Validation of computer systems in the pharmaceutical field

By Achraf, Amaris Consultant

It is well known that it is not easy to set up a new software tool in a company, especially if this company is subject to restrictive regulations. It is the case of the pharmaceutical sector…Achraf, Amaris consultant, explains more about his project of compliance.

 

• In a few words, can you describe your project?

I am currently working in the IT Risk and Compliance department of a global leading company in the pharmaceutical sector, on the validation of the computer systems. The project is to ensure the interface between future users and suppliers when a new IT solution is implemented, making sure that all needs are satisfied while restrictive regulations of pharmaceutical sector are respected.

• What are the context and the objectives?

The IT Risk and Compliance department has to make sure technical and regulatory integrity of different computing solutions, set up and used in the company. Pharmaceutical sector is very controlled: each entity must prove that its computing solution complies with the AFSSAPS’ requirements (Agence Française de Sécurité Sanitaire des Produits de Santé) and/ or of the FDA’s (Food And Drug Administration, USA), as the GMIP (Good medicines industry practices), the GLP (Good laboratory practices) and the GxP regulations (Good Practices quality guidelines and regulations – directives and regulations concerning the quality).

• What are your role and the Amaris contribution in that project?

Amaris is positioning as technical and regulatory support in the IT Risk and Compliance Department. My dual competence in Life Sciences and Computer Sciences help me to become the intermediary between users (of pharmaceutical sector) and IT solutions suppliers’.
I deal with deployment projects of computer infrastructures from the users’ demand to the production. Such monitoring involves several steps:
- First, the identification of needs: users express a need (their request will be modeled into an IT solution to facilitate their daily work) and a requirement is written,
- Once the need is identified and the requirement written, the solution is developed and officially settled up by using the client’s internal tools. This setting up is followed by the publication of a “Project Charter” defining the scope of the project,
- Then, several documents will be edited, as the Compliance Determination and the Validation Plan. Those documents allows to place the project into the regulation context and to define the validation strategy,
- Finally, after having settled up and deployed the “Need” solution into a validation environment, the last step - validation - can start. The validation has to make sure that the IT solution fits the need and also allows providing written, illustrated and detailed evidences of the solution. Those evidences will be kept in the validation field and will be used as a support during an Audit. 
Once the validation was performed, the IT solution can be “put in production” and being extended to the whole users.

• What do you get of that experience?

Working in a pharmaceutical group, regulated by strict norms, allows me to be more thorough. The margin of error is close to zero, persons life’s can depend on ; the technical level has to be in constant improvement in order to challenge technical interlocutors, asking right questions and identify possible flaws in the system.