Digital Validation – Use Cases, Challenges, Standards, and Regulatory Guidance

Back to Top

• Table of Contents

  Table of Contents

  1 Introduction

  2 Digital Validation Use Cases

  3 Digital Validation Challenges

  4 Digital Validation Standards

  5 Digital Validation Regulatory Guidance

  6 Conclusion

  7 Abbreviations

  8 References

Download PDF

Abstract

Digital Validation Tools (DVTs) are used for various functions, including but not limited to: commissioning and qualification of facilities, utilities, and equipment; qualification of analytical instruments (laboratory and manufacturing); validation of analytical methods; process validation; and computer system validation.

The lack of comprehensive guidance for DVTs poses significant challenges, as existing guidelines may not fully address the unique aspects of paperless DVTs as identified in the iSpeak Blog post Best Practices for "True Copy Verification” with Paperless Validation Systems.1 The authors of this Concept Paper therefore advocate for the development of a Good Practice Guide specifically tailored to address these challenges.

A dedicated Good Practice Guide would offer comprehensive practical guidance and best practices to users, process owners, stakeholders, and regulatory inspectors. The Guide would specifically help users effectively navigate the complexities of implementation and operation, as well as ensure that auditors possess the necessary knowledge and understanding to assess digital validation processes accurately. A dedicated Good Practice Guide would therefore help shape the future of digital validation and contribute to the evolution of future regulatory guidance.

1 Introduction

The term “Paperless Validation” has been traditionally used in industry to describe the use of electronic systems or processes for managing qualification and/or validation activities. However, this term may now seem outdated, as it gives a sense of a mere transition from Gutenberg’s 15^th century methods2 to a 21^st century digital environment. In reality, a more holistic approach to managing all digital data is required; therefore, this Concept Paper uses the term “Digital Validation.”

Currently, there is no single guidance document providing a comprehensive roadmap for executing digital validation. While elements from ISPE GAMP® Guides Series3 and the ISPE Baseline® Guide: Volume 8 – Pharma 4.0™, 4 apply to digital validation, there is no consolidated resource addressing common questions such as:

• What if the “system” is not available?
• What if the inspector requests hard copies?
• What if we can’t locate the information fast enough?
• What is the system of record?
• How do I use digital validation tools with vendors/suppliers?
• How do I conduct a regulatory audit using a digital validation system?

Having the answers in a single source of knowledge/guidance for DVT owners, process owners, users, stakeholders, and regulatory inspectors is desirable.

2 Digital Validation Use Cases

The potential use of digital validation is broad and covers all aspects of the validation lifecycle. Currently DVTs are employed for various purposes, including:

• Commissioning and qualification of facilities, utilities, and equipment
• Qualification of analytical instruments (laboratory and manufacturing)
• Validation of analytical methods
• Process validation
• Computer system validation

Traceability and management of changes, incident/non-conformance management, and other supporting processes are built-in functionalities that provide a seamless integration across operations.

The capability of a DVT to integrate, connect, and handle data from other systems will further enhance the speed to market and innovation.

One significant advantage of DVTs is their potential to operate in a completely database and data-centric manner. Data links enable release by exception, streamlining the validation process and enhancing efficiency and real time decision-making.

3 Digital Validation Challenges

Whether the DVT has been implemented, or implementation is in progress, there will be challenges to resolve and questions to answer. Among these challenges is the change in the culture and mindset inherent to adopting a DVT.

This change in culture requires adoption and endorsement from the company Quality organization. Without a comprehensive understanding of the complete functionality of digital validation, there is a risk of undermining the effectiveness and trustworthiness of the adopted system. Some examples of changes in thinking are as follows:

• How can the digital validation tool provide value as a tool to enhance the work done by system users? DVTs provide functionality that cannot exist in paper-based processes. Making full use of that functionality requires organizations to re-think the processes used to document validation activities. While replicating the existing paper process in the digital validation tool may provide some sense of familiarity to users, it invariably results in a “paper on glass” process where the users work to accommodate the tool, rather than the tool enabling the users to execute the required work in an efficient, effective, and compliant manner. An example of digital validation tool functionality enhancing user input is locking tables where data is recorded, with changes to the data in the tables logged automatically in the audit trail.
   
