Project Management for Computer System Validation (CSV) to Improve FDA Compliance

We will explore the best practices and strategic approach for evaluating computer systems used in the conduct FDA-regulated activities by applying a sound, project management approach. Each validation effort includes a vast set of activities and tasks required to get the job done. These can be managed more effectively by better understanding how to apply a project management approach to them all, regardless of size.

Validation projects can be done by following the GAMP5 “V” model, with phases, including validation planning, requirements definition, solutioning the system using design and/or configuration management specifications, installation qualification (IQ), operational qualification (OQ), performance qualification (PQ), test summary reporting, creating the requirements traceability matrix (RTM), and the validation summary report.

It’s important up front to understand the full scope of activities, and base planning the project on these. Any items not included in scope, such as interfaces, functionality, modules, etc. will need to be stated as such. The cost is also a factor that must be determined up front, then managed by tracking time against various project activities and tasks. Resources must also be planned and managed, with an understanding of what skills are needed and establishing a team with all of the skills required, from those that are technical, related to functional areas, and supporting quality.

There is also a need to track issues, risks, and decisions throughout the process, and a dashboard of key success factors published routinely to inform all levels of progress and needs. All issues must be resolved, and all risks must be mitigated to the extent possible using technical (system) and/or procedural (e.g., SOPs and training) and understanding the amount of residual risk that must be accepted if the team chooses to move forward.

A good project plan must be created and managed very closely, including all of the attributes mentioned above: scope, cost, resources, time, and risks. Any new risks must be identified and mitigated to the extent possible.

A good project management plan will include any vendor or third-party resources, activities, and tasks. While vendors often have their own plan for managing implementation, more detail is needed to account for all the additional work that’s related and supports it. These include training (technical, functional, validation), update to policies and SOPs, readying the team for use on day one of go-live, and readying any technical support needed to maintain the system in a validated state. The ongoing maintenance of the system in a validated state can also be managed by a project plan that details all the activities and tasks required to maintain the system accordingly, including changes performed under formal change control; incident reporting, investigation of the root cause, remediation, and testing; backup, recovery, and archival, security monitoring; access control; preventive and unscheduled maintenance activities; and ongoing assessment of potential risk, should the system fail. There must also be a Disaster Recovery (DR) Plan, and a Business Continuity (BC) Plan in place to assure continuance of operations.

We will cover the approach for validating/qualifying infrastructure components to FDA-regulated systems, including cloud-based servers and Software-as-a-Service (SaaS) solutions. A different approach is required for auditing and performing Installation Qualification (IQ) for systems supported by these vendors.

We will also walk through the entire set of essential policies and procedures, as well as other supporting documentation and activities that must be developed and followed to ensure compliance. We will provide an overview of practices to prepare for an FDA inspection, and will also touch on the importance of auditing vendors of computer system hardware, software, tools and utilities, and services.

Finally, we will provide an overview of industry best practices, with a focus on data integrity and risk assessment, that can be leveraged to assist in all your GxP project work.

Why should you Attend: You should attend if you are involved in planning or managing activities related to computer system validation for FDA compliance. This webinar will give you an understanding of the key parameters that must be baselined and maintained as current, including scope, costs, benefits, constraints, time, quality, resources, dependencies, and risks. Issues, actions, and decisions must also be tracked to keep things on target

Planning is critical to enable allocation of resources with the right skills required during specific phases or activities in the plan. Contingency planning will also be covered to ensure you deliver a validated system based on a strong project plan managed effectively and efficiently.

Areas Covered in the Session:

• Learn how to identify “GxP” Systems, then plan and manage validation-related activities
• Discuss the Computer System Validation (CSV) approach based on FDA requirements can be managed more effectively using a project management approach
• Learn about Computer Software Assurance (CSA) and how this approach may streamline your validation work, by focusing on critical thinking and testing each requirement based on potential risk, should it fail to be met
• Learn about cloud service and SaaS providers and the best approach for conducting a vendor audit and performing Installation Qualification (IQ) for validation, and including these in a project plan
• Learn about the System Development Life Cycle (SDLC) approach to validation and how this can be mapped in a project management plan for better control and oversight
• Discuss the best practices for documenting computer system validation efforts, including requirements, design and/or configuration, development, testing, and operational maintenance procedures, all of which may be linked in a plan
• Understand how to maintain a system in a validated state through the system’s entire life cycle by tracking all activities and tasks required to maintain the system accordingly
• Learn how to assure the integrity of data that supports GxP work, and using a gap assessment to identify outliers
• Discuss the importance of “GxP” documentation that complies with FDA requirements, including project artifacts
• Learn about the policies and procedures needed to support your validation process and ongoing maintenance of your systems in a validated state
• Understand the key components of 21 CFR Part 11 compliance for electronic records and signatures, and how to call out the requirements as part of a project plan
• Know the regulatory influences that lead to FDA’s current thinking at any given time and how these can be understood and in some cases, leveraged for ongoing work
• Learn how to conduct a risk assessment on computer systems that will provide the basis for developing a validation rationale, which will result in a set of activities and tasks to complete for the project
• Learn how to best prepare for an FDA inspection or audit of a GxP computer system through documentation
• Understand the importance of performing a thorough vendor audit to ensure oversight to the products and services they deliver
• Finally, understand the industry best practices that will enable you to optimize your approach to validation and compliance, based on risk assessment and project management, to ensure data integrity is maintained throughout the entire data life cycle
• Q&A

• Information Technology (IT) Analysts
• IT Developers
• IT Support Staff
• IT Security Staff
• QC/QA Managers and Analysts
• Production Managers and Supervisors
• Supply Chain Managers and Supervisors
• Clinical Data Managers and Scientists
• Compliance Managers and Auditors
• Lab Managers and Analysts
• Computer System Validation Specialists
• GMP, GLP, GCP Training Specialists
• Business Stakeholders using Computer Systems regulated by FDA
• Regulatory Affairs Personnel
• Consultants in the Life Sciences and Tobacco Industries
• Interns working at the companies listed above
• College students attending schools and studying computer system validation, regulatory affairs/matters (related to FDA) or any other discipline that involves adherence to FDA regulatory requirements