraZeneca
Medicare Payment Data Raises Questions About Drug Costs
FDA Wants You!
A New Strategy to Tackle Antibiotic Resistance
Drug-Diagnostic Development Stymied by Payer Concerns
Source: Pharmaceutical Technology,
Click here