computer system validation

nileshhingane · April 22, 2009, 10:57am

I need clarification on below mentioned points.

In case of old laboratory instruments like HPLC, GPLC, AAS, UV- Spectrophotometer, Gas Chromatography etc; which we have in our facility do not have feature to comply as per the requirement mentioned in Part11; due to system software constraint. These system are used for testing of sample, IPQC etc. (i.e. GLP & GMP)

To counter above things, we are planning to put following control & do the validation of these systems subsequently.

  1)[b]Application software do not have password length, complexity & password auto-expiry feature:- [/b]

Control :- SOP on Password policy will be prepared; which will guide user about password length, complexity & auto-expiry feature. So User will take care while changing/assigning their password of application software
2)Application software do not have audit trail feature:-
Control:- Ms-window’s audit policy will be activated to capture login, logout, and deletion of record events. This will not able to capture all events but it will able to satisfy partial requirement of audit trail. For rest all things, we can put the control through procedure.
3) Application software do not have data integrity feature:-
Control:- Folder level security will be assigned to database folder to avoid tampering of Final data. Audit trail will be activated to capture the event.
4) Application software do not have security feature:-
Control:- Windows 2 level security will be configured as administrator & supervisor. Appropriate instruction pertaining to operation of application software will be mentioned in the operation SOP.
5) User account is not getting locked out after unsuccessful attempt.
Control:- Audit trail review is done periodically to track & control above event.

Request you to give your comment, against suggested possible solution (which I can think about?). If you can know better control than this, pl. do let tell us to comply as per the regulatory requirement.
In addition to this, I want clarification on closed system, open system & hybrid system.

Awaiting for your valuable feedback.

Nilesh

gokeeffe · April 22, 2009, 12:53pm

[quote=nileshhingane]I need clarification on below mentioned points.

In case of old laboratory instruments like HPLC, GPLC, AAS, UV- Spectrophotometer, Gas Chromatography etc; which we have in our facility do not have feature to comply as per the requirement mentioned in Part11; due to system software constraint. These system are used for testing of sample, IPQC etc. (i.e. GLP & GMP)

To counter above things, we are planning to put following control & do the validation of these systems subsequently.[/quote]

Retrospective validation always fun!!

Will this SOP detail that the user must change the password themselves after a certain time period?

That seems ok I think, the fact that deleted data is recorded on the system is a bonus. Just be clear in the SOP how you are going to handle CREATE-MODIFY-DELETE

Seems ok as good as you can with a procedural control. One point not a good idea to have the ability to activate the audit trail - it wshould be on at all times once the system is in use.

Not 100% sure about this section

Please explain - so you can log in with am incorrect username and password combination?

[quote=nileshhingane]
Request you to give your comment, against suggested possible solution (which I can think about?). If you can know better control than this, pl. do let tell us to comply as per the regulatory requirement.
In addition to this, I want clarification on closed system, open system & hybrid system.

Awaiting for your valuable feedback.

Nilesh[/quote]

http://www.askaboutvalidation.com/forum/showthread.php?t=1015

greenbelt01 · April 23, 2009, 8:16am

Friends,
All computer systems and software impacting on product quality must be identified, and the risks in their use evaluated. From large-scale process control through to simple embedded code in a regulated device, pharmaceutical and medical device manufacturers are required to validate GxP-critical systems.

Thanks,

http://www.greenbelt6sigma.com

Green Belt Six Sigma Training

yodon · April 23, 2009, 3:44pm

Not to disagree with anything that’s been written, but how do you know the measures you take will be sufficient and effective?

Have you done a risk analysis to determine the potential issues? I think you’ll need that to support your assertions that these proposed solutions are sufficient.

nileshhingane · April 24, 2009, 6:00am

Thanks for giving solution to quries…
Could pl. give me clarification on the following points.

Closed system,
Open system
Hybrid system.

Thanks
Nilesh

gokeeffe · April 24, 2009, 6:57am

See the link at the end of my post.

alexkennedy · May 19, 2009, 1:32pm

Good day all

What you propose is simply not acceptable to the regulators.

The very basic concept of Part 11 is to store the original record in a manner that precludes over-writing or unauthorised editing, while maintaining the record of the identity of the operator and supervisor and or QA.

You propose to ignore these and many other part 11 requirements.

In other words you are ignoring part 11.

Why not print out the data as hardcopy and sign, approve and store data as hard copy.

Regards
Alex Kennedy