Computer System Validation

With over 15 years of computer systems validation experience, we work to create CSV processes that are based on FDA regulations and guidance, best practices, and the characteristics of the system being validated.

Computer systems validation (CSV) is a critical requirement of electronic record and system compliance, as described in the FDA 21 CFR 11.10(a) and EMA Annex 11, Section 4. The validation process is designed to provide a high degree of assurance that both new and existing computer systems will consistently fulfill their intended purpose by producing results which meet predetermined specifications and quality attributes – accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

As scientific applications constantly evolve to keep up with the needs of the people and businesses that use them, Life Science companies must perform validation activities on an ongoing basis in order to reduce compliance risk, ensure quality, and maintain data integrity.

A “Computer System” in an FDA regulated laboratory is more than just computer hardware and software – it also includes any equipment and instruments linked to the system, as well as the trained staff that operate the system and/or equipment using Standard Operating Procedures (SOPs) and manuals. Computer system validation requires a comprehensive set of both static and dynamic testing activities that must be conducted throughout the Software Document Life Cycle (SDLC)

At Elkforce, we are experts in IT risk identification and management along with regulatory compliance. As such, we understand that computer system validation is not a “one size fits all” process. With over 20 years of validation experience, we work to create CSV processes that are based on the latest FDA regulations and guidance (GAMP®5: A Risk-Based Approach to Compliant GxP Computerized Systems), best practices, and the characteristics of the system being validated. Our CSV processes typically involve:

  • System inventory and assessment – determination of which systems need to be validated

  • User requirement specifications – clearly defines what the system should do, along with operational (regulatory) constraints

  • Validation plan – defines objectives of the validation and approach for maintaining validation status

  • Risk assessments – analysis of failure scenarios

  • Functional requirement specifications – clearly defines how the system will look and function for the user to be able to achieve the user requirements.

  • Network and Infrastructure Qualification – documentation showing that the network and infrastructure hardware/software supporting the application system being validated has been installed correctly and is functioning as intended

  • Installation Qualification (IQ) Scripts and Results – test cases for checking that system has been installed correctly in user environment

  • Operational Qualification (OQ) Scripts and Results – test cases for checking that system does what it is intended to do in user environment

  • Performance Qualification (PQ) Scripts and Results – test cases for checking that System does what it is intended to do with trained people following SOPs in the production environment even under worst case conditions

  • Validation Report – a review of all activities and documents against the Validation Plan

  • System Release Documentation – documents that validation activities are complete and the system is available for intended use.