Qualification & Validation
Qualification & Validation
Quality Assurance
Quality Assurance
Regulatory Affairs
Regulatory Affairs
Clinical
Clinical
Lab Services
Lab Services
Vigilance
Vigilance
Software Solutions & Services
Software Solutions & Services
Tox green
Toxicology
Pharma (2)
Pharma & Biotech
Medical Devices (2)
Medical devices
IVD (2)
In vitro diagnostics
Search QbD Group
  • There are no suggestions because the search field is empty.

10 things you should know before validating Computerized Systems

Author Avatar
Leslie Cisneros, Validation & Qualification Specialist at QbD Group
Software Solutions & Services
Calander_icon

Not sure where to start when validating your computerized systems? Follow these 10 steps as a guideline.

10 things you should know before validating Computerized Systems
8:03

1. Define the CSV Team

This is one of the first activities that shall be defined before starting the validation of the computerized system(s). The Validation Team oversees all the computerized system validation (CSV) projects at a site, or within a department. These validation projects will be defined in the Validation Master Plan.

Whether the team is already formed, it is recommended to identify the people who will be part of the Computerized Systems Validation team (CSV Team), since this team will be responsible for the creation and maintenance of the Validation Methodology of Computerized Systems, such as the Validation Master Plan for Computerized Systems (CS), CS Inventory, CSV procedures, formats, and for carrying out the CSV activities, documentation, executions, and reports.

2. Define CSV Team Members

Whether you contract a third party for the validation of the computerized systems, or it is company personnel, the CSV team must be defined.  

The CSV team members should be representatives from the following functional areas as appropriate to the site or department: Users, Quality Assurance, Validation Engineering, IT Department, and other relevant parties. 

The CSV team members should be sponsored by one of the most senior managers within the site or department. 

3. Define CSV Team Responsibilities

CSV Team will be responsible for creating and maintaining the Computerized Systems Validation Methodology. Responsibilities include, but are not necessarily limited to:

  • Identifying Computerized systems or applications requiring validation
  • Prioritizing and justifying the validations to be performed
  • Developing the initial Validation Master Plan and producing subsequent revisions as required
  • Directing the project team on adapting the Validation methodology to their project
  • Developing solutions to quality and compliance issues
  • Coordinating validation projects, resourcing validation projects, including approving the use of consultants
  • Creating and reviewing validation documentation. 

4. Review Validation Master Plan

Each site should establish a Validation Master Plan (VMP), which describes all the required validation activities and assigned responsibilities, priorities, and timings for actions. The CSV Team should review and approve this site plan.  

All CSV projects should either be included in this Validation Master Plan, or the CSV team shall create a separate Computer Systems Validation Master Plan.  

The Validation Master Plan should be a dynamic document which at any point in time will represent:  

  • which systems exist on site 
  • which systems require validation 
  • who is responsible for each validation project 
  • the status of the individual validation projects 
  • the date for completion of each validation project

All upgrades and periodic reviews should also be added to this plan. 

5. Create a CSV SOP

The CSV Team shall create the CSV SOP. This SOP aims to describe the CSV methodology for GxP regulated computerized systems installed at the site. This methodology ensures that computerized systems will reproducibly perform the functions they are designed to do and are suited for their intended use. 

The CSV procedure shall apply to all computerized systems owned by the site that create, modify, maintain, archive, retrieve or transmit information in support of GxP activities or to all those systems that need to be validated for any regulatory or compliance purpose. The templates for all validation documents shall be included in the SOP. 

6. Create a Computerized Systems Inventory

CSV Team shall create an inventory of all computerized systems in use within a given site or department. Creating an inventory is the first step in identifying systems that require validation. The information of the CS Inventory shall include, but it is not limited to:

  • System reference number or ID
  • System Name
  • Supplier
  • Use
  • System Owner
  • Business Areas Impacted
  • Location
  • Qualification Status
  • Operating System
  • Operation System Version 

This inventory can be added if the system generates electronic records, uses electronic signatures, and has an Audit Trail. 

