This article also appears on MasterControl’s GxP Lifeline.
Computer system validation (CSV) can be a painful topic. That’s understandable, considering how much work goes into traditional CSV. Months of time are dedicated to the process, which produces piles of documentation. For companies working in industries regulated by the U.S. Food and Drug Administration (FDA), the agency’s intentionally vague regulations have led to overwork. Those regulations were meant to give life sciences companies flexibility, but they’ve led to rigidity. We chatted with Sequence Senior Consultant Peter McGrath about why this happens, the struggles of traditional validation, and how they can be solved with a risk-based approach.
Q: What are some of the most common struggles with validation that you’ve seen?
A big problem is just that companies put it off. They don’t think about it from the beginning, so they implement a new software solution and randomly ask someone in the organization to validate it. That’s especially true of smaller companies. Everyone wears so many hats that there isn’t usually a specific person for validation. A lot of the time I’ve seen people doing CSV that have no experience with validation. That lack of experience means they validate everything that can be tested. It’s very much a brute force approach.
That has started changing in the past couple of years. The FDA is shifting its focus from traditional CSV to computer software assurance (CSA). That’s much more focused on using a risk-based approach. The idea is to shift the emphasis from documentation to critical thinking. That disconnect is a big problem now. Companies produce documentation for its own sake, but that doesn’t help anyone. Paperwork isn’t a benefit — a safe and effective product is a benefit.
Q: What are some tools or methods you’ve seen companies use or that you’ve suggested to help them reduce their validation burden?
When I work with clients, I always suggest they use a risk-based approach. There’s no point in extensively testing a feature that has little or no impact on product quality or consumer safety. Risk matrices can be helpful for determining that. There are also a number of commercially available tools. Those can work well, but software is so intricate and interconnected to a company’s processes that making that tool fit the software can be difficult. That’s why I was so impressed when I first heard about the MasterControl Validation Excellence Tool (VxT)™.
Q: What was your first impression of VxT?
My first thought was, “Why haven’t I heard about this before?” It saves so much time for users. Basically, it automates all the prep work you would need to do for risk-based validation. The MasterControl product has a lot of interconnected pieces, so validating it without VxT would be a significant undertaking. But VxT really does take the stress out of the process. A lot of the work (including use-case testing) is done beforehand, so a company just has to decide if they need to do further testing based on their usage. The VxT tool analyses the client’s input and makes recommendations accordingly. I was very impressed with the product. The whole idea of shortening validation time so dramatically is mind-blowing to companies in the life sciences.
Q: What advice would you give to companies looking to improve their validation processes?
First of all, put more thought into it up front. Make it part of the process from the beginning. This goes along with the much broader topic of creating a culture of quality at your organization. If you do that, you don’t have any last-minute rushing to create paperwork just in case the regulators come. Really, you shouldn’t be doing anything solely to appease regulators. It should be because you want to improve quality. A well-thought-out validation approach will help with that. The FDA is endorsing CSA because they want companies to put more thought into validation so they can get more value out of it. The FDA doesn’t enjoy reviewing all that documentation any more than you enjoy creating it.
Look at what you do to validate now and ask yourself why you do it that way. Then take a close look at the regulations. There’s a difference between industry best practices and what regulations dictate you need to do. In most cases you’ll find that focusing on risk lightens the validation load considerably and helps you use your resources on things that matter most — product safety and quality.
Peter McGrath has 36 years of experience working in the medical device and pharmaceutical industries. He has worked as a Chemist, LIMS Administrator, Senior DBA, and Data Migration Master within multi-platform, heavily-regulated environments and has broad experience with validation and quality systems. As a Senior Consultant for Sequence Inc. he helps clients address their validation and MasterControl configuration needs. Sequence is a MasterControl Services Partner that provides a full range of engineering, process, and quality services to regulated industries. When Peter isn’t helping clients achieve their quality goals, he enjoys kayaking and steampunk.