Top computer systems validation mistakes to avoid: Sion Wyn interview

What are some of the top mistakes quality professionals make when validating computerised systems?

We interviewed Sion Wyn who assisted the FDA as a consultant with its re-examination of 21 CFR Part 11,  is a key member of the International Society for Pharmaceutical Engineering (ISPE), and has extensive experience providing computerised system validation consultancy services for the drug, device and clinical sector. 

Access the video interview by filling in the form below or continue reading for the transcript. 

How is GxP and pharmaceutical regulation changing?

It’s an interesting period at the moment because regulators and the industry are realising that there has been historically too much of a focus on compliance. Although compliance is very important and essential – the real focus should be on quality. Safeguarding quality for the product and the patient. It’s about getting a balance between quality and compliance.

A top person at the FDA said they would be much happier if the industry thought less about keeping them happy and more on patient safety.

What are some common computer systems validation traps to avoid? 

One of the most common traps is to focus on compliance and not on quality or risks. 

Another trap is the tendency not to involve the right parties in the decision making process.

You must have full commitment three parties:

1. Process owner / subject matter experts
2. Technical roles and engineering
3. Quality assurance / regulatory affairs

If one or two of these stakeholder groups aren't there when you are scoping the validation strategy, your validation will be less effective.  

Another trap is a misunderstanding of what a risk-based approach actually means. In the worst case scenarios it's interpreted as  “I know I’m doing something stupid here, but I’ll do it anyway." People think risk-based thinking is justification for doing something you know you probably shouldn’t be. The real objective of risk management is to identify the risks and assess them so that you can manage them. Risk management is more about what to do than how much to do.  

Are paper-based processes still an issue? 

Paper is still a widespread issue. Even though most people accept technology improves efficiency, costs and quality, the perceived burden of validation compliance stops many organisations from adopting these technologies.

The FDA has stated that computer systems validation is a hurdle and barrier to innovation and they are trying to do something about that.

The FDA centre of devices are working on new guidance for computer systems assurance which is due to be published soon. This will ensure there is more of a focus on the real impact on the quality of patients rather than producing documentation for documentation sake.

How is quality management changing?

When we think of quality-related activities, there is a shift happening.

It’s moving from quality control processes such as checking performance, to strategic quality assurance activities where the emphasis is more on mentoring and helping technical business processes to improve.

I think there needs to be a move in the future from quality assurance to quality improvement.

We’ve heard a lot over the years about quality improvement but businesses are still spending so much time on quality control activities. This means there isn't enough resources or energy to put time into quality improvement – where 80% of effort should be.

Quality improvement requires an understanding of expectations and applying critical thinking quite rigorously to see whether current practices and processes deliver expectations. What do we need to adapt and adopt? And very often quality improvement is about removing unnecessary activities that are using time energy and resources. It's all about ensuring allocation of resources is spent on new and innovative approaches that are more firmly focused on quality management.  

How should businesses be implementing and validating their quality management software systems?

The key is to figure out how well you understand the regulated processes the system needs to support. I’d be looking for process definitions and data flows.

It's important to remember that validation doesn’t just begin at a URS stage. It starts at a higher level and requires understanding the process and critical steps in the data flow.

I also seek to understand what the business has done so far in terms of risk management. Do they have a good understanding of what the risks are and a risk assessment?

Sometimes they miss the point of what the real day-to-day potential impact might be. It’s about applying some of the key GAMP 5 concepts:

1. Product and process understanding
2. Extent they really apply science based quality risk management
3. Policies and procedures in their framework for a pragmatic risk based validation strategy No validation strategy is right for everyone. It depends hugely on the intended use. The validation strategy is subtly different for everyone. And the framework for the validation is different. Do procedures and policies support risk based thinking?

Thanks for reading! We hope you enjoyed this article. Please do leave us a comment below. 

For more interviews with industry experts and quality practitioners who are sharing their stories with us, subscribe to the Qualsys newsletter: quality.eqms.co.uk/receive-the-free-grc-newsletter. 

About Qualsys's approach to computer systems validation: Iterations of EQMS have been validated as compliant against global regulations and standards. Qualsys provides a thorough validation service following the GAMP 5 category 4 approach developed.  This approach is inline with European EMA and US FDA Regulations. Fully managed, flexible validation support package from start to finish Full documentation template suite for all systems validation requirements Support throughout the process and afterwards with a dedicated validation team Read our validation service procedure brochure