A 25-Year Retrospective on Computer System Validation

Published on: 
BioPharm International, BioPharm International-12-01-2012, Volume 25, Issue 12
Pages: 40–45

This month, Sharon Strause, an industry consultant, provides a look back at "Computer System Validation Part I: Testing and Verification of Applications Software" by Leonard J. Goren.

Throughout BioPharm International's 25th anniversary year, we have looked back at articles published in the first volume of the journal. This month, Sharon Strause, an industry consultant, provides a look back at "Computer System Validation Part I: Testing and Verification of Applications Software" by Leonard J. Goren.


Computer system validation has changed in the past 25 years as technology has become more complex. The majority of the documentation requirements and software tests Leonard Goren listed in his article, "Computer System Validation Part I: Testing and Verification of Applications Software," are still applicable today. One of the key missing procedures required to execute computer system validation well is the supplier management process, which should include the requirements for a vendor audit. A vendor audit determines the vendor's capability of producing a software application that can be validated for a regulatory company's use. A vendor audit verifies how the code was developed, documented, and tested in all stages of the development process. A vendor audit determines the quality system procedures that a vendor has in place to ensure a well-developed software application. The audit determines how code is managed (i.e., configuration management), reviewed, internally documented, tested for the use and misuse of its software, and changed. The vendor audit captures how data produced by the software meet the requirements document, which starts the process of a vendor audit. CGMP requirements are established in the company's requirements document for the software application including any audit trail functionality; how the code is managed from an infrastructure perspective (e.g., local, wide area, and web networks); and disaster recovery process (i.e., backup process and offsite code management). A thorough vendor audit showing good development practices will then allow a company to qualify the software's installation on their equipment, and validate it for their use according to the computer system validation procedures in place at the company. If practices at the vendor are not quality capable, then a company can either chose another vendor or know in detail the additional requirements that would need to be completed to fulfill the requirements of computer system validation. This could mean thoroughly testing the software for accuracy of the stated requirements of the software as it is received before ever beginning the actual "validation for use" that is in place at the company.

The other crucial document that must be in place prior to assessing any vendor is the requirements document. Goren addresses the functional requirements in his 1988 article, but today, a requirements document includes functional, technical, and regulatory requirements for a software application. A completed requirements document helps to determine the types of applications that should be assessed and also the types of testing that may be required to ensure workability of the software. It's an important starting point in the computer system validation process. Having a computer system validation process that starts with requirements and includes a good process for supplier management and auditing can help to minimize the validation of an application or make it more complex.

—Our Retrospective series has included updates on separations technology, mammalian cell culture, industry perceptions, orphan drugs, mAbs, GMP training, cleanroom management, and more. For a complete list of Retrospectives and their original 1988 articles, visit BioPharmInternational.com/Retrospectives