Issue link: https://www.e-digitaleditions.com/i/1462155
38 Pharmaceutical Technology QUALITY AND REGULATORY SOURCEBOOK EBOOK MARCH 2022 P h a r mTe c h . c o m Regulations: Data Integrity proactively benchmark relevant activities in consid- eration of both system and data lifecycles against the industry best practices, then implement them within digitalized solutions. The second question to address is: Do all the data generated need to be protected and maintained? It is important to remember that not all data are critical. The data requiring prioritization in DI controls are those that will have a direct impact on patient safety and product quality. Next, CDMOs must address the following ques- tion: How can a validated computerized system help ensure product quality? Determining the impact of a system on product quality in terms of risk or improvement requires efficient risk-based comput- erized system validation (CSV) as well as suitable change management processes. Manufacturers must first define the intended use of the computerized system, including requirements and specifications that have been enhanced with quality design in mind. This must be a risk-based approach where all the risk elements that could impact patient safety and product quality in different scenarios are considered. Risk scenarios must then be mitigated by improving the technical design and reducing the pos- sibility of human errors. Validation activity based on user requirements must then be performed while en- suring full traceability from process and user require- ments to testing and release. Finally, manufacturers must perform streamlined testing to verify the system design and the risk mitigation measures implemented. In addressing these questions, it can be assured that the relevant procedures required for regulatory com- pliant DI controls are defined and introduced while being built on a solid understanding. In addition to an efficient CSV process, fostering an open culture that encourages DI discussion and continued learning is essential for maintaining regula- tory compliance, awareness of regulatory changes, and implementation of the latest industry standards for DI controls. Having a culture where identification, analy- sis, and remediation of DI issues and potential risks are supported means that all users of the system can identify potential issues, leading to their improvement. Regulatory changes in the future Following this approach to building a robust governance program that ensures regulatory compliance is likely to become even more pressing in the future with FDA's regulatory guidance. The regulatory requirement of risk management and risk-based approaches to CSV is not a new con- cept, but today many CDMOs still operate using documentation-driven CSV processes. However, new FDA guidance on computer software assurance re- emphasizes risk-based approaches with a magnified focus on critical thinking. Manufacturers will need to revisit the CSV process, following the outline above, and apply critical thinking to identify activities that add value to the quality assur- ance needs of the system before enhancing them. These activities include enhancing the system design for better DI controls and minimizing the documentation efforts that have little or no value to the quality of the system. Many regulated biopharma companies and CDMOs fail to demonstrate quality oversight of large SaaS ven- dors. Better qualification measures to determine suit- able vendors will need to be adopted as more compa- nies favor stricter regulatory enforcement and quality governance of cloud or SaaS vendors. As these specific regulations are not currently in place, it is currently the responsibility of CDMOs to identify suitable vendors. A robust contract management process must be estab- lished with these vendors to allow for ready access to