FDA requires that all computer systems used to produce, manage and report on “GxP” (GMP, GLC, GCP) related products be validated and maintained in accordance with specific rules. This webinar will help you understand the FDA’s current thinking on computer systems that are validated and subject to inspection and audit. It will also take into account areas where FDA will likely focus their effort, including on the higher-risk systems.

As a “GxP” system, following Good Manufacturing, Laboratory and Clinical Practices, the computer system must be validated in accordance with FDA requirements. If electronic records and/or electronic signatures (ER/ES) are incorporated into the system, FDA’s CFR Part 11 guidance on ER/ES must be followed.

This webinar will focus on the key areas that are most important, including security and data integrity. Implementing and following the System Development Life Cycle (SDLC) methodology is the best approach for computer system validation and maintaining data integrity. The life cycle approach takes all aspects of validation into account throughout the life of the system and the data that it houses. The data is a key asset for any FDA-regulated company and must be protected through its entire retention period.

In preparation for an audit, it is important to assess the documentation that was prepared when each GxP system was validated to identify and remediate any gaps or issues.  The FDA contact person(s) should be able to tell the story of how each system came into Production in a validated state and how each system is maintained in that validated state with the data integrity assured.

It’s important to have the right resources and understanding of the process prior to any inspection. Having the validation information available and key resources who can speak to various components of it is critical and should be arranged in advance.

You will learn some tips based on real FDA inspections and lessons learned that will be shared with the audience.

FDA requires that all computer systems that handle data regulated by the Agency to be validated in accordance with their guidance on computerized systems. In 1997, 21 CFR Part 11 was issued to address electronic records and signatures, as many laboratories and other FDA-regulated organizations began seeking ways to move into a paperless environment.  This guidance has been modified over the years to make it more palatable to industry, and this includes discretionary enforcement measures. The intent was to avoid creating a huge regulatory compliance cost to industry that was initially preventing companies from embracing the technology.

In 2022, FDA issued a draft guidance for Computer Software Assurance (CSA), based on critical thinking, and taking into consideration use of non-linear SDLC methodologies and automated testing. We will discuss how GAMP5, 2nd Edition aligns with CSA and provide a streamlined approach to effective validation.

The first step in preparing for an FDA audit of your computer systems will be to have a GxP System Inventory available to show them, and we will cover this. You then must be confident these systems are validated in accordance with FDA predicate rules, CSV/CSA, 21 CFR Part 11 (ER/ES) and data integrity requirements. The first line of defense is for QA to perform an internal audit to identify and remediate gaps before FDA arrives.

This session will provide some insight into current trends in compliance and enforcement that can help in preparation for an FDA inspection or audit of computer systems that are regulated. There are some key areas of focus that will be covered that will help you to plan for an on-site inspection.