• Is it mandatory to have Quality as a final approver? In analog processes, approvals are completed in series, and manual edits are possible after some approvals are obtained but before the final approval is documented. In digital validation tool, approvals can be completed in parallel, and controls implemented such that any edit requires previously captured approvals to be re-executed. This ensures that the Quality reviewer always approves the final content, regardless of whether they are the first approver or the last.
   
• How can I see if activities are done in the correct sequence? DVTs allow for timestamp visibility when data is committed to the system, which does not exist in the paper world. This leads to more critical thinking in designing the testing in DVTs, since some testing may be conducted out of sequence (such as static documentation checks), while some functional testing may be completed sequentially.
   
• Do users really have to sign and date for every data entry point? DVTs require users to log into the system with a unique ID, with the system capturing data entry in the audit trail with user ID, time, and date. With sufficient confidence in the access controls and audit trail content, the need for repeated signatures during execution can be eliminated and the overall process streamlined.
   
• What value does mandating the annotation, stamping, and pagination of attachments provide? DVTs can capture the attachment and removal of files in the audit trail and can be locked to prevent alteration of attachments after approval. By implementing baseline procedural controls around true copy verification (refer to the iSpeak Blog post Best Practices for “True Copy Verification” with Paperless Validation Systems1), the often laborious and error-prone work required to meet annotation, stamping, and pagination requirements can be drastically reduced or eliminated.
   
• Is there a need to include a list of attachments? DVTs allow users to attach files directly to the relevant location in the record, often providing a unique identifier for each based on that location. Manually developing and inserting a list of those attachments, while beneficial in paper-based systems where all attachments are included at the end of the document, is in this scenario a prime opportunity for human error and provides little to no benefit.
   
• Should I attach the file or link to the source data? DVTs should allow users to link to applicable data in external systems. Because any data extracted as an attachment is not original, linking to the source data should take preference if both systems are capable of being connected. Accessibility to view the source data should also be considered when deciding on attaching or linking, and it is recommended to have original data available as much as possible for review/audit. Both the digital validation tool and the supporting data system should ensure that, links are always maintained and point to the correct version and/or data used to verify the step/test in the protocol.
   
• What if an inspector requests a printout or an export to PDF rather than viewing the electronic record? Providing the inspector guided or otherwise limited access to the digital validation tool is recommended. When printing out a copy of a validation protocol for an auditor to review, it should be considered a copy of the original digital data and treated appropriately. This means that the printed record should be verified back to the original data to ensure it is a true copy, which could slow down the auditing process. Such a printout also may not contain data available in the digital validation tool such as timestamps/audit trails, and the record could be considered “dynamic data,” which would be very hard to verify as a “true copy” per the current regulatory guidance(s). (Refer to Chapter 5 Digital Validation Regulatory Guidance). This leads to a recommendation for regulatory auditors to embrace DVTs and use the full extent of the system’s functionality to assist in the review instead of reverting to a paper-based review.

The culture of change brought about by digital validation also impacts the day-to-day working for all users. Because of the 24–7 availability of test data and validation information, the validation process transcends its traditional stepwise, static progression to become a dynamic online collaboration platform where execution, review, and approval occur in real time. This collaboration allows immediate resolution of issues and eliminates rework.

4 Digital Validation Standards

Embracing the advanced tools and technologies available to optimize data utilization and management requires a paradigm shift in how information is structured and organized. The relational database model has emerged as a popular solution for efficiently storing and managing complex data sets.

Moving to a database mindset provides benefit from a data integrity perspective. One of the best ways to achieve this is by implementing systems that prevent or detect errors during data entry. For example, unique constraints can be set up to prevent duplicate data entries, while “not null” constraints can ensure that all required data is entered for each record. Additionally, triggers can be configured to enforce complex validation rules, such as ensuring that data values fall within a specified range or meet certain criteria.

Integrating all aspects of a project into a single electronic solution can be unrealistic, as each project phase and discipline has unique requirements and characteristics. However, using open Application Programming Interfaces (APIs) and standardized data structures to facilitate communication between different tools is an achievable goal.

By defining standard data structures and APIs for project management solutions, organizations are able to ensure that different tools and systems communicate effectively and efficiently without requiring custom development or manual data entry.

For example, standard data structures and APIs could be defined for project scheduling tools, Building Information Modeling (BIM) software, commissioning and qualification systems, maintenance management tools, and other project management solutions.

APIs can use a variety of standard data structures to exchange information between different software systems. Some of the commonly used data structures in APIs include:

• CSV (Comma-Separated Values)
• XML (Extensible Markup Language)
• JSON (JavaScript Object Notation)

The choice of data structure depends on the specific requirements of the API including the type of data being exchanged, the programming languages and systems involved, as well as the performance requirements of the API.

