IT inspections

Where computerised systems are used in pre/clinical studies (GLP, GCP), manufacturing (GMP) or distribution (GDP) of medicinal products, they must be validated. The task of an inspection is to check the reliability of a computer-aided system on the basis of the validation evidence. The inspection of computer-aided systems usually takes place within the framework of the GxP inspections, but can be set as a separate inspection focus of a specialist inspector. Existing guidelines for inspection or validation apply to all GxPs.

An inspection usually begins with the request of the following documents:

  • Company policy for computer validation
  • Validation masterplan
  • Validation plans / validation reports
  • SOPs for IT or computers
  • Third party services for maintenance and support
  • Inventory list of all computer-aided systems
  • List of GxP relevant systems
  • Details on data protection, change control, information security, configuration management
  • Staff qualification and training
  • Summary of significant changes since last inspection

The general inspection strategy is variable, but can be as follows:

  • Assessment of the validation proofs of the GxP-critical systems.
  • Assessment of the system for maintaining the validated state and interaction between different organisational units involved in the process (e.g. IT support and GMP process owners).
  • Insight into printouts and archives.
  • All points of EU GMP Guide Annex 11 are relevant.
  • Evidence for change management, configuration management, accuracy or reliability (bug reports).
  • System security, access control and data integrity are aspects that are relevant for many systems.
  • Verification of the implementation of specifications.

Relevant Literature

  • AMBO 2009
  • EU GMP Guide Annex 11

Further inquiry note