Drug development professionals frequently use computer systems to help them understand the pharmacokinetics (PK) and pharmacodynamics (PD) of an investigational drug. To satisfy regulatory expectations, these computer systems should be validated. As a recent article points out, failure to do computer system validation for the software functionality that a user intends to use, with data sets that mimic the data sets that the user expects to use, can lead to a user failing to discover that a computer system provides erroneous results.
Clearly, computer system validation is an important activity, one that is often met with dread, frequently caused by misconceptions about this topic. In this blog post, I will discuss what computer system validation is and what regulations/guidelines require it, clarify some common misconceptions, and provide information about how Certara can make your Phoenix WinNonlin validation easier.
What is computer system validation and what regulations/guidelines require it?
Computer system validation (CSV) is documented evidence that a computer system does what it is intended to do. It applies to the “implemented computer system,” not just the software. CSV occurs in the user’s environment and accounts for the user’s specific requirements.
There are a number of regulations and guidelines that detail the requirements for CSV. Many people think that 1997’s 21 CFR Part 11 Electronic Records; Electronic Signatures regulation is the driver for computer system validation. Yet, the requirement for CSV has been around for much longer than Part 11. The earliest regulations for CSV date back to the 1960s with the United States cGMP regulations 21 CFR Parts 210-211, which state that “computers…shall be routinely calibrated, inspected, or checked according to a written program designed to assure proper performance.” The US FDA set forth additional requirements in the late 1990s with the Computerized Systems Used in Clinical Trials Guidance for Industry, which requires that “sponsors who use computerized systems in clinical trials to document that these systems conform to the sponsor’s established requirements for completeness, accuracy, reliability, and consistent intended performance”. In 2010, the European Union issued Annex 11, which stipulates the rules governing good manufacturing practice for using computer systems to develop medicinal products.
What are some common misconceptions regarding CSV?
In addition to the misconception mentioned above regarding Part 11 being the driver for computer system validation, here are some other misconceptions that I often hear customers mention:
- I don’t have to validate Phoenix WinNonlin because you (ie, Certara, the Phoenix WinNonlin vendor), already validated the software before you released it. It is true that Certara validated the Phoenix WinNonlin software before we released it to customers. However, the customer is still responsible for completing validation of the implemented computer system, of which the Phoenix WinNonlin software is one component, along with the hardware (servers and workstations), network and operating system environment, interfaces with other computer systems, and policies/standard operating procedures.
- I can’t use the software vendor or anything provided by the software vendor to help me with the validation of my Phoenix WinNonlin computer system. In actuality, the 2002 FDA Guidance Document General Principles of Software Validation states that a user “may conduct a validation using their own personnel or may depend on a third party such as the …software vendor or a consultant”. In any case, the user retains the ultimate responsibility for the validation and use of the computer system. Certara offers tools, such as the Phoenix WinNonlin Validation Suite, and professional services personnel to assist with your CSV project.
- I have to validate all of the functionality in the computer system, even if I am not going to use it. The FDA validation guidance document states that the user “who chooses not to use all the vendor-supplied capabilities of the software only needs to validate those functions that will be used and for which the [user] is dependent upon the software results.” The Phoenix WinNonlin Validation Suite offers flexibility to match this statement, in that the Validation Suite user can choose which of the nearly 200 automated test cases to execute. If the user intends to use Phoenix WinNonlin only for non-compartmental analysis (NCA), then only the automated test cases related to NCA (as indicated in the Traceability Document template included in the Phoenix WinNonlin Validation Suite) can be executed.
- Computer system validation takes a long time, consumes lots of resources, and is difficult. While this can be true for some computer system validation projects, it doesn’t have to be. The Phoenix WinNonlin Validation Suite facilitates your Phoenix WinNonlin validation project. It includes validation process deliverable templates (including a Validation Plan template, a Requirements Specification template, a Test Plan template, a Traceability Document template, and a Validation Summary Report template) to allow for rapid development of validation documentation. The Phoenix WinNonlin Validation Suite also includes nearly 200 automated test scripts for testing Phoenix WinNonlin functionality. So, users don’t have to spend time writing lots of test cases to test functionality. These automated test scripts execute the mouse movements and clicks that a user would during execution of manual test cases. Thus, the scripts can run unattended, freeing resources to do other things. The automated test scripts also include all required input data sets/other files, so the user does not have to spend time finding or creating appropriate inputs for testing.
Want to get more information?
Watch our webinar, “Phoenix WinNonlin Validation Suite: Automate Your PK/PD Modeling Validation” to learn more about the latest version of the Validation Suite.