Validation is the most used and common term to verify the GxP systems, whether they are in systems or in labs. All the required precautions should be followed and maintained every time to keep the system compliant that is used directly or indirectly in the healthcare system.
GxP and its Function:
One of the major goals and the most concerning things for any healthcare and pharmaceutical industry, which they always struggle to maintain the balance and try to sort out, is safety.
GxP is a set of regulations and quality guidelines formulated by the US FDA (United States Food and Drug Administration) in collaboration with ICH (International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human Use) to ensure the safety of life sciences products while maintaining the quality of processes throughout every stage of manufacturing, control, storage, and distribution. This applies to any organization that generates data submitted electronically in regulatory (e.g., FDA, EMA, TGA) filings. Such software must also include electronic signatures.
GxP in Validation is “when computers or automated data processing systems are used as part of production or the quality system, the (device) manufacturer shall validate computer software for its intended use according to an established protocol.”
The relevant GXP system is all or any systems that have an impact on:
Patient Health & Safety
Product Quality
Data Integrity
What needs to be validated?
When it comes to what exactly needs to be validated, as per the FDA’s ICH 21 CRF Part 11 requirements, all software in the computer system used in GxP activities must be validated. Validation of computer system software is completely different from validation of device software. Computer system validation is more than testing. System validation performs testing, design control, and configuration management along with testing.
Is it specific to an application?
Well, this varies between non-configurable systems and configurable systems.
If it is a non-configurable system, like lab equipment or instruments or medical devices, the testing or validation should basically be performed to prove that the system is meeting all the expectations mentioned in the URS (User Requirement Specifications) Document, which will be filled in by the user for his requirements. The systems tests covered for this kind of testing are
- Installation Qualification (IQ)
- Operational Qualification (OQ)
- Performance Qualification (PQ)
When it is a configurable system or customized system like software used for reporting to regulatory or any software embedded with instruments or medical devices to perform the intended use to meet the business needs as per the URS document, additional tasks and testing will be performed along with the IQ, OQ, and PQ.
- Validation Plans Preparation
- Functional requirements specification
- Design verification
- Installation Qualification (IQ)
- Operational Qualification (OQ)
- Performance Qualification (PQ)
- Reporting
As per the FDA, validation is “confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses in their environment”.
Validation of the system is the ultimate responsibility of the user. Here, the user is the healthcare or pharmaceutical company that is using the product or process with software to report to regulatory bodies.
The software cannot be completely validated by any vendor on its own. Instead, it must be validated:
- In the user’s environment
- Within the user’s intended workflow
- As specified in the organization’s standard operating procedures (SOPs)
All these processes should be documented to ensure that the software specifications conform to the user’s needs.
The user may also audit the software service provider to confirm that they have a QMS (Quality Management System) and a process.
Validation service providers can certainly assist in validation by providing documentation and technical assistance for IQ, OQ, and PQ. They may also offer validation services like consultations, and documentation, or may be involved more actively in other tasks. Still, it is the ultimate responsibility of the user to validate that the system meets their requirements.