Validating Cloud & Digital GxP Systems Using a CSV/CSA Approach: Clear Validation Ownership and Inspection-Ready Decisions for Cloud Systems

Computer System Validation (CSV) has been regulated by FDA for more than 30 years, as it relates to systems used in the manufacturing, testing and distribution of a product in the pharmaceutical, biotechnology, medical device or other FDA-regulated industries. The FDA requirements ensure thorough planning, implementation, integration, testing and management of computer systems used to collect, analyze and/or report data.

Electronic records and electronic signatures (ER/ES) came into play through guidelines established by FDA in 1997, and disseminated through 21 CFR Part 11.  This code describes the basic requirements for validating and documenting ER/ES capability in systems used in an FDA-regulated environment.

In the early 2000s, FDA recognized placed the onus on industry to begin assessing all regulated computer systems based on risk.  The level of potential risk, should the system fail to operate properly, needs to be the basis for each company’s approach to developing a validation approach and rationale as part of the planning process.  System size, complexity, business criticality, GAMP®5 category and risk rating are the five key components for determining the scope and robustness of testing required to ensure data integrity and product safety. We’ll walk through the System Development Life Cycle (SDLC) approach and the System Decision Qualification tool to demonstrate how to make this determination.

Why Should You Attend:

FDA’s recent focus on data integrity during computer system validation inspections and audits has brought this issue to the forefront of importance for compliance of systems used in regulated industries.

We will explore the best practices and strategic approach for evaluating computer systems based on both single- and multi-tenant cloud services, and Software-as-a-Service (SaaS) solutions that are used to support the conduct of FDA-regulated activities. A different approach is required for auditing and performing Installation Qualification (IQ) and vendor audit for systems supported by these vendors. We will discuss both the CSV and CSA approaches, including the benefits of streamlined and efficient validation testing that characterizes the latter.

Based on the discussions, we will provide guidance for how to perform a vendor audit, particularly focused on solutions that are not on-premise. There are unique aspects of this type of vendor audit that will be covered, including how to qualify a vendor of cloud-based solutions.

We will discuss ways to leverage documentation from different types of vendors to reduce costs and time to perform validation. We will cover the key areas to be researched on a vendor’s website to ensure compliance with regulations is clearly understood and documented. Best practices for how to negotiate a vendor contract and Service Level Agreement (SLA) will also be discussed. These are usually reviewed by Purchasing and Legal, but also need to be reviewed by the client’s technical, functional SME(s), and quality personnel to ensure there are no gaps.

We will discuss how to leverage automated testing for validation to ensure a system is maintained in a validated state through frequent changes. 

We will provide an overview of best practices to prepare for an FDA inspection.

Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment, that can be leveraged to assist in all your GxP work.

Areas Covered in the Session :

• Identifying GxP-relevant cloud and SaaS systems using the System Qualification Decision Tool and other factors
• Applying CSV/CSA principles to cloud and modern system architectures
• Understanding shared-responsibility models and validation ownership
• Knowing about supplier documentation and what regulated companies are expected to verify
• Applying SDLC and GAMP®5 (Second Edition) considerations for cloud adoption
• Meeting data integrity, data privacy, and Part 11 obligations in multi-tenant environments
• Ensuring the cloud service provider has obtained System and Organization Controls 2 (SOC 2) certification
• Maintaining validation assurance for automated and frequently changing systems
• Presenting cloud validation approaches during FDA inspections

Who Should Attend:

This webinar is intended for those involved in planning, execution and support of computer system validation activities, working in the FDA-regulated industries, including pharmaceutical, medical device, biologics, tobacco and tobacco-related products (e-liquids, e-cigarettes, pouch tobacco, cigars, etc.). Functions that are applicable include research and development, manufacturing, Quality Control, distribution, clinical testing and management, sample labeling, adverse events management and post-marketing surveillance.

Examples of who will benefit from this webinar include:

• Information Technology Analysts
• Information Technology Developers and Testers
• QC/QA Managers and Analysts
• Analytical Chemists
• Compliance and Audit Managers
• Laboratory Managers
• Automation Analysts
• Manufacturing Specialists and Managers
• Supply Chain Specialists and Managers
• Regulatory Affairs Specialists
• Regulatory Submissions Specialists
• Clinical Data Analysts
• Clinical Data Managers
• Clinical Trial Sponsors
• Computer System Validation Specialists
• GMP Training Specialists
• Business Stakeholders/Subject Matter Experts
• Business System/Application Testers

This webinar will also benefit any vendors and consultants working in the life sciences industry who are involved in computer system implementation, validation and compliance.

Course Director: CAROLYN TROIANO

Carolyn Troiano has more than 45 years of experience in computer system validation in the pharmaceutical, medical device, biotechnology, tobacco, and other FDA-regulated industries.  She is currently an independent consultant, advising companies on FDA compliance, Computer System Validation (CSV), and large-scale IT system implementation projects. Carolyn participated in the FDA/Industry Partnership to develop 21 CFR Part 11, the FDA’s Guidance for Electronic Records and Electronic Signatures. During her career she has provided training, including CSV, 21 CFR Part 11, Data Integrity, and many other related compliance topics of interest to the life science industries.