The U. S. Food and
Drug Administration (PDA), in recent years, has been exerting
increasing pressure on manufacturers of pharmaceuticals and medical
devices to validate the quality and reliability of computer systems
that are used to manage regulatory data. Such companies are well
acquainted with FDA requirements for manufacturing process
validation. Most are also familiar with the requirement to validate
systems traditionally owned by Quality Assurance (QA), such as
in-process inspection systems and laboratory systems. But some
companies have been surprised to learn that their production and
inventory control (P&IC) systems also must be validated when those
systems are used for regulatory compliance functions, such as
production batch control, lot tracing, serial number tracking, and
This paper will
provide an introductory overview to the basic concepts of system
validation, with a focus on software validation. It will describe
the elements of a successful software validation and will briefly
outline the steps required to plan and organize the validation
Overview of System
For purposes of
this paper, system validation can be defined as follows:
System validation is a quality assurance process, applied to a
computer system, which satisfies management that the total system is
operating and will continue to operate as required.
There are several
key points contained in this definition. First, it is a quality
assurance process. Just as the QA process applied to products and
manufacturing processes provides assurance of product quality and
reliability, system validation provides assurance of system quality
definition focuses on management. Validation responsibility cannot
be delegated to the MIS department or the software vendor.
Ultimately, it is the responsibility of company management and the
users of the system to ensure that their system operates and will
continue to operate as required.
Third, system validation must be the validation of the total system,
that is the software, hardware, and associated human procedures.
However, because software validation is typically the most complex
part of system validation, this paper will focus primarily on
validation ensures the system operates as required, that is, in
terms of its requirements. Ultimately, system validation does not
merely ensure that the system performs as designed or programmed,
but that it performs according to its requirements. In software
development, as in manufacturing, there are often differences
between what was designed or built and what the customer wanted.
As a quality
assurance process, system validation matches the final product
against the true requirements.
The concepts of
system validation were developed and applied in the early 1970s by
the U.S. Army, with help from academic and industry scholars, as
part of the development of the Safeguard Anti-Ballistic Missile
System . Since then, it has been an important requirement for
aerospace and defense contractors. System validation has also been
an integral part of the development of air-traffic control systems,
nuclear power plant control systems, and other applications where
human safety is at risk.
In the 1980s, as
software began to play an increasingly important role in the control
of medical devices (e.g., pacemakers, radiation therapy systems),
the FDA looked to software validation techniques as a way of
ensuring their operational reliability. Several well publicized
problems with medical devices have given a sense of urgency to the
need for validation.
difficulty of some manufacturers in recalling defective products has
focused FDA attention on software used in batch control and product
recall. This has brought FDA attention, in some companies, to the
heart of the company P&IC system, which may have been implemented
and maintained for years without any thought of formal validation.
In some cases, the FDA has blocked production or sale of certain
products until the P&IC system is validated. This usually works to
focus management attention on the issue.
To Be Continued