As Life Sciences companies comes to rely increasingly on digital capabilities and good data for efficiency and competitive advantage, it’s critical that they harness system validation as soon as possible in the project lifecycle, urge Ulrich Lein and Stefani Godoy Herrera of MAIN5.
In Life Sciences, systems relevant to GxP (‘good practices’) are required to be formally validated – through a process of computer system validation (CSV) or assurance (CSA) – as supporting their intended purpose. Yet, too often, such activity is treated as exactly that – a compliance exercise, a necessary evil; nothing more.
The emphasis on burden (and cost) undervalues the role system validation should really play in a digital process transformation initiative – for instance in underpinning strategic priorities including more dynamic and seamless data sharing, and repurposing of that data across functional boundaries. As such aims increase in scope and complexity, ensuring that everything works as it should will be an important determinant of a project’s fuller impact.
Because the validation process is correlated with other departments besides IT and Quality, the various stakeholders are encouraged to think ahead and to define what they want. This in turn helps ensure that everyone is working within agreed parameters, to achieve mutually beneficial outcomes.
The alternative is projects not delivering and having to be reworked, at great expense and delay. Ultimately, it could mean patients failing to gain prompt access to safe, high-quality medicines or medical devices.
Deriving more, not less, from the system validation process
Seeing system validation, or assurance, as something to be streamlined to reduce the duration and cost of project delivery (an increasingly common request) is a risky strategy. If important new systems fail to deliver (which can be the case in up to 85 per cent of projects that have not followed validation standards), or if they take in or put out bad data (uncovered during a Health Authority inspection), the reputational risk could be painful and lasting. And it will almost certainly mean time-consuming re-engineering to put problems right – which always costs more after the fact.
Here are some recommendations to enhance the positive impact of system validation.
Consider validation requirements first
First, there needs to be a recognition that validation is not a standalone undertaking that takes place after the main project. Optimising the beneficial impact of CSV or CSA starts with early action, ideally when organisations start thinking about a project or the introduction/change of a system. Certainly, it should be an integral part of a technology or data project, not an afterthought.
By determining, from the outset, the factors that will allow later validation, teams are more likely to stay focused on important developments, ensuring that they are delivered on time and with high quality. Validation should be fully factored into, and budgeted for, as part of the project.
Capture all needs up front
Validation should be directed by someone with a high-level overview and holistic interest in the new project’s success – with the aim to proactively anticipate likely issues, with input from subject matter experts across all affected departments.
Too often, though, issues don’t arise until after an inspection – at which point costly retrospective action will be needed. EMA and FDA findings are made public too, so there could be reputational damage if systems are found not to comply with regulatory expectations. Quality management systems (QMSs) have been the focus of recent waves of inspections, evidenced by recent warning letters published by the US FDA. This is increasing the urgency around ensuring a continuous validated state.
Set the right intentions
The CSV vs CSA debate is a distraction. While Good Automated Manufacturing Practice is geared to defining computer system validation guidelines systems governed by regulations, it already considers the risk-based approach while the FDA’s CSA guidance also focuses on containing risk rather than compliance with rigid rules. That is, it places more emphasis on assurance that systems can be safely depended on for their intended use. This is considered by some to be a less burdensome approach than traditional, comprehensive validation.
As liberating as the CSA approach might seem, the ideas it sets out are nothing new. The debate is really around minimising over-engineering and the potential for inefficiency in favour of defendable compliance, which feels more ‘agile’ in today’s dynamic environment. Certainly, validation approaches need to move with the times.
It can be more helpful to think of any guidelines as ‘recommended best practice’, focus on the essence of the provisions, and be pragmatic and flexible where necessary. Early collaboration between validation and IT teams can help with this, to pre-empt any issues and determine the associated level of risk and appropriate provisions.
Focus on the total cost of system ownership
If immediate project costings (and timelines) have served as a barrier to a more strategic, proactive approach to system validation, this may be because the immediate cost of project delivery has been the focus, rather than the total cost of system ownership. The latter focuses on a successful operational system that does what it promised – once live, and over time.
The GAMP community estimates that if companies approach validation pre-emptively and with the right intent it should account for 10 per cent of the overall project budget. If it neglected, under-resourced or left too late, on the other hand, it is likely to cost considerably more. That’s even before the impact on any indirect co-dependencies, or the cost of missed benefits. Ultimately, companies that commit themselves to doing validation well will be taking better care of patients, through more efficient delivery of better products.
Tie in system validation with selection of the right vendor
Finally, selecting the right supplier, as well as defining the validation criteria up front, will further boost the likely success of a project’s delivery – by moving everything up a level, and ensuring that nothing has been overlooked in the specification of the new system.
For many companies, mandatory compliance with regulatory requirements like IDMP is driving technology investment. Yet the associated process transformations will only be delivered if new systems and data processes have been optimized and validated – to take full advantage of the intended standardization.
Even AI tools need agreed parameters to work within, e.g. in their use of data, so that they can be harnessed reliably and optimally. The bigger and more globally dispersed the organisation, the greater the need for agreed structure around how systems work and how data is defined, to prevent undesirable variances associated with user diversity.
About the authors
Ulrich Lein is a management consultant and Stefani Godoy Herrera is a computer systems validation (CSV) expert at MAIN5, a European Life Sciences digital transformation consultancy.