Facility Monitoring Systems Validation: A Practical Approach 7

Subpart B, Paragraph 11.10 states, in part, that the following must be addressed:
  • The system must be validated.
  • The system must be able to generate accurate, complete copies of data.
  • Data records must be protected.
  • System access must be restricted.
  • Audit trails must be applied to all data.
  • Operating system protection methods should be used where possible.
  • Authorization checks must be applied.
  • Data input/collection verification must be applied.
  • Users must be trained.
  • Standard Operating Procedures (SOPs) for the use of the system must be in place.
  • Documents must be controlled.
  • Change control must be applied.
Tests should be included within IQ and OQ to establish that the system does indeed fulfill the above requirements. Many should already be part of any test, but some are outside the scope of the supplier.
Here are some simple methods to make the above process easier and to ensure that a system will pass a validation:.
  • Ensure that all transducers, particle counters, and other devices are suitable for the purpose and have valid calibration certificates.
  • Do not use complex data collection devices such as programmable logic controllers (PLCs) if they are not required. If a PLC is used, it will have a program, and additional validation will be required.
  • When designing a system, consider how things can be tested and how documented evidence can be generated.
  • Consider 21 CFR, Part 11 requirements and how these will be fulfilled.
  • Use qualified people and reputable suppliers.
  • Follow the steps listed within this V-model diagram.