Computerized System Descriptions–How Hard Can It Be?

Q. Some 10 years ago, we implemented an electronic quality management system. Over the years, we have added some modules (e.g., for change control and deviation management). The system documentation was amended as changes happened. In a recent audit, we were given an observation: “Your system description does not meet regulatory expectations.” We are still unsure what is expected from us as we presented the system description given to us by the vendor, plus the validation documentation.

A. The regulatory authorities understand the importance of computerized systems in a modern pharmaceutical environment. They also understand the complexity of such systems and that these systems are likely to change over time. For that reason, companies must maintain an inventory of their automated systems, detail whether these systems are GxP-relevant, and if so, if these are validated. This is the very basis expected by the regulators. To understand the intended use of each system, a system description is also required. Your auditors found your system description deficient. You mention that you provided the system description written by the system manufacturer. This, I believe, is the key issue of concern.

Annex 11 of the European Union’s regulations state in paragraph 4.3: “An up-to-date listing of all relevant systems and their [good manufacturing practice] GMP functionality (inventory) should be available. For critical systems an up-to-date system description detailing the physical and logical arrangements, data flows and interfaces with other systems or processes, any hardware and software pre-requisites, and security measures should be available” (1).

Every company using the system will have different physical and logical arrangements, for example:

• You may have 50 users, whereas another company may have 5000 users.
• You may not have implemented any interfaces to other systems, whereas other users may have linked their system to other software packages.
• You may use the system for GxP relevant documentation, whereas another company may only use it for non-GxP purposes.

Therefore, each company’s system description will be unique. The manufacturer can only provide a generic description, which can of course be the basis for your individual one.

You also mention that you do have additional pieces of information about the system, which can be found in the validation documents. That may be so, but these pieces of information are not consolidated, interlinked, or otherwise logically connected to fulfill the requirements of the regulations, which call for an up-to-date system description for critical systems. Your system is obviously critical as you use it for GxP-critical processes.

It doesn’t mean that you should copy/paste all the information that can be found in your validation documentation or elsewhere, into a document called ‘system description’. It is perfectly acceptable to provide the relevant links. A system description could therefore be structured like this:

• System description. In a few sentences describe the name, origin, and intended use of the system (e.g., by installed system module [in your case documentation, change, and deviation management])
• System history. Describe the key milestones in the lifecycle of this automated system.
• Technical information and system validation. In a few sentences describe what system version is installed where and when it was last validated.
• References. Here you provide the links to all the relevant documentation.

Following this advice, you should be able to prepare your system description, and I hope you will also find it a useful exercise as it will help you find all relevant information faster in future.

Reference

1. European Commission, EudraLex Vol 4, Annex 11 “Computerised Systems” (EC, 2011).

About the author

Siegfried Schmitt is Vice President, Technical at Parexel.

Article details

BioPharm International
Vol. 34, No. 5
May 2021
Pages: 50, 49

Citation

When referring to this article, please cite it as S. Schmitt, "Computerized System Descriptions–How Hard Can It Be?," BioPharm International 34 (5) 2021.