Follow us on LinkedIn
periodic review


Wednesday 1 September 2021

The Periodic Review is of fundamental importance to confirm the validation status of computerized systems over time. Not everyone is clear when to do it, what to check, how to document it. Let's do some clarity together.

Critical GxP computerized systems must be validated to ensure that << Where  a  computerised  system  replaces  a  manual  operation,  there  should  be  no  resultant  decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process.>> (EU GMP Annex 11). Validation is also required to ensure << accuracy, reliability, expected performance and ability to distinguish invalid or altered records >>(FDA 21 CFR part 11.10(a)).


Unlike equipment, it is not necessary to periodically retrain computerized systems as they are not subject to wear. To confirm the validation status of computerized systems over time, the Periodic Review is therefore of fundamental importance.

The Periodic Review is also explicitly requested by EU GMP Annex 11 §11:

<< Computerised systems should be periodically evaluated to confirm that they remain in a valid state  and  are  compliant  with  GMP.  Such  evaluations  should  include,  where  appropriate,  the  current  range  of  functionality,  deviation  records,  incidents,  problems,  upgrade  history,  performance, reliability, security and validation status reports.>>


Indications on how to carry out the Periodic Review are given in Appendix O8 of the GAMP5 Guidelines.



The Periodic Review must be carried out periodically, according to a documented criterion that considers:

  • the degree of criticality of the system (GxP impact)
  • its complexity
  • its degree of novelty

Typically the Periodic Review is performed every one or two years, but different frequencies can be defined based on the GAMP5 category of the system and / or the time elapsed since the end of its initial validation.

Furthermore, it is also possible to perform extraordinary Periodic Reviews (i.e. before their natural expiration) in case of: 

  • Problems encountered in the operation of the system
  • Significant changes made to the system or several minor changes
  • Significant regulatory changes that impact the system



It is the responsibility of the Process Owner to ensure that the Periodic Review of the system is performed and that any corrective actions identified are implemented appropriately.

It is the responsibility of the Quality Unit to ensure that periodic reviews are planned, performed and documented.

The Periodic Review must be conducted by one or more persons depending on the scope of the review. The Review Team may include: Quality Unit, Subject Matter Expert (SME), Users, IT, Engineering, Compliance and / or External Consultants.



Subject to review are:

  • Update status of operating and maintenance procedures
  • Documentation update status (e.g. specifications, event and alarm lists ...)
  • Availability of recordings of instruction sessions in line with user-to-system roles
  • Application of Change and Configuration Management procedures and status of registrations
  • Availability of contracts and licenses
  • Application of the logical and physical security measures provided for the system
  • System performance
  • Any regulatory updates
  • Replacement of personnel with roles and responsibilities on the system
  • Deviations, incidents, problems and events related to the use of the system and related CAPAs

To these checks can be added all those activities that must be performed on a regular basis, such as periodic restore tests (EU GMP Annex11 §7.2) and some activities related to the Audit Trail review (EU GMP Annex11 §9). In particular, it is necessary to verify that the Audit Trail functionality is maintained in a validated state, that is:

  • The Audit Trail is active
  • The date, time and time zone of the system are correct and safe
  • The Audit Trail functionality, system policies, configurations and parameters that may have an impact on the modifiability of data (e.g. configuration of user profiles and related privileges) have remained unchanged with respect to what was recorded and verified during the initial validation, unless any changes correctly managed in accordance with the Change Control and Configuration Management SOPs



At the end of the review, a report is drawn up, or a check list, which includes the list of aspects of the system verified, the results and any corrective actions or recommendations.



Adeodata is able to perform and document Periodic Reviews both in accordance with the operating procedures of its customers and using its own procedure (it is not required that the Periodic Review SOP be issued by the Regulated Company, you can refer to that of the consultant ).

Adeodata can perform the necessary activities to close any non-conformities or pending actions found during the review activity.

The Periodic Review is also detailed within seminars and webinars on Computer System Validation provided by Quality Systems.



Article edited by

Laura Monti, Subject Matter Expert of Adeodata


Ask for a consultancy


 < Back

Adeodata S.r.l.
Via E. Mattei, 2

22070 Bregnano (CO)



Registered office: Via Carducci, 32 — 20123 Milano

VAT Nr. 05617310965    REA 1834791 Milano   PEC

Adeodata SA
Via Calgari, 2

CH 6900 Lugano

IDI CHE-112.203.579

© 2019 Adeodata. All rights reserved.

Designed and developed by Carrara Communication