Issue link: https://www.e-digitaleditions.com/i/1462272
18 BioPharm International Quality and Regulatory Sourcebook eBook March 2022 www.biopharminternational.com trail, e-signatures, and other DI controls throughout the system and data lifecycle. To achieve this, manufacturers will need to proactively benchmark relevant activi- ties in consideration of both system and data lifecycles against the industry best practices, then implement them within digitalized solutions. The second question to address is: Do all the data generated need to be protected and maintained? It is import- ant to remember that not all data are critical. The data requiring prioritiza- tion in DI controls are those that will have a direct impact on patient safety and product quality. Next, CDMOs must address the fol- lowing question: How can a validated computerized system help ensure prod- uct quality? Determining the impact of a system on product quality in terms of risk or improvement requires efficient risk-based computerized system valida- tion (CSV) as well as suitable change management processes. Manufact urers must f irst def ine the intended use of the computerized system, including requirements and specifications that have been enhanced with qualit y design in mind. This must be a risk-based approach where all the risk elements that could impact patient safety and product quality in different scenarios are considered. Risk scenarios must then be mitigated by improving the technical design and reducing the possibilit y of human errors. Validation activit y based on user requirements must then be per- formed while ensuring full traceability from process and user requirements to testing and release. Finally, manufac- turers must perform streamlined test- ing to verify the system design and the risk mitigation measures implemented. In addressing these questions, it can be assured that the relevant procedures required for regulatory compliant DI controls are defined and introduced while being built on a solid understanding. In addition to an eff icient CSV process, fostering an open cu lt ure that encourages DI discussion and continued learning is essentia l for maintaining regulator y compliance, aw a reness of reg u lator y c ha nges, a nd implementat ion of t he latest industr y standards for DI controls. Having a culture where identification, analysis, and remediation of DI issues a nd potent ia l r isk s a re suppor ted means that all users of the system can identif y potential issues, leading to their improvement. REGULATORY CHANGES IN THE FUTURE Following this approach to building a robust governance program that ensures regulatory compliance is likely to become even more pressing in the future with FDA's regulatory guidance. The regulatory requirement of risk management and risk-based approaches to CSV is not a new concept, but today many CDMOs still operate using doc- umentation-driven CSV processes. However, new FDA guidance on com- puter software assurance re-emphasizes risk-based approaches with a magnified focus on critical thinking. Manufacturers will need to revisit the CSV process, following the out- line above, and apply critical thinking to identify activities that add value to the quality assurance needs of the system before enhancing them. These activities include enhancing the sys- tem design for better DI controls and minimizing the documentation efforts that have little or no value to the qual- ity of the system. Many regulated biopharma compa- nies and CDMOs fail to demonstrate quality oversight of large SaaS vendors. Better qualification measures to deter- mine suitable vendors will need to be adopted as more companies favor stricter regulatory enforcement and quality gov- ernance of cloud or SaaS vendors. As these specific regulations are not cur- rently in place, it is currently the respon- sibility of CDMOs to identify suitable vendors. A robust contract management process must be established with these vendors to allow for ready access to their quality management systems for better transparency and oversight. KEY LESSONS Robust governance programs to ensure DI throughout the lifetime of the data generated by CDMOs are critical to decision making. Regulatory bodies have clearly outlined the requirements needed to safeguard DI, supported by the guidelines that continue to discuss the ALCOA+ principles. However, it is clear from inspection reports that many manufacturers are still not demonstrating compliance. A common cause is the implementation of digitalized solutions where there is no clear understanding or establishment of intended use and proactive approach to risk mitigations for the better quality design in the first place. It is, therefore, essential to identify a CDMO partner that is aware of the DI regulatory requirements and has built proactive, robust processes with a data-centric mindset in the implemen- tation of the digitalized solutions. REFERENCES 1. Redica Systems, "Data Integrity: The Whole Story," redica.com, April 9, 2015. 2. Redica Systems, "Data Integrity Trends in 483s and Warning Letters: Part 1," redica.com, May 16, 2019. BP Quality and Regulatory Sourcebook Regulations: Data Integrity Establishing a governance program that safeguards DI and data security falls on the senior management.