The importance of Computer System Validation for Pharmacovigilance Service Providers
Computer System Validation (CSV) is the process of ensuring that any kind of technological component (software or hardware) is doing what it should be doing in line with regulatory guidelines. In the pharmaceutical industry in general, this process is of high importance when it comes to various machines that are involved in the production of medicinal products: you really want those 500 mg tablets to be 500 mg tablets. Other aspects include medical devices that are used to deliver drugs to patients: again, you would really like that insulin pump to work as advertised and deliver your insulin at the exact time and dose you have specified. This is what usually comes to mind when we talk about CSV, and most of the guidelines and requirements are covered by Good Automated Manufacturing Practice (GAMP) and Good Manufacturing Practice (GMP).
However, for pharmacovigilance service providers (PSP), a lot of effort goes into maintaining a pharmacovigilance database system. While this part might be invisible to marketing authorization holders who outsource PV, as they concern themselves mostly with the production aspects (as they should!), it certainly does not make it any less important. Why is CSV so important here? If you have bought a PV system from a renowned IT company, you can assume that everything works as it should and you are not responsible for any faults the system might have – not entirely true: since it all comes down to patient safety and all the data regarding a product’s safety portfolio is in your database system, CSV auditors will have an interest in the database, and pharmacovigilance service providers are in fact responsible for ensuring that their system works as it should. While not all aspects covered by GAMP are applicable when it comes to PV systems, some of them will be mentioned here.
Every client has different demands when it comes to a database and different expectations when it comes to various database outputs. Clients may or may not be database experts, but the responsibility of maintaining the database is with the providers. This usually includes:
- Full validation package – as mentioned before, the responsibility to test the system once acquired is with the PSP. Tests need to be documented and should to prove that the system does what is expected of it.
- Change control – any kind of change to the system needs to be tested in a development environment and validated in a validation environment before being released into production environment. It is imperative that this is stringent and well-documented, as it is often an audit item.
- Maintenance of libraries – this includes product and study libraries, as it is imperative, they reflect current client data.
- Maintaining access control – again, something that is often requested at audits. Each user needs to have a certain level of rights within the system, and this has to be well documented. The user needs to be trained, and access control needs to be periodically checked in order to make sure that employees that have e.g. left the company have been immediately deactivated.
- Audit trail history and periodic review – while audit trails are often considered “tell tales”, they exist for a good reason: yes, partly it is to ensure that any potential mistakes can be tracked down to a particular user but, more importantly, to show that the system is kept in its validated state and is doing what it should be doing. In case of unexpected behaviour of the database, audit logs are the first things to check to see what happened and to see if your database administrators can recreate the event in a test environment and solve the issue.
- MedDRA / WHO Drug upgrades – similar to libraries, the system needs to have all current MedDRA codes and WHO Drug codes so as to keep up with the regulation(s).
What it all comes down to is that every PSP needs a good, dedicated group that will function as a support team for the PV system of choice: clients will have questions and users will have issues, so the team needs to be a mediator between the end users, system manufacturers and the IT department and know the system well.
To learn more about CSV and GAMP, follow the links below:
Lea Debogovic, MSc / Pharmacovigilance software validation and implementation Associate
Lašćinska cesta 40
Planinska ulica 13/2
Office: +385 1 5588 297
Pharmacovigilance: +385 1 5588 297
Clinical trials: +385 1 5614 330
Registration: +385 1 242 0873
Marketing: +385 1 2420 890
Fax: +385 1 2420 860
Tel: +385 1 5588 297
Full company name
Short company name
Marti Farm Ltd. Trade and Services
Marti Farm Ltd.
Lašćinska cesta 40, HR-10000 Zagreb
Planinska ulica 13/2, HR-10000 Zagreb
a limited liability company
Commercial Court of Zagreb
HRK 20,000.00 (paid in its entirety)
Martina Diminić Smetiško, director of the
company (Representing the company
individually and independently, Responsible
person for data protection)
HR3623600001102197724 (Zagrebačka banka)
HR4324020061100628669 (Erste banka)
Full company name: Marti Farm Ltd. Trade and Services
Short company name: Marti Farm Ltd.
Headquarters: Lašćinska cesta 40, HR-10000 Zagreb
Office: Planinska ulica 13/2, HR-10000 Zagreb
Legal form: a limited liability company
Court register: Commercial Court of Zagreb
Registration number: 080751121
Share capital: HRK 20,000.00 (paid in its entirety)
Authorized representative: Martina Diminić Smetiško, director of the company (Representing the company individually and independently, Responsible person for data protection)
Bank account: HR3623600001102197724 (Zagrebačka banka), HR4324020061100628669 (Erste banka)