Software Validation | GxP Compliance

Interesting document useful as training on software validation for Quality Control equipments!

A good first step toward understanding software validation is to clearly define the terms that cause the most confusion: data integrity, qualification, and validation.

In his 2013 Scientific Computing article FDA’s Focus on Laboratory Data Integrity–Part 1, Robert D. McDowall, Ph.D., defines data integrity in the context of laboratory data within a GMP environment.

As “generating, transforming, maintaining, and assuring the accuracy, completeness and consistency of data over its entire life cycle in compliance with applicable regulations.”

A computerized system that supports data integrity ensures that the data is human attributable, legible, time-attributable ( contemporaneous), not easily duplicated or modified (original), and accurate. 

The computerized system used to generate and maintain regulated records and its validation thus becomes the focal point for all other related data integrity activities.

The FDA’s Glossary of Computer System Software Development Terminology provides a detailed definition of qualification, specifically installation qualification (IQ) and operational qualification (OQ).

Simply put, IQ determines that a system is properly installed and configured. 

OQ determines that a system is consistently operating within established limits and tolerances. 

In the same document, the FDA states that software validation is the process of determining the correctness of the software with respect to the user’s needs and requirements. 

Software validation is accomplished by verifying each stage of the software development lifecycle.

Though a system may be correctly installed and its operations may be qualified, these actions alone do not ensure correct results for every process run on the system. 

Rather, each individual process must be validated to determine that the system generates predictable, repeatable results, whether it is drug manufacturing or another activity such as quality control. 

This step is known as process validation. Qualification, software validation, and process validation are interrelated.

IQ/OQ are necessary, but these alone are not sufficient for system validation. Likewise, system validation is necessary, but it alone cannot validate the process. While each is a required element of the overall validation process, they are not sufficient by themselves to meet the complete regulatory requirement.