We can understand FDA concerns about computer systems as we look at the following examples. The "Therac-25" medical-device software went awry between 1983 and 1987, overdosing patients with X-rays (21). FDA stopped the use of the device. According to the recollection of the authors, Wyeth Laboratories Inc. is believed to have received the first computer validation–related 483 from Center for Drug Evaluation and Research (CDER) in October 1983 for a lack of documentation for the validation of a computer system used for the statistical analysis of data. In the late 1980s, the generic-drug scandal caused concern because data had been falsified. One of the authors served as a witness in a grand jury investigation of the generic-drug scandal. Interestingly, Phil Piasecki, a former FDA official who later worked in the industry, once told one of the authors of an observation he made on computer systems. He noticed that the red light of a dehumidifier in a data center was on. After inquiring about the dehumidifier's purpose, he cited the company for not having a standard operating procedure (SOP) for its use and maintenance.
The Standish Group's "Chaos" reports, indicate that "incomplete requirements and specifications" and "changing requirements and specifications" are two of the top three "project challenged factors" for computer-system projects (26). This assessment seems to hold true in today's computer-validation practices. An informal poll conducted by the authors indicates that user requirements are the main challenge when validating a computer system. User requirements have been a factor since the early years of computer validation. Nonetheless, the general understanding about how to conduct computer validation in the industry has increased since the 1990s, and most companies now have groups or departments dedicated to computer validation. Since the introduction of the Sarbanes–Oxley financial regulations for a publicly traded company, more and more information technology (IT) departments have established compliance groups. It is generally accepted now that IT infrastructure must be qualified to meet growing regulatory requirements across the business.
FDA has published more than 30 documents related to computer systems and computer validation, and the term computer validation is no longer foreign to the industry. Computer-validation practices and regulations are evolving and reaching the maturity stage of other validation disciplines, even if more recently it seems that the efforts on computer validation and Part 11 compliance are less apparent than before. This complacency might be a result of the wait-and-see attitude toward what the new Part 11 regulation amendment might bring and may also result from the perception that computer validation–related 483 observations have decreased in recent years.
The intent of Part 11 regulations was to allow businesses to be more efficient, to enable automation, and to generate less paper documentation. Yet, these goals have not been fully realized. Most companies addressed how to meet and comply with the Part 11 regulations, but they did not necessarily develop business strategies to take full advantage of what the regulations allow the companies to do.
The authors thank Alan Kusinitz, managing partner of SoftwareCPR, and George R. Smith Jr., FDA consumer safety officer at CDER's Office of Compliance, for their input and review.
Rory Budihandojo* is the computer validation manager at Boehringer-Ingelheim Chemicals and a member of Pharmaceutical Technology's editorial advisory board, firstname.lastname@example.org
Steve Coates is the director of computer system quality assurance at Wyeth. Ludwig Huber, PhD, is a compliance expert at Agilent Company. Jose E. Matos is manager of manufacturing systems and process automation at Bristol-Myers Squibb. Siegfried Schmitt, PhD, is the quality director at GE Healthcare Global IT. David Stokes is the life sciences manager at Business & Decision. Graham Tinsley is president of THINQ Compliance Ltd. Maribel Rios is senior editor of Pharmaceutical Technology.
*To whom all correspondence should be addressed. The scope of this article is specific to the healthcare industry and to the view of the authors or FDA, which may not necessarily reflect the view of the companies where the authors and reviewers are employed.
Where were you 30 years ago?
Rory: "I was in the UK, going to school."
1. E. Kübler-Ross, Five Stages of Grief, http://www.businessballs.com/elisabeth_kubler_ross_five_stages_of_grief.htm.
2. Risk Management, http://www.fda.gov/oc/mcclellan/riskmngt.html
3. IVT Proposed Validation Standard VS-2, Computer System Validation, IVT 3 (2002).
4. Guide to Inspection of Computerized Systems in Drug Processing (1983), http://www.fda.gov/ora/Inspect_ref/igs/csd.html.
5. Timeline of Key FDA Software Documents, http://www.softwarecpr.com/libraryframepage.htm.
6. ITG Subject: The Computer in FDA-Regulated Industries (1976), http://www.fda.gov/ora/inspect_ref/itg/itg23.html.
7. ITG Subject: The Computer in FDA-Regulated Industries Part II Computer Hardware (1977), http://www.fda.gov/ora/inspect_ref/itg/ itg29.html
8. Guidance for Industry: Computerized Systems Used in Clinical Trials (1999), http://www.fda.gov/ora/compliance_ref/bimo/ffinalcct.htm.
9. Guide To Inspections of Computerized Systems in The Food Processing Industry (unclear publication date), http://www.fda.gov/ora/inspect_ref/igs/foodcomp.html.