A Perspective on Computer Validation - Pharmaceutical Technology

Latest Issue

Latest Issue
PharmTech Europe

A Perspective on Computer Validation
This article provides a historical review of computer validation in the pharmaceutical industry within the last three decades, evolving from the early years' initial concept and approach to today's current practices. Also included is how the regulations and industry have progressed in addressing the topic of computer validation.

Pharmaceutical Technology

Perspective on enforcement and observations

We can understand FDA concerns about computer systems as we look at the following examples. The "Therac-25" medical-device software went awry between 1983 and 1987, overdosing patients with X-rays (21). FDA stopped the use of the device. According to the recollection of the authors, Wyeth Laboratories Inc. is believed to have received the first computer validation–related 483 from Center for Drug Evaluation and Research (CDER) in October 1983 for a lack of documentation for the validation of a computer system used for the statistical analysis of data. In the late 1980s, the generic-drug scandal caused concern because data had been falsified. One of the authors served as a witness in a grand jury investigation of the generic-drug scandal. Interestingly, Phil Piasecki, a former FDA official who later worked in the industry, once told one of the authors of an observation he made on computer systems. He noticed that the red light of a dehumidifier in a data center was on. After inquiring about the dehumidifier's purpose, he cited the company for not having a standard operating procedure (SOP) for its use and maintenance.

These examples illustrate the wide range of enforcement actions and levels of impact on patients' safety (from serious to limited and indirect impact). Since the mid 1990s, we have also seen numerous observations relating to computer-validation issues, ranging from "the system is not validated" to "the SOP is not followed." Since the early 2000s, however, it seems the number of observations has decreased. Between 2000 and 2005, the number of Warning Letters issued decreased by 50% (22), perhaps resulting from a shift in FDA's focus after the 9/11 attack in 2001 to homeland security and food safety (23). At the same time, FDA faces a decrease in budget spending (24).

FDA's presentation titled "Data Integrity, Another Looming Crisis," revealed its recent enforcement has focused on record integrity (25). The presentation made it clear that based on recent inspection findings, FDA would refocus on the integrity of e-records and train inspectors in this topic. Despite challenges that FDA faces, it has increased significantly the understanding and knowledge of computer systems in the industry. The agency actively participates and has a Computer System National Expert representing FDA in industry forums (e.g., GAMP), as well as providing computer validation training courses internally and through selected providers. Hence, although we are now seeing fewer computer-validation 483s, partly because FDA is citing predicate rules instead of Part 11, these 483s are more meaningful and should not be interpreted as a reflection of relaxed enforcement.

Perspective on computer-validation practices

The Standish Group's "Chaos" reports, indicate that "incomplete requirements and specifications" and "changing requirements and specifications" are two of the top three "project challenged factors" for computer-system projects (26). This assessment seems to hold true in today's computer-validation practices. An informal poll conducted by the authors indicates that user requirements are the main challenge when validating a computer system. User requirements have been a factor since the early years of computer validation. Nonetheless, the general understanding about how to conduct computer validation in the industry has increased since the 1990s, and most companies now have groups or departments dedicated to computer validation. Since the introduction of the Sarbanes–Oxley financial regulations for a publicly traded company, more and more information technology (IT) departments have established compliance groups. It is generally accepted now that IT infrastructure must be qualified to meet growing regulatory requirements across the business.


blog comments powered by Disqus
LCGC E-mail Newsletters

Subscribe: Click to learn more about the newsletter
| Weekly
| Monthly
| Weekly

FDASIA was signed into law two years ago. Where has the most progress been made in implementation?
Reducing drug shortages
Breakthrough designations
Protecting the supply chain
Expedited reviews of drug submissions
More stakeholder involvement
Reducing drug shortages
Breakthrough designations
Protecting the supply chain
Expedited reviews of drug submissions
More stakeholder involvement
View Results
Eric Langerr Outsourcing Outlook Eric LangerTargeting Different Off-Shore Destinations
Cynthia Challener, PhD Ingredients Insider Cynthia ChallenerAsymmetric Synthesis Continues to Advance
Jill Wechsler Regulatory Watch Jill Wechsler Data Integrity Key to GMP Compliance
Sean Milmo European Regulatory WatchSean MilmoExtending the Scope of Pharmacovigilance Comes at a Price
From Generics to Supergenerics
CMOs and the Track-and-Trace Race: Are You Engaged Yet?
Ebola Outbreak Raises Ethical Issues
Better Comms Means a Fitter Future for Pharma, Part 2: Realizing the Benefits of Unified Communications
Better Comms Means a Fitter Future for Pharma, Part 1: Challenges and Changes
Source: Pharmaceutical Technology,
Click here