Regular review

Hello, I have a question:
In many computerised system validation regulation or guidance mention that: The computerised system should be regular review. Now, 2 questions:

  1. How long to review the system is appropriate?
  2. How to review?


Frequency of review should be proportionate to the scale of risk associated with the system. We tend to use 3 years for pure software systems as a standard but this can be more frequent if there is a major change or a lot of small changes to the software.
For systems which are a combination of software and equipment the frequency of review should be determined by the weakest point in the chain. e.g. if you have a software controlled system which experiences mechanical drift due to a component becoming worn then your review periodicity should be based upon data gathered during PQ.

How to perform the review depends very much upon the specifics of the system and what the critical functions are. It can range from being as simple as assessing all changes made over the period to ensure that numerous small changes, which may seem harmless in isolation, haven’t created a larger problem (cumulative effect), and certifying that the system is still fit-for-purpose, to a full scale revalidation effort each and every time.