Critical GxP computerized systems must be validated to ensure that << Where a computerised system replaces a manual operation, there should be no resultant decrease in product quality, process control or quality assurance. There should be no increase in the overall risk of the process.>> (EU GMP Annex 11). Validation is also required to ensure << accuracy, reliability, expected performance and ability to distinguish invalid or altered records >>(FDA 21 CFR part 11.10(a)).
Unlike equipment, it is not necessary to periodically retrain computerized systems as they are not subject to wear. To confirm the validation status of computerized systems over time, the Periodic Review is therefore of fundamental importance.
The Periodic Review is also explicitly requested by EU GMP Annex 11 §11:
<< Computerised systems should be periodically evaluated to confirm that they remain in a valid state and are compliant with GMP. Such evaluations should include, where appropriate, the current range of functionality, deviation records, incidents, problems, upgrade history, performance, reliability, security and validation status reports.>>
Indications on how to carry out the Periodic Review are given in Appendix O8 of the GAMP5 Guidelines.
WHEN TO CARRY OUT THE PERIODIC REVIEW
The Periodic Review must be carried out periodically, according to a documented criterion that considers:
- the degree of criticality of the system (GxP impact)
- its complexity
- its degree of novelty
Typically the Periodic Review is performed every one or two years, but different frequencies can be defined based on the GAMP5 category of the system and / or the time elapsed since the end of its initial validation.
Furthermore, it is also possible to perform extraordinary Periodic Reviews (i.e. before their natural expiration) in case of:
- Problems encountered in the operation of the system
- Significant changes made to the system or several minor changes
- Significant regulatory changes that impact the system
RESPONSIBILITY FOR THE PERIODIC REVIEW
It is the responsibility of the Process Owner to ensure that the Periodic Review of the system is performed and that any corrective actions identified are implemented appropriately.
It is the responsibility of the Quality Unit to ensure that periodic reviews are planned, performed and documented.
The Periodic Review must be conducted by one or more persons depending on the scope of the review. The Review Team may include: Quality Unit, Subject Matter Expert (SME), Users, IT, Engineering, Compliance and / or External Consultants.
WHAT TO CHECK
Subject to review are:
- Update status of operating and maintenance procedures
- Documentation update status (e.g. specifications, event and alarm lists ...)
- Availability of recordings of instruction sessions in line with user-to-system roles
- Application of Change and Configuration Management procedures and status of registrations
- Availability of contracts and licenses
- Application of the logical and physical security measures provided for the system
- System performance
- Any regulatory updates
- Replacement of personnel with roles and responsibilities on the system
- Deviations, incidents, problems and events related to the use of the system and related CAPAs
To these checks can be added all those activities that must be performed on a regular basis, such as periodic restore tests (EU GMP Annex11 §7.2) and some activities related to the Audit Trail review (EU GMP Annex11 §9). In particular, it is necessary to verify that the Audit Trail functionality is maintained in a validated state, that is:
- The Audit Trail is active
- The date, time and time zone of the system are correct and safe
- The Audit Trail functionality, system policies, configurations and parameters that may have an impact on the modifiability of data (e.g. configuration of user profiles and related privileges) have remained unchanged with respect to what was recorded and verified during the initial validation, unless any changes correctly managed in accordance with the Change Control and Configuration Management SOPs
HOW TO DOCUMENT IT
At the end of the review, a report is drawn up, or a check list, which includes the list of aspects of the system verified, the results and any corrective actions or recommendations.
HOW ADEODATA CAN SUPPORT CUSTOMERS
Adeodata is able to perform and document Periodic Reviews both in accordance with the operating procedures of its customers and using its own procedure (it is not required that the Periodic Review SOP be issued by the Regulated Company, you can refer to that of the consultant ).
Adeodata can perform the necessary activities to close any non-conformities or pending actions found during the review activity.
The Periodic Review is also detailed within seminars and webinars on Computer System Validation provided by Quality Systems.
Article edited by
Laura Monti, Subject Matter Expert of Adeodata
