The importance of Computer System Validation for Pharmacovigilance Service Providers

However, for pharmacovigilance service providers (PSP), a lot of effort goes into maintaining a pharmacovigilance database system. While this part might be invisible to marketing authorization holders who outsource PV, as they concern themselves mostly with the production aspects (as they should!), it certainly does not make it any less important. Why is CSV so important here? If you have bought a PV system from a renowned IT company, you can assume that everything works as it should and you are not responsible for any faults the system might have – not entirely true: since it all comes down to patient safety and all the data regarding a product’s safety portfolio is in your database system, CSV auditors will have an interest in the database, and pharmacovigilance service providers are in fact responsible for ensuring that their system works as it should. While not all aspects covered by GAMP are applicable when it comes to PV systems, some of them will be mentioned here.

Every client has different demands when it comes to a database and different expectations when it comes to various database outputs. Clients may or may not be database experts, but the responsibility of maintaining the database is with the providers. This usually includes:

• Full validation package – as mentioned before, the responsibility to test the system once acquired is with the PSP. Tests need to be documented and should to prove that the system does what is expected of it.
• Change control – any kind of change to the system needs to be tested in a development environment and validated in a validation environment before being released into production environment. It is imperative that this is stringent and well-documented, as it is often an audit item.
• Maintenance of libraries – this includes product and study libraries, as it is imperative, they reflect current client data.
• Maintaining access control – again, something that is often requested at audits. Each user needs to have a certain level of rights within the system, and this has to be well documented. The user needs to be trained, and access control needs to be periodically checked in order to make sure that employees that have e.g. left the company have been immediately deactivated.
• Audit trail history and periodic review – while audit trails are often considered “tell tales”, they exist for a good reason: yes, partly it is to ensure that any potential mistakes can be tracked down to a particular user but, more importantly, to show that the system is kept in its validated state and is doing what it should be doing. In case of unexpected behaviour of the database, audit logs are the first things to check to see what happened and to see if your database administrators can recreate the event in a test environment and solve the issue.
• MedDRA / WHO Drug upgrades – similar to libraries, the system needs to have all current MedDRA codes and WHO Drug codes so as to keep up with the regulation(s).

What it all comes down to is that every PSP needs a good, dedicated group that will function as a support team for the PV system of choice: clients will have questions and users will have issues, so the team needs to be a mediator between the end users, system manufacturers and the IT department and know the system well.

To learn more about CSV and GAMP, follow the links below:

1.   https://en.wikipedia.org/wiki/Computerized_system_validation
2.   https://en.wikipedia.org/wiki/Good_automated_manufacturing_practice
3.   https://www.rscal.com/the-why-and-what-of-computer-system-validation-in-pharmaceuticals/