Computer Validation Confirms Evidence

Published on: 
BioPharm International, BioPharm International, February 2024, Volume 37, Issue 2
Pages: 34

Validating computerized systems is required to demonstrate adherence to data integrity, says Susan J. Schniepp, distinguished fellow at Nelson Laboratories, LLC.

Q. I just started working for an independent product contract manufacturing company, and we are installing new computers in all the critical areas. What do we need to validate?

A. There isn’t a lot of detail in your question so let’s assume you are in fact installing computerized systems in your operation. FDA defines a computer system as a “functional unit of one or more computers and input/output devices, peripherals and associated software, used in common for all or part of a program and storing all or part of the data necessary for program execution” (1). The relevant International Council for Harmonisation (ICH) Q7 document says computer systems are both “hardware components and associated software, appointed and assembled to perform a specific function or group of functions” and “process or operation integrated with a computer system” (2).The European Union’s EudraLex defines a computer system as a “system individually designed to suit a specific business process” (3). These systems could include a laboratory information management system (LIMS), a documentation management system (DMS), and/or a electronic batch record system (ERB).

The need to validate these different systems is driven by FDA’s definition of validation, which says, “Validation is the confirmation by objective evidence, that the previously established requirements for the use of a process or system are met” (1). Bottom line, computerized systems that have an impact on product quality, patient health and safety, and on GxP practices that impact production processes, storage of data for finished products, documentation management of processes and procedures, electronic records, etc. must be validated to ensure the integrity of manufactured product.

Now that we established why you need to validate computerized systems, let’s look at general concepts that might help with your approach to validation. The validation plan should include the installation qualification (IQ), operational qualification (OQ), and performance qualification (PQ) testing protocols and change control procedures. Each part of the validation plan should be executed in a specific order. For example, you need to complete the IQ before you start executing the OQ. When you write protocols for validating your systems, you need to make sure you address data integrity for each system. You need to ensure that the electronic records and signatures generated by your system meet the ALCOA + data integrity concepts of being attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, and available.


By establishing a validation plan and ALCOA+, you can be confident that your computerized system is capable of generating reports and data that attests to the safety and quality of the products your company manufactures.


  1. FDA. 21 CFR Part 11, Electronic Records, Electronic
    Signatures, 2003.
  2. ICH. Q7, Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients (ICH, Nov. 10, 2000).
  3. EC. EudraLex, The Rules Governing Medicinal Products in the European Union, Volume 4 Good Manufacturing Practice Medicinal Products for Human and Veterinary Use, Annex 11: Computerised Systems, 2011.

About the author

Susan J. Schniepp is distinguished fellow at Nelson Laboratories, LLC.

Article details

Pharmaceutical Technology®
Vol. 48, No. 2
February 2024
Page: 34