5 Digital Validation Regulatory Guidance

The following regulatory and industry guidance contain elements applicable to a digital validation tool:

• FDA: Data Integrity and Compliance with Drug CGMP, Questions and Answers Guidance for Industry5
• MHRA: ‘GXP’ Data Integrity Guidance and Definitions6
• FDA: General Principals of Software Validation7
• FDA Draft Guidance for Industry: Computer Software Assurance for Production and Quality System Software8
• WHO TRS 996 Annex 5 - Guidance on good data and record management practices9
• PIC/S Guidance: Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments10

The absence of comprehensive guidance for digital validation poses a significant challenge, as existing guidelines may not fully address the unique aspects of DVTs as identified in the iSpeak Blog post Best Practices for “True Copy Verification” with Paperless Validation Systems.1

Additionally, many of the regulatory guidance documents on validation, such as the FDA Guidance for Industry: Process Validation – General Principles and Practice11 (where the process validation requirements for preapproved protocols are defined), were primarily developed with paper-based processes in mind:

This expectation from the FDA Guidance for Industry: Process Validation – General Principles and Practices11 states that a Process Performance Qualification (PPQ) protocol should be preapproved before execution. Traditionally on paper this requires all necessary stakeholders, including Quality, to review and approve the PPQ protocol to ensure that the following components are in place:

1. The appropriate Critical Process Parameters (CPPs) and Critical Quality Attributes (CQAs) for the product are monitored/tested.
2. Prerequisites such as the equipment and software being qualified are in place.
3. That validated test methods are used for analysis.
4. The protocol contains information to record the following:
   1. Training status of people involved in the execution of the PPQ.
   2. That the appropriate samples are taken at the appropriate stages according to the process control strategy.
   3. That the nominal manufacturing process has been followed.

With a digital validation tool, the intent of this preapproval could be satisfied with the following:

1. The structure of the PPQ protocol can be preapproved by Quality, ensuring that there are sections in the protocol for sampling/training/recording the procedures for the PPQ to follow, and ensuring nothing is missed. This can be achieved by setting up a document template that is approved by Quality, used for each PPQ, and prevents modification of critical sections that should be present in the protocol.
2. The CPPs and CQAs for the product can be established in a master list in the digital validation tool at the beginning of the project and approved for use so that the data can be shared with other documents in the system, such as the PPQ protocol. This ensures that there is only one source of truth in the digital validation tool.
3. APIs can be used to directly transfer data into the protocol from other systems, such as:
   1. An API link to a Laboratory Information Management System (LIMS) can transfer an approved sampling plan from LIMS containing the correct details of the validated analytical methods as established in the LIMS system.
   2. An API can be used to interface with the ERP/MES system to ensure the correct batch numbers and batch records are used and recorded automatically.
   3. An API to the asset management system can ensure the qualified and calibrated status of equipment to be used.
   4. Checks that personnel executing the PPQ are appropriately trained can be done via an API link pulling that data from the training system.

Preapproval then becomes more of a technical check that the correct data fields have been set up in the template.

6 Conclusion

Based on the use cases, challenges, and the current regulatory landscape, the authors of this Concept Paper advocate for the development of a Good Practice Guide specifically tailored for digital validation.

While existing regulations may take time to be revised, and the likelihood of new, specific regulatory guidance remains uncertain, this should not prevent progress or innovation in the field of digital validation.

A dedicated Good Practice Guide would serve several purposes by offering comprehensive practical guidance and best practices for the implementation and operation of digital validation tools. The creation of a Good Practice Guide for digital validation will help shape the future of digital validation and contribute to the evolution of future regulatory guidance.

7 Abbreviations

Acknowledgements

A Concept Paper by the ISPE Commissioning & Qualification Community of Practice

This Concept Paper represents the outcome of work done by the members of Commissioning & Qualification Community of Practice Paperless Validation Sub Committee as well as experiences and input from the individuals listed and does not reflect the views of any one individual or company.

Document Authors

Mark Drinan Takeda Switzerland

Philip Jarvis Veqtor Ireland

Amy Kuntzman CAI USA

Khaled Moussally Compliance Group Inc USA

Brandi M. Stockton The Triality Group LLC USA

Stephanie White Independent Consultant USA