OR WAIT null SECS
System documentation should include a system description, history, validation information, and references, according to Siegfried Schmitt, Vice President, Technical at Parexel.
Q. Some 10 years ago, we implemented an electronic quality management system. Over the years, we have added some modules (e.g., for change control and deviation management). The system documentation was amended as changes happened. In a recent audit, we were given an observation: “Your system description does not meet regulatory expectations.” We are still unsure what is expected from us as we presented the system description given to us by the vendor, plus the validation documentation.
A. The regulatory authorities understand the importance of computerized systems in a modern pharmaceutical environment. They also understand the complexity of such systems and that these systems are likely to change over time. For that reason, companies must maintain an inventory of their automated systems, detail whether these systems are GxP-relevant, and if so, if these are validated. This is the very basis expected by the regulators. To understand the intended use of each system, a system description is also required. Your auditors found your system description deficient. You mention that you provided the system description written by the system manufacturer. This, I believe, is the key issue of concern.
Annex 11 of the European Union’s regulations state in paragraph 4.3: “An up-to-date listing of all relevant systems and their [good manufacturing practice] GMP functionality (inventory) should be available. For critical systems an up-to-date system description detailing the physical and logical arrangements, data flows and interfaces with other systems or processes, any hardware and software pre-requisites, and security measures should be available” (1).
Every company using the system will have different physical and logical arrangements, for example:
Therefore, each company’s system description will be unique. The manufacturer can only provide a generic description, which can of course be the basis for your individual one.
You also mention that you do have additional pieces of information about the system, which can be found in the validation documents. That may be so, but these pieces of information are not consolidated, interlinked, or otherwise logically connected to fulfill the requirements of the regulations, which call for an up-to-date system description for critical systems. Your system is obviously critical as you use it for GxP-critical processes.
It doesn’t mean that you should copy/paste all the information that can be found in your validation documentation or elsewhere, into a document called ‘system description’. It is perfectly acceptable to provide the relevant links. A system description could therefore be structured like this:
Following this advice, you should be able to prepare your system description, and I hope you will also find it a useful exercise as it will help you find all relevant information faster in future.
1. European Commission, EudraLex Vol 4, Annex 11 “Computerised Systems” (EC, 2011).
Siegfried Schmitt is Vice President, Technical at Parexel.
Vol. 45, No. 5
When referring to this article, please cite it as S. Schmitt, "Computerized System Descriptions–How Hard Can It Be?," Pharmaceutical Technology 45 (5) 2021.