February 13, 2020 Blog Post
Computer System Validation Part 2:
What is a Risk-Based Approach?
Hello Readers! When it comes to validating computer systems and software applications within our highly regulated Life Sciences space, most everyone agrees that using risk-based principles is the best way to target the most important and critical-to-quality elements. This kind of approach not only satisfies the various regulations around the world but also produces a reliable system that does what it is intended to do.
Interestingly, it has not been regulators providing workable guidelines for how to implement such an approach. For this, we turn to the International Society for Pharmaceutical Engineering (ISPE) and the GAMP-5 guidelines. GAMP-5 has become the industry standard methodology for validating GxP software because it has proven to be an efficient and effective way to achieve validated computer systems that reliably and consistently meet their intended functions or uses. Let’s explore GAMP-5 a bit more to find out why this approach has been widely adopted in spite of it not having the weight of being a “regulatory” requirement. 1. It successfully translates regulatory requirements into a process that works and is practical while being easy to defend during regulatory inspections and audits. Life Sciences companies have always struggled with translating regulatory requirements into real world processes that meet both the letter of the law and the intent behind it. GAMP-5 manages to hit all the regulatory requirements while offering practices that can be implemented in the real world. Other contenders like the Agile methodology have some good features but are inherently fraught with missing key regulatory outputs that make it extremely challenging to defend without significant modifications to the process and required deliverables 2. It acknowledges that software systems pose different levels of risk that require varying degrees of validation. GAMP-5 accounts for those differences in a way that provides industry with a “best bang for the buck” proposition or, as regulators like to say, a “least burdensome approach.” GAMP-5 is appealing because it provides for a practical yet diligent approach rather than mandating the same requirements for every software system. 3. It associates software development stages with testing stages to ensure the appropriate specifications for risk category are adequately tested. The V-model, also known as the Verification and Validation model, identifies appropriate levels of testing for various design elements required. The design elements that are required for any give validation effort are based on the risk category assigned to the software as defined in GAMP-5. Thus, the model produces the right amount of evidence to support the validation based on risk without having to produce 100% of the documentation for lower risk categories. Now that you know what a risk-based approach to software validation is and some of the reasons it works so well for our industry, we will dive deeper into the risk categories and outputs of software validation in next week’s blog post.
Thoughts? Please comment below …
Cheers! Melita Ball CEO and Principal Consultant
Copyright © 2019R MBC & Affiliates, Inc|, All rights reserved.
Our mailing address is:
9910 N Camino Del Plata
Tucson, AZ 85742 (520) 665-9081