After having introduced the term Computerized System Validation (CSV) and its importance to the Life Sciences Industry in an earlier post (Ref. 1), we examine here CSV even closer. As we saw in the earlier post, CSV is a process which intends to provide a high degree of confidence that a computerized system does exactly what it is intended to do. For the reader who is further interested in learning more about CSV, this post aims to answer the following questions:
- How is CSV organized?
- How does the CSV process work?
- How can we ensure that CSV is successful?
How is CSV organized?
The CSV lifecycle
The CSV process contains four distinct phases according to GAMP5, arranged in what is referred to as the CSV lifecycle (Fig.1):
- Concept phase: An initial validation or a revalidation of a computerized system is conceived. Management commitment on project justification and resources is achieved.
- Project or Validation phase: In this phase the initial planning is performed, requirements are collected and specifications are set. A series of verification activities follow, which aim to ‘validate’ or ‘verify’ that the computerized system does what it is intended to do. The final step of this phase is the reporting and release of the system into the ‘live’, or Production environment. Further details on this second phase are provided below.
- Operation phase: The now-validated system can be used to collect and store data. A computerized system is intended to spend most of its “life” during this phase.
- Retirement phase: The computerized system is being retired from operation in a compliant manner. A retired system cannot be used to collect data nor should it be accessed for routine use.
Throughout the CSV lifecycle certain processes are in place that apply equally to all four phases. A risk-based approach is employed to determine a number of decisions based on feasibility, risk scenarios, failure modes and problem resolution. A common risk analysis tool recommended by the GAMP5 and used in CSV takes into account the severity, occurrence and detectability of a particular risk factor, which can be a change, an (expected or unforeseen) event or a hazard.
The next process throughout the CSV lifecycle is a set of supporting procedures. These include standard operating procedures, generally referred to as SOPs, work instructions, handbooks, or manuals that ensure consistent practices are followed.
Last but not least, are the governance policies, which dictate the overall approach of management, its commitment, priorities and the direction of the life sciences organization in regards to CSV.
How does the CSV process work?
The V-model explained and translated into CSV terminology
In general the CSV process works based on the V-model (Ref.1). The V-model is a guide that every CSV practitioner applies in order to validate a computerized system. It can be used in the Project (Validation), Operation or Retirement phases of the CSV lifecycle, at the appropriate detail. For simplicity purposes, the V-model is described and further explained in this post as it applies during the Project phase of the CSV lifecycle (see Fig.2). The Project phase of the CSV lifecycle contains 4 distinct steps according to GAMP5 guidelines:
- The Planning step uses as inputs the outputs from the Concept Phase of the CSV lifecycle and generally dictates the path to be followed for the validation of the computerized system.
- The Specifications step, sets the parameters of the system’s functionality and performance.
- The Verification step tests/verifies these parameters.
- The Reporting & Release step summarizes the entire validation effort.
Now let’s take a look at the terminology a CSV practitioner uses when validating a computerized system (see Fig.2) juxtaposed onto the V-model.
Fig.2. Validation documents used in the 4 steps of the Project phase of the CSV lifecycle.
In each step, a set of distinct validation documents are generated, which are crucial to successfully complete the four steps. Below and in Figure 2, are examples of relevant validation documents that can be used in a CSV project. The validation effort will depend on a case by case basis.
- Planning: overall validation plan (describes activities, responsibilities, procedures), risk assessments, user requirements, Good [x: manufacturing, distribution, laboratory] Practices.
- Specifications: system, business (user), vendor specifications.
- Verification: test scripts generation, execution of test scripts, identification of defects, test results.
- Reporting & Release: traceability matrix (ties the requirements, specifications, results, and deviations together), validation report.
The output of these four steps is the decision on whether the system is fit for use in the ‘live’/ Production environment and thus to enter the Operation phase. It is a good CSV practice to bridge the Project and the Operation phases of the CSV lifecycle with a Handover Report, formally handing over the validated computerized system and all associated documentation to its users, administrators and managers.
It is important to note that the regulations on computerized systems do not always explicitly state what must be done to ensure a system’s compliance to the guidelines. In addition to implementing the steps mentioned in the V-model above, the CSV practitioners must also consider a risk-based approach and various assessments on a case-by-case basis. Solid experience in the field, a good understanding of the regulations and the organization’s business needs, along with the drive to ensure compliance with less cost, are must-have skills for anyone performing CSV.
How can we ensure that CSV is successful?
Processes are in control
Once the computerized system has been validated and has entered the Operation phase of its lifecycle, it must operate with consistency, traceability, and in compliance with industry regulations & in-house procedures. Successful CSV demonstrates this and provides confidence that the system is operating under control. Consequently, the life sciences organization increases its chances of successfully passing an audit or a regulatory inspection. Figure 3 lists several ways to preserve the validated state of a computerized system.
In this second article of the CSV-series posts, we attempted to shed more light into how the CSV process works, how it relates to the V-model and ways to preserve the compliant operation of a computerized system. The information presented here summarizes and follows existing GAMP5 guidelines and is considered standard practice for CSV projects. The relationship between CSV and other areas, such as quality risk management (i.e. risk-based approach), supplier activities and assessments, IT infrastructure qualification, as well as CSV’s interplay with industry regulations, will be topics of future posts in the CTP life sciences blog space.
Keep reading the CSV blog series with Part 3: The risk-based approach in CSV
- Have you heard of CSV? Do you want to learn more about it? (/2015/03/09/have-you-heard-of-csv-do-you-want-to-learn-more-about-it/). 09 March 2015.
- GAMP5: A Risk-based approach to Compliant GxP Computerized Systems. ISPE 2008.
Latest posts by Ilias Christodoulopoulos (see all)
- ‘Have you heard of CSV?’ part 6. CSV and the Cloud. - December 21, 2015
- ‘Have you heard of CSV?’ part 5. Audits in CSV. - November 9, 2015
- ‘Have you heard of CSV?’ part 4. Suppliers of Computerized Systems in CSV. - August 6, 2015