Who is Bill Gaw?
And why should we
listen to him?

Lean Enterprise Articles

Your 3-Step, World Class, Lean Manufacturing Training Program
WCM Lean Manufacturing

 Increase the effectiveness of your
Lean Manufacturing Initiative

Manufacturing Simulation Game 

Pharmaceutical Manufacturing
Part 2 of 6

privacy policy

Contact Us

 To review our training 
 packages, click on 
  the links below: 

e-Training Packages:

Lean Manufacturing

Balanced Scorecard

ISO 9000:2000

Supply Chain


Strategic Planning

     Other Options:   

Lean Leadership

Thinking Outside 
the Box Principles 

Lean Enterprise Training

Management Training

Lean Kaizen Event

Lean Manufacturing Implementation

Lean Six Sigma

Supply Chain

Strategic Planning

Total Quality

Lean Manufacturing Coach and Certification

Production Planning and Control

Manufacturing Planning and

What Needs to Be Validated?

Current FDA guidelines require pharmaceutical and medi­cal device manufacturers to implement and effectively enforce a comprehensive system validation policy. The FDA requires that validation be performed for any system that captures, stores, controls, manages or reports data subject to regulatory review. This includes 1) device software, software that is an integral part of a medical device, 2) process software, software used in the manufac­turing process, such as software controlling programmable logic controllers and QA software, and 3) software used to support FDA Good Manufacturing Practices (GMP) re­quirements, such as batch control, lot tracing, complaint tracking, failure investigation, device master records, and device history records. This last category of software frequently includes parts of the company MRP II system, when it is used as the basis for production batch control, lot tracing, serial number tracking, or product recall.

Once a system is determined to be subject to regulatory review, the scope of the validation reaches to every aspect of the system. The hardware and software must be validated, including both vendor supplied and custom developed software. The system documentation and asso­ciated standard operating policies and procedures (SOPs) must be validated, including system security procedures and disaster recovery plans. Finally, the test records themselves are subject to validation.

Reliable software is not developed in a haphazard way. It is developed and implemented through a phased approach that has come to be known as the system development life cycle (SDLC). System validation is an important aspect of the SDLC.

The potential scope of validation points out a drawback to centralized systems and databases. MIS professionals are trained, rightly, to look for opportunities to eliminate data redundancy and duplicate data entry. This leads to cen­tralized databases that are shared between the various functional departments. This is consistent, also, with the concept of integrated resource management, promoted by the APICS CIRM program. Nevertheless, the ideal of an integrated system must be balanced with the practical demands of system validation. Once the FDA determines that a system is subject to regulatory review, the entire system falls under the scope of formal system validation. Company management would be wise to consider moving the regulatory data and system functions to an isolated software and hardware system, thus greatly reducing the scope of regulatory review of systems.

Validation to Regulatory Requirements

Legally, a system only needs to be validated in terms of its regulatory requirements. That is, does management have the assurance that the system operates and will continue to operate as it is intended to support regulatory requirements? For example, if a system is intended to support company compliance to GMPs, the system must be validated against GMP requirements. However, today's MRPII systems do much more than support GMP requirements
(e.g. they also plan material and capacity). These additional system requirements may be highly important to the company, and management may want assurance that these requirements are met as well. Management there­
fore can choose to validate a system to regulatory requirements, to all system requirements, or to some point in between. To minimize the reach of an
inspection, however, it might be wise to separate the regulatory requirements into a separate set of validation documentation.

Validation Frequency

System validation cannot be conducted as a one-time exercise merely to sat­isfy regulators. It must be an ongoing process, a part of the normal system development and implementation pro­cess, a way of doing business. The system validation must stay current with all significant changes to any element of the system, and the valida­tion documentation must be immedi­ately accessible to company manage­ment as well as regulators. An annual review should be conducted to ensure that the system has not in fact been modified since the last validation, and there should be a periodic revalidation (e.g., biannually) of theentire system, whether or not it has been modified. Remember, revalidation is required when any element of the system—software, hardware, operating system, or SOPs—is changed.

To Be Continued


To stay current on manufacturing competitive knowledge, please subscribe to our weekly bulletin, "Manufacturing. Basics and Best Practices (MBBP)."  Simply fill in the below form and click on the " subscribe button." 

We'll also send you our Special Report, "8-Basics of Kaizen Based Lean Manufacturing."  

All at no cost of course. 

First Name:
Your E-Mail:

 Your personal information will never 
be disclosed to any third party.

privacy policy

Here's what one of our subscribers said about the MBBP Bulletin:

"Great articles. Thanks for the insights. I often share portions of your articles with my staff and they too enjoy them and fine aspects where they can integrate points into their individual areas of responsibilities. Thanks again."

               Kerry B. Stephenson. President. KALCO Lighting, LLC

"Back to Basics" Training for anyone ... anywhere ... anytime

Business Basics, LLC
6003 Dassia Way, Oceanside, CA 92056
West Coast: 760-945-5596

© 2001-2007 Business Basics, LLC