In any industry under strict regulatory control, GxP (‘good practice’) systems need to be formally validated as being robust and reliable in their ability to fulfill their intended purpose. This necessitates a process of computer system validation (CSV) - or assurance (CSA), which is coming to be understood as a lighter-weight, streamlined option, whatever the conflicting views on this.
Yet, all too often, such processes are perceived chiefly as a tick-box compliance exercise; a necessary evil, and a project cost center. In the Life Sciences industry, where regulations are extensive, variable across regions (despite attempts at harmonization), and continuously evolving and changing, the burden to maintain validation and compliance can seem overwhelming and never-ending.
But this focus on burden and cost is to ignore or undervalue the discipline that formal system validation brings to a digital process transformation initiative – assuming it is brought to bear sufficiently early in a project’s lifecycle. Indeed, it is companies’ best means of ensuring that projects deliver as intended; that systems have the promised impact, and that all data input, and output, can be fully trusted.
Today, most organizations’ strategic ambitions include more dynamic and seamless data sharing, and repurposing of that data across functional boundaries (enabled by IDMP standards, for instance). They also include increasingly advanced use of AI. As these aims increase in scope and complexity, it follows that ensuring everything works as it should will be an important and proactive enabler and determinant of a new project’s operational success.
This is because the validation process can be correlated with other departments besides IT, e.g. Quality Assurance (QA). This forces people to think ahead and to define what they want, ensuring that everyone is on the same page, working within agreed parameters, to achieve success and ideally mutually beneficial outcomes. That includes systems being able to interconnect seamlessly and reliably share data, accelerate processes, improve quality, and remove risk.
That risk could be related to projects not delivering and having to be reworked, at great cost and delay. Ultimately, it could mean patients failing to gain prompt access to safe medicines or medical devices of impeccable quality. No Life Sciences company can afford to take chances on either count.
Rebalancing Risk - At What Cost?
It is a dangerous fallacy to imagine that cutting back on validation, or system assurance, means being able to expedite or reduce the cost of project delivery, which has become something of a preoccupation in the validation versus ‘assurance’ debate.
If ambitious new systems go wrong (which can be the case in up to 85 percent of projects that have not followed validation standards), or if they take in or put out bad data (detected and reported as the result of a Health Authority inspection), the reputational risk could be painful and lasting. There may also be company or personal liability implications, depending on the market. (Not to mention the unthinkable implications of a faulty product reaching – and potentially harming – a patient.) And it will almost certainly mean time-consuming re-engineering to put problems right - which always costs more after the fact.
Prioritizing Validation
To maximize the positive impact of system validation or assurance, project managers and responsible business teams need to first think and then act differently in their approach. Below are some pointers.
Make sure validation requirements come first, not last.
First, there needs to be a recognition that validation is not a standalone undertaking that takes place after the main project. Optimizing the beneficial impact of CSV or CSA starts with early action, ideally when organizations start thinking about a project or the introduction/ change of a system. Certainly, it should be an integral part of a technology or data project, not an afterthought.
By determining, from the outset, the factors that will ensure later validation, teams are more likely to stay focused on those priorities, ensuring that they are delivered (for instance, that systems are optimally integrated and data is properly prepared and checked). Validation requirements should be fully factored into, and budgeted for, as part of the main project. Nothing else should happen until validation requirements have been set down and agreed upon.
Seek input from all stakeholders.
Validation requirements should be directed by someone with a high-level overview and holistic interest in the new project’s success. The aim should be proactive anticipation of likely issues, with input from subject matter experts within all affected departments.
Too often, though, issues don’t arise until after an audit inspection - at which point costly retrospective action will be needed, at a time when resources and budget may not be available. EMA and FDA findings are made public too, so there could be reputational damage if systems are found not to comply with regulatory expectations. Quality management systems (QMSs) have been the focus of recent waves of inspections, increasing the urgency around validation and its completeness and currency.
Act with purpose (the how matters less than project teams might think)
The CSV versus CSA debate is a distraction. While Good Automated Manufacturing Practice 5 (GAMP 5) sets computer system compliance and validation guidelines for GxP automated systems in Life Sciences, the US FDA’s CSA guidance focuses on containing risk rather than compliance with rigid rules, placing more emphasis on assurance that systems can be safely depended on for their intended use. This is considered a less burdensome approach.
As liberating as the CSA approach might seem, however, the ideas it sets out are nothing new. The debate is really around minimizing over-engineering and the potential for inefficiency in favor of defendable compliance, which feels more ‘agile’ in today’s dynamic environment where technology is advancing and evolving all the time. Certainly, unquestioned rigidity benefits no one, and even validation approaches need to move with the times. It can be more helpful to think of any guidelines as ‘recommended best practice’, focus on the essence of the provisions, and be pragmatic and flexible where necessary.
Early collaboration between validation and IT teams can help with this, to pre-empt any issues and determine the associated level of risk and appropriate provisions.
Consider the total cost of ownership of any new system, not just the initial project delivery
If immediate project costings (and timelines) have served as a barrier to a more strategic, early approach to system validation, this may be because the immediate cost of project delivery has been the focus, rather than the total cost of system ownership. The latter allows for a successful operational system that does what it promised - once live and over time.
According to the GAMP community, if companies approach validation pre-emptively and with the right intent it should account for 10 percent of the overall project budget. If it is neglected, under-resourced, or left too late, on the other hand, it is likely to cost considerably more.
That’s even before the impact on any indirect co-dependencies, or the cost of missed benefits (beyond Authority compliance).
Ultimately, companies that commit themselves to doing validation well will be taking better care of patients, through more efficient delivery of better drugs or medical devices.
Combine vendor selection, operations, and project management to maximize the outcome.me
Selecting the right supplier, as well as defining the validation criteria up front, will further boost the likely success of a project’s delivery - by moving everything up a level, and ensuring that nothing has been overlooked in the scoping and specification of the new system.
For many companies, it is mandatory compliance with IDMP standards that are driving technology investment. Yet the associated process transformations will only be delivered if new systems and data processes have been optimized and validated - to take advantage of the intended standardization and deliver the desired results consistently.
Even (and arguably especially) AI tools need agreed-upon parameters to work within, e.g. in their use of data, so that they can be harnessed reliably and optimally. The bigger the company and the more globally dispersed its operations, the greater the need for an agreed structure around how systems work and how data is defined and structured, to prevent undesirable variances depending on who is using the technology.
In summary, it is never too early to build validation considerations into technology projects, or system upgrades. The discipline this forces from day one can help to structure ideas and ensure their successful delivery. Successful validation can be thought of as high-level, pre-emptive problem-solving, by a team that sits above all of the affected processes and can spot all the interconnections and dependencies linked to the new system, with an unbiased, unemotional, and holistic overview.
Author Details
Jens Marburg- Principal, Consultant, MAIN5
Jens Marburg is a principal consultant at MAIN5, a European Life Sciences digital transformation consultancy, specializing in modern technology solutions consulting and process transformation across Regulatory Affairs, Quality, Safety, Clinical, and other critical areas along the R&D value chain.
Jens.marburg@main5.de, www.main5.de
Publication Details
This article appeared in American Pharmaceutical Review: Vol. 27, No. 5July/Aug 2024Pages: 62-65
Subscribe to our e-newsletters.
Stay up to date with the latest news, articles, and events. Plus, get special
offers from American Pharmaceutical Review delivered to your inbox!
Sign up now!