Throughout BioPharm International's 25th anniversary year, we have looked back at articles published in the first volume of the journal. This month, Sharon Strause,
an industry consultant, provides a look back at "Computer System Validation Part I: Testing and Verification of Applications
Software" by Leonard J. Goren.
Computer system validation has changed in the past 25 years as technology has become more complex. The majority of the documentation
requirements and software tests Leonard Goren listed in his article, "Computer System Validation Part I: Testing and Verification
of Applications Software," are still applicable today. One of the key missing procedures required to execute computer system
validation well is the supplier management process, which should include the requirements for a vendor audit. A vendor audit
determines the vendor's capability of producing a software application that can be validated for a regulatory company's use.
A vendor audit verifies how the code was developed, documented, and tested in all stages of the development process. A vendor
audit determines the quality system procedures that a vendor has in place to ensure a well-developed software application.
The audit determines how code is managed (i.e., configuration management), reviewed, internally documented, tested for the
use and misuse of its software, and changed. The vendor audit captures how data produced by the software meet the requirements
document, which starts the process of a vendor audit. CGMP requirements are established in the company's requirements document
for the software application including any audit trail functionality; how the code is managed from an infrastructure perspective
(e.g., local, wide area, and web networks); and disaster recovery process (i.e., backup process and offsite code management).
A thorough vendor audit showing good development practices will then allow a company to qualify the software's installation
on their equipment, and validate it for their use according to the computer system validation procedures in place at the company.
If practices at the vendor are not quality capable, then a company can either chose another vendor or know in detail the additional
requirements that would need to be completed to fulfill the requirements of computer system validation. This could mean thoroughly
testing the software for accuracy of the stated requirements of the software as it is received before ever beginning the actual
"validation for use" that is in place at the company.
The other crucial document that must be in place prior to assessing any vendor is the requirements document. Goren addresses
the functional requirements in his 1988 article, but today, a requirements document includes functional, technical, and regulatory
requirements for a software application. A completed requirements document helps to determine the types of applications that
should be assessed and also the types of testing that may be required to ensure workability of the software. It's an important
starting point in the computer system validation process. Having a computer system validation process that starts with requirements
and includes a good process for supplier management and auditing can help to minimize the validation of an application or
make it more complex.
—Our Retrospective series has included updates on separations technology, mammalian cell culture, industry perceptions, orphan
drugs, mAbs, GMP training, cleanroom management, and more. For a complete list of Retrospectives and their original 1988 articles,