ERP Computerised Software Assurance

Validation of computerised systems is crucial. The pharmaceutical, biotech, and medical device industries are subject to strict health authority regulations to protect data integrity, product quality, and patient safety. Life Sciences and Healthcare companies must ensure that their processes are governed and controlled so that the same process always delivers as intended in a consistent way over time. 

According to the FDA, software validation applies to all computerised operative systems that impact patient safety, product quality and data integrity. 

Companies integrate central computerised systems to support processes and business units, including but not limited to R&D, engineering, production, supply chain, procurement, and asset management. An ERP (Enterprise Resource Planning) computerised system facilitates the integration of these processes and business units. Furthermore, an ERP system maintains oversight of sensitive operations across the organisation, such as compliance, expiry management, quality, formulation, batch release and more. 

Different ERP modules are interconnected. All modules share a common database, using Master Data principles such as ownership, uniformity, accuracy, stewardship, semantic consistency and accountability of the enterprise’s data. 

Companies are increasingly adopting modern ERP systems that implement pioneering AI, machine learning, and automation that provide data, intelligence, transparency, and efficiency to remain competitive and compliant. There is a clear connection between regulatory compliance and enterprise software systems as the business and IT functions become increasingly integrated. For example, nuclear medicine and cell and gene therapy require the software tool to be understood as part of the product, as business and IT work hand in hand.  

ERP Computerized systems must be in control during the development and production after go-live.   

Computerised system validation and change control ensure that ERP systems fulfill their intended use and produce accurate and reliable results throughout the entire life cycle. Computer Software assurance principles enable regulatory compliance and adherence to user requirements.  

Challenge

• When developing and manufacturing their products, pharmaceutical, medical device and biotech companies are tasked to lead through innovation whilst meeting the industry’s most stringent quality standards.
• Regulatory requirements affect every functional area from product design and development, manufacturing, R&D, quality control, reporting, etc.
• Businesses using a ‘mixed bag approach’ of manual processes, multiple spreadsheets, and segregated silo mechanisms to monitor their operations will not pass audits or meet quality standards set by health authorities.
• Manual validation and monitoring result in errors and duplicated information; therefore, automated testing. CSV (computerised system validation) and CSA (computer software assurance) are essential amid rapidly evolving regulatory, digital and business landscapes.
• To succeed, businesses need to know and review their enterprise systems in production, purchasing, documentation, traceability, and other activities while managing compliance requirements within budget.

What KVALITO did

• Involved in Validation Planning and Change Management (Authoring of System Classification, Validation Plan, Quality Plan, Business, and IT Risk Assessments)   
• Validating ERP systems (i.e. SAP S4/Hana, D365) for intended use and addressing how GxP (e.g. batch release) and non-GxP (e.g. HR functions) affect risk assessment and the validation strategy and scope of testing 
• Categorised processes to corresponding risk classes  
• Developed multiple validation strategies based on the risk category where this approach is preferred 
• Designed validation and test strategies for ERP systems with one or many instances encompassing different (GxP and non-GxP) modules and processes that interface and rely on the same data consolidated into one single source. 
• Delivered overall risk assessments to identify which processes impact patient safety, product quality, data integrity and availability of the system  
• Supported Detailed Design (Review and support authoring of User Requirement Specification, User Stories, Functional Specification, Design Specification, Change Management)  
• Adapted Validation process to client Quality Management System  
• Supported Testing, manual and automated (Support Code Review, Security testing, IQ, OQ, PQ), Defect Management, and related CAPA actions. 
• Supported Roll-out & End User Training and documentation, Support business SOPs  
• Supported Reporting (Authoring of Traceability, Validation Report, Quality Report) 
• Example ERP systems validated: SAP S/4 Hana, Oracle, Microsoft Dynamics 365

With a focus on patient safety, data integrity, product quality, regulations and industry best practices, i.e.: 

• FDA 21 CRF Part 11 “Electronic Records and Electronic Signatures”   
• EU GMP Annex 11   
• FDA General Principles of Software Validation 

• WHO Guidelines on Validation – Appendix 5 Validation of Computerized Systems   
• Data Integrity guidelines (MHRA, EMA, FDA, WHO, PICS)   
• GAMP5®  

People, Processes and Tools

Project Roles:

• QA/eCompliance
• CSV / CSA Subject Matter Expert
• CSV / CSA Auditor
• CSV / CSA Assessor
• Project Quality Manager
• Business Process Excellence Expert
• Business Analyst
• Project/Program Manager
• Test Manager
• Tester

Tools used during projects:

• SAP testing and change management tools
• ServiceNow
• Jira – Confluence
• HP ALM
• Micro Focus Application Lifecycle Management
• Veeva Vault
• Microsoft Azure
• Microsoft SharePoint

Processes:

• Batch Release
• Drug Change Control
• Compliance Management
• Quality Management
• Material Traceability

Value Delivered

• We clearly understand the current situation (i.e. potential risks). We have a sound knowledge of every stage our client is in and which systems are in place, document, hybrid or other.
•  Continuous support each step of the way to provide our clients with the confidence that it will work.
• Ongoing monitoring and supervision to ensure conformance and compliance with Industry Best Practices and Regulations.
• Audit readiness (prepared for Regulatory Inspections).
• Seamless integration of two QMS.
• Increased compliance with track and trace, serialisation, inventory and production tracking and other applicable regulatory requirements, simplified audit management and compliance.
• Once the system met validation requirements, our client’s faced reduced failure rates, fewer recalls and corrective actions, and lower risk to patients.
• Our clients affirm that audit management and compliance are more straightforward with the validated ERP systems.
• Clients note that validation plays a central role in the stability and feasibility of the ERP solution. Effectively validated systems made software changes more manageable and economical to implement and revalidate. The validation supports the entire lifecycle of the ERP solution.

Clients/References

• Novartis
• Fresenius Kabi 
• AAA