7. Identify Systems that require Validation

The System Owner and CSV Team are responsible for identifying systems that require validation. Each system that has been identified must be assessed to see whether it performs quality or business-critical functions, whether there are sufficient controls to ensure its performance, and whether it should be validated or not.  

The system owner is responsible for completing the assessment of each system and updating that assessment whenever there are changes to the system.  

A quick evaluation can be performed to discern whether the system requires validation or not, for example: 

  • GxP Impact Evaluation, the system have a direct impact on the product quality, patient safety or data integrity? 
  • CFR 21 part 11 Evaluation, the system handled electronic records? Electronic signatures? 

This evaluation shall be strengthened when the validation plan will be created for each system. 

8. Determine Validation Priority

Once the systems that require validation had been identified, it will be necessary to determine the priority of each system validation (or validation project) within a site or department. To determine the priority of each validation, a risk assessment of all the validation projects shall be performed.  

Validation Priority should be given to those systems that pose a greater risk to product quality, patient safety, and business. 

9. Understand the Computerized System

An understanding of the supported process by the computerized system is fundamental to determining system requirements, the basis of the validation effort. In this stage, it is suggested to do a mapping of the process flows performed in the system. 

Efforts to ensure fitness for intended use should focus on those aspects that are critical to patient safety, product quality, and data integrity. These critical aspects should be identified, specified, and verified. 

10. Identify CSV roles

It is important to identify the Business Owner, System Owner, and Subject Matter Experts since they are the ones who support the activities of the validation of the system. In some cases, the process owner also maybe the system owner. 

  • Process Owner: The person ultimately responsible for the business process or processes being managed. This person is usually the head of the functional unit or department using the system. However, the role should be based on specific knowledge of the process rather than position in the organization. The process owner is responsible for ensuring that the computerized system and its operation are in compliance and fit for intended use according to applicable Standard Operating Procedures (SOPs) throughout its useful life. Responsibility for control of system access should be agreed upon between process and system owner.
  • System Owner: The person ultimately responsible for the availability, support, and maintenance of a system and the security of the data residing on that system. This person is usually the head of the department responsible for system support and maintenance. However, the role should be based on specific knowledge of the system rather than position in the organization. The system owner is responsible for ensuring that the computerized system is supported and maintained by applicable SOPs. Responsibility for system access control should be agreed upon between the process and system owner.
  • Subject Matter Expert (SME): Those individuals with specific expertise in a particular area or field. SMEs should take the lead role in the verification of computerized systems. SME responsibilities include planning and defining verification strategies, defining acceptance criteria, selecting appropriate test methods, execution of verification tests, and reviewing results.  
Software Solutions & Services
 
 

Stay ahead in life sciences

Keeping up with the fast-paced life sciences industry doesn’t have to be overwhelming.

Our newsletter delivers the latest insights, industry updates, and expert content directly to your inbox, helping you stay informed and make smarter decisions.

Subscribe to our newsletter
Circles-banner-short

Discover more expert content

preview_image
Webinar

From Requirements to Code: a unified MDSW development cycle that covers all requirements

Watch our webinar on demand to master medical device software development. Learn about IEC standards, cybersecurity, AI integration, and FDA expectations.
Read more
preview_image
Whitepaper

Mobile health on the rise: exploring the regulatory landscape for reimbursement

This whitepaper will help you navigate the maze of the DTx regulatory environment, highlighting several important countries and regulations.
Read more
preview_image
Whitepaper

GAMP 5 Software Validation Approach for GMP, GCP and GLP regulations

Learn how to comply with GMP, GCP, and GLP regulations using the GAMP 5 Software Validation Approach. Download the whitepaper for more insights.
Read more
preview_image
Webinar

Getting Started: Overcoming Initial Obstacles in Medical Device Software Development

Watch our webinar on demand and learn about regulatory obstacles, MDR, AI Act, and best practices for medical device software development and market entry.
Read more
Discover all