What is Computerized System Validation (CSV)?Business Introduction

Computerized System Validation (CSV) refers to the process of verifying and assuring that computerized systems used in pharmaceutical manufacturing operate correctly as intended and consistently produce the expected results.

Quality assurance is an essential requirement in the pharmaceutical manufacturing field because the products directly impact people’s lives and health. Even minor quality issues can lead to serious health risks for patients. Therefore, the term validation has been used in the pharmaceutical industry. For example, assessment of temperature control and mixing time during the formulation process constitutes an essential part of this validation.

Today, computerized systems are integrated into all aspects of manufacturing, production control, and quality control. Issues such as system design flaws, misconfiguration, and programming errors can have a serious impact on the quality and safety of pharmaceutical products. The concept of Computerized System Validation (CSV) was introduced to mitigate these risks in advance. In other words, while traditional validation focuses on verifying manually performed processes, CSV focuses on validating processes that are automatically executed by computerized systems. Despite the difference in focus, the objective is the same: to ensure consistent quality.

Related Laws and Guidelines

In the pharmaceutical industry, products are manufactured under especially strict regulations. This is because pharmaceuticals directly affect human health and lives, and even the slightest flaw in the manufacturing process is unacceptable. Therefore, countries around the world enforce strict controls not only on operational processes but also on the computerized systems that support them in order to ensure the quality and safety of pharmaceutical products.

The following are representative regulations and guidelines.

• Ministry of Health, Labour and Welfare: “Computerized System Validation Guideline” (Japan)
• FDA: “21 CFR Part 11” (United States)
• EU-GMP Annex 11 (European Union)
• ISPE GAMP (Good Automated Manufacturing Practice)
  The latest version is GAMP 5, which serves as a widely recognized global guideline.

Since these regulations and guidelines also have an impact on the import and export of products, domestic compliance alone is not sufficient. To distribute products globally, it is essential to implement CSV in accordance with the regulatory requirements of each country.

Examples of Applicable Systems

The computerized system subject to CSV refers not only to software and hardware alone, but to the entire series of processes in which they are used to conduct business operations. In other words, verification also covers connection to business operations, including how users interact with the system and what kinds of deliverables are produced.
Representative systems subject to CSV in pharmaceutical industry settings include:

• Production Management System (MES: Manufacturing Execution System)
  A system that manages production performance, records manufacturing data, and provides automated instructions.
• Data Acquisition Systems for Quality Control and Testing Equipment (e.g., LIMS: Laboratory Information Management System)
  Systems that automatically record and manage test data.
• Warehouse and Logistics Management System (WMS: Warehouse Management System)
  A system for managing inventory records of raw materials and products, along with lot tracking.
• Clinical Trials and Product Development Phase Data Management System
  Electronic data management systems that support compliance with GCP (Good Clinical Practice) and GLP (Good Laboratory Practice).

Lifecycle Management in Compliance with GAMP 5

GAMP5 divides the lifecycle of a computer system into the following four phases and provides guidelines for validation in each phase. The phases and their main activities are as follows:

1. Concept Phase
   
   • Initial preparatory stage of validation activities.
2. Project Phase
   • The core phase of validation activities requiring close collaboration with system vendors.
   • Documenting User Requirement Specifications (URS), Functional Specifications (FS), Design Specifications (DS), and developing verification plans based on each specification.
   • Performing assessments on system installation, functionality, and practical application.
     1. Installation Qualification (IQ)
        Confirmation that system is installed and configured correctly.
     2. Operational Qualification (OQ)
        Confirmation that key functions operate in accordance with predefined specifications.
     3. Performance Qualification (PQ)
        Confirmation that the system performs as expected under actual operating conditions.
   • In this phase, the Requirements Traceability Matrix (RTM) ensuring document traceability is especially important.
3. Operation Phase
   • Change Control
     When software version upgrades or configuration changes occur, assess whether they impact product quality or business operations, and perform revalidation, as necessary.
   • Periodic Review
     It is recommended to regularly review the system to ensure its continued reliability.
   • Ensuring data integrity is especially important in this phase.
4. Retirement Phase
   • Validation is required even when the system is decommissioned.
   • Confirm that data retention and migration have been properly performed after the system is no longer in use.
   • Disposal procedures for systems and records must also be documented and maintained as the audit trail.

Frequently Asked Questions

To What Extent Is CSV Required?

One of the most common concerns regarding CSV is the question: Do all systems have to be validated to the same extent? As it turns out, this is not necessary.
The key concept here is the risk-based approach. This method determines the scope and depth of CSV based on the importance and risk level of the system and is strongly recommended in GAMP 5.
For example, it is natural that the level of CSV required for an auxiliary system that is not directly involved in the manufacturing process differs from that required for a core system responsible for product shipment decisions and manufacturing records. Attempting to uniformly validate all systems would lead to a significant increase in both time and cost.

Key Considerations for Vendor Selection

Adding CSV support requires extensive expertise and experience in multiple specialized fields, including expertise in pharmaceutical field operations, IT and system construction, validation processes, and relevant laws and regulations. Therefore, when delivering manufacturing equipment and systems, vendor selection must be approached differently than in other industries.
When selecting a vendor based on CSV compatibility, it is essential not only to compare product features and prices but also to assess the vendor’s risk-based approach in accordance with GAMP 5 and determine how effectively they can support users' validation activities. In particular, the availability of documentation for IQ/OQ/PQ and the level of support for data integrity will play a crucial role in ensuring the introduction of a reliable system.

1. Vendor's Capability to Manage CSV
   • Are products designed and developed compatible with CSV?
   • Is the documentation provided (e.g., design documents, test evidence, validation support) sufficient?
   • Can the vendor accommodate the GAMP category classifications (Category 3, 4, 5)?
2. Understanding of Risk-Based Approaches
   • Does the vendor understand and practice the GAMP5 risk-based approach?
3. Support System for Validation Activities
   • Are IQ/OQ/PQ templates and a traceability matrix (RTM) provided?
   • Will a validation document format and a policy for utilizing vendor testing be offered?
   • Can you establish a relationship with the person responsible for implementation to collaboratively promote CSV?
4. Consideration for Change Management, Maintenance, and Data Integrity
   • Status of procedures and communication systems for system changes, as well as the progress of standard operating procedures documentation.
   • Data integrity policy and implementation status (e.g., audit trail, access control).
5. Past Achievements and Previous Experience in Managing Audits
   • Records of implementation in companies subject to GxP requirements, such as those in the pharmaceutical or medical industries.
   • Experience in managing audits and inspections (e.g., GMP audits).