主题：【转帖】Validating Pharmaceutical Systems

Guy Wingate, Ph.D.
Validation has a key role to play in providing a high degree of assurance that computer systems supporting drug manufacture are fit for purpose. [1, 2] Those involved in computer validation tend to fall into one of two camps. One group believes in the inherent value of validation as a cost-effective means of quality assurance. The other group sees validation as an ineffective bureaucratic process whose only value is demonstrating regulatory compliance.
These two mind-sets can have a big impact on the practical implementation of computer validation. Those with a more positive attitude tend to be more pragmatic,looking at validation as flexible tool that can be tailored to address the individual needs of different computer systems. This group accepts and is willing to make judgment calls on how much validation is enough in different situations. Those with a more negative attitude tend to think of validation like an insurance policy against regulatory censure. They want validation to be an entirely standard process that can be applied without any ambiguity. This group often does not understand and does not want to understand validation; rather, it takes a “just tell me what to do and I’ll do it” stance.
There are numerous horror stories of regulatory censure for lack of or insufficient validation. Consent decrees can cost pharmaceutical companies many hundreds millions dollars. Although computer validation has not yet triggered a consent decree, it has been a contributory factor. [3] And, of course, there are also horror stories concerning the cost of validation when implemented inappropriately. Not too surprisingly, the two are often connected as a drive to validate too quickly to remediate an adverse regulatory finding. Equally, short-cutting validation to reduce cost is likely to lead to an adverse regulatory finding. Such deficiencies may not be immediately found during initial regulatory inspections because of limited time to review systems. Indeed, it is not always the original validation that can cause problems; poor maintenance of the validated state currently accounts for about one third of adverse regulatory computer validation findings. [3] A sense of balance on how much validation is enough must prevail. While it is undeniable that potentially regulatory authorities have extensive powers to financially penalize companies that have critical validation failings, these powers are only executed in extreme circumstances. The expectations of regulatory authorities are founded on common sense and experience. Pharmaceutical companies need to recognize this. Regulatory censure tends to only occur when pharmaceutical companies are seen to take an unreasonable approach to published regulatory requirements.
Validation practices are becoming more effective and efficient as the discipline of computer validation matures. Validation costs exceeding 40% or more of project costs should be a distant memory. A survey of published best practices suggests that validation should now account for 10% or less of project budgets. [3] A key development in this maturing process is a much better understanding of the criticality and impact of data and systems supporting business processes and the application of risk management to focus validation activities.
The U.S. FDA has been particularly prominent in promoting a risk-based approach [4] although other regulatory authorities have allowed this approach for many years. [5] The ISPE GAMP Forum has published specific guidance on risk management within the context of computer validation [6] and is shortly to publish new guidance on applying a risk-based approach to electronic records and signatures. [7] The International Conference for Harmonisation (ICH) is further embedding a common approach to risk management between U.S., European, and Japanese regulatory authorities within the ICH Q9 initiative.
This book imparts some of the latest thinking on computer validation. GCP, GLP,and GMP regulatory requirements are explained with guidance from seasoned practitioners on how to fulfill them. GAMP guidance plays a central role. This book will be an key resource to IT staff, QA professionals, validation staff, control system engineers, suppliers, and consultants wanting to improve their validation capability. Invaluable suggestions are made throughout dealing with life cycle management, electronic records and signatures, risk management, and regulatory inspections. But, of course, it is not just about doing the right thing, but doing the right thing well, and several chapters deal with specific system